HEWLETT PACKARD ENTERPRISE HP 6200F-48G Datasheet

DATA SHEET
ARUBA CX 6200 SWITCH SERIES
PRODUCT OVERVIEW
The Aruba CX 6200 Switch Series is a next-gen family of
stackable access switches ideal for enterprise branch oces,
campuses, and SMB networks. Created for game-changing
operational eciency with built-in analytics and automation,
the CX 6200 switches provide an enterprise-class access
layer solution that’s simple and secure.
edge hardware, software and analytics and automation
tools, the stackable CX 6200 switches are part of the
Aruba CX switching portfolio. By combining a modern,
fully programmable OS with the Aruba Network Analy tics
Engine, the CX 6200 brings industry leading monitoring and
troubleshooting capabilities to the access layer.
A powerful Aruba Gen7 ASIC architecture delivers reliable
performance and enterprise-class feature support with
exible programmability for tomorrow’s applications. The CX
6200 is designed for simple deployment using the intuitive
Aruba CX Mobile App that speeds install, conguration and
stacking of up to 8 switches. The CX 6200 has built-in high
speed uplinks and up to 740W of PoE to support IoT devices
such as security cameras and the latest wireless APs.
Aruba Dynamic Segmentation extends Aruba’s foundational
wireless role-based policy capability to Aruba wired switches.
What this means is that the same security, user experience
and simplied IT management can be enjoyed throughout
the network. Regardless of how users and IoT devices
connect, consistent policies are enforced across wired and
wireless networks, keeping trac secure and separate.
PRODUCT DIFFERENTIATORS
AOS-CX - a modern software system
The Aruba CX 6200 Switch Series is based on AOS-CX, a
modern, database-driven operating system that automates
and simplies many critical and complex network tasks.
A built-in time series database enables customers and
developers to utilize software scripts for historical
troubleshooting, as well as analysis of past trends.
KEY FEATURES
• Enterprise-class connectivity with support for ACLs,
robust QoS and common protocols such as static
and Access OSPF routing
• Scalability with 8 member switch VSF stacking
• Convenient built-in 1/10GbE uplinks and up to 740W
of Class 4 PoE
• Intelligent monitoring, visibility, and troubleshooting
with Aruba Network Analytics Engine
• Simple, one touch deployment with the Aruba CX
Mobile App
• Automated conguration and verication with Aruba
NetEdit
• Secure and simple access for users and IoT with
Aruba Dynamic Segmentation
This helps predict and avoid future problems due to scale,
security, and performance bottlenecks. Easy access to
all network state information allows unique visibility and
analytics.
DATA SHEET
ARUBA CX 6200 SWITCH SERIES
Our AOS-CX software also includes Aruba Network Analytics
Engine (NAE) and support for Aruba NetEdit. Because AOS-
CX is built on a modular Linux architecture with a stateful
database, our operating system provides the following
unique capabilities:
• Easy access to all network state information allows unique
visibility and analytics
• REST APIs and Python scripting for ne-grained
programmability of network tasks
• A micro-services architecture that enables full integration
with other workow systems and services
• Continuous telemetry data with WebSocket subscriptions
for event driven automation
• Continual state synchronization that provides superior
fault tolerance and high availability
• All software processes communicate with the database
rather than each other, ensuring near real-time state and
resiliency and allowing individual software modules to be
independently upgraded for higher availability
Aruba Central - unied single pane of glass management
Flexible cloud-based or on-premises management for unied
network operations of wired, WLAN, SD-WAN, and public
cloud infrastructure. Designed to simplify day zero through
day two operations with streamlined workows. Switch
management capabilities include conguration, onboarding,
monitoring, troubleshooting, and reporting.
Aruba Network Analytics Engine - advanced monitoring and diagnostics
For enhanced visibility and troubleshooting, Aruba’s Network
Analytics Engine (NAE) automatically monitors and analyzes
events that can impact network health. Advanced telemetry
and automation provide the ability to easily identif y and
troubleshoot network, system, application and security
related issues easily, through the use of Python agents and
REST APIs.
