Meraki Bells and Whistles
- 
 @Dashrender said in Datto AP60: I stated focused soley on APs, and you branched it to everything Again, like is like the ZFS thing. The AP are a component of the network, but can't be looked at on their own and determine value. If you do, you've thrown away the ability to evaluate them. So bringing them up alone would never have a valid reason, you can't look at them outside of their context. So by mentioning a Meraki AP, you by definition were talking about the Meraki network that they are in. Either... You have Meraki APs in a Meraki network... then you get high cost, low flexibility, and a single pain of glass. Or you have Meraki APs in a non-Meraki network... then you get higher than necessary cost, low flexibility, and lose the single pain of glass. The context is REALLY important, but the Meraki AP loses either way. 
- 
 @scottalanmiller said in Datto AP60: Answer: "No, because it is part of an ecosystem that when taken holistically doesn't make sense altogether, or separately as individual components." If that isn't good enough for you, which is wasn't, and you have to pick apart every possible combination of features, then you need to keep the context straight because you are the one trying to argue that there is value in the Meraki, but haven't shown any. you're right, I probably wouldn't have liked that answer, because I then move on and say if Meraki APs must be used holistically - then why aren't Unifi gear treated the same? They too offer holistic solution. Now if you say - well, even though they have their holistic solution - most of it is shit.. oh, well all of it is shit because their APs suck for - abc reasons.. then fine, that would answer the question. 
- 
 @Dashrender said in Datto AP60: the drill down options for Unifi don't seem a "nice" as they do for Meraki... If you feel this is the case, then the discussion needs to be solely about "I like Meraki's UI better than Unifi's UI". That's a valid discussion. Talking about the physical units as devices is completely not the issue. You are associating the physical boxes that the units ship in as being the manifestation of the GUI. That's simply not the case. That Meraki may have a better GUI for some functions is valid. I'd argue that those are false features and a red herring to any real network. But maybe someone has a valid use case that I can't imagine as to why they'd want edge firewall bridges smattered around their network without central control. But we replace those in the real world with Unifi to get management of features that we need, often related to VoIP quality and reliability, that are simpler. 
- 
 @scottalanmiller said in Datto AP60: @Dashrender said in Datto AP60: @scottalanmiller said in Datto AP60: @Dashrender said in Datto AP60: Because with Meraki - it's a point and click set of changes... Okay but why didn't you say.... "Because with Unifi, it's a point and click set of changes..." Why did you say it about one but not the other when they both do that? Because with Unifi - I have to manage two pieces of equipment to get that info. And we covered this, labeling it one thing in Meraki doesn't change that it is two components. Are you not reading anything I'm writing? Use some duct tape with the Unifi, use a label maker, call it the "Unifi FWAP". Ta da. Two functions in one unit. All solved, kicks Meraki's ass. Done. not all done - because in the interface - you HAVE to manage two devices, not one, like Meraki. 
- 
 @Dashrender said in Datto AP60: you're right, I probably wouldn't have liked that answer, because I then move on and say if Meraki APs must be used holistically - then why aren't Unifi gear treated the same? They too offer holistic solution. Which I had said, actually. I said that what we see are Meraki firewalls getting replaced with Unifi ones to solve technical problems. That's the driving factor. Then things like the APs are replaced to keep a single pain of glass (at lower cost.) Since it is then cheaper to have the single pain of glass than to give it up, the "dumb" devices like the APs get switched. 
- 
 @scottalanmiller said in Datto AP60: @Dashrender said in Datto AP60: you're right, I probably wouldn't have liked that answer, because I then move on and say if Meraki APs must be used holistically - then why aren't Unifi gear treated the same? They too offer holistic solution. Which I had said, actually. I said that what we see are Meraki firewalls getting replaced with Unifi ones to solve technical problems. That's the driving factor. Then things like the APs are replaced to keep a single pain of glass (at lower cost.) Since it is then cheaper to have the single pain of glass than to give it up, the "dumb" devices like the APs get switched. ***** FORK **** 
- 
 @scottalanmiller said in Datto AP60: often related to VoIP quality and reliability, that are simpler. See - now there you go - a reason you're replacing them.. becuase VOIP on them sucks. Thanks. 
- 
 @Dashrender said in Datto AP60: Now if you say - well, even though they have their holistic solution - most of it is shit.. oh, well all of it is shit because their APs suck for - abc reasons.. then fine, that would answer the question. None of the Meraki components suck. They just are less flexible, more risky, and way higher cost than alternatives. They suck relative to the market. But are generally well designed hardware overall. 
- 
 @scottalanmiller said in Datto AP60: @Dashrender said in Datto AP60: you're right, I probably wouldn't have liked that answer, because I then move on and say if Meraki APs must be used holistically - then why aren't Unifi gear treated the same? They too offer holistic solution. Which I had said, actually. I said that what we see are Meraki firewalls getting replaced with Unifi ones to solve technical problems. That's the driving factor. Then things like the APs are replaced to keep a single pain of glass (at lower cost.) Since it is then cheaper to have the single pain of glass than to give it up, the "dumb" devices like the APs get switched. when you said that before, you didn't specify you were replacing the Meraki Firewalls, you simply said - replacing Meraki... so I didn't follow where one lead to the other, but I do now. 
- 
 @Dashrender said in Datto AP60: @scottalanmiller said in Datto AP60: often related to VoIP quality and reliability, that are simpler. See - now there you go - a reason you're replacing them.. becuase VOIP on them sucks. Thanks. It doesn't suck, we just lack flexibility for detailed settings and/or it is so time intensive to do that it's better to replace than to work on. And considering how cheap replacing is, it's under one hour of work difference. That's what people often miss.... If we need to do a task on a Meraki that takes 45 minutes longer than on a Unifi, it's cheaper than the labour to replace the device regardless of the cost difference between Merkai and Unifi. The customer conversation is "We can do this in 2 hours on the Meraki and almost certainly it will work" or "We can do this in one hour on the Unifi and we do this constantly and it always works." When "it always works" is cheaper than "it'll almost certainly work" it's a huge win. 
- 
 @scottalanmiller said in Datto AP60: @Dashrender said in Datto AP60: @scottalanmiller said in Datto AP60: often related to VoIP quality and reliability, that are simpler. See - now there you go - a reason you're replacing them.. becuase VOIP on them sucks. Thanks. It doesn't suck, we just lack flexibility for detailed settings and/or it is so time intensive to do that it's better to replace than to work on. And considering how cheap replacing is, it's under one hour of work difference. That's what people often miss.... If we need to do a task on a Meraki that takes 45 minutes longer than on a Unifi, it's cheaper than the labour to replace the device regardless of the cost difference between Merkai and Unifi. The customer conversation is "We can do this in 2 hours on the Meraki and almost certainly it will work" or "We can do this in one hour on the Unifi and we do this constantly and it always works." When "it always works" is cheaper than "it'll almost certainly work" it's a huge win. /sigh... I'd say that your need to spend 2 hours on Meraki to make (hopefully) VOIP work = sucks when you KNOW you can get it to work on Unifi in 1 hour. plus as you said - getting rid of the high maintenance costs of Meraki... but still, replacing a single Meraki firewall/Switch and say 3 APs still likely going to cost you 4 hours or more of install time, compared to the 2 hours for that single VOIP fix... you're not likely coming out ahead in that single case - but future looking, or am I missing something? 
- 
 @Dashrender said in Datto AP60: plus as you said - getting rid of the high maintenance costs of Meraki... but still, replacing a single Meraki firewall/Switch and say 3 APs still likely going to cost you 4 hours or more of install time, compared to the 2 hours for that single VOIP fix... you're not likely coming out ahead in that single case - but future looking, or am I missing something? You are moving the lines again. First piece: We replace the Meraki firewall to make things work. Whether VPN, VoIP, or whatever. This is done for technical reasons that are easily financially justified. Second piece: Far less important components that are nearly "dumb" (APs, switches) get evaluated as they are unnecessarily costly and break our ability to get a SPoG. Since they cost a fortune to maintain and essentially nothing to replace, replacing them to get a single pane of glass, plus newer gear that is generally higher performance, is a huge slam dunk. 
- 
 Locking to fork. 
- 
 I am wondering if any of you discussing Meraki, Ubiquiti and Datto have used their interface and actually deployed it? It is not just cut and dry. The significant cost savings is obviously there but it is not just about that. I hear there is not Security per AP but there is even on Sophos APs and others is just a matter of cost. However this thread should be forked to its own discussion. 
- 
 @dbeato said in Meraki Bells and Whistles: I am wondering if any of you discussing Meraki, Ubiquiti and Datto have used their interface and actually deployed it? It is not just cut and dry. The significant cost savings is obviously there but it is not just about that. I hear there is not Security per AP but there is even on Sophos APs and others is just a matter of cost. However this thread should be forked to its own discussion. It has been, unless you mean yet another fork? 
- 
 @dbeato said in Meraki Bells and Whistles: I am wondering if any of you discussing Meraki, Ubiquiti and Datto Meraki and Unifi and UBNT all of the time. 
- 
 @scottalanmiller said in Meraki Bells and Whistles: @dbeato said in Meraki Bells and Whistles: I am wondering if any of you discussing Meraki, Ubiquiti and Datto Meraki and Unifi and UBNT all of the time. Well, apparently we're talking about SPoG for Meraki, but not unifi - because no one around here ever talks about using USGs, only ERs. 
- 
 @Dashrender said in Meraki Bells and Whistles: @scottalanmiller said in Meraki Bells and Whistles: @dbeato said in Meraki Bells and Whistles: I am wondering if any of you discussing Meraki, Ubiquiti and Datto Meraki and Unifi and UBNT all of the time. Well, apparently we're talking about SPoG for Meraki, but not unifi - because no one around here ever talks about using USGs, only ERs. We manage probably 90% Unifi. Both are good and have a place, but with SMBs we use Unifi more. 
- 
 Changing to Ubiquiti is something that we've discussed here. We're currently on Meraki for our APs only (checked the firewalls / security appliances but dodged that bullet) 
 Does Ubiquiti do the following? (We're currently using these features and having to retrain the users would be a real PITA)- WPA2 Enterprise tied to Radius based on AD Group membership for company issued / owned laptops
- AD integrated splash sign-on for mobile / byod
- ability to create guest users
- Fully isolated access for the BYOD and Guest SSIDs
 
- 
 @notverypunny said in Meraki Bells and Whistles: Changing to Ubiquiti is something that we've discussed here. We're currently on Meraki for our APs only (checked the firewalls / security appliances but dodged that bullet) 
 Does Ubiquiti do the following? (We're currently using these features and having to retrain the users would be a real PITA)- WPA2 Enterprise tied to Radius based on AD Group membership for company issued / owned laptops
- AD integrated splash sign-on for mobile / byod
- ability to create guest users
- Fully isolated access for the BYOD and Guest SSIDs
 - Yes, it does supports WPA Enterprise. The RADIUS Server needs to be on a Linux or Windows Server. If not AD you can use it from one of the XG firewalls.
- Not for AD but you can do it for the Guest network
- Yes, you can create guest users or give them vouchers
- Guest devices are Isolated to the AP you are on (they can still ping devices on the same AP they are on in their same network).
 




