Advertisement
My company (one building, ~100 employees) currently has a very old stack of Cisco blade switches that act as our L3 core. These are no longer supported, due to their age.<\/p>\n
About a month ago, our entire network was taken down. Come to find out, an old dev server was turned on accidentally (we figured out how it happened), and it blasted our network with ARP requests (70k/sec) and took everything down. We got the network up and running, but something we discovered was that our switches were too old and did not have flood protection. We tested the problem server with a Unifi switch and the traffic was normal. The Cisco stack was due for a replacement, but this was the straw that broke the camel’s back.<\/p>\n
In order to avoid a potential 100k - 150k invoice from Cisco or Fortinet, we have entertained the idea of going with Unifi. They are affordable, but we have some concerns. So, I come to you asking for clarification, and if anyone has been in a similar situation.<\/p>\n
One thing I want to make very clear is that we are not using the Unifi Gateway for routing. We are keeping our FortiGate in place. That being said, is Unifi far along enough where it can be a valid contender in a production environment?<\/p>\n
Currently, it seems that you cannot make changes via CLI (they reset upon reboot), ACLs require reciprocal rules to be in place (stateless?), ACL limitation, etc.<\/p>\n
Basically, my question is this. Are we wasting time with Unifi? Especially if we do not plan to use the Unifi GW? In my opinion, it is more suited for very<\/em> small businesses, and advanced home networks. Has anyone considered moving to a Unifi stack, but was turned away by lack of features or complexity?<\/p>\n The main reason we are looking into Unifi, of course, is money. Unifi switch stack would cost us 15k vs the previously mentioned 100k or more quote. Obviously, you get more features when you pay 75k more, but I assume everyone understands our reasoning for wishing to save said 75k.<\/p>\n Any advice or insight is appreciated!<\/p>","upvoteCount":6,"answerCount":42,"datePublished":"2025-06-04T18:09:10.336Z","author":{"@type":"Person","name":"jaydenf8","url":"https://community.spiceworks.com/u/jaydenf8"},"acceptedAnswer":{"@type":"Answer","text":" ACL is supported with UniFi starting with Network Application 8.2.93. So you have a very valid concern here. If your total ACL network list is greater than 128 or has the potential of growing past 128, then UniFi will NOT be the best choice for you.<\/p>","upvoteCount":3,"datePublished":"2025-06-04T20:03:04.030Z","url":"https://community.spiceworks.com/t/replacing-old-cisco-core-switch-stack-with-unifi/1212490/29","author":{"@type":"Person","name":"bbeckers","url":"https://community.spiceworks.com/u/bbeckers"}},"suggestedAnswer":[{"@type":"Answer","text":" My company (one building, ~100 employees) currently has a very old stack of Cisco blade switches that act as our L3 core. These are no longer supported, due to their age.<\/p>\n About a month ago, our entire network was taken down. Come to find out, an old dev server was turned on accidentally (we figured out how it happened), and it blasted our network with ARP requests (70k/sec) and took everything down. We got the network up and running, but something we discovered was that our switches were too old and did not have flood protection. We tested the problem server with a Unifi switch and the traffic was normal. The Cisco stack was due for a replacement, but this was the straw that broke the camel’s back.<\/p>\n In order to avoid a potential 100k - 150k invoice from Cisco or Fortinet, we have entertained the idea of going with Unifi. They are affordable, but we have some concerns. So, I come to you asking for clarification, and if anyone has been in a similar situation.<\/p>\n One thing I want to make very clear is that we are not using the Unifi Gateway for routing. We are keeping our FortiGate in place. That being said, is Unifi far along enough where it can be a valid contender in a production environment?<\/p>\n Currently, it seems that you cannot make changes via CLI (they reset upon reboot), ACLs require reciprocal rules to be in place (stateless?), ACL limitation, etc.<\/p>\n Basically, my question is this. Are we wasting time with Unifi? Especially if we do not plan to use the Unifi GW? In my opinion, it is more suited for very<\/em> small businesses, and advanced home networks. Has anyone considered moving to a Unifi stack, but was turned away by lack of features or complexity?<\/p>\n The main reason we are looking into Unifi, of course, is money. Unifi switch stack would cost us 15k vs the previously mentioned 100k or more quote. Obviously, you get more features when you pay 75k more, but I assume everyone understands our reasoning for wishing to save said 75k.<\/p>\n Any advice or insight is appreciated!<\/p>","upvoteCount":6,"datePublished":"2025-06-04T18:09:10.422Z","url":"https://community.spiceworks.com/t/replacing-old-cisco-core-switch-stack-with-unifi/1212490/1","author":{"@type":"Person","name":"jaydenf8","url":"https://community.spiceworks.com/u/jaydenf8"}},{"@type":"Answer","text":" For 100 users? shouldn’t you need like 3x 9200-48P-e and with the acl and layer 3 1x9x00-A ?<\/p>\n Total cost closer to something like 15k? Is there something I’m missing regarding just the stack? Are you needing all 10G copper or some other specialty?<\/p>\n What kind of ACLs are you putting in place? (This is more a question for someone to look at from the ubiquiti side)<\/p>","upvoteCount":5,"datePublished":"2025-06-04T18:16:54.344Z","url":"https://community.spiceworks.com/t/replacing-old-cisco-core-switch-stack-with-unifi/1212490/2","author":{"@type":"Person","name":"BadAtNames","url":"https://community.spiceworks.com/u/BadAtNames"}},{"@type":"Answer","text":" We are using Ubiquiti for switches and APs. Love them. Went for something more robust at the router/firewall level.<\/p>","upvoteCount":2,"datePublished":"2025-06-04T18:27:03.669Z","url":"https://community.spiceworks.com/t/replacing-old-cisco-core-switch-stack-with-unifi/1212490/3","author":{"@type":"Person","name":"smkscrn","url":"https://community.spiceworks.com/u/smkscrn"}},{"@type":"Answer","text":" We’ve been beyond happy with our Aruba gear, 2930M stack; we have about 90 users but many have multiple devices. We have a stack of 6 switches, but for your use case you probably only need 2-3 switches for coverage.<\/p>\n They’ve been rock solid for nearly a decade now but are no longer available. From my quick research it looks like the 6200 series is the replacement line going forward for access switches.<\/p>\n We specifically went with Aruba for cost when put up against Cisco, and they were a huge step up in functionality compared to the NetGear hardware we replaced.<\/p>","upvoteCount":3,"datePublished":"2025-06-04T18:27:49.618Z","url":"https://community.spiceworks.com/t/replacing-old-cisco-core-switch-stack-with-unifi/1212490/4","author":{"@type":"Person","name":"computerdave","url":"https://community.spiceworks.com/u/computerdave"}},{"@type":"Answer","text":" I don’t know if I would put UNIFI equipment into a “business”. I am going to get all kinds of hate for this, but they are NOT business grade (mission critical) switches. And the support is lacking.<\/p>\n
\nHOWEVER, if you have a very large number of ACLs with multiple network destinations, you could potentially run into the 128 network limit in the CURRENT version level. (It could be increased in the future, but as of right now there is a hard 128 limit).<\/p>\n