Have you ever wondered what other people are using in their enterprise environment? Or what products stand the test of real day-to-day operations, and not just marketing fluff?

This page will be dedicated to help those looking to build/replace various equipment and solutions in their environment. I will post what I'm currently using, my likes/dislikes, and what I would do in the future. For additional context, my environment needs to support a couple thousand devices.

User Access Switches

What I Currently Use: Cisco 2960X-48FPD-L
What I Like: Cisco IOS is well known, tons of features so you can basically do anything you need to. Ansible has documented support for IOS which makes automation easy. Stackable up to 8 switches, and the FPD model provides 740W of PoE budget, which is useful for phones and 802.3at AP's.
What I Dislike: QoS configuration, no multi-gig.
What Would I Use in the Future: For the same cost/feature value, I would stick with the 2960X, but if there is a requirement for multi-gig, I would look at the 3650 or 3850 (which also improves QoS). For a less expensive option, HP's 2930 switches are a great value, especially if you have Aruba wireless with Clearpass.

Distribution/Core Switches

What I Currently Use: Cisco 4500-X
What I Like: Fully featured Cisco IOS, VSS for HA, ISSU upgrades
What I Dislike: 10G only, may need 40G in the future. Check release notes, as some features are not available in VSS mode.
What Would I Use in the Future: I'm happy with the 4500-X features/reliability, but I would try to find an option that has 10/25/40/50/100 support for distribution/core, maybe an Arista 7280R?


What I Currently Use: Ruckus ZD3000 with R710 AP's
What I Like: High performance, AC wave 2 AP's. We did performance and roaming tests vs Meraki and Aruba and Ruckus came out on top.
What I Dislike: Ruckus' future is a bit uncertain with new owners. Cisco and Aruba are the most well-known wireless options so integrations are easier to come by.
What Would I Use in the Future: I would seriously consider Aruba for their tight integration with user access solutions like Clearpass or ISE, and their solid performance (close second to Ruckus). Cisco isn't on my short list because of their confusing story with two different versions of controllers - AireOS vs IOS XE. I've also heard of issues with Cisco and various code versions/feature parity.


What I Currently Use: Palo Alto Networks 3020 & 3060
What I Like: PAN-OS has a great web interface for configuration and troubleshooting. Rock-solid performance, the throughput numbers listed on the data sheets are very accurate if not underrated. App-ID works great, and they deal with zero-day threats very well with Wildfire (60 second updates from their global customer database). They also have all the features you'd want in a next-gen firewall: URL filtering, Threat protection, User-ID with AD integration, IPsec/SSL client VPN, clientless VPN, phishing protection.
What I Dislike: Price
What Would I Use in the Future: If I have the budget, Palo Alto firewalls are at the top of my list. I have also seen interesting things from Forcepoint, and if I need to work with a tight budget, I would go with Fortigate.