Date post: | 18-Jul-2015 |
Category: |
Technology |
Upload: | aruba-networks-an-hp-company |
View: | 1,987 times |
Download: | 0 times |
Advanced Mobility Access Switch Workshop
Madani Adjali & Scott Calzia
March, 2014
2CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Download Airheads Mobile
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved3 #AirheadsConf
Agenda
Platform Overview
Wired Access Point
Activate & Airwave Integration
Aruba Central or SDN (TBD)
4CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Introducing the Aruba Mobility Access Switch Family
• Security to wired access– Flexible role-based access
– Policy moves from wireless to wired
• Operational simplicity– Low-touch installation and configuration
– Dynamic configuration of user policies
– Integration with Aruba APs
• Simplify the network– Reduce VLANs in the closet
– Extend logical configurations
• 802.11ac Ready– Scaled to support high-density
deployments
– PoE+ on every switch port
– 10GbE uplinks (S2500/S3500)
5CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Mobility Access Switch Capabilities
A. Ethernet Switch
• Layer 2/3 forwarding
• Native Role-based policy enforcement
B. Integration with ClearPass
• Downloadable Role/ACL
• Captive Portal
C. Wired Access Point
• Tunneled Node
• Role-based policy enforcement at Mobility Controller
• Single policy for WLAN and LAN
A. L2/L3
Forwarding
C. Wired AP
Mobility Access
Switch
Access Point
LAN Core
Mobility
Controller
AirWave
Management
Platform
ClearPass Policy
Manager
B. User-Role
Download
6CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
S3500 Mobility Access Switch
• Designed for Wired Access
– 24/48 Port Models
– Wire-rate and non-blocking performance
– Role-based access with user visibility
– Per port PoE/PoE+
• ArubaStack
– Stack up to 8 devices
– Up to 384x GbE and 16x 10GbE
– Single management IP address
– Single configuration file
• Flexible Forwarding Options
– Traditional L2/L3 Switching
– Tunnel traffic to Mobility Controller
• Modular Components
– Field replaceable AC power supplies
• Optional redundant power supply
– Field replaceable fan tray
– Optional 4-port uplink module
• 1000BASE/10GBASE-x SFP/SFP+
PoE budget values are provided for single PSU and dual PSU configurations
SKU Ports PoE Budget
S3500-24F 24x1000BASE-x Not Applicable
S3500-24T 24x10/100/1000BASE-T Not Applicable
S3500-24P 24x10/100/1000BASE-T 400W | 689W
S3500-48T 48x10/100/1000BASE-T Not Applicable
S3500-48P 48x10/100/1000BASE-T 400W | 689W
S3500-48PF 48x10/100/1000BASE-T 850W | 1465W
7CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
S3500: Front and Rear Views
• Modular Components
– Power Supplies
– Fan Tray
– Uplink Module
• Management
– Console (RJ45 Serial)
– Out-of-band Ethernet
– USB Storage
– LCD Display
• Dimensions & Airflow
– 1RU
– 1.75˝ (H) x 17.5˝ (W) x 17.5˝ (D)
– Front/Side to Rear Airflow
• Mounting Options
– 2 Post Rack (front & mid-mount)
– 4 Post Rack
– Wall Mount
• Limited Lifetime Warranty
Optional
Uplink Module
S3500 Rear View
USB
Console
Field-Replaceable
Fan Tray
Hot-Swappable Power Supplies
Ethernet
Out-of-Band
S3500-24F Front View
24x1000BASE-X SFP Ports
LCD
S3500-48P Front View
Fixed 10/100/1000BASE-T Ports
LCD
8CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
S2500 Mobility Access Switch
• Designed for Wired Access
– 24/48 Port 10/100/1000BASE-T
– Wire-rate and non-blocking performance
– Role-based access with user visibility
– Per port PoE/PoE+
• ArubaStack
– Stack up to 8 devices
– Up to 384x GbE and 16x 10GbE
– Single management IP address
– Single configuration file
– Stackable with S3500
• Flexible Forwarding Options
– Traditional L2/L3 Switching
– Tunnel traffic to Mobility Controller
• Integrated Components
– Built in fans for quiet operation
– Fixed 4-port uplinks
• 1000BASE/10GBASE-x SFP/SFP+
SKU Ports PoE Budget
S2500-24T 24x 10/100/1000BASE-T Not Applicable
S2500-24P 24x 10/100/1000BASE-T 400W
S2500-48T 48x 10/100/1000BASE-T Not Applicable
S2500-48P 48x 10/100/1000BASE-T 400W
9CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
S2500: Front and Rear Views
S2500 Front ViewLCD
Display
Fixed 10/100/1000BASE-T Ports
• Fixed Components
– Built-in 4xSFP/SFP+ Uplinks
– Integrated Power Supply
• PoE Budget
– 400W
– PoE Priority Available
• Management
– Console (RJ45 & mUSB Serial)
– Out-of-band Ethernet
– USB Storage
– LCD Display
• Dimensions & Airflow
– 1RU
– 1.75˝ (H) x 17.5˝ (W) x 12˝ (D)
– Side to side airflow
• Mounting Options
– 2 Post Rack (Front)
