ArubaOS-SwitchesFunktionen, Einsatzszenarien, Designansätze und Roadmap UpdateHolger Hasenaug, HPE Aruba, Consulting Systems EngineerMASE, CCIE #6343

May 02, 2017

2

Aruba Portfolio for Mobile-First SwitchingSoftware

differentiation

Hardware differentiation

Light layer 3

Layer 2

Adv layer 3

Basics with merchant Si

HPE ASIC, stacking

Modular uplinks, internal RPS, SmartRate*

Max performance and scalability,

SmartRateModular chassis

Aruba 2530

Aruba 2930F

Aruba 3810Aruba 5400R v3

Aruba 2920

Aruba 2540

FlexNetwork5940

FlexNetwork10500

FlexNetwork7500

3

Aruba Portfolio for Mobile-First SwitchingSoftware

differentiation

Hardware differentiation

Light layer 3

Layer 2

Adv layer 3

Basics with merchant Si

HPE ASIC, stacking

Modular uplinks, internal RPS, SmartRate*

Max performance and scalability,

SmartRateModular chassis

Aruba 2530

Aruba 2930F

Aruba 3810Aruba 5400R v3

Aruba 2930M

Aruba 2540

FlexNetwork5940

FlexNetwork10500

FlexNetwork7500

4

Aruba 2930M Switch Series

5

Aruba 2930M Switch Series

Secure with ClearpassPolicy Manager Support

On Prem managementWith AirWave support

Layer 3 Switching withStatic, RIP and AccessOSPF Support

ArubaOS-Switch andGen6 Aruba Provision ASIC

802.3bz HPE SmartRate Support with Optional 4-port Module

High Speed ConnectivityWith 10GbE and 40GbEuplinks

Modular backplane Stacking up to 10 switchunits

Up to 1440W of PoE+With a second modularPower supply

Cloud-manageableWith Central support

HPE/Aruba Limited Lifetime Warranty

POE+ and non-PoEmodels

Management Ports:• Dual Personality RJ-45

or MicroB USB• -1000GbaseT

Out-of-band Ethernetport

• -USB port for memory stick (upload/download files)

Modular 4-port10GbE SFP+, 1-port40GbE QSFP+, 4-port 802.3bz HPE Smart Rate uplink ports

1000BaseT/1G SFP Combo Ports

2-port Stacking Module

Dual Modular PowerSupplies supported

IEEE 1588 v2 PrecisionTime Protocol

Hibernation mode toReduce overall power Consumption and improve security

HPE/Aruba Confidential

6

Aruba 2930M Switch Series - Rear View

2 Power Supply Slots• Non PoE+:

• 12VDC 250W PSU • PoE+

• 54VDC 680W PSU• 54VDC 1050W PSU

PSUs shared with 3810 series.No PSU included

Stacking Module Slot• 2-port Stacking Module

Uplink / connectivity Slot• 4-port 10G SFP+ module• 1-port 40GbE QSFP+ module• 4-port 1, 2.5, 5, 10G Smart Rate moduleModules shared with 3810 series

Fixed Fans

Front to back aiflow

7

Access layer deployments

Medium enterprise campus

Large enterprise campus

8

Aruba 2920

Aruba 2930M

Aruba 2930F

Aruba 2920 Aruba 2930F Aruba 2930MLayer 3 with static, RIP, Access OSFP +PIM, PBR and VRRP +PIM, PBR and VRRP

Stacking 4 chassis (backplane) 4 chassis (VSF) 10 chassis (backplane)

10GbE uplinks – SFP+

10GbE uplinks -10GBASE-T x With Smart Rate module

Smart Rate x x

40GbE uplinks x x

Power Supply 1 x removable fixed 2 x removable

PoE+ maximum 1440W Fixed: 370W 1440W

MACsec x x

SDN Optimized

ClearPass

AirWave & Central

Moving up from the 2920

Aruba 2930M also supports Power Save Mode and IEEE1588v2 (Precision Time Protocol (PTP))

9

Aruba 2920 Aruba 2930F Aruba 2930M Cisco 2960X Cisco 2960XRLayer 3 with static, RIP, Access OSFP x ✓

Stacking 4 chassis (backplane)

4 chassis(VSF)

10 chassis (backplane) 8 chassis 8 chassis

10GbE uplinks

10GBASE-T x With Smart Rate

module x x

Smart Rate x x x x

40GbE uplinks x x x x

PoE+ maximum 1440W Fixed: 370W 1440W 740W 740W

SDN Optimized x x

Redundant PSU x

Cloud and Local management x x

Facing the competition

Aruba 2930M also supports Power Save Mode and IEEE1588v2

10

Aruba 2930F Switch Series

11

Aruba 2930F Switch Series

– Stackable switch

– 5 models with SFP+ uplinks

– 4 models with SFP uplinks

– Fixed power supply

– Fixed uplinks

– VSF – frontplane stacking (up to 4 units)

