Unified Wired and Wireless |
- Software-defined networking support: leverages REST APIs to enable automation of network operations, monitoring, and troubleshooting
- Supports unified wired and wireless policies: using Aruba ClearPass Policy Manager
- Switch auto-configuration: automatically configures switch for different settings such as VLAN, CoS, PoE max power, and PoE priority when an Aruba access point is detected
- User role: defines a set of switch-based policies in areas such as security, authentication, and QoS. A user role can be assigned to a group of users or devices, using local switch configuration (YA releases only).
|
Quality of Service (QoS) |
- Traffic prioritization (IEEE 802.1p): allows for real-time traffic classification. Supports eight priority levels mapped to either two or four queues, and uses weighted deficit round robin (WDRR) or strict priority
Simplified QoS configuration
- Port-based: traffic prioritization by specifying a port and priority level
- VLAN-based: traffic prioritization by specifying a VLAN and priority level
- Class of Service (CoS): sets the IEEE 802.1p priority tag based on IP address, IP Type of Service (ToS), Layer 3 protocol, TCP/UDP port number, source port, and DiffServ
- Rate limiting: establishes per-port ingress-enforced maximums for all traffic or for broadcast, multicast, or unknown destination traffic
- Layer 4 prioritization: enables priorities based on TCP/UDP port numbers
Flow control: delivers reliable communication during full-duplex operation
|
Simplified Configuration and Management |
- Aruba Central cloud-based management platform: offers a simple, secure and cost effective way to manage switches. Complies with RFC 7030 for encryption key enrollment
- Zero-Touch ProVisioning (ZTP): simplifies installation of the switch infrastructure using DHCP-based process with AirWave
- Choice of management interfaces
- HTML-based easy-to-use Web GUI
allows configuration of the switch from any Web browser
- Robust CLI
provides advanced configuration and diagnostics
- Simple network management protocol (SNMPv1/v2c/v3)
allows the switch to be managed with a variety of third-party network management applications
- Flexible management: supports both cloud-based Central and on-premise AirWave without ripping and replacing switching infrastructure
- Virtual stacking: provides single IP address management for up to 16 switches
- sFlow (RFC 3176): delivers wire-speed traffic accounting and monitoring, configured by SNMP and CLI with three terminal encrypted receivers
- IEEE 802.1AB Link Layer Discovery Protocol (LLDP): automates device discovery protocol for easy mapping by network management applications
- Provides local and remote logging of events: via SNMP (v2c and v3) and syslog; provides log throttling and log filtering to reduce the number of log events generated
- Port mirroring: allows traffic to be mirrored on any port or a network analyzer to assist with diagnostics or detecting network attacks
- Remote monitoring (RMON): provides advanced monitoring and reporting capabilities for statistics, history, alarms, and events
- Find, fix, and inform: finds and fixes common network problems automatically, and then informs the administrator
- Friendly port names: allows assignment of descriptive names to ports
- Dual flash images: provides independent primary and secondary operating system files for backup while upgrading
- Multiple configuration files: are easily stored with a flash image
- Front-panel LEDs
- Locator LEDs: allows users to set the locator LED on a specific switch to turn on, blink, or turn off; and simplifies troubleshooting by making it easy to locate a particular switch within a rack of similar switches
- Per-port LEDs: provides an at-a-glance view of the status, activity, speed, and full-duplex operation
- Power and fault LEDs: display issues, if any
|
Layer 2 switching |
- VLANs: supports 512 VLANs and 4,094 VLAN IDs
- Jumbo packet support: improves the performance of large data transfers; supports frame size of up to 9,220 bytes
- 16K MAC address table: provides access to many Layer 2 devices
- GARP VLAN Registration Protocol: allows automatic learning and dynamic assignment of VLANs
- Rapid Per-VLAN Spanning Tree (RPVST+): allows each VLAN to build a separate spanning tree to improve link bandwidth usage; is compatible with PVST+
|
Security |
- Access control lists (ACLs): accommodate IPv4/IPv6 port and VLAN-based ACLs (IPv6 ACL is supported only on Gigabit Ethernet and 48-port models.)
