Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
20
Posted by
CCNA
2 years ago
Archived

Thoughts on Cisco Meraki?

107 comments
78% Upvoted
This thread is archived
New comments cannot be posted and votes cannot be cast
27 points · 2 years ago

I would say great for MSPs since management is cloud based. Otherwise I think they are too expensive for what they are... And hardware that turns into a brick if you don't pay annual license fees is not cool in my books. Additionally I don't like to rely on resources outside of my control for management of my infrastructure.

If you decide not to renew your licence, you can always flash your Meraki APs with OpenWRT to give them a new lease on life.

3 points · 2 years ago

That is pretty cool & about time somebody did that. Hopefully you will get more hardware supported. I'd definitely try this route out when my MR18 license expires.

A 3 year license is $180....

EDIT: Everything except their outdoor APs have a lifetime warranty, even their SFP cards.

0 points · 2 years ago

List price is $300/AP for 3 year license, its right on Meraki's website - https://meraki.cisco.com/buy/cost-calculator. Sure however, you are a sucker if you pay list price.

Regardless of the actual price point per year, that is still $ that you could have used to buy your own controller to have local on your network and not be dependant on the manufacturer provided service for the day to day management of your network.

I pay $800 for a MR34, $180 every 3 years, and get a true lifetime warranty and I never have to touch it unless it dies or I need to make a change nor do I "need" to have any kind of specialization. Cost vs man hours wasted, troubleshooting, etc.. worth it for me, the management doesn't kill bandwidth, support can make changes for me if I can't figure it out, i don't have day to day management, I've never had that with a daily usage of 2,000 users, if you have daily management your doing something wrong.

0 points · 2 years ago

I pay $800 for a MR34, $180 every 3 years

Again, you might notice i said list price. Its not really fair to compare the price you pay, because the price you pay might be different than what the business next door that has 1/4 the AP count that you do. Even list price isn't a great comparison, but I'm not about to go and quote out 5 solutions for the same use-case for the purpose of a reddit post.

support can make changes for me if I can't figure it out

This is a strike against Meraki in my books. I'd pay extra for a solution where the a 3rd party can't access my infrastructure without my authorization. I'm sure I'm completely alone in this though.... There are many environments where this is an automatic ban of the hardware.

i don't have day to day management, I've never had that with a daily usage of 2,000 users, if you have daily management your doing something wrong.

You are taking the phrase day-to-day management way too literally. However if you'd really like to try and use that in an attempt at an insult to discredit another's opinion, that is your prerogative.

I pay $800 for a MR34, $180 every 3 years

Again, you might notice i said list price. Its not really fair to compare the price you pay, because the price you pay might be different than what the business next door that has 1/4 the AP count that you do. Even list price isn't a great comparison, but I'm not about to go and quote out 5 solutions for the same use-case for the purpose of a reddit post.

CDW, don't even have to barter that's just the price they gave when we requested it, only have 4 meraki devices.

support can make changes for me if I can't figure it out

This is a strike against Meraki in my books. I'd pay extra for a solution where the a 3rd party can't access my infrastructure without my authorization. I'm sure I'm completely alone in this though.... There are many environments where this is an automatic ban of the hardware.

Meraki has a specific option that prevents support from even SEEING your network at all if so you choose, wouldn't count that against them.

i don't have day to day management, I've never had that with a daily usage of 2,000 users, if you have daily management your doing something wrong.

You are taking the phrase day-to-day management way too literally. However if you'd really like to try and use that in an attempt at an insult to discredit another's opinion, that is your prerogative.

Not using it as an attempt to discredit you, nor a insult, just saying if that's what your doing then you should reevaluate, our time is better used elsewhere, that's the whole point of a managed solution.

3 points · 2 years ago

This is the last I'll say regarding the price topic. I never said anywhere your price was not possible. I only said if you are going to compare solutions its basically easiest to go by list price unless you really feel like quoting out solutions properly for the purpose of a Reddit post where nobody is going to care.

support can make changes for me if I can't figure it out

This is a strike against Meraki in my books. I'd pay extra for a solution where the a 3rd party can't access my infrastructure without my authorization. I'm sure I'm completely alone in this though.... There are many environments where this is an automatic ban of the hardware.

Meraki has a specific option that prevents support from even SEEING your network at all if so you choose, wouldn't count that against them.

