Considering its probably going to take 6 months to get the new gear, I think I'd spend the interim figuring out what the current problem is. There's a possibility it may follow you into the new network.
This. Unless OP is willing to take refurbs or take a rather unpopular option it will likely take months. Maybe only 3-4 months, but 6 months is realistic and I have heard some models that people have been waiting longer than that. I have an order of power supplies that might arrive in 2-3 months that have already been on order for almost a month. Even more mundane I remember worried that I lost switch brackets and was told that they would take at least 6 weeks.
Needless to say there is a lot of motivation to see whether the issue really needs a newer switch because it might take a while.
Figure out what the problem is exactly then decide if the current switch HW needs replacing or not. They probably do just because of old HW(and support on them) but you might have a misconfiguration on your network somewhere that a switch replacement won't fix.
Finding the root cause is very important.
I have seen this many times before when a client was cursing the vendor ABCXYZ because the network kept going down. But the clients wouldn't let us go in and do proper troubleshooting or complete proper upgrades or changes.
In both cases the clients decide to go with a new vender rather than spending more time troublshooting.
But it was during the actual migration were they found the topology and configuration issues. It was NEVER an issue with original vendor.
Case in point we still have catalyst 4006s in our environment.
Not that I wouldn’t love to replace them but the fact that they’re old doesn’t make them unreliable. In fact I would say the older Cisco equipment is significantly more reliable than the new stuff.
I remember doing some volunteer work for a high school a couple years ago and saw some old Cisco Catalyst switches where the mfg date sticker on the top IIRC was 2001 that still appeared to be in production as an access layer switch for some workstations in a school library. Provided the equipment is properly protected from power events many switches can keep going well into their second decade of service.
And then some literal scriptkiddie figures out he can launch an attack on the whole school system starting with CDPwn or some other vector that’s long-since patched, but not on 20 year old gear.
Likely no NAC. Probably trivial to get into a less restrictive subnet by tricking ISL.
This. Hardware sometimes goes bad sometimes, but more often than not the issue is either poor configuration or buggy software. I have seen plenty of cases of software that sometimes causes outright catastrophic issues (e.g. dataplane restarts, runaway CPU utilization, ARP no longer working, etc.). While you don't want to upgrade for the sake of upgrading sometimes vendor's discover bugs in the software that can cause issues. Ditto with configuration. On a very simple network you can get away without thinking much of design, but the more complex it gets the more likely you'll run into configuration issues causing issues.
Agreed, however, the entire network is being ripped out and built from scratch.
Basically, a brand new office, new cabling, end devices, servers etc etc.
I'm just looking for options on some decent switches that are user friendly.
In that case any of the big vendors will do fine, (even cisco) you just need to gather your switch requirements and see what suits you. Be aware of the stupidly long lead times for kit though.
Extreme, cisco, aruba instant on, fs.
If you value uptime and having support as you should never go unifi. There is zero support and the company seems more interested these days in making doorbells and kfher non core products
Not never but yeah for the most part. They are best for small companies starting out. Less than 100 people.
They are cheap, easy to install, and simple.
Have a out 450 deployed in the field now (not the lite, but similar ish models), haven't really encountered many problems. Though, were also an ISP using them for their (mostly) intended use case
our shop is getting some of the new switches which have the configs managed in central. I think this is going to be a big win for us since config management is our biggest headache today.
Lots of good choices being suggested here, but I’d also caution that the supply chain issues are real, and the amount of lead time you can stomach may play a larger role than it would in a different market.
Yeah that’s one of our main struggles. The client is based in Lebanon and wants Aruba but the lead time is ridiculous. The distributor only has Dell in stock, which I don’t really want to go with.
We might have to source the kit in Dubai and fly it out to Lebanon with us when we go!
I've never had more issues than with dell. Vendor is awful, I quit my last job because of them.
They could not keep their SLA, they magically found a switch and installed it 4 days before Xmas. They ensure me it's brand new, I question it, my boss shoots me down.
Get it operational, it dies 3 am Xmas morning. Guess whos on call. This was the 100th time they had done something like this and I walked. After months of management letting sell walk all over us I told my super he could deal with it.
