cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
48288
Views
10
Helpful
15
Replies

Cisco Vs Aruba

NightShade101
Level 1
Level 1

Hello im looking to know   if what im reading on this cisco vs aruba document is true...i feel that well i prefer asking here rather than bealiving what a brand build it to sounds better than the other... so i guess i can get the truth here, about that.

As you guys are the experts here on Cisco Wireless i would like to know this is true or false and why?

1-cisco wireless can assign in one SSID and in one VLAN roles per group of Active directory? as far as we got told this is not possible on cisco but it is with aruba.  It does not need other vlans mapped to the SSIDs.

2-Cisco cannot do packet prioritazion in one SSID and it needs another SSID of voice to work properly while with aruba you can set it all in one SSID and one vlan as they can do voice packet inspection and can detect wherever is voice traffic or not and tag it as it as it has a build in Firewall module, which cisco does not have.

3-Not all cisco AP models support  clean air?   it seems that all aruba models support ARM which is what clean air is for them.

4-The ohter thing it looks really cool of aruba is that they got these remote APs in which i can extend Wireless and wired to the remote branch for example i can bring central corporate vlans on the remote AP port so i can connect a wired ip phone using a vlan coming from a corporate... as it does like a layer 2 tunnel between ap and the controller through the internet.

Anyways im just looking for the truth


And it would be nice if someone point me what can cisco do that aruba cannot do.

Please dont send me to see the videos of cisco vs aruba because this does not help.... Aruba also got their videos about the same and both reports seems like they are the winner...

So well it would be nice if my questions get answered?

I would like to see see both solution i mean the good things and the bad things of both.. but well enlight me guys with the good of cisco agains aruba and also if what they say its true? and if not why?

2 Accepted Solutions

Accepted Solutions

Leo Laohoo
Hall of Fame
Hall of Fame
And it would be nice if someone point me what can cisco do that aruba cannot do.

How long is a piece-of-string?

What's the difference between, say, Laborghini and a Ferrari?   How about Airbus and Boeing?  Muhamed Ali vs Mike Tyson?  Apple vs Microsoft.

it's true that not all Cisco WAPs support CleanAir.  It's also true that not all Cisco WAPs support 802.11n.  These features were "separated" on purpose.  Not all clients want 802.11n.  Not all buyers can afford CleanAir.

In regards to VLANs and interface, there's a new feature called Interface Groups in the newer code of the firmware.

Don't be fooled by Marketing mumbo-jumbo.  The best way to determine which one suits your requirement is a cook-off.

We had a cook-off ones between Aruba and Cisco and the client went Aruba.  Aruba won by 40% price margin.  Performance-wise, they were both came neck-and-neck.  But here's where the "gotcha" came.  Aruba quoted for 802.11 b/g WAP while Cisco quoted 802.11 a/b/g.  Now the client who made the choice is now complaining about the lack of 802.11a in very-dense deployment.

View solution in original post

Well we are both... So being one of the largest partners for both especially since we started with Cisco, made it really hard to want to learn Aruba. It's something we were handed to learn. I'm 100% Cisco as the Aruba SE understands since they know my background. I'm an engineer, so I like to get hands on equipment and learn things. Reading only gets you so far and one if these days maybe after understanding Aruba, I too will start posting on their forum. For now, I focused most of my time on the Cisco Wireless helping out on the beta testing, seeing what works and doesn't work, etc. I have my own Cisco lab at home but also have Aruba equipment that I do my testing with. However, my Cisco equipment currently runs my home network.

Experience is the best way to really understand. As an engineer, there are those who's job is to sell and we are left to make things work. You know eventually what is needed to have a successful implementation, what works and what doesn't. That is the key.... Knowing what works.

Hopefully you get more experience in other vendors than Aruba. I stay away from clients asking why is this better than the other. When it comes down to it, each have their good point and their bad. It comes down to user having a great wireless experience. If you can provide that, who really cares how you implemented it.... You've done a good job. I like to build a network like its mine... With the clients input and skills level built into it.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

15 Replies 15

Leo Laohoo
Hall of Fame
Hall of Fame
And it would be nice if someone point me what can cisco do that aruba cannot do.

