camp2023-57142-eng-Defeating_planned_obsolescence_for_Cisco_Meraki_switches_opus.srt

1
00:00:00,000 --> 00:00:10,000
 [MUSIC]

2
00:00:10,000 --> 00:00:20,000
 [MUSIC]

3
00:00:20,000 --> 00:00:35,000
 >> We welcome Hal for defeating plant obsolescence for

4
00:00:35,000 --> 00:00:37,000
 Cisco Meraki switches.

5
00:00:37,000 --> 00:00:38,000
 >> Thank you very much.

6
00:00:38,000 --> 00:00:48,000
 >> [APPLAUSE]

7
00:00:48,000 --> 00:01:06,000
 >> This is, here we go, perfect.

8
00:01:06,000 --> 00:01:07,000
 Thank you all for coming.

9
00:01:07,000 --> 00:01:10,000
 It's very early, but we'll get down to business here.

10
00:01:10,000 --> 00:01:12,000
 So quick agenda for this talk.

11
00:01:12,000 --> 00:01:15,000
 I'm gonna give you some background on how I got involved in this.

12
00:01:15,000 --> 00:01:17,000
 We'll talk about who are Meraki, their business model, and

13
00:01:17,000 --> 00:01:19,000
 I'll have a short political manifesto.

14
00:01:19,000 --> 00:01:22,000
 Don't worry, it's only about the first third of the talk.

15
00:01:22,000 --> 00:01:25,000
 Then we're gonna get into talking about Meraki's firmware internals,

16
00:01:25,000 --> 00:01:29,000
 the devices that I researched, the custom firmware that I've come up with,

17
00:01:29,000 --> 00:01:31,000
 and some future work, and kudos.

18
00:01:31,000 --> 00:01:34,000
 So the background here, it was 2019, and

19
00:01:34,000 --> 00:01:38,000
 like every aspiring home labber, I wanted 10 gigabit networking, but

20
00:01:38,000 --> 00:01:39,000
 I wanted it on the cheap.

21
00:01:39,000 --> 00:01:41,000
 I didn't wanna pay for a proper switch.

22
00:01:41,000 --> 00:01:44,000
 So I knew there was a modded firmware available for

23
00:01:44,000 --> 00:01:47,000
 the Meraki MS220 switch, and I found an MS42,

24
00:01:47,000 --> 00:01:52,000
 which is a larger version of the MS220 on eBay for 50 pounds.

25
00:01:52,000 --> 00:01:55,000
 And this was before the UK left the EU, so

26
00:01:55,000 --> 00:01:59,000
 I was like, yes, don't even have to pay VAT or duties.

27
00:01:59,000 --> 00:02:03,000
 And yeah, so just blindly assumed it would apply to the hardware and

28
00:02:03,000 --> 00:02:04,000
 bought it.

29
00:02:04,000 --> 00:02:07,000
 But now we have to go back, let's talk about Meraki.

30
00:02:07,000 --> 00:02:10,000
 They were founded in 2006 by some MIT graduates.

31
00:02:10,000 --> 00:02:12,000
 They were acquired by Cisco in 2012, and

32
00:02:12,000 --> 00:02:15,000
 they make networking equipment that's cloud managed.

33
00:02:15,000 --> 00:02:18,000
 So if you wanna buy a switch or an access point or router,

34
00:02:18,000 --> 00:02:21,000
 IP camera from them, they'll happily sell that to you.

35
00:02:21,000 --> 00:02:22,000
 And this is my opinion only, but

36
00:02:22,000 --> 00:02:24,000
 they're not very good at GPL compliance, and

37
00:02:24,000 --> 00:02:25,000
 we'll come back to that later.

38
00:02:25,000 --> 00:02:29,000
 So Meraki's business model is that you have a network that you wanna manage,

39
00:02:29,000 --> 00:02:31,000
 but managing network assets is hard.

40
00:02:31,000 --> 00:02:34,000
 So Meraki will kindly punch a hole through your NAT and

41
00:02:34,000 --> 00:02:35,000
 make a tunnel to their cloud so

42
00:02:35,000 --> 00:02:38,000
 that you can manage all your devices through their cloud.

43
00:02:38,000 --> 00:02:40,000
 So you buy the hardware, you pay a license to them, and

44
00:02:40,000 --> 00:02:42,000
 you get a dashboard where you can see all your network assets and

45
00:02:42,000 --> 00:02:43,000
 manage them.

46
00:02:43,000 --> 00:02:47,000
 And you look like this cool llama after you've done that.

