Upload
aruba-networks-an-hp-company
View
712
Download
1
Tags:
Embed Size (px)
Citation preview
2 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved#ATM15 |
Agenda
Platform Overview & Resources
Role Based Access
Zero Touch Provisioning
3 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved#ATM15 |
Introducing the Aruba Mobility Access Switch Family
• L2/L3 Access Switch• 10/100/1000
• 802.3at on all ports
• Security to wired access– Flexible role-based access
– Policy moves from wireless to wired
• Operational simplicity– Low-touch installation and
configuration
– Dynamic configuration of user policies
– Integration with Aruba APs
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved4#ATM15 |
Mobility Access Switch Capabilities
A. L2/L3
Forwarding
C. Wired AP
Mobility Access
Switch
Access Point
LAN Core
Mobility
Controller
AirWave
Management
Platform
ClearPass
Policy
Manager
B. User-Role
Download
A. Ethernet Switch- Layer 2/3 forwarding
- Native Role-based policy enforcement
B. Integration with ClearPass
- Downloadable Role/ACL
- Captive Portal
C. Wired Access Point- Role-based policy enforcement
at Mobility Controller
- Single policy for WLAN and LAN
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved5#ATM15 |
S3500 Mobility Access Switch
• Designed for Wired Access– 24/48 Port Models
– Role-based access with user visibility
– Per port PoE/PoE+
• ArubaStack– Stack up to 8 devices
– Up to 384x GbE and 16x 10GbE
• Modular Components– Field replaceable AC power supplies
• Optional redundant power supply
– Field replaceable fan tray
– Optional 4-port uplink module
• 1000BASE/10GBASE-x SFP/SFP+
SKU Ports PoE Budget
S3500-24F 24x1000BASE-x Not Applicable
S3500-24T 24x10/100/1000BASE-T Not Applicable
S3500-24P 24x10/100/1000BASE-T 400W | 689W
S3500-24PF 24x10/100/1000BASE-T 850W | 1465W
S3500-48T 48x10/100/1000BASE-T Not Applicable
S3500-48P 48x10/100/1000BASE-T 400W | 689W
S3500-48PF 48x10/100/1000BASE-T 850W | 1465W
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved6#ATM15 |
S2500 Mobility Access Switch
• Designed for Wired Access
– 24/48 Port 10/100/1000BASE-T
– Role-based access with user visibility
– Per port PoE/PoE+
• ArubaStack
– Stack up to 8 devices
– Up to 384x GbE and 16x 10GbE
• Integrated Components
– Built in fans for quiet operation
– Fixed 4-port uplinks
• 1000BASE/10GBASE-x SFP/SFP+
SKU Ports PoE Budget
S2500-24P 24x10/100/1000BASE-T 400W
S2500-48T 48x10/100/1000BASE-T Not Applicable
S2500-48P 48x10/100/1000BASE-T 400W
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved7#ATM15 |
S1500 Mobility Access Switch
• Designed for Wired Access– 12/24/48 Port 10/100/1000BASE-T
– Role-based access with user visibility
– Per port PoE/PoE+
• ArubaStack– Stack up to 8 devices
• Integrated Components– Built in fans for quiet operation
(24P/48P)
– Fanless for public spaces (12P)
– Fixed 2-port (12P) & 4-port (24P/48P) uplinks
• 1000BASE-x SFP
SKU Ports PoE Budget
S1500-12P 24x10/100/1000BASE-T 120W
S1500-24P 24x10/100/1000BASE-T 400W
S1500-48P 48x10/100/1000BASE-T 400W
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved8#ATM15 |
Features & Capabilities
• Spanning Tree Protocols- MSTP & Rapid PVST+
• Link Aggregation Group
• L2 Generic Router Encapsulation
• Voice VLAN- LLDP-MED & CDP Fingerprinting
• Port Security- DHCP Snooping, DAI & IPSG
• Quality of Service- Strict Priority Queuing
- 1 Rate Tri-Color Policing
Platform / Layer 2 Features Routing Features• Routed VLAN Interfaces (RVI)
• Static Routing
• OSPFv2- Summarization & Route Filtering
• Policy Based Routing
• Virtual Router Redundancy Protocol
• L3 Generic Router Encapsulation
• Multicast- PIM-SM & PIM-SSM
- IGMPv1/v2/v3 Snooping
- MLDv1
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved9#ATM15 |
Features & Capabilities (cont.)
