What brand would you choose if you could redesign your network?
Posted by kuhlimuhlimuh@reddit | sysadmin | View on Reddit | 195 comments
Hey,
I got asked to redesign our infrastructure so every square inch of our production is covered by WIFI and since our existing infrastructure is very budget oriented ( \~40 MikroTik switches & 50 unifi consumer APs) I wanted to ask what vendor you would choose if you could replace everything? (In the future 50-60 switches + \~150 APs)
So far our MSP pushes for FortiNet and the first company we asked wants to install cisco everything... What route would you choose if you could start fresh?
sysadminbj@reddit
What's your budget?
kuhlimuhlimuh@reddit (OP)
We don't have a budget at this point. Enterprise wants to have wifi everywhere and since the building ist quite old and built like a maze they are aware that it will be quite expensive. Since I'm also not experienced on this scale I couldn't give any numbers. Normally we just add cheap switches/aps to the network and that's it. So I'm kinda scared that we get pushed towards a direction that is expensive and/or doesn't really fulfill our requirements.
aguynamedbrand@reddit
If this isn’t something that you have experience with I would recommend hiring a network architect to properly design and spec.
kuhlimuhlimuh@reddit (OP)
Will for sure! Thanks for the advice!
The_Lez@reddit
I used Netspot to map and build my network for a wifi upgrade. Took a while to put the building in Netspot but I found it helpful to visualize where to place APs and what kind of issues I might run into.
daxxo@reddit
Yeah, you need to get someone with proper equipment to do a survey otherwise you are fighting a loosing battle no matter what you get,
BIGt0eknee@reddit
Can confirm this from experience, do a survey, even if you have to rent the equipment yourself.
AmiDeplorabilis@reddit
Agreed... but with a twist. Don't be afraid to explore and research, to see what your options are, and when you reach out to someone, you have a bit more background.
sysadminbj@reddit
Talk to your MSP. That's what they are there for. Tell them you want a full service quote for design and implementation of your network requirements. Use that as a baseline to talk to your leadership. If they don't like that price tag, they probably aren't going to like any other price tag that comes with enterprise grade equipment.
Tell your MSP cost is a deciding factor and you don't want to get into a situation where you are going to pay triple the hardware cost in licensing over the next 5 years.
kuhlimuhlimuh@reddit (OP)
We already asked our MSP for that but they are always Fortinet fixated and not very keen on selling us anything else.
Dadarian@reddit
They’re telling you what they have experience in supporting with their staff and resources.
BreathDeeply101@reddit
It's a bit more nuanced, but generally they're telling you what they have decided to standardize on for their operational efficiencies.
Numzane@reddit
That's OK but, at minimum, if they want your money they need to tell you detailed upfront, maintenance and replacement costs
sysadminbj@reddit
Then you’ll have a baseline to report to leadership.
Frothyleet@reddit
Do you intend to use them for network support? If so, unless Fortinet is a hard pass, their inclination towards Fortinet should be a real factor in your decision. That's what they can support. Many MSPs wouldn't be negotiable in their network stack for their managed clients, for better or worse.
Even if they are flexible, the quality of support they can provide is going to be impacted if you go outside of their stack.
Of course, if they suck, as many MSPs do, this might be a chance to evaluate another vendor.
-sharkbot-@reddit
Wild they’re recommending Fortinet after all the breaches lma
TOOOOOOMANY@reddit
MSPs are profit engines that sell vendor stacks and hire the most competent person that they’re able to underpay
Hopeful they disappear
Hinagea@reddit
If you're not going to pay the piper for enterprise support, you're not getting enterprise equipment. Support and licensing always exceeds the cost of the hardware by many folds. You might be able to scrimp here and there, but 9/10 you're gonna pay double to triple the hardware cost over the 5-7 year lifecycle
Bratwurst1981@reddit
If you switch your network vendor to some other than what the MSP supports consistently, you are better off switching MSPs as part of the change. It’s that simple.
imadam71@reddit
extreme iq cloud or mist, on top of huawei switches :-)
Darkhexical@reddit
Do a site survey. If you want an estimate of the amount of aps, basically every 30ft you want to place another ap.
TEM_advisor@reddit
Beyond your network redesign, are you planing to monitor the TCO (hardware, services and cost of the different circuits)?
juosukai@reddit
If i got to rethink wireless for a greenfield implementation, I would take a hard look at mist or extreme networks.
kuhlimuhlimuh@reddit (OP)
Thanks, never heard of them and will take a look.
GhostandVodka@reddit
Mist is Juniper. From what I understand its the best in the game. We looked at it but it was far to pricey for us. We went with HPE....Then HPE bought juniper a year later.
Maximum_Bandicoot_94@reddit
This is a matter of perspective. If you have a thousands of Cisco wireless APs/Controllers and they are trying to sell you DNA center and advantage licenses in an Enterprise Agreement, Juniper Mist suddenly comes into focus.
Mist is not positioned to make you switch from Mikrotik. It is positioned to take large enterprises from Cisco.
Key_Macaroon_8891@reddit
Yep they have taken a lot of Amazon warehouse business from Cisco.
GremlinNZ@reddit
Don't worry, I'm sure HPE won't make it any cheaper...