47
00:02:47,000 --> 00:02:50,000
 Except, well, if you're a Meraki customer, you probably know this, but

48
00:02:50,000 --> 00:02:54,000
 to hackers, it might come as a surprise that licenses cost money.

49
00:02:54,000 --> 00:02:57,000
 And Meraki is not gonna let you manage your equipment for free.

50
00:02:57,000 --> 00:03:00,000
 But they're really, really, really benevolent.

51
00:03:00,000 --> 00:03:04,000
 And so if you ever become out of compliance because you forgot to pay

52
00:03:04,000 --> 00:03:08,000
 your invoice or something, you've got 30 days before they pull the plug on

53
00:03:08,000 --> 00:03:09,000
 your network.

54
00:03:09,000 --> 00:03:14,000
 And that means that all your devices will not only stop being managed, but

55
00:03:14,000 --> 00:03:16,000
 they'll stop passing packets.

56
00:03:16,000 --> 00:03:20,000
 And so better pay up within 30 days, cuz Meraki's the captain now.

57
00:03:20,000 --> 00:03:23,000
 I wanna read this quote, it's from their website.

58
00:03:23,000 --> 00:03:26,000
 Cisco Meraki may find it necessary to discontinue products for

59
00:03:26,000 --> 00:03:29,000
 a number of reasons, including product line enhancements,

60
00:03:29,000 --> 00:03:33,000
 product demand, technology innovation, or if the product simply matures over

61
00:03:33,000 --> 00:03:37,000
 time and needs to be replaced by something functionally richer.

62
00:03:37,000 --> 00:03:42,000
 A few moments later, did someone say hardware refresh?

63
00:03:42,000 --> 00:03:44,000
 Meraki decided to end of life your hardware.

64
00:03:44,000 --> 00:03:47,000
 And now not only are you no longer able to purchase the hardware that you have

65
00:03:47,000 --> 00:03:50,000
 in your network, but you may no longer be able to purchase licenses for

66
00:03:50,000 --> 00:03:53,000
 that hardware, which means you need to buy new hardware.

67
00:03:53,000 --> 00:03:55,000
 Well, what if you say forget the cloud?

68
00:03:55,000 --> 00:03:57,000
 Maybe I'll just manage it myself.

69
00:03:57,000 --> 00:04:02,000
 Meraki say that's the neat part, you don't.

70
00:04:02,000 --> 00:04:04,000
 So the TLDR here is that you don't own your devices.

71
00:04:04,000 --> 00:04:06,000
 What you've got is an expensive lease.

72
00:04:06,000 --> 00:04:09,000
 And in my opinion, Meraki sales salvatate at the thought of deprecating

73
00:04:09,000 --> 00:04:13,000
 existing products, because it means they get to sell you new ones.

74
00:04:13,000 --> 00:04:15,000
 It also removes the secondary market for resale.

75
00:04:15,000 --> 00:04:18,000
 If you purchase a device which is previously claimed in the Meraki dashboard

76
00:04:18,000 --> 00:04:21,000
 and the previous owner has not released that device in the dashboard,

77
00:04:21,000 --> 00:04:24,000
 you'll be unable to add it to the dashboard and manage it yourself.

78
00:04:24,000 --> 00:04:27,000
 Now, this is maybe not a problem for legitimate resellers,

79
00:04:27,000 --> 00:04:31,000
 but if you ever purchase a Meraki device, say, from a company that's gone bankrupt

80
00:04:31,000 --> 00:04:33,000
 and the previous IT department, you know, was laid off,

81
00:04:33,000 --> 00:04:35,000
 then the device will still be claimed in Meraki's dashboard,

82
00:04:35,000 --> 00:04:38,000
 and you'll have bought a brick.

83
00:04:38,000 --> 00:04:40,000
 So here's my political manifesto moment.

84
00:04:40,000 --> 00:04:43,000
 We need some SIM lock regulation for these devices.

85
00:04:43,000 --> 00:04:47,000
 Networking devices these days typically run Linux, and since Linux is GPL,

86
00:04:47,000 --> 00:04:51,000
 you can request the source code from the vendor and build your own firmware.

87
00:04:51,000 --> 00:04:54,000
 But as vendors are moving towards more secure devices,

88
00:04:54,000 --> 00:04:56,000
 you may not be able to actually run your firmware on the device,

89
00:04:56,000 --> 00:04:58,000
 leaving you with a brick.