Do you honestly believe that this prevents meraki from touching your devices? This does not prevent them from doing anything. It's basically just asking them not to. No matter what they have the keys to your equipment and can do whatever they want if they wish. Your equipment is 100% dependant on their backend. You can't configure it without their backend, so what makes you think they can't configure it using that same backend if they choose to considering they control the backend? Sure they will take some heat if the get caught doing it, but the point is they can if they want to. That makes their hardware completely unsuitable in environments where security is a high concern.

I'm sure they do have this setup so a certain tier of employee can't see my devices, but there is no way that applies to all employees. Whoever has top tier access to their systems can certainly see everything connected to their systems.

Would you be okay if MS had admin access to all your MS software remotely and had the ability to connect and configure without you having get them logged in everytime? Would you feel protected if you clicked a check box on MS's website that said 'no thanks' yet all your software is still connected to their backend?

Technically it is, Windows updates can set all kinds of BS, but I digress, I may have gotten worked up but the superb owl has taken my attention elsewhere

Have you called MS support/Cisco or any other company for that matter lately? First thing they want to do is establish a remote session so they can look and see what is going on.

As systems become more complex and as Internet connectivity becomes more prevalent, reliable and fast this is the natural evolution of things. Why listen to someone describe the problem when you can remote in and see exactly what is happening.

As far as I know that setting prevents Meraki support personnel from accessing my config. Does my data still exist in their cloud sure, could they break in if they really wanted to, probably. At the same time mainline support cannot access my config unless I remove that setting.

Your Microsoft box that is sucking down updates every week, do you really think it is that much more isolated?

3 points · 2 years ago

Have you called MS support/Cisco or any other company for that matter lately? First thing they want to do is establish a remote session so they can look and see what is going on.

No, on both cases, I have not. However let me stop you right away. There is a huge difference between them wanting to setup remote access that is only possible by me running $executable and them actually already having the ability and saying they won't do it without my verbal OK. That is the difference here. Can Cisco ( lets consider them different than meraki for a moment) run a packet capture without your knowledge on your 1600 series AP? No because its not connected to a Cisco command and control server. Can the same thing happen on a meraki? Yes. And you are unlikely notice unless you heavily monitor traffic. The meraki gear does whatever the meraki back end tells it to.

As systems become more complex and as Internet connectivity becomes more prevalent, reliable and fast this is the natural evolution of things. Why listen to someone describe the problem when you can remote in and see exactly what is happening.

Maybe because the data traversing your network is of a sensitive nature? Do you think your countries military is cool with highest rated secrets going over a network that employees of a company that lack proper clearance could run packet capture on? Where is the line drawn? Military secrets? CEO banking details? Suzie from HR had breast cancer? People that use the network you run have entrusted you with those secrets its your job to make sure they stay secret. Are you cool with the idea that a 3rd party company that you don't have any legal agreement with has access to these things?

As far as I know that setting prevents Meraki support personnel from accessing my config. Does my data still exist in their cloud sure, could they break in if they really wanted to, probably. At the same time mainline support cannot access my config unless I remove that setting.

I'm happy you acknowledge that your network is not 100% under your control. How does your CTO feel about that fact?

Your Microsoft box that is sucking down updates every week, do you really think it is that much more isolated?

First... Automatic MS checking and install of MS updates csn be turned off client side. Second, A MS machine will work into perpetuity without an internet connection, without windows updates, etc. A piece of meraki gear will not.

Herder of Packets
3 points · 2 years ago

Can the same thing happen on a meraki? Yes. And you are unlikely notice unless you heavily monitor traffic.

Especially, since the data into the Meraki cloud is encrypted you won't even be able to catch its content running a packet capture on your edge router.

First... Automatic MS checking and install of MS updates csn be turned off client side.

Tell that to Windows 10 home users.....

show dot11 ass
1 point · 2 years ago

I'm happy you acknowledge that your network is not 100% under your control. How does your CTO feel about that fact?

Being 'completely not within your control' is not necessarily accurate, there are plenty of ways to isolate the Meraki to only pass specific traffic, without granting additional access and/or visibility into the rest of your environment.

I appreciate oversensationalism as much as the next guy, however.

No his pricing is right on. Medium biz here purchased 4 mr34's and 3 year license. Got this exact pricing from my CDW rep yesterday.