– Wall & 2-Post Mid Mount
• Limited Lifetime Warranty
Fixed
4x 1000BASE-x/10GBASE-x
(SFP/SFP+) Ports
S2500 Rear View
USB Integrated
Power Supply
Ethernet
Out-of-Band
RJ-45 & Mini-USB
Console
Fixed Fans
10CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
S2500: Front and Rear Views
• Designed for Wired Access
– 12/24/48 Port 10/100/1000BASE-T
– Wire-rate and non-blocking performance
– Role-based access with user visibility
– Per port PoE/PoE+
• ArubaStack
– Stack up to 8 devices
– Single management IP address
– Single configuration file
• Flexible Forwarding Options
– Traditional L2/L3 Switching
– Tunnel traffic to Mobility Controller
• Integrated Components
– Built in fans for quiet operation (24P/48P)
– Fanless (12P)
– Fixed 2-port (12P) & 4-port (24P/48P) uplinks
• 1000BASE-x SFP
SKU Ports PoE Budget
S1500-12P 12x 10/100/1000BASE-T 120W
S1500-24P 24x 10/100/1000BASE-T 400W
S1500-48P 48x 10/100/1000BASE-T 400W
11CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
S1500-24P/48P: Front &Rear Views
S1500-24/48P Rear View
Console
USB
Fixed
4x 1000BASE-X
(SFP) Ports
48x 10/100/1000 (RJ45) Ports
• Fixed Components
– Built-in 4xSFP Uplinks
– Integrated Power Supply
• PoE Budget
– 400W
– PoE Priority Available
• Features & Scaling
– Same features as S2500/S3500
– Reduced scaling vs. S2500/S3500
• Management
– Console (RJ45)
– USB Storage
• Dimensions & Airflow
– 1RU
– 1.75˝ (H) x 17.5˝ (W) x 12˝ (D)
– Side to side airflow
• Mounting Options
– 2 Post Rack (Front)
– Wall & 2-Post Mid Mount
• Limited Lifetime Warranty
Integrated
Power Supply
Fixed Fans
Mode LEDs and
SelectorS1500-48P Front View
12CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
S1500-12P: Front & Rear Views
S1500-12P - Front View
USB
Console
RJ-45
12x 10/100/1000Base-T
With 8x PoE/PoE+)
2x 1000BASE-x
(SFP)
Mode LEDs and
Selector
Cooling Vents on
Top and Bottom for
Fanless Design
• Fixed Components
– Built-in 2xSFP Uplinks
– Integrated Power Supply
• PoE Budget
– 8x PoE/PoE+ with 120W Budget
– PoE Priority Available
• Features & Scaling
– Same features as S2500/S3500
– Reduced scaling vs. S2500/S3500
• Management
– Console (RJ45)
– USB Storage
• Dimensions & Airflow
- 1.72" (H) x 13" (W) x 8.9" (D)
– Fanless
• Mounting Options
– Desktop (Rubber feet included)
– Rack & Wall Mount (Included)
– Magnet Mount (Optional)
• Limited Lifetime Warranty
S1500-12P - Rear View
Integrated
Power Supply
Security Lock Slot
13CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Platform Comparison
Capability / Feature S3500-XXP S3500-XXT S2500-XXP S2500-XXTS1500-
XXP
S1500-
12P
Number of Ports 24/48 24/48 24/48 24/48 24/48 12
10/100/1000 Fixed Ports Yes Yes Yes Yes Yes Yes
Line Rate Yes Yes Yes Yes Yes Yes
Uplink Performance 4 x 10G SFP+ 4 x 10G SFP+ 4 x 10G SFP+ 4 x 10G SFP+ 4 x 1G SFP 2 x 1G SFP
Uplinks Options Modular Modular Integrated Integrated Integrated Integrated
LCD Yes Yes Yes Yes No No
Modular Power Yes Yes No No No No
Dual Power Yes Yes No No No No
PoE/PoE+ (15.4W/30W) Yes N/A Yes N/A Yes Yes
PoE Budget (W) 400/689/1465 N/A 400 N/A 400 120
Max Simultaneous PoE/PoE+ 48A/48A N/A 25/13 N/A 25/13 7/4
Modular Fan (FRU) Yes Yes No No No No
ArubaStack Yes Yes Yes Yes Yes Yes
Max ArubaStack Members 8 8 8 8 8 8
Mixed Product Line ArubaStacks Yes Yes Yes Yes No No
Depth 17.5”/19.5” A 17.5” <12” <12” <12” <9”
Ambient Sound 48dB 48dB 42dB 42dB 42dB 0dB
List Price (24/48) $3,995B/$6,995B $3,195B/$5,495B $3,795/$6,795 $2,995/$5,195 $2,495/$4,595 $1,595Note A: Assumes dual 1050W power supplies | Note B: Single power supply(600W for P SKU and 350W for T SKU) and no uplink module (S3500-4x10G - List $1495)
14CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Features & Capabilities Overview
• Spanning Tree
- Multiple Spanning Tree (MSTP)
- Rapid PVST+
• Link Aggregation Group
• Hot Standby Link
• L2 Generic Router Encapsulation
• Voice VLAN
- LLDP-MED
- CDP Fingerprinting
• Port Security
- DHCP Snooping, DAI & IPSG
• Quality of Service
- Strict Priority Queuing
- 1 Rate Tri-Color Policing
• Ethernet OAM 802.3ah
Platform / Layer 2 Features Routing / Branch Features
• Routed Virtual Interfaces (RVI)
• Static Routing
• OSPFv2
- MD5 Authentication
- Route Filtering
• Policy Based Routing
• Virtual Router Redundancy Protocol
• L3 Generic Router Encapsulation
• Multicast
- PIM-SM
- IGMP Snooping/MLDv1
• Network Address Translation
• Stateful Firewall
• Site to Site VPN
- Includes OSPF over VPN
15CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Features & Capabilities Overview (Cont.)