90
00:04:58,000 --> 00:05:00,000
 Other vendors have or are considering subscription models

91
00:05:00,000 --> 00:05:02,000
 similar to what Meraki does,

92
00:05:02,000 --> 00:05:04,000
 and there's no reason for these devices to become e-waste.

93
00:05:04,000 --> 00:05:08,000
 We need to remember the second R and the three Rs, reuse.

94
00:05:08,000 --> 00:05:10,000
 There's no reason for these devices to become e-waste.

95
00:05:10,000 --> 00:05:14,000
 If we have regulation that says we should be able to run our own software on them,

96
00:05:14,000 --> 00:05:16,000
 they shouldn't be locked to the vendor.

97
00:05:16,000 --> 00:05:19,000
 Now, that's my political manifesto slide over.

98
00:05:19,000 --> 00:05:21,000
 Let's get into the actual technical details.

99
00:05:21,000 --> 00:05:25,000
 So Meraki's firmware has a boot process like everything.

100
00:05:25,000 --> 00:05:29,000
 The bootloader varies depending on which hardware we're talking about.

101
00:05:29,000 --> 00:05:33,000
 The MS220 switch, which is sitting here in front of me, is a MIPS, and it uses RedBoot.

102
00:05:33,000 --> 00:05:36,000
 Meraki's newer switches use ARM, and they use U-Boot.

103
00:05:36,000 --> 00:05:39,000
 When you have U-Boot, the environment is compiled into U-Boot,

104
00:05:39,000 --> 00:05:41,000
 and there's auto-boot enabled with no delay,

105
00:05:41,000 --> 00:05:45,000
 so there's no easy way to break into the system through U-Boot and a console.

106
00:05:45,000 --> 00:05:49,000
 For x86 devices, they use core boot with a loader called MILES,

107
00:05:49,000 --> 00:05:51,000
 which stands for Meraki Intermediate Loader for Embedded Systems.

108
00:05:51,000 --> 00:05:54,000
 It's based on Philo, and it basically just looks for a fit image,

109
00:05:54,000 --> 00:05:56,000
 loads the kernel, and jumps to it.

110
00:05:56,000 --> 00:05:59,000
 Let's talk about fit images.

111
00:05:59,000 --> 00:06:02,000
 Meraki hardware sometimes has a two-stage boot process.

112
00:06:02,000 --> 00:06:05,000
 The first stage will be a boot kernel. That's their term, not mine.

113
00:06:05,000 --> 00:06:07,000
 It handles initializing hardware.

114
00:06:07,000 --> 00:06:12,000
 It's typically stored on SPI, and it's what the boot ROM of the ASIC will read from,

115
00:06:12,000 --> 00:06:15,000
 and it handles setting up UBI, reading from NAND.

116
00:06:15,000 --> 00:06:17,000
 It even supports LVM and EXT4,

117
00:06:17,000 --> 00:06:21,000
 and it'll load in KExec into the second stage firmware, which Meraki calls a part.

118
00:06:21,000 --> 00:06:24,000
 The part is the real Meraki firmware, which manages the hardware,

119
00:06:24,000 --> 00:06:27,000
 connects to Meraki's cloud, pulls the configuration, and applies it.

120
00:06:27,000 --> 00:06:29,000
 The root of this is always compiled into the kernel image,

121
00:06:29,000 --> 00:06:31,000
 both in the boot kernel and the part.

122
00:06:31,000 --> 00:06:34,000
 There's no separate partition on Flash for that.

123
00:06:34,000 --> 00:06:36,000
 Meraki switch firmwares.

124
00:06:36,000 --> 00:06:40,000
 Because they're ex-MIT people, they developed something really nice called ClickRouter,

125
00:06:40,000 --> 00:06:43,000
 which replaces a lot of typical network functions in Linux.

126
00:06:43,000 --> 00:06:46,000
 I myself am not a fan, but Meraki use it in all their products.

127
00:06:46,000 --> 00:06:49,000
 They also have a monolithic binary on switches called SwitchBrain,

128
00:06:49,000 --> 00:06:51,000
 which manages the switch configuration.

129
00:06:51,000 --> 00:06:55,000
 It basically reads the configuration file that it pulls from Meraki's cloud servers

130
00:06:55,000 --> 00:06:57,000
 and applies it using Click.

131
00:06:57,000 --> 00:06:59,000
 There's a tunnel created back to the Meraki cloud called Mtunnel.

