Need recommendation in providing enterprise WiFi solution

[tekkiebao_my]

Hi,

My client requires a robust WiFi connection in their premise for 200 users. The premise consist of 2 floors with 8000sqft each. The nature of the business of my client is e-commerce and the Internet usage would be heavy.

I am currently looking at deploying a WLAN controller with up to 8 APs (4 per floor), a load balancer to bind 2 WAN lines and a Fortigate 600C firewall to manage the traffic.

I am looking at using Aruba and Peplink or F5 at the moment.

One of the most important requirement from my client --> near 100% network uptime.

Would appreciate if anyone out there could provide an insight if I am missing out on anything important or could recommend me a better solution.

 

[m1ldslide1]

Well since you left it open - any reason not to use Cisco? I am only really familiar with the cisco solution so take my response with appropriate skepticism - but the 2500 series controller with the 1600 series access points would easily meet these requirements and was designed for this kind of deployment.

In theory any of these enterprise wireless solutions should give excellent uptime, but one advantage of cisco is that the AP's include enough flash to pre-stage code upgrades. This results in very short outages even when a code upgrade is required. Last I heard, other vendors don't offer this.

Otherwise for this environment I bet that aruba and cisco are pretty similar, and at that point it probably comes down to price.


Any reason you're using a load-balancer to connect to the WAN instead of a router? Something like a cisco 880 series would allow multiple connections and also has a stateful firewall that might be sufficient depending on the features and throughput you need. That collapsed solution could be a significant hardware and maintenance savings for you.

 

[tekkiebao_my]

m1ldslide1, thank you for the input.

The sole reason we are not going for Cisco is cost factor. Cisco solution would easily cost 2-3x more than Aruba/Ruckus.

I am not sure if my idea of using LB and firewall are the best but these are the requirements:

- Ability to LB between multiple WAN lines from different ISP for performance and redundancy.
- Ability to limit b/w per user to prevent abuse
- Ability to block/filter web content/torrent and etc.
- Very high network uptime (99%)

My initial recommendation would be:

WAN --> LB --> Firewall --> Core switch/WLAN controller --> 8 x APs

 

[re_young]

Enterasys has a fantastic solution. I know quite a few reps over there and could have them provide a brief webinar for you. Concerning filtering beyond 80 and 443 traffic, you'll want to look at a SWG solution. Wireless infrastructure/NAC providers can generally provide basic unencrypted traffic filtering by Black/white list, but they'll have issues with port evasive programs like bittorrent, ultrasurf, etc. I'd recommend looking at a cost effective solution like enterasys, aruba, bradley and combine that with a dedicated web security solution. With only 8 AP's and an iboss swg for example, the combined cost will be quite under the Cisco wireless solution itself.

-Ross

 

[CubanlB]

8 APs might be a little thin depending on usage. That's 25 clients per AP if each user has only one device, which to me, is unlikely. (Even if that is what it is designed for, people are going to push to get mobile devices on it.)

You are also going to want something that is going to do RF load balancing. (Spectrum balancing in the aruba world)

Are you looking at Controller/Thin AP solution or something like Aruba or Aerohives Swam/distributed controllers?

Aruba has integration with OpenDNS for web filtering in their lineups, though I haven't used it, as my workplace has a dedicated filtering appliance.

 

[kevnich2]

Just going to throw this out since it hasn't been mentioned but have you looked into Ubiquiti Unifi AP's? Very cost effective, good load balancing and good centralized management and definitely doesn't break the bank.

 

[Red Squirrel]

I second Unifi APs, they're great and don't cost a lot. You could perhaps justify adding more. I have one in my basement and it covers the whole house and a bit outside.

 

[alkemyst]

You said costs are a limitation, but a true Enterprise level would be the entry level WLC2500 and some 1600 AP's if you don't want cloud and if you do the Meraki options that suit your needs.

Other solutions will work, but they are more small business than Enterprise.

 

[Cooky]

I am not sure if my idea of using LB and firewall are the best but these are the requirements:

- Ability to LB between multiple WAN lines from different ISP for performance and redundancy.
- Ability to limit b/w per user to prevent abuse
- Ability to block/filter web content/torrent and etc.
- Very high network uptime (99%)

My initial recommendation would be:

WAN --> LB --> Firewall --> Core switch/WLAN controller --> 8 x APs

Is the dual WAN circuit requirement used for applications that are hosted on-prem, and accessed by customers (e-Commerce), or is it primarily used by your client's employees that need Internet access?

Based on your description above, it sounds like the latter.
If that's the case, you want to use a router that can support Internet load-sharing, or BGP manipulation.
A load balancer from F5 or other vendors is primarily used to distribute load between servers that you host, and is not intended to be used for end-user Internet browsing.

Also, if full-on Cisco AP & WLC are too expensive, you can consider Cisco AP w/ Meraki WLC.
To be honest, I've never used Meraki, but have heard good things about it.

 

[xSauronx]

i have recently come to hate cisco wireless. i dont have a lot of experience with it, and maybe its just the 2106 controller my customer has...but that thing is a pain in the ass. it refused to cooperate when i was making AP groups the other day and i had to resort to the CLI to get it done. seriously annoying.

we also use some ruckus, but usually in small environments with only a few WAPs. one site has 3 units and about 70 wireless devices and its clear that its struggling, they should have another 3 to be honest.

we have been using ubiquiti some, though i dont have experience with it myself. cheap as hell APs, and a software controller that (iirc) is free, so you can just fire it up on a pc or server, make changes, and turn it off. a couple clients have been happy with this, but i dont think there are more than a handful of the units at the sites.

 

[gordita]

keep it simple. Go meraki. It'll work. No on-prem Controller B.S.
I've deployed 800 AP's in my Enterprise so far with plans for 1000 more in the next 3 years.

 

[drebo]

I'd recommend Ubiquiti Unifi Pro APs. And at least 6 per floor for 200 devices.

 

[alkemyst]

i have recently come to hate cisco wireless. i dont have a lot of experience with it, and maybe its just the 2106 controller my customer has...but that thing is a pain in the ass. it refused to cooperate when i was making AP groups the other day and i had to resort to the CLI to get it done. seriously annoying.

we also use some ruckus, but usually in small environments with only a few WAPs. one site has 3 units and about 70 wireless devices and its clear that its struggling, they should have another 3 to be honest.

we have been using ubiquiti some, though i dont have experience with it myself. cheap as hell APs, and a software controller that (iirc) is free, so you can just fire it up on a pc or server, make changes, and turn it off. a couple clients have been happy with this, but i dont think there are more than a handful of the units at the sites.

No telling if they have a buggy IOS on that thing...but it's old. It's End of Lifed.

 

[xSauronx]

No telling if they have a buggy IOS on that thing...but it's old. It's End of Lifed.

trying to get it replaced, but...small city government, not really at the top of the priority list since we just ran fiber around town

but i wanted to murder that controller.