Overview of the HPE Aruba Switch Family, ArubaOS 16.X New Features
In 2015, Hewlett Packard Enterprise acquired Aruba Networks and supplemented its portfolio of wireless solutions with best-in-class Wi-Fi equipment. Since then, the rebranding of one of the campus switch lines has occurred, the ProVision operating system has become ArubaOS (currently version 16.03 is available for customers). With the change of name added new functionality. In this article, we will go through the new products in the HPE Aruba switch model range, consider the new features of the ArubaOS operating system and their application scenarios.
Hewlett Packard Enterprise Networking provides customers with a complete product line for campus networks on the ArubaOS operating system:
Switches on ArubaOS OS are easy to deploy and operate, and have a lifetime warranty. Aruba ClearPass Policy Manager, Aruba AirWave, and Aruba Central's cloud-based service are integrated with modern management and security tools, optimized for software-defined networks (SDN) with support for OpenFlow technology.
The key features of the new operating system include:
In traditional campus networks, access switches direct user traffic to distribution switches or the core (in the case of a two-tier architecture). In the tunneling mode, switches running the ArubaOS operating system can forward incoming traffic from ports to Aruba Mobility controllers via L2-GRE tunnels, depending on the hardware platform, the bandwidth can reach 40 Gbit / s, it is possible to distribute the load across several controllers.
The advantages of tunneling:
As an example, consider a network consisting of a 2920 switch with ArubaOS 16.03 installed and two 7240 controllers with AOS 6.5.0.4 (the diagram is shown in the figure).
Switch side settings:
Controller-side configuration:
Profiling allows you to automatically change the settings on the switch port when a specific type of device is connected. For example, a new access point connects to the switch, the correct VLAN is automatically assigned to the port, the maximum PoE budget, CoS, etc.
To determine the type of devices used LLDP:
After the switch determines that the connected device is an access point, the port settings change according to the desired profile:
Ports supporting HPE Smart Rate technology can operate at speeds of 1, 2, 5 or 10 GbE, provide PoE + power and are ideal for connecting high-speed 802.11ac devices.
This technology is supported on the following equipment:
One of the main advantages of this technology is the possibility of using the existing SCS, network updating is possible without replacing cables:
The new version of the operating system allows for a tighter integration of LAN and WLAN, while the simplicity of operation is provided by a unified management system. It is possible to automatically configure the new equipment.
In more detail on the new functionality we will talk in the upcoming webinars (the next one will take place on March 22, the recording will be available upon completion).
Some useful links:
1) HPE Networking Online Configurator (better to use IE, prices in the GPL);
2) Networking support search tool (search for information on products, on the same portal you can find manuals on setting up the equipment);
3) HPE Networking warranty ;
4) 3D equipment models .
Hewlett Packard Enterprise Networking provides customers with a complete product line for campus networks on the ArubaOS operating system:
- Kernels or campus distribution networks, with high performance, fault tolerance, a wide range of supported network protocols and the ability to install service modules. Available in the 5400R and 3810M series;
') - Distribution or access to the campus network, with high performance, a wide range of supported network protocols, support for 1-, 10-, and 40-gigabit Ethernet ports, stacking. Available in the 3810M, 2930F, 2920 and 2540 series.
Switches on ArubaOS OS are easy to deploy and operate, and have a lifetime warranty. Aruba ClearPass Policy Manager, Aruba AirWave, and Aruba Central's cloud-based service are integrated with modern management and security tools, optimized for software-defined networks (SDN) with support for OpenFlow technology.
The key features of the new operating system include:
- Work in tunneling mode;
- Device profiling;
- SmartRate support;
- ZTP (Zero Touch Provisioning) and support for new control systems (Aruba Activate, Central and AirWave);
- Differentiation of user access by roles using Aruba CPPM (ClearPass Policy Manager);
- Access OSPF for access switches;
- New graphical interface.
1. Work in tunneling mode
In traditional campus networks, access switches direct user traffic to distribution switches or the core (in the case of a two-tier architecture). In the tunneling mode, switches running the ArubaOS operating system can forward incoming traffic from ports to Aruba Mobility controllers via L2-GRE tunnels, depending on the hardware platform, the bandwidth can reach 40 Gbit / s, it is possible to distribute the load across several controllers.
The advantages of tunneling:
- Controller authentication of wired devices through the Web-portal or by MAC address;
- Profiling wired devices;
- Functional NGFW, DPI, traffic filtering, restrictions based on application classes.
Setup example
As an example, consider a network consisting of a 2920 switch with ArubaOS 16.03 installed and two 7240 controllers with AOS 6.5.0.4 (the diagram is shown in the figure).
