2018-02-26 10:03:00 UTC

Compare Aruba Wireless and Cisco Meraki Wireless LAN. How Do I Choose?


One of the most popular comparisons on IT Central Station is Aruba Wireless vs Cisco Meraki Wireless LAN.

People like you are trying to decide which one is best for their company. Can you help them out?

Which of these two solutions would you recommend for Wireless LAN? Why?

Thanks for helping your peers make the best decision!

--Rhea

Guest
3232 Answers
author avatar
TOP 5LEADERBOARDConsultant

We are authorised to sell both Aruba and Meraki.
Being a consultant myself, I give a honest comparison of both the products and let the customers take a well informed decision based on their priorities.

Meraki
-------
PROS

+ Pure play Cloud controller.
+ Easy to deploy and configure
+ Easy to manage geographically distributed locations with single Dashboard
+ Simpler learning curve with a very simple GUI
+ Supports most standard business needs w.r.t WiFi viz PSK, 802.1x, Guest WiFi, Presence Analytics, heatmapping, Basic L7awareness etc

+ Single Dashboard for configuring and managing Access switches, MX firewall and IP cameras.

Cons

- YoY mandatory subscription ( which includes support BTW )

- Limited interms of Advanced features like Roles based Dynamic Vlans, Device profiling, RF related features, BLE Beacons etc.

- No On Prem OR Virtual Controller architecture. Some Financial companies are concerned about having Mgmt on Cloud. They prefer everything OnPrem

Suitable for
Businesses with distributed small branches/locations like Retail outlets, Food chains,
Enterprises with simpler use cases.
Business that prefer fully cloud management with small IT teams, that manage global/ geographically distributed stores/branches.
Specially advantageous if end-end Meraki is deployed for each branch viz, FIrewall, Switch, WiFi , Camera ( optional)

Aruba
------

+ Supports 3 Architectures
Virtual Controller ( Everyone loves this ! )
On Prem Controller
Cloud- Controller ( Aruba Central )

+ Fairly simple to deploy with friendly GUI. A Cisco only engineer may require basic training.

+ If deployed as On Prem - Virtual controller or Hardware controller, then Cloud based dashboard can be achieved through Aruba Airwave deployed on cloud.

If Aruba Central Controller is deployed, then its cloud management is right out of the box.

+ Supports all advanced Enterprise features right out of box, without additional licensing. Suitable for all Enterprises of all sizes.

+ Has a tight integration with Aruba ClearPass, which is industry leading NAC solution. However, Aruba ClearPass can be beautifully integrated multi-vendor environment including Meraki and traditional Cisco Aironet.

+ Has tight Integration with HPE Aruba Switches. Features like Zero touch AP deployment, Rogue AP detection can be configured on switching to ease large WiFi deployment and operations.

+ Provides easy scalability or migration with no subscription Lockins

+ Has Inbuilt Bluetooth Beacons for Location based services like In-door navigation, Proximity awareness, Proximity based notifications, Asset tracking

Cons
------

- Although Airwave/ Central can manage the Aruba Switches, its not as advanced/detailed as Meraki controlled switches.

- Like Meraki MX firewalls, Aruba doesn't have WAN solution yet like a firewall/router. From what I know, there is a SD-WAN box in the roadmap.

- Involves a bit learning curve for a Cisco only IT teams. However I personally ( from Cisco background) had no challenge getting used to the Aruba GUI.

Suitable for
Most Enterprises and other verticals with complex use cases
Business with Guest WiFi, User Analytics , Proximity marketing etc
Enterprises for value added services over WiFi infra like Asset tracking, Indoor Navigation etc

Hope it helps .. Cheers !
Akshay
https://www.airowire.com

2018-03-01 05:08:30 UTC
author avatar
Real User

I see it like cars. The one person like a BMW the next a Mercedes Benz. Both will take you from a to b. Both the two systems work well. I prefer Cisco because I am a Cisco advocate. That is not to say it is better. Also sometimes people tend to stick to what they know. Bottom line is both are good and both work well.

2018-03-04 05:34:08 UTC
author avatar
TOP 20LEADERBOARDReal User

Confidentiality Integrity and Availability

Or just CIA are the basic elements of security. How secure is your WLAN Infrastructure. Can you clone an AP (exposing AP's integrity), can you sniff on WLAN encrypted traffic (exposing client traffic confidentiality), or do you need a maintainance window to upgrade or a faliover time in case a controller failure (reducing WLAN availability). Let's find out why Aruba WLAN Infrastructure is more secure than Cisco

Access Point integrity

Every Aruba device like Controller or Access Point has a TPM (Trusted Platform Module). A TPM provides several advantages when it comes to an Access Point. One of them is to ensure AP integrity, such that no one can clone or tamper with the AP.

