Aruba central – unified single pane of glass management |
Flexible cloud-based or on-premises management for unified network operations of wired, wlan, sd-wan, and public cloud infrastructure. designed to simplify day zero through day two operations with streamlined workflows. switch management capabilities include configuration, onboarding, monitoring, troubleshooting, and reporting. |
Aruba network analytics engine – advanced monitoring and diagnostics |
For enhanced visibility and troubleshooting, arubas network analytics engine (nae) automatically interrogates and analyzes events that can impact a networks health. advanced telemetry and automation provide the ability to easily identify and troubleshoot network, system, application and security related issues easily, through the use of python agents, cli-based agents, and rest apis. |
the time series database (tsdb) stores configuration and operational state data, making it available to quickly resolve network issues. the data may also be used to analyze trends, identify anomalies and predict future capacity requirements. |
Aruba netedit – automated switch configuration and management |
The entire hpe aruba networking cx portfolio empowers it teams to orchestrate multiple switch configuration changes for smooth end-to-end service rollouts. aruba netedit introduces automation that allows for rapid network-wide changes, and ensures policy conformance post network updates. intelligent capabilities include search, edit, validation (including conformance checking), deployment and audit features. capabilities include: |
Centralized configuration with validation for consistency and compliance |
Time savings via simultaneous viewing and editing of multiple configurations |
Customized validation tests for corporate compliance and network design |
Automated large-scale configuration deployment without programming |
Network health and topology visibility with aruba nae integration |
Notes: a separate software license is required to use aruba netedit. |
Aruba cx mobile app – unparalleled deployment convenience |
An easy to use mobile app simplifies connecting and managing hpe aruba networking cx 6200 switch series for any size project. switch information can also be imported into aruba netedit for simplified configuration management and to continuously validate the conformance of configurations anywhere in the network. the aruba cx mobile app is available for download. |
Aruba asics – programmable innovation |
Based on over 30 years of continuous investment, arubas asics create the basis for innovative and agile software feature advancements, unparalleled performance and deep visibility. these programmable asics are purpose-built to allow for a tighter integration of switch hardware and software within campus and data center architectures to optimize performance and capacity. virtual output queuing (voq) isolates congestion, prevents head of line blocking (holb) and allows full line rate on outgoing (egress) ports. flexible asic resources enable arubas nae solution to inspect all data, which allows for rapid feature development and delivery. the hpe aruba networking cx 6200 switch series is based on the aruba gen7 asic architecture. |
Aruba dynamic segmentation – simple, secure, and scalable segmentation |
The aruba dynamic segmentation solution enables seamless mobility, consistent policy enforcement, and automated configurations for wired and wireless clients across networks. |
This innovation begins with colorless ports and role-based micro-segmentation technologies. colorless ports allows wired clients to connect to any switch port, with the configuration automated using radius-based access control. this eliminates the need for manual on-boarding of clients, including iot devices, onto the network. |
|
Role-based micro-segmentation delivers benefits of reduced subnet and vlan sprawl, simplified policy definition, and scales policy enforcement by introducing the concept of client user roles. these roles are independent of network constructs such as vlans, and allows clients to be grouped into a user role based on their identity. this allows the colorless ports technology to automatically on-board clients onto user based tunnels or onto static vxlan tunnels based on the associated user role policy. by steering traffic to arubas application aware policy enforcement firewall, user based tunneling provides the ability to micro segment and perform deep packet inspections for enhanced security. |
Mobility and iot performance |
The hpe aruba networking cx 6200 switch series uses a fully distributed architecture that utilizes the gen7 aruba asics. this ensures that our switches offer very low latency, increased packet buffering, and adaptive power consumption. all switching and routing are wire-speed to meet the demands of bandwidth-intensive applications today and in the future. each switch includes the following: |