132
00:06:59,000 --> 00:07:03,000
 I think it's loosely based on IPsec, but I haven't really dug into it too much,

133
00:07:03,000 --> 00:07:06,000
 because they use TLS cert pinning for everything,

134
00:07:06,000 --> 00:07:08,000
 even fetching the configuration over Mtunnel,

135
00:07:08,000 --> 00:07:11,000
 and especially when downloading and upgrading firmware.

136
00:07:11,000 --> 00:07:14,000
 So if you're thinking about man-in-the-middling Meraki's configuration

137
00:07:14,000 --> 00:07:18,000
 or firmware upgrade process, forget that now, because it will fail.

138
00:07:18,000 --> 00:07:21,000
 The target devices that I looked at in my research are the MS220,

139
00:07:21,000 --> 00:07:23,000
 which I have the 10 port version here in front of me,

140
00:07:23,000 --> 00:07:26,000
 the MS210 and 225 series, and the MS120 series.

141
00:07:26,000 --> 00:07:29,000
 The reason that I looked at these is because they're what I have available.

142
00:07:29,000 --> 00:07:35,000
 I don't have a nice corporate sugar daddy who has a data center that runs Meraki equipment,

143
00:07:35,000 --> 00:07:39,000
 so I don't get this stuff for free. I have to buy it and search for deals.

144
00:07:39,000 --> 00:07:42,000
 Just a quick overview of all of them. They're all pretty similar.

145
00:07:42,000 --> 00:07:48,000
 They have gigabit ethernet ports, and some of them have SFP+ ports and stacking as well.

146
00:07:48,000 --> 00:07:51,000
 But yeah, they have a variety of bootloaders. Red boot on the old stuff,

147
00:07:51,000 --> 00:07:53,000
 you boot on the new stuff. They have different vendors.

148
00:07:53,000 --> 00:07:57,000
 So it's Vitesse, which is now owned by Microchip, on the MS220 series.

149
00:07:57,000 --> 00:08:02,000
 There's Broadcom, used on the MS210 and 225, and Marvell is used on the MS120 series.

150
00:08:02,000 --> 00:08:06,000
 Meraki loves the 3.18 kernel. I've yet to see anything newer on their switch series.

151
00:08:06,000 --> 00:08:10,000
 And ASIC management is typically via kernel modules or via user space binaries.

152
00:08:10,000 --> 00:08:15,000
 Of particular note, none of these are open source. They're provided by the vendor through their SDK.

153
00:08:15,000 --> 00:08:18,000
 So even if you manage to get the GPL source code from Meraki,

154
00:08:18,000 --> 00:08:23,000
 you won't be able to run a mainline kernel because all the ASIC goodness happens in closed source things.

155
00:08:23,000 --> 00:08:25,000
 And of course, they all run click.

156
00:08:25,000 --> 00:08:30,000
 And one thing to note about the MS120 series, it has secure boot.

157
00:08:30,000 --> 00:08:33,000
 So let's talk about secure boot on Meraki devices.

158
00:08:33,000 --> 00:08:38,000
 Meraki calls this, well, Cisco calls this the ACT, which stands for Anti-Counterfeit Technology.

159
00:08:38,000 --> 00:08:41,000
 Meraki lingo is TAM, Trusted Authentication Module.

160
00:08:41,000 --> 00:08:44,000
 It's based on the Microchip Smart Fusion 2, which is a small FPGA,

161
00:08:44,000 --> 00:08:47,000
 which is either available in a Surface Mount or BGA package.

162
00:08:47,000 --> 00:08:50,000
 It's included in all their new product designs since around 2018.

163
00:08:50,000 --> 00:08:53,000
 This includes MS switches and MX routers.

164
00:08:53,000 --> 00:08:57,000
 It's used to implement a hardware root of trust, and it's used as part of the secure boot chain,

165
00:08:57,000 --> 00:09:00,000
 as well as part of the update process.

166
00:09:00,000 --> 00:09:05,000
 So when a Meraki device with a TAM requests a configuration or an update,

167
00:09:05,000 --> 00:09:09,000
 it also provides a secret from the TAM to Meraki's servers to prove its authenticity.

168
00:09:09,000 --> 00:09:13,000
 They basically followed the Microchip white paper on how to implement this,

169
00:09:13,000 --> 00:09:17,000
 and yeah, they've done their homework.

170
00:09:17,000 --> 00:09:21,000
 U-Boot is a binary that's signed and verified by the boot ROM or the secondary payload loader,

171
00:09:21,000 --> 00:09:25,000
 and U-Boot then handles verifying the signature of the fit image.

172
00:09:25,000 --> 00:09:29,000
 That's what it looks like in U-Boot.