The Time Series Database (TSDB) stores conguration and
operational state historical data making it available to quickly
resolve network issues. The data may also be used to analyze
trends, identif y anomalies and predict future capacity
requirements.
Aruba NetEdit – automated switch conguration and management
The entire Aruba CX por tfolio empowers IT teams to
orchestrate multiple switch conguration changes for
smooth end-to-end service rollouts. Aruba NetEdit
introduces automation that allows for rapid network-wide
changes, and ensures policy conformance post network
updates. Intelligent capabilities include search, edit,
validation (including conformance checking), deployment and
audit features. Capabilities include:
• Centralized conguration with validation for consistency
and compliance
• Time savings via simultaneous viewing and editing of
multiple congurations
• Customized validation tests for corporate compliance and
network design
• Automated large-scale conguration deployment without
programming
• Network health and topology visibility with Aruba NAE
integration
Note: A separate software license is required to use Aruba
NetEdit.
Aruba CX Mobile App – unparalleled deployment convenience
An easy-to-use mobile app simplies connecting, stacking
and managing Aruba CX 6200 switches for any size project.
Switch information can also be imported into Aruba NetEdit
for simplied conguration management and to continuously
validate the conformance of congurations anywhere in the
network.
Aruba ASICs - programmable innovation
Based on over 30 years of continuous investment, Aruba’s
ASICs create the basis for innovative and agile software
feature advancements, unparalleled performance and deep
visibility. These programmable ASICs are purpose-built
to allow for a tighter integration of switch hardware and
software within campus and data center architectures to
optimize performance and capacity. Virtual Output Queuing
(VOQ) isolates congestion, prevents Head of Line Blocking
(HOLB) and allows full line rate on outgoing (egress) ports.
Flexible ASIC resources enable Aruba’s NAE solution to
inspect all data, which allows for rapid feature development
and delivery. The Aruba CX 6200 is based on the Aruba Gen7
ASIC architecture.
Aruba Dynamic Segmentation – simple, secure, and scalable segmentation
The Aruba Dynamic Segmentation solution enables seamless
mobility, consistent policy enforcement, and automated
congurations for wired and wireless clients across networks.
2
DATA SHEET
ARUBA CX 6200 SWITCH SERIES
This innovation begins with colorless ports and role-
based micro-segmentation technologies. Colorless ports
allows wired clients to connect to any switch port, with the
conguration automated using Radius-Based Access Control.
This eliminates the need for manual on-boarding of clients,
including IoT devices, onto the network.
Role-based micro-segmentation delivers benets of reduced
subnet and VLAN sprawl, simplied policy denition, and
scales policy enforcement by introducing the concept of
client User Roles. These roles are independent of network
constructs such as VLANs, and allows clients to be grouped
into a User Role based on their identity. This allows the
colorless ports technology to automatically on-board clients
onto User Based Tunnels or onto static VXLAN tunnels based
on the associated User Role policy. By steering trac to
Aruba’s application aware Policy Enforcement Firewall, User
Based Tunneling provides the ability to micro segment and
perform deep packet inspections for enhanced security.
Mobility and IoT performance
The Aruba CX 6200 Switch Series uses a fully distributed
architecture that utilizes the Gen7 Aruba ASICs. This ensures
that our switches oer ver y low latency, increased packet
buering, and adaptive power consumption. All switching
and routing are wire-speed to meet the demands of
bandwidth-intensive applications today and in the future.
Each switch includes the following:
• Up to 176 Gbps in non-blocking bandwidth and up to
130.9 Mpps for forwarding
• Selectable queue congurations that allow for increased
performance by dening a number of queues and
associated memory buering to best meet the
requirements of network applications
VSF Stacking - scale and simplicity
The Aruba Virtual Switching Framework (VSF) allows you to
quickly grow your network using high performance front
plane stacking. Four built-in SFP+ ports support speeds of
1GbE and 10GbE. Additional features include:
• Support for up to 8 switches (or members) in a stack via
chain or ring topology
• Flexibility to create stacks that span longer distances such
as hundreds of meters across campuses to kilometres
between sites using long-range 1GbE and 10GbE
transceivers
• Simplied conguration and management as the switches
act as a single chassis when stacked
• The Aruba CX Mobile app provides support for a validated
stack deployment that ensure that all stack links and
uplinks are connected properly
Enterprise-class connectivity for all environments
Whether in the branch oce or a small to large enterprise
environment, you can choose from ve xed 1U models.