– Access OSPF Routing

– PIM, PBR and VRRP

– SDN Support

10G Uplinks

1GUplinks

12

Aruba 2930F Switch SeriesAruba 2930F 8G PoE+ 2SFP+ Switch (JL258A)

– 8 auto-sensing Gig-T ports– 2 x 1/10Gbps SFP+ uplink ports– 125W of PoE+ Power supporting 4 x 30W, 8 x 15.4W and 8 x 7W devices– RJ-45 and USB micro-B Serial console ports– Fanless design

13

Virtual Switching Framework (VSF)

2930F with VSF

5400R with VSF

5400R with VSF Simplify network operations

Scalable performance

Increases resiliency

Available on Aruba 5400R and 2930F– Aruba 5400R

– Up to 2 members– Chain topology

– Aruba 2930F (requires AOS-Switch 16.03)– Up to 4 members– Chain and Ring topologies

14

Virtual Switching Framework (VSF)

What?– VSF: Virtual Switching Framework

– Stacking technology

– Stack interconnect using Ethernet interfaces– Copper / Fiber / DAC– 1G, 10G or 40 G

Supported on – Aruba 5400R Switch Series– V3 modules only– Chain topology: up to 2 chassis– Up to 8 physical links per VSF link– VSF-ports: 10GbE or 40GbE port aggregations

(*) in each direction

– Aruba 2930F Switch Series– VSF up to 4 units– VSF-ports: 1GbE or 10GbE port aggregation– 2 units: chain topology only– 3 or 4 units: ring topology

15

Fast Software Upgrade minimizes downtime

Minimizes downtime during upgrade on a 5400R VSF stack by upgrading the chassis sequentially while still allowing traffic to flow through other chassis

Minimal downtime (< 2 seconds) during upgrade positions 5400R for high availability use cases in the campus core

Available on 5400R VSF stack with 16.03

VSF

LACP

LACP

Aruba5400RSwitch

WAN Router

Aruba Mobility

Controller

16

Backplane stacking (BPS)

What?– Stacking technology

– Stack interconnect using specialized hardware: stacking module and cables

(*) in each direction

Supported on

– Aruba 2930M Switch Series– Ring topology: up to 10 units– Stack port throughput*: up to 25Gbps– Stack module throughput*: up to 50Gbps

– Aruba 2920 Switch Series– Ring topology: up to 4 units– Stack port throughput*: up to 20Gbps– Stack module throughput*: up to 40Gbps

– Aruba 3810 Switch Series– Mesh topology: up to 5 units– Ring topology: up to 10 units– Stack port throughput*: up to 40Gbps– Stack module throughput*: up to 160Gbps

17

Aruba 2530 Switch Series

18

Aruba 2530 Switch Series

Sep, 2017 -Target End of sale of

Aruba 2530 10G switch models

Aruba 2540 10G switch models

19

Aruba 2540 Switch Series

20

Aruba 2540 Switch Series Pictures and Dimensions

Product number Product name Dimensions

JL354A Aruba 2540 24G 4SFP+ Switch 442.5mm x 200.25mm x 43.95mm (17.4” x 7.9” x 1.73”)

JL355A Aruba 2540 48G 4SFP+ Switch 442.5mm x 246.38mm x 43.95mm (17.4” x 9.7” x 1.73”)

JL356A Aruba 2540 24G PoE+ 4SFP+ Switch 442.5mm x 304.25mm x 43.95mm (17.4” x 12” x 1.73”)

JL357A Aruba 2540 48G PoE+ 4SFP+ Switch 442.5mm x 304.25mm x 43.95mm (17.4” x 12” x 1.73”)

21

Aruba 2530, 2540, 2930F Switch Series portfolio comparisonFeature / Switch

Aruba 2530with 10GbE uplinks (EOS Sep 17)

Aruba 2540 with 10GbE uplinks

Aruba 2930F with 10GbE uplinks

Software Layer 2 Layer 2 and basic L3 with static and RIP Layer 2 and L3 with static and RIP, Access OSPF

Routing No 256 Static Entries. 2,000 Dynamic IP RoutesRIP only

256 Static Entries. 10,000 Dynamic IP Routes. Access OSPF v2/v3, VRRP, PBR, PIM SM/DM

Stacking No No VSF Stacking up to 4 switches

10 GbE uplinks Fixed 2 x 10GbE SFP+ Fixed 4 x 10GbE SFP+ Fixed 4 x 10GbE SFP+

Power Supply Internal fixed up to 370W PoE+ Internal fixed up to 370W PoE+ Internal fixed up to 370W PoE+

