Aruba Instant On Overview
Originally Posted: July 7th, 2021
Last Edited: July 16th, 2021
TL;DR:
Aruba Instant On is a cloud-managed networking ecosystem with switches and Wi-Fi for home or small business users.
Instant On has less features than Aruba’s enterprise equipment, but is cheaper and easier to use.
In it's current form, Instant On is a viable option for basic managed switches and Wi-Fi. Hopefully it will be more than that soon.
For speed tests of Instant On APs and how they compare to UniFi APs, see my Instant On AP22 Review and Instant On vs. UniFi Speed Tests.
Table of Contents
Aruba Instant On Overview
Aruba specializes in enterprise networking, competing with Cisco, Ruckus, Juniper, Mist, and others. Aruba is leading the way on Wi-Fi 6E, and well known for their wireless access points. Aruba also has a variety of SD-WAN appliances, firewalls, and services. I’m not covering those here, I’m only focusing on their Instant On wireless access points and managed switches. Most Aruba products are for enterprise use, but Instant On is a separate lineup for small business and home networks.
The two sides of Aruba’s business are separate. Confusingly, the word “Instant" is used in both sides, and the “On" changes a lot. To keep things clear, I’ll refer to Aruba’s Instant APs and other full-fat products as their enterprise equipment. Instant On has less features, but is cheaper and easier to use.
There are a lot of differences between Aruba's enterprise equipment and Instant On. You can’t convert enterprise APs into Instant On APs, or vice versa. If you invest in Instant On and decide to step up to enterprise gear later, none of the Instant On devices will be able to make the move. Either option requires a trade-off, but there’s a clear line between them.
A lot of people compare Instant On to UniFi or TP-Link Omada, so I wanted to try it out for myself. Let’s start by comparing Aruba enterprise equipment to their Instant On APs and switches.
Aruba Enterprise vs. Instant On
Aruba Enterprise Equipment
The enterprise-grade “Instant" Aruba APs have model numbers in the 200/300/500/600 series, such as the new AP-635 which supports Wi-Fi 6E coming this fall. They are packed with features and can be used to build a large network, covering several buildings or sites with hundreds or thousands of users. They can do a lot of things that Instant On APs can’t, but you pay for that with higher costs, licenses, and higher skill requirements. You don't have to be a network engineer to use them, but it helps to know the basics of VLANs and network layers.
Aruba’s enterprise APs are flexible, and have 3 modes of operation: Campus AP (CAP), Instant AP (IAP), or Remote AP (RAP). They can be controller-managed (CAP/RAP) or controller-less (IAP), and managed locally or in the cloud. When in campus or remote mode, they run firmware called ArubaOS and use an Aruba WLAN controller for management. Aruba has various options for physical and virtual Gateways and Controllers, or the subscription-based Aruba Central or AirWave software.
If you don’t want an Aruba WLAN controller, you can use a 200/300/500/600 series AP with alternative firmware called InstantOS to act as an IAP. IAPs run their own virtual controllers, and form what Aruba calls IAP clusters. This allows one master IAP to control the settings of the other IAPs in the cluster. If you’re considering Aruba’s enterprise APs for a home or small business network, look into IAP mode. Sadly, it looks like this mode is going away as Aruba moves to ArubaOS version 10. ArubaOS 8 supports IAP mode and will be updated for a few more years, but ArubaOS 10 and up will require a local or cloud WLAN controller.
Aruba Instant On
Instant On devices are simpler, and have no licenses or subscriptions to worry about. There are 6 AP and 7 switch models to pick from. All Instant On devices are managed through the free Aruba cloud controller. You can control them in the mobile app, or by going to portal.arubainstanton.com in a browser. Instant On has automatic and easy setup, while still offering most common networking settings.
If you want to expand your Instant On network, simply buy more hardware and plug it in. Instant On supports up to 25 access points and 150 users per site, and 8 SSIDs per radio. Aruba recommends a maximum of 150 sites per account. If you're running into those limits, Instant On probably isn't for you. If your network covers hundreds of sites or thousands of access points, you want Aruba's enterprise equipment, or equipment from another vendor.
Instant APs and switches can expand an existing network in what Aruba calls private network mode. Instant On switches support VLANs and have some layer 3 features like static inter-VLAN routing. They are not full L3 routers, and don't have features such as NAT or a DHCP server. You don't need to use Instant On switches in your network, you can use any switch. Using an Instant On switch has benefits though, and allows the Instant On portal to be a central place to configure VLANs and SSIDs.
If you don't have an existing router, Instant On APs can act as a gateway and basic firewall in router mode. Most Instant On APs only have a single Ethernet port, so I'd recommend the AP11D for router mode due to it's 3 LAN ports. In router mode, other APs connect to the gateway AP and form a single network. You can make multiple SSIDs and subnets if needed, but your configuration options are limited. It's nice that router mode is there, but I'd only recommend it in a pinch. A dedicated router is likely the better option for most people.
The software is simple, but Instant On APs share hardware with some of the enterprise models, and include most of their performance. For example, the Instant On AP11D is based on the AP-303H, and the AP22 is based on the AP-505. Instant On switches don’t have direct enterprise equivalents, but they’re good, basic managed switches. The switches are easier to understand, so we’ll start by looking at those.
Instant On Switches: 1930 Series
Currently, Instant On has one line of switches, the 1930 series. Choosing the right switch is easy: pick the number of ports, and add PoE if needed. Here’s a chart which shows all the current Instant On switch models. Most specs are shared, but the lower port models also have lower limits for trunks and MAC table size.
I picked up the 8 port model with PoE (1930 8G Class 4 PoE 2SFP 124W Switch - catchy name!) for my testing. It’s a desktop model, but it includes the mounting hardware to put it in a network rack or wall mount it. Instant On also has rackmount 24 or 48-port models for networks that need more ports. Hardware wise, it feels solid and well-made. The bigger PoE switches include a small fan, but the 8 port PoE model is fanless. It did have a bit of high-pitched coil whine when running multiple PoE devices though.
One interesting aspect of Instant On switches is their software and management. Instant On APs must be managed through Aruba’s cloud portal, but switches can be managed locally on their individual web interface. You can’t have it both ways, though. When an Instant On switch is using local management, it can’t be accessed from the cloud controller. The benefit of using local management is additional features. The downside is you'll need a VPN or other solution for remote access.
- APs = Cloud only
- Cloud-managed switch = limited features. If you need easy remote access, manage the switch in the cloud portal.
- Local-managed switch = full features. If you need more features, manage it locally.
Whether you manage your Instant On switches locally or through the cloud portal, they are stuck inside the Instant On ecosystem, and can’t be managed by enterprise Aruba equipment or services. Instant On devices can connect to other equipment, but they will never be managed by anything besides the Instant On portal.
Instant On switches do have some layer 3 routing features, but they aren't full L3 switches. Aruba calls them "layer 2+" in some support docs, and that seems like a fair description. I'll cover the L3 features more below when I discuss setup and settings.
Despite a few quirks, if you need an easy-to-use managed switch for powering Instant On APs, the 1930 series is a good option. I'll cover the switches more when I get into my impressions below. If you need more than the 1930 series switches give you, you’ll want to look at Aruba’s enterprise switches which have more variety and features.
Instant On Wireless Access Points
Instant On APs are also easy to understand. If you need indoor APs, you can choose from the four normal omnidirectional models (AP11, 12, 15, or 22), or the AP11D which includes three LAN Ethernet ports for bridging to wired devices. The AP22 is the only Wi-Fi 6 (802.11ax) model, the rest are all Wi-Fi 5 (802.11ac). There’s also one outdoor model, the AP17, which is basically an AP11 in an outdoor enclosure. Here's a chart which shows all current Instant On AP models.
If you want more depth on Instant On access points and how the AP11 and AP22 compare to UniFi, see my Instant On AP22 Review and Speed Comparison.
Aruba Instant On Access Point Models
Wi-Fi 5 Omnidirectional: AP11, AP12, and AP15. The AP11, AP12, and AP15 are normal omnidirectional APs which should ideally be mounted on a ceiling, wall, or shelf. They are Wi-Fi 5, and they all have a 2x2 Wi-Fi 4 radio for 2.4 GHz. For 5 GHz, the AP11 is 2x2 with up to 50 devices, the AP12 is 3x3 with up to 75 devices, and the AP15 is 4x4 with up to 100 devices. The AP12 and AP15 are a bit bigger, and include a USB port for "future use". Besides that, the differences are minor.
Wi-Fi 6 Omnidirectional: AP22. The AP22 is the first and only Wi-Fi 6 model, based on the AP-505. The AP22 features a faster 2x2 5 GHz radio, and supports up to 75 active devices. The 2.4 GHz radio is also 2x2, but makes the jump to Wi-Fi 6 for some additional performance. Besides that, there isn’t much different with the AP22. It’s likely going to form the bottom of the Wi-Fi 6 lineup once some higher spatial stream models are released (AP25, AP27?). They may also make a more cut-down AP21 model. For now, if you want Wi-Fi 6, you want the AP22.
Desk or In-Wall: AP11D. The AP11D is unique. It matches the radio specs of the AP11, but also includes 3 additional Ethernet ports for bridging to wired devices. This is similar to the UniFi In-Wall models, but includes a little stand for mounting on a desk or a shelf. The AP11D also includes electrical outlet mounting brackets, making it a good option for hotel rooms or small, remote networks.
Outdoor: AP17. If you need Wi-Fi coverage outdoors, the only option is the AP17. It’s a bit bigger than the others due to it’s weather-proof enclosure, but it’s similar to the AP11 in specs. You’re paying extra for the enclosure, so unless you’re mounting an AP outdoors the other models are better options.
Setup and Settings
After unboxing the switch and access points, I downloaded the Instant On app and created my Aruba account. If you don’t have a phone or tablet around, the process is the same in the web portal. As with most cloud-managed systems, you need Internet access to get started. The devices took several minutes to finish their initial boot, but the setup process was fairly simple. After things were up and running I started poking around the app and web interface to see what was available.
The amount of settings in the portal is limited, and they vary with which mode you use. Since I had both a switch and access points, I chose to extend the network I have with Private Network mode. If you don’t have an existing network, you can plug an Instant On access point directly into your Internet connection and use it in Router mode. I spent most of my time using the private network mode, but router mode is better if you just need a quick mesh network setup. You can use an AP in router mode to create several networks and SSIDs, but don't expect a lot of customization or in-depth settings.
For Wi-Fi you can choose a channel width, specify which channels can be used, and set a range for transmit power under the Radios tab. There are a few other tabs which allow you to set a static IP, reboot the device, and configure other basic settings. If you’re like me and want lots of control over every aspect of your network, it’s a bit disappointing. Instant On isn’t made for people like us though. Instant On is more like a typical consumer mesh networking system from Eero, TP-Link Deco, or Netgear Orbi than it is like Aruba's enterprise equipment.
The settings that are there are laid out well, and Aruba is slowly adding more to the interface as time goes on. It does the basics well, and hides away settings which can get an amateur user into trouble. That’s the good side of limited options: most of the ones you need are there, and you don’t have to worry about the ones you can’t see. It won't satisfy people like me who want to tinker with every setting, but it is flexible enough to do what most people need.
Quirks and Oddities
Cloud vs. Local Features and Settings
For the most part, using the Instant On portal is straight-forward. If you're trying to setup a basic network it couldn't be much simpler. When you get to the edge of what Instant On can do, things are a little less clear. This is especially true for Instant On switches. There are features that are only available if you choose to manage the switch locally.
Settings for cloud-managed Instant On switches
- DHCP or Static LAN IP
- Routing on/off, and VLAN creation
- Basic security options such as DHCP Snooping and ARP Attack Protection
- View data usage in broad categories such as Shopping or Social Media
- VLAN tagging, basic port authentication and security, port mirroring, and link aggregation
Settings for locally-managed Instant On switches
- All the settings found in the cloud portal
- Advanced port and trunk configuration, including full port security, storm control, and IGMP snooping settings
- STP/RSTP/MSTP and advanced Spanning Tree settings
- LLDP and LLDP-MED
- Static route and VLAN interface IP assignment, DHCP Relay, and ARP table
- QoS, CoS, and Access Lists
- Logging, ping, traceroute, support file generation, MAC table, and RMON
- Dual image configuration, backup and update, and config file operations
- Local and RADIUS user accounts
As you can see, some features require local management. I’m not sure if Aruba is planning on adding all of those settings into the portal, but that would go a long way towards making them more useful and less confusing to use. Currently you have to pick between the ease of cloud management, or the full features of local management. I’d like to see all of the features offered in both places.
Layer 3 Features and NAT
Another quirk of Instant On relates to the layer 3 switch operation and routing settings. It’s a bit of a mixed bag. For wired networks, you can enable some L3 switch features in the cloud portal:
- Create wired VLANs to match up with your other equipment
- Assign tagged and untagged VLANs per port
- Setup link aggregation or port mirroring
- Enable inter-VLAN routing with a checkbox
To get the rest of the features you need to switch over to local management. When using a locally managed switch you can:
- Do everything a cloud managed switch can do
- Assign IP addresses to physical ports or VLAN interfaces
- Create static routes
- Configure DHCP relay IPs and interfaces
- View and edit your ARP table
- Configure access control lists
Instant On switches won't be able to replace your firewall or router though. They don't support wired subnet creation, NAT, or have firewall features outside of IP access lists. You’re not able to create a new wired IP subnet, or create multiple DHCP pools for wired networks.
On the wireless side, a few more things are possible. Instant On APs can act as your router, handling NAT and firewall duties for multiple networks. In router mode or private network mode, you can make a new wireless network, assign it to a VLAN, and specify the IP range to use.
Overall Impressions of Aruba Instant On
I need to spend more time with Instant On to make a final verdict, but in my few weeks of testing I was impressed. The hardware and performance are good, and the software is OK. My biggest complaint has been the limits of a cloud-managed switch. If the local-only features and a few more radio settings were added to the cloud portal, I'd consider running it full time in my home network.
In it's current form, Instant On is a viable option for basic managed switches and Wi-Fi. Hopefully it will be more than that soon. I'm looking forward to Aruba releasing more Instant On hardware and continuing to iterate on the software. If they were to add a router/firewall to the lineup I think it would remove a lot of the quirks and limits.
It's easy to complain about missing features, but Instant On delivers on the basic features most people need. All the hardware comes with a 2 year warranty, and Aruba has plenty of up-to-date help articles and documentation. Both of those are rare for consumer equipment, and nice to see. Aruba have a solid foundation built and it's up to them to expand on it.
Overall, it feels like a promising start.