Switch side settings:
1) Register IP-addresses of the main and backup controllers
HP-2920-24G-PoEP (config) # tunneled-node-server controller-ip 10.76.130.66
HP-2920-24G-PoEP (config) # tunneled-node-server backup-controller-ip 10.76.130.68
HP-2920-24G-PoEP (config) # tunneled-node-server backup-controller-ip 10.76.130.68
2) Set the keepalive timer
HP-2920-24G-PoEP (config) # tunneled-node-server keepalive 8
3) Turn on tunneling on the physical interface
HP-2920-24G-PoEP (config) # interface 2
HP-2920-24G-PoEP (config) # tunneled-node-server
HP-2920-24G-PoEP (config) # tunneled-node-server
Controller-side configuration:
1) Turn on the server
"Configuration-> Advanced Services-> Wired Access-> Enable Wired Access Concentration Server" 
2) Configure the AAA Profile (in this example, the default)
"Configuration-> Advanced Services-> Wired Access-> Wired Access AAA Profile" 
3) Configure the role (in this example, the standard logon)
"Configuration-> Security-> Access Control-> User Roles-> Edit Role (logon)" 
Monitoring and troubleshooting
1) Debug
HP-2920-24G-PoEP (eth-2) # debug event
HP-2920-24G-PoEP (eth-2) # debug destination session
I 01/01/90 01:33:25 05183 tunneledNode: Using server 10.76.130.66
I 01/01/90 01:33:25 04344 SI-TUNNEL: Service Tunnel: TunneledNodeTnl02
(318767435) created.
I 01/01/90 01:33:25 04341 SI-TUNNEL: Service Tunnel: TunneledNodeTnl02
(318767435) is on-line.
I 01/01/90 01:33:25 05184 tunneledNode: Port 2: tunnel established to server
10.76.130.66
HP-2920-24G-PoEP (eth-2) # debug destination session
I 01/01/90 01:33:25 05183 tunneledNode: Using server 10.76.130.66
I 01/01/90 01:33:25 04344 SI-TUNNEL: Service Tunnel: TunneledNodeTnl02
(318767435) created.
I 01/01/90 01:33:25 04341 SI-TUNNEL: Service Tunnel: TunneledNodeTnl02
(318767435) is on-line.
I 01/01/90 01:33:25 05184 tunneledNode: Port 2: tunnel established to server
10.76.130.66
2) Server Information
HP-2920-24G-PoEP # show tunneled-node-server
Tunneled Node Server Information
State: Enabled
Primary Controller: 10.76.130.66
Backup Controller: 10.76.130.68
Keepalive Interval (seconds): 8
Tunneled Node Server Information
State: Enabled
Primary Controller: 10.76.130.66
Backup Controller: 10.76.130.68
Keepalive Interval (seconds): 8
3) Tunnel statistics (for each physical port of the switch)
HP-2920-24G-PoEP # show tunneled-node-server state
Tunneled Node Port State
Active Controller IP Address: 10.76.130.66
Port state
- - 2 Complete
HP-2920-24G-PoEP # show tunneled-node-server statistics
Tunneled Node Statistics
Port: 2
Control Plane Statistics
Bootstrap packets sent: 16372
Bootstrap packets received: 3
Bootstrap packets invalid: 0
Tunnel statistics
Rx Packets: 84
Tx Packets: 457
Rx 5 Minute Weighted Average Rate (Pkts / sec): 0
Tx 5 Minute Weighted Average Rate (Pkts / sec): 0
Aggregate Statistics
Heartbeat packets sent: 34340
Heartbeat packets received: 34332
Heartbeat packets invalid: 0
Fragmented Packets Dropped (Rx): 0
Packets to Non-Existent Tunnel: 0
MTU Violation Drop: 0
Tunneled Node Port State
Active Controller IP Address: 10.76.130.66
Port state
- - 2 Complete
HP-2920-24G-PoEP # show tunneled-node-server statistics
Tunneled Node Statistics
Port: 2
Control Plane Statistics
Bootstrap packets sent: 16372
Bootstrap packets received: 3
Bootstrap packets invalid: 0
Tunnel statistics
Rx Packets: 84
Tx Packets: 457
Rx 5 Minute Weighted Average Rate (Pkts / sec): 0
Tx 5 Minute Weighted Average Rate (Pkts / sec): 0
Aggregate Statistics
Heartbeat packets sent: 34340
Heartbeat packets received: 34332
Heartbeat packets invalid: 0
Fragmented Packets Dropped (Rx): 0
Packets to Non-Existent Tunnel: 0
MTU Violation Drop: 0
4) Tunnels on the controller
"Monitoring-> Controller-> Tunneled Node Ports" 
Application Methods
- Guest access for wired clients - it is possible to terminate traffic in the DMZ, it is possible to authorize through the web-portal, by MAC address;
- Connection of cash registers, payment terminals - we terminate client traffic on the controller, no need to stretch the VLAN;
- Securely connecting “silly” wired devices without 802.1x support — sensors, base stations, consoles. Especially true for IoT.
2. Device profiling
Profiling allows you to automatically change the settings on the switch port when a specific type of device is connected. For example, a new access point connects to the switch, the correct VLAN is automatically assigned to the port, the maximum PoE budget, CoS, etc.
