Another Cisco Rant

For most of the time I have been a Network Admin, our campus has been shifting from an HP to Cisco wired infrastructure and has always had a Cisco wireless solution. In general, I have been satisfied with Cisco hardware and with TAC support, but I have been getting more and more disgruntled with Cisco as a company.

I have always felt that Cisco wireless licensing is a rip-off. For example, we use Cisco 5508 wireless controllers which run a bit over $16,000 each or about $64,000 for our two HA pairs. Lightweight AP’s cost between $350 and $2500 each with the most common units coming in at around $900. This pricing seems to be more or less in line with similar hardware, but it irks me to no end that a $900 AP doesn’t come with permission to use it. Instead, we are saddled with an additional $300 per device for permanent licenses. What do I get for my $300? Permission to use the hardware I just bought. I found this even more irksome when we retrofitted a residence hall with Cisco 702W AP’s since the AP only cost $50 more than the license. I know that this is a typical model in the industry, and if this were the only rub I would let it go but Cisco seems to be moving toward more and more “valueless” product.

Despite feeling taken advantage of by Cisco licensing, I probably would not feel the need for this rant if it weren’t for a single product, Cisco Identity Services Engine or ISE. Some people seem to like this system, but I have also seen it described as “a flaming dumpster,” so apparently I am not alone in my frustration.

Back in the old days, we only had a few AP’s and used MAC filtering for staff accounts and a custom solution for authenticating students. It was not sophisticated, but it always worked. As we grew, the old solutions began showing their age and we decided we should buy a mainstream solution. We purchased two “virtual appliances” for about $30,000 (for a base license) and $10,000 worth of consulting time over a 6-month period to build a proof of concept. It took another year and a half and even more consulting time to get ISE into production, but when we were done we had a bright and shiny 802.1x authentication and authorization system and a manageable guest portal.

Unfortunately, ISE is neither bright nor shiny. In fact, my experience with ISE is that it is fragile and temperamental. The first two upgrades (done with TAC on the line) actually broke the system so badly that the VM’s had to be rebuilt from the ground up. The next upgrade created problems that required a one and a half month TAC to solve. Currently, the nodes refuse to sync and break completely if I attempt a manual sync. This wouldn’t be so bad if the Primary did not insist on routing every request through the ailing node. At this point, frustration is so high that we will probably abandon Cisco as a wireless provider when the current hardware reaches end-of-life and we are trying to abandon ISE before I reach the end of my rope.

Speaking of end-of-life (EOL), Cisco offers a limited lifetime warranty on its products. It’s not a particularly great warranty since “lifetime” means till Cisco decides they don’t want to support it, but still Cisco stands behind their product — or do they. Cisco assumes that everyone will want to buy SmartNet which, among other things, includes overnight replacement of defective equipment. We carry SmartNet on quite a lot of our gear, but not on items that we use in quantity since we always have spares around and never really need TAC for them.

Since these are “under warranty” it should just be a matter of contacting Cisco, returning the defective part and waiting for standard shipping on the item. Well, I have never been able to find anyone at Cisco that even knows how to process the RMA if you don’t have SmartNet. The first item I ever had to have replaced sans SmartNet was a 702W. After a few fruitless phone calls, I handed the matter over to our Cisco rep and he managed to get me a replacement in only two months. That rep has moved on and we no longer have that level of service, so the next return (a stack module for a 2960) was routed through our VAR. After two months they became so frustrated that they just bought me a replacement. In contrast, I still have some ancient HP switches and I can get replacements overnight with a phone call under their lifetime warranty.

Will we continue with Cisco? Maybe, but it will be because of people that represent the product line not because Cisco is a great company. For all of the innovation that has come out of Cisco, it seems to me that they are losing their edge and that they have begun to focus on ways to extract more money from my pocket instead of creating equipment that makes me want to volunteer that money. In short, Cisco needs to pull its collective head out of its rear and remember who actually pays their bills.

Leave a Reply

Your email address will not be published. Required fields are marked *

19 + twelve =