• Role Based User Access
• User Derived Roles
- MAC Address Variable Match
- DHCP Signature Match
- LLDP/CDP Phone Match
• AAA Authentication
- 802.1x
- MAC Auth
- Captive Portal (Internal/External)
• External Authentication Servers
- Radius
- TACACS+
- LDAP
• Radius Fail-Open
Authentication & Security Aruba Portfolio Integration
• Aruba Activate
• Mobility Controller
- Tunneled Node
- AirGroup
- Auto AP PoE Prioritization
- Auto AP QoS Trust
• Instant AP
- Auto AP PoE Prioritization
- Auto AP QoS Trust
- Rogue AP Enforcement
- VLAN Sharing
• ClearPass Policy Manager (CPPM)
- Downloadable Roles & ACLs
- Redirect to ClearPass Guest
16CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Wired Access Point
17CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Wired Access Point (Tunneled Node)
LAN Core
• Single policy for WLAN and wired
• Role-based policy enforcement at Mobility Controller
• Tunnel traffic requiring increased security
• Per-Port Tunneling (Access/Trunks)
• Minimize VLANs between Edge and Core
• Redundant Mobility Controller Support
Mobility
Controller
AirWave
Management
Platform
ClearPass Policy
Manager
Tunnel from wired AP
Mobility Access
Switch
Access Point
18CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Tunneled Node Mobility Controller Scaling
7240 7220 7210 M3 3600 3400 3200 650 620
Concurrent
Users32,768 24,576 16,384 8,192 8,192 4,096 2,048 512 256
# of Ports
Tunneled16,384 12,288 8,192 4,096 1,024 512 256 96 48
Firewall
Throughput40 Gbps 40 Gbps 20 Gbps 20 Gbps 4 Gbps 4 Gbps 3 Gbps 2 Gbps 800 Mbps
# of AP
Licenses2,048 1,024 512 512 128 64 32 16 8
License Description
Licenses Applied to the Mobility Controller
LIC-X-AP S2500/S3500 Wired AP device deployed as a single device or as an ArubaStack*
will consume a single AP license.
• Provides connectivity to controller for config• Centralized Authentication, etc.
LIC-PEFNG-X S2500/S3500 Wired AP device deployed as a single device or as an ArubaStack*.
will consume a single Policy Enforcement Firewall license• Provides wired policy enforcement for tunnel traffic
LIC-RFP-X S2500/S3500 Wired AP device deployed as a single device or as an ArubaStack*.
will consume a single RFProtect license
* An ArubaStack will consume a single license; max 8 devices in an Arubastack
19CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Wired Access Point Demo
20CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Activate & Airwave Integration
21CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Aruba Activate
2. Mobility Access Switch first
attempts to download a configuration
via TFTP
Aruba
Activate
Simplify and enable rapid deployment
1. Connect device 2. Verify LEDs GREEN 3. Move to new location 4. Repeat steps 1 3
Branch Location
Mobility Access Switch
Airwave Management Platform
Headquarters Location
3. When TFTP fails, the Mobility
Access Switch attempts to
contact Activate. Mobility
Access Switch sends Serial
Number and system MAC
address.4. Airwave responds
with Airwave IP, Shared
Secret, Group Name
and Folder Name.
5. Mobility Access Switch contacts Airwave and
provides Shared Secret, Group Name and Folder
Name.
6. Airwave contacts Mobility Access
Switch and pushes down group
configuration
TFTP? Are
you there?
Help me Aruba
Activate, you’re my only
hope!Hi Airwave!
Configure
Me!
• Automates Product
Installation
• Automates Software
Updates
• Inventory Management
1. Customer Enables Service
& Inputs Provisioning Rules
Hi Mobility
Access Switch!
Yippie! All
Configured!
Hi Mobility
Access Switch!
22CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
AirWave Management Platform & Mobility Access Switch
• Hardware Monitoring & User Visibility
– Inventory and Uptime
– Visibility Into Wired Network Usage
– SNMP Trap and Syslog Support
• Software Configuration & Firmware Management
– Configuration Changes
– Configuration Backups
– Firmware Upgrades
• Reporting
– Compliance Reporting
– Report and Track Wired Users
23CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Activate & Airwave Integration Demo
24CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
25
Thank You
#AirheadsConfCONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved