Home > Architectures and Best Practices > Meraki and Cisco Cloud Calling Connected Branch Solution

Meraki and Cisco Cloud Calling Connected Branch Solution


In today’s digital transformation age businesses are looking for collaboration, networking, security and connectivity services that meet their needs. They are often challenged with a variety of complex solutions and providers to choose from. Managed Service Providers (MSPs) are in a unique position to deliver comprehensive solutions with managed networking and collaboration satisfying the business needs and help them overcome the obstacles that come with offering services over-the-top (OTT).


The purpose of this solution guide is to provide best practices on how MSPs can leverage Meraki’s cloud networking architecture and how Meraki networks should be configured and deployed taking full advantage of the benefits offered by Cisco’s Cloud Calling platforms. This recommended network configuration is based on a Cisco tested and validated architecture optimized for the various Cloud Calling platforms such as Webex Calling and Cisco BroadWorks. The solution utilizes Cisco IP Phones with Multi Platform Firmware (MPP) as endpoints and it focuses on branch deployments.


Recommendations provided in this document can serve as the basis to create a comprehensive solution that allows for rapid and seamless branch deployment, service continuity by leveraging SD-WAN technologies as well as ease of management and troubleshooting. The solution enhances the user experience for end-customers and providers by bringing together the best of breed in cloud-managed networking and collaboration.


The guide walks through some of the technical aspects of the solution and goes over the process of creating a network blueprint optimized for Cloud Calling platforms that can be used for new service creation allowing for consistency and standardization across end-customer sites. Guidance on how to operationalize the use of the blueprint network at scale is also provided in this document.

Key Benefits

There are several benefits that MSPs can gain from leveraging Meraki’s cloud networking architecture in conjunction with Cisco’s Cloud Calling platforms for branch deployments. Below is a list of the key benefits of this solution.


  • Mitigate over-the-top (OTT) related challenges 

  • Eliminate manual phone provisioning processes

  • Based on Cisco’s blueprint network optimized for Cisco Cloud Calling platforms

  • Rapid and consistent site deployment

  • Intuitive and centralized cloud-based management 

  • Additional visibility of endpoints, networks and traffic usage for troubleshooting

  • Network intelligence and analytics

  • WAN monitoring and alerting for proactive response

  • Failover capabilities for service continuity

  • Built-in Security and SD-WAN capabilities


In order to deploy this solution the following is required. Readers of this document should have...


  • Prior experience working the Cisco Meraki dashboard and Cisco Cloud Calling platforms in addition to being familiar with the concepts and terminology of local area networking, SD-WAN, wireless, switching and VoIP.

  • Readers should have access to the Cisco Meraki dashboard. Instructions on how to create a dashboard account and organization can be found in the Creating a Dashboard Account and Organization article.

  • Access to the management portal for the Cisco Cloud Calling platform being used. Cisco Webex Calling or Cisco BroadWorks.

  • Cisco Meraki devices along with their respective license keys. Refer to table 1 (Appendix) for the specific device models, technical specifications and sizing guide.

  • Cisco Multi Platform Phones (MPP). Technical specifications for the different models are available in the Cisco IP Phones with Multiplatform Firmware website.

  • Understanding of recommended dashboard structures for service providers as outlined in the Best Practices for Service Providers document.

Overview of Deployment Architecture

This section provides an overview on how the solution is to be deployed by MSPs. It includes recommendations on how to structure the dashboard organizations, details on the network infrastructure to be installed at customer premises as well as general guidelines on the customer provisioning process.

Recommended Dashboard Structure

MSPs generally have multiple customers in the same dashboard organization when delivering a standard service. Utilizing the standard service model (organization per service, network per customer) provides several operational benefits however this structure should not be used if SD-WAN is being utilized as part of the service. This is because the scope of an organization defines the connectivity domain for Meraki AutoVPN and it is important to keep customer deployments independent from each other in terms of connectivity. Generally organizations for MSPs are separated in a one-organization-per-SD-WAN manner.