Each switch includes four high-speed built-in uplinks that
auto-negotiate from 1GbE to 10GbE to deliver non-blocking
performance. Additional highlights:
• 1U models support 24 and 48 access ports of IEEE 802.3
(100M/1GbE) with four built-in 1GbE/10GbE uplink SFP+
ports
• PoE models support up to 740W IEEE 802.3at Class 4
Power over Ethernet for up to 30W per port as well as any
IEEE 802.3af-compliant end device
• Support for pre-standard PoE detects and provides power
to pre-standard PoE devices
• High availability with always-on PoE that supplies PoE
power even during scheduled reboots and rmware
upgrades
• Quick PoE supplies PoE power to powered devices as
soon as the switch is plugged into AC power so device can
initialize at same time as switch OS boots up
• Auto-MDIX provides automatic adjustments for straight-
through or crossover cables on all 10/100/1000 ports
• Unsupported Transceiver Mode (UTM) allows to insert
and enable all unsupported 1G and 10G transceivers and
cables. Note that there is no warranty nor support for the
transceiver/cable when this feature is used.
• IPv6 capabilities include:
 - IPv6 host enables switches to be managed in an IPv6
network
- Dual stack (IPv4 and IPv6) transitions from IPv4 to IPv6,
supporting connectivity for both protocols
- MLD snooping forwards IPv6 multicast trac to the
appropriate interface
 - IPv6 ACL/QoS supports ACL and QoS for IPv6 network
trac
- IPV6 routing supports Static and OSPFv3 protocols
- Security provides RA guard, dynamic IPv6 lockdown, and
ND snooping
• Jumbo frames allow for high-performance backups and
disaster-recovery systems; provides a maximum frame
size of 9198 bytes
3
DATA SHEET
ARUBA CX 6200 SWITCH SERIES
• Packet storm protection against broadcast, multicast and
unknown unicast storms with user-dened thresholds
• Smart link enables simple, fast converging link redundancy
and load balancing with dual uplinks avoiding Spanning
Tree complexities
High availability and resiliency
To ensure a high degree of up-time we oer high availability
and multicast features needed for a highly-available Layer 2
access deployment including:
• Uni-directional Link Detection (UDLD) to monitor
link connectivity and shut down ports at both ends if
uni-directional trac is detected, preventing loops in
STP-based networks
• IEEE 802.3ad LACP supports up to 32 LAGs, each with
up to 8 links per LAG; and provides support for static or
dynamic groups and a user-selectable hashing algorithm
• IEEE 802.1s Multiple Spanning Tree provides high link
availability in VLAN environments where multiple spanning
trees are required; and legacy support for IEEE 802.1d
and IEEE 802.1w
• IEEE 802.3ad link-aggregation-control protocol (LACP) and
port trunking support static and dynamic trunks where
each trunk supports up to eight links (ports) per static
trunk
Quality of Service (QoS) features
To support congestion actions and trac prioritization, the
Aruba CX 6200 Series includes the following:
• Strict priority (SP) queuing and Decit Weighted Round
Robin (DWRR)
• Trac prioritization (IEEE 802.1p) for real-time
classication
• Class of Service (CoS) sets the IEEE 802.1p priority tag
based on IP address, IP Type of Service (ToS), Layer 3
protocol, TCP/UDP port number, source port, and DiServ
• Rate limiting sets per-port ingress enforced maximums
and per-port, per-queue minimums
• Transmission rates of egressing frames can be limited on
a per-queue basis using Egress Queue Shaping (EQS)
• Large buers for graceful congestion management
Simplied conguration and management
In addition to the Aruba CX Mobile App, Aruba NetEdit and
Aruba Network Analytics Engine, the 6200 series oers the
following:
• sFlow (RFC 3176) is ASIC-based wire speed network
monitoring and accounting with no impact on network
performance; network operators can gather a variety of
network statistics and information for capacity planning
and real-time network monitoring purposes
• Management interface control enables or disables each of
the following depending on security preferences, console