- Source-port filtering: allows only specified ports to communicate with each other
- RADIUS/TACACS+: eases switch management security administration by using a password authentication server
- Secure Sockets Layer (SSL): encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch
- Port security: allows access only to specified MAC addresses, which can be learned or specified by the administrator
- MAC address lockout: prevents particular configured MAC addresses from connecting to the network
- Multiple user authentication methods
- IEEE 802.1X: uses an IEEE 802.1X supplicant on the client in conjunction with a RADIUS server to authenticate in accordance with industry standards
- Web-based authentication: provides a browser-based environment, similar to IEEE 802.1X, to authenticate clients that do not support the IEEE 802.1X supplicant
- Supports MAC-based authentication: using the client’s MAC address
- Secure shell (SSH) v2: encrypts all transmitted data for secure remote CLI access over IP networks
- STP BPDU port protection: blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks
- STP root guard: protects the root bridge from malicious attacks or configuration mistakes
- Secure management access: delivers secure encryption of all access methods (CLI, GUI, or MIB) through SSHv2 and SNMPv3
- Custom banner: displays security policy when users log in to the switch
- Secure FTP: allows secure file transfer to and from the switch; protects against unwanted file downloads or unauthorized copying of a switch configuration file
- Protected ports CLI: offers intuitive CLI to configure the source-port filter feature, by allowing specified ports to be isolated from all other ports on the switch; the protected port or ports can communicate only with the uplink or shared resources
- Authentication flexibility
- Multiple IEEE 802.1X users per port: provides authentication for up to eight IEEE 802.1X users per port; prevents a user from “piggybacking” on another user’s IEEE 802.1X authentication
- Concurrent IEEE 802.1X, Web or MAC authentication schemes per port: allows a switch port to accept IEEE 802.1X and either Web or MAC authentications
- Switch management logon security: helps secure switch CLI logon by optionally requiring either RADIUS or TACACS+ authentication
- DHCP protection: blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
- Dynamic ARP protection: blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data
- Dynamic IP lockdown: works with DHCP protection to block traffic from unauthorized hosts, preventing IP source address spoofing
- MAC Pinning: allows non-chatty legacy devices to stay authenticated by pinning client MAC addresses to the port until the clients logoff or get disconnected
|
Convergence |
- LLDP-MED (Media Endpoint Discovery): defines a standard extension of LLDP that stores values for parameters such as QoS and VLAN to automatically configure network devices such as IP phones
- IEEE 802.1AB Link Layer Discovery Protocol (LLDP): facilitates easy mapping using network management applications with LLDP automated device discovery protocol
- PoE and PoE+ allocations: support multiple methods (automatic, IEEE 802.3at dynamic, LLDP-MED fine grain, IEEE 802.3af device class or user-specified), to allocate and manage PoE/PoE+ power for more energy savings
- Voice VLAN: uses LLDP-MED to automatically configure a VLAN for IP phones
- IP multicast (IGMP): prevents flooding of IP multicast traffic
- LLDP-CDP compatibility: receives and recognizes CDP packets from Cisco’s IP phones for seamless interoperation
- Local MAC Authentication: assigns attributes such as VLAN and QoS using locally configured profile that can be a list of MAC prefixes
|
Resiliency and high availability |
- Port trunking and link aggregation
- Trunking: supports up to eight links per trunk to increase bandwidth and create redundant connections; and supports L2, L3, and L4 trunk load-balancing algorithm (L4 trunk load balancing is supported only on Gigabit Ethernet and 48-port models.)
- IEEE 802.3ad Link Aggregation Control Protocol (LACP): eases configuration of trunks through automatic configuration
- IEEE 802.1s Multiple Spanning Tree: provides high link availability in multiple VLAN environments by allowing multiple spanning trees; provides legacy support for IEEE 802.1d and IEEE 802.1w
- SmartLink: provides easy-to-configure link redundancy of active and standby links
|
Product Architecture |
- Power savings with energy-efficient design
- IEEE 802.3az: reduces power consumption during periods of low data activity on Gigabit Ethernet switches
- Port low power mode: enables the port to automatically go into low-power mode to conserve energy when no link is detected
- Fanless and variable-speed fans: decrease power consumption in fanless (all 8-port, 2530-24, and 2530-48 PoE+ switches) as well as variable-speed fan switches
- Port LEDs: conserves energy by optionally turning off port link and activity LEDs
- Switch on a chip: provides a highly integrated, high-performance switch design with a non-blocking architecture
|
Đánh giá
Chưa có đánh giá nào.