PoE+ Fixed power supply up to 195W on 24 port and up to 370 W on 48 port

Fixed power supply up to 370W on both 24 and 48 port

Fixed power supply up to 370W on both 24 and 48 port

Operating Temperature 0–45 degrees Celsius 0–45 degrees Celsius 0–45 degrees Celsius

Forwarding Capacity 88 Gbps - 136 Gb/s 128 Gbps – 176Gbps 128 Gbps – 176Gbps

Throughput 65.4 Mpps – 101 Mpps 95.2 Mpps – 112 Mpps 95.2 Mpps – 112 Mpps

AirWave, ClearPass Policy Manager Yes Yes Yes

Aruba Central Yes Yes Yes

ZTP AirWave (DHCP) AirWave (Activate & DHCP), Central AirWave (Activate & DHCP), Central

Static IP visibility on RADIUS Acc. No Yes Yes

Time Domain Reflectometry (TDR) No Yes Yes

22

Aruba 2530, 2540, 2930F Switch Series portfolio comparisonFeature / Switch

Aruba 2530with 10GbE uplinks (EOS Sep 17)

Aruba 2540 with 10GbE uplinks

Aruba 2930F with 10GbE uplinks

Role Based Access Control (RBAC) No Yes Yes

IPv6 ND Snooping No Yes Yes

DHCP IPv6 Snooping No Yes Yes

Source MAC based ARP attack detection (ARP throttle) No Yes Yes

DHCP Server No Yes Yes

SDN (OpenFlow) No No Yes

Tunnel Node to Mobility Controller No No Yes

VXLAN No No Yes

IP SLA (UDP Jitter for Voice) No No Yes

Q-in-Q No No Yes

Intelligent Mirroring(Remote Mirroring, MAC Mirroring) No No Yes

Private VLAN No No Yes

Rapid-PVST Instances 32 32 128

23

ArubaOS-Switch Software UpdateBetter together

24

Aruba Mobile-first architecture: an integrated campus solution

Aruba switches are an integral part of the Aruba mobility solution

Infrastructure

Switch + AP

Smart Rate (2.5/5Gbps)

10/40GbE uplinks Rogue AP isolation

VSF / BPS

Full PoE+

Auto AP detection

25

Smart Rate– Enable full 802.11ac Wave 2 bandwidth

– Multi-rate gigabit Ethernet ports– 1, 2.5, 5 and 10GBASE-T– PoE+ at 1, 2.5 and 5 Gbps operation

– Available on– AP-335 and AP-334– 3810M – 5400R switch– 2930M

– New 802.3bz standard– Standard for multi-rate (2.5/5Gbps) gigabit Ethernet– Ratified: September 2016– Smart Rate > 802.3bz will be a software update (availability June 2017

with ArubaOS-switch 16.04)

Aruba AP-330

Aruba 3810 Switch

Aruba 5400R Switch

Aruba AP-330

2.5 or 5 Gbps

2.5 or 5 Gbps

26

Aruba AP auto detection

– AP is connected to the switch on the port

– If profile is enabled for device type aruba-ap– Switch uses LLDP to identify the device– The device introduces itself as aruba-ap– If profile has been configured the port receives the configuration stored in the device-profile <name>– If not, the port receives the configuration stored in the default-ap-profile

LLDP: “aruba-ap”

• Untagged and tagged VLAN list

• CoS value

• Ingress and egress bandwidth %

• PoE priority level

• PoE max power

• Speed and duplex mode

• MTU

AP profile

27

Rogue AP isolation

– If the Aruba IAP detects a rogue AP

– Sends the rogue device’s MAC address to the switch using an LLDP extension TLV

– On the switch– The rogue MAC is stored in the system logs– A rule is added to the ACL table to block all traffic to and from

that MAC address

– Rogue AP isolation whitelist:– Manually configured– Devices that may be reported as rogue but should be allowed

Intruder

AP

LLDP: “rogue-ap-mac: <mac>”

Instant AP

28

ArubaOS-switch version 16.03New PoE+ power reservation behavior & more extensive PoE show commands

– Old behavior before 16.03:– When the switch port is configured in “poe-alloc-by-usage” mode (default) and PoE+ LLDP is enabled (default), even

when a PoE+ AP is only drawing 5-8 Watt per port, the power reserved on the port is as per LLDP requested power. – Disadvantage: This limits the total number of such APs that will be powered by the switch.