How long is a piece-of-string?

What's the difference between, say, Laborghini and a Ferrari?   How about Airbus and Boeing?  Muhamed Ali vs Mike Tyson?  Apple vs Microsoft.

it's true that not all Cisco WAPs support CleanAir.  It's also true that not all Cisco WAPs support 802.11n.  These features were "separated" on purpose.  Not all clients want 802.11n.  Not all buyers can afford CleanAir.

In regards to VLANs and interface, there's a new feature called Interface Groups in the newer code of the firmware.

Don't be fooled by Marketing mumbo-jumbo.  The best way to determine which one suits your requirement is a cook-off.

We had a cook-off ones between Aruba and Cisco and the client went Aruba.  Aruba won by 40% price margin.  Performance-wise, they were both came neck-and-neck.  But here's where the "gotcha" came.  Aruba quoted for 802.11 b/g WAP while Cisco quoted 802.11 a/b/g.  Now the client who made the choice is now complaining about the lack of 802.11a in very-dense deployment.

It is too much asking if you could explain more about this new feature of interface groups ? seems it could be insteresting

Im not asking you to bash or anything other vendors 

What i want is like a neutral opinion of both brands:)

Also i read that Cisco bough meraki, is this like a asnwer to aruba instant?(just telling you what i have been reading around...)

Well about that not all clients can afford clean air thats sad,  as i saw Aruba ARM are supported by all the models so no matter what model you buy you will get ARM.

Information About Interface Groups

http://www.cisco.com/en/US/docs/wireless/controller/7.3/configuration/guide/b_wlc-cg_chapter_011.html#ID1707

Interface groups are logical groups of interfaces. Interface groups facilitate user configuration where the same interface group can be configured on multiple WLANs or while overriding a WLAN interface per AP group. An interface group can exclusively contain either quarantine or nonquarantine interfaces. An interface can be part of multiple interface groups.

A WLAN can be associated with an interface or interface group. The interface group name and the interface name cannot be the same.

This feature also enables you to associate a client to specific subnets based on the foreign controller that they are connected to. The anchor controller WLAN can be configured to maintain a mapping between foreign controller MAC and a specific interface or interface group (Foreign maps) as needed. If this mapping is not configured, clients on that foreign controller gets VLANs associated in a round robin fashion from interface group configured on WLAN.

You can also configure AAA override for interface groups. This feature extends the current access point group and AAA override architecture where access point groups and AAA override can be configured to override the interface group WLAN that the interface is mapped to. This is done with multiple interfaces using interface groups.

This feature enables network administrators to configure guest anchor restrictions where a wireless guest user at a foreign location can obtain an IP address from multiple subnets on the foreign location and controllers from within the same anchor controller.

Well as far i understanding you can map an specifi client to a specific vlan, in which i guess with that vlan you can set up ACLs, but then you still need different vlans for different permissions in the network i cannto still assign different permision for example assign different permissions using a single vlan

At least having vlan 100

and in that vlan 100 having AD groups like accounting, IT, managers

And inside that vlan you can tell accounting can access this server but managers can access other servers and IT got access to everything.

Maybe im mis understanding... i do have more knowledge on how the Aruba works as i have worked with aruba. But not with Cisco, and im just trying not to be like ARUBA isthe best and  bash cisco because cisco must have good stuff that aruba does not have.

NightShade,

Glad to see you posting on the Cisco forums... I have seen you on the Aruba forum:)

There are features that both vendors can do, its just how to accomplish it is where it varies. Aruba since you know that vendor the best can do this by roles... correct. Then you apply acl's to that role. So Aruba allows you to have one ssid and one vlan and define acls per user role, but all in all, you also have to look at why you want that much separation on a vlan. How Cisco does it is sort of the same way, but why not place the user on a vlan they belong to initially? QoS is one of the main thing and so is multicast that you may want to do this. With Cisco you can accomplish this acl per user or device with ISE, which is Aruba's ClearPass. So depending on what you want to do, its really dependent on the vendor, but can be accomplished either way. I've been working on Cisco wireless for a long time and starting to also work on Aruba.... I'm not going to bash either vendors.... It really comes down getting the job done. Instant AP's are a good thing for small environments, but you know when the AP counts grow past the 16 in a a layer 2, its better to have a controller... I still prefer a controller anyways even if its 4 AP's.

