Selecting the next router

I am about to retire from a company as sys admin and working in parallel with my replacement. I have always found Draytek routers to be just fine whereas my replacement is at the alter of Cisco hardware.

Let's consider first the size of the network in question.
* FTTC Services from Cloudscape and Zen each delivering around 55 down and 17 up.
* A tad over 100 devices connected to the network which are Windows PCs, Printers, 8 CCTV cameras, 8 access points, 2 card machines and VoIP desktop phones.
* There are 11 remote sites that use VPN to connect to HQ on an ad hoc basis.
* The PCs are generally to be found using a Cloud based service to access data bases and the bank.
* The are two locations streaming back images.
* There are 42 desktop VoIP phones.

The current router handling all this traffic is a Draytek Vigor 2860Vac although the VoIP facility is no longer used.

I have not investigate the market for the best suited Draytek router but a Cisco router was desired on the grounds that Draytek routers are:
* Have mostly local web interface or VigorACS (which is clunky, not free, and not as reliable).
* Routers support basic firewalling and content filtering, but nowhere near the depth of Meraki’s security stack.
* Has VPN too, but setup is manual, complex, and less reliable at scale. (there is a need for only 21 accounts).
* With DrayTek, managing more than a few routers gets messy fast unless you pay for and manage VigorACS.
* DrayTek has no real ecosystem. It’s a router-centric brand.
* DrayTek support is okay, but UK-based and not 24/7. You're often digging through forums for help.

How much of the above is BS, I would not really know but he loves to point out that our own military use Cisco routers. He seems to think that the Cisco Meraki Go Router Firewall Plus - Cloud Managed | GX50-HW-UK will do the business but I disagree and yet I am not sure what would be best from the Draytek range.

If anyone cares to comment upon what is written here, it would be very much appreciated.

In reply to a post by trolleybus:

but he loves to point out that our own military use Cisco routers.

He may be mislead. The military, (the services, and the MOD civilians) use every brand. They play off all the vendors against each other for the best price for long term support. As does ALL public sector organisations (including the NHS); as required by public sector purchasing. I've seen MOD funded IT systems using Netgear unmanaged switches and BT Business Broadband routers where it made sense.

Will you still be financially invested in the company after you retire?

If no why would you care what router your replacement chooses as they will be responsible for it going forward (you seem to be looking for a suitable Draytek router to justify your position), sometimes its hard to let go when you retire but for your own well being you have to.

This is just an observation and not said to cause you any distress.

In reply to a post by PCJM40:

Will you still be financially invested in the company after you retire?

If no why would you care what router your replacement chooses as they will be responsible for it going forward (you seem to be looking for a suitable Draytek router to justify your position), sometimes its hard to let go when you retire but for your own well being you have to.

This is just an observation and not said to cause you any distress.

Yes.

Quite so, any mess they get themselves into won't be my problem, BUT if their IT system is compremised, then the Company could quite easily fold. I wouldn't want that to happen.

I guess one question is will the new guy be able/happy to run a network based on Draytek? He will be the one who has to maintain all of this once you've retired.

In terms of Cisco Meraki and Cisco in general now everything is subscription/time limited licence based, what do the running costs look like for that? Do they fit the level of spend the company can afford?

I've worked lots with the likes of Cisco over the years from their biggest kit right down to the CPE you mention here and yes they make good products but generally always the top of the price bracket. All vendors have issues but it is how they deal with them, what is the support model proposed? You'd be going via a reseller for purchase and support not direct.

Other questions - you mention Access Points, CCTV etc what are the upgrade plans for these, do you want them all as part of the same ecosystem? Does the company want to go more periodic CAPEX or are happy with ongoing costs for licences etc?

One different suggestion, have you looked at Ubiquiti? (ui.com) - they are very clear they are "licence free", they also seem a good fit to your list of requirements around multisite, VPN and security. They also have cameras, access points and access control as part of their eco-system so could be upgraded to include later. Unlike Cisco this wouldn't have the ongoing licence costs, but could answer a lot of the concerns your colleague has raised.

I had the misfortune to admin a Cisco Meraki setup, and it was absolutely diabolical.

All management is via a clunky central cloud system. There is zero support for IPv6. The "security" stuff is just smoke and mirrors.

The Cisco consumer and small-business kit (Meraki, Linksys etc) is nothing like the core Cisco routers. It's just some external company that they bought and rebranded their products.

How long ago did you use it?

If the budget can pay for Meraki then I'd have a really difficult time advising against its use for the type of network the OP describes. Once you start hosting things yourselves it gets a bit more difficult but for sites that need internet access, VPN overlay, and consume cloud resources it's a really good option.

Meraki Go is not Meraki, I wouldn't want to manage an 11-site business with hundreds of employees exclusively through an app.

Ubiquiti is license free but it's also support-free. Whether this is an issue depends on your orgs approach to risk. A one-man IT department probably needs to be able to pick a phone up, if you have a handful of skilled techs then that's less important.

Edited by jpm (Tue 05-Aug-25 16:34:52)

What do the remote sites use?

A new Draytek model will likely do the identical function with future support capability. If it works, and is secure, then not sure on the need to switch to Cisco.

However I would recommend a better VPN service rather than using the Draytek - something with stringent controls and ideally MFA and device attestation where possible.

And as someone else has said - the military use lots of stuff, not just Cisco.

Cisco support won't be any better unless they pay for an expensive maintenance contract.

I wouldn't get too hung up on it though - in some respects if he decides to replace what you have set up and it goes wrong, that is less finger pointing at you should it happen. So from some perspectives it may be more weight off your mind to let him go and change it all!

In reply to a post by jpm:

How long ago did you use it?

Last touched about a year ago. It was indeed Meraki Go, but I think that's what the OP was talking about.