– New behavior with 16.03:– The power reservation on the port is now as per the actual used power and not per LLDP requested power. – Advantage: This allows more APs/devices to be powered on than before

29

203H Access-Point: • Power consumption (excluding USB, POE PSE): 7-13 W• Power consumption (including USB, POE PSE): 25.5 W• Power requested via LLDP (always): 25.5 W

Practical examplePoE+ power reservation behavior comparision

AOS-switch 16.02 and earlier AOS-switch 16.03

Aruba 203H Access-Point

Aruba 2530-8GPoE+ Switch

max. three Aruba 205H Access-Points poweredexcluding USB, POE PSE

max. five to eight Aruba 205H Access-Points poweredexcluding USB, POE PSE

30

Aruba Mobile-first architecture: an integrated campus solution

Aruba switches are an integral part of the Aruba mobility solution

Infrastructure

Switch + AP

Smart Rate (2.5/5Gbps)

10/40GbE uplinks Rogue AP isolation

VSF / BPS

Full PoE+

Auto AP detection

Control Tunneled node

SDN (controllers)

802.1X / MAC / Portal

RBAC: RADIUS/TACACS

Captive portal with Clearpass

Local user roleSwitch + ClearPass +

mobility controllers

31

ClearPass Integration Features

– Server Initiated Captive Portal using VSA– Ability to send a URL string dynamically using a VSA to

support a Captive Portal workflow for guest access.

– Port Bounce VSA– Ability to send a VSA to shutdown a port from 0-60

seconds to facilitate VLAN changes.

– Consolidated Client View– Enhance the switch per-auth type CLI client view to

provide consolidated client view with all auth types.

– New RADIUS Dictionary– Update existing ClearPass dictionary for HP Enterprise

including new VSAs for ArubaOS-switch integration.

32

Customizable Portal Features

Your branding and data fields✔

Advertising – mobile app, more…✔

Integration with 3rd party billing & property management systems

✔

Portal per department, location✔

Social login, MAC cache, QoS✔

www.grandarubahotel.com

www.levisstadium.com

33

Support for Role Based Policy in ClearPass

ClearPassUse external context to define granular policies

• User / role • Device fingerprint• OS version• Health checks• Jailbreak status

• Location• Trusted or

untrusted network

• Time• Date

• Wired, Wi-Fi, VPNenforcement

All Specifications Subject to change without notice

34

Recap: Per Port Tunnel Node (PPTN)

– Mobility Controller used as unified policy enforcement point for both Wired and Wireless clients

– Aruba-OS Switch setups a tunnel to the Mobility Controller

– Tunneled Node encapsulates 802.3 frames from clients to the Controller

– Each Switch consumes one license on the Mobility Controller

– Centralized Application Control and Visibility

Aruba MobilityControllers

Aruba Switches

35

What is Per User Tunnel Node (PUTN)?

– Per User Tunnel Node feature allows us to redirect specific Wired user traffic from Switches to the controller to enforce Firewall policies, perform Deep Packet Inspection and Bandwidth control

– PUTN feature will work with Standalone, MD (non-cluster) and Cluster Mobility Controllers

– Combined with Cluster feature, we can achieve clustering capabilities such as scalability, performance, reliability, redundancy and load balancing

– Supported from AOS 8.1 and AOS-Switch 16.04 version

Aruba Mobility Controllers

3810M

Tunnels

ArubaAP

5400R

36

Per User Tunneled Node*

Aruba Controllers

3810, 2930F/M

Tunnels

ArubaAP

5400R

* Requires future ArubaOS-Switch software update available Q3 2017

Secured and flexible control of access layer

– With Aruba ClearPass download or switch configuration, only traffic from specific user/device role is sent to the Controller

– Policies (e.g. QoS, ACL, rate-limit) are enforced at Tunneled Node ports

Access to Controller’s applications

– Users can access Controller’s applications such as stateful firewall and Aruba AppRF

Higher availability and scalability

– Load balance to multiple controllers for high scalability

– Stateful failover to standby management module for high availability

Available on the Aruba 5400R with v3, 3810, 2930F, 2930M

– Requires AOS 8.1 or later in the controllers

37

Differences between Per Port and Per User Tunneled Node

Feature Details Per Port Tunneled Node Per User Tunneled NodeUser Traffic All Traffic on the ’Tunneled’ interface will be

forwarded to the controllerUser traffic only forwarded to controller, if Switch finds the ‘redirect’ attribute in the user-role

User Auth User Authentication done at the controller. Controller decides the user-role for the wired users

User Authentication done by the Switch. Switch will send user-role information to the controller.

Modes supported on Mobility Controller

Standalone, MD (non-cluster) mode Standalone, MD (non-cluster), cluster

Switch Support Aruba 2920, 2930F, 2930M, 3800, 3810, 5400R

Aruba 2930F, 2930M, 3810, 5400R

AOS-SwitchVersion

16.02 16.04

AOS Mobility Controller Version

6.5 or higher 8.1 or higher

38

Aruba Mobile-first architecture: an integrated campus solution

Aruba switches are an integral part of the Aruba mobility solution

Infrastructure

Switch + AP

Smart Rate (2.5/5Gbps)

10/40GbE uplinks Rogue AP isolation

VSF / BPS

Full PoE+

Auto AP detection

Control Tunneled node

SDN (controllers)

802.1X / MAC / Portal

RBAC: RADIUS/TACACS

Internal captive portal

Local user roleSwitch + ClearPass +

mobility controllers

Network management ZTP AirWave

ZTP Central

IPsec to AirWave Device/interface monitoringConfiguration managementFirmware upgrade

Switch + AirWave + Central

39

Network management for the mobile-first campus

AirWave

Unified multi-vendor wired + wireless accessnetwork management

Central

Cloud-basedwired + wireless accessnetwork management

IMC

Advanced wired topology management for the core

40

ArubaOS-Switch 16.xx Integration

Management AirWave

PolicyClearPass

Zero Touch Provisioning

Cloud Mgmt.Aruba Central

Wireless-optimized

16.01 16.02 16.03

RADIUS/TACACS+, 802.1X,MAC Auth, Int. Captive Portal

Dynamic VLAN / ACL / CoS / Rate-Limit Attrib.; CoA & Disconnect

Discover switchesBasic monitoring

Zero Touch Provisioning (ZTP) with AirWave using

DHCP

Support for 2540Wired user visibility

Activate firmware upgrade

Static IP User Visibility

Support for 2920 and 2930FFull configuration &

management from the cloud

Rogue AP detection with IAPAuto configure VLAN, PoE

priority/powerUser View CLI command

Trust QoSPer-port Tunneled Node **

ZTP with Aruba Activate **IPSec support for Airwave

connection**

Support for 2540 and 3810M Partial Config Management

(CLI Window)

Ext. Captive Portal RedirectCoA Initiated Port Bounce

User Role

Full config. mgmt.CLI Window

Firmware Upgrade

** IPsec, and Activate-based ZTP are not supported in 2530, 2620. Tunneled node is not supported on 2530, 2620 and 2540.

41

L3 Features on 2930F/2930M

– Access OSPF is already supported on 2920 and 2930F in 16.02– OSPF routing between LAN access and the next layer

– Support OSPFv2, OSPFv3, and ECMP

– Scalability– Supports one OSPFv2 and one OSPFv3 area concurrently in the same switch with max of 8 x L3 VLAN interfaces– Recommended max of 200 routes

– PIM SM/DM, PBR and VRRP was added to 2930F in 16.03 to support customers looking to deploy L3 features at access.– PIM v4 Sparse and Dense modes limited to 16 interfaces and 200 routes– Policy Based Routing next hop limited to 16– VRRPv2 for IPv4 supported– VRRPv3 for IPv4 and v6 with maximum VRs limited to 128

– Aruba 2920 switch series have Access OSPF only. No support for PIM, PBR and VRRP.

42

Points to remember

Chassis based product:– 15.18 was the last release for old 8200 chassis with v1/v2 modules (EoS mid 2015)

– 16.02 was the last release for old 5400 chassis with v1/v2 modules (EoS end 2015)

⇒ It‘s the right time to upgrade customer to newer Aruba 5400R switch chassiswith v3 modules

Stackables:- 2930F and 2930M switch series have best price/feature performance incl. stacking, routing, IPv6 security,

per user tunneled node features incl. on premise management with Airwave/IMC and Cloud based-management with Central.

Aruba 5400R

Aruba 2930F Aruba 2930M

43

Investment protection with warranty and no software licensing

Hardware WarrantyOriginal Owner Lifetime

ReplacementsNBD Shipment

Software UpdatesPosted Releases

Phone Support(Best Effort, Product Conformance)

24x7 for 90 Days8x5 for Lifetime

hpe.com/networking/warrantysummary

44

• Announcement: May 1, 2017• Availability : May 6th• Literature, training, IRIS aligned

on May 6th

RoadmapAruba 2930 series - major platform for wired access

Q2 CY16

2930F launchAOS-S 16.02

Q4 CY16

2930F 8-portZTP built-in

code

Q1 CY17

2930F Stacking(VSF)

AOS-S 16.03

Q2 CY17

2930M launch

Future

AOS-S 16.04More 2930M

models

Discover2017

Las Vegas June 5 – 8

Vielen Dankholger.hasenaug@hpe.com

47

ArubaOS-Switch 16.01

48

Aruba software integration features

AirWave

− ZTP (DHCP/no IPSec)− Template-based configuration/mgmt− Firmware Upgrade

ClearPass− Ext. Captive Portal Redirect to ClearPass using “server-initiated”

framework− CoA Initiated Port Bounce

Access-Points

− Rogue AP detection− Auto add VLAN− Set PoE priority

49

Support for AirWave Network Management

Reduce time and cost for initial deploymentZero Touch Provisioning (ZTP)

Simplify upgrading switch softwareFirmware Upgrade

Enable switch remote management and trouble-shooting Management and Monitoring

50

Support for ClearPass Policy Manager

Provide on-boarding and access controlServer-initiated Captive Portal

Allow ClearPass to change policy and VLAN of active usersPort Bounce

51

Ensure power to AP has highest prioritySet PoE priority

Block traffic and shut down the port connected to rogue APRogue AP Containment

Automatically add VLAN from APAuto VLAN configuration

Configure Switch when Aruba AP is Detected

52

New featuresPrivate VLAN

Role Based Management

Instrumentation Enhancements

BFD

MVRP

IPv6 ND Snooping

NTP client

provides network security by restricting peer-to-peer communication to prevent a variety of malicious attacks

monitors link connectivity and reduces network convergence time for OSPFv2 and VRRP

allows multiple levels of login for switch management With 16 pre-defined levels, but can be modified by customers

improves instrumentation and supportability of the switch for easier diagnostics and trouble-shooting

IEEE standard (part of 802.1Q-2011) for dynamic registration and deregistration of VLANs

Network Time Protocol (RFC 5905) as either IPv4 or IPv6 clientsSupports max of 8 associations, dynamic or configured

enables IPv6 Neighbor Discovery inspection/snooping per VLANDetects host liveliness using Neighbor Unreachability Detection

53

New featuresARP throttling

OpenFlowenhancements

TDR

RIPng

Password complexity

VxLAN

RADIUS availability enhancements

encapsulation (tunneling) protocol for overlay network that enables a more scalable virtual network deployment

matches TCP flag and TCP/UDP port range

monitors number of ARP packets send from each host (MAC address)Shut down port or send warning if exceed max configurable number

detects faults in copper cable such as opens and shorts

IPv6 version of Routing Information Protocol (RIP)

allows administrator to set password rules such as expiration period, max number of attempts, valid password

tracks the availability of RADIUS servers and speed up the re-authentication process when servers become available again

54

New featuresIGMPv3

LLDP over OOBM

Increased VLAN and MSTP

REST

complies to RFC 3376 IGMPv3

supports Link Layer Discovery Protocol (LLDP) over the OOBM ports

supports 4096 simultaneous VLAN and 64 MSTP instances

supports REST management interface for certain configuration and access to switch resources

Multicast enhancements

Feature Preview Modeallows customers to access switch features that are not yet Generally Available for early preview

improves performance of multicast replication (only available in PreviewMode)

55

New features

ACL grouping

Bonjour and Chromecast Gateway

Schedule Job enhancements

Allows multiple ACL’s to be grouped together to save memory resource,resulting in increased number of ACL’s that can be supported

Allows Bonjour and Chromcast service advertisement to cross subnets

Adds more functionality to schedule job feature such as repeat job, group Job, and event triggered job

56

New features by platform (16.01)

5400R/v33810(KB)

5400R/v2(compat.

mode)(KB)

3800 (KA)

2920(WB)

2620 (RA)2530

(YA/YB)

5400/v2(K)

5400/v13500(K)

26152915(A)

820062006600(K)

Support for AirWave √ √ √ √ √ No No No No

Support for ClearPass √ √ √ √ √ √

Yes: CoA Port Bounce

No: Captive Portal Redirect

No No

Auto Config with Aruba AP √ √ √ √ √ No No No No

Virtual Switching Framework

5400R/v3 only No No No No No No No No

Private VLAN √ √ √ √ No No No No No

Role Based Mgmt √ √ √ √ No No No No No

InstrumentationEnhancements √ √ √ √ √ No No No No

BFD √ No No No No No No No No

MVRP √ √ √ √ No No No No No

Last release15.16

Last release15.18

57

New features by platform (16.01)

5400R/v33810(KB)

5400R/v2(compat.

mode)(KB)

3800 (KA)

2920(WB)

2620 (RA)2530

(YA/YB)

5400/v2(K)

5400/v13500(K)

26152915(A)

820062006600(K)

IPv6 ND snooping √ √ √ √ No No No No No

NTP client √ √ √ √ √ No No No No

ARP Throttling √ √ √ √ No No No No No

OpenFlowenhancemts1 √ Already

supportedAlready

supportedAlready

supported No No No No No

TDR2 √ No No No No No No No No

RIPng √ √ √ √ No No No No No

Password Complexity √ √ √ √ √ No No No No

VxLAN √ No No No No No No No No

RADIUS avail enhancement √ √ √ √ No No No No No

1) TCP flag matching and TCP/UDP port range 2) TDR not supported on Smart Rate ports

Last release15.18

Last release15.16

58

New features by platform (16.01)

5400R/v33810(KB)

5400R/v2(compat.

mode)(KB)

3800 (KA)

2920(WB)

2620 (RA)2530

(YA/YB)

5400/v2(K)

5400/v13500(K)

26152915(A)

820062006600(K)

