Compare other vendors to Cisco for me

[Danimal1209]

So, I want to know a little bit about the other vendors that are out there. In school we have been using all Cisco devices. I have CCNA level knowledge, so compare the other vendors with this knowledge level for me.

Is any other vendor easier to use? Harder?
More tamperproof? provide better security?

 

[AFurryReptile]

See this thread.

Every vendor has its pros and cons, but few are just "bad".

 

[Comblues]

Cisco: The Network Works, No Excuses!

Others: ?

Nuff Said...

Now the truth is some vendors like Adtran or Foundry and a few others I've worked with have a nearly identical CLI.

Some like Juniper have a different CLI.

Others use a GUI.

Some are easier to manage in some respects.

Overall Cisco has an intelligent and CLI that can be used to do mostly anything that needs to be done.

I'm a fan of Cisco and I am paid well to be so.

Alternatively I have been approached by , Citrix, Foundry, Brocade, Dell, and others based on my Cisco credentials and experience with Cisco Technologies.

Cisco has never reciprocated and asked me to know even one of the others...



Hmm...

 

[SecurityTheatre]

Cisco: The Network Works, No Excuses!

Others: ?

To be fair, Cisco routers are the industry standard.

However, Cisco firewalls, IPS, wireless and a few other technologies they sell are just mostly poo. I mean, they work, but features are limited and management is a headache, etc, etc.

 

[ScottMac]

The short version of my usual response is: In nearly every category of equipment, Cisco is not the best; it can typically be outperformed, out-GUI'd, out-customer-serviced ...

Where Cisco is "the best" is that they are, with rare exception, "good enough" in all the equipment categories (often very goo to excellent), they have (literally) around-the-world Tech Support (in the group I came from you could get a "badge" by going around the world with Cisco handling a chronic event being handed off from this center to the next following the sun).

Having everything Cisco (or other vendor) lets you use a single management platform, with well-defined management interfaces ... you can manage the Enterprise from one (set of) platform ... not several platforms, running different software ... which means you personnel have to become "experts" on many platforms instead of one, and you only have to track & patch one platform on one operating system.

The nutshell is that Cisco does it all, albeit not necessarily the fastest, bestest, most efficient way, so your people only have to concentrate on doing things following one methodology, with one usually similar CLI or GUI. It permits for much easier budgeting, and predictable support costs.

 

[pcunite]

MikroTik is making gains ...

 

[Comblues]

Ouch! Commentary is fair regarding Cisco.

I've seen some Miercom Reports where Cisco may be out-performed in some categories, however, Cisco also performs decently when fully laden using a plethora of technologies like IPSec VPNs, QoS, etc.

I once worked for the U.S. Navy and had the experience of working around the Russian Navy.

The reports said that their Navy was as fast as the U.S. Fleet in most categories and had similar capabilities in most respects...

That was what most reports stated.

When examined closely the Russian Ships were made from an inferior metal and did not have the water-tight integrity required to survive attacks by modern weapons of war.

So... They looked good and in some cases better.

However, when the rubber met the road the U.S. Fleet was empirically superior and I believe would have a better chance to both survive and deliver damage resulting in very effective Naval warfare.

Others versus Cisco kind of reminds me of this same scenario.

Some vendors are strong performers - what are you trying to do and what products are we speaking of in particular - that would help us all out a bit.

The last time I spent some $30 million or so... I bought Cisco.

Some folks are ABC - "Anything But Cisco".

I'm convinced I prefer Cisco even though I do buy and use products like F5 for Load Balancers versus Cisco's ACE Load Balancer for example. In this case for pure throughput I'd prefer Cisco's ACE on a Cisco 6500 Switch due to the backplane, in cases where I may not require the advanced capabilities of the F5 product line.





Comblues

 

[Comblues]

MikroTik is making gains ...

It's been a while, but Cisco acquired a couple of the older MicroTik products and their products were still supported by Cisco for their Operating Systems for a while thereafter.

 

[m1ldslide1]

So, I want to know a little bit about the other vendors that are out there. In school we have been using all Cisco devices. I have CCNA level knowledge, so compare the other vendors with this knowledge level for me.

Is any other vendor easier to use? Harder?
More tamperproof? provide better security?

It's been four days and no maniacal cisco-bashing yet? Everyone must be on vacation.

