Transcription
DATA SHEETARUBA CX 6300 SWITCHSERIESPRODUCT OVERVIEWThe Aruba CX 6300 Switch Series is a modern, flexible andintelligent family of stackable switches ideal for enterprisenetwork access, aggregation, core and data center top of rack(ToR) deployments. Created for game-changing operationalefficiency with built-in security and resiliency, the 6300switches provide the foundation for high-performancenetworks supporting IoT, mobile and cloud applications.Built from the ground up with a combination of cutting-edgehardware, software and analytics and automation tools, thestackable 6300 switches are part of the Aruba CX switchingportfolio, designed for today’s enterprise campus, branchand data center networks. By combining a modern, fullyprogrammable OS with the Aruba Network Analytics Engine,KEY BENEFITS Stackable Layer 3 switches with BGP, EVPN,VXLAN, VRF, and OSPF with robust security andQoS High performance 880 Gbps system switchingthe 6300 switches provide industry leading monitoring andcapacity, 660 MPPS of system throughput and uptroubleshooting capabilities for the access layer.to 200 Gbps stacking bandwidthA powerful Aruba Gen7 ASIC architecture deliversperformance and robust feature support with flexibleprogrammability for tomorrow’s applications. The ArubaVirtual Stacking Framework (VSF) allows for stacking of up to10 switches, providing scale and simplified management. Thisflexible series has built-in wirespeed 1GbE/10GbE/25GbE1uplinks and supports high density IEEE 802.3bt high powerPoE. HPE Smart Rate multi-gigabit Ethernet paves the wayfor high speed access points and IoT devices by deliveringfast connectivity and high power PoE using existing cabling.Modular models offer redundancy and PoE customizationwith hot-swappable power supplies and fans. Back-to-frontairflow available in switch bundle for hot-cold aisle topof-rack (TOR) and out-of-band-management (OOBM) datacenter deployments.Aruba Dynamic Segmentation extends Aruba’s foundationalwireless role-based policy capability to Aruba wired switches. Compact 1U switches with full density HPE SmartRate (1/2.5/5GbE) multi-gigabit, 60W PoE and SFP models Power-to-port switch bundle with back-to-frontairflow ideal for data center 1GbE ToR and OOBMdeployments Built-in high speed 10GbE/25GbE uplinks1 (50GbE1transceiver capability will be enabled in futuresoftware release) 50GbE connectivity with 50GbE DACs1 Intelligent monitoring, visibility, and remediationwith Aruba Network Analytics Engine Manage via single pane of glass with Aruba Centralacross wired, wireless, and WAN Aruba NetEdit support for automatedconfiguration and verification Aruba Dynamic Segmentation enables secure andsimple access for users and IoTWhat this means is that the same security, user experienceand simplified IT management can be enjoyed throughoutthe network. Regardless of how users and IoT devicesconnect, consistent policies are enforced across wired andwireless networks, keeping traffic secure and separate.150G capability is for use with 50G DACs for both interconnect and VSF stacking. 50G transceiver capability enabled by future software release.VSF stacking not supported on 1G ports.