Every AP is equipped with a factory-installed X.509 certificate. The common name (CN) of this certificate is the LAN MAC address and serial number of the AP. The private key of this certificate is installed on the TPM module. The TPM prohibits any malicious activity to extract the private key. Vendors that don’t have a TPM module like Cisco install the private key along with the factory certificate in the flash memory.

Why is having a TPM important?

The controller needs to identify the AP as a legitimate one before pushing the configuration onto it. Aruba does that by whitelisting AP’s MAC on the controller. The controller is sure that AP with MAC address X is the one who is claimed to be because the CN of the certificate is the MAC address. Then session keys are exchanged and a secure communication path for the control plane between AP and Controller is established. The configuration can now be pushed.

However the story looks a bit different for Cisco that has the certificate private key stored in flash. The key can be extracted if someone has physical access to the AP (APs are usually placed in unsecured areas), which has also been demonstrated. Now a malicious user can obtain the configuration which contains information like Radius shared secrets, PSK passphrases and more as we will see later.

Client Traffic Security

The client WLAN traffic by Aruba is encrypted and decrypted on the controller. The AP will in no point of time come in touch with clear text client traffic. Exposing the AP to Clear-Text client traffic adds an additional risk by opening a door to Man-in-the-Middle attacks. Aruba provides end-end traffic encryption.

Cisco does encrypt and decrypt WLAN traffic on the AP. The client traffic is then encrypted again in a proprietary protocol before it is sent to the controller. The AP comes in touch with Clear-Text client traffic. More tragically, if a malicious user exposes AP Integrity (cloning the AP for instance) as described before, the whole WLAN security is jeopardized. When Fast Roaming is configured, the PMK (Pairwise Master Key which is the key from which the WPA2 keys are derived) are pre-placed on the APs. If one can clone the AP that is authorized for a given network, one can then passively collect WPA2 keys for the entire network.

Traffic Isolation

In some scenarios the managed AP has to broadcast an SSID, but the traffic of this SSID is to be completely isolated from other traffic. Two use cases:

Use Case 1: Guest Traffic needs to terminate to a controller in a DMZ and should not come in contact with the controller or any other device in the internal network.
Use Case 2: An external organization (or internal division) needs to broadcast its SSID on my own APs. The traffic from this SSID should terminate directly to their controller.

Aruba introduced a feature called MultiZone. It allows IT organizations to have multiple and separate secure networks while using the same Access Point. With MultiZone enabled, one AP can terminate to up to 5 different controllers or zones (under different management domains). The controller managing the AP is called the Primary Zone. Controllers on which the AP only terminates client traffic is called Data Zone. The data is encrypted from the client to the controller. When the data is flowing through the AP it is still encrypted. This means the networks are completely separate and secure even though the traffic runs through the same AP.

mz.png

For the uses cases before:

Use Case 1: A separate controller is placed in the DMZ (Data Zone). The Guest SSID broadcasted on the AP is tunneled back to this controller and not to the Primary Zone controller.
Use Case 2: The administrator allows the external organization to broadcast their SSID on his own AP. They act as a Data Zone, the traffic from their SSID is directly terminated to their controller.
Cisco does not have a feature similar to MultiZone.

Availability

Compared to Cisco, Aruba enhances WLAN availability by providing: Ture Clustering, Live Upgrades and Loadable Service Modules.

True Clustering

Aruba provides true clustering. Controllers in a cluster (up to 12 controllers) have the client high-value sessions synchronized among them. Hi-value sessions are like FTP, SSH VoIP …, HTTP Sessions on the other hand are not high-value, reestablishing a HTTP session will have almost no impact. In a case of a controller failure, clients who were managed on the failed controller are moved to another controller and because their session table is already synced, the client applications will not notice. In other words if a client is having a VoIP call on WLAN and the controller on which the client traffic was terminated fails, the client traffic will terminate to another cluster member. The VoIP call will continue, the client will not notice any interruption.

Live Upgrade

Usually when updating the firmware of the controller a maintenance window has to be found and WLAN is not available (or with limited functionality) during this time.

Aruba can upgrade clusters without the need for a maintenance window. This is done as following:

One Cluster member is freed from APs, these APs are moved to other cluster members.
This controller is upgraded to the newest firmware.
Some APs at a time are freed from clients. These clients are transferred to adjacent APs without affecting their sessions.
The freed APs are upgraded and moved to the already upgraded cluster member(s).
This process is repeated until all APs and controller are upgraded.
During the upgrade process clients will face minimal RF impact and client disruptions.