Up to 176 gbps in non-blocking bandwidth and up to 130.9 mpps for forwarding |
Selectable queue configurations that allow for increased performance by defining a number of queues and associated memory buffering to best meet the requirements of network applications |
Vsf stacking – scale and simplicity |
The aruba virtual switching framework (vsf) allows you to quickly grow your network using high performance front plane stacking. additional features include: |
Support for up to 8 switches (or members) in a stack via chain or ring topology |
Flexibility to create stacks that span longer distances such as hundreds of meters across campuses to kilometres between sites using long-range 10gbe transceivers |
Flexibility to mix 24 and 48-port modular and fixed aruba 6200 models within a single stack to meet your deployment requirements |
Simplified configuration and management as the switches act as a single chassis when stacked |
The aruba cx mobile app provides support for a validated stack deployment that ensure that all stack links and uplinks are connected properly |
Hpe aruba networking cx 6200 switch series – enterprise-class connectivity for all environments |
Whether in the branch office or a small to large enterprise environment, you can choose from eleven fixed 1u models. switches include models with two to four high-speed built-in uplinks that auto-negotiate from 1gbe to 10gbe to deliver non-blocking performance, and models that have two to four cost-efficient 1gbe uplinks.. fixed format (f) models include built-in power supplies. |
The modular (m) models have rear slots for hot swappable power supplies that allow you to customize your poe requirements, and its fans are field replaceable. additional highlights include: |
Five 1u 6200f models that support 24, and 48 access ports of ieee 802.3 (100m/1gbe) with four built-in 1gbe uplink sfp ports. |
Six 1u 6200f models that support 12, 24, and 48 access ports of ieee 802.3 (100m/1gbe) with four built-in 1gbe/10gbe uplink sfp+ ports on 24 to 48 port models and dual 1gbe/10gbe plus dual 1gbe uplinks on 12 port model. |
Five 1u 6200m models that support 24, and 48 access ports of ieee 802.3 (100m/1gbe) with four built-in 1gbe/10gbe uplink sfp+ ports. |
Industry standard ieee 802.3bt high power poe support (class 6) provides up to 60w to support of the latest iot devices and aps. poe support for ieee 802.3at power over ethernet (poe+) provides up to 30w per port as well as any ieee 802.3af-compliant end device |
Support for pre-standard poe detects and provides power to pre-standard poe devices |
High availability with always-on poe that supplies poe power even during scheduled reboots and firmware upgrades |
Quick poe supplies poe power to powered devices as soon as the switch is plugged into ac power so device can initialize at same time as switch os boots up |
Support for energy efficient ethernet ieee 802.3az reduces power consumption during periods of low traffic |
Auto-mdix provides automatic adjustments for straightthrough or crossover cables on all 10/100/1000 ports |
Unsupported transceiver mode (utm) allows to insert and enable all unsupported 1g and 10g transceivers and cables. |
Notes: there is no warranty nor support for the transceiver/cable when this feature is used. |
Ipv6 capabilities include: |
ipv6 host enables switches to be managed in an ipv6 network |
dual stack (ipv4 and ipv6) transitions from ipv4 to ipv6, supporting connectivity for both protocols |
mld snooping forwards ipv6 multicast traffic to the appropriate interface |
ipv6 acl/qos supports acl and qos for ipv6 network traffic |
ipv6 routing supports static and ospfv3 protocols |
security provides ra guard, dynamic ipv6 lockdown, and nd snooping |
Jumbo frames allow for high-performance backups and disaster-recovery systems; provides a maximum frame size of 9220 bytes |
Packet storm protection against broadcast, multicast and unknown unicast storms with user-defined thresholds |
Smart link enables simple, fast converging link redundancy and load balancing with dual uplinks avoiding spanning tree complexities |
High availability and resiliency |
To ensure a high degree of up-time we offer high availability and multicast features needed for a highly available layer 2 access deployment including: |
Hot swappable power supplies available in the hpe aruba networking cx 6200m models |
provides n+1 and n+n redundancy for high reliability in the event of power line or supply failures |
optional secondary power supplies to increase the total available poe power |
fixed power supplies are included in the hpe aruba networking cx 6200f switch models |
Uni-directional link detection (udld) to monitor link connectivity and shut down ports at both ends if uni-directional traffic is detected, preventing loops in stp-based networks |
Ieee 802.3ad lacp supports up to 32 lags, each with up to 8 links per lag; and provides support for static or dynamic groups and a user-selectable hashing algorithm |
Ieee 802.1s multiple spanning tree provides high link availability in vlan environments where multiple spanning trees are required; and legacy support for ieee 802.1d and ieee 802.1w |
Ieee 802.3ad link-aggregation-control protocol (lacp) and port trunking support static and dynamic trunks where each trunk supports up to eight links (ports) per static trunk |
Virtual router redundancy protocol (vrrp) allows groups of two routers to dynamically create highly available routed environments in ipv4 and ipv6 networks |
Quality of service (qos) features |
To support congestion actions and traffic prioritization, the hpe aruba networking cx 6200 switch series includes the following: |
Strict priority (sp) queuing and deficit weighted round robin (dwrr) |
Traffic prioritization (ieee 802.1p) for real-time classification |
Class of service (cos) sets the ieee 802.1p priority tag based on ip address, ip type of service (tos), layer 3 protocol, tcp/udp port number, source port, and diffserv |
Rate limiting sets per-port ingress enforced maximums and per-port, per-queue minimums |
Transmission rates of egressing frames can be limited on a per-queue basis using egress queue shaping (eqs) |
Large buffers for graceful congestion management |
Layer 2 switching |
The following layer 2 services are supported: |
Vlan support and tagging support ieee 802.1q (4094 vlan ids) and 2k vlans simultaneously |
Jumbo packet support improves the performance of large data transfers; supports frame size of up to 9198 bytes |
Ieee 802.1v protocol vlans isolate select non-ipv4 protocols automatically into their own vlans |
Rapid per-vlan spanning tree (rpvst+) allows each vlan to build a separate spanning tree to improve link bandwidth usage; is compatible with pvst+ |
Mvrp allows automatic learning and dynamic assignment of vlans |
Vxlan encapsulation (tunnelling) protocol for overlay network that enables a more scalable virtual network deployment |
Bridge protocol data unit (bpdu) tunnelling transmits stp bpdus transparently, allowing correct tree calculations across service providers, wans, or mans |
Port mirroring duplicates port traffic (ingress and egress) to a monitoring port; supports 4 mirroring groups |
Stp supports standard ieee 802.1d stp, ieee 802.1w rapid spanning tree protocol (rstp) for faster convergence, and ieee 802.1s multiple spanning tree protocol (mstp) |
Internet group management protocol (igmp) controls and manages the flooding of multicast packets in a layer 2 network |
Layer 3 services |
The following layer 3 services are supported: |
Loopback interface address defines an address in open shortest path first (ospf), improving diagnostic capability |
Address resolution protocol (arp) determines the mac address of another ip host in the same subnet; supports static arps; gratuitous arp allows detection of duplicate ip addresses; proxy arp allows normal arp operation between subnets or when subnets are separated by a layer 2 network |
Domain name system (dns) provides a distributed database that translates domain names and ip addresses, which simplifies network design; supports client and server |
Supports internal loopback testing for maintenance purposes and increased availability; loopback detection protects against incorrect cabling or network configurations and can be enabled on a per-port or per-vlan basis for added flexibility |
Route maps provide more control during route redistribution; allow filtering and altering of route metrics |
Dynamic host configuration protocol (dhcp) simplifies the management of large ip networks and supports client; dhcp relay enables dhcp operation across subnets |
Dhcp server centralizes and reduces the cost of ipv4 address management |
Simplified configuration and management |
In addition to aruba central, the aruba cx mobile app, aruba netedit and aruba network analytics engine, the hpe aruba networking cx 6200 switch series offers the following: |
Built-in programmable and easy-to-use rest api interface |
Simple day zero provisioning |
Sflow (rfc 3176) is asic-based wire speed network monitoring and accounting with no impact on network performance; network operators can gather a variety of network statistics and information for capacity planning and real-time network monitoring purposes |
Management interface control enables or disables each of the following depending on security preferences, console port, or reset button |
Industry-standard cli with a hierarchical structure for reduced training time and expense. delivers increased productivity in multivendor environments |
Management security restricts access to critical configuration commands, provides multiple privilege levels with password protection and local and remote syslog capabilities allow logging of all access |
Snmp v2c/v3 provides snmp read and trap support of industry standard management information base (mib), and private extensions |
Snmp support includes: write set speed and duplex, write port security, write poe priority, write config mgmt, snmp-read single oid for average cpu and memory, snmp mib view |
Snmp trap include: transceiver traps (insertion/removal), snmp trap, snmp mib-snmb authentication, snmpv2 mib, port sec mib-port sec, config mib-running config change, config mib, aaa server mib, aaa server state |
Remote monitoring (rmon) with standard snmp to monitor essential network functions. supports events, alarms, history, and statistics groups as well as a private alarm extension group; rmon, and sflow provide advanced monitoring and reporting capabilities for statistics, history, alarms and events |
Tftp and sftp support offers different mechanisms for configuration updates; trivial ftp (tftp) allows bidirectional transfers over a tcp/ ip network; secure file transfer protocol (sftp) runs over an ssh tunnel to provide additional security |
Debug and sampler utility supports ping and traceroute for ipv4 and ipv6 |
Network time protocol (ntp) synchronizes timekeeping among distributed time servers and clients; keeps timekeeping consistent among all clock-dependent devices within the network |
Ieee 802.1ab link layer discovery protocol (lldp) advertises and receives management information from adjacent devices on a network, facilitating easy mapping by network management applications |
Dual flash images provides independent primary and secondary operating system files for backup while upgrading |
Multiple configuration files can be stored to a flash image |
Ingress and egress port monitoring enable more efficient network problem solving |
Unidirectional link detection (udld) monitors the link between two switches and blocks the ports on both ends of the link if the link goes down at any point between the two devices |
Ip sla for voice monitors quality of voice traffic using the udp jitter for voip tests |
Layer 3 routing |
The following layer 3 routing services are supported: |
Routing information protocol version 2 (ripv2) provides an easy to configure routing protocol for small networks as while ripng provides support for small ipv6 networks |
Single-area open shortest path first (ospf) delivers faster convergence; uses link-state routing interior gateway protocol (igp), which supports nssa, and md5 authentication for increased security and graceful restart for faster failure recovery |
Ospf provides ospfv2 for ipv4 routing and ospfv3 for ipv6 routing |
Static ip routing provides manually configured routing |
Static ipv4 routing provides simple manually configured ipv4 routing |
Ip performance optimization provides a set of tools to improve the performance of ipv4 networks; includes directed broadcasts, customization of tcp parameters, support of icmp error packets, and extensive display capabilities |
Static ipv6 routing provides simple manually configured ipv6 routing |
Dual ip stack maintains separate stacks for ipv4 and ipv6 to ease the transition from an ipv4-only network to an ipv6-only network design. |
Mdns (multicast domain name system) gateway enables discovery of mdns groups across l3 boundaries |
Equal-cost multipath (ecmp) enables multiple equal-cost links in a routing environment to increase link redundancy and scale bandwidth |
Open shortest path first (ospf) delivers faster convergence; uses link-state routing interior gateway protocol (igp), which supports ecmp, nssa, and md5 authentication for increased security and graceful restart for faster failure recovery |
Static ip routing provides manually configured routing; includes ecmp capability |
Security |
Each hpe aruba networking cx 6200 switch series comes with an integrated trusted platform module (tpm) for platform integrity. this ensures the boot process started from a trusted combination of aos-cx switches. other security features include:: |
Aos-cx uses fips 140-2 validated cryptography for protection of sensitive information. |
Access control list (acl) support for both ipv4 and ipv6; allows for filtering traffic to prevent unauthorized users from accessing the network, or for controlling network traffic to save resources; rules can either deny or permit traffic to be forwarded; rules can be based on a layer 2 header or a layer 3 protocol header |
Acls also provide filtering based on the ip field, source/ destination ip address/subnet, and source/ destination tcp/udp port number on a per-vlan or per-port basis |
Remote authentication dial-in user service (radius) |
Terminal access controller access-control system (tacacs+) delivers an authentication tool using tcp with encryption of the full authentication request, providing additional security |
Management access security for both on- and off-box authentication for administrative access. radius or tacacs+ can be used to provide encrypted user authentication. additionally, tacacs+ can also provide admin authorization services |
Control plane policing sets rate limit on control protocols to protect cpu overload from dos attacks |
Supports multiple user authentication methods. uses an ieee 802.1x supplicant on the client in conjunction with a radius server to authenticate in accordance with industry standards |
Web based authentication using captive portal on clearpass is supported for use cases such as guest access and for devices that dont support 802.1x or mac auth. |
Supports mac-based client authentication |
Concurrent ieee 802.1x, web, and mac authentication schemes per switch port accepts up to 32 sessions of ieee 802.1x, web, and mac authentications |
Secure management access delivers secure encryption of all access methods (cli, gui, or mib) through sshv2, ssl, and/or snmpv3 |
Switch cpu protection provides automatic protection against malicious network traffic trying to shut down the switch |
Icmp throttling defeats icmp denial-of-service attacks by enabling any switch port to automatically throttle icmp traffic |
Identity-driven acl enables implementation of a highly granular and flexible access security policy and vlan assignment specific to each authenticated network user |
Stp bpdu port protection blocks bridge protocol data units (bpdus) on ports that do not require bpdus, preventing forged bpdu attacks |
Dynamic ip lockdown works to block traffic from unauthorized hosts, preventing ip source address spoofing |
Dynamic arp protection blocks arp broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data |
Stp root guard protects the root bridge from malicious attacks or configuration mistakes |
Port security allows access only to specified mac addresses, which can be learned or specified by the administrator |
Mac address lockout prevents particular configured mac addresses from connecting to the network |
Source-port filtering allows only specified ports to communicate with each other |
Secure shell encrypts all transmitted data for secure remote cli access over ip networks |
Secure sockets layer (ssl) encrypts all http traffic, allowing secure access to the browser-based management gui in the switch |
Secure ftp allows secure file transfer to and from the switch; protects against unwanted file downloads or unauthorized copying of a switch configuration file |
Critical authentication role ensures that important infrastructure devices such as ip phones are allowed network access even in the absence of a radius server |
Mac pinning allows non-chatty legacy devices to stay authenticated by pinning client mac addresses to the port until the clients logoff or get disconnected |
Security banner displays a customized security policy when users log in to the switch |
Radsec enables radius authentication and accounting data to be passed safely and reliably across insecure networks |
Private vlan (pvlan) provides traffic isolation between users on the same vlan; typically a switch port can only communicate with other ports in the same community and/or an uplink port, regardless of vlan id or destination mac address. this extends network security by restricting peer-peer communication to prevent variety of malicious attacks. |
Auto vlan creation automates vlan creation on access switches for authenticated clients. |
Dhcp smart relay allows the dhcp relay agent to use secondary ip addresses when the dhcp server does not reply the dhcp-offer message |
Ieee 802.1ae macsec provides security on a link between two switch ports using standard encryption and authentication. available on cx 6200m across all downlink and 2x uplink ports. |
|
Multicast |
Igmp snooping allows multiple vlans to receive the same ipv4 multicast traffic, lessening network bandwidth demand by reducing multiple streams to each vlan |
Multicast listener discovery (mld) enables discovery of ipv6 multicast listeners; support mld v1 and v2 |
Protocol independent multicast (pim) defines modes of ipv4 and ipv6 multicasting to allow one-to-many and many-to-many transmission of information; supports pim sparse mode and dense mode (dm) for both ipv4 and ipv6 |
Internet group management protocol (igmp) utilizes any-source multicast (asm) to manage ipv4 multicast networks; supports igmpv1, v2, and v3 |
Qinq support to improve the vlan utilization by adding another 802.1q tag to tagged packets |
Convergence |
Ip multicast snooping (data-driven igmp) prevents flooding of ip multicast traffic |
Ip multicast routing includes pim sparse, source-specific multicast, and dense modes to route ip multicast traffic |
Lldp-med (media endpoint discovery) defines a standard extension of lldp that stores values for parameters such as qos and vlan to automatically configure network devices such as ip phones |
Poe allocations supports multiple methods (allocation by usage or class, with lldp and lldp-med) to allocate poe power for more efficient power management and energy savings. |
Auto vlan configuration for voice radius vlan uses a standard radius attribute and lldp-med to automatically configure a vlan for ip phones |
Cdpv2 uses cdpv2 to configure legacy ip phones |
Valoraciones
No hay valoraciones aún.