DATA SHEETARUBA CX 6300 SWITCH SERIESPRODUCT DIFFERENTIATORSAOS-CX - a modern operating systemThe Aruba CX 6300 Switch Series is based on AOS-CX, amodern, database-driven operating system that automatesand simplifies many critical and complex network tasks.A built-in time series database enables customers anddevelopers to utilize software scripts for historicaltroubleshooting, as well as analysis of past trends. This helpspredict and avoid future problems due to scale, security, andperformance bottlenecks.Our AOS-CX software also includes Aruba Network AnalyticsEngine (NAE) and support for Aruba NetEdit. Because AOSCX is built on a modular Linux architecture with a statefulAruba Network Analytics Engine - advanced monitoringand diagnosticsFor enhanced visibility and troubleshooting, Aruba’sNetwork Analytics Engine (NAE) automatically monitors andanalyzes events that can impact network health. Advancedtelemetry and automation provide the ability to easily identifyand troubleshoot network, system, application and securityrelated issues easily, through the use of python agents, CLIbased agents, CLI-based agents and REST APIsThe Time Series Database (TSDB) stores configuration andoperational state data, making it available to quickly resolvenetwork issues. The data may also be used to analyze trends,identify anomalies and predict future capacity requirements.database, our operating system provides the followingAruba Central uses NAE and agents to deliver switchunique capabilities:monitoring, analytics, and enhanced troubleshooting for Easy access to all network state information allows uniquevisibility and analytics REST APIs and Python scripting for fine-grainedprogrammability of network tasks A micro-services architecture that enables full integrationwith other workflow systems and services Continuous telemetry data with WebSocket subscriptionsfor event driven automation Continual state synchronization that provides superiorfault tolerance and high availability All software processes communicate with the databaserather than each other, ensuring near real-time state andresiliency and allowing individual software modules to beindependently upgraded for higher availabilityAruba Central - unified single pane of glass managementAruba Central is an AI-powered solution that simplifiesIT operations, improves agility, and reduces costs byunifying management of all network infrastructure. Built forenterprise-grade resiliency and security, while simple enoughfor smaller businesses with limited IT staff, Aruba Central isyour single point of visibility and control that spans the entirenetwork --from branch to data center, wired and wirelessLAN to WAN.wired assurance. Aruba NetEdit and third-party tools suchas ServiceNow and Slack provide the intelligence to integrateNAE alerts into IT service management processes, speedingproblem resolution.Aruba NetEdit – automated switch configuration andmanagementThe Aruba CX portfolio empowers IT teams to orchestratemultiple switch configuration changes for smooth end-to-endservice rollouts. Aruba NetEdit introduces automation thatallows for rapid network-wide changes, and ensures policyconformance post network updates. Intelligent capabilitiesinclude search, edit, validation (including conformancechecking), deployment and audit features. Capabilities include: Centralized configuration with validation for consistencyand compliance Time savings via simultaneous viewing and editing ofmultiple configurations Customized validation tests for corporate compliance andnetwork change analysis Automated large-scale configuration deployment withoutprogramming Network health and topology visibility via Aruba NAEintegrationAvailable as a cloud-based or on-premises solution, ArubaNote: A separate software license is required to use ArubaCentral is designed to simplify day zero through day twoNetEdit.operations with streamlined workflows for tasks such asvirtual switch stack creation, automated monitoring usingAI-powered insights and NAE, as well as a unified view of alldevices and users, both wired and wireless. Comprehensiveswitch management capabilities include configuration, onboarding, monitoring, troubleshooting, and reporting.2