173
00:09:29,000 --> 00:09:33,000
 So a U-Boot applet runs. U-Boot applets are not subject to GPL.

174
00:09:33,000 --> 00:09:38,000
 U-Boot developers have been pretty clear on this for several decades, I think.

175
00:09:38,000 --> 00:09:44,000
 So yeah, basically during the boot process, the FPGA has both an A and B firmware,

176
00:09:44,000 --> 00:09:46,000
 and it has signature lists.

177
00:09:46,000 --> 00:09:50,000
 The signature lists are converted into an FTT during U-Boot initialization,

178
00:09:50,000 --> 00:09:54,000
 and then that's used to verify the fit image that it then boots.

179
00:09:54,000 --> 00:10:01,000
 And this applies both to devices that have a single-stage boot process and a two-stage boot process.

180
00:10:01,000 --> 00:10:03,000
 So my hacky solution here.

181
00:10:03,000 --> 00:10:06,000
 Meraki devices run Linux, so let's obtain the GPL source code from them.

182
00:10:06,000 --> 00:10:09,000
 Let's build our own firmware. Step three is up to your imagination,

183
00:10:09,000 --> 00:10:13,000
 and step four is profit, although this is open source, so no.

184
00:10:13,000 --> 00:10:17,000
 I call this Post Merk OS. It's a play on words from Post Market OS,

185
00:10:17,000 --> 00:10:21,000
 which you may know from phones. It's Post Meraki OS.

186
00:10:21,000 --> 00:10:24,000
 It's an open source firmware. The most mature target is the MS220,

187
00:10:24,000 --> 00:10:26,000
 because that's what I've been working on for the longest.

188
00:10:26,000 --> 00:10:29,000
 There's a pre-alpha for the MS210 and 225 series,

189
00:10:29,000 --> 00:10:33,000
 because the MS210 and 225 are actually the same hardware inside.

190
00:10:33,000 --> 00:10:36,000
 It's based on Buildroot, just because that's what I'm familiar with.

191
00:10:36,000 --> 00:10:41,000
 You flash it via SPI, because NAND tools are expensive and NAND is hard to work with.

192
00:10:41,000 --> 00:10:44,000
 And it uses the vendor kernel, so we're stuck on 3.18,

193
00:10:44,000 --> 00:10:49,000
 because that's the kernel modules that I have, and I don't have access to rebuild those.

194
00:10:49,000 --> 00:10:54,000
 And there's local management via SSH and your standard BusyBox CLI.

195
00:10:54,000 --> 00:10:57,000
 MS120, there may eventually be a firmware or not.

196
00:10:57,000 --> 00:11:01,000
 It depends if we can manage to find some holes in their secure root implementation.

197
00:11:01,000 --> 00:11:04,000
 So future work. Data shoots are really hard to come by,

198
00:11:04,000 --> 00:11:08,000
 and none of the vendors want to give them to you unless you give them lots and lots and lots of money,

199
00:11:08,000 --> 00:11:10,000
 and promise never to share them with anyone else.

200
00:11:10,000 --> 00:11:14,000
 So if anyone knows of a random server where I can find them, I would be really, really grateful.

201
00:11:14,000 --> 00:11:19,000
 I know vendors like Broadcom and Marvell are not eager to give up that information.

202
00:11:19,000 --> 00:11:25,000
 Mainline or OpenWRT support may be possible on the smaller MS120 series,

203
00:11:25,000 --> 00:11:31,000
 because Microchip has an SDK, which includes support for the LUT and 26,

204
00:11:31,000 --> 00:11:36,000
 which is the ASIC used in the smaller switches, which actually has a very recent kernel.

205
00:11:36,000 --> 00:11:40,000
 However, the Jaguar One chip, which is used in the 48 port versions,

206
00:11:40,000 --> 00:11:42,000
 there's no data sheet and there's no support in Microchip's SDK,

207
00:11:42,000 --> 00:11:47,000
 so it's unclear if there will ever be support for OpenWRT or Mainline kernels.

208
00:11:47,000 --> 00:11:50,000
 Another possibility is creating a Frankenfirmware.

209
00:11:50,000 --> 00:11:55,000
 The BCM56160, which is in the MS210 and 225 series,

210
00:11:55,000 --> 00:11:59,000
 is used in other switching products from other vendors such as Ares and Quanta.

211
00:11:59,000 --> 00:12:04,000
 So we could potentially just lift components from their firmwares and run them on Meraki hardware

212
00:12:04,000 --> 00:12:08,000
 and then have a more traditional switch.

