Advanced Aruba Mobility Access Switch Workshop

Advanced Mobility Access Switch Workshop

Madani Adjali & Scott Calzia

March, 2014

2CONFIDENTIAL

© Copyright 2014. Aruba Networks, Inc.

All rights reserved#AirheadsConf

Download Airheads Mobile

CONFIDENTIAL


All rights reserved3 #AirheadsConf

Agenda

Platform Overview

Wired Access Point

Activate & Airwave Integration

Aruba Central or SDN (TBD)

4CONFIDENTIAL



Introducing the Aruba Mobility Access Switch Family

• Security to wired access– Flexible role-based access

– Policy moves from wireless to wired

• Operational simplicity– Low-touch installation and configuration

– Dynamic configuration of user policies

– Integration with Aruba APs

• Simplify the network– Reduce VLANs in the closet

– Extend logical configurations

• 802.11ac Ready– Scaled to support high-density

deployments

– PoE+ on every switch port

– 10GbE uplinks (S2500/S3500)

5CONFIDENTIAL



Mobility Access Switch Capabilities

A. Ethernet Switch

• Layer 2/3 forwarding

• Native Role-based policy enforcement

B. Integration with ClearPass

• Downloadable Role/ACL

• Captive Portal

C. Wired Access Point

• Tunneled Node

• Role-based policy enforcement at Mobility Controller

• Single policy for WLAN and LAN

A. L2/L3

Forwarding

C. Wired AP

Mobility Access

Switch

Access Point

LAN Core

Mobility

Controller

AirWave

Management

Platform

ClearPass Policy

Manager

B. User-Role

Download

6CONFIDENTIAL



S3500 Mobility Access Switch

• Designed for Wired Access

– 24/48 Port Models

– Wire-rate and non-blocking performance

– Role-based access with user visibility

– Per port PoE/PoE+

• ArubaStack

– Stack up to 8 devices

– Up to 384x GbE and 16x 10GbE

– Single management IP address

– Single configuration file

• Flexible Forwarding Options

– Traditional L2/L3 Switching

– Tunnel traffic to Mobility Controller

• Modular Components

– Field replaceable AC power supplies

• Optional redundant power supply

– Field replaceable fan tray

– Optional 4-port uplink module

• 1000BASE/10GBASE-x SFP/SFP+

PoE budget values are provided for single PSU and dual PSU configurations

SKU Ports PoE Budget

S3500-24F 24x1000BASE-x Not Applicable

S3500-24T 24x10/100/1000BASE-T Not Applicable

S3500-24P 24x10/100/1000BASE-T 400W | 689W

S3500-48T 48x10/100/1000BASE-T Not Applicable

S3500-48P 48x10/100/1000BASE-T 400W | 689W

S3500-48PF 48x10/100/1000BASE-T 850W | 1465W

7CONFIDENTIAL



S3500: Front and Rear Views

• Modular Components

– Power Supplies

– Fan Tray

– Uplink Module

• Management

– Console (RJ45 Serial)

– Out-of-band Ethernet

– USB Storage

– LCD Display

• Dimensions & Airflow

– 1RU

– 1.75˝ (H) x 17.5˝ (W) x 17.5˝ (D)

– Front/Side to Rear Airflow

• Mounting Options

– 2 Post Rack (front & mid-mount)

– 4 Post Rack

– Wall Mount

• Limited Lifetime Warranty

Optional

Uplink Module

S3500 Rear View

USB

Console

Field-Replaceable

Fan Tray

Hot-Swappable Power Supplies

Ethernet

Out-of-Band

S3500-24F Front View

24x1000BASE-X SFP Ports

LCD

S3500-48P Front View

Fixed 10/100/1000BASE-T Ports

LCD

8CONFIDENTIAL



S2500 Mobility Access Switch


– 24/48 Port 10/100/1000BASE-T




• ArubaStack


– Up to 384x GbE and 16x 10GbE



– Stackable with S3500




• Integrated Components

– Built in fans for quiet operation

– Fixed 4-port uplinks

• 1000BASE/10GBASE-x SFP/SFP+


S2500-24T 24x 10/100/1000BASE-T Not Applicable

S2500-24P 24x 10/100/1000BASE-T 400W

S2500-48T 48x 10/100/1000BASE-T Not Applicable

S2500-48P 48x 10/100/1000BASE-T 400W

9CONFIDENTIAL




S2500 Front ViewLCD

Display

Fixed 10/100/1000BASE-T Ports

• Fixed Components

– Built-in 4xSFP/SFP+ Uplinks

– Integrated Power Supply

• PoE Budget

– 400W

– PoE Priority Available

• Management

– Console (RJ45 & mUSB Serial)

– Out-of-band Ethernet

– USB Storage

– LCD Display


– 1RU

– 1.75˝ (H) x 17.5˝ (W) x 12˝ (D)

– Side to side airflow


– 2 Post Rack (Front)

– Wall & 2-Post Mid Mount


Fixed

4x 1000BASE-x/10GBASE-x

(SFP/SFP+) Ports

S2500 Rear View

USB Integrated

Power Supply

Ethernet

Out-of-Band

RJ-45 & Mini-USB

Console

Fixed Fans

10CONFIDENTIAL





– 12/24/48 Port 10/100/1000BASE-T




• ArubaStack







• Integrated Components

– Built in fans for quiet operation (24P/48P)

– Fanless (12P)

– Fixed 2-port (12P) & 4-port (24P/48P) uplinks

• 1000BASE-x SFP


S1500-12P 12x 10/100/1000BASE-T 120W

S1500-24P 24x 10/100/1000BASE-T 400W

S1500-48P 48x 10/100/1000BASE-T 400W

11CONFIDENTIAL



S1500-24P/48P: Front &Rear Views

S1500-24/48P Rear View

Console

USB

Fixed

4x 1000BASE-X

(SFP) Ports

48x 10/100/1000 (RJ45) Ports


– Built-in 4xSFP Uplinks


• PoE Budget

– 400W


• Features & Scaling

– Same features as S2500/S3500

– Reduced scaling vs. S2500/S3500

• Management

– Console (RJ45)

– USB Storage


– 1RU

– 1.75˝ (H) x 17.5˝ (W) x 12˝ (D)

– Side to side airflow


– 2 Post Rack (Front)

– Wall & 2-Post Mid Mount


Integrated

Power Supply

Fixed Fans

Mode LEDs and

SelectorS1500-48P Front View

12CONFIDENTIAL



S1500-12P: Front & Rear Views

S1500-12P - Front View

USB

Console

RJ-45

12x 10/100/1000Base-T

With 8x PoE/PoE+)

2x 1000BASE-x

(SFP)

Mode LEDs and

Selector

Cooling Vents on

Top and Bottom for

Fanless Design


– Built-in 2xSFP Uplinks


• PoE Budget

– 8x PoE/PoE+ with 120W Budget


• Features & Scaling

– Same features as S2500/S3500

– Reduced scaling vs. S2500/S3500

• Management

– Console (RJ45)

– USB Storage


- 1.72" (H) x 13" (W) x 8.9" (D)

– Fanless


– Desktop (Rubber feet included)

– Rack & Wall Mount (Included)

– Magnet Mount (Optional)


S1500-12P - Rear View

Integrated

Power Supply

Security Lock Slot

13CONFIDENTIAL



Platform Comparison

Capability / Feature S3500-XXP S3500-XXT S2500-XXP S2500-XXTS1500-

XXP

S1500-

12P

Number of Ports 24/48 24/48 24/48 24/48 24/48 12

10/100/1000 Fixed Ports Yes Yes Yes Yes Yes Yes

Line Rate Yes Yes Yes Yes Yes Yes

Uplink Performance 4 x 10G SFP+ 4 x 10G SFP+ 4 x 10G SFP+ 4 x 10G SFP+ 4 x 1G SFP 2 x 1G SFP

Uplinks Options Modular Modular Integrated Integrated Integrated Integrated

LCD Yes Yes Yes Yes No No

Modular Power Yes Yes No No No No

Dual Power Yes Yes No No No No

PoE/PoE+ (15.4W/30W) Yes N/A Yes N/A Yes Yes

PoE Budget (W) 400/689/1465 N/A 400 N/A 400 120

Max Simultaneous PoE/PoE+ 48A/48A N/A 25/13 N/A 25/13 7/4

Modular Fan (FRU) Yes Yes No No No No

ArubaStack Yes Yes Yes Yes Yes Yes

Max ArubaStack Members 8 8 8 8 8 8

Mixed Product Line ArubaStacks Yes Yes Yes Yes No No

Depth 17.5”/19.5” A 17.5” <12” <12” <12” <9”

Ambient Sound 48dB 48dB 42dB 42dB 42dB 0dB

List Price (24/48) $3,995B/$6,995B $3,195B/$5,495B $3,795/$6,795 $2,995/$5,195 $2,495/$4,595 $1,595Note A: Assumes dual 1050W power supplies | Note B: Single power supply(600W for P SKU and 350W for T SKU) and no uplink module (S3500-4x10G - List $1495)

14CONFIDENTIAL



Features & Capabilities Overview

• Spanning Tree

- Multiple Spanning Tree (MSTP)

- Rapid PVST+

• Link Aggregation Group

• Hot Standby Link

• L2 Generic Router Encapsulation

• Voice VLAN

- LLDP-MED

- CDP Fingerprinting

• Port Security

- DHCP Snooping, DAI & IPSG

• Quality of Service

- Strict Priority Queuing

- 1 Rate Tri-Color Policing

• Ethernet OAM 802.3ah

Platform / Layer 2 Features Routing / Branch Features

• Routed Virtual Interfaces (RVI)

• Static Routing

• OSPFv2

- MD5 Authentication

- Route Filtering

• Policy Based Routing

• Virtual Router Redundancy Protocol

• L3 Generic Router Encapsulation

• Multicast

- PIM-SM

- IGMP Snooping/MLDv1

• Network Address Translation

• Stateful Firewall

• Site to Site VPN

- Includes OSPF over VPN

15CONFIDENTIAL



Features & Capabilities Overview (Cont.)

