Zyxel Replcaement with HPE Aruba
Posted by ChookityPop1@reddit | sysadmin | View on Reddit | 24 comments
Hi all,
I work as a SysAdmin in a School they have Zyxel equipment installed in 2021 they are Gigabit with 10Gb SFPs.
Current Config: 19 L2 Switches (mostly XGS1930), 1 L3 Core Switch and 45 APs (Mostly WAC6303D-S). There is a non-Zyxel router which is managed by the ISP.
The network switches themselves I think are fine - but the APs are terrible. They sometimes don't connect at all, have poor signal, poor speeds and more.
The school has 400 - 500 devices including iPads, Laptops/Wired Desktops and Phones and Access Control run on PoE.
I have been given a £15,000 - £20,000 budget for a new network. I can consolodate switches, have all of them as PoE ones to save on costs.
I was thinking of replacing both the switches (a voice in the back of my head says maybe leave them) and also all APs including outdoor ones with HPE Aruba kit including 6a capable.
What I do like about Zyxel is their Cloud Management Console - which has been helpful to locate missing iPads and Devices from time-to-time by seeing what AP they are linked to.
Can any one recommend a model to use, pros and cons of Aruba, and in your shoes would you replace the Switches if they seem fine?
Warrangota@reddit
Aruba and HPE in general is very aggressive with vendor lock-in in their switches. No unsupported modules that are noy whitelisted. Or lose all support when overriding it.
wrt-wtf-@reddit
Swit he’s switch and routers route. When they stop or their capacity is an issue you replace them, especially in an education restricted budget.
The AP’s may simply be installed and tuned incorrectly, you be amazed at how some professional tuning makes a big difference. Start as a minimum by dropping 802.11b and 802.11a (minimum standards) and if possible allow 802.11ac only. You may even consider dropping 2.4GHz all together - it’s the performance killer if you’re loading it up and haven’t designed or planned the wireless out.
Make sure all devices have their latest firmware.
No change to another brand is going to help your wireless issue if you don’t understand key design elements to get a system humming. The only major difference is the brand label on the outside of the box.
Connectivity issues can occur for various reasons - on wifi 5G using frequency band wider than 80MHz will refuse to connect with some devices, especially in an environment as you describe.
This is because of the way that standards based wireless bond the channels vs several vendors chipsets and software that can’t match the bonding pattern - they just fail to connect. This will also create poor performance if they do connect.
Also, after tuning - do not let the cloud balance your network or automatically assign frequencies. Again, not vendor unique but most do a worse job than having the system mapped out and tuned.
981flacht6@reddit
Since this is for a school, I highly recommend getting an e-rate consultant to help you putting this out to bid.
There's a significant amount of available funds that can help price this out at a crazy discount by going through e-rate route for both switching and access points.
The more you know about what you want also will help you in the process. It's too late in the year for FY26 to do it. But you can start working on speccing everything out and working w a consultant for next year if you're able to stretch this equipment out for at least another 9 months bc of timelines involved for everything.
malls_balls@reddit
I really hope HPE Aruba do heavy edu discounts in your region, otherwise there's no way £20k will get you 19 L2 POE switches, 1 x L3 switch and 45x 6e WAPs + Central licensing
Flaky-Gear-1370@reddit
I like Aruba and used to quite like Meraki but on your price point and you haven said your opex yet you’re probably better off with something like ubiquiti and holding cold spares
RCTID1975@reddit
I'd be focused on that ISP managed router first.
And where's your firewall?
ChookityPop1@reddit (OP)
Firewall managed by the ISP too. It’s an MPLS network so they do passive web filtering too.
The kit is fine it’s Cisco Firepower
RCTID1975@reddit
I don't care about the equipment so much.
Why would you allow anyone outside of the business to manage such a critical piece of infrastructure?
IMO, that needs to be fixed asap
GhostandVodka@reddit
This is super common amongst low budget entities in the US. A lot of small villages and townships do it here in the US.
There is nothing inherently wrong with it. They mostly probably use good webapps or microsoft office. a good EDR and web/dns filtering is probably sufficient for their. I'm curious why you think its a problem. They aren't wriiting their own apps, most or all of their data is probably stored in google.
RCTID1975@reddit
I absolutely disagree with that.
As a firewall, it's your first line of defense. As a router, it literally controls your entire network infrastructure.
I don't want either of those in anyone's control except mine and my team's.
If the network stops passing traffic, I don't want to spend hours troubleshooting only to find out someone at the ISP made a change that we didn't even know about.
Flaky-Gear-1370@reddit
Then you don’t have much experience in the real world then, these kind of deals are extremely common place where you’re forced to take shit from upstream companies/organisations even if you don’t want it
GhostandVodka@reddit
What firewalls do you employ?
ChookityPop1@reddit (OP)
The majority (I’d say 80%) of London schools use this service. As they offer the best service in terms and products with its service it’s hard to move away. £8,000 per annum leased dedicated line, managed by ISP, L4 firewall, web filtering, and other add-ons such as free Adobe Creative Suite + Meraki MDM + Curriculum resources
RCTID1975@reddit
Sorry. I thought you were genuinely looking for advice, not to argue why what you think is best.
Good luck.
ChookityPop1@reddit (OP)
For the switches and AP yes - but not the router as I have no control over that decision. Sorry I’m not trying to dismiss your thoughts, they make sense.
GhostandVodka@reddit
That dude is unhinged lol. You asked for advice on buying a TV and he is telling you to fix your plumbing.
slugshead@reddit
I use Aruba, it's great.
The CX6100 48 port with POE can set you back about £2,000 per switch.
The CX6300 is where it's at though. Recently got a quote for about £5,000 each. That's the 48 port model with with POE and the SFP56 stacking cables.
No point buying genuine transceivers when they're so expensive. for the same price you get 20 compatibles.
919599@reddit
We switched from Cisco to Aruba for our switches last summer we did 10 year central licenses. With the central licenses you gain faster access to hardware support in case of failure unlike the normal lifetime hardware support that is best effort. We are also on year 3 of our Aruba 635 access points no issues so far. I would focus on the wireless side since that’s creating the most day to day problems.
ChookityPop1@reddit (OP)
Can I ask how much you paid?
GhostandVodka@reddit
He paid a lot lol. We just migrated from Cisco 5520 on prem WLC to Aruba Central Cloud. We pay for a license just to be able to have the centralized management then each AP has to have a cloud license. We buy 3 years licenses when we get the APs. I think the license was around $280 dollars and the 635 instant on APs were like $820 usd.
I wish I would have waited. I didn't know Aruba was on the verge of buying Juniper at the time. Now that HPE own juniper their wireless offers are probably going to be complete different in the next 5 years.
pdp10@reddit
At most any scale, you're usually best off sourcing best-applicable-solution switching and best-applicable-solution APs independent from one another. They don't inherently have much of anything to do with one another, save maybe VLANs.
So I'd keep the switches for now. OpenWrt might be a production-worthy option at some point during their deployment, which could even extend the service life.
-
-
So, enterprise-capable APs. Aruba has a good reputation, as does Cisco, Ruckus, Extreme, Fortinet, and others, maybe Ubiquiti. Exclusively cloud-managed options include Juniper/Aruba Mist and Meraki, but I find cloud-mandatory APs to be hard to recommend because of the obvious offsite immediate-term dependency.
But before buying 6GHz-capable ("WiFi 6E") APs, it's smart to make sure that other factors won't cause you to be disappointed. RF/EMI interference, spectrum utilization, intentional de-auth attempts, structural steel, poor siting/mounting, excessive transmit power, known bugs in the firmware.
Roughly 10 devices per AP sounds quite good as a current average, assuming they're decently sited.
ChookityPop1@reddit (OP)
Thankyou for your detailed response. This is helpful. There are 30 children to a class, so devices are moved between classrooms. One AP may have 30 - 35 clients.
vi-shift-zz@reddit
Google the switch model number and "mean time to failure" then schedule your hardware replacements before the switches start having problems.
ChookityPop1@reddit (OP)
Thanks!