More Related Content
Similar to Shanghai Breakout: Aruba Mobility Access Switch Workshop
Similar to Shanghai Breakout: Aruba Mobility Access Switch Workshop (20)
More from Aruba, a Hewlett Packard Enterprise company
More from Aruba, a Hewlett Packard Enterprise company (20)
Shanghai Breakout: Aruba Mobility Access Switch Workshop
- 2. CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
2 #AirheadsConf
Agenda
Platform Overview & Resources
Role Based Access
Zero Touch Provisioning
- 3. Introducing the Aruba
Mobility Access Switch Family
• Security to wired access
– Flexible role-based access
– Policy moves from wireless to wired
• Operational simplicity
– Low-touch installation and configuration
– Dynamic configuration of user policies
– Integration with Aruba APs
• 802.11ac Ready
3
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
– 802.3at on all PoE models
- 4. 4
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
Mobility Access Switch
Capabilities
A. L2/L3
Forwarding
C. Wired AP
Mobility Access
Switch
Access Point
LAN Core
AirWave
Management
Platform
Mobility
Controller
ClearPass
Policy
Manager
B. User-Role
Download
A. Ethernet Switch
- Layer 2/3 forwarding
- Native Role-based policy
enforcement
B. Integration with
ClearPass
- Downloadable Role/ACL
- Captive Portal
C. Wired Access Point
- Role-based policy enforcement
at Mobility Controller
- Single policy for WLAN and LAN
- 5. S3500 Mobility Access Switch
5
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
• Designed for Wired Access
– 24/48 Port Models
– Role-based access with user visibility
– Per port PoE/PoE+
• ArubaStack
– Stack up to 8 devices
– Up to 384x GbE and 16x 10GbE
• Modular Components
– Field replaceable AC power supplies
• Optional redundant power supply
– Field replaceable fan tray
– Optional 4-port uplink module
• 1000BASE/10GBASE-x SFP/SFP+
SKU Ports PoE Budget
S3500-24F 24x1000BASE-x Not Applicable
S3500-24T 24x10/100/1000BASE-T Not Applicable
S3500-24P 24x10/100/1000BASE-T 400W | 689W
S3500-24PF 24x10/100/1000BASE-T 850W | 1465W
S3500-48T 48x10/100/1000BASE-T Not Applicable
S3500-48P 48x10/100/1000BASE-T 400W | 689W
S3500-48PF 48x10/100/1000BASE-T 850W | 1465W
- 6. 6
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
S3500: Front & Rear Views
Optional
Uplink Module
S3500 Rear View
USB
Console
Field-Replaceable
Fan Tray Hot-Swappable Power Supplies
Ethernet
Out-of-Band
S3500-48P Front View
Fixed 10/100/1000BASE-T Ports
LCD
Display • Dimensions & Airflow
– 1RU
– 1.75˝ (H) x 17.5˝ (W) x 17.5˝ (D)
– Front/Side to Rear Airflow
• Mounting Options
– 2 Post Rack (front & mid-mount)
– 4 Post Rack
– Wall Mount
• Limited Lifetime Warranty
- 7. 7
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
S2500 Mobility Access Switch
SKU Ports PoE Budget
S2500-24P 24x10/100/1000BASE-T 400W
S2500-48T 48x10/100/1000BASE-T Not Applicable
S2500-48P 48x10/100/1000BASE-T 400W
• Designed for Wired Access
– 24/48 Port 10/100/1000BASE-T
– Role-based access with user visibility
– Per port PoE/PoE+
• ArubaStack
– Stack up to 8 devices
– Up to 384x GbE and 16x 10GbE
• Integrated Components
– Built in fans for quiet operation
– Fixed 4-port uplinks
• 1000BASE/10GBASE-x SFP/SFP+
- 8. 8
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
S2500: Front & Rear Views
• Dimensions & Airflow
– 1RU
– 1.75˝ (H) x 17.5˝ (W) x 12.5˝ (D)
– Side to Side Airflow
• Mounting Options
– 2 Post Rack (Front)
– Wall & 2-Post Mid Mount
• Limited Lifetime Warranty
S2500 Front View LCD Display
Fixed
4x 1000BASE-x/10GBASE-x
(SFP/SFP+) Ports
S2500 Rear View
Ethernet
Out-of-Band
RJ-45 & Mini-USB
Console
USB Integrated
Power Supply
Fixed Fans
48x 10/100/1000 (RJ45) Ports
- 9. 9
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
S1500 Mobility Access Switch
SKU Ports PoE Budget
S1500-12P 24x10/100/1000BASE-T 120W
S1500-24P 24x10/100/1000BASE-T 400W
S1500-48P 48x10/100/1000BASE-T 400W
• Designed for Wired Access
– 12/24/48 Port 10/100/1000BASE-T
– Role-based access with user visibility
– Per port PoE/PoE+
• ArubaStack
– Stack up to 8 devices
• Integrated Components
– Built in fans for quiet operation
(24P/48P)
– Fanless for public spaces (12P)
– Fixed 2-port (12P) & 4-port (24P/48P)
uplinks
• 1000BASE-x SFP
- 10. Mode LEDs and
Selector
10
USB
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
S1500-24P/48P: Front &
Rear Views
• Features & Scaling
- Same features as S2500/S3500
- Reduced scaling vs.