Loadable Service Modules

LSM feature allows customers to individually upgrade supported applications/service modules at the run-time without requiring an upgrade of the whole system or reboot. Such services that can be upgraded during run time are:

AppRF: for application detection
Airmatch: the process to assign the best channel, power and channel width for the AP
WebCC: Web Categorization, the process of categorizing web pages.

Last word: Security Certification

Aruba and Cisco are equivalent from a WLAN security certification standpoint. However, the Aruba controller is a Common Criteria accredited firewall and VPN gateway, which Cisco's controller is not. That is a key reason why in high security networks, Aruba is approved to support guest + internal Wi-Fi access on the same equipment, because it has an accredited firewall that keeps those two network separate. Cisco has to rely on VLAN separation with an external firewall, which is not as secure.

2018-03-01 12:12:24 UTC
author avatar
Real User

Both have their merits. Aruba has taken the brand of all the hp procure hardware. Excellent Customer service. I liked Meraki when they were just Meraki. Cisco has given them autonomy in development and products mix. They are simple as is Aruba is to configure. As another responder indicated its a license world now. Everyone wants a piece of the monthly operational pie. The dashboard is easy to understand and configure but so is everyone else. It sometime comes down to who is going to support it how easy is it to deploy and manage and what are the operational costs. Honestly I prefer Ruckus :-) unleashed is free (zone director is built into it). Also as enterprises have embraced mobil look down the road a bit 3-5 years you may see enterprise wireless also include cellular microcell boosters.

You could to a POC between the 2 and see who wins based on your criteria for what your requirements are. Don't loose focus on what you are working to accomplish.

Hopefully that help and does not muddy the waters.

2018-03-01 03:59:51 UTC
author avatar
Reseller

Aruba’s instant APs with Central for cloud based management compares well with Meraki. However, Meraki does not scale well. Check how many APs you require and if this requires setting up multiple clusters, with the necessary extra management overlay. Aruba scales much better in that regard. Also, you can start with cloud based but change to a controller model if the need arises without the need to change the APs. Meraki would require a rip and replace.

2018-05-02 22:33:52 UTC
author avatar
Consultant

I would personally recommend Aruba for a medium/large company but for a single small site Meraki is equally good. The cloud-based implementation of Meraki is very easy to deploy.

2018-03-15 12:13:55 UTC
author avatar
User

I think these are two completely different deployment and purchasing models:

1) Meraki requires an annual subscription to continue to manage and update the system.

2) Aruba can be purchased and owned and used as long as it lasts without any subscriptions (although cloud-based management may be an option that requires a subscription).

For a small deployment with limited IT staff perhaps renting a solution like Meraki would be a very good fit. However for organizations that can't predict what the budget will be for the future a solution like Aruba provides true network ownership and a great return on the investment.

Finally, the quality of the network should be a major consideration. Aruba is one of the best wireless networks available with ratings and a track record that speaks for itself.

2018-03-15 12:11:32 UTC
author avatar
Vendor

MERAKI is the best choice!

It's always available ==> Because Meraki is a cloud-managed platform, you can access your network even when you aren't at the office.

Meraki takes suggestions seriously ==> Simply put, Meraki support can't be beaten.

The system offers better security ==> Security is a top priority for almost any business. If you're using a cloud network, you need to ensure all communications are secure. With Meraki, any and all traffic to and from the main interface is sent through an encrypted layer for added security.

2018-03-01 13:51:47 UTC
author avatar
TOP 20Real User

Aruba is a brand of rum. You probably need some right now - but wait. Cisco Meraki is a typical Cisco product. I like Cisco but with Meraki they lock you in and your costs over 5 or 6 years (or more) may be excessive.
Back to Aruba -- yes, I've used it and was happy for a long while and I would buy them again.
Before making the decision, I would like to see into the future....5G integration and WPA3 as well as anything that improves client security on wireless.

2018-03-01 04:57:33 UTC
author avatar
User

Cisco Meraki is only a cloud management solution. It does not need an IT resource. This is the solution if you need to have wifi or hotspot across the world like shop.

With Aruba, you can manage the AP in a different way:
- Cloud-like Meraki with Aruba central or on-premise with Aruba Airwave
- Virtual controller (one of AP in same layer 2 networks have a role of controllers)
- With a controller (designed for campus site), increase density, have a lot of options like IPsec traffic encapsulation to encapsulate traffic between your AP and the controller.

If Meraki decides to doesn't support your AP later, you can put your AP in the trash. With Aruba, you can choose the best management solution and change when you want.