Given that this solution leverages Meraki AutoVPN and SD-WAN each customer will need to be assigned to its dedicated organization. The recommended structure for this solution specifies the use of a base organization containing a blueprint network. This organization will serve as the foundation when creating independent organizations for new customer deployments and each site is represented as a network under that customer’s organization. The structure is illustrated below.

Branch Network Infrastructure 

The network equipment to be installed at customer premises will vary depending on the connectivity needs and amount of clients at each location. A general network diagram for a single customer deployment with two branch locations is available below. This can be scaled to multiple customer organizations each containing numerous branch networks.




Specific device model information, technical specifications and a sizing guide is available in table 1 of the Appendix.

Initial Setup and General Provisioning Workflow

In order to deploy this solution using the best practices provided in this document, the following workflows must be performed in order by the administrator.

The initial setup consists of... 

  1. Creating the base organization for the service
  2. Configuring the general settings for the organization
  3. Creating the blueprint network



After initial setup, when the base organization containing the blueprint network is available, administrators can follow the below workflow for provisioning purposes.

  1. Create a new organization by cloning the base organization
  2. Create a new network by cloning the blueprint network
  3. Add devices to the newly created network



A more detailed provisioning workflow is available in the “Automation of Network Provisioning” section of this document.


The following sections walk through the process of creating the base organization and blueprint network.

Creating and Configuring the Base Organization

A new organization can be created by following the instructions available in the Creating a Dashboard Account and Organization article,


Once the organization is created the next step is to configure the following from the Organization > Settings page on the Meraki dashboard:



Note: It is important that all org settings that will be common to all customer organizations are configured on the base organization. The process of creating new customer organizations by cloning from the base org results in a child organization with all settings preconfigured.


The next section goes over the configuration of the blueprint network within the base organization. 

Creating the Blueprint Network

This section walks through the process of creating the blueprint network that will serve as the base configuration for the network infrastructure and will be used as a starting point for new customer deployments. The blueprint network represents the Cisco recommended settings for successful deployments. 


Note: It is required for the configuration to be applied to a configuration template in order to allow for it to be cloned from the base org onto new customer organizations.

Network Creation

After a dashboard account and organization have been created:


Step 1. Log in to the Cisco Meraki dashboard as an organization administrator

Step 2. Select Configuration templates from the Organization tab

Step 3. Click the Create a new template button

Step 4. Enter a Template name and make sure it clearly describes its purpose (e.g.“Blueprint Network”) and click the Add button

Step 5. Leave Target networks blank, click on the Close button and Save changes

Step 6. Navigate to the Organization tab and select Configuration templates. The newly configured template has been created and it is available for configuration

Step 7. Click on the name for the template (e.g. Blueprint Network) to start configuring it


Note: By default, the ability to create new networks by cloning from a configuration template (blueprint network) is not enabled. Please reach out to Meraki Support to have this functionality enabled on the base org. This process only needs to be performed once for the base org and newly created organizations will inherit this functionality from the base org.

Network-wide (General) Configuration

For the purposes of consistency, it is recommended to configure the general settings that are common across customer sites in the blueprint network. Below is a list of the most relevant settings available when selecting General under the Network-wide tab.

  • Country/Region sets the country of network. Regulatory domain is set based on this

  • Local time zone sets the timezone of the network

  • Traffic analysis specifies the level of detail desired for traffic analysis

For added visibility, use the Detailed option for Traffic analysis. This enables collection of detailed information about the destinations which can be useful for troubleshooting.



Additionally, the Traffic analysis section allows for the definition of specific destinations to track and to build a custom pie chart. The destinations can be defined based on a HTTP hostname, Port, IP range or IP range & port.



When a custom pie is configured and there is matching traffic to the destinations, traffic usage information will be available when selecting Clients from the Network-wide tab.



The following section goes through the Security & SD-WAN specific configuration.

Security & SD-WAN (MX) Configuration

The configuration steps described in this section are specific to the Meraki MX Security appliances. The MX line has built-in security, SD-WAN capabilities and is used in all the branch deployments as outlined in table 1 of the Appendix. Use the following steps to configure this portion of the reference network:


Step 1. Navigate to the Security & SD-WAN tab and select Addressing & VLANs

Step 2. From the Deployment Settings section of the page ensure that the Routed and MAC address options are selected for the Mode and Client tracking settings respectively



Note: The Routed mode allows the MX to act as a layer 3 gateway for the different subnets created and all Internet bound client traffic will be translated (NAT). More information on this is available in the MX Addressing and VLANs article.


Step 3. Scroll down to the Routing section and enable the use of VLANs


Note: Security appliances (MX) define the VLANs and subnets that exist in the branch network. It is best practice to ensure traffic is segregated by creating dedicated VLANs for voice, data and guest traffic.


Step 4. Click on the Add VLAN button to create each of the VLANs needed for branch deployments



  • Name: Use a name that describes the purpose of the VLAN (e.g. “Voice VLAN”)

  • Subnet: Defines the subnet to be mapped to the VLAN. Use Classless Inter-Domain Routing (CIDR) notation

  • MX IP: The IP address within the subnet that the Security appliance (MX) will use

  • VLAN ID: The assignment of the VLAN tag. Use a number between 1 and 4096

  • Group Policy: Specifies the group policy to be applied to traffic within the subnet


Step 5. Click Update after entering the VLAN information and confirm VLAN creation. Repeat the process for each of the VLANs needed.



Step 6. Navigate to the Security & SD-WAN tab and select DHCP. Each of the created subnets will have its own DHCP server configuration, ensure the Run a DHCP server drop-down option is selected for all VLANs.


Step 7. Scroll down to the DHCP server configuration for the Voice VLAN. In order to allow IP phones to retrieve configuration and a hosted phone firmware, add custom DHCP options entries with the following configuration:


  • Option: Select Custom from the drop-down to configure an unlisted DHCP option

  • Code: Enter the number for the DHCP option (e.g. 150 for TFTP server address)

  • Type: Select Text 

  • Value: Enter the URL or IP address information



Note: It is recommended to use at least two of the custom DHCP options to eliminate the need for manual phone provisioning. The sequence Cisco IP phones (MPP) use when booting up is: 66, 160, 159, 150


Step 8. Navigate to the Security & SD-WAN tab and select SD-WAN & Traffic shaping. Scroll down to the SD-WAN policies section and add a preference by using All VoIP & video conferencing under traffic filters and selecting Best for VoIP as the preferred uplink. 


Step 9. Scroll down to Traffic shaping rules and configure a new rule for All VoIP & video conferencing traffic. Refer to the image below for additional details on how to configure the rule.



This concludes the Meraki MX Security appliance portion of the configuration for the blueprint network.

Switching (MS) Configuration

This section walks through the Meraki MS switching configuration portion of the blueprint network.


Step 1. Navigate to the Switch tab and select Switch settings 

Step 2. Scroll down to the Quality of service section of the page and create a new rule. Enter the voice VLAN ID, select Any protocol from the drop-down and set the DSCP setting to Trust incoming DSCP.



Note: Switch port configuration is applied once devices are added to customer networks. This is covered in the Customer Provisioning section of this document.

Wireless (MR) Configuration

This section covers the Meraki MR wireless configuration piece of the reference network and it is only applicable to site deployments that leverage Cisco wireless phones. It is highly recommended to perform a pre-install RF survey as outlined in the Wireless VoIP QoS Best Practices document. Follow the next steps to configure the wireless settings of the blueprint network.


Step 1. Configure a dedicated SSID for voice by navigating to the Wireless tab and selecting SSIDs 

Step 2. Rename the default SSID. Use a name that describes its purpose (e.g. “CiscoVoIP”)

Step 3. Navigate to the Wireless tab and select Access control to configure the SSID

Step 4. Configure the Network access section using a Pre-shared key with WPA2 as the authentication method and WAP2 only as the WPA encryption mode



Step 5. Scroll down to Addressing and traffic and select Bridge mode. In this mode the Meraki MR Access points will bridge the clients directly to the LAN and it is recommended for layer 2 seamless roaming.



Step 6. Associate the dedicated voice SSID to the voice VLAN configured in the LAN by enabling VLAN tagging and specifying the ID for the voice VLAN used by the Meraki MX Security appliance and Meraki MS switches.



Step 7. Scroll down to Wireless options and set the minimum bitrate to 12 Mbps. This is the recommended minimum bitrate for wireless networks with VoIP traffic. Disabling lower bitrates reduces overhead on the network and can result in an improved roaming experience.



Note: Setting the bitrate to 12 Mbps and above will prevent 802.11b clients from joining the wireless network.


Step 8. Navigate to the Wireless tab and select Firewall & traffic shaping and ensure that the voice dedicated SSID is selected from the drop-down.

Step 9. Scroll down to Traffic shaping rules and create a new rule for All VoIP & video conferencing traffic and set the Per-client bandwidth limit to Ignore SSID per-client limit (unlimited).

Step 10. Set the PCP and DSCP tags to 6 and 46 (EF - Expedited Forwarding, Voice) respectively


Note: The DSCP tag 46 (EF - Expedited Forwarding, Voice) maps to WMM Access Category AC-VO for Voice, Layer 2 CoS 6)


This concludes the recommended configuration for deployments that include the use of wireless for connectivity. For additional information refer to the Wireless VoIP QoS Best Practices document.

Automation of Network Provisioning

The Meraki dashboard offers a robust set of APIs enabling automated network provisioning and deployment. Prior to utilizing the APIs, they must be enabled for an account, and a specific user must have an API key for their account. In general, it is recommended that a dedicated dashboard administrator account be created for use of APIs, and the API key generated for that user.

Initial Setup

In order to automate the network provisioning, some initial steps must be performed:



Step 1. Create the base organization (see "Creating and Configuring the Base Organization" above)

Step 2. Locate the organization ID for the base organization 



Step 3. Configure the provisioning tool with the located organization ID

Customer Provisioning

Once the provisioning system has been configured, new customers can be deployed using the following steps:



Step 1. New customer order is placed, automated network provisioning begins

Step 2. Create a new organization, cloning from the base organization

Step 3. Locate the network ID for the network that corresponds to the blueprint network



Step 4. Create a new network by cloning from the blueprint network



Step 3. Add hardware to newly created network.



Step 4. Configure switch ports for voice services (access port and voice VLAN). As a general recommendation, you should utilize the Action Batches API documentation to perform this task.




Table 1 - Cisco Meraki devices technical specifications and sizing guide



Micro Site 

(Up to 7)

Small Site 

(Up to 25)

Medium Site (25-100)

Large Site (100-250)

Security & SD-WAN (MX)

MX Model


(Branch in a Box)




Stateful Firewall Throughput

450 Mbps

450 Mbps

500 Mbps

750 Mbps

Advanced Security Throughput

300 Mbps

300 Mbps

320 Mbps

650 Mbps

WAN Interfaces (Dedicated)

2 x GbE RJ45

1 x GbE RJ45

2 x GbE RJ45

2 x GbE RJ45




1 x GbE RJ45



LAN Interfaces

10 x GbE RJ45

(2 x PoE+)

4 x GbE RJ45*

8 x GbE RJ45

2 x SFP

8 x GbE RJ45

2 x SFP

LTE Failover



Yes (USB)

Yes (USB)

* One of the LAN ports is optionally available for WAN connectivity

Switching (MS)

MS Model

MS120-8LP (Optional)

MS120-24P, MS120-48FP




8 x GbE

24/48 x GbE

48 x GbE

48 x GbE


2x 1G SFP

4 x SFP

4 x SFP

4 x SFP






Wireless (MR) - Optional

MR Model





Wi-Fi Generation


Wi-Fi 5 (802.11ac)

Wi-Fi 5 (802.11ac)

Wi-Fi 5 (802.11ac)



2x2:2 MU-MIMO

3x3:3 MU-MIMO

3x3:3 MU-MIMO

Max Throughput


1.3 Gbps

1.9 Gbps

1.9 Gbps

Note: The recommended models for sizing and are based on models available at the time of publication for this document. This list will not be updated with new models. For the most up-to-date sizing guide information, please refer to the Meraki MX Sizing Guide.

Last modified



This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 8698

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community