What is our primary use case?
We work at a courthouse, however, we manage the data for the entire county. We have them at the Sheriff's office. They use them in commissary purchases, which is a separate SSI and separate VLAN. That's to segregate wireless traffic for different groups of people per their needs.
We have lawyers that maybe need to reach back into the network and access their documents when they take a laptop to the courtroom with them. And so through that, we've done some radius authentication. Therefore, it's not just an SSI ID. They actually have to log in with credentials as well.
Then, we have a guest SSID just for general public access, and that's basically running wide open. We do have a simple password audit, however, everybody knows it, and that's separated by VLAN as well and run through Palo Alto. We also have a whole different SSID for patrol units for the Sheriff's office, where they upload car videos and update their car computers wirelessly. We use it broadly.
How has it helped my organization?
The solution has let us get network access to more people in different locations where wires aren't feasible - like in a garage or for the Sheriff's office uploads in courtrooms. In some of these courtrooms, you can't run additional wire due to the fact that they're historical buildings. You have to have wireless. Also, you have lawyers walking around and you don't want them tripping over stuff. It's useful in every aspect of getting public access - even for when there are events in the square, across from the courthouse. It's basically helped us better serve everybody and provided them with network access.
What is most valuable?
It always runs, and it's very reliable in terms of performance. They are very, very robust, very rugged, and can handle indoor or outdoor coverage. We typically don't have too many problems with the hardware.
What needs improvement?
The wireless LAN controllers at the time when we started rolling out, we went with it simply due to the fact that everything else worked that was Cisco. We figured, if everything else works and we're satisfied with it, let's go that route. However, now people want more access points and more spots. And if you give everybody coverage, the cost is crazy high. You can either say, "No, we can't," or you can go with the cheaper product, even slightly cheaper, plus you get more APs out there for more coverage.
At least with the WLC 2500 that we've been using, you can't take just the stock AP from them. You have to use lightweight firmware. You turn it into a lightweight AP and then you can join it to, or provision it to, the wireless controller, which should be automatic. In most cases, it works pretty well, however, it's still not there yet, as far as plugging it into this network that's going to tunnel back to the controller. I would say it works 7 out of 10 times. For the price, it should be a 10 out of 10. Especially with Cisco running an entire Cisco network with CDP all over the place, there should be no reason it doesn't tunnel back every single time. And yet, there are a few times where it doesn't.
It got to the point where, when I prevent in APs, I just take them directly to the switch that the controller is plugged into and provision them there instead of just plugging them in like you should be able to.
The software on offer is not great. Cisco lacks in software updates, surprisingly. They don't update their firmware too much for the controller. This is not something you want to be done constantly as it does make downtime, however, I would like to see them more than once a year. Unless there's a critical flaw, or you're running an early release. They're their main releases, I want to say year after year, it's been maybe once a year, and then you have to push it out to all your APs.
Their software's really clunky. It's not very user-friendly, which you can see that as a good thing and a bad thing. We should learn this stuff, but at the same time, it shouldn't be overly difficult. You shouldn't have your options hidden in menus. You shouldn't have to go 25 minutes deep to get to some security options for a specific SSID.
Also the way the group their security settings is a little bit backward to me. It's not done by SSID. There's just a security tab. Then, you have to link back and forth through that. However, that's something that you're going to fight with through every controller, every different type of device. We all wish they were organized differently.
For how long have I used the solution?
We originally started using the solution in 2014.
We had one before then as well. Since we've gone wireless, or implemented wireless throughout the buildings here, we've always used Cisco. This is just a Cisco shop.
What do I think about the stability of the solution?
The solution is extremely stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.
The one issue we did have was with their mesh radios. I'm not sure that it was with the radio itself, the software in the radio. They run two different firmware. One is autonomous firmware, which they use with their AP line and then lightweight APs. With the autonomous one, there's no consistency there. For the indoor APs, you'll have lightweight firmware that you need on them. And then for the outdoor mesh radios, they're not fully autonomous, yet you have to have the autonomous software on them for the mesh feature to function. That's a little bit convoluted and I kind of wished that would just have it one way or the other.