2018-02-28 19:30:00 UTC
author avatar
User

Cisco Meraki and Aruba has similar capabilities, For choosing one or the other, one must ask, the type of environment or functionalities needed, the number of users that the Wireless LAN will be serving? The security level that it will be needed?.
If we are talking only about Wireless access, with access control via 802.1x and or Radius both are very competitive, but if advance services are needed, like Access control via AD integration, a Captive portal login to differentiate Enterprise employees with asset control and Guest access. with dynamic VLAN assignment, Security policies applied by differentiating the type of device (PC, MAC, iPhone, Android base Phone, OS version, etc), I believe that Aruba is better, of course the cost will rise because additional equipment will be needed. (Clearpass), but if you need it, is a great addition, that was developed with support to standards and multivendor so it can populate security poles to different vendors hardware like Switches, and firewalls present on the Network. And finally I totally suscribe with the concern point previously expressed by other comments that if you fail to pay Meraki´s anual mandatory license. The service will stop working.

2018-02-28 15:58:02 UTC
author avatar
User

I second that statement. Meraki is a closed end sale. This means if you don't renew the subscription things stop working. It also means if a newer better platform comes outs you can't migrate without replacing everything. Aruba has a much broader functional base of offerings with Central, AirWave, ClearPass to name a few. It is an Enterprise solution to be sure.

2018-02-28 13:39:32 UTC
author avatar
User

I would choose Aruba any day because of the following:
Licensing: Meraki stops working without mandatory license, Aruba do not have mandatory license and will work.
Management: Aruba works from CLI/WebUI and OnPrem. Meraki only have cloud.
Integration: Aruba works seamlessly with 3rd party whereas Meraki do not have 3rd party integration at all (not even Cisco OnPrem equipment)
Security: Aruba has FS certificate which Meraki do not.
Basically Meraki follows the policy of binding users to expensive licensing contracts on a closed roadmap which only at best supports it's own product line (Cisco)

2018-02-28 13:17:27 UTC
author avatar
TOP 5Consultant

First of all; you may choose the right model of AP from Meraki and Aruba which are almost the same capacity and performance because if choose wrong model will give you huge difference in either brand. Secondly; you compare each datasheet may get difference.

1) The big issue is no of concurrent session in AP. Nos of associated client devices per AP. Someone has 250; 512; 768 etc.
2) Then check No of spatial stream ( 2 or 3 or 4)
3) MIMU capacity>>Example
Dual radio: 5 GHz 802.11ac 4x4:4 MU-MIMO and 2.4 GHz 802.11n 2x2:2 MIMO
Tri radio: dual 5 GHz 802.11ac 4x4:4 MU-MIMO and 2.4 GHz 802.11n 4x4:4 MIMO
4) total No of SSID ( 8; 16; etc.)
5) PoE capacity and Antenna Gain capacity
6) Meraki and Aruba both has Software controller. Meraki is based on Cloud and Aruba has on-premises Software (ClearPass Policy Manager) and its one of the best identity based NAC ( Access, Onboard and Guest) system which is light weight and it has strong WLAN expendable capacity based on license.

For enterprise network; based on performance; capacity, coverage; durability , manageability; Support service and future expendable capacity; I would suggest Aruba other than Meraki but both are costly.
If you want to reduce the budget and not compromise with above quality; you may choose Alcatel-Lucent OmniAccess Stellar AP1230 Series too.

2018-12-24 16:02:10 UTC
author avatar
User

Yes, I can. I am currently deploying an HPE Aruba Solution for Delta Air Lines which was selected over Cisco Meraki.

2018-03-15 12:10:15 UTC
author avatar
User

Thanks for touching base on this. I wish I had something to offer in respect to helping with this. But quite honestly, I wouldn’t recommend either. We would pick Ruckus Wireless (https://www.itcentralstation.com/products/ruckus-wireless?tid=il-q) over any other technology given the choice. Primarily for performance and value based on that. Again, thanks for reaching out!

2018-03-08 18:04:59 UTC
author avatar
User

My answer is simple...
The both AP is same strong AP for brand market or Quality.
but that's AP each have deference function scenario, in our knowledge for Aruba AP better used for on-premise scenario and for Meraki strong for implement on Cloud Scenario.

you can choose depending on your requirement scenario.

2018-03-01 07:19:14 UTC
author avatar
User

Which brand doesn’t matter here. Most important is to select the right model and a highly skilled partner to do the design and implementation

2018-03-01 07:12:31 UTC
author avatar
Real User

From my experience, I recommended Aruba brand. It has been working for 4 years without any problems.

