04-17-2018 04:46 AM - edited 04-17-2018 04:56 AM
Our Meru environment was comprised of 8xMC4200s and AP-320/AP-320i 802.11n Access Points (About 1275 APs) across our university campus. My information is a bit dated as they started to transition to Aruba in 2014 and we were running System Director 6.X. My co-engineers reported a similar situation with "bugs that were resolved also returning in later revisions". They also disabled "Band-Steering" and "Virtual Cell/Port" to improve stability of our controllers and client connectivity. Essentially getting to the point where they needed to disable "special sauce" features. They also reported issues with settings randomly "reverting" for channel/transmit power/gain settings.
Native Cell vs Virtual Cell/Port
- While I was in Help Desk - worked with wireless engineering team and determined that Android/BlackBerry devices did not like the Virtual Cell/Port technology. They worked around it by creating a hidden "isu-mobile" ssid that was to be used if anyone ever came in to the Help Desk. There was some discussions that other clients didn't have this very well in comment discussions - https://www.cwnp.com/making-sense-of-meru-decodes/
- iOS9 also started having problems with the Virtual Cell/Port technology - http://www.edugeek.net/forums/wireless-networks/170780-meru-ios9-issues.html#post1468161
- Eventually the wireless networking team opted to switch to Native Cell entirely for our campus network prior to me joining their team.
- I'm including a recent blog about a bug that was experienced as well as their opinion that they still supported the technolgoy with "proper configuration" -
Note that was 2 major versions ago so I'm unsure if any of that still applies/relevant with Fortinet. Here's some of the things we've done with Aruba.
- Collapsed our 8 Client VLANs (unique to each Meru Controller) into a Single Flat VLAN for our 802.1x SSID - which has worked well for roaming along with "Drop Broadcast and Unknown Multicast".
- Self-Guest Sponsorship and Device IoT Registration (Headless/Non-802.1x Devices) registration through Clearpass for students that want to use their Streaming Media TVs, Rokus, Firesticks, Google Home Minis, Alexas, etc.
- Aruba AirGroup - suppressing/allowing mDNS/SSDP discovery protocols without flooding the network.
- We're also a big fan of the "User Role" firewall policies that ArubaOS utilizies. Starting to look into placing special-purpose machines into their own VLAN based on AD attributes.
A couple settings you may want to check on your Meru Controllers
- 802.1x Network Initiation - A setting that I discovered while troubleshooting the following - "iPod Touch (6 years old) - 2.4GHz Only - Residence Hall (Hallway AP deployment) - Not working in the residence halls. After taking the time to troubleshoot-evaluate the issue - discovered the device stopped passing traffic after roaming - also "Android Devices" would always prompt to "Join our network". I troubleshooted further - there was a setting on that specific meru controller "8021x Network Initiation" - that had either "reverted" to "disabled" or been changed from the other controllers. Once we changed it to "enabled" - the iPod Touch started working well and Android device properly auto-joined the network. Unsure of what other positive affects this had on other devices.
- If you're not using it, make sure multicast is disabled. This was a setting I discovered had become re-enabled on our meru controllers and signficantly degraded the wireless in 3 lecture halls. It occured during the beginning of our Aruba re-design and the issue was masked by the fact the these lecture halls either had one AP covering 200 - 500 seats and increase in client density - high channel utilization,etc (naturally there's going to be a problem). But when I saw a twitter post (screen shot of a ticket) had been put in - I took additional time to look into the issue since the student had taken time to put in the ticket - sure enough - found this second problem. Once we corrected the issue - channel utilization decreased - and we saw an additional 2,000 client devices! This is one of the big reasons why when Meru is mentioned to be "awful/terrible" by co-engineers, I'm quick to comment when we isolated this issue - it work decently (minus the band-steering and virtual cell/port technology that were advertised). Also, this another big example on why I take the time to evaluate the variables in our environment instead of jumping to "it's a client device issue" - mostly due to my background as a Help Desk Analyst.
Tha'ts not to say they didn't have some other stability issues. There was a time where the Meru Controllers crashed every 4 weeks and they had to periodically reboot them. Dual-Uplinks - Port-Channel didn't behave correctly so we had limited redundancy if the distribution uplink failed. There was also some compatibility issues with their chassis. That's all historical information before I joined the wireless team though.
Hope that helps you a bit.
Wireless Network Engineer
Re: Anyone Moved from Meru/Fortinet to Aruba?
Re: Anyone Moved from Meru/Fortinet to Aruba?
04-17-2018 05:04 AM
Really great information and you mentioned some of the issues we keep having where settings just randomly change. The last blog you linked to was actuall the person that did our original install.
We did a test last night by changing one school completely over to native cell and using their ARRP (similar to Aruba's ARM I think). We also turned on band steering and set everything back to the defaults. We're going to see how it goes over the next couple of days.