To determine the type of devices used LLDP:
After the switch determines that the connected device is an access point, the port settings change according to the desired profile:
1) Default profiles
HP-2920-24G-PoEP # show device-profile config
Device Profile Configuration
Configuration for device-profile: default-ap-profile
untagged-vlan: 1
tagged-vlan: None
ingress-bandwidth: 100%
egress-bandwidth: 100%
cos: 0
speed-duplex: auto
poe-max-power: Class / LLDP
poe-priority: critical
allow-jumbo-frames: Disabled
Configuration for device-profile: default-aos-profile
untagged-vlan: 1
tagged-vlan: None
ingress-bandwidth: 100%
egress-bandwidth: 100%
cos: None
speed-duplex: auto
poe-max-power: Class / LLDP
poe-priority: critical
allow-jumbo-frames: Disabled
Configuration for device-profile: default-scs-profile
untagged-vlan: 1
tagged-vlan: None
ingress-bandwidth: 100%
egress-bandwidth: 100%
cos: None
speed-duplex: auto
poe-max-power: Class / LLDP
poe-priority: critical
allow-jumbo-frames: Disabled
Device Profile Association
Device Type: aruba-ap
Profile Name: default-ap-profile
Device Status: Disabled
Device Type: aruba-switch
Profile Name: default-aos-profile
Device Status: Disabled
Device Type: scs-wan-cpe
Profile Name: default-scs-profile
Device Status: Disabled
Device Profile Configuration
Configuration for device-profile: default-ap-profile
untagged-vlan: 1
tagged-vlan: None
ingress-bandwidth: 100%
egress-bandwidth: 100%
cos: 0
speed-duplex: auto
poe-max-power: Class / LLDP
poe-priority: critical
allow-jumbo-frames: Disabled
Configuration for device-profile: default-aos-profile
untagged-vlan: 1
tagged-vlan: None
ingress-bandwidth: 100%
egress-bandwidth: 100%
cos: None
speed-duplex: auto
poe-max-power: Class / LLDP
poe-priority: critical
allow-jumbo-frames: Disabled
Configuration for device-profile: default-scs-profile
untagged-vlan: 1
tagged-vlan: None
ingress-bandwidth: 100%
egress-bandwidth: 100%
cos: None
speed-duplex: auto
poe-max-power: Class / LLDP
poe-priority: critical
allow-jumbo-frames: Disabled
Device Profile Association
Device Type: aruba-ap
Profile Name: default-ap-profile
Device Status: Disabled
Device Type: aruba-switch
Profile Name: default-aos-profile
Device Status: Disabled
Device Type: scs-wan-cpe
Profile Name: default-scs-profile
Device Status: Disabled
2) Configure new profile
HP-2920-24G-PoEP (config) # device-profile name new
HP-2920-24G-PoEP (device-profile) # untagged-vlan 2
HP-2920-24G-PoEP (device-profile) # tagged-vlan 5
HP-2920-24G-PoEP (device-profile) # poe-priority critical
HP-2920-24G-PoEP (device-profile) # exit
HP-2920-24G-PoEP (config) # device-profile type aruba-ap associate new
HP-2920-24G-PoEP (config) # show device-profile config
...
Configuration for device-profile: new
untagged-vlan: 2
tagged-vlan: 5
ingress-bandwidth: 100%
egress-bandwidth: 100%
cos: None
speed-duplex: auto
poe-max-power: Class / LLDP
poe-priority: critical
allow-jumbo-frames: Disabled
....
HP-2920-24G-PoEP (device-profile) # untagged-vlan 2
HP-2920-24G-PoEP (device-profile) # tagged-vlan 5
HP-2920-24G-PoEP (device-profile) # poe-priority critical
HP-2920-24G-PoEP (device-profile) # exit
HP-2920-24G-PoEP (config) # device-profile type aruba-ap associate new
HP-2920-24G-PoEP (config) # show device-profile config
...
Configuration for device-profile: new
untagged-vlan: 2
tagged-vlan: 5
ingress-bandwidth: 100%
egress-bandwidth: 100%
cos: None
speed-duplex: auto
poe-max-power: Class / LLDP
poe-priority: critical
allow-jumbo-frames: Disabled
....
3. SmartRate support
Ports supporting HPE Smart Rate technology can operate at speeds of 1, 2, 5 or 10 GbE, provide PoE + power and are ideal for connecting high-speed 802.11ac devices.
This technology is supported on the following equipment:
- Aruba 3810M 40G 8 HPE Smart Rate PoE + 1-slot Switch - JL076A;
- Aruba 5400R 20-port GbE PoE + / 4-port Smart Rate PoE + MACsec v3 zl2 Module - J9991A;
- Aruba 5400R 8-port Smart Rate PoE + MACsec v3 zl2 Module - J9995A.
One of the main advantages of this technology is the possibility of using the existing SCS, network updating is possible without replacing cables:
findings
The new version of the operating system allows for a tighter integration of LAN and WLAN, while the simplicity of operation is provided by a unified management system. It is possible to automatically configure the new equipment.
In more detail on the new functionality we will talk in the upcoming webinars (the next one will take place on March 22, the recording will be available upon completion).
Some useful links:
1) HPE Networking Online Configurator (better to use IE, prices in the GPL);
2) Networking support search tool (search for information on products, on the same portal you can find manuals on setting up the equipment);
3) HPE Networking warranty ;
4) 3D equipment models .
Source: https://habr.com/ru/post/323858/
All Articles