port, or reset button
• Industry-standard CLI with a hierarchical structure for
reduced training time and expense. Delivers increased
productivity in multivendor environments
• Management security restricts access to critical
conguration commands, provides multiple privilege
levels with password protection and local and remote
syslog capabilities allow logging of all access
• SNMP v2c/v3 provides SNMP read and trap support of
industry standard Management Information Base (MIB),
and private extensions
• Remote monitoring (RMON) with standard SNMP to
monitor essential network functions. Supports events,
alarms, history, and statistics groups as well as a private
alarm extension group; RMON, and sFlow provide
advanced monitoring and reporting capabilities for
statistics, history, alarms and events
• TFTP and SFTP support oers dierent mechanisms
for conguration updates; trivial FTP (TFTP) allows
bidirectional transfers over a TCP/ IP network; Secure
File Transfer Protocol (SFTP) runs over an SSH tunnel to
provide additional security
• Debug and sampler utility supports ping and traceroute
for IPv4 and IPv6
• Network Time Protocol (NTP) synchronizes timekeeping
among distributed time servers and clients; keeps
timekeeping consistent among all clock-dependent
devices within the network
• IEEE 802.1AB Link Layer Discovery Protocol (LLDP)
advertises and receives management information from
adjacent devices on a network, facilitating easy mapping
by network management applications
• Dual ash images provides independent primary and
secondary operating system les for backup while
upgrading
• Multiple conguration les can be stored to a ash image
• Ingress and egress port monitoring enable more ecient
network problem solving
• Built-in programmable and easy-to-use REST API interface
• Simple day zero provisioning
4
DATA SHEET
ARUBA CX 6200 SWITCH SERIES
• Unidirectional link detection (UDLD) monitors the link
between two switches and blocks the ports on both ends
of the link if the link goes down at any point between the
two devices
• IP SLA responders for Voice helps in monitoring quality of
voice trac using the UDP Jitter for VoIP tests
Layer 2 Switching
The following layer 2 services are supported:
• VLAN support and tagging support IEEE 802.1Q (4094
VLAN IDs) and 2K VLANS simultaneously
• Jumbo packet support improves the performance of large
data transfers; supports frame size of up to 9220 bytes
• IEEE 802.1v protocol VLANs isolate select non-IPv4
protocols automatically into their own VLANs
• Rapid Per-VLAN Spanning Tree (RPVST+) allows each
VLAN to build a separate spanning tree to improve link
bandwidth usage; is compatible with PVST+
• MVRP allows automatic learning and dynamic assignment
of VLANs
• VXLAN encapsulation (tunnelling) protocol for overlay
network that enables a more scalable virtual network
deployment
• Bridge Protocol Data Unit (BPDU) tunnelling Transmits STP
BPDUs transparently, allowing correct tree calculations
across service providers, WANs, or MANs
• Port mirroring duplicates port trac (ingress and egress)
to a monitoring port; supports 4 mirroring groups
• STP supports standard IEEE 802.1D STP, IEEE 802.1w
Rapid Spanning Tree Protocol (RSTP) for faster
convergence, and IEEE 802.1s Multiple Spanning Tree
Protocol (MSTP)
• Internet Group Management Protocol (IGMP) Controls
and manages the ooding of multicast packets in a Layer
2 network
• Domain Name System (DNS) provides a distributed
database that translates domain names and IP addresses,
which simplies network design; supports client and
server
• Supports internal loopback testing for maintenance
purposes and increased availability; loopback
detection protects against incorrect cabling or network
congurations and can be enabled on a per-port or per-
VLAN basis for added exibility
Layer 3 Routing
The following layer 3 routing services are supported:
• Routing Information Protocol version 2 (RIPv2) provides an
easy to congure routing protocol for small networks as