Branch Features• Redundant Uplinks
- L3 Interface Monitoring (ping-probe)
- Route Metrics for DHCP Enabled L3
Interfaces
• Dynamic DNS Client
• Network Address Translation- Source/Destination NAT via ACL
- Interface Based Source NAT
- NAT Pools
• Stateful Firewall- Session ACLs on RVIs & User-Roles
Branch Features (cont.)• Site to Site VPN
- Standby VPN Interface
- Default Route to VPN
- OSPF over VPN
• Aruba VPN- Certificate based VPN using Mobility
Controller Whitelist
• Tunneled Node over Site to Site
or Aruba-VPN
• DHCP Services- Dynamically distribute DHCP scopes
from Mobility Controller
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved10#ATM15 |
Features & Capabilities (cont.)
Authentication & Security• Role Based User Access
• Deny Inter User Traffic
• User Derived Roles- MAC OUI, DHCP Sig. & LLDP/CDP
Phone Match
• AAA Authentication- 802.1x, MAC Auth & Captive Portal
• External Authentication Servers- Radius, TACACS+ & LDAP
• Radius Fail-Open
Aruba Portfolio Integration• Mobility Controller
- Aruba VPN
- Tunneled Node
- AirGroup
• Access Points- Auto AP PoE Prioritization (IAP/CAP)
- Auto AP QoS Trust (IAP/CAP)
- Auto AP Interface Config. (IAP/CAP)
- Rogue AP Containment (IAP)
- VLAN Sharing (IAP)
• ClearPass Policy Manager- Downloadable Roles & Guest
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved11#ATM15 |
Features & Capabilities (cont.)
Management• Command Line Interface
• Web UI
• Aruba Activate- Cloud Provisioning Service
- Direct Mobility Access Switch to
Airwave or Controller for VPN
• Aruba Central- Cloud Management Service
• Airwave Management Platform• Discovery via DHCP
• Discovery via Activate
Optics & DACs• SFP/SFP+ Optics
- 1000BASE-T
- 1000BASE-SX
- 1000BASE-LX
- 1000BASE-EX
- 1000BASE-ZX
- 10GBASE-SR
- 10GBASE-LR
- 10GBASE-LRM
- 10GBASE-ER
- 10GBASE-ZR
• Twinax/Direct Attach Copper- 50cm/1m/3m/5m/7m
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved13#ATM15 |
AAA View of the World
ManufacturersVia MAC OUI
Operating SystemsVia DHCP
Fingerprinting
Our Mobility Access Switches see…
And our security enforcement model uses…
MAC Addresses
Usernames/Passwords
IP PhonesVia Device-Type Fingerprinting
User-roles
…provisioned locally or dynamically which simplifies AAA deployments
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved14#ATM15 |
Context• User: Joe Smith
• Role: Guest
Policy Enforcement Policy Definition
ClearPass Policy Manager Integration
802.11n AP ClearPassMobility
Controller
1. User provides their
credentials and other
context to Authenticate
Mobility Access
Switch
2. ClearPass Policy
Manager returns Role
& Policy for
User/Device
3. Role & Policy pushed
to the Mobility Controller
for Role & Policy
Enforcement
3. Role & Policy pushed
to the Mobility Access
Switch for Role & Policy
Enforcement
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved17#ATM15 |
Airwave Discovery using DHCP & Aruba Activate
Branch Location
Mobility Access Switch
Argh! No Airwave details
from DHCP either!
2. Mobility Access Switch first attempts
to download a configuration via TFTP
Aruba
Activate
Airwave Management Platform
Headquarters Location
3. When TFTP fails, the Mobility Access
Switch attempts to contact Airwave using
credentials supplied by DHCP.5. Activate responds with
Airwave IP, Shared Secret,
Group Name and Folder
Name and optional Controller
IP for Aruba-VPN
6. Mobility Access Switch contacts Airwave and provides
Shared Secret, Group Name and Folder Name.
7. Airwave contacts Mobility Access Switch
and pushes down group configuration
TFTP? Are
you there?
Help me Aruba Activate,
you’re my only hope!
Hi Airwave!
Configure Me!
1. Customer Enables Service
& Inputs Provisioning Rules
Hi Mobility
Access Switch!
Yippie! All
Configured!
Hi Mobility
Access Switch!
4. If no credentials are supplied via
DHCP options, the Mobility Access
Switch attempts to contact Activate.
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved18#ATM15 |
AirWave Management Platform & Mobility Access Switch
Hardware Monitoring & User Visibility
– Inventory and Uptime
– Visibility Into Wired Network Usage
– SNMP Trap and Syslog Support
Software Configuration & Firmware Management
– Configuration Changes & Backups
– Firmware Upgrades
Reporting
– Compliance Reporting
– Report and Track Wired Users