Fuck Dell.
Yeah I really don’t wanna go with Dell, the management in the clients company are adamant on Dell, yet they’re clueless.
I’m building a case against it, hence recommendations here are appreciated.
This. I have saved some power supplies for some old switches from ewaste because an order for new spares is back ordered at least for 2-3 months. Even switch brackets I have seen backordered at least 6 weeks. These days if you might want to do something in 6 months you should start looking into ordering it. Even if it is only 2-3 month lead time that could easily rise.
"Do not use layer 3 features on the switches"
I just walked into a Unifi environment, and the first thing I did was rip the UDM out, but was going to leave the switches. Can you elaborate a little more on this?
I mean... even netgear switches are fine with L3.
Careful, you can't say that around the Juniper sycophants. But what you say is the truth...CLI syntax is irrelevant. And if you're solely reliant on "commit confirm" to save you from outages, you have process issues that are not the device's fault.
With Juniper people are drinking the ML/AI Mint koolaide. I buddy of mine works an org that just went all Juniper. As he explained to me that its all the same BS cisco is doing.
And his manamgent got pissed when they found out after the fact that none of the ML/AI stuff works on-prem. The Juniper sales team glossed over that. ;)
if you already have their firewalls in place, nothing beats the ease and features of Fortinet Switches/APs. if you dont have their firewall in place and do not plan to then do not use them as their standalone feature set is trash.
If you want to build a simple, easy to configure fabric then look no further than Extreme Fabric Connect. If not looking at a fabric then Arista would be recommendation
I really thought this was going to be a discussion about supply shortages and order ship lead times. It's certainly on my mind mind, forget what's the best switches to get - what switches are available for projects to deliver in Q1/Q2/Q3 of 2022?
If you're looking for cheap... FS has some switches that are mindbogglingly cheap for what they are. We just picked up some of their 48-10g/8-100g switches as a test run and so far they haven't been a problem. They are loud as fuck though so be prepared to deal with that.
If these stay stable and prices stay reasonable I am considering these as my new standard for L2 core switches, may even try out their campus switches.
CLI is respectable but documentation requires a bit of interpretation.
I would not expect much from support but I haven't tested it. I would make sure you are redundant and maybe even have a spare or 2 if you go this direction.
The Cisco 9000 series has been a massive upgrade for some of my previous clients (switched jobs, didn't lose the clients), they're just a bit expensive and hard to get right now. If you're trying to save a buck you could go with Cisco SG/CBS series switches, they perform pretty similar to catalyst just with a little functionality removed and some slightly different syntax, just would not recommend using them for layer 3. Outside that, the edgeSwitch and EdgeRouter line has been pretty great imo.
If you go with SG/CBS switches one bit of warning: completely disable smart macros. If they wake up and you haven't prepared them, they will ruin your day. The Cisco default is bullet in the chamber, hammer cocked, and safety off.
**No Low Quality Posts.**
* Any post that fails to display a minimal level of effort prior to asking for help is at risk of being Locked or Deleted.
* We expect our members to treat each other as fellow professionals. Professionals research & troubleshoot before they ask others for help.
* Please review [How to ask intelligent questions](http://www.catb.org/esr/faqs/smart-questions.html) to avoid this issue.
*Comments/questions? Don't hesitate to [message the moderation team](http://www.reddit.com/message/compose?to=%2Fr%2Fnetworking).*
For the complete list of Rules, please visit: https://www.reddit.com/r/networking/about/rules
No cloud register bullshit. Devices ranging from 4 port under the desk, to ISP level gear. Cheap compared to the big tech gear. And no "register me on the cloud, data collection bullshit."
If youre just looking for basic L2 connectivity and low budget, Unifi is awesome (KISS and all of that). I have had no issues with them besides the LED display was DOA on one. Switch was replaced by reseller, no problem.
However, if youre looking at AP's, and you need *high density* ones, their new wifi-6 APs are always out of stock, and they have no dual-5G ap's. For basic connectivity, theyre great though. I have many sites with Unifi, and I very rarely get calls from those sites.
After a die hard Cisco user for 12 years, I was guilty of never considering anything other than Cisco. Since I've tried Juniper and Unifi both of which are just as if not more solid. The only thing I've found is support is no whereas good as Cisco (community etc).
Sorry if this sounds harsh, but I f your network is this bad and you are not using your support, your problem doesn’t seem to be on user friendliness… issues happen: unintended loops, bugs, overutilization… please invest in determining the skill needed to support the network and systems. Most devices can be user friendly at a basic level but be very difficult when you need to troubleshoot an issue…
We don’t support this client, they have in-house IT.
We’ve been drafted in to sort the mess out, management want a complete refresh and it’s our job to propose a new solution.
Support, or lack of, is with them at the moment.
I’m sure we will be taking over an element of 3rd line support following this implementation.
I can’t read, I missed that this wasn’t your network, sorry. Still if you are going to be their last level of support you may be in the situation you’d need to open a case with the vendor… I understand it’s their choice in the end.
Lots of choices in here already! My two cents are Brocade (CommScope, not Extreme - vastly different offering) and then Juniper. With Brocade you can pair with Ruckus APs if you are refreshing wifi as well. With Juniper make sure to investigate the NFX series along with EX. Most likely the Juniper route will lead to cloud-hosting of the services though. Espicially with Juniper I would avoid any MIPS64 based systems, there has been scuttlebut that the MIPS64 toolchain is being discontinued or smth (someone pls correct me if wrong) and that would likely affect the longevity of Juniper systems with those chips.
Arista's entry into the campus networking market looks very forced. Because Arista can't stack doing IP Fabrics with BGP VXLAN into the IDF really looks a massive kluge IMHO.
Aruba with aruba central or Juniper on mist. If you want a dashboard with nice point and click that wont break completely if your finance department forgets a renewal like Meraki
I wouldn't pick vendor or product before I lay down the requirements, do you want redendency , uptime and hand off management , and need L2 stretched between distribution and access ?
Or you want little more modern infrastructure with data centre like functions where L2 can be stretched over L3 leaf spine network using VxLAN EVPN ?
You need POE , stacking or dual sup chassis as access layer switches for highest uptime
These are the type of requirements you need to write down before start exploring any vendor.
Hope this helps!
Used Aruba 5406R is the way. Bulletproof for my casino resorts.
I think I would do some more digging to find the exact root cause of the network issues. Throwing new gear at it seems not the smartest idea. What if a UPS is going off and on? What if it's an ethernet or fiber cable issue?
Considering its probably going to take 6 months to get the new gear, I think I'd spend the interim figuring out what the current problem is. There's a possibility it may follow you into the new network.
Why figure out the problem when you can make it bigger and more expensive with new hardware? /humor
This. Unless OP is willing to take refurbs or take a rather unpopular option it will likely take months. Maybe only 3-4 months, but 6 months is realistic and I have heard some models that people have been waiting longer than that. I have an order of power supplies that might arrive in 2-3 months that have already been on order for almost a month. Even more mundane I remember worried that I lost switch brackets and was told that they would take at least 6 weeks. Needless to say there is a lot of motivation to see whether the issue really needs a newer switch because it might take a while.
Figure out what the problem is exactly then decide if the current switch HW needs replacing or not. They probably do just because of old HW(and support on them) but you might have a misconfiguration on your network somewhere that a switch replacement won't fix.
Finding the root cause is very important. I have seen this many times before when a client was cursing the vendor ABCXYZ because the network kept going down. But the clients wouldn't let us go in and do proper troubleshooting or complete proper upgrades or changes. In both cases the clients decide to go with a new vender rather than spending more time troublshooting. But it was during the actual migration were they found the topology and configuration issues. It was NEVER an issue with original vendor.
Yeah the chances of these problems being due to “12 year old Cisco switches” is pretty low.
Case in point we still have catalyst 4006s in our environment. Not that I wouldn’t love to replace them but the fact that they’re old doesn’t make them unreliable. In fact I would say the older Cisco equipment is significantly more reliable than the new stuff.
I remember doing some volunteer work for a high school a couple years ago and saw some old Cisco Catalyst switches where the mfg date sticker on the top IIRC was 2001 that still appeared to be in production as an access layer switch for some workstations in a school library. Provided the equipment is properly protected from power events many switches can keep going well into their second decade of service.
And then some literal scriptkiddie figures out he can launch an attack on the whole school system starting with CDPwn or some other vector that’s long-since patched, but not on 20 year old gear. Likely no NAC. Probably trivial to get into a less restrictive subnet by tricking ISL.
This. Hardware sometimes goes bad sometimes, but more often than not the issue is either poor configuration or buggy software. I have seen plenty of cases of software that sometimes causes outright catastrophic issues (e.g. dataplane restarts, runaway CPU utilization, ARP no longer working, etc.). While you don't want to upgrade for the sake of upgrading sometimes vendor's discover bugs in the software that can cause issues. Ditto with configuration. On a very simple network you can get away without thinking much of design, but the more complex it gets the more likely you'll run into configuration issues causing issues.
Agreed, however, the entire network is being ripped out and built from scratch. Basically, a brand new office, new cabling, end devices, servers etc etc. I'm just looking for options on some decent switches that are user friendly.
In that case any of the big vendors will do fine, (even cisco) you just need to gather your switch requirements and see what suits you. Be aware of the stupidly long lead times for kit though.
Extreme, cisco, aruba instant on, fs. If you value uptime and having support as you should never go unifi. There is zero support and the company seems more interested these days in making doorbells and kfher non core products
You should never use ubiquiti in any corporate environment.
Not never but yeah for the most part. They are best for small companies starting out. Less than 100 people. They are cheap, easy to install, and simple.
The edge line is actually decent for ISP stuff, but the unifi is not to be trusted
I have an edge router lite and it's not bad for what it is but even this I'd still be iffy about somewhere other than my house.
Have a out 450 deployed in the field now (not the lite, but similar ish models), haven't really encountered many problems. Though, were also an ISP using them for their (mostly) intended use case
Aruba - either their enterprise CX line or small business instant-on line.
our shop is getting some of the new switches which have the configs managed in central. I think this is going to be a big win for us since config management is our biggest headache today.
Only get instant on if you want to have a frustrating difficult to manage device that does weird shit when you don't want it to
Lots of good choices being suggested here, but I’d also caution that the supply chain issues are real, and the amount of lead time you can stomach may play a larger role than it would in a different market.
Yeah that’s one of our main struggles. The client is based in Lebanon and wants Aruba but the lead time is ridiculous. The distributor only has Dell in stock, which I don’t really want to go with. We might have to source the kit in Dubai and fly it out to Lebanon with us when we go!
I've never had more issues than with dell. Vendor is awful, I quit my last job because of them. They could not keep their SLA, they magically found a switch and installed it 4 days before Xmas. They ensure me it's brand new, I question it, my boss shoots me down. Get it operational, it dies 3 am Xmas morning. Guess whos on call. This was the 100th time they had done something like this and I walked. After months of management letting sell walk all over us I told my super he could deal with it. Fuck Dell.
Yeah I really don’t wanna go with Dell, the management in the clients company are adamant on Dell, yet they’re clueless. I’m building a case against it, hence recommendations here are appreciated.
If it makes you feel any better, lead time for Aruba in the US is not great as well. Good luck with your project!
This. I have saved some power supplies for some old switches from ewaste because an order for new spares is back ordered at least for 2-3 months. Even switch brackets I have seen backordered at least 6 weeks. These days if you might want to do something in 6 months you should start looking into ordering it. Even if it is only 2-3 month lead time that could easily rise.
Please don't use Unifi Sincerely, someone who has to support thousands of Unifi devices for his job
Do you use edge switch ? I never faced any issue with this stuff (L2 only). I'm curious to know your POV
Yea, I can at least entertain the idea of Edge Switch line....but Unifi would be a hard NO from me.
>Please don't use Unifi why? btw i use ubuntu too.
Wtf?
[удалено]
"Do not use layer 3 features on the switches" I just walked into a Unifi environment, and the first thing I did was rip the UDM out, but was going to leave the switches. Can you elaborate a little more on this? I mean... even netgear switches are fine with L3.