The fact that they have different prices from their website than if you work through a rep is part of the problem. Fuck companies that punish you for not talking to their sales departments- sometimes I just want to buy something and move on with my life.

-1 points · 2 years ago

Nowhere did I say his price was wrong. I only said comparing his price to anybody else's is not a fair comparison because there are other unknown factors. For example I would expect somebody buying 100 units to be paying significantly less per unit than somebody only buying 6. I have no doubts you can get that meraki license for 180, but the 300 I mentioned above is also not wrong, its right on their own website at the link I posted. You will also notice I said right up there that anybody that pays that list price is a sucker.

This is a strike against Meraki in my books. I'd pay extra for a solution where the a 3rd party can't access my infrastructure without my authorization

Meraki has an option in their menu that locks out Meraki support. You the end user controls that option. If you want support locked out you can do it. (doesn't cost any extra)

Herder of Packets
1 point · 2 years ago

This is a strike against Meraki in my books. I'd pay extra for a solution where the a 3rd party can't access my infrastructure without my authorization. I'm sure I'm completely alone in this though...

No, it's the two of us. :(

Welcome to the downvote train, was starting to think I was the only passenger.

Herder of Packets
1 point · 2 years ago

Strange, isn't it? You would think there would be interest in discussing obvious design flaws.

Seems to me Meraki is becoming the next Apple.

You have local access if needed, but that is more for short term if the connectivity to the internet is shot.

3 points · 2 years ago

The local access doesn't really let you do anything beside change the IP and a few radio settings I believe. That's how it is on my MR18.

I think the local access on the firewalls and switches are a bit better. Basically you should be able to recover from any sort of issue caused by misconfiguration.

~]$ cd /pub && more whisky
13 points · 2 years ago

Great for SMB's, easy to use and deploy. A bit on the expensive side.

3 points · 2 years ago · edited 2 years ago

in a SMB environment if you compare Merkai with 5yr license vs Cisco with 5yrs of smartnet, Meraki is usually cheaper.

[deleted]
4 points · 2 years ago

Why is Cisco even being compared here? You picked one of the more expensive vendors out there. Kind of a weak argument IMO.

There are only a few brands that can offer a full suite of products (router/vpn/switch/wifi). If you break down each of those you can find individual companies that offer better options within that vertical. Meraki's main advantage lies in it's great management across the entire line of products that typical SMBs need. Prior to Meraki, Cisco offered products that would fit into this model and price point.

Meraki hardware is built solid and operates well. Its price point is below mainline Cisco gear and the combination of all of this makes it a great solution for SMB. Large companies may need more complexity and some SMBs need a lower price point.

I can tell you that managing an SMB network with Meraki will cost you less in management over the years than any combination of lower cost hardware. Many SMBs outsource their network work. If you have someone in house that can mess with Ubiquiti hardware great. If the SMB outsources their IT then every time they need something done it translates to direct cost.

[deleted]
1 point · 2 years ago

I can tell you that managing an SMB network with Meraki will cost you less in management over the years than any combination of lower cost hardware. Many SMBs outsource their network work. If you have someone in house that can mess with Ubiquiti hardware great.

If you use Ubiquiti's Unifi line then you get complete management of your entire network (including multi site support) through a single interface- routing, switching, security, wifi and even voip if you want. That's pretty darned easy and the equipment is 1/4 the price of Meraki with no annual fee. Meraki has a wonderful interface and offers some great features- but they're still unlikely to be able to compete on price- even taking into account management of the devices.

Ubiquiti gear has some limitations- but for a SMB- it's a great value.

I'd argue Meraki makes more sense in larger businesses because of the feature set and because you have a lot of power to negotiate on the pricing.

If money is no object- Meraki is a no-brainer. If cost is the driving factor- Ubiquiti will get you 90% of the same functionality for a lot less money.

Source: I use (and love) both Meraki and Ubiquiti gear.

I just replaced an entire floor of Unifi APs because their firmware is complete garbage. I got tired of dropped clients, slow wifi complaints.

I've got their edge switches in, and edgerouter elsewhere and it works great, but seriously, they can fuck off with their APs until they are 100% stable.

[deleted]
1 point · 2 years ago

What Unifi APs were you running (model/revision)? What firmware were you running on them?

They have numerous different firmware revisions and condemning all of their code based on one doesn't make any sense.

I can't speak to your experience but we haven't had any problems. In fact- we've had more problems with our Cisco APs than the Ubiquiti ones. We've got a few of the new AC-Pros as well as countless AC v2's and the only problem is the lack of 802.11r support right now.

I've had everything from AP-LRs to ACs. I don't have the details about revision, but when I go into the office I can check.

I just really feel like they fall flat on their face in a high density setup compared to other brands. The Meraki's can handle on average 10-15 more client connections than the Unifi, at least in our environment.

[deleted]
1 point · 2 years ago

I just really feel like they fall flat on their face in a high density setup compared to other brands. The Meraki's can handle on average 10-15 more client connections than the Unifi, at least in our environment.

Why do you blame that on the firmware though? That could just as easily be a limitation of the chipsets they use and their processing power.

That said- on the older stuff a Meraki will handle 25%-50% more clients and costs 4 times as much. I'm not sure I consider that a problem- just a different value proposition.

In my opinion the main issue they have is the lack of 802.11r. I'm not really sure how they've managed to go this long without it.

2 points · 2 years ago

Agreed, and I think that is a root cause of my original problems. People in my environment roam with their laptops very often.

Cisco owns Meraki, so it's really just comparing two different product lines of the same vendor. That seems fair.

Have you seen their "Advanced" licensing prices for the larger devices, its ludacris, you can get the comparable ASA with sourcefire licensing( which is the same signature database) for 2/3s the cost. Meraki is only good for SMB when a MSP is involved in my opinion. That or when you have a bunch of branches and you have a bunch of generalists that don't know how to properly configure firewalls and switches.

Advanced includes advanced scanning and filter features (AV, content filtering, intrusion detection). If you want all that stuff in an ASA then you have to license it and the price goes up. A base ASA will compare with the Meraki Enterprise feature set and the Meraki will still win on price and offer more features. (https://docs.meraki.com/display/MX/Licensing)

That's why I said with sourcefire licensing, its still more than the ASA. A client wanted pricing for gigabit throughput... It's an SMB that didn't understand the pricejump for firewalls

The Enterprise/Advanced license model only exists for the MX (router) devices.

0 points · 2 years ago

How you ain't gone fuck?, bitch I'm me

I'm the goddamn reason you in V.I.P

This took me wayy too long to catch onto haha

Take all the exams!!!!11
3 points · 2 years ago
  1. It is not datacentre grade kit. You could run a company on it and an MSP could sell and manage it for a company. But if you are P-Cloud, just no. You suffer from the lack of VRF and in separation tech like contexts in ASA.

  2. It is broadly cheaper than mainline Cisco kit when you take SmartNET costs in to consideration especially.

  3. The application and traffic profiling, web and content filtering features in the adv sec license are a god send for ISO27001, and CSA Star: it covers all the DLP requirements and then some, when configured accordingly, without any per user charging.

  4. VPN without per user charging. As long as there is capacity, you will connect.

  5. It includes a pretty good mobile device management for 100 devices at no extra cost. More is not that expensive.

2 points · 2 years ago

My main issues are the lack of separation in a multitenant or hosting situation (e.g. VRF and multiple contexts). I know that's not the intended use case, but the excellent Auto-VPN and management features make it tempting to want to try...

Also, client VPN for Mac doesn't support split-tunneling without going through some BS.

You can't use the Meraki Auto-VPN between "Organizations", so that's a consideration.

The firewalls need to be sized properly. The Z1, MX64 and MX84 are reasonably priced. Things go crazy when you move to higher-end models (compared to something like a Cisco ASA).

The access points have been great. No issues ever.

The Meraki switches aren't compelling at all. The management and pricing model falls apart for them, compared to something like ProCurve. Remote switch management generally isn't difficult, so I don't think Meraki's offering adds much there.

Take all the exams!!!!11
1 point · 2 years ago

I'm considering Meraki for our internal IT weavee around our hosted platform. At the moment we are just treated as another tenant but the security features make a good case for us.

We are a windows only shop. I like Linux for a server, but when you need predictable, controlled standardised desktop computing Windows and the plethora of security tools is essential.

There are some neat bulk update controls on the switches but yeah I agree nothing all that tremendously amazing.

I'm a CLI guy almost ardently but Meraki impressed.

Honestly, the best set up would be Meraki APs, and Ubiquiti switches. I have 8 Meraki APs paired to a Ubiquiti 48-500 switch and it works wonderfully.

It should be noted that once you get past 100, you have to pay for the entire 100 before you move to 101.

MSP here. We love them. Not only is the management for multi-tenant awesome, they are way easier to use and configure for the general techs.

show dot11 ass
2 points · 2 years ago

What specific usage are you looking for?

There are a few uses that their equipment does really well, but everything else is perhaps a bit limited or non-existent (looking at you, VRF).

We use MX devices as managed VPN appliances at work. The speed and ease of deployment are pretty unrivaled, especially when you are dealing with clients who have their receptionist also double as the IT person.

Network Worrier
2 points · 2 years ago · edited 2 years ago

Yes, they are more expensive. Yes, they require a subscription.

I have a bunch (~20) of locations that I alone manage. I get a 5 year license subscription for all of them. When the 5 year license is up we will likely start replacing the units. 6 years max. I ship them directly and provide instructions on how to configure the static, after that its gravy.

Example, This new MX84 with a 5 year adv sec license is ~$6100. That includes a source fire sub and some other sec features. (its about $1800 less than Meraki's site)

I have deployed it at a few hotels, it routes the WiFi and the office.

They make sense of me, and I have never had an issue with the equipment.

They will never beat Ubiquiti for price however compared to mainline Cisco they are cheaper.

Second all the great comments about remote management and multi-tenancy. If you have lots of different SMBs to manage no one can beat their remote management ease and options. Things like built in wireshark, dual WAN config, automatic hot spare, automatic mesh mode, external notification of events, etc.

If cloud/subscription adds usable, quality, features then it is worth the service. This is an example of that.

[deleted]
1 point · 2 years ago

Ubiquiti now has dual WAN config as well, and notifications also (those have been around for awhile).

If your WAN goes down the only way to notify is if you have a monitor system external to your site.

[deleted]
2 points · 2 years ago

Which is why you create a BS forum account and then link a cloudkey at each site to it.

Works amazingly well, and gives you a reverse tunnel into the onsite controller behind the firewall/NAT.

Where do you create the forum account? Is that just as secure? You have a tunnel to the onsite controller but you also need to run a different system that will monitor the WAN link from the outside and let you know when the WAN link status changes.

Sure you can accomplish all of this with any system. With Meraki it's all built in and accessible with a few clicks. Doesn't mean good or bad but those management systems that come built in are part of the service. Its part of what the yearly service gets you.

Not everyone can just snap off the steps you just mentioned.

[deleted]
1 point · 2 years ago · edited 2 years ago

You go to community.ubnt.com and create an account. Now plug in a cloudkey ($89 or so). It's a tiny quadcore local controller. Log into it via the web interface. Click on "Cloud Access" -> input forum login / password. Done. Now to go https://unifi.ubnt.com and login with those same forum credentials. Hey look, your cloudkey shows up! You can also create multiple sites that are attached to that same cloudkey with different access levels. You can also attach hundreds/thousands of cloudkeys to the same account.

Now here's the cool part. Using that unifi.ubnt.com login, you can get "local" access to each site/cloudkey even though they're (hopefully) behind a firewall/nat, as there is a reverse tunnel that gets created when the cloudkey (or just unifi controller package) is attached.

That's... a few clicks, right?

Edit: Another option is simply layer3 provisioning.

One way to do it is create a unifi controller on ubuntu or similar in AWS. Then you use a DNS host entry on the site router (Unifi Security Gateway, or whatever router you have there) to point to your AWS instance. Each device plugged in looks for "unifi" in DNS, and tries to associate with it. Then adopt/provision. Any time a device goes offline, changes settings, etc there are notifications. You can have the "offline" ones be emails/sms.

[deleted]
2 points · 2 years ago · edited 2 years ago

One way to do it is create a unifi controller on ubuntu or similar in AWS. Then you use a DNS host entry on the site router (Unifi Security Gateway, or whatever router you have there) to point to your AWS instance. Each device plugged in looks for "unifi" in DNS, and tries to associate with it. Then adopt/provision. Any time a device goes offline, changes settings, etc there are notifications. You can have the "offline" ones be emails/sms.

This is exactly how we do it. All sites have a "unifi" entry in DNS pointing to our AWS "cloud" controller. I don't even have to configure the AP's before sending them out. The on site team just plugs them in and they appear in my controller. I adopt them into the right site, apply the WLAN group, and I'm done.