2018-03-01 06:15:59 UTC
author avatar
User

Since you asked which is better for your company we will suggest to you how we validate the best fit requirement for our customers as per the below priority list

1. User density

2. Higher Throughput

3. Security

4. Integration

5. Cost

6. Compliance

So it is up to you how you prioritize it.

2018-03-01 05:35:20 UTC
author avatar
User

You really need to define what you want to deliver the WIFI Solution before you can receive the best advice. There are so many WIFI solutions within the market, most will work for office company environment, we use Unifi and supports 320 users, and have more than 450 devices active daily.
Controller-based/ Non-Controller based, AC or not AC..

2018-03-01 05:30:35 UTC
author avatar
User

Hi Team,

I haven’t experienced Aruba Wireless Solutions as yet. Instead I have experience in working on Cisco, Ruckus & Extreme Wireless Solutions.

Well it all depends on the user. If you want to use the wireless setup for internet, emails & social media and authentication like dot1x, then I would suggest you go with Ruckus or extreme solutions.

The other hand if you are looking for critical users like telemetry, POCT and other healthcare solutions I would suggest you go with Cisco. Because Cisco has a better roadmap for their wireless solutions then other products.

It’s very simple – for internet/email access or social media I would not invest a lot more money. But when I talk about healthcare environment, I would definitely spend $$$ and Cisco is worth spending money because of their wide range support for different client types, their technically trained support and durability.

Regards,
Shoaib Farooq

2018-03-01 04:59:46 UTC
author avatar
User

Wirh Aruba you use the same Access points in: Stand alone Solution (Instant), with Controller Solution or cloud Solutions. The performance and stability is excellent

2018-03-01 03:56:53 UTC
author avatar
User

Personally, I recommend Cisco Meraki over HPE Aruba.

Why? My answer to that question with another question. Which one is a networking company and the largest?

Actually, the decision depends on whether the client wants to manage or totally outsource his or her WiFi to the Cloud.

In any case, I still prefer Meraki due to its MIT root & a Cisco company now. I’m pretty sure Meraki has more Cloud controlled APs than Aruba.

2018-03-01 02:32:44 UTC
author avatar
Real User

I have the Aruba kit. In our environment it is a great solution. I have over 2000 BYODevices and 13 subnets . Aruba tunnels all the traffic though to the wireless controller so I can just plug another configured Access Point in to any switch and it will work.s.

I often have more than 60 devices connected to one access point and they all seem to work well. I have had no issues with any access points and have had some for close to 5 years.

If you add in an AirWave server you can use the data gathers to tune the network.. You can have RF Maps , track clients over time etc.

2018-03-01 01:22:52 UTC
author avatar
User

Besides all the great comments here, another thing to consider is administrative flexibility and a holistic view from a pros and cons stand point. Aruba’s line of products is robust, enterprise ready and tried not only from a security perspective but also scalability. That said, On the I cannot endorse them for ease of management in comparison to Miraki.

2018-02-28 22:51:07 UTC
author avatar
User

From a device/user analytics perspective, Meraki delivers the essentials out of the box. Last i checked Aruba required a 3rd party platform to see your own data. Don't run across too much Aruba in retail.

2018-02-28 21:03:47 UTC
author avatar
User

In addition, Meraki has poor radio management because it is designed for a small site.

2018-02-28 19:32:56 UTC
author avatar
User

I work for Dell EMC and my bias would be to consider Dell EMC Aerohive and Dell EMC Ruckus Wireless.

Since the question is not what I am biased towards, between Aruba and Meraki, I would pick Aruba as they gained market share purely on their wireless product portfolio strength. Meraki came to prominence when Cisco acquired them.

2018-02-28 16:57:20 UTC
author avatar
TOP 10Real User
2018-02-28 16:08:52 UTC
author avatar
TOP 10Real User

Honestly, I don't like either and I have had experience with both (Cisco & Aruba). We went with Aerohive Networks which was controller-less from the get-go and managed either in the cloud or on premises if that is what is desired. They are cheaper and easier to deploy and we are happy with the product as it offers a lot of flexibility.

2018-02-28 16:06:58 UTC
author avatar
TOP 20Real User

Cisco for companies that are Cisco houses and Aruba for all the rest. It is a matter of training and familiarity. Aruba is a better product but only marginally so. Its advantages do not out weight the the training and familiarity benefits of a Cisco if your company is a Cisco house. Also licensing of Cisco products is not a shock to a Cisco house as they are already dealing with that issue and will be able to budget for it.

2018-02-28 14:52:44 UTC
Find out what your peers are saying about Aruba Wireless vs. Cisco Meraki Wireless LAN and other solutions. Updated: November 2019.
382,196 professionals have used our research since 2012.
Sign Up with Email