S2500/S3500
• Dimensions & Airflow
– 1RU
– 1.75˝ (H) x 17.5˝ (W) x 12.5˝ (D)
– Side to Side Airflow
• Mounting Options
– 2 Post Rack (Front)
– Wall & 2-Post Mid Mount
• Limited Lifetime Warranty
S1500-24/48P Rear View
Console
Fixed
4x 1000BASE-X
(SFP) Ports
48x 10/100/1000 (RJ45) Ports
Integrated
Power Supply
Fixed Fans
S1500-48P Front View
- 11. 11
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
S1500-12P: Front & Rear Views
• Features & Scaling
- Same features as S2500/S3500
- Reduced scaling vs.
S2500/S3500
• Dimensions & Airflow
– 1.75˝ (H) x 13˝ (W) x 12.5˝ (D)
– Fanless
• Mounting Options
– Desktop (Rubber feet included)
– Rack & Wall & Mount (Included)
– Magnet Mount (Optional)
• Limited Lifetime Warranty
S1500-12P - Front View
USB
Console
RJ-45
12x 10/100/1000Base-T
With 8x PoE/PoE+)
2x 1000BASE-x
(SFP)
Mode LEDs and
Selector
Vents for Cooling
on Top and Bottom
for Fanless Design
S1500-12P - Rear View
Integrated
Power Supply
Security Lock Slot
- 12. 12
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
Platform Comparison
Capability / Feature S3500-XXP S3500-XXT S2500-XXP S2500-XXT S1500-XXP S1500-12P
Number of Ports 24/48 24/48 24/48 24/48 24/48 12
Uplink Performance 4 x 10G SFP+ 4 x 10G SFP+ 4 x 10G SFP+ 4 x 10G SFP+ 4 x 1G SFP 2 x 1G SFP
Uplinks Options Modular Modular Integrated Integrated Integrated Integrated
LCD Yes Yes Yes Yes No No
Modular Power Yes Yes No No No No
Dual Power Yes Yes No No No No
PoE Budget (W) 400/689/1465 N/A 400 N/A 400 120
Max Simultaneous PoE/PoE+ 48A/48A N/A 25/13 N/A 25/13 7/4
Modular Fan (FRU) Yes Yes No No No No
Depth 17.5”/19.5” A 17.5” <13” <13” <13” <9”
Ambient Sound 48dB 48dB 42dB 42dB 42dB 0dB
List Price (24/48) $3,995B/$6,995B $3,195B/$5,495B $3,795/$6,795 $2,995/$5,195 $2,495/$4,595 $1,595
Note A: Assumes dual 1050W power supplies | Note B: Single power supply (600W for P SKU and 350W for T SKU) and no uplink module (S3500-4x10G - List $1495)
- 13. Platform / Layer 2 Features Routing Features
13
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
Features & Capabilities
• Spanning Tree Protocols
- MSTP & Rapid PVST+
• Link Aggregation Group
• L2 Generic Router Encapsulation
• Voice VLAN
- LLDP-MED & CDP Fingerprinting
• Port Security
- DHCP Snooping, DAI & IPSG
• Quality of Service
- Strict Priority Queuing
- 1 Rate Tri-Color Policing
• Routed VLAN Interfaces (RVI)
• Static Routing
• OSPFv2
- Summarization & Route Filtering
• Policy Based Routing
• Virtual Router Redundancy Protocol
• L3 Generic Router Encapsulation
• Multicast
- PIM-SM & PIM-SSM
- IGMPv1/v2/v3 Snooping
- MLDv1
- 14. 14
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
Features & Capabilities (cont.)
Branch Features
• Redundant Uplinks
- L3 Interface Monitoring (ping-probe)
- Route Metrics for DHCP Enabled L3
Interfaces
• Dynamic DNS Client
• Network Address Translation
- Source/Destination NAT via ACL
- Interface Based Source NAT
- NAT Pools
• Stateful Firewall
- Session ACLs on RVIs & User-Roles
Branch Features (cont.)
• Site to Site VPN
- Standby VPN Interface
- Default Route to VPN
- OSPF over VPN
• Aruba VPN
- Certificate based VPN using Mobility
Controller Whitelist
• Tunneled Node over Site to Site
or Aruba-VPN
• DHCP Services
- Dynamically distribute DHCP scopes
from Mobility Controller
- 15. 15
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
Features & Capabilities (cont.)
Authentication & Security
• Role Based User Access
• Deny Inter User Traffic
• User Derived Roles
- MAC OUI, DHCP Sig. & LLDP/CDP
Phone Match
• AAA Authentication
- 802.1x, MAC Auth & Captive Portal
• External Authentication Servers
- Radius, TACACS+ & LDAP
• Radius Fail-Open
Aruba Portfolio Integration
• Mobility Controller
- Aruba VPN
- Tunneled Node
- AirGroup
• Access Points
- Auto AP PoE Prioritization (IAP/CAP)
- Auto AP QoS Trust (IAP/CAP)
- Auto AP Interface Config. (IAP/CAP)
- Rogue AP Containment (IAP)
- VLAN Sharing (IAP)
• ClearPass Policy Manager
- Downloadable Roles & Guest
- 16. 16
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
Features & Capabilities (cont.)
Management
• Command Line Interface
• Web UI
• Aruba Activate
- Cloud Provisioning Service
- Direct Mobility Access Switch to
Airwave or Controller for VPN
• Aruba Central
- Cloud Management Service
• Airwave Management Platform
• Discovery via DHCP
• Discovery via Activate
Optics & DACs
• SFP/SFP+ Optics
- 1000BASE-T
- 1000BASE-SX
- 1000BASE-LX
- 1000BASE-EX
- 1000BASE-ZX
- 10GBASE-SR
- 10GBASE-LR
- 10GBASE-LRM
- 10GBASE-ER
- 10GBASE-ZR
• Twinax/Direct Attach Copper
- 50cm/1m/3m/5m/7m
- 17. Configuration made simple through
intelligent wizards.
https://ase.arubanetworks.com
17
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
• 27 solutions and growing.
• Solutions for Aruba Mobility Controllers, Mobility
Access Switches, Instant APs, and CPPM/CPG.
• 1900+ users. 75,000 views.
- 18. 18
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
Role Based Access
- 19. Usernames/
Passwords
19
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
AAA View of the World
Manufacturers
Via MAC OUI
Operating Systems
Via DHCP
Fingerprinting
Our Mobility Access Switches see…
MAC
Addresses
And our security enforcement model uses…
IP Phones
Via Device-Type
Fingerprinting
User-roles
…provisioned locally or dynamically which simplifies AAA deployments
- 20. 20
ClearPass Policy
Manager Integration
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
Context
• User: Joe Smith
• Role: Guest
Policy Enforcement Policy Definition
Mobility
Controller
1. User provides their
credentials and other
context to Authenticate
802.11n AP ClearPass
Mobility Access
Switch
2. ClearPass Policy
Manager returns Role
& Policy for
User/Device
3. Role & Policy pushed
to the Mobility Controller
for Role & Policy
Enforcement
3. Role & Policy pushed
to the Mobility Access
Switch for Role & Policy
Enforcement
- 21. 21
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
Role Based Access Demo
- 22. 22
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
Zero Touch Provisioning
- 23. 23
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
1. Customer Enables Service
& Inputs Provisioning Rules
Argh! No Airwave details
Help me Aruba Activate,
you’re from DHCP my only either!
hope!
Mobility Access Switch
#AirheadsConf
Airwave Discovery using
DHCP & Aruba Activate
Branch Location
2. Mobility Access Switch first attempts
to download a configuration via TFTP
Aruba
Activate
Airwave Management Platform
Headquarters Location
3. When TFTP fails, the Mobility Access
Switch attempts to contact Airwave using
credentials supplied by DHCP.
5. Activate responds with
Airwave IP, Shared Secret,
Group Name and Folder
Name and optional Controller
IP for Aruba-VPN
6. Mobility Access Switch contacts Airwave and provides
Shared Secret, Group Name and Folder Name.
7. Airwave contacts Mobility Access Switch
and pushes down group configuration
TFTP? Are
you there?
Hi Airwave!
Configure Me!
Hi Mobility
Access Switch!
Yippie! All
Configured!
Hi Mobility
Access Switch!
4. If no credentials are supplied via
DHCP options, the Mobility Access
Switch attempts to contact Activate.
- 24. AirWave Management Platform
& Mobility Access Switch
24
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
• Hardware Monitoring & User Visibility
– Inventory and Uptime
– Visibility Into Wired Network Usage
– SNMP Trap and Syslog Support
• Software Configuration & Firmware Management
– Configuration Changes & Backups
– Firmware Upgrades
• Reporting
– Compliance Reporting
– Report and Track Wired Users
- 25. 25
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
#AirheadsConf
Zero Touch Provisioning Demo
- 26. Thank You
26
#AirheadsConf
CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
Editor's Notes
- 30:24 – 32:44
- 21:44 – 24:16