IGMPv3 √ √ √ √ No No No No No

LLDP (OOBM) √ √ √ √ No No No No No

4K VLAN √ √ √ No No No No No No

64 MSTP √ √ √ No No No No No No

REST/JSON √ √ √ √ √ No No No No

Multicast enhancements √ No No No No No No No No

Preview Mode √ √ No No No No No No No

ACL grouping √ √ √ √ No No No No No

Bonjour/Chromcast GW √ √ √ √ No √ √ No No

Schedule Job √ √ √ √ √ No No No No

Last release15.16

Last release15.18

59

Other small enhancements in 16.01

– Increase maximum password length for local user from 16 to 64 characters

– New options added to CLI command for RADIUS to configure replay protection for dynamic authorization messages "positive-time-window" and "plus-or-minus-time-window".

– New <logging> option is added to static IP routing configuration CLI command to turn ON logging facility for IP traffic destined to blackhole

– Added CLI checks to prevent Private VLAN and VxLAN from being configured simultaneously.

– Per port enable fault-finder link flap detection added

60

ArubaOS-Switch 16.02

61

Support for AirWave Network Management

Support IPSec and Activate-based ZTP*Zero Touch Provisioning (ZTP)

Additional management, configuration, and monitoring capabilities

Management and Monitoring

* Activate ZTP • Not supported in 2530/2620• See note on installation and Activate loading requirement

62

Support for ClearPass Policy Manager

MAC Auth user visibility, support Captive Portal in 5400/v1 modules and 3500

Enhancement to ClearPass support and Captive Portal

User Role*

New AAA deployment model using switch-based policies (e.g., VLAN, ACL, QoS, and rate limit).

* User Role does not require ClearPass but it is easier to manage and deploy with ClearPass

63

Tunneled Node*

Set QoS policy when Aruba AP is connected

provide tunnel to transport network traffic on a per-port basis to Aruba Controller. Authentication and network policies will be applied and enforced at the Controller

Trust QoS

* Tunnel Node is not supported in 2530/2620, see platform matrix for more details

Integration with Aruba Controllers and AP

64

New features by platforms (16.02)

5400R/v33810(KB)

5400R/v2(compat.mod

e)(KB)

3800 (KA)

2930F(WC)

2920(WB)

2620 (RA)

2530 (YA/YB)

5400/v2(K)

5400/v13500(K)

26152915(A)

820062006600(K)

User role √ √ √ √ √ √ YA only No No N/A N/A

Tunneled node √ √ √ √ √ No No No No N/A N/A

Activate ZTP √ √ √ √ √ No No No No N/A N/A

IPsec for ZTP √ √ √ √ √ No No No No N/A N/A

ClearPass Captive Portal

Avail in previous release

Avail in previous release

Avail in previous release

√Avail in

previous release

Avail in previous release

Avail in previous release

Avail in previous release

√ N/A N/A

Aruba Central No No No √ √ No No No No N/A N/A

Latency Measure √ √ √ √ √ No No No No N/A N/A

Access OSPF full OSPF Avail

full OSPF Avail

full OSPFAvail √ √ No No No No N/A N/A

Trust QoS √ √ √ √ √ √ YA only No No N/A N/A

Last release15.16

Last release15.18

65

Other small enhancements in 16.02

– Port-based MAC authentication– Dynamically changing from client-based (every MAC authenticated on a port port) to port-based (first MAC open port for all

MACs) MAC authentication using RADIUS VSA “HP-Port-Auth-Mode-MA”. – Use case: switch-to-switch or AP-to-switch authentication.

– LLDP Authentication bypass with AP– Username VSA in RADIUS Accept packets recognized and shown in “show port-access clients”. Used by Web

Authentication with Clearpass– Log Blackhole/NULL Route– AirWave Management Platform (AMP) Server MIB Changes– Add 'no CoS' to Device Profile– Add MTU to Device Profile– ACL Logging Match configurations persistent using the write memory– Tunneled Node enhancement: fallback to switching and CoA– Trap generation with hardware removal/insertion– TCP Push Preserve mode is set to DISABLED by default.

66

ArubaOS-Switch 16.03

67

Features in ArubaOS-Switch 16.03

Support for measuring voice quality metrics to address the top use case for performance monitoring in the Campus.IP SLA for Voice

Central support for 2540 and 3810 and several better-together features. Details in a separate slide.

Aruba Integration Features

2930F supports up to 4 members on a VSF stack. Supported on 1G and 10G links.VSF on 2930F

Reduced downtime on 5400R stacks with VSF during software upgrade.

