Advanced Aruba Mobility Access Switch Workshop

  • 1,557 views
Uploaded on

Practice makes perfect - let's get together to walk through the Aruba Mobility Access Switches product in real-time to better understand all the configuration, monitoring and reporting options …

Practice makes perfect - let's get together to walk through the Aruba Mobility Access Switches product in real-time to better understand all the configuration, monitoring and reporting options available. In this session you will be able to gather practical knowledge on how to use Mobility Access Switch features such as tunneling traffic to a Mobility Controller, enabling IP routing, zero-touch activation, role based authentication and more.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,557
On Slideshare
0
From Embeds
0
Number of Embeds
3

Actions

Shares
Downloads
56
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • 30:24 – 32:44

Transcript

  • 1. Advanced Mobility Access Switch Workshop Madani Adjali & Scott Calzia March, 2014
  • 2. 2 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Download Airheads Mobile
  • 3. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved 3 #AirheadsConf Agenda Platform Overview Wired Access Point Activate & Airwave Integration Aruba Central or SDN (TBD)
  • 4. 4 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Introducing the Aruba Mobility Access Switch Family • Security to wired access – Flexible role-based access – Policy moves from wireless to wired • Operational simplicity – Low-touch installation and configuration – Dynamic configuration of user policies – Integration with Aruba APs • Simplify the network – Reduce VLANs in the closet – Extend logical configurations • 802.11ac Ready – Scaled to support high-density deployments – PoE+ on every switch port – 10GbE uplinks (S2500/S3500)
  • 5. 5 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Mobility Access Switch Capabilities A. Ethernet Switch • Layer 2/3 forwarding • Native Role-based policy enforcement B. Integration with ClearPass • Downloadable Role/ACL • Captive Portal C. Wired Access Point • Tunneled Node • Role-based policy enforcement at Mobility Controller • Single policy for WLAN and LAN A. L2/L3 Forwarding C. Wired AP Mobility Access Switch Access Point LAN Core Mobility Controller AirWave Management Platform ClearPass Policy Manager B. User-Role Download
  • 6. 6 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf S3500 Mobility Access Switch • Designed for Wired Access – 24/48 Port Models – Wire-rate and non-blocking performance – Role-based access with user visibility – Per port PoE/PoE+ • ArubaStack – Stack up to 8 devices – Up to 384x GbE and 16x 10GbE – Single management IP address – Single configuration file • Flexible Forwarding Options – Traditional L2/L3 Switching – Tunnel traffic to Mobility Controller • Modular Components – Field replaceable AC power supplies • Optional redundant power supply – Field replaceable fan tray – Optional 4-port uplink module • 1000BASE/10GBASE-x SFP/SFP+ PoE budget values are provided for single PSU and dual PSU configurations SKU Ports PoE Budget S3500-24F 24x1000BASE-x Not Applicable S3500-24T 24x10/100/1000BASE-T Not Applicable S3500-24P 24x10/100/1000BASE-T 400W | 689W S3500-48T 48x10/100/1000BASE-T Not Applicable S3500-48P 48x10/100/1000BASE-T 400W | 689W S3500-48PF 48x10/100/1000BASE-T 850W | 1465W
  • 7. 7 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf S3500: Front and Rear Views • Modular Components – Power Supplies – Fan Tray – Uplink Module • Management – Console (RJ45 Serial) – Out-of-band Ethernet – USB Storage – LCD Display • Dimensions & Airflow – 1RU – 1.75˝ (H) x 17.5˝ (W) x 17.5˝ (D) – Front/Side to Rear Airflow • Mounting Options – 2 Post Rack (front & mid-mount) – 4 Post Rack – Wall Mount • Limited Lifetime Warranty Optional Uplink Module S3500 Rear View USB Console Field-Replaceable Fan Tray Hot-Swappable Power Supplies Ethernet Out-of-Band S3500-24F Front View 24x1000BASE-X SFP Ports LCD S3500-48P Front View Fixed 10/100/1000BASE-T Ports LCD
  • 8. 8 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf S2500 Mobility Access Switch • Designed for Wired Access – 24/48 Port 10/100/1000BASE-T – Wire-rate and non-blocking performance – Role-based access with user visibility – Per port PoE/PoE+ • ArubaStack – Stack up to 8 devices – Up to 384x GbE and 16x 10GbE – Single management IP address – Single configuration file – Stackable with S3500 • Flexible Forwarding Options – Traditional L2/L3 Switching – Tunnel traffic to Mobility Controller • Integrated Components – Built in fans for quiet operation – Fixed 4-port uplinks • 1000BASE/10GBASE-x SFP/SFP+ SKU Ports PoE Budget S2500-24T 24x 10/100/1000BASE-T Not Applicable S2500-24P 24x 10/100/1000BASE-T 400W S2500-48T 48x 10/100/1000BASE-T Not Applicable S2500-48P 48x 10/100/1000BASE-T 400W