PumpkinNo4869@reddit
+1 to Juniper Mist if you can afford them. The dashboard views are extremely useful and intuitive and out of the ~150 AP's I have deployed or manage we have had like 3 failures/units acting up in 5+ years, all of which they sent a replacement next day air and I sent the bad units back.
I will say though, HPE buying them fucked up the product stack, the quotes lately are taking forever but hopefully that is temporary.
GhostandVodka@reddit
Juniper doesn't usually provide the quotes though right? It's usually your partner.
PumpkinNo4869@reddit
That is true, the partner quotes are taking forever because of it though. Took 2.5 weeks versus 2-3 days prior to the buyout.
thunderbird32@reddit
We run Extreme and quite like them.
ErrorID10T@reddit
I was forced into trying the Extreme Networks SDWAN devices a couple years ago because our "definitely not a network engineer" made the "I like to buy things that I don't understand" decision. That project resulted in throwing away $30000 of hardware because of massive security issues and a truly impressive amount of instability.
That experience was enough to make me decide to never touch their gear again..
juosukai@reddit
Actually, I will amend one more thing: if I did not need to consider security the highest priority, I would probably look at fs.com stuff. I am mostly interested in their switches, but if the wireless stuff is of the same quality, it can be extremely interesting.
RememberCitadel@reddit
I'm a shameless Cisco fanboy, and I still say Juniper Mist is a better product. I would argue the best overall wireless solution.
Some solutions do certain things better, but it is at minimum good in all areas except price, but even that is only somewhere in the middle of all solutions.
InflateMyProstate@reddit
I’d lean towards Meraki.
GhostandVodka@reddit
The only people that want Meraki are people that have never used any other Wireless solutions or someone selling it to you.
Tarwins-Gap@reddit
Insane people are suggesting meraki we just ripped them all out expensive pieces of crap with a subscription? Nah
GhostandVodka@reddit
This. Meraki hides too much from you. It's the MAC of IT.
itskdog@reddit
I just want something that works. There's only two of us for the whole school's IT, the less time spent fiddling with configurations the better, so we can be supporting staff with issues or doing routine admin work.
Tarwins-Gap@reddit
Personally I like the ubiquiti apa but I work for a mid size only got 15 aps. They just work.
TheJamTaster@reddit
Not true. Used other brands and Meraki works without having to fuss with it.
_3470@reddit
i’ve used Aruba with an on prem controller, Aruba with central, and Meraki. I 100% prefer Meraki
No_Outside2968@reddit
If your MSP manages it anyway, or monitoring all your new gear i'd look at Atera, no matter which vendor you pick.
jpgene@reddit
Meraki
aguynamedbrand@reddit
What we have now at 50 something locations, Cisco Meraki.
TOOOOOOMANY@reddit
Ouch I would genuinely and I mean this, take unifi over Meraki
And I’d never, ever buy Meraki
GremlinNZ@reddit
You're in luck, you don't Capex (buy) Meraki. You Opex it!
TOOOOOOMANY@reddit
Nice, leasing network equipment like a pre owned Lexus
ErrorID10T@reddit
I hear Meraki has gotten better, but I'm with you on this. If I need enterprise features I'll happily take refurbished Cisco over Meraki.
ISeeDeadPackets@reddit
It fills in a nice niche, and their support is pretty amazing. You can put in a ticket almost any time of day and be talking with a qualified engineer in 5 minutes or less. They also don't have a CVE every 5 minutes and 15 different firmwares floating around with radically different problems and capabilties.
aguynamedbrand@reddit
I was answering the OP, if you want to use an inferior product then you do you.
cookerz30@reddit
The deciding factor is if your employer is going to pony up for all the additional licensing for the tools you want.
DwemerSteamPunk@reddit
I really like Meraki, I have it at 16 locations. We used to run blended Unifi / Meraki and I've phased out almost all the Unifi because I found it more finicky and error prone.
RateMyJpeg@reddit
I ran meraki firewall with unifi switches and aps at multiple locations and it ran great. Lots of large sites but pretty simple networks with no servers onsite.
DwemerSteamPunk@reddit
Do you have controllers for the unifi switches or just run them unmanaged? I get tired of not having visibility into my unmanaged switches.
RateMyJpeg@reddit
Run a controller on a server that all the sites have access to over vpn. Set up each location as a site.
ThriceHawk@reddit
Fortinet if you're going to use one vendor for firewall/switches/AP's. Palo consideration at firewall if you have the budget, but I'd go Fortinet. Aruba/Juniper-Mist consideration for wired/wireless. No to Cisco.
burkis@reddit
Site survey and look at recommendations from there. Yea it’s expensive but at the end of the day worth it.
BeautifulTreacle6765@reddit
For switching and APs the answers here are good. Just worth thinking about your security and WAN stack separately before you commit to a vendor ecosystem where cato networks handles that layer converged so you're not bolting a firewall onto whatever switching vendor wins.
Public_Warthog3098@reddit
No budget. Cisco everything. No questions
JamesAtWork85@reddit
Pretty happy with Fortigates, Aruba (older Procurve & CX) switches, Cisco APs.
Depends on your environment. I'm actively demo'ing UniFi as a replacement for WiFi and Switching. Cisco's Mobility Express and EWC are EOL at this point. 9800 controller licensing is expensive and Cisco's Outdoor APs are becoming more expensive each generation. I can get 20 U7 Pro Outdoor APs for the cost of 1 $6000 Cisco CW9179F. The older C9124AXI is $2000. In fact I can probably replace every AP with UniFi for less than the 9800 licensing and 1-year smartnet will cost. Will UniFi be as reliable-- maybe?
I need a mix of low density outdoor WiFi and switching, along with some traditional indoor office coverage . UniFi has a full catalog of stuff I can put in ceilings, outdoor boxes or even sheds. Cisco WiFi is becoming more expensive each generation. Mist, Aruba, etc. are all in the $2000ish/AP for current generation WiFi 7 outdoor APs. UniFi's are $279. And UniFi doesn't have license fees to pile on.
For traditional office space, full Fortinet stack is appealing to me. For my environment, most manufactures are pricing themselves of it or lack models that I need.
40513786934@reddit
HPE Aruba
12inch3installments@reddit
I would hope they have dramatically improved since the Instant On models were used to have just a couple of years ago. Those were just a special kind of pain in the ass to maintain.
40513786934@reddit
I'd choose real Aruba gear, not the InstantOn. although I've heard generally positive things about that stuff too
ntrlsur@reddit
I never was a fan of InstantOn. Do like their regular Instant. Been running it for years. Just finished an upgrade from 300 series APs to 500/600 series. Brought the first on line. It upgraded the firmware on the new AP downloaded the configuration and bob's your uncle. The only pain was manually going in and removing the old AP's but had the mac addresses so it was pretty straight forward.
GhostandVodka@reddit
I actually just realized instantOn and Instant APs are different. I've been calling the 635s I manage InstantOn, not instant. Opps.
ntrlsur@reddit
InstantOn is or was the web based setup. A stripped down version of Aruba Central. The Instant software has the "controller" software built into the firmware itself. It allows the virtual controller to move from AP to AP depending on some load, bandwidth and a few other factors. I tend to lock the virtual controller to a specific AP. Where people tend to get screwed is trying to run too many AP's on a single virtual controller. I keep the number under 20 per and it works out very well for me personally and our org as a whole. I run 515's at home. Ebay had a ton for about 40 bucks a piece which are still under support.
GhostandVodka@reddit
I Just migrated 500 cisco aps from an on prem controller over to Aruba Central Cloud with 635 instant on APs. They are fucking fantastic. I don't know if they are better than Juniper or Arista but I can damn sure tell you its a delight over cisco.
CharlieModo@reddit
HPE just bought Juniper 🙁
GhostandVodka@reddit
Not sure how you are just now finding this out but yeah. They are called HPE Juniper now. They have an AP that will connect to Mist or Central.
monstaface@reddit
Hopefully the mist crew can fix the new aruba central. The new portal is hard to understand.
GhostandVodka@reddit
I wholeheartedly agree with you.
hkusp45css@reddit
Not for all the tea in China.
keyboarddoctor@reddit
Over 100 WAPs and all aruba 2930m stacked edge switches and flex fabrics for core. Literally and I mean literally, no problems for the last 5 years. Although I do NOT like their newly designed Aruba Central. Thank god for the toggle to go back to classic.
kuhlimuhlimuh@reddit (OP)
Why? if I may ask
InitialCauliflower96@reddit
I love Aruba, recently did a 50 switch upgrade went flawless. Their APs have been pretty solid as well, easy config, maybe 2 dead aps within 10 years time.
hkusp45css@reddit
My experiences with Aruba APs and the associated kit to keep them working has been awful, for a looong time.
They aren't cheap enough to be that shitty.
GhostandVodka@reddit
Whats so bad about them? I've been working in an environment with about 500 WAPs and its literally just been set it and forget it. I can upgrade all 500 at once or a building at a time. It's great.
TheWeakLink@reddit
I just inherited a bunch of Aurba gear. This stuff is the absolute worst pile of trash I’ve seen in a loooong time.
murlocdouche@reddit
Had terrible experiences with aruba. They tried to clone Cisco iOS but with commands just different enough to piss me off. Ubiquity's ios cli clone was better. And our switch stack would crash every so often
slugshead@reddit
Recently replaced my network going from the ArubaOS to ArubaCX stuff. Super happy with it all.
I did pick up an arubaOS switch a few days ago and can't remember how I worked with that old CLI for so long.
Mizerka@reddit
At work we're 9115axi on 9800cl work fine when installed for good coverage. Got a house recently and I'm going with mikrotik and tplink omaeda aps, lower cost, less corpo management features but should be good, they're good hardware from the looks and a cheap merski lookalike cloud if you want to pay for it.
Materially_Average@reddit
Ubiquiti
48port 25G aggregation switch with 100G uplinks for $4k!? I usually spend $25-30k for those specs.
But if you need Enterprise features I’d go with Arista and use Cloudvision to deploy and manage.
kuhlimuhlimuh@reddit (OP)
Main issue with Ubiquiti (and MikroTik for that matter) is always that we don't have a partner that can support us in case something goes wrong.
While we are really really happy with our ubiquiti APs I'm kinda worried that the switches aren't as reliable as other brands?
techb00mer@reddit
At a previous job we ended up replacing our Cisco gear in satellite offices with Ubiquiti. Not because there was any guarantee it was more reliable (ended up being just as reliable to be honest) but because of the price we could have a spare everything (Switches, AP’s, gateways) sitting in those office store rooms ready to be replaced at the first hint of trouble.