[deleted]
2 points · 2 years ago

Meraki scales well. Companies like it as the system is cloud based.

2 points · 2 years ago

Currently using Aruba, nothing to write home about. Looked at ubiquity and got the impression it was the poor mans solution that lacked some enterprise functionality. Deciding between Meraki and Ruckus personally....don't need a cloud based management system though personally and Ruckus is significantly cheaper than Meraki. (albeit Ruckus do have a cloud based management system in the works but lacking in some features currently)

Ruckus

I'm not really a wifi person, but our engineers drool over Ruckus and think Meraki are overpriced cloud junk. That may be purely anecdotal though.

[deleted]
1 point · 2 years ago

Looked at ubiquity and got the impression it was the poor mans solution that lacked some enterprise functionality.

You just have to define your requirements. Do you need a security radio or other feature that Ubiquiti doesn't support?

The main problem for Ubiquiti right now is lack of 802.11r support. It's in beta and being tested- but it's not in general release yet (AFAIK). If you're doing enterprise authentication- the current system sucks.

Once they finally release fast roaming support- I'm going to have a hard time justifying Meraki/Ruckus/Aruba for the vast majority of our deployments. It's hard to argue with inexpensive AP's, free controller software, and free software updates- especially when costs are a concern.

Awesome. Solid wireless, decent pricing. Ease of management is amazing.

Yep. This exactly. A+ support too.

Comment deleted2 years ago

We've had 802.11r enabled for over a year, on old gear too (MR-16's)

[deleted]
1 point · 2 years ago

GAH! This post was supposed to be in response to a Ubiquiti post- not your Meraki post. No clue how I managed that. Deleted it and posting in correct subthread. Sorry about that.

CCNA
2 points · 2 years ago

i am the main IT guy for a small business with maybe 40 or so meraki AP's across 5 sites.

they're great. some of the features they have are a life saver. one time, there was an unintended change at a site, where we had to change the network range and gateway IP. most clients were on dhcp, and worked great, however, the AP's had been setup static, the meraki's were smart enough to figure that out, and failback to DHCP to talk to thier cloud service. our wifi networks still worked, i was able to go into the cloud service, and put them back on an IP range that i wanted them on. neat service.

Herder of Packets
2 points · 2 years ago

Copying from my post in /r/Cisco :

My critique is mainly based on the cloud based design, licensing policy, and SLAs. This is something the best hardware cannot overcome (unless reflashing them with an alternative OS).

  • Due to the cloud based design, Cisco Meraki can disable features or your complete network and there's nothing you can do about it.
    Not saying they will but how am I supposed to sell a product to my customers I cannot control?

  • License duration will change when you add additional devices into your network. Most enterprises won't cope well with varying license durations.
    Oh look, your license expired (for all devices) but the renewal budged hasn't yet been approved.

  • RMA is next business day only. Bad luck, need to keep my own spares for critical devices.

And most importantly:

  • They are collecting loads of mobility data. While this is something many businesses want, this data is owned by Cisco Meraki.

  • They tell us they won't collect any production traffic but traffic into the cloud is encrypted and I have no way of verifying which data flows into the cloud.
    For me, this is a serious liability concern.

What I really like is the fast deployment mode and the Dashboard. Would be great if Cisco sold this separately to be integrated into a classical WLC infrastructure.

I agree with the cost. What do you guys think about Aruba and Ubiquiti?

We use ubiquity and they are great! They have excellent wifi coverage and the management is real easy

I like graphs
5 points · 2 years ago

I really wish the Ubiquiti EdgeRouter line had centralized management.

Ubiquiti AP's are solid.

Meraki is great for MSP's to pass the cost on and get ease of management. I find them abit on the expensive side for my needs.

I'm interested to see what Aruba does now that it owns the HP2920 series switches.

1 point · 2 years ago

There is a unifi gateway. Not sure how good it is.

I like graphs
1 point · 2 years ago

Everything I've read about it has been pretty lack luster.

[deleted]
1 point · 2 years ago

I really wish the Ubiquiti EdgeRouter line had centralized management.

The EdgeRouters are a much more powerful router than most people would be capable of configuring with centralized management. We're doing multiple BGP sessions, OSPF, and plenty of route-maps to control the routing. Doing that from a centralized console would be incredibly difficult and probably pretty painful.