Here's my $.02 to the OP:

Q: Is any other vendor easier to use? Harder?
A: In which respect do you mean? I will assume configuration for the time being. That is subjective - for instance Junos is very nice to use once you get the commands down - but if you have to learn how to configure every feature and protocol from scratch with Juniper, does it still qualify as "easy"? What about in a doing QoS or PIM in a mixed-vendor environment, is it still easy? Etc etc. Pretty much all serious vendors are going to have reasonably easy ways to configure all of the common features and protocols. If you can read the documentation and apply it to your use case, you will be in good shape for most all of them. But like I mentioned above, when you get into more sophisticated and exotic cases, you may not have the same luck with all vendors. Also keep in mind that Cisco has thousands of products, so while routers and switches are one thing, wireless / security / UC / UCS / storage / acceleration / etc etc etc could be an entirely different thing depending on your environment and experience.

Q: More tamperproof? provide better security?
A: I believe that the majority of enterprise and SP class vendors will be similar in this space. Perhaps not in the mid 90's, but everything is pretty damn secure now and there is little differentiation.


I'm going to take the liberty of reading between the lines a little - and if you are looking for relevant experience to get started in the industry, going with cisco is probably the easiest way to get in the door. If you have a CCNA (not just "ccna-level knowledge") then you have a good shot at getting an interview, even if the business doesn't exclusively use Cisco gear. The thinking is that if you can learn the Cisco stuff, you can surely learn the other stuff if necessary. However while going for a Juniper certification is gravy for the resume, a lot of people won't know what to make of it and your mileage may vary for job application purposes.

 

[sactwnguy]

Im sorry but the Cisco ACE load balancers were trash, and I say were because Cisco has pretty much killed them and for good reason. The only thing they were good for was throughput. The ACE 20's had a nice little hardware bug that could not be patched that would cause them to reboot every 4 to 6 months and lose random parts of the configuration, Cisco's response was we will sell you some nice ace 30's at discount. The ACE configuration was also convoluted and hard to maintain with hundreds of vips across multiple contexts. It was so bad I wrote scripts to parse the configuration into an easier format to read for migrating off of them. I would go F5 or Citrix any day over Cisco in the load balance arena.

As for which vendor to choose I always look for best in class of established manufactures that fits my budget. Cisco does a lot of thing well but has been slipping in a lot of areas. Unless your director follows the "no one ever got fired for buying cisco" mantra you should always research to find which product fits your needs at that point in time, what was best two years ago may no longer be relevant.

 

[Cooky]

Cisco ACE may not have been a good fit for you & your shop, but all three pairs of our ACE20 have been great in our environment.
I know the hardware bug you mentioned, and it's indeed very aggravating that there's nothing anyone can do about it, but it can happen to any vendor, and not just Cisco.

The fact that ACE uses the same MQC structure that's used on routers makes it extremely easy for training & management.
Took me less than 30 min to teach a new guy, who's never worked on ACE before.
Once again, this works for us, but probably not for you, or those who have a different requirement & environment.

I do agree though, that we'll probably go w/ either F5, or Citrix when it's time to replace our ACE20.

If you have a need to support the kind of applications that require the best in every category, then you have to go w/ the best.
Who doesn't want a network that performs at the highest level?
However, it comes w/ a price - multiple vendors, contracts, support organizations & flows, extra training, etc.

I'm well aware that some of Cisco's stuff either under-performs, or are just ridiculous...we've yelled at our account teams & BU's on numerous occasions.
However, for us, having 90% of stuff on Cisco makes sense - one vendor to deal with, one number to call for support, and you just go to one event (Networkers/Cisco Live), and you get to take training in whatever technology that interests you.

Also, if your budget allows it, you can sign up for Advanced Service's NOS, which has all sorts of benefits that are very difficult to get when you have 10 different vendors on your network.

 

[RadiclDreamer]

To be fair, Cisco routers are the industry standard.

However, Cisco firewalls, IPS, wireless and a few other technologies they sell are just mostly poo. I mean, they work, but features are limited and management is a headache, etc, etc.

I tend to think the ASA line are actually really good products, some people blast them for not providing things like content filter and the like, but thats not what they are, they are FIREWALLS and they firewall very well.

 

[blastingcap]

I'm a fan of Cisco and I am paid well to be so.

Hmm...

Thanks for your honesty.

 

[Comblues]

It's been four days and no maniacal cisco-bashing yet? Everyone must be on vacation.