The turnaround time for resolving issues dropped significantly and we didn’t have to pay some ridiculous same day replacement support contract.
In critical areas (ie the DC) we still use expensive gear, but those areas actually have redundant power and can accommodate fully HA / FT infrastructure.
ErrorID10T@reddit
That's the way to go with Unifi. I don't think I've ever needed support with bugs or configuration with Unifi, and it's a whole lot faster to replace a dead switch with one from storage and clone over the old config than to wait for Enterprise Support to ship or drive something to you. Not to mention that 2 extra switches is a whole lot cheaper than warranties on all your equipment.
illarionds@reddit
Ubiquiti switches have been rock solid for us, for over a decade now. And the Ubiquiti management tools work so well once everything is Ubiquiti.
Why can't you find a partner? It was our MSP who put us on to Ubiquiti in the first place, and they're happy to support it.
cogiskart@reddit
Purchase their Enterprise support and you should be good.
Like others have said, the switches are reliable, I manage a site with a few that are pushing ten years now with no issues. Also, they're cheap enough to keep a few spares in storage.
Cigam_Emot@reddit
Ubiquiti is so cheap ( Price wise ) that you can just add extra switch for redondance and keep extra just in case ! In 30 year of network, never seen Cisco really help fix issue ( Even if we paid the extra $$$$$ ) Meraki was the shit prior to Cisco acquisition … now I would go full UniFi
McGondy@reddit
With the difference in upfront costs, you can have a bunch of hot or cold spares and sub in equipment if things fail as they won't have a same day/overnight replacement.
You still end up well ahead on cost, so you can even hire a junior network admin. You just need to do the work to import the appropriate config with the gear you have. And then start the RMA or order another spare.
Uncl3J@reddit
If you need recommendations for Ubiquiti support partners in the US, DM me.
Jackpen7@reddit
Ubiquiti now has an enterprise support program, you could look into that.
Serious-Twist-2859@reddit
couple years ago we replaced our Meraki switches and AP with Ubiquiti. Currently have 55 switches and 105 APs across 20 locations. No issues as far as reliability (knock on wood).
TOOOOOOMANY@reddit
Needing 100G uplinks and enterprise features seem like they would be ubiquitous in most scenarios
Magumbas@reddit
Netgate Firewall
Ubiquity Switch's and APs
Fearless-Economics-9@reddit
I would move from Cisco to HPE/Aruba. I’m tired of the Cisco tax.
distrbthpce@reddit
Talk to your account manager. Recent audits I ran between Aruba and Cisco found the cisco tax to be \~5% over 5 years. Not enough for us to jump ship, especially because "No-one ever got fired for buying Cisco"
man__i__love__frogs@reddit
You're approaching this the wrong way. You need to define your requirements and success metrics and evaluate solutions that match with that.
If you have a MSP, you should also probably go with what they are experts in, an attitude other than that is kind of setting that relationship up to fail.
loupgarou21@reddit
It really depends on the budget and use case. Coming from an MSP background, I'd probably initially see if Meraki would fit. I've found that Meraki is generally a good fit about 90% of the time, assuming there's budget for it. Be aware that you do have to keep current licensing for the hardware to work. I mostly just like how easy it is to manage, but it does lack some features.
Outside of that, I like Aruba, I like Cisco for switches and wifi, the FTD is OK, but lacks some features given the cost. Palo Alto's firewalls have a ton of nice features but are a bit more expensive and are not user friendly.
I don't have a lot of experience with fortinet, so I can't really comment much on that.
Unifi is prosumer at best, and I avoid putting it in businesses unless it's the only thing that they can afford. Mostly, my attitude toward unifi is due to having been bitten a few times by services being discontinued without adequate notice, updates with massive issues, and poor support.
keyboarddoctor@reddit
I have HPe Aruba where I work and I personally really like it. Otherwise, I would maybe suggest Extreme as a coworker came from a place that had that equipment and they still prefer that over what we have.
I don't think I'd recommend it per say, but depending on size and requirements, I've seen many people tout using Unifi. In the same vein, you could look at TP Link Omada. I use that at home and really like it. Both of these would be prosumer solutions though.
GhoastTypist@reddit
If money isn't an issue, Cisco. Thats where my background is.
If I do have a budget, well I'd shop around but probably land on Ubiquity depending on what resources I need. For a small network design, it'll cover the job.
TundraGon@reddit
Fortinet for edge routers.
Internal network Cisco ( L3 switches and or routers )
Ruckus APs
TundraGon@reddit
Id go with Fortinet edge router
Cisco switches ( L3 ) and or Cisco routers
Cisco AP if there is budget if not unifi AP
kshot@reddit
100% depends one your budget. Meraki is good for sd-wan and multisites but premium pricing. For small business budget Ubiquiti is often popular. Aruba and Ruckus are also good.
Fit-Key5153@reddit
Unify all day.
dustojnikhummer@reddit
Depends on budget.
Ferretau@reddit
Whatever you choose, if you're supporting it make sure you understand it. Each of the vendors have their good points and their bad points.
8611018@reddit
I'm spectacularly split on this one.
On one hand we went all in a VOSS on Extreme Unviersal hardware from DC, to core to campus edge and god damn it they deliver on the premise if you're writing your own automation for configuration or configuring via CLI (though we had to do some talking to get access to their modules to reverse engineer.)