213
00:12:08,000 --> 00:12:10,000
 So I want to give some kudos here.

214
00:12:10,000 --> 00:12:13,000
 I'm not the only person working on giving Meraki devices a second life.

215
00:12:13,000 --> 00:12:17,000
 Leo Lung has some notes on the MS220, which inspired my work.

216
00:12:17,000 --> 00:12:22,000
 RiptideWave93 and Clayface are both working on OpenWRT support for other Meraki devices,

217
00:12:22,000 --> 00:12:26,000
 and it's great to see other people in the community working to prevent e-waste.

218
00:12:26,000 --> 00:12:28,000
 I want to give some negative kudos here, too.

219
00:12:28,000 --> 00:12:31,000
 Meraki GPL is really, really hard to get.

220
00:12:31,000 --> 00:12:34,000
 They don't provide a written offer with their products, as far as I know.

221
00:12:34,000 --> 00:12:37,000
 They don't mention any GPL software used in their dashboard,

222
00:12:37,000 --> 00:12:40,000
 and there's no officially documented way to contact them to request a GPL source code.

223
00:12:40,000 --> 00:12:44,000
 So if you have a Meraki product, whether you're interested in open source or not,

224
00:12:44,000 --> 00:12:48,000
 please email open-source@meraki.com and ask them for the GPL source code for your product.

225
00:12:48,000 --> 00:12:52,000
 However, you may wait a long, long, long time.

226
00:12:52,000 --> 00:12:58,000
 I've waited over a year for certain products for them to provide the source code.

227
00:12:58,000 --> 00:13:01,000
 So yeah, not very cool of them since they're using GPL software

228
00:13:01,000 --> 00:13:03,000
 and making it difficult to get the source code,

229
00:13:03,000 --> 00:13:07,000
 but I can see why, because it's late-stage capitalism.

230
00:13:07,000 --> 00:13:08,000
 And we've been here before.

231
00:13:08,000 --> 00:13:11,000
 After Cisco bought Linksys in the early 2000s,

232
00:13:11,000 --> 00:13:14,000
 it also became very hard to get GPL source code for their products,

233
00:13:14,000 --> 00:13:18,000
 and it took a lawsuit from the Free Software Foundation to change that.

234
00:13:18,000 --> 00:13:21,000
 So yeah, hope it doesn't end up in court again,

235
00:13:21,000 --> 00:13:26,000
 and that they see the light of contributing back to the community, but we'll see.

236
00:13:26,000 --> 00:13:32,000
 So I have a very short demo, and I hope the demo gods will shine on me,

237
00:13:32,000 --> 00:13:35,000
 although I did have some pre-preparation.

238
00:13:35,000 --> 00:13:41,000
 So this is SSH from the presentation laptop to the switch, which is running right here.

239
00:13:41,000 --> 00:13:47,000
 There's nothing really too exciting to show you here, because it's all pretty basic.

240
00:13:47,000 --> 00:13:49,000
 But...

241
00:13:49,000 --> 00:13:54,000
 So there you can see all the ports on the switch.

242
00:13:54,000 --> 00:13:57,000
 I'm plugged into port 4, so you know, got a gigabit link there.

243
00:13:57,000 --> 00:14:03,000
 And I also wrote a daemon to query the PoE and configure it,

244
00:14:03,000 --> 00:14:06,000
 so you can see the status of the PoE ports.

245
00:14:06,000 --> 00:14:09,000
 I don't have any PoE devices here, so there's not really much to show.

246
00:14:09,000 --> 00:14:13,000
 But yeah, that's basically what I've got.

247
00:14:13,000 --> 00:14:16,000
 So thank you so much for your time and attention this morning.

248
00:14:16,000 --> 00:14:18,000
 I'm available for questions off to the side.

249
00:14:18,000 --> 00:14:23,000
 And yeah, if you own a Meraki device or work for someone who deploys Meraki devices,

250
00:14:23,000 --> 00:14:27,000
 please email them and ask for the source code and throw it up on GitHub.

251
00:14:27,000 --> 00:14:31,000
 I think we can work together to show them the light.

252
00:14:31,000 --> 00:14:34,000
 And yeah, thanks very much for your attention.

253
00:14:34,000 --> 00:14:38,000
 [applause]

254
00:14:38,000 --> 00:14:40,000
 Thank you, Hal.

255
00:14:40,000 --> 00:14:44,000
 [applause]

256
00:14:45,000 --> 00:14:49,000
 [music]