Fast Software Upgrade on 5400R

Support for PIM, PBR and VRRP on 2930F.L3 Features on 2930F

68

Aruba Integration Features in ArubaOS-Switch

RADIUS accounting for clients with static IP address.Static IP Visibility

Several enhancements including CLI Window and ability to monitor Syslog and SNMP via external tools

Aruba Central Enhancements

Support for 2540 and 3810 on Aruba Central*Additional Platforms on Aruba Central

Latest firmware from MyNetworkingPortal will be available on the Aruba Activate portal when switch connects.

Firmware Upgrade on Aruba Activate

Support for 2540 and Wired user visibility.Airwave Enhancements

* No Aruba Central support on 2530 and 2620. Aruba Central already supports 2920 and 2930F

69

New features by platform (16.03)

5400R/v3(KB)

3810(KB)

5400R/v2(compat.

mode)(KB)

3800 (KA)

2930F(WC)

2920(WB)

2540(YC)

2620 (RA) 2530 (YA/YB) 5400/v2

(K)

5400/v13500(K)

26152915(A)

820062006600(K)

VSF2 member VSF

available already

No No No Yes(4 members) No No No No No No N/A N/A

Fast Software Upgrade for VSF Yes No No No No No No No No No No N/A N/A

IP SLA for Voice Yes Yes No No Yes No No No No No No N/A N/A

Basic L3 features (OSPF, PIM, PBR. VRRP)

Advanced L3available already

Advanced L3 available already

Advanced L3 available already

Advanced L3 available already

Yes OSPF (one instance) No No No No

Advanced L3 available already

N/A N/A

Aruba CentralSupport No Yes No No Already

supportedAlready

supported Yes No No No No N/A N/A

Static IP Visibility Yes Yes Yes Yes Yes Yes Yes No No No No N/A N/A

Last release16.02

Last release15.16

Last release15.18

70

Other small enhancements in 16.03

– DHCP Snooping modification– Federal Government certifications– Hiding sensitive information– IPsec added– Job Scheduler modification– LLDP disable sending out the management IP addresses as part of LLDP TLVs– OpenFlow enhancements– Warning message for configuring PoE allocate-by-value– REST (Additional REST APIs)– show interface command enhancements– show power-over-ethernet command enhancements– show system commands enhancements– TCP Push Preserve modification– VLAN range command addition

71

Trainings and Documentation

72

Deep dive technical web-based trainings for partners

– ArubaOS-Switch v16.01 Technical Training (01068747)– https://hpe-

external.sabacloud.com/Saba/Web_spf/HPE/common/searchresults/01068747/LEARNINGEVENT%2COFFERINGTEMPLATE%2CCERTIFICATION%2CCURRICULUM%2COFFERING%2CPACKAGE

– ArubaOS-Switch v16.02 Technical Training (01090183)– https://hpe-

external.sabacloud.com/Saba/Web_spf/HPE/common/searchresults/01090183/LEARNINGEVENT%2COFFERINGTEMPLATE%2CCERTIFICATION%2CCURRICULUM%2COFFERING%2CPACKAGE

– ArubaOS-Switch v16.03 Technical Training (01092870)– https://hpe-

external.sabacloud.com/Saba/Web_spf/HPE/common/searchresults/01092870/LEARNINGEVENT%2COFFERINGTEMPLATE%2CCERTIFICATION%2CCURRICULUM%2COFFERING%2CPACKAGE

73

ArubaOS-switch Documentation:

– Hardware: – Quick Setup Guide and Safety/Regulatory Information– Installation and Getting Started Guide– Modules Installation Guide (for some models only)– Rail Mounting Kit Installation Instructions (for some models

only)– Fan Tray Replacement Instructions (for some models only)– Power Supply Guide (for some models only)– Transceiver Guide

– Software– Feature and Commands Index– Software Feature Support Matrix

– Software cont.:– Basic Operation Guide– Management and Configuration Guide– Access Security Guide – Advanced Traffic Management Guide– Multicast and Routing Guide– IPv6 Configuration Guide– Power over Ethernet (PoE/PoE+)

Planning and Implementation Guide– OpenFlow 1.3 Administrator Guide– Service Insertion Guide– Event Log Message Reference Guide– MIB and Trap Support Matrix– REST API and JSON Schema Reference Guide– MAS Feature Integration Reference Guide– Comware CLI Commands in Provision Software– HPE ProVision Switch Software Troubleshooting Guide

74

Reading path for HPE ArubaOS-Switch documentation

75

14_AIRHEADS COMMUNITY

– 40K+ Mitglieder– 12% or 4,500 Mitglieder EMEA– + 1K Mitgliederzuwachs pro Monat– Community für: Kunden/Partner/Mitarbeiter/ Influenzer– 117k Forumeinträge– 7200 akzeptierte Lösungen– Durchschnittliche Antwortzeit ca. 18 min– 2.6 Mio. Besuche in 2015– Deutschsprachige Airheads Gruppe unter:http://community.arubanetworks.com/t5/Airheads-Channel-Group-German/gp-p/Germany