• Role Based User Access

• User Derived Roles

- MAC Address Variable Match

- DHCP Signature Match

- LLDP/CDP Phone Match

• AAA Authentication

- 802.1x

- MAC Auth

- Captive Portal (Internal/External)

• External Authentication Servers

- Radius

- TACACS+

- LDAP

• Radius Fail-Open

Authentication & Security Aruba Portfolio Integration

• Aruba Activate

• Mobility Controller

- Tunneled Node

- AirGroup

- Auto AP PoE Prioritization

- Auto AP QoS Trust

• Instant AP

- Auto AP PoE Prioritization

- Auto AP QoS Trust

- Rogue AP Enforcement

- VLAN Sharing

• ClearPass Policy Manager (CPPM)

- Downloadable Roles & ACLs

- Redirect to ClearPass Guest

16CONFIDENTIAL



Wired Access Point

17CONFIDENTIAL



Wired Access Point (Tunneled Node)

LAN Core

• Single policy for WLAN and wired

• Role-based policy enforcement at Mobility Controller

• Tunnel traffic requiring increased security

• Per-Port Tunneling (Access/Trunks)

• Minimize VLANs between Edge and Core

• Redundant Mobility Controller Support

Mobility

Controller

AirWave

Management

Platform

ClearPass Policy

Manager

Tunnel from wired AP

Mobility Access

Switch

Access Point

18CONFIDENTIAL



Tunneled Node Mobility Controller Scaling

7240 7220 7210 M3 3600 3400 3200 650 620

Concurrent

Users32,768 24,576 16,384 8,192 8,192 4,096 2,048 512 256

# of Ports

Tunneled16,384 12,288 8,192 4,096 1,024 512 256 96 48

Firewall

Throughput40 Gbps 40 Gbps 20 Gbps 20 Gbps 4 Gbps 4 Gbps 3 Gbps 2 Gbps 800 Mbps

# of AP

Licenses2,048 1,024 512 512 128 64 32 16 8

License Description

Licenses Applied to the Mobility Controller

LIC-X-AP S2500/S3500 Wired AP device deployed as a single device or as an ArubaStack*

will consume a single AP license.

• Provides connectivity to controller for config• Centralized Authentication, etc.

LIC-PEFNG-X S2500/S3500 Wired AP device deployed as a single device or as an ArubaStack*.

will consume a single Policy Enforcement Firewall license• Provides wired policy enforcement for tunnel traffic

LIC-RFP-X S2500/S3500 Wired AP device deployed as a single device or as an ArubaStack*.

will consume a single RFProtect license

* An ArubaStack will consume a single license; max 8 devices in an Arubastack

19CONFIDENTIAL



Wired Access Point Demo

20CONFIDENTIAL



Activate & Airwave Integration

21CONFIDENTIAL



Aruba Activate

2. Mobility Access Switch first

attempts to download a configuration

via TFTP

Aruba

Activate

Simplify and enable rapid deployment

1. Connect device 2. Verify LEDs GREEN 3. Move to new location 4. Repeat steps 1 3

Branch Location

Mobility Access Switch

Airwave Management Platform

Headquarters Location

3. When TFTP fails, the Mobility

Access Switch attempts to

contact Activate. Mobility

Access Switch sends Serial

Number and system MAC

address.4. Airwave responds

with Airwave IP, Shared

Secret, Group Name

and Folder Name.

5. Mobility Access Switch contacts Airwave and

provides Shared Secret, Group Name and Folder

Name.

6. Airwave contacts Mobility Access

Switch and pushes down group

configuration

TFTP? Are

you there?

Help me Aruba

Activate, you’re my only

hope!Hi Airwave!

Configure

Me!

• Automates Product

Installation

• Automates Software

Updates

• Inventory Management

1. Customer Enables Service

& Inputs Provisioning Rules

Hi Mobility

Access Switch!

Yippie! All

Configured!

Hi Mobility

Access Switch!

22CONFIDENTIAL



AirWave Management Platform & Mobility Access Switch

• Hardware Monitoring & User Visibility

– Inventory and Uptime

– Visibility Into Wired Network Usage

– SNMP Trap and Syslog Support

• Software Configuration & Firmware Management

– Configuration Changes

– Configuration Backups

– Firmware Upgrades

• Reporting

– Compliance Reporting

– Report and Track Wired Users

23CONFIDENTIAL



Activate & Airwave Integration Demo

24CONFIDENTIAL



25

Thank You

#AirheadsConfCONFIDENTIAL


All rights reserved

Advanced Aruba Mobility Access Switch Workshop

Technology

aruba apssimplify

userrole download

sdn tbdconfidential

baset portslcd

ac readyscaled

single psu

l2l3 forwardingc

download airheads mobile