CCNA
3 points · 2 years ago

Another vote for Ubiquiti. We replaced our mix of Cisco and Meraki APs with Unifi APs and have been very pleased with the results. Definitely the most bang for the buck.

[deleted]
1 point · 2 years ago

Definitely the most bang for the buck.

This is the biggest thing. Cisco and Meraki (and Rucks and Aruba) do offer some features that Ubiquiti doesn't- but you get 90% of the functionality for 1/4 the price.

Network Worrier
4 points · 2 years ago

Ubiquiti is awesome. APs are awesome, the UniFi switches are solid, UniFi Sec gateway is junk, EdgeRouter is great, UniFi Video is pretty good (the micro cameras are super handy), Point to Point stuff is amazing.

I have 10 hotels that I have outfitied with UniFi APs. Asside from one firmware issue a while back, they are running great.

I like Ubiquiti overall, their APs and bridges are great. I do not like that the Unify AP's below the pro model don't follow PoE standards.

I really like Aruba IAPs, the controllerless design is really nice, which is something I wish UBNT had. The only real complaint I have had about Arbua is some issues with setting up guest wifi with a long ToS to link them before they get on the network.

[deleted]
1 point · 2 years ago

Below the "pro" model is more for home users. Their new in-wall AP was retooled after SuperUsers and alpha testers threw a fit, so it's now 48v 802.3af as well. (It is only 100Mbps on the LAN though, so it's good for hotels but not a whole lot else except maybe residential).

[deleted]
1 point · 2 years ago

I do not like that the Unify AP's below the pro model don't follow PoE standards.

I'm not even sure why they do that- POE chipsets are dirt cheap. I think the logic is just that home users are unlikely to have a POE switch so why bother.

I really like Aruba IAPs, the controllerless design is really nice, which is something I wish UBNT had.

You could configure the Ubiquiti APs without a controller- it would just be painful. They run Linux and you can ssh to them and edit the config files by hand- though I would never in a million years recommend this.

That said- the controller is only used for configuration. You could run it on your laptop and just start the controller software when you need it (assuming appropriate DNS and all that). Or you can spin up a VM in AWS using the free tier, configure your APs, and then shut it down. Spin it up again whenever you need to reconfigure something. If the controller goes down- the APs aren't affected- they keep right on running.

Take all the exams!!!!11
1 point · 2 years ago

Ubiquiti is great but you can't make the controller software HA. Aruba ... Meh. Have some. Wish I had Meraki instead tbh.

[deleted]
1 point · 2 years ago

Ubiquiti is great but you can't make the controller software HA.

The controller is only for management- if it goes- the APs keep right on working- you just can't reconfigure them.

In our case we run our controller in AWS on a t2.small instance with hourly snapshots. If it goes down- we simply spin up a new instance using the snapshot- no harm, no foul. HA would actually cost us more than the current system and wouldn't really get us much.

Take all the exams!!!!11
1 point · 2 years ago

I thought the controller was required for dynamic auth utilising radius integration. This may well just be my misunderstanding.

[deleted]
1 point · 2 years ago · edited 2 years ago

Nope- all APs perform their own authentication against the RADIUS server. The controller could burn down, fall over, then sink into the swamp and everything would just keep working.

As I said- HA for the controller just isn't that important :)

Take all the exams!!!!11
1 point · 2 years ago

Retract my original statement then!

[deleted]
1 point · 2 years ago

I have to give Ubiquiti a lot of credit. They've built a pretty well designed product at an incredibly attractive price point. When they finally roll out 802.11r support I will be a very happy camper.

Considering Amazon will give you a t2.small instance for free every month- it's worth setting up a cloud controller just to play with it. If the local site has a DNS server- just add a "unifi" entry and point it at your server. You literally don't need to configure anything at that point- just plug in the AP and it appears in your controller.

Take all the exams!!!!11
1 point · 2 years ago

Oh I have it up and running myself, just the one AP. I used manual enrollment on the ssh interface to point it at a remote site. I have a handful of CentOS servers around the place so installed the controller on there.

[deleted]
1 point · 2 years ago

Oh I have it up and running myself, just the one AP.

Ahh ok. If you do end up setting up RADIUS auth you'll need to specify the AP address as the source and not the controller.