DATA SHEETARUBA CX 6300 SWITCH SERIESAruba CX Mobile App – true deployment convenienceRole-based micro-segmentation delivers benefits of reducedAn easy to use mobile app simplifies connecting andsubnet and VLAN sprawl, simplified policy definition, andmanaging Aruba CX 6300 switches for any size project.scalable policy enforcement by introducing the concept ofSwitch information can also be imported into Aruba NetEditclient user roles. Independent of network constructs suchfor simplified configuration management and to continuouslyas VLANs and VRFs, clients can be grouped into a uservalidate the conformance of configurations anywhere in therole based on their identity, allowing the colorless portsnetwork. The Aruba CX Mobile App is available for download.technology to be extended to the centralized overlay fabric,as clients are on-boarded with automatic tunnel creationAruba ASICs - programmable innovationbased on the associated user roles policy. The user rolesBased on over 30 years of continuous investment, Aruba’spolicy offers the choice between micro-segmentation usingASICs create the basis for innovative and agile softwarecentralized and unified policy enforcement for wirelessfeature advancements, unparalleled performance and deepand wired traffic with Layer 7 stateful firewall on gatewaysvisibility. These programmable ASICs are purpose-builtor a distributed approach with a Layer 4 role-role ACL onto allow for a tighter integration of switch hardware andswitches.software within campus and data center architectures tooptimize performance and capacity. Virtual Output Queuing(VOQ) isolates congestion, prevents Head of Line Blocking(HOLB) and allows full line rate on outgoing (egress) ports.Flexible ASIC resources enable Aruba’s NAE solution toinspect all data, which allows for industry-leading analyticscapabilities. The Aruba CX 6300 is based on the Aruba Gen7ASIC architecture.Aruba Dynamic Segmentation – campus and branchfabricThe Aruba Dynamic Segmentation solution enablesseamless mobility, consistent policy enforcement, andautomated configurations for wired and wireless clientsacross networks of all sizes. It unifies role-based accessand policy enforcement across LAN, WLAN, and SD-WANnetworks with centralized policy definition and dedicatedenforcement points, ensuring that users and devices can onlycommunicate with destinations consistent with their role keeping traffic secure and separate. Dynamic Segmentationis based on establishing least privilege access to IT resourcesby segmenting traffic based on identity, a fundamentalconcept of both Zero Trust and SASE frameworks where trustis based on roles and policies, not on where and how a useror device connects.This innovation begins with colorless ports and rolebased micro-segmentation technologies. Colorless portsDynamic Segmentation provides scale and flexibility innetwork design by allowing the stretching of VLANs andsubnets across the entire network with an EVPN/VXLANbased distributed overlay fabric. Fabric overlays use VXLANor VXLAN-GBP tunnels on the data plane and provide theoption of a Multi-Protocol BGP EVPN control plane for largedeployments, or a static Layer 2 control plane for simplifieddeployments.Mobility and IoT performanceThe Aruba CX 6300 Switch Series uses a fully distributedarchitecture that utilizes the Aruba Gen7 ASICs. This ensuresthat our switches offer very low latency, increased packetbuffering, and adaptive power consumption. All switchingand routing are wire-speed to meet the demands ofbandwidth-intensive applications today and in the future.Each switch includes the following: Up to 880 Gbps in non-blocking bandwidth and up to 660Mpps for forwarding 10GbE/25GbE uplinks1 and large TCAM sizes ideal formobility and IoT deployments in large campuses withseveral thousand clients Selectable queue configurations that allow for increasedperformance by defining a number of queues andassociated memory buffering to best meet therequirements of network applicationsallow wired clients to connect to any switch port, with theconfiguration automated using RADIUS-based access control.This eliminates the need for manual on-boarding of clients,including IoT devices, onto the network.150G capability is for use with 50G DACs for both interconnect and VSF stacking. 50G transceiver capability enabled by future software release.VSF stacking not supported on 1G ports.3
DATA SHEETARUBA CX 6300 SWITCH SERIES Support for pre-standard PoE detection provides powerVSF Stacking - scale and simplicityThe Aruba Virtual Switching Framework (VSF) allows you toquickly grow your network using high performance frontto legacy PoE devices High availability with always-on PoE that supplies PoEpower even during scheduled reboots and firmwareplane stacking. Additional features include: Support for up to 10 switches (or members) in a stack viachain or ring topology Flexibility to create stacks that span longer distancessuch as hundreds of meters across campuses tokilometres between sites using long-range 10GbE/25GbE1transceivers Flexibility to mix both modular and fixed Aruba 6300models within a single stack to meet your deploymentrequirements Simplified configuration and management as the switchesact as a single chassis when stacked The Aruba CX Mobile app provides support for a validatedstack deployment that ensure that all stack links anduplinks are connected properlyupgrades Quick PoE supplies PoE power to powered devices assoon as the switch is plugged into AC power so device caninitialize at same time as switch OS boots up. Support for Energy Efficient Ethernet IEEE 802.3azreduces power consumption during periods of lownetwork traffic. Support for top-of-rack (ToR) and out-of-bandmanagement (OOBM) data center deployments withCX 6300M Power-to-port bundle that delivers requiredpower-to-port (back to front) airflow. Auto-MDIX provides automatic adjustments forstraight-through or crossover cables on all 10/100/1000,Smart Rate and 10GBASE-T ports Unsupported Transceiver Mode (UTM) allows to insertAn Aruba CX 6300 switch for any enterprise environmentand enable all unsupported 1G and 10G transceivers andWhether in the branch office or a small to large enterprisecables. Note that there is no warranty nor support for theenvironment, you can choose from 24 and 48 port 1Utransceiver/cable when this feature is usedmodels. Each switch includes four high-speed built-in uplinksthat auto-negotiate from 1GbE, 10GbE to 25GbE to deliver1non-blocking performance. Fixed format (F) models includebuilt-in power supplies. The modular (M) models have rearslots for hot swappable power supplies that allow you tocustomize your PoE requirements, and its fans are fieldreplaceable. Additional highlights: Compact 1U models support:- 24 and 48 ports of HPE Smart Rate Multi-gigabit EthernetIEEE 802.3bz (100M/1GbE/2.5GbE/5GbE) supportinghigh power IEEE 802.3bt Class 6 (60W)- High density 24 port SFP model which is ideal foraggregation- 10GbE/25GbE uplink1 port connectivity HPE Smart Rate multi-gigabit (IEEE 802.3bz) Ethernetsupports high speed wireless access points For deployments that need higher port and PoE density,the 6300 supports 60W of PoE in every port of a 48-portswitch for a total of 2880W of PoE Industry standard IEEE 802.3bt High Power PoE support(class 6) provides up to 60W per port for support of the IPv6 capabilities include:- IPv6 host enables switches to be managed in an IPv6network- Dual stack (IPv4 and IPv6) transitions from IPv4 to IPv6,supporting connectivity for both protocols- MLD snooping forwards IPv6 multicast traffic to theappropriate interface- IPv6 ACL/QoS supports ACL and QoS for IPv6 networktraffic- IPv6 routing supports Static and OSPFv3 protocols- Security provides RA guard, DHCPv6 protection, dynamicIPv6 lockdown, ND snooping, IPv6 Destination Guard,IPv6 DHCP Guard, and IPv6 Router Advertisement Guard Jumbo frames allow for high-performance backups anddisaster-recovery systems; provides a maximum framesize of 9198 bytes Packet storm protection against broadcast and multicaststorms with user-defined thresholds Smart link enables simple, fast converging link redundancyand load balancing with dual uplinks avoiding SpanningTree complexitieslatest IoT devices and APs. PoE support for IEEE 802.3atPower over Ethernet (PoE ) provides up to 30W per portas well as any IEEE 802.3af-compliant end device150G capability is for use with 50G DACs for both interconnect and VSF stacking. 50G transceiver capability enabled by future software release.VSF stacking not supported on 1G ports.4
DATA SHEETARUBA CX 6300 SWITCH SERIESCX 6300M bundle for data centersThe CX 6300M 48 port power-to-port switch bundle servesas a top of rack (ToR) switch for 1GbE servers and also asa 1GbE out-of-band management (OOBM) switch for datacenters server racks. Features include: Power-to-port bundle (JL762A) includes 48 port 1GbEswitch with 2 x Fan Trays (JL761A) and 1 x power supply(JL760A) Back (power-side) to front (1GbE port side) airflow 1GbE/10GbE/25GbE1 SFP uplinksHigh availability and resiliencyTo ensure a high degree of up-time we offer high availability Ethernet Ring Protection Switching (ERPS) supports rapidprotection and recovery in a ring topology Hot-Patching support for standalone CX 6300 and for6300 with VSF StackingQuality of Service (QoS) featuresTo support congestion actions and traffic prioritization, theAruba CX 6300 Series includes the following: Strict priority (SP) queuing and Deficit Weighted RoundRobin (DWRR) Traffic prioritization (IEEE 802.1p) for real-timeclassification into 8 priority levels that are mapped to 8queuesand multicast features needed for a full Layer 3 deployment Layer 4 prioritization based on TCP/UDP port numbersat access and aggregation such as PBR, BFD, MSDP, BSR, and Class of Service (CoS) sets the IEEE 802.1p priority tagIP SLA without the need for software licenses. This includes: Hot Swappable Power Supplies available in the 6300 “M”models- Provides N 1 and N N redundancy for high reliability inthe event of power line or supply failures- Optional secondary power supplies to increase the totalavailable PoE power- Fixed power supplies in 6300 “F” modelsbased on IP address, IP Type of Service (ToS), Layer 3protocol, TCP/UDP port number, source port, and DiffServ Rate limiting sets per-port ingress enforced maximumsand per-port, per-queue minimums Transmission rates of egressing frames can be limited ona per-queue basis using Egress Queue Shaping (EQS) Large buffers for graceful congestion managementSimplified configuration and management Bidirectional Forward Detection (BFD) enables sub-secondIn addition to Aruba Central, the Aruba CX Mobile App, Arubafailure detection for rapid routing protocol re-balancing,NetEdit and Aruba Network Analytics Engine, the 6300 seriessupporting both IPV4 and IPv6 networksoffers the following: Virtual Router Redundancy Protocol (VRRP) allows groupsof two routers to dynamically create highly availablerouted environments in IPV4 and IPV6 networks Uni-directional Link Detection (UDLD) to monitor linkconnectivity and shut down ports at both ends if unidirectional traffic is detected, preventing loops in STPbased networks IEEE 802.3ad LACP supports up to 256 LAGs, each withup to 8 links per LAG; and provides support for static ordynamic groups and a user-selectable hashing algorithm IEEE 802.1s Multiple Spanning Tree provides high linkavailability in VLAN environments where multiple spanningtrees are required; and legacy support for IEEE 802.1dand IEEE 802.1w IEEE 802.3ad link-aggregation-control protocol (LACP) andport trunking support static and dynamic trunks whereeach trunk supports up to eight links (ports) per statictrunk Support for Microsoft Network Load Balancer (NLB) forserver applications Built-in programmable and easy to use REST API interface Simple day zero provisioning Scalable ASIC-based wire speed network monitoring andaccounting with no impact on network performance;network operators can gather a variety of networkstatistics and information for capacity planning and realtime network monitoring purposes Management interface control enables or disables each ofthe following depending on security preferences, consoleport, or reset button Industry-standard CLI with a hierarchical structure forreduced training time and expense. Delivers increasedproductivity in multivendor environments Management security restricts access to criticalconfiguration commands, provides multiple privilegelevels with password protection and local and remotesyslog capabilities allow logging of all access SNMP v2c/v3 provides SNMP read and trap support ofindustry standard Management Information Base (MIB),and private extensions5
DATA SHEETARUBA CX 6300 SWITCH SERIES SNMP support includes: Write Set Speed and Duplex, Precision Time Protocol allows precise clockWrite Port Security, Write POE Priority, Write Config Mgmt,synchronization across distributed network switches asSNMP-Read single OID for average CPU and memory,defined in IEEE 1588. Needed for time critical applicationsSNMP MIB Viewlike AVB, smart grid power automation, etc. Supports PTP SNMP Trap include: Transceiver Traps (insertion/removal),SNMP Trap, SNMP MIB-SNMB Authentication, SNMPv2MIB, Port Sec MIB-Port Sec, Config MIB-Running ConfigChange, Config MIB, AAA Server MIB, AAA Server State Remote monitoring (RMON) with standard SNMP tomonitor essential network functions. Supports events,alarms, history, and statistics groups as well as a privatealarm extension group; RMON, and sFlow provideadvanced monitoring and reporting capabilities forstatistics, history, alarms and events TFTP and SFTP support offers different mechanismsfor configuration updates; trivial FTP (TFTP) allowsbidirectional transfers over a TCP/ IP network; SecureFile Transfer Protocol (SFTP) runs over an SSH tunnel toprovide additional security Debug and sampler utility supports ping and traceroutefor IPv4 and IPv6 Network Time Protocol (NTP) synchronizes timekeepingamong distributed time servers and clients; keepstimekeeping consistent among all clock-dependentdevices within the network so the devices can providediverse applications based on the consistent time IEEE 802.1AB Link Layer Discovery Protocol (LLDP)advertises and receives management information fromTransparent Clock and Boundary Clock (BC)Layer 2 SwitchingThe following layer 2 services are supported: VLAN support and tagging for IEEE 802.1Q (4094 VLANIDs) Jumbo packet support improves the performance of largedata transfers; supports frame size of up to 9198 bytes IEEE 802.1v protocol VLANs isolate select non-IPv4protocols automatically into their own VLANs Rapid Per-VLAN Spanning Tree (RPVST ) allows eachVLAN to build a separate spanning tree to improve linkbandwidth usage; is compatible with PVST MVRP allows automatic learning and dynamic assignmentof VLANs VXLAN encapsulation (tunnelling) protocol for overlaynetwork that enables a more scalable virtual networkdeployment Bridge Protocol Data Unit (BPDU) tunnelling Transmits STPBPDUs transparently, allowing correct tree calculationsacross service providers, WANs, or MANs Port mirroring duplicates port traffic (ingress and egress)to a monitoring port; supports 4 mirroring groups STP supports standard IEEE 802.1D STP, IEEE 802.1wadjacent devices on a network, facilitating easy mappingRapid Spanning Tree Protocol (RSTP) for fasterby network management applicationsconvergence, and IEEE 802.1s Multiple Spanning Tree Dual flash images provides independent primary andsecondary operating system files for backup whileupgrading Assignment of descriptive names to ports for easyidentification Multiple configuration files can be stored to a flash image Ingress and egress port monitoring enable more efficientnetwork problem solving Unidirectional link detection (UDLD) monitors the linkbetween two switches and blocks the ports on both endsof the link if the link goes down at any point between thetwo devices IP SLA for Voice monitors quality of voice traffic using theProtocol (MSTP) Internet Group Management Protocol (IGMP) Controlsand manages the flooding of multicast packets in aLayer 2 network IPv4 Multicast in VXLAN/EVPN Overlay support allows PIMSM/IGMP snooping in the VXLAN Overlay IPv6 VXLAN/EVPN Overlay support, allows IPv6 traffic overthe VXLAN overlay VXLAN ARP/ND suppression allows minimization of ARPand ND traffic flooding within individual VXLAN segments,thus optimizing the VXLAN network QinQ support to improve the VLAN utilization by addinganother 802.1Q tag to tagged packetsUDP Jitter and UDP Jitter for VoIP tests6
DATA SHEETARUBA CX 6300 SWITCH SERIESLayer 3 ServicesLayer 3 RoutingThe following layer 3 services are supported:The following layer 3 routing services are supported: Bidirectional Forwarding Detection (BFD) enableslink connectivity monitoring and reduces networkconvergence time for static route, OSPFv2 and VRRP User Datagram Protocol (UDP) helper function allows Border Gateway Protocol (BGP) provides IPv4 and IPv6routing, which is scalable, robust, and flexible Border Gateway Protocol 4 (BGP-4) delivers animplementation of the Exterior Gateway Protocol (EGP)UDP broadcasts to be directed across router interfacesutilizing path vectors; uses TCP for enhanced reliabilityto specific IP unicast or subnet broadcast addresses andfor the route discovery process; reduces bandwidthprevents server spoofing for UDP services such as DHCPconsumption by advertising only incremental updates; Loopback interface address defines an address in OpenShortest Path First (OSPF), improving diagnostic capability Route maps provide more control during routeredistribution; allow filtering and altering of route metrics Address Resolution Protocol (ARP) determines the MACaddress of another IP host in the same subnet; supportsstatic ARPs; gratuitous ARP allows detection of duplicateIP addresses; proxy ARP allows normal ARP operationbetween subnets or when subnets are separated by aLayer 2 network Dynamic Host Configuration Protocol (DHCP) simplifiesthe management of large IP networks and supports client;supports extensive policies for increased flexibility; scalesto very large networks with graceful restart capability Equal-Cost Multipath (ECMP) enables multiple equal-costlinks in a routing environment to increase link redundancyand scale bandwidth Multi-protocol BGP (MP-BGP) enables sharing of IPv6routes using BGP and connections to BGP peers usingIPv6 Routing Information Protocol version 2 (RIPv2) provides aneasy to configure routing protocol for small networks aswhile RIPng provides support for small IPv6 networks Open shortest path first (OSPF) delivers fasterDHCP Relay enables DHCP operation across subnetsconvergence; uses link-state routing Interior Gateway DHCP server centralizes and reduces the cost of IPv4Protocol (IGP), which supports ECMP, NSSA, and MD5address management Domain Name System (DNS) provides a distributeddatabase that translates domain names and IP addresses,which simplifies network design; supports client andserver mDNS (Multicast Domain Name System) Gateway enablesdiscovery of mDNS groups across L3 boundaries Generic Routing Encapsulation (GRE) enables tunnelingtraffic from site to site over a Layer 3 path Supports internal loopback testing for maintenancepurposes and increased availability; loopbackauthentication for increased security and graceful restartfor faster failure recovery. OSPF provides OSPFv2 for IPv4 routing and OSPFv3 forIPv6 routing Static IP routing provides manually configured routing;includes ECMP capability Policy-based routing uses a classifier to select traffic thatcan be forwarded based on policy set by the networkadministrator Static IPv4 and IPv6 routing provides simple manuallyconfigured IPv4 and IPv6 routesdetection protects against incorrect cabling or network IP performance optimization provides a set of tools toconfigurations and can be enabled on a per-port or per-improve the performance of IPv4 networks; includesVLAN basis for added flexibilitydirected broadcasts, customization of TCP parameters, IP sub-interface is a virtual interface created by dividingphysical interface into multiple logical interfaces taggedsupport of ICMP error packets, and extensive displaycapabilitiesusing different VLAN-IDs. A physical interface can be a Dual IP stack maintains separate stacks for IPv4 and IPv6regular physical, Split port or LAG L3 interface. A sub-to ease the transition from an IPv4-only network to aninterface is used for many uses-cases such as VRF-liteIPv6-only network designinterconnection and inter-vlan routing (router on-a-stick)7
DATA SHEETARUBA CX 6300 SWITCH SERIESSecurityThe Aruba CX 6300 Switch Series come with an integratedtrusted platform module (TPM) for platform integrity. Thisensures the boot process started from a trusted combinationof Aruba AOS-CX switches. Other security features include: TAA Compliance uses FIPS 140-2 validated cryptographyfor protection of sensitive information Access control list (ACL) support for both IPv4 and IPv6;allows for filtering traffic to prevent unauthorized usersfrom accessing the network, or for controlling networktraffic to save resources; rules can either deny or permittraffic to be forwarded; rules can be based on a Layer 2header or a Layer 3 protocol header ACLs also provide filtering based on the IP field, source/destination IP address/subnet, and source/ destinationTCP/UDP port number on a per-VLAN or per-port basis Enrollment over Secure Transport (EST) enables securecertificate enrollment, allowing for easier enterprisemanagement of PKI Remote Authentication Dial-In User Service (RADIUS) Terminal Access Controller Access-Control System(TACACS ) delivers an authentication tool using TCP withencryption of the full authentication request, providingadditional security Management access security for both on- and offbox authentication for administrative access. RADIUSor TACACS can be used to provide encrypted userauthentication. Additionally, TACACS can also provideadmin authorization services Control Plane Policing sets rate limit on control protocolsto protect CPU overload from DOS attacks Supports multiple user authentication methods. Uses anIEEE 802.1X supplicant on the client in conjunction with aRADIUS server to authenticate in accordance with industrystandards Web based authentication using Captive Portal onClearP
with hot-swappable power supplies and fans. Back-to-front airlow available in switch bundle for hot-cold aisle top-of-rack (TOR) and out-of-band-management (OOBM) data center deployments. Aruba Dynamic Segmentation extends Aruba's foundational wireless role-based policy capability to Aruba wired switches.