Sent from Cisco Technical Support iPad App

-Scott
*** Please rate helpful posts ***

Well like you well said  we have not to or try not to batch either vendor

Anyways yeah Instant seems for small bussiness but they have been adding good features to it... like L3 roaming which let you actually build  2 or 3 Virtual controller and roam between them... you can have 2 VCs and roam between them but then yeah the managment you need to control  2 VCs instead one...

Some people say that they have been running more than 16 APS and more than 400 or 500 users without an issue, guess they are enabling drop broadcast and multicast but never tried that myself....

You can even connect those VCs to the central coroporate as they can build in a VPN tunnel(if you dont have a private link) to the controller on the remote site...

Anyways going back to cisco as im learning  here hehe

So for you to do something similar as assigning roles per user group you need ISE which is the Bring your own device of Cisco

Well that seems that if you want something like that with cisco then it wlll cost you lot of money.

Without ISE i understand that you cannot do that, as you just can assign ACL to vlans but not to user groups

Did i get your idea wrong?

About the QoS i can do QoS on the role im assigning on the firewall rules that are inside that role.

Is there is anything you know that cisco can do that Aruba cant do.

Im really trying to get a general view of other brands... I really dont want to bealive what the comparing paper that for example aruba give or cisco give as sometimes its just marketing stuff and not all of them are true...

For example i read that Meraki didnt do band sterring but it does.  See my point?

Yeah  thats looks more like the fault of the partner for selling that...

If you know you got a High density deployment you will want to get avaiable a/b/g

Or in this case A/N  and b/G/N use band steering and all the good stuff...

I have seem the same thing happening

A friend was quoting for his company wireless solution

The cisco partner was cheaper... as they were just quoting them a single band APs, while the aruba partner was quoting them dual band APS because of the High density, plus they didnt quote other appliance for IPS/IDS while the aruba partner was quoting them the licenses for that  or something like that... at the end they bough aruba.

Im trying to not get fooled by marketing jumbo thats why im asking here instead of that

Scott Fella
Hall of Fame
Hall of Fame

Well I don't need ISE in most of my installs. If you are good with radius, you can send radius attributes to perform many task. What I would do in a Cisco environment is place users depending on the AD group to a vlan. I can either put them on a vlan or put them on an interface group which is like Aruba's Vlan Pooling. So with placing users in a vlan they belong, I can then place an acl on that layer 3 interface to allow and deny whatever traffic. Even with Aruba, I still would probably do it this way:)

I will leave alone what each vendor can do or can't. Every engineer will like one over the other and when it comes down to it either one will work as long as as its properly designed. The important thing is what works best in various environments... Vocera, Spectralink, bonjour, muticast, video stream, mesh, etc. There are so many devices that have to work on these networks and reliability is important.

I have always been a fan of site surveys and Aruba and other vendors don't seem to require it. I'm 100% against not doing one or even doing a predictive survey.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Well guess is preference... i dont think i would like to have a bunch of vlans and in each vlans different access and then assign those users to those vlans.

What i mean is that i do separate Vlans for wireless, i don t mix them with wired vlans, which as far i know is not recommended.  

It looks like more managment and more stuff to see that i dont need.

I just use the vlan pooling to divide the broadcast as i map them to a single SSID but no matter in what vlan they are they get the permissions i assign them.... i actually dont care what ip addressing it get

But well i guess at the end as you said if it properly designed then it shouldnt be an issue.

Well aruba does have a great tool which can let you survy without going to the client, but you need them to give you an autocad file, and some other formas, but i still go to survy to check if it okay.   But i can tell its pretty accurate tho...