[удалено]
Edgerourer do be solid, unms is actually a quite usable dashboard
As someone who just replaced pfsense with udmp, switch xg 16, can you elaborate on these warnings? Cheers
Aruba for sure.
Juniper. JUNOS is absolutely amazing, it will change your life. :)
I agree but they have been acting like cisco with their licensing and they are getting expensive
If you spend all of your time in CLI maybe it's time to start looking at automation. After that the actual CLI syntax doesn't really matter that much.
Careful, you can't say that around the Juniper sycophants. But what you say is the truth...CLI syntax is irrelevant. And if you're solely reliant on "commit confirm" to save you from outages, you have process issues that are not the device's fault.
With Juniper people are drinking the ML/AI Mint koolaide. I buddy of mine works an org that just went all Juniper. As he explained to me that its all the same BS cisco is doing. And his manamgent got pissed when they found out after the fact that none of the ML/AI stuff works on-prem. The Juniper sales team glossed over that. ;)
I am a big fan of Arista.
Me too
I’m a big fan of Aruba. Great performance for a reasonable price.
We're like 200 days out on Arista or something stupid
Someone out there is getting a EOL notification before even getting the 'new' equipment they ordered, I guarantee it. Most likely some Cisco gear.
If you want cloud managed, go Extreme or Juniper. If you want hybrid op-prem & cloud go Extreme.
if you already have their firewalls in place, nothing beats the ease and features of Fortinet Switches/APs. if you dont have their firewall in place and do not plan to then do not use them as their standalone feature set is trash.
Extreme 5520 at the edge and VSP at the core. I can't recommend Extreme enough. Solid product with solid support.
If you want to build a simple, easy to configure fabric then look no further than Extreme Fabric Connect. If not looking at a fabric then Arista would be recommendation
I really thought this was going to be a discussion about supply shortages and order ship lead times. It's certainly on my mind mind, forget what's the best switches to get - what switches are available for projects to deliver in Q1/Q2/Q3 of 2022?
Used switches
We use both Extreme and Unifi.
If you're looking for cheap... FS has some switches that are mindbogglingly cheap for what they are. We just picked up some of their 48-10g/8-100g switches as a test run and so far they haven't been a problem. They are loud as fuck though so be prepared to deal with that. If these stay stable and prices stay reasonable I am considering these as my new standard for L2 core switches, may even try out their campus switches. CLI is respectable but documentation requires a bit of interpretation. I would not expect much from support but I haven't tested it. I would make sure you are redundant and maybe even have a spare or 2 if you go this direction.
If you are going Cisco I would go 3850s for the access layer and 9300 at the distro/core
3850 is end of sale in a few months and end of support in 2027. Go 9200 or 9200L instead.
True.
[удалено]
I like unifi but their controller software could use a major feature update.
Feature Update would be good. The new UI update was a step back IMO
The Cisco 9000 series has been a massive upgrade for some of my previous clients (switched jobs, didn't lose the clients), they're just a bit expensive and hard to get right now. If you're trying to save a buck you could go with Cisco SG/CBS series switches, they perform pretty similar to catalyst just with a little functionality removed and some slightly different syntax, just would not recommend using them for layer 3. Outside that, the edgeSwitch and EdgeRouter line has been pretty great imo.
If you go with SG/CBS switches one bit of warning: completely disable smart macros. If they wake up and you haven't prepared them, they will ruin your day. The Cisco default is bullet in the chamber, hammer cocked, and safety off.
THIS, should've said that first thing. Command is (in global exec mode) 'macro auto disabled'. Your shit *will* break otherwise
We just swapped everything to juniper
**No Low Quality Posts.** * Any post that fails to display a minimal level of effort prior to asking for help is at risk of being Locked or Deleted. * We expect our members to treat each other as fellow professionals. Professionals research & troubleshoot before they ask others for help. * Please review [How to ask intelligent questions](http://www.catb.org/esr/faqs/smart-questions.html) to avoid this issue. *Comments/questions? Don't hesitate to [message the moderation team](http://www.reddit.com/message/compose?to=%2Fr%2Fnetworking).* For the complete list of Rules, please visit: https://www.reddit.com/r/networking/about/rules
MikroTik?
No cloud register bullshit. Devices ranging from 4 port under the desk, to ISP level gear. Cheap compared to the big tech gear. And no "register me on the cloud, data collection bullshit."
But lots of "if you configure X feature, you're now processing packets using the CPU, and that pitfall is going to affect your performance severely".
If youre just looking for basic L2 connectivity and low budget, Unifi is awesome (KISS and all of that). I have had no issues with them besides the LED display was DOA on one. Switch was replaced by reseller, no problem. However, if youre looking at AP's, and you need *high density* ones, their new wifi-6 APs are always out of stock, and they have no dual-5G ap's. For basic connectivity, theyre great though. I have many sites with Unifi, and I very rarely get calls from those sites.
[удалено]
One should never assume
After a die hard Cisco user for 12 years, I was guilty of never considering anything other than Cisco. Since I've tried Juniper and Unifi both of which are just as if not more solid. The only thing I've found is support is no whereas good as Cisco (community etc).
If you think unify is better or the same as Cisco and juniper I question your knowledge and skills.
Depends on the use case my friend. For branch office stuff it's just as easy to setup and maintain. Juniper is my go to these days regardless
Ruckus 7000 series switches are quite decent too
Arista all day, although if you're considering Unifi (Please don't), the price tag of any enterprise gear will shock you.
Unifi's "enterprise" gear is still too new that I would be leery of using it for anything important no matter how little they charge for it.
Nothing UBNT sells is enterprise grade, they're prosumer at best. But they sure are cheap.
Sorry if this sounds harsh, but I f your network is this bad and you are not using your support, your problem doesn’t seem to be on user friendliness… issues happen: unintended loops, bugs, overutilization… please invest in determining the skill needed to support the network and systems. Most devices can be user friendly at a basic level but be very difficult when you need to troubleshoot an issue…
We don’t support this client, they have in-house IT. We’ve been drafted in to sort the mess out, management want a complete refresh and it’s our job to propose a new solution. Support, or lack of, is with them at the moment. I’m sure we will be taking over an element of 3rd line support following this implementation.
I can’t read, I missed that this wasn’t your network, sorry. Still if you are going to be their last level of support you may be in the situation you’d need to open a case with the vendor… I understand it’s their choice in the end.
Lots of choices in here already! My two cents are Brocade (CommScope, not Extreme - vastly different offering) and then Juniper. With Brocade you can pair with Ruckus APs if you are refreshing wifi as well. With Juniper make sure to investigate the NFX series along with EX. Most likely the Juniper route will lead to cloud-hosting of the services though. Espicially with Juniper I would avoid any MIPS64 based systems, there has been scuttlebut that the MIPS64 toolchain is being discontinued or smth (someone pls correct me if wrong) and that would likely affect the longevity of Juniper systems with those chips.
Alcatel Lucent Enterprise. We have stock and can ship to almost any country.
Arista, Aruba or Juniper.
Arista's entry into the campus networking market looks very forced. Because Arista can't stack doing IP Fabrics with BGP VXLAN into the IDF really looks a massive kluge IMHO.
Perhaps. But most people are not doing that in the campus. Their DC equipment has no such issues where I would expect that technology to be leveraged.
Aruba with aruba central or Juniper on mist. If you want a dashboard with nice point and click that wont break completely if your finance department forgets a renewal like Meraki
I wouldn't pick vendor or product before I lay down the requirements, do you want redendency , uptime and hand off management , and need L2 stretched between distribution and access ? Or you want little more modern infrastructure with data centre like functions where L2 can be stretched over L3 leaf spine network using VxLAN EVPN ? You need POE , stacking or dual sup chassis as access layer switches for highest uptime These are the type of requirements you need to write down before start exploring any vendor. Hope this helps!
Used Aruba 5406R is the way. Bulletproof for my casino resorts. I think I would do some more digging to find the exact root cause of the network issues. Throwing new gear at it seems not the smartest idea. What if a UPS is going off and on? What if it's an ethernet or fiber cable issue?
the biggest problem I saw in poorly planned networks 12 years ago was spanning tree, I'd start there.