  • 9. 9 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf S2500: Front and Rear Views S2500 Front View LCD Display Fixed 10/100/1000BASE-T Ports • Fixed Components – Built-in 4xSFP/SFP+ Uplinks – Integrated Power Supply • PoE Budget – 400W – PoE Priority Available • Management – Console (RJ45 & mUSB Serial) – Out-of-band Ethernet – USB Storage – LCD Display • Dimensions & Airflow – 1RU – 1.75˝ (H) x 17.5˝ (W) x 12˝ (D) – Side to side airflow • Mounting Options – 2 Post Rack (Front) – Wall & 2-Post Mid Mount • Limited Lifetime Warranty Fixed 4x 1000BASE-x/10GBASE-x (SFP/SFP+) Ports S2500 Rear View USB Integrated Power Supply Ethernet Out-of-Band RJ-45 & Mini-USB Console Fixed Fans
  • 10. 10 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf S2500: Front and Rear Views • Designed for Wired Access – 12/24/48 Port 10/100/1000BASE-T – Wire-rate and non-blocking performance – Role-based access with user visibility – Per port PoE/PoE+ • ArubaStack – Stack up to 8 devices – Single management IP address – Single configuration file • Flexible Forwarding Options – Traditional L2/L3 Switching – Tunnel traffic to Mobility Controller • Integrated Components – Built in fans for quiet operation (24P/48P) – Fanless (12P) – Fixed 2-port (12P) & 4-port (24P/48P) uplinks • 1000BASE-x SFP SKU Ports PoE Budget S1500-12P 12x 10/100/1000BASE-T 120W S1500-24P 24x 10/100/1000BASE-T 400W S1500-48P 48x 10/100/1000BASE-T 400W
  • 11. 11 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf S1500-24P/48P: Front & Rear Views S1500-24/48P Rear View Console USB Fixed 4x 1000BASE-X (SFP) Ports 48x 10/100/1000 (RJ45) Ports • Fixed Components – Built-in 4xSFP Uplinks – Integrated Power Supply • PoE Budget – 400W – PoE Priority Available • Features & Scaling – Same features as S2500/S3500 – Reduced scaling vs. S2500/S3500 • Management – Console (RJ45) – USB Storage • Dimensions & Airflow – 1RU – 1.75˝ (H) x 17.5˝ (W) x 12˝ (D) – Side to side airflow • Mounting Options – 2 Post Rack (Front) – Wall & 2-Post Mid Mount • Limited Lifetime Warranty Integrated Power Supply Fixed Fans Mode LEDs and Selector S1500-48P Front View
  • 12. 12 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf S1500-12P: Front & Rear Views S1500-12P - Front View USB Console RJ-45 12x 10/100/1000Base-T With 8x PoE/PoE+) 2x 1000BASE-x (SFP) Mode LEDs and Selector Cooling Vents on Top and Bottom for Fanless Design • Fixed Components – Built-in 2xSFP Uplinks – Integrated Power Supply • PoE Budget – 8x PoE/PoE+ with 120W Budget – PoE Priority Available • Features & Scaling – Same features as S2500/S3500 – Reduced scaling vs. S2500/S3500 • Management – Console (RJ45) – USB Storage • Dimensions & Airflow - 1.72" (H) x 13" (W) x 8.9" (D) – Fanless • Mounting Options – Desktop (Rubber feet included) – Rack & Wall Mount (Included) – Magnet Mount (Optional) • Limited Lifetime Warranty S1500-12P - Rear View Integrated Power Supply Security Lock Slot
  • 13. 13 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Platform Comparison Capability / Feature S3500-XXP S3500-XXT S2500-XXP S2500-XXT S1500- XXP S1500- 12P Number of Ports 24/48 24/48 24/48 24/48 24/48 12 10/100/1000 Fixed Ports Yes Yes Yes Yes Yes Yes Line Rate Yes Yes Yes Yes Yes Yes Uplink Performance 4 x 10G SFP+ 4 x 10G SFP+ 4 x 10G SFP+ 4 x 10G SFP+ 4 x 1G SFP 2 x 1G SFP Uplinks Options Modular Modular Integrated Integrated Integrated Integrated LCD Yes Yes Yes Yes No No Modular Power Yes Yes No No No No Dual Power Yes Yes No No No No PoE/PoE+ (15.4W/30W) Yes N/A Yes N/A Yes Yes PoE Budget (W) 400/689/1465 N/A 400 N/A 400 120 Max Simultaneous PoE/PoE+ 48A/48A N/A 25/13 N/A 25/13 7/4 Modular Fan (FRU) Yes Yes No No No No ArubaStack Yes Yes Yes Yes Yes Yes Max ArubaStack Members 8 8 8 8 8 8 Mixed Product Line ArubaStacks Yes Yes Yes Yes No No Depth 17.5”/19.5”A 17.5” <12” <12” <12” <9” Ambient Sound 48dB 48dB 42dB 42dB 42dB 0dB List Price (24/48) $3,995B/$6,995B $3,195B/$5,495B $3,795/$6,795 $2,995/$5,195 $2,495/$4,595 $1,595 Note A: Assumes dual 1050W power supplies | Note B: Single power supply(600W for P SKU and 350W for T SKU) and no uplink module (S3500-4x10G - List $1495)
  • 14. 14 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Features & Capabilities Overview • Spanning Tree - Multiple Spanning Tree (MSTP) - Rapid PVST+ • Link Aggregation Group • Hot Standby Link • L2 Generic Router Encapsulation • Voice VLAN - LLDP-MED - CDP Fingerprinting • Port Security - DHCP Snooping, DAI & IPSG • Quality of Service - Strict Priority Queuing - 1 Rate Tri-Color Policing • Ethernet OAM 802.3ah Platform / Layer 2 Features Routing / Branch Features • Routed Virtual Interfaces (RVI) • Static Routing • OSPFv2 - MD5 Authentication - Route Filtering • Policy Based Routing • Virtual Router Redundancy Protocol • L3 Generic Router Encapsulation • Multicast - PIM-SM - IGMP Snooping/MLDv1 • Network Address Translation • Stateful Firewall • Site to Site VPN - Includes OSPF over VPN
