Meraki vs Ruckus
This is an interesting battle for us at the moment...
Basically we want to add some wifi connectivity to our main centre, to do the following...
- one SSID for our laptops etc, on our teaching network
- one SSID for guest users i.e. untrusted machine on a captive portal split away from the rest of the network
The guest users need to authenticate either via an internal database on the wireless controller or RADIUS.
Ruckus was well out in front for us and near enough sold then we heard about this new funky Meraki cloud-based controller. Literally just plug and play, the APs can do the guest access without the hassle of VLANs (all routed through the APs that have their own NAT and DHCP scopes internally) plus 15 SSIDs per box.
Apparently they're used in retail, Pizza Express, BT and so on for their hotspots... so far been rather impressed but...
As it's cloud-based you have to pay subscription for the controller software so it becomes an ongoing cost, £110 a year per AP (which includes support), costs go down for a 3-year term but I'm less comfortable with that as compared to buying a box then it's yours forever.
One qu I'm not sure about is whether Ruckus has the guest functions already in the controller and whether it can separate traffic without having VLANs set up?
We're thinking of going for one of 3 options with the wifi depending on budget and requirements...
- full campus coverage
- public areas only (guest access for cafe etc)
- public areas + mobile laptop cupboards + AP on the back
The 3rd option is a best of both worlds compromise which would allow us to boost the number of computers in smaller rooms where we only have space for 7-8 PCs so might end up down that route worst come to worst.
Any feedback or thoughts much appreciated :)
Ruckus can do everything you want. We have 1 network setup for RADIUS which all our school-owned laptops have access to and 1 guest network which uses guest passes which we generate. You can also setup a guest network to authenticate against AD, RADIUS or the internal database (although I think the internal one has quite a small user limit). The guest network is not on a seperate VLAN, the ZoneDirector has a built in ACL to control which addresses/ports/services that clients can access. Get one of the Ruckus suppliers on this forum to send you some demo kit, and I'm sure you'll be pleased.
By default any Guest SSID has Wireless Client Isolation enabled. This applies a Layer3/4 ACL to any user connected to the Guest SSID.
Essentially you can lock it down so the client can only see the default gateway or proxy on any or a specific ports and deny’s all traffic elsewhere on your internal network.
Go for Ruckus!
Ubertech, based in Lancaster, is a reseller of Meraki kit. They've blogged about some of the features - Meraki
Don't forget that if you don’t buy Ruckus you are buying an Omni-directional antenna that does nothing smart when it comes to WiFi.
You need some smart antenna arrays that give the clients outstanding reliability and performance. You need Ruckus.
Thought I’d also add this little comparison sheet and a few extra notes:
• Less granular control and flexibility when using cloud based controller
• Connectivity is an issue and internet connection fails (even if using wireless for local applications)
• Wi-Fi is off the shelf and not optimised like Ruckus
• No re-occurring costs apart from annual support contract
Very interesting points there, granted I have to remember it's a document from Ruckus but there's some technical points that can't be argued with regardless of where it comes from.
The one sticking point for us is that we'd need a VLAN for the guest traffic so all our switches need some config work done. So far being quoted £750 a day for this (I'd like to do it myself but I'm overloaded with VLE stuff at the moment and haven't got time to get all the tech stuff for the VLANs tested atm :( ) which is adding to the install cost, not sure if there's any other ways around it?
With Ruckus, you don't need a VLAN for the guest access. We have an ACL, which specifies that the guest network can only access the default gateway, proxy server and a couple of local web services. We don't have any VLANs and our guest access works fine.
Is that an ACL you set on the Ruckus box or on the switches? Can you do ACLs per SSID?
Originally Posted by dyoung5
Yes the ACL is created on the switch and is applied per SSID.
There is no limited to how many ACL's you can create.
Would you like me to send you some eval kit or run a demo online?
I remember having a Ruckus demo quite a while back and the management seemed pretty good, eval kit I'd have to get approval from managers before we can take any on.
The thing that worries me about Meraki is stability, granted they're part Google owned but it still doesn't stop them being sold one day or even closing then what happens? Also unless we commit to 3 years+ licensing in one go there's always the possibility of cost increases to keep the infrastructure going, which kinda takes away the initial price benefits of removing the controller hardware?
The thing I know with Ruckus is that it's consistently well regarded on here by quite a lot of people, always a good sign!
Ruckus offers a traditional controller-based system that lacks the advanced enterprise features offered by Meraki’s cloud-based architecture. Many customers (over 16,000 networks in 140 countries) find Meraki to be easier to deploy and manage, with superior multi-site management and they are thrilled with our Traffic Shaper and IPM (Identity Policy Manager) tools.
-Meraki allows you to control bandwidth consumption by application, for example preventing business critical applications from being slowed down by YouTube. My understanding is that Ruckus is unable to differentiate between recreational and productive wireless traffic.
-Meraki allows scalability as you add access points over time (our Cloud Controller can support thousands of APs at multiple locations). With Ruckus, you may need to upgrade licenses or purchase another controller ($$$) as you grow.
-Meraki provides a higher level of visibility and detailed reporting with integrated forensics and planning tools.
We encourage you to test both with a free trial and then make your decision.
How do you avoid local wireless down time when the internet connection is down?
Originally Posted by Meraki
This is turning into a very interesting thread :)
My gut instincts seem to be...
- Ruckus seems stronger in terms of signal strength
- Meraki looks easier to deploy and does have some nice features on the traffic shaping
What I'm concerned about...
- Meraki... I don't like the way the business model ties you into effectively making your infrastructure a recurring cost, if one day we can't afford the renewal cost the physical (rather expensive) local hardware becomes a brick. This wouldn't be so bad if the APs were a lot cheaper than the competition but they aren't (if anything they're more expensive!)
- Ruckus... could someone on the guest access start using Windows Update, iPlayer etc with no way of us throttling \ blocking the service (this did look pretty cool on Meraki)
Meraki seems to work out cheaper if you have only a few APs as there's no need for the 1-1.5k for the controller before you get started. However once you get to 10 within the first year you've already paid the cost of the controller box then it's upward costs from there (unless you go for a 3-year tie-in but that's a bit of a gamble on a new service imo)