On the other hand, the bugs batman, holy hell the bugs. Extreme has been responsive but we're holding on to our butts with every firmware release. We've hit some humdingers with multicast, tacacs, dhcp relay, and config templates in their automation tools.
Overall: Damn, SPB is good shit. Extreme's implementation of it is awesome. They're working hard to bridge the maturity gap left in the wake of the product making the jump from Avaya to Extreme and doing it FAST. Props to them. Pricing is great too.
kissmyash933@reddit
Is this the gear that came from Nortel that Avaya later dumped?
bbbbbthatsfivebees@reddit
I'd love to say Ubiquiti.
We deploy everything Ubiquiti at work. It's a breeze in terms of software, the hardware is fantastic, the performance is incredible, the integration and monitoring is 100% seamless regardless of what you do, and everything is reasonably priced. My home network is also all Ubiquiti gear. I wish everything worked like Ubiquiti did because then everything would just be easy and amazing.
BUT I'd still have to say Cisco, as much as I hate it. Cisco gear works 100% of the time and is 100% consistent. I can't guarantee a Ubiquiti switch will work for 2 months uninterrupted, but I can tell you that I've decommissioned Cisco switches that have been running for almost 20 years straight without so much as a reboot. No joke, I once decommed a Cisco switch that had been running continually on a network with backup batteries/diesel generator since 1996, with an uptime of 19 years. There's a reason they teach you how to use Cisco IOS in almost every college networking class, and it's because it's essentially the gold standard for enterprise network gear.
It just won't die. It won't even blink. It will keep working for years unless there's a power outage or someone manually reboots the thing. You could hit the damn thing with a truck and it would keep working as long as the power cord stayed connected. I guarantee you, if there's ever a nuclear apocalypse the last vestige of humanity's communications infrastructure that survives will be a piece of Cisco networking gear from 2007 that's somehow still running with 45 years of uptime.
trek604@reddit
Without knowing your business requirements I say this in jest because I am a cisco fanboy - cisco everything.
bbqwatermelon@reddit
I am too. R&S that is. Firepower, ASAs, and WLC are the bane of my existence. How TF do they end up with CLI interfaces with different command structures? Don't even get me started on ISE...
DwemerSteamPunk@reddit
I haven't used Cisco but I've followed CISA alerts for years and Cisco is on the top of the leaderboard for vulnerabilities week after week without end. That alone is enough to scare me off.
-ThesuarusRex-@reddit
Do you have a license to make that comment?
Zhaha@reddit
Cisco fanboy in 2026? Yikers Island.
hurkwurk@reddit
as a cisco user, anything but overpriced cisco. I hate they make everything 50% more expensive.
Darkhexical@reddit
Sign the contract in June for 70% off.
Horsemeatburger@reddit
Arista switches and Ruckus APs. Wouldn't touch UBT with a bargepole for anything business related.
VA_Network_Nerd@reddit
What are the business requirements?
What are the technical requirements?
What products or brands does the team know how to support?
What is the project budget?
Is there a training budget?
The way this usually plays out is the community will make a whole bunch of intelligent recommendations based upon decades of experience, and you're going to end up buying UniFi because it's cheap and simple.
kuhlimuhlimuh@reddit (OP)
While I agree with you that the cheap option is the easiest to go to, I really expect - or maybe it's false hope - that we finally find a good solution that is stable and reliable.
Unfortunatly I can't really answer your questions to a helpful degree. We are a company that has most of it's infrastructure/server on premise and are very slow to react to innovation. Since we redesign our production (handhelds and terminals) the expected cost beside network are \~500.000€ (including software). So far we know how to handle FortiGate, MikroTik and Unifi but have no experience we mentioned vendors. I'm sure there will be training budget for us. I already told the higher ups that replacing the wifi will be around 200.000€ and while they were kinda shocked they would be fine in the end.
SirLoremIpsum@reddit
That's perfectly fine.
It just means you need to do the homework before asking for a product.
Saying "what kind of car is good? I need to replace my fleet"
Is useless unless you say "we need to tow 12,000lbs, has to be diesel and needs to seat 4 and drive w standard licence". That's something people can work to give you recommendations.
otherwise everyone will give you their favorite product, the one they use the most. The one they used after x brand sucked.
People cannot give you a recommendation to your requirements unless you first understand them.
VA_Network_Nerd@reddit
Gathering answers to these questions of requirements helps you paint a picture of what the network must look like, and what it cannot look like.
Requirements gathering is probably the most critical step of the entire project.
Business Requirements:
Technical Requirements:
The very best thing you can do if you have that kind of money to work with is to engage Ekahau and locate an Ekahau partner in your area to perform a complete Wireless Site Survey.
https://ekahau.my.site.com/PartnerLocator/s/partner-list
The data a high-quality site survey can provide you, and the impact it can have on your leadership is difficult to explain.
KuroDensetsu@reddit
If I may ask, why the desire to replace the MikroTik switches? In my experience (well over 100 deployed) they are very capable for almost any use case, especially when the cost is factored in. I still have many CRS125-24Gs that I deployed nearly a decade ago that are still in operation. Even after the luxury of using modern systems like Unfi and Meraki, I find the flexibility of RouterOS very liberating. Now... if all your switches are 326's on SwOS, I understand.
Now for AP's I would never recommend MT. Capsman kinda works, but its not nearly as nice as Meraki or Unifi for management, and it's hard to beat the radios in Unifi APs. But if you switch to Unifi for APs, you might as well get their switches as well.
All these people recommending Meraki are likely leaving out the ongoing licensing costs on purpose. An infrastructure like that will require 10's of thousands of licensing per year. Yeah, it IS a great platform, but it comes at a cost that finance will not be too happy with after the initial licenses are up for renewal.
Fortinet is... okay. I have several clients on Fortinet, and I dont care for it much. I would recommend Unifi over Fortinet, but vastly prefer it over Sonicwall. I have noticed Fortinet does seem to get lots of high level CVEs constantly... but maybe that is them just voluntarily publishing and patching them, instead of brushing them under the rug.
Also... anyone bidding legacy cisco in 2026 is doing it for the support contract they sell you along side the gear. There is no reason for this in 2026.
I have seen this happen a lot in cost constrained environments: 1. CIO wants to upgrade to Meraki from a broken legacy cisco net. 2. Meraki works great for 3 years, then the license is up for renewal and the CFO has a heart attack. 3. Unifi goes in cause it's cheaper than the entire Meraki licensing for the next year.
Unifi sounds like the perfect middle ground for you. Very reliable switches, nice cloud management that's easy for MSPs, and their newer APs are honestly some of the best around. You should have no issues finding an MSP that supports Unifi these days.
kuhlimuhlimuh@reddit (OP)
Unfortunatly your guess with CSS switches is correct. While I bought CRS models over the past 2-3 years the vast majority only run on SwitchOS and for simplicity reasons we switched RouterOS models to SwitchOS so every switch has the same interface.
TinderSubThrowAway@reddit
Arista switches.
No-Swan4213@reddit
I am a hard no on the Fortinet stuff. Always ripping it out it never passes our vulnerability checked, it’s either their VPN client which they just gave up on SSL VPN, or their firewall having some auth bypass vuln. Ruckus, Meraki are my top two. Ubiquity if you are budget conscious. I know it’s not cheap but if you can swing it and keep the subscription money takers fed, Meraki.
kissmyash933@reddit
Ruckus. Cisco is great but we spend so much unnecessary money simply because it seems like we never even get pricing for anything else. Ruckus gets you great gear at a better price, even if the CLI is a little odd sometimes.
Schrojo18@reddit
I found the ruckus easier to manage over cisco too.
SeekingApprentice@reddit
isco is awesome but you're right - they nickel and dime the hell out of you. I have a used Cisco 10gb / 25gb switch I got off Ebay. It's a f-ing beast, but I also don't pay any of the subscription stuff.
RansomStark78@reddit
Rukus never bombed out,
All others required daily monitoring
Schrojo18@reddit
My old work changed their corp wifi out from ruckus to cisco. The ruckus was way easier to manage and just worked and had less random issues with certain client devices.
MaxBroome@reddit
I always liked Rukus, never gave me any major issues.
Started to drink the Ubiquiti kool-aid a couple years ago purely because of Rukus’s stock issues mid 2020-ish and never went back. Might have to see what their wifi 7 stuff looks like, I kinda miss it.
Drew707@reddit
I can't imagine what Ruckus's stock issues must have been like if you went UBNT.
datec@reddit
I do believe it was non-existent... As in like a 12-18 month wait... It was nuts... I don't think the actual wait times were actually ever 18 months but that's what they were telling people.
Drew707@reddit
Wow. That actually makes UBNT seem almost reasonable.
datec@reddit
Blasphemy!!!
It was during the pandemic and the resulting chip shortage. I think they ended up having to redesign some of their boards to use components that were more readily available. They were also bought and sold a few times leading up to that point too.
Apparently Extreme is looking to acquire Ruckus from Commscope now.
Drew707@reddit
They will all end up under HPE or Broadcom if you wait long enough.
Dimensional_Dragon@reddit
If I had the budget then Ubiquiti's Unifi E7 APs
Hashrunr@reddit
Arista with Cloudvision and AGNI. We're moving there, slowly, from Meraki. PAN firewalls.
GinnyJr@reddit
Ubiquiti
Next question
RCG89@reddit
I would go Arrista if I could start over.
MLAG 720XP-48TXH-2C-S to their WiFi 7 access points. Redundant switches to redundant PoE++ 10Gbps access points.
Sunsparc@reddit
We went with Extreme for our overhaul of switches and APs. Very easy setup, all cloud managed though console/SSH is still an option. Ability to stack switches via fiber interconnects. All set up with Entra/Intune for 802.1x and ZTNA.
I actually can't remember the last time I had to do anything in the Extreme portal that was troubleshooting and not something simple like adding a MAC address for MAC-based auth. They've been rock solid.
OTMdonutCALLS@reddit
All Cisco w/ DNAC. Cisco may be a pretty penny, but they got it all.
DominusDraco@reddit
If it was up to me, I would go back to a fleet of unkillable Cisco 2960 switches. 😂
SeriousSysadmin@reddit
There’s options out there depending on what you need. For customers this size we like Fortinet. Cisco is great if you’re ok paying that tax. I’ve had some success with Meter as well (disclaimer we are a Meter partner).
westerschelle@reddit
Palo Alto Firewalls and Juniper Switches. Not sure about AP because I only ever had Meraki and I don't know how good the synergy would be without Cisco switches.