What do I think about the scalability of the solution?
The solution scales easily.
The number of users varies. Some days we have court cases and then you have jurors, lawyers, the media people. It varies widely. I would say on average, we have possibly 200 people a day on a slow day using it. And then on an extremely busy day, it could double that.
We use the solution quite extensively.
We do plan to increase usage, however, it won't necessarily be with this product. We'll probably like to go with a different product based on price and licensing.
How are customer service and technical support?
Technical support is 10 out of 10. Cisco tech support is one of the best supports I've ever dealt with.
How was the initial setup?
The initial setup was very straightforward. As we have added SSIDs, when we have had a hardware failure, the re-setup, for instance, is a bit more involved. When the controller itself was acting kind of finicky, we did an overnight request and got one in. Re-uploading that configuration was not as easy if that makes sense. If you're setting up a brand new device, it's very easy, very straightforward. If you're trying to restore from a backup configuration, it's not as easy. We ended up actually just resetting it up from scratch.
The deployment itself likely took three hours.
We had some bugs to work out after that, however, the majority of it was up and running within three hours.
For maintenance, you only need one person (a network admin) and then a backup person, just in case that person is on vacation or something.
What about the implementation team?
We handled the setup all in-house. We do have their tech support. At one point, we did get tech on the phone and were working with them. It basically came down to firmware. The one they shipped us could not downgrade its firmware to the firmware we were running on. There was no good way to make it upload the config from an older firmware. They wanted the same firmware restorations. That was kind of a pain, however, we just ended up manually going through and resetting everything, which was not too terrible.
What's my experience with pricing, setup cost, and licensing?
Cisco's APs are licensed and you need to buy them. Basically, for every AP, you have to have a license. Some of the other devices do it so that they support X amount and you can buy the licenses for zero to 20, 20 to 40, et cetera, and it's a little bit more affordable. That's kind of why I was trending towards Ruckus. They handle their licensing a little bit differently.
Every time somebody asks "How much is a wireless access point? We need wireless in this room." Well, then you tell them the cost and mention "Oh yeah, and there's a license." It's expensive.
Users purchase each AP, and that's until the end of that product's life. If you break it down over a year, it's fairly affordable. However, nobody replaces one AP, we replace them all typically at the same time. Unless one dies or they need one expanded, as far as specific costs go, it's different for indoor and outdoor ones. It might be around $100 for a license. The internal ones are far cheaper than that.
Which other solutions did I evaluate?
We had looked at Meraki before, however, the cost is just astronomical. We're a local government, so there's no money. The cost of Cisco wireless controllers has always been kind of clunky. I had heard a lot of good things about Aruba, and then I heard they were bought out by HP, however, it seems like it's still good. I was leaning more towards Ruckus based on just how it handles traffic and handles the guest VLANs and that it can do SSI de-scheduling. I still need to go back and do an in-depth read on the Ruckus option. I am leaning towards that one, even though it seems like it's a close tie.
I also looked at Ubiquity, however, from what I've read, their hardware is not really up to par when you hit saturation, and on certain days of the week here, we definitely have saturated APs due to the fact that we have court cases. You can go from the usual 10 people on an AP to possibly 40 plus people, all trying to check their internet over the wireless. It gets kind of crazy on those days.
What other advice do I have?
We're just a customer and an end-user.
We use the 2500 wireless controller and all the APs that go with it.
We have Cisco switches and routers as well. We were using Cisco firewalls up until about three years ago. And then we switched to Palo Alto. As far as switching goes, still happy with their switches. They're extremely pricey, however, they last forever, and they meet a lot of government requirements that we have.
I'd recommend the solution I wouldn't hesitate to do install it if the company can afford it.
I would rate the solution at an eight out of ten for its ease of setup, ease of scalability, and robustness.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.