The last post in this thread explains it a bit more:

https://community.ubnt.com/t5/UniFi-Wireless/Unifi-WLAN-controller-not-authenticating-with-Radius-Server/td-p/1111071

I used manual enrollment on the ssh interface to point it at a remote site.

Like I said- if you control your own DNS- try just adding a record for "unifi" and pointing it at your server. You won't even need to use ssh to point it at the inform url- it will just work :)

CCIE #1937
1 point · 2 years ago

The biggest issue I have with the Meraki gear is the lack of robust debugging and troubleshooting features. I've also been bothered in the past with the lack of features in their firewall, but it's been a while since I played with them. One notable thing that soured me on the firewall was the fact that configuring a static default route was not a supported feature. The device would allowed us to configure it, but it wouldn't behave as expected and Meraki support told us it wasn't a supported config. Seriously? I can't fathom how a Layer 3 device can be sold without support for such a basic feature. Again, this was a while ago (maybe a year or so), but it left a bad taste in my mouth for Meraki.

Pretty big fan of the Ap's. We just bought around 2300 of the MR32's. Obviously buying in bulk we get crazy pricing, but TCO over the life of the product was very competitive up against Aerohive which was the other option.

Not a big fan of the firewalls. I think that including the cloud fee, TCO over time makes them a bit overpriced. Their IPSEC throughput is also pretty weak compared to others (fortinet, etc).

Also not a hug fan of the switches. Again i feel like including the cloud fee, TCO over time makes them overpriced. Newer switches from Brocade (ICX6xx, 7xxx switches) come with limited lifetime warranty's, next day replacement, software updates, support, etc.

They are good but if you want cloud management and a slightly less oppressive licensing scheme, Aerohive is also good.

The main difference in the licensing is that Meraki AP's will shut down if the license isn't paid whereas Aerohive will continue to work but not be configurable. I heard that Meraki was changing this model to match Aerohives but I haven't checked in a while.

Wireless is pretty good.

Switches are alright.. Personally don't feel they are worth the money.. Can't figure out why you would pay a subscription fee for basic switching.

The MX line is buggy awful shit. Stay far, far away from it.

Never used the MRM stuff.

The biggest problem, in my opinion, is that the company apparently has zero respect for the businesses of their customers. They release firmware willy nilly that are clearly untested and break stuff. Every month it's just something new.. It is awful.

I use them at all of our remote offices and love them. Nothing easier than not having to be onsite and only asking someone local to plug them in. I wouldn't have it any other way in a remote office environment with 0 local IT support.

I recently completed phase 1 of a Meraki rollout (roughly 420 APs) to replace a Xirrus system that was making me reach for the rageohol.

What sold me on Meraki was the ease of management and support; with the Xirrus system I had, support was an extra cost and my dealings with them led me to swear off their products forever. Meraki? I pay the licensing fee and that takes care of everything.

obsessed with NetKAT
1 point · 2 years ago

been hashed to death numerous times. this comes up probably four times a month. at least once. it feels like fifty, though.

try searching!

Factual Lies
2 points · 2 years ago

Agreed. Might be worth a wiki post if anyone could be bothered to do it. I have seen this same post at least 5 times since I started visiting this sub in November.

CCWE (Cisco Certified Webex Expert)
1 point · 2 years ago

We are trying out an MX84 and a bunch of Z1's for our people that are at least semi-remote. No more fucking around with AnyConnect and MTU sizes for those on DSL.

We just did a large deportment of Meraki APs for our new east-coast HQ. ~150 APs in a 55,000 sq. ft. space. By most metrics, we slightly overprovisioned but we have a high number of wireless clients per person due to our product.

They've been great. We have a couple Meraki only branch offices, and they do alright. Not great, but I think the issues are due to inconsistency of design or missed implementation details, not limits of the hardware or software.

All in all, I really like the product, especially the APs.

Aerohive.

Community Details

123k

Subscribers

561

Online

###Enterprise Networking Routers, switches and firewalls. Network blogs, news and network management articles. Cisco, Juniper, Brocade and more all welcome.

Create Post
r/networking Rules
1.
Rule #1: No Home Networking.
2.
Rule #2: No Certification Brain Dumps / Cheating.
3.
Rule #3: No BlogSpam / Traffic re-direction.
4.
Rule #4: No Low Quality Posts.
5.
Rule #5: No Early Career Advice.
6.
Rule #6: Educational Questions must show effort.
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.