SeekingApprentice@reddit
I'd go Palo Alto if budget allowed for sure.
Doublestack00@reddit
Just finished converting our 120 sites, we went all in with Unifi and have zero regrets.
We also have around 50 running their cameras and 12 running their door access.
glennbrown@reddit
Not Cisco lol, it really depends on the company to me.
981flacht6@reddit
I have Meraki and we like it a lot, my guys below me can manage it as well and they aren't as tech savvy. It's a huge plus to have something easier like it.
I also have an HA pair of Fortigates and I would not want my Level 2 guys in the Fortigate with it's added complexity.
I also really like the full Cloud native interface of Meraki, and the reliability of the switches and APs are pretty amazing. I have 11 sites, 95 switches, 500 APs. K12.
coomzee@reddit
IBM token ring. AI isn't going to be taking my job.
lordmycal@reddit
Obviously he should roll out a FDDI network.
rimjob_steve@reddit
Cisco everything.
Ubiquiti if you wanna spend 1/10th the cost.
Use a professional for the design and BOM and install.
datec@reddit
Juniper for switching. Ruckus for WAPs. But I'm not opposed to Mist or HPE Aruba for WAPs.
Sudden_Office8710@reddit
You should run away from anyone pushing Fortinet. Or Cisco everything. The company should right size the gear for your environment.
KingHofa@reddit
You're in an Enterprise environment. Go with what your MSP suggests and let them deal with the inevitable issues during setup. Only thing I hate about FortiAPs is that their Firewall firmware is dependent on AP firmware (at least it used to be). I inherited a setup and couldn't do a firewall firmware update because of older AP models. If they can't guarantee security updates for the coming five years, I'd think about going to another network partner.
I've been in an HP/HPE-only environment for about 20 years now and before HP APs became a thing, we had Cisco APs. Even after a few years, new models were still dated... HP hasn't had the best wireless in the past but their Aruba line-up is quite impressive (just don't get the instant-on products). I seem to remember that, when paired with their Cloud management platform Aruba Central, they're automatically covered under warranty.
22Anonymous@reddit
For private use: Ubiquity. For commercial use: lots of options. My main problem usually lies im the support not the product itself. My experience with Cisco support has been very poor which is why I would recommend basically anything else. Depending on your size maybe look at partners you already work together with very well and see if they are certified for certain products and offer full support for them.
Saint1540@reddit
I don’t envy your situation. The best equipment is irrelevant without a solid partner/architect to put it in. At the same time, an amazing solution provider could piece together cans and string and turn it into art. And a single throat to choke is only as good as the vendor you standardize on (as they often point fingers internally).
You need a site survey. You need a good idea of the clients you are serving and performance needs. Are the clients you are serving accessing local resources, or remote? High bandwidth/throughput required? High client density per AP? Varying technology types? Varying age of client equipment accessing things can force backward compatibility needs. Network access controls and VLANs? So many questions that have answers that play into it.
Guessing based on your original spec with Unifi/Mikrotik, this was someone’s pet project and sprawled into something quite large with bolting on. But this seems like something you’d want an esteemed engineer/architect who is either directly affiliated with the manufacturer and can be the point of contact/management for this. And while you can always insert the “no one ever got fired for buying XYZ”, cost/management/support creep is real, and may actually make you want to find alternate grass to grow.
After a long time with varying pieces at the edge/intermediate/core/wireless, I recently standardized on Forti (all the things). After most of the effort, I like a lot of it, but there are shortcomings. Then again, I’m managing it all myself (and limited team). There’s more to do, and I’m sure there’s improvements to be made, but it is functional and effective. That said, it’s not for everyone.
Expensive_Plant_9530@reddit
We’ve tried a variety of brands.
Cisco of course. HPE Aruba and Meraki.
We recently adopted Fortinet for firewall and switches, and we’re using Meraki for APs.
Personally we quite like Fortinet so far. We’re likely going to ditch the Meraki APs once our licensing comes up for renewal.
tr3kilroy@reddit
I would much rather be kicked in the crotch repeatedly than go with unifi. Fortinet is great, love the integrations. Meraki is great. Aruba is you want to save money. Personally id still go fortinet because that is 90% of what we sell. Pick a platform that you are comfortable with as long as it isn't unifi or sonicwall
theoreoman@reddit
This is the best advice I have ever heard, "no one has ever gotten fired for using Dell"
Meaning that Don't Stray too far from the mainstream companies and mainstream configurations. You can always make better systems for cheaper if you, do it yourself, but if that system has an outage then everyone's looking at you
virtikle_two@reddit
Cisco. Cisco Meraki.
overyander@reddit
What problems are you actually trying to solve?
Jolly-Ad-8088@reddit
Russell
sryan2k1@reddit
Arista for switching/wifi.
Ontological_Gap@reddit
How is their wifi offering?
sryan2k1@reddit
Depending on who you ask it's the best or second best out there, tied with Mist.
They bought Mojo networks quite a while ago now and have dumped a ton of engineering into it.
Ontological_Gap@reddit
Thanks! Their wifi offering was brand new last time I did a purchase!
sryan2k1@reddit
They've got a fantastic seed program. They'll likely send you a bunch for free to sway you depending on your size.