  • 15. 15 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Features & Capabilities Overview (Cont.) • Role Based User Access • User Derived Roles - MAC Address Variable Match - DHCP Signature Match - LLDP/CDP Phone Match • AAA Authentication - 802.1x - MAC Auth - Captive Portal (Internal/External) • External Authentication Servers - Radius - TACACS+ - LDAP • Radius Fail-Open Authentication & Security Aruba Portfolio Integration • Aruba Activate • Mobility Controller - Tunneled Node - AirGroup - Auto AP PoE Prioritization - Auto AP QoS Trust • Instant AP - Auto AP PoE Prioritization - Auto AP QoS Trust - Rogue AP Enforcement - VLAN Sharing • ClearPass Policy Manager (CPPM) - Downloadable Roles & ACLs - Redirect to ClearPass Guest
  • 16. 16 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Wired Access Point
  • 17. 17 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Wired Access Point (Tunneled Node) LAN Core • Single policy for WLAN and wired • Role-based policy enforcement at Mobility Controller • Tunnel traffic requiring increased security • Per-Port Tunneling (Access/Trunks) • Minimize VLANs between Edge and Core • Redundant Mobility Controller Support Mobility Controller AirWave Management Platform ClearPass Policy Manager Tunnel from wired AP Mobility Access Switch Access Point
  • 18. 18 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Tunneled Node Mobility Controller Scaling 7240 7220 7210 M3 3600 3400 3200 650 620 Concurrent Users 32,768 24,576 16,384 8,192 8,192 4,096 2,048 512 256 # of Ports Tunneled 16,384 12,288 8,192 4,096 1,024 512 256 96 48 Firewall Throughput 40 Gbps 40 Gbps 20 Gbps 20 Gbps 4 Gbps 4 Gbps 3 Gbps 2 Gbps 800 Mbps # of AP Licenses 2,048 1,024 512 512 128 64 32 16 8 License Description Licenses Applied to the Mobility Controller LIC-X-AP S2500/S3500 Wired AP device deployed as a single device or as an ArubaStack* will consume a single AP license. • Provides connectivity to controller for config • Centralized Authentication, etc. LIC-PEFNG-X S2500/S3500 Wired AP device deployed as a single device or as an ArubaStack*. will consume a single Policy Enforcement Firewall license • Provides wired policy enforcement for tunnel traffic LIC-RFP-X S2500/S3500 Wired AP device deployed as a single device or as an ArubaStack*. will consume a single RFProtect license * An ArubaStack will consume a single license; max 8 devices in an Arubastack
  • 19. 19 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Wired Access Point Demo
  • 20. 20 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Activate & Airwave Integration
  • 21. 21 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Aruba Activate 2. Mobility Access Switch first attempts to download a configuration via TFTP Aruba Activate Simplify and enable rapid deployment 1. Connect device 2. Verify LEDs GREEN 3. Move to new location 4. Repeat steps 1  3 Branch Location Mobility Access Switch Airwave Management Platform Headquarters Location 3. When TFTP fails, the Mobility Access Switch attempts to contact Activate. Mobility Access Switch sends Serial Number and system MAC address. 4. Airwave responds with Airwave IP, Shared Secret, Group Name and Folder Name. 5. Mobility Access Switch contacts Airwave and provides Shared Secret, Group Name and Folder Name. 6. Airwave contacts Mobility Access Switch and pushes down group configuration TFTP? Are you there? Help me Aruba Activate, you’re my only hope! Hi Airwave! Configure Me! • Automates Product Installation • Automates Software Updates • Inventory Management 1. Customer Enables Service & Inputs Provisioning Rules Hi Mobility Access Switch! Yippie! All Configured! Hi Mobility Access Switch!
  • 22. 22 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf AirWave Management Platform & Mobility Access Switch • Hardware Monitoring & User Visibility – Inventory and Uptime – Visibility Into Wired Network Usage – SNMP Trap and Syslog Support • Software Configuration & Firmware Management – Configuration Changes – Configuration Backups – Firmware Upgrades • Reporting – Compliance Reporting – Report and Track Wired Users
  • 23. 23 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Activate & Airwave Integration Demo
  • 24. 24 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf
  • 25. 25 Thank You #AirheadsConf CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved