HPE Aruba Switch Family Overview, ArubaOS 16.X New Features
In 2015, Hewlett Packard Enterprise acquired Aruba Networks and expanded its portfolio of wireless solutions with best-in-class Wi-Fi equipment. Over the past time, one of the lines of campus switches has been rebranded, the ProVision operating system has become ArubaOS (version 16.03 is currently available for customers). With the name change, new functionality was added. In this article, we will go through the latest in the lineup of HPE Aruba switches, consider the new features of the ArubaOS operating system and their application scenarios.
Hewlett Packard Enterprise Networking provides customers with a complete line of campus networking products using the ArubaOS operating system:
ArubaOS switches are easy to deploy and operate, with a lifetime warranty. It is possible to integrate with modern management and security tools Aruba ClearPass Policy Manager, Aruba AirWave and the cloud service Aruba Central, optimized for software-defined networks (SDN) with support for OpenFlow technology.
The key features of the new operating system include:
In traditional campus networks, access switches direct user traffic to distribution switches or the core (in the case of a two-tier architecture). In tunneling mode, switches running the ArubaOS operating system can forward incoming traffic from ports to Aruba Mobility controllers through L2-GRE tunnels, depending on the hardware platform, the throughput can reach 40 Gb / s, and load balancing across several controllers is possible.
Tunneling Benefits:
As an example, consider a network consisting of a 2920 switch with ArubaOS 16.03 installed and two 7240 controllers with AOS 6.5.0.4 (the diagram is shown in the figure).
Settings on the switch side:
Setting on the controller side:
Profiling allows you to automatically change settings on the switch port when connecting a specific type of device. For example, a new access point connects to the switch, the correct VLAN, maximum PoE budget, CoS, etc. are automatically assigned to the port.
LLDP is used to determine the type of devices:
After the switch determines that the connected device is an access point, the port settings are changed in accordance with the desired profile:
Ports with support for HPE Smart Rate technology can operate at speeds of 1, 2, 5 or 10 GbE, provide PoE + technology and are ideal for connecting high-speed 802.11ac devices.
This technology is supported on the following equipment:
One of the main advantages of this technology is the ability to use the existing SCS, network updates are possible without replacing cables:
The new version of the operating system allows for tighter integration of LAN and WLAN, while ease of operation is ensured by a single control system. It is possible to automatically configure new equipment.
We will talk more about the new functionality in the upcoming webinars (the next one will be held on March 22, the recording will be available upon completion).
Some useful links:
1) HPE Networking Online Configurator (it is better to use IE, prices in the GPL);
2) Networking support search tool (search for information on products, on the same portal you can find manuals for setting up equipment);
3) HPE Networking warranty(warranty);
4) 3D models of equipment .
Hewlett Packard Enterprise Networking provides customers with a complete line of campus networking products using the ArubaOS operating system:
- The core or distribution of a campus network, with high performance, fault tolerance, a wide range of supported network protocols and the ability to install service modules. Presented by models of the 5400R and 3810M series;
- Campus network distribution or access, with high performance, a wide range of supported network protocols, support for 1-, 10- and 40-gigabit Ethernet ports, stacking. Represented by models of the 3810M, 2930F, 2920 and 2540 series.
ArubaOS switches are easy to deploy and operate, with a lifetime warranty. It is possible to integrate with modern management and security tools Aruba ClearPass Policy Manager, Aruba AirWave and the cloud service Aruba Central, optimized for software-defined networks (SDN) with support for OpenFlow technology.
The key features of the new operating system include:
- Work in tunneling mode;
- Device profiling;
- SmartRate support;
- ZTP (Zero Touch Provisioning) and support for new control systems (Aruba Activate, Central and AirWave);
- Differentiation of user access by roles using Aruba CPPM (ClearPass Policy Manager);
- Access OSPF for access switches;
- New GUI.
1. Work in tunneling mode
In traditional campus networks, access switches direct user traffic to distribution switches or the core (in the case of a two-tier architecture). In tunneling mode, switches running the ArubaOS operating system can forward incoming traffic from ports to Aruba Mobility controllers through L2-GRE tunnels, depending on the hardware platform, the throughput can reach 40 Gb / s, and load balancing across several controllers is possible.
Tunneling Benefits:
- Authentication by the controller of wired devices through a Web portal or MAC address;
- Profiling wired devices;
- Functionality NGFW, DPI, traffic filtering, restrictions based on application classes.
Setup Example
As an example, consider a network consisting of a 2920 switch with ArubaOS 16.03 installed and two 7240 controllers with AOS 6.5.0.4 (the diagram is shown in the figure).
Settings on the switch side:
1) We register the IP addresses of the primary and backup controllers
HP-2920-24G-PoEP(config)# tunneled-node-server controller-ip 10.76.130.66
HP-2920-24G-PoEP(config)# tunneled-node-server backup-controller-ip 10.76.130.68
HP-2920-24G-PoEP(config)# tunneled-node-server backup-controller-ip 10.76.130.68
2) Set the keepalive timer
HP-2920-24G-PoEP(config)# tunneled-node-server keepalive 8
3) Turn on tunneling on the physical interface
HP-2920-24G-PoEP(config)# interface 2
HP-2920-24G-PoEP(config)# tunneled-node-server
HP-2920-24G-PoEP(config)# tunneled-node-server
Setting on the controller side:
1) Turn on the server
«Configuration->Advanced Services->Wired Access->Enable Wired Access Concentration Server» 
2) Configure AAA Profile (default in this example)
«Configuration->Advanced Services->Wired Access->Wired Access AAA Profile»
3) Configure the role (in this example, the standard logon)
«Configuration->Security->Access Control->User Roles->Edit Role (logon)»
Monitoring and Troubleshoot
1) Debug
HP-2920-24G-PoEP(eth-2)# debug event
HP-2920-24G-PoEP(eth-2)# debug destination session
I 01/01/90 01:33:25 05183 tunneledNode: Using server 10.76.130.66
I 01/01/90 01:33:25 04344 SI-TUNNEL: Service Tunnel: TunneledNodeTnl02
(318767435) created.
I 01/01/90 01:33:25 04341 SI-TUNNEL: Service Tunnel: TunneledNodeTnl02
(318767435) is on-line.
I 01/01/90 01:33:25 05184 tunneledNode: Port 2: tunnel established to server
10.76.130.66
HP-2920-24G-PoEP(eth-2)# debug destination session
I 01/01/90 01:33:25 05183 tunneledNode: Using server 10.76.130.66
I 01/01/90 01:33:25 04344 SI-TUNNEL: Service Tunnel: TunneledNodeTnl02
(318767435) created.
I 01/01/90 01:33:25 04341 SI-TUNNEL: Service Tunnel: TunneledNodeTnl02
(318767435) is on-line.
I 01/01/90 01:33:25 05184 tunneledNode: Port 2: tunnel established to server
10.76.130.66
2) Server information
HP-2920-24G-PoEP# show tunneled-node-server
Tunneled Node Server Information
State: Enabled
Primary Controller: 10.76.130.66
Backup Controller: 10.76.130.68
Keepalive Interval (seconds): 8
Tunneled Node Server Information
State: Enabled
Primary Controller: 10.76.130.66
Backup Controller: 10.76.130.68
Keepalive Interval (seconds): 8
3) Statistics for tunnels (for each physical port of the switch)
HP-2920-24G-PoEP# show tunneled-node-server state
Tunneled Node Port State
Active Controller IP Address: 10.76.130.66
Port State
— — 2 Complete
HP-2920-24G-PoEP# show tunneled-node-server statistics
Tunneled Node Statistics
Port: 2
Control Plane Statistics
Bootstrap packets sent: 16372
Bootstrap packets received: 3
Bootstrap packets invalid: 0
Tunnel Statistics
Rx Packets: 84
Tx Packets: 457
Rx 5 Minute Weighted Average Rate (Pkts/sec): 0
Tx 5 Minute Weighted Average Rate (Pkts/sec): 0
Aggregate Statistics
Heartbeat packets sent: 34340
Heartbeat packets received: 34332
Heartbeat packets invalid: 0
Fragmented Packets Dropped (Rx): 0
Packets to Non-Existent Tunnel: 0
MTU Violation Drop: 0
Tunneled Node Port State
Active Controller IP Address: 10.76.130.66
Port State
— — 2 Complete
HP-2920-24G-PoEP# show tunneled-node-server statistics
Tunneled Node Statistics
Port: 2
Control Plane Statistics
Bootstrap packets sent: 16372
Bootstrap packets received: 3
Bootstrap packets invalid: 0
Tunnel Statistics
Rx Packets: 84
Tx Packets: 457
Rx 5 Minute Weighted Average Rate (Pkts/sec): 0
Tx 5 Minute Weighted Average Rate (Pkts/sec): 0
Aggregate Statistics
Heartbeat packets sent: 34340
Heartbeat packets received: 34332
Heartbeat packets invalid: 0
Fragmented Packets Dropped (Rx): 0
Packets to Non-Existent Tunnel: 0
MTU Violation Drop: 0
4) Tunnels on the controller
«Monitoring->Controller->Tunneled Node Ports» 
Application methods
- Guest access for wired clients - it becomes possible to terminate traffic in the DMZ, there is the possibility of authorization through a web portal, by MAC address;
- Connection of cash desks, payment terminals - we terminate client traffic on the controller, no need to stretch the VLAN;
- Secure connection of “stupid” wired devices without 802.1x support - sensors, base stations, consoles. Especially relevant for IoT.
2. Device Profiling
Profiling allows you to automatically change settings on the switch port when connecting a specific type of device. For example, a new access point connects to the switch, the correct VLAN, maximum PoE budget, CoS, etc. are automatically assigned to the port.
LLDP is used to determine the type of devices:
After the switch determines that the connected device is an access point, the port settings are changed in accordance with the desired profile:
1) Default profiles
HP-2920-24G-PoEP# show device-profile config
Device Profile Configuration
Configuration for device-profile: default-ap-profile
untagged-vlan: 1
tagged-vlan: None
ingress-bandwidth: 100%
egress-bandwidth: 100%
cos: 0
speed-duplex: auto
poe-max-power: Class/LLDP
poe-priority: critical
allow-jumbo-frames: Disabled
Configuration for device-profile: default-aos-profile
untagged-vlan: 1
tagged-vlan: None
ingress-bandwidth: 100%
egress-bandwidth: 100%
cos: None
speed-duplex: auto
poe-max-power: Class/LLDP
poe-priority: critical
allow-jumbo-frames: Disabled
Configuration for device-profile: default-scs-profile
untagged-vlan: 1
tagged-vlan: None
ingress-bandwidth: 100%
egress-bandwidth: 100%
cos: None
speed-duplex: auto
poe-max-power: Class/LLDP
poe-priority: critical
allow-jumbo-frames: Disabled
Device Profile Association
Device Type: aruba-ap
Profile Name: default-ap-profile
Device Status: Disabled
Device Type: aruba-switch
Profile Name: default-aos-profile
Device Status: Disabled
Device Type: scs-wan-cpe
Profile Name: default-scs-profile
Device Status: Disabled
Device Profile Configuration
Configuration for device-profile: default-ap-profile
untagged-vlan: 1
tagged-vlan: None
ingress-bandwidth: 100%
egress-bandwidth: 100%
cos: 0
speed-duplex: auto
poe-max-power: Class/LLDP
poe-priority: critical
allow-jumbo-frames: Disabled
Configuration for device-profile: default-aos-profile
untagged-vlan: 1
tagged-vlan: None
ingress-bandwidth: 100%
egress-bandwidth: 100%
cos: None
speed-duplex: auto
poe-max-power: Class/LLDP
poe-priority: critical
allow-jumbo-frames: Disabled
Configuration for device-profile: default-scs-profile
untagged-vlan: 1
tagged-vlan: None
ingress-bandwidth: 100%
egress-bandwidth: 100%
cos: None
speed-duplex: auto
poe-max-power: Class/LLDP
poe-priority: critical
allow-jumbo-frames: Disabled
Device Profile Association
Device Type: aruba-ap
Profile Name: default-ap-profile
Device Status: Disabled
Device Type: aruba-switch
Profile Name: default-aos-profile
Device Status: Disabled
Device Type: scs-wan-cpe
Profile Name: default-scs-profile
Device Status: Disabled
2) Set up a new profile
HP-2920-24G-PoEP(config)# device-profile name new
HP-2920-24G-PoEP(device-profile)# untagged-vlan 2
HP-2920-24G-PoEP(device-profile)# tagged-vlan 5
HP-2920-24G-PoEP(device-profile)# poe-priority critical
HP-2920-24G-PoEP(device-profile)# exit
HP-2920-24G-PoEP(config)# device-profile type aruba-ap associate new
HP-2920-24G-PoEP(config)# show device-profile config
…
Configuration for device-profile: new
untagged-vlan: 2
tagged-vlan: 5
ingress-bandwidth: 100%
egress-bandwidth: 100%
cos: None
speed-duplex: auto
poe-max-power: Class/LLDP
poe-priority: critical
allow-jumbo-frames: Disabled
....
HP-2920-24G-PoEP(device-profile)# untagged-vlan 2
HP-2920-24G-PoEP(device-profile)# tagged-vlan 5
HP-2920-24G-PoEP(device-profile)# poe-priority critical
HP-2920-24G-PoEP(device-profile)# exit
HP-2920-24G-PoEP(config)# device-profile type aruba-ap associate new
HP-2920-24G-PoEP(config)# show device-profile config
…
Configuration for device-profile: new
untagged-vlan: 2
tagged-vlan: 5
ingress-bandwidth: 100%
egress-bandwidth: 100%
cos: None
speed-duplex: auto
poe-max-power: Class/LLDP
poe-priority: critical
allow-jumbo-frames: Disabled
....
3. Support SmartRate
Ports with support for HPE Smart Rate technology can operate at speeds of 1, 2, 5 or 10 GbE, provide PoE + technology and are ideal for connecting high-speed 802.11ac devices.
This technology is supported on the following equipment:
- Aruba 3810M 40G 8 HPE Smart Rate PoE + 1-slot Switch - JL076A;
- Aruba 5400R 20-port GbE PoE + / 4-port Smart Rate PoE + MACsec v3 zl2 Module - J9991A;
- Aruba 5400R 8-port Smart Rate PoE + MACsec v3 zl2 Module - J9995A.
One of the main advantages of this technology is the ability to use the existing SCS, network updates are possible without replacing cables:
findings
The new version of the operating system allows for tighter integration of LAN and WLAN, while ease of operation is ensured by a single control system. It is possible to automatically configure new equipment.
We will talk more about the new functionality in the upcoming webinars (the next one will be held on March 22, the recording will be available upon completion).
Some useful links:
1) HPE Networking Online Configurator (it is better to use IE, prices in the GPL);
2) Networking support search tool (search for information on products, on the same portal you can find manuals for setting up equipment);
3) HPE Networking warranty(warranty);
4) 3D models of equipment .