Anyways thanks for your comments...

Scott Fella
Hall of Fame
Hall of Fame

Schools care what IP address the users gets and is part of many of their requirements especially when using a content filter. It's not more management because your doing this on the wired side also. Voice should also go in its own subnet. I see where you going with acls but what do you do with QoS and or multicast? There is always a need for vlans for wired and for wireless. Just my 2 cents.

As far as surveys goes, we don't guarantee coverage without a survey no matter what unless we perform a wireless survey. That goes for Cisco and or Aruba.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Oh thats because we use Fortigates as Firewalls, we integrated it with Active directory so it doesnt matter what ip it gets   it doesnt matter where the user log in, his permitions to internet and content filter fallow them, at least this is on a corporate that got AD, and well i have implemented the firewall integrated with AD(so the content filtering is based on AD groups) and the wireless also integrated with AD so in both situation i don t really care what ip they getting.

For schools, normally all the students got the same Access... at least to the internet, at least on the school i have implemented firewalls.  I dont know if there in your implementation does students got different access to the internet?

Yes you always need vlans for wireless and wired im agree with that.  It just that like told you, you are needing like for example 4 different vlans just to give different permissions, when you can have one vlan doing that.  Not telling you ill put a /20 vlan for wireless as i can vlan pool.

About the subnet for voice well i wont discuss it with you as i dont have too many years of experience just 3 in IT.  I just can tell you what i read on their documentation and its that i dont need another vlan for voice on wireless becasuse the system already can identify and tag the packet and send it to the switch tagged with the correct DSCP value,  Which is thats one of the diffference of Aruba and other vendors or at least that what i read,  if it better or not, ill be able to answer you when i get more experience with that but this time ill go humble and not commet about it as i need more years of experience, i just read a lot but that doesnt mean i know the best way to do it.

 

Anyways this is where i dont want to go, having a preference for a solution,  i came here to know what cisco can offer me that other wireless vendor cant!

I wanna know the virtues of each solution!   as i realize that everytime i do have preference for aruba but thats not good.  I need to see what the the others can offer.  This way i can have a better view of all the wireless solutions

The only way you can see for yourself how other solutions work is to actually learn the product and know the inside and out of the product. Reading about features really don't get you anywhere as an engineer because you need to know what works, what doesn't and why it works or will not work in a certain situation. I have gone into an Aruba POC due to the Cisco not configured correctly, but had to hold my breath. It goes the other way too. I tell my peers to not be too biased until we get more experience in the Aruba side. It kind of weird doing both but the years I have behind Cisco is still my main focus. The one big thing that is good is the Cisco forums. They have their TAC engineers and some from the BU who post here and 99.99% of the time you will get your issues answered here.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Well you know thats really hard when you are a Cisco partner or you are an aruba partner or you are i don tknow a rukus partner   to get hands on experience on the competitor gear.  So i had no other choice but to read and well try reading a lot

Well we are both... So being one of the largest partners for both especially since we started with Cisco, made it really hard to want to learn Aruba. It's something we were handed to learn. I'm 100% Cisco as the Aruba SE understands since they know my background. I'm an engineer, so I like to get hands on equipment and learn things. Reading only gets you so far and one if these days maybe after understanding Aruba, I too will start posting on their forum. For now, I focused most of my time on the Cisco Wireless helping out on the beta testing, seeing what works and doesn't work, etc. I have my own Cisco lab at home but also have Aruba equipment that I do my testing with. However, my Cisco equipment currently runs my home network.

Experience is the best way to really understand. As an engineer, there are those who's job is to sell and we are left to make things work. You know eventually what is needed to have a successful implementation, what works and what doesn't. That is the key.... Knowing what works.

Hopefully you get more experience in other vendors than Aruba. I stay away from clients asking why is this better than the other. When it comes down to it, each have their good point and their bad. It comes down to user having a great wireless experience. If you can provide that, who really cares how you implemented it.... You've done a good job. I like to build a network like its mine... With the clients input and skills level built into it.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Review Cisco Networking for a $25 gift card