Here's my $.02 to the OP:

Q: Is any other vendor easier to use? Harder?
A: In which respect do you mean? I will assume configuration for the time being. That is subjective - for instance Junos is very nice to use once you get the commands down - but if you have to learn how to configure every feature and protocol from scratch with Juniper, does it still qualify as "easy"? What about in a doing QoS or PIM in a mixed-vendor environment, is it still easy? Etc etc. Pretty much all serious vendors are going to have reasonably easy ways to configure all of the common features and protocols. If you can read the documentation and apply it to your use case, you will be in good shape for most all of them. But like I mentioned above, when you get into more sophisticated and exotic cases, you may not have the same luck with all vendors. Also keep in mind that Cisco has thousands of products, so while routers and switches are one thing, wireless / security / UC / UCS / storage / acceleration / etc etc etc could be an entirely different thing depending on your environment and experience.

Q: More tamperproof? provide better security?
A: I believe that the majority of enterprise and SP class vendors will be similar in this space. Perhaps not in the mid 90's, but everything is pretty damn secure now and there is little differentiation.


I'm going to take the liberty of reading between the lines a little - and if you are looking for relevant experience to get started in the industry, going with cisco is probably the easiest way to get in the door. If you have a CCNA (not just "ccna-level knowledge") then you have a good shot at getting an interview, even if the business doesn't exclusively use Cisco gear. The thinking is that if you can learn the Cisco stuff, you can surely learn the other stuff if necessary. However while going for a Juniper certification is gravy for the resume, a lot of people won't know what to make of it and your mileage may vary for job application purposes.

Very good points indeed...

I've seen a lot of jobs paying $95k or better asking for a CCNA or CCNA/CCDA or maybe a CCNP or CCNP/CCDP to get it.

I've not seen the same results for the JNCIA yet. Maybe someone else has?

 

[Comblues]

Thanks for your honesty.

Not paid by Cisco though. Never as of yet.

I am paid by employers to have and exhibit a certain level of Cisco knowledge to their environments.

AKA: They hire me cause I'm Cisco Certified and Cisco Experienced.

 

[Comblues]

Im sorry but the Cisco ACE load balancers were trash, and I say were because Cisco has pretty much killed them and for good reason. The only thing they were good for was throughput. The ACE 20's had a nice little hardware bug that could not be patched that would cause them to reboot every 4 to 6 months and lose random parts of the configuration, Cisco's response was we will sell you some nice ace 30's at discount. The ACE configuration was also convoluted and hard to maintain with hundreds of vips across multiple contexts. It was so bad I wrote scripts to parse the configuration into an easier format to read for migrating off of them. I would go F5 or Citrix any day over Cisco in the load balance arena.

As for which vendor to choose I always look for best in class of established manufactures that fits my budget. Cisco does a lot of thing well but has been slipping in a lot of areas. Unless your director follows the "no one ever got fired for buying cisco" mantra you should always research to find which product fits your needs at that point in time, what was best two years ago may no longer be relevant.

I like the best vendor approach and used to swear by it myself.

However, I like stability more than anything else. You've told us you had stability problems that you could not get resolved. I assume they were some tough ones (bugs).

I'm not a fan of vendors and using multiple vendors increases the chances of getting the finger-pointing blues.

Never a desired outcome of the "best in class" approach.

Often a necessary by-product of using this logical approach.

In the end we all have to go for what we know.

I know the Cisco CLI and I like the open documentation that Cisco readily supplies and the almost endless avenues of support for Cisco products from my account teams (who do whatever is necessary to help) down to forums, lists, and and an almost infinite supply of denizens on the net.

Comblues

 

[Comblues]

Cisco ACE may not have been a good fit for you & your shop, but all three pairs of our ACE20 have been great in our environment.
I know the hardware bug you mentioned, and it's indeed very aggravating that there's nothing anyone can do about it, but it can happen to any vendor, and not just Cisco.

The fact that ACE uses the same MQC structure that's used on routers makes it extremely easy for training & management.
Took me less than 30 min to teach a new guy, who's never worked on ACE before.
Once again, this works for us, but probably not for you, or those who have a different requirement & environment.

I do agree though, that we'll probably go w/ either F5, or Citrix when it's time to replace our ACE20.

If you have a need to support the kind of applications that require the best in every category, then you have to go w/ the best.
Who doesn't want a network that performs at the highest level?
However, it comes w/ a price - multiple vendors, contracts, support organizations & flows, extra training, etc.

I'm well aware that some of Cisco's stuff either under-performs, or are just ridiculous...we've yelled at our account teams & BU's on numerous occasions.
However, for us, having 90% of stuff on Cisco makes sense - one vendor to deal with, one number to call for support, and you just go to one event (Networkers/Cisco Live), and you get to take training in whatever technology that interests you.