Ontological_Gap@reddit
I already have a call with my rep next week. Thanks again! I think you just made my life substantially better
Own_Error_007@reddit
Juniper.
MaxBroome@reddit
Nobody ever got fired for buying ~~IBM~~ Cisco.
You’re going to pay out the ass for it, but if the big-wigs are willing shell out, you’ll be happy.
We’re currently rocking Meraki and I loathe it to its very core every day. It works (somehow) but I despise their licensing, and routing.
urgoll@reddit
+1 here for Meraki.
massiv3troll@reddit
We love our Juniper stack now that everything is in Mist. You still have to understand networking and some Juniper ways of thinking but it's so easy to change configurations in the platform. If you have the time, start with templates. My only gripe is Juniper support and Mist support are separate. All switching related issues go through Juniper, the web platform and wireless goes through Mist.
Since the acquisition from HPE, they've been adding features and making quality life updates pretty regularly.
InitialCauliflower96@reddit
I've had good luck with Aruba products for networking and APs. Sonicwall for firewall. Aruba switches are easy to learn and configure, fairly cheap and APs have on-site instant controller.
Brilliant-Sea-1072@reddit
Arista.
Longjumping-Fun-7807@reddit
There is nothing wrong with using fortinet. You also have other full support manufacturers such as HPE/Aruba Extreme Networks Ruckus
Since I’m a glutton for punishment I like to mix and match my vendors. I’d use HPE/Aruba for my switches. Either Extreme, Aruba or Ruckus for WiFi. And Cisco or Juniper for Routing, and Cisco for my firewalls.
If I’m a bit in a budget I’d go Aruba for switching and something like Meru for WiFi.
If I want ease of MGMT I’d go all Aruba with Central, Fortinet with FortiManager or Cisco Meraki.
Highly recommend getting a wireless survey done to determine a baseline of what you have now. Then ensure the installer conducts a post survey. Establish metrics that are required other than full coverage everywhere. You will need to define the requirement of signal strength, SNR, minimum QAM, channel width, and any other parameters required for your business model.
Plan an equipment life cycle now so leadership understands that they will need to reinvest and replace all of it in 5-7 years.
Good Luck!
brnstormer@reddit
We're in the midst of changing all to meraki across the globe
Ontological_Gap@reddit
No one has recommended arista yet? They are far and away the best, and shockingly affordable nowadays.
Ruckus for the WAPs
chasingpackets@reddit
Meraki. Thier stack is stout, and if you want to use “Cisco” switching/wireless, if you get the -M SKU they are cloud manageable alongside your Meraki gear.
Vel-Crow@reddit
If all my clients had cash and wanted to spend it - Cisco Meraki. Realistically, I'd go Unifi.
Every big player has failed us in a significant ways - Divesting critical parts we use, Adding arbitrary fees, devaluing licenses by separating SKUs, outright removing features in the guise of security with no effective replacement.
Unifi has steadily grown, improved, and matured. It's nothing like it was even 3 years ago. It's managed better from security and hardware standpoint. It features are expanding and the trend of releasing broken features has slowed. Site Magic is super nice, and Fabrics is a game changer for managing larger clients, and securing internal access.
They also remain cheaper, and their security and support add-ons, while separate SKUs, are one time buy. Security seems perpetual, and support is 5 years.
jrwnetwork@reddit
I'd go with the Fortinet equipment. If you are working with an MSP check the prices carefully.
SublimeMudTime@reddit
Only do fortinet if you like patching every other week.
rybl@reddit
We completley did both our switching and wireless network with Aruba. CX line for switches and 600 series APs controlled by ClearPass. We have been very happy with everything although ClearPass definitely has a learning curve.
Lucky_rob@reddit
Forti is quirky, wish I hadn't gone with it.
benuntu@reddit
I would look for a local MSP that supports Ubiquiti. Due to the growth by Ubiquiti in the small/medium business space, a lot more MSPs are installing and supporting their products. Even if you don't find anything in your area, the cost savings over bigger brands are enough to cover a cold spare for each device you have. Alternatively, the learning curve for Ubiquiti equipment is relatively easy if you already have solid networking experience in your team.
This is a starting point on what hardware to go with without knowing the specifics of your requirements:
Siptarica@reddit
Fortinet is really good in attracting hacks. It screams money and no experience 😉
GullibleDetective@reddit
They have the largest footprint, and they are upfront/transparent with vulnerabilities and cves.
Frothyleet@reddit
Yeah and as of yet I haven't seen Fortigate CVEs that scream "fundamental flaws or mishandling."
Contra Sonicwall as an example, where their bullshitting around the scope of their compromise last year (where all of their customers with cloud backup enabled were at risk for months) has lost them any credibility around security.
anonymousITCoward@reddit
EERO
/s if you need it
illicITparameters@reddit
My go-to for non-enterprise is Fortinet Fortigate Security Appliance, with Meraki switching and wireless. Meraki security appliances are kinda lackluster for more complex environments.
12inch3installments@reddit
Never used Meraki until this current job. It's definitely not enterprise per se, but they have been much more reliable than Datto, TP-Link, or Aruba were.
rayko555@reddit
Not brocade/Ruckus :D
GullibleDetective@reddit
Tons of threads, use the search luke