Also, if your budget allows it, you can sign up for Advanced Service's NOS, which has all sorts of benefits that are very difficult to get when you have 10 different vendors on your network.

It took me 2 days to teach a middle of the road CCNP how to master the CSS Load Balancers. That's it.

A good diagram, excellent references, a few tips and tricks, and some of the this line of code does this if the server does that, etc. And a copy of the official courseware.

Comblues

 

[theevilsharpie]

I tend to think the ASA line are actually really good products, some people blast them for not providing things like content filter and the like, but thats not what they are, they are FIREWALLS and they firewall very well.

Lulz.

Everyone can do packet filtering. If that's all it takes to make a great firewall in your eyes, you might as well just get a Linksys.

The reason everyone else in the firewall business is doing content filtering and other types of advanced inspection is because that's what it takes to combat modern-day perimeter security threats. The overwhelming majority of malware traffic is carried over HTTP and SMTP, and an ASA is going to do fuck-all to stop those types of threats. The best it can do is basic intrusion prevention, or some rudimentary content inspection if you're using one of the older ASA models.

I could perhaps see the value of an ASA if you had very basic security needs and they were mind-blowingly fast, but not only do they lack on features compared to the competition, they aren't especially fast.

If there's any particular aspect where the ASA excels, please let me know. Off-hand, I can't think of a single area where the ASA isn't getting trounced by the competition.

 

[Comblues]

Lulz.

Everyone can do packet filtering. If that's all it takes to make a great firewall in your eyes, you might as well just get a Linksys.

The reason everyone else in the firewall business is doing content filtering and other types of advanced inspection is because that's what it takes to combat modern-day perimeter security threats. The overwhelming majority of malware traffic is carried over HTTP and SMTP, and an ASA is going to do fuck-all to stop those types of threats. The best it can do is basic intrusion prevention, or some rudimentary content inspection if you're using one of the older ASA models.

I could perhaps see the value of an ASA if you had very basic security needs and they were mind-blowingly fast, but not only do they lack on features compared to the competition, they aren't especially fast.

If there's any particular aspect where the ASA excels, please let me know. Off-hand, I can't think of a single area where the ASA isn't getting trounced by the competition.

The only area where I think the ASA is "KILLING THE COMPETITION" is in the...

JOB MARKET

Nearly every job request I see asks for the Cisco ASA Firewall for Network Engineers and Architects... or will take it in lieu of the the Checkpoint Firewall.

I may be wrong but if you want a job as a Firewall Admin, the Cisco ASA is still the champ in the industry. In my experience, that is the case.

Maybe because my experience and resume highlight years of experience with the PIX/ASA/FWSM Firewall Family of Products, however, that's what I know and not what I think.

Cisco may not be the best of class for some folks - but it does get a person employed and paid and is just about everywhere.

Um...

Not Sidewinders...

Not Checkpoint...

Not Juniper...

Not some Unix/Linux variant...

etc.

Cisco is the leader in the hiring market - If you know the Cisco ASA Product today, you are sought after in the job market. At least that is how it works for me.

Do I need to post job after job that pays $95k-!60k asking for the ASA or that will take the ASA in positions that mention the Checkpoint Firewall... none other even compares (they just don't ask for them).


Comblues

 

[Comblues]

I used to love to play with everything...

Then I became a Server Admin/Engineer -> Microsoft got me paid...

Then I a Network Admin/Engineer -> Cisco got me paid...

Now as a Network Architect/Designer/Planner -> I work on multi-million dollar projects for multi-billion dollar companies and they all want Cisco and I get paid to to deliver.

Umm...

Cisco for me.

Make your choice...

Choose... um... wisely.

Comblues

 

[theevilsharpie]

The only area where I think the ASA is "KILLING THE COMPETITION" is in the...

JOB MARKET

Nearly every job request I see asks for the Cisco ASA Firewall for Network Engineers and Architects... or will take it in lieu of the the Checkpoint Firewall.

I may be wrong but if you want a job as a Firewall Admin, the Cisco ASA is still the champ in the industry. In my experience, that is the case.

I just searched on indeed for jobs within 100 miles of Los Angeles (which covers a majority of California's population, and is a reasonable representation of the U.S. as a whole):

Firewall - 696 Jobs
Firewall ASA - 86 jobs
Cisco ASA - 103 jobs

15% of the market is hardly killing it.

Also, since we're sharing anecdotes in this thread, the majority of my clients are using either Fortinet or Sonicwall firewalls. In addition, among my present and past customers, my colleagues, and my friends in the industry, I have never seen a situation where somebody has moved from another enterprise UTM firewall to Cisco ASA; it's always gone in the other direction.

Now as a Network Architect/Designer/Planner -> I work on multi-million dollar projects for multi-billion dollar companies and they all want Cisco and I get paid to to deliver.

Umm...

Cisco for me.

What's that saying: if all you have is a hammer, everything looks like a nail?

If you're a Cisco network architect, then of course you're going to expound on the virtues of Cisco

However, look through this thread. Despite the fact that the OP asked for specific technical differences between Cisco and other vendors, you have yet to offer a single technical reason why Cisco is superior to the competition. In fact, the only technical "pro" I've seen mentioned is Cisco's ability to service and support corporations with global networks (which is definitely a competitive advantage for Cisco), and Cisco's products generally being "good enough" (which I don't necessarily agree with).

If you want to claim that one of Cisco's advantages is that they have a healthy presence in the job market, I don't think anyone is going to dispute that. But Cisco doesn't have a monopoly on skilled network engineers, and in any case, that's not what this thread is about.

 

[Comblues]

Good point on technical advantages...

I defer to Miercom reports - they compare Cisco to the competition on a per platform or even per feature basis providing emperical evidence to support their findings and the conditions for each set of said results.

Take a look:

http://www.miercom.com/?s=cisco&x=0&y=0&=Go/

Cisco ASA 5500-X Adaptive Security Appliances awarded Performance Verified

Posted on 13 August 2012 by Miercom
Cisco engaged Miercom to evaluate the performance of the newly launched ASA 5500-X Series of Adaptive Security Appliances against comparable products selected on the basis of intended markets and MSRP.



Three different comparative scenarios were tested.



Products from Check Point and Fortinet were included in the testing and compared to similar offerings from the ASA 5500-X series.



The ASA 5515-X was compared to the Check Point 4210, ASA 5525-X with the FortiGate 310B, and the ASA 5555-X with the Check Point 4807 appliances. These products were chosen because they are similar in vendor-intended usage so that a fair comparison could be made.


http://www.miercom.com/2012/08/cisc...iances-awarded-performance-verified/#more-973

Download the report here:

http://www.miercom.com/pdf/reports/20120514.pdf



Here's the summary:

Key findings and conclusions:

•

On the ASA 5515
-
X and 5525-X, EMIX traffic was better
by 99% or more when compared to their counterparts

• UDP throughput using IMIX (IPv4 and IPv6) -was 57%better on ASA 5500 -

X series appliances than thecompetition

•HTTP traffic throughput on Cisco appliances was 60%more than comparable competitor products
• ASA 5500-X series can process 10% more connections per second over IPv4 and 24% moreover IPv6 than competitive products



Forgive me as I made reference to the Miercom reports earlier and of course each vendor will have their own virtues.

It looks like Cisco paid Miercom to conduct tests they were more favorable in and areas that they might perform better at. Perhaps.

However, Miercom is an independent testing body using a set of standard testing procedures that any vendor can dispute if they believe the results to be inaccurate.

Comblues

 

[Comblues]

What I love about Miercom is they tell us exactly what they tested and under what conditions and every vendor from my understanding is given the opportunity to refute and challenge their findings before they publish.

It looks like the competition did not do so well in this report.

 

[Comblues]

Here's what Miercom had to say about UTM appliances - Cisco is not there, however what they do say... says a lot.

http://www.miercom.com/?s=fortinet&x=0&y=0

The four UTMs were far from plug and play, with some frustrating snags and glitches cropping up during the installations. Some of the administration interfaces were difficult to use and would likely inhibit effective UTM device deployment.

Comprehensive security provision is asking a lot of one box, especially at enterprise-level demand. Three of the four tested units failed to block many of the security threats delivered by the three security effectiveness test systems. The Watchguard Firebox Peak X 8500e was the exception and performed well on all security effectiveness tests.


The SonicWALL NSA E7500 handled network traffic both with and without all countermeasure features enabled. Since none of the devices tested stopped all threats, nor could produce full line rate network protection, enterprises might want to consider employing separate network and endpoint security applications.




Just something to consider if we are thinking that any one of these boxes "does it all"...


Comblues

 

[Comblues]

Here's a nice plug for Dell Enterprise Switches

http://miercom.com/pdf/reports/20130507.pdf

Ease of use and compatibility to Cisco Switches being a big selling feature.

Comblues