while RIPng provides support for small IPv6 networks
• Single-area Open shortest path rst (OSPF) delivers
faster convergence; uses link-state routing Interior
Gateway Protocol (IGP), which supports NSSA, and MD5
authentication for increased security and graceful restart
for faster failure recovery
• OSPF provides OSPFv2 for IPv4 routing and OSPFv3 for
IPv6 routing
• Static IP routing provides manually congured routing
• Static IPv4 routing provides simple manually congured
IPv4 routing
• IP performance optimization provides a set of tools to
improve the performance of IPv4 networks; includes
directed broadcasts, customization of TCP parameters,
support of ICMP error packets, and extensive display
capabilities
• Static IPv6 routing provides simple manually congured
IPv6 routing
• Dual IP stack maintains separate stacks for IPv4 and IPv6
to ease the transition from an IPv4-only network to an
IPv6-only network design
Layer 3 Services
The following layer 3 services are suppor ted:
• Loopback interface address denes an address in Open
Shortest Path First (OSPF), improving diagnostic capability
• Address Resolution Protocol (ARP) determines the MAC
address of another IP host in the same subnet; supports
static ARPs; gratuitous ARP allows detection of duplicate
IP addresses; proxy ARP allows normal ARP operation
between subnets or when subnets are separated by a
Layer 2 network
Security
Each Aruba CX 6200 Switch comes with an integrated trusted
platform module (TPM) for platform integrity. This ensures
the boot process started from a trusted combination of
AOS-CX switches. Other security features include:
• TAA Compliance uses FIPS 140-2 validated cryptography
for protection of sensitive information
• Access control list (ACL) support for both IPv4 and IPv6;
allows for ltering trac to prevent unauthorized users
from accessing the network, or for controlling network
5
DATA SHEET
ARUBA CX 6200 SWITCH SERIES
trac to save resources; rules can either deny or permit
trac to be forwarded; rules can be based on a Layer 2
header or a Layer 3 protocol header
• ACLs also provide ltering based on the IP eld, source/
destination IP address/subnet, and source/ destination
TCP/UDP port number on a per-VLAN or per-port basis
• Remote Authentication Dial-In User Service (RADIUS)
• Terminal Access Controller Access-Control System
(TACACS+) delivers an authentication tool using TCP with
encryption of the full authentication request, providing
additional security
• Management access security for both on- and o-
box authentication for administrative access. RADIUS
or TACACS+ can be used to provide encrypted user
authentication. Additionally, TACACS+ can also provide
admin authorization services
• Control Plane Policing sets rate limit on control protocols
to protect CPU overload from DOS attacks
• Supports multiple user authentication methods. Uses an
IEEE 802.1X supplicant on the client in conjunction with a
RADIUS server to authenticate in accordance with industry
standards
• Web based authentication using Captive Portal on
ClearPass is supported for use cases such as Guest
Access and for devices that don’t support 802.1x or
MACAuth.
• Supports MAC-based client authentication
• Concurrent IEEE 802.1X, Web, and MAC authentication
schemes per switch port accepts up to 32 sessions of IEEE
802.1X, Web, and MAC authentications
• Secure management access delivers secure encryption of
all access methods (CLI, GUI, or MIB) through SSHv2, SSL,
and/or SNMPv3
• Switch CPU protection provides automatic protection
against malicious network trac trying to shut down
theswitch
• ICMP throttling defeats ICMP denial-of-service attacks
byenabling any switch port to automatically throttle
ICMPtrac
• Identity-driven ACL enables implementation of a highly
granular and exible access security policy and VLAN
assignment specic to each authenticated network user
• STP BPDU port protection blocks Bridge Protocol Data
Units (BPDUs) on ports that do not require BPDUs,
preventing forged BPDU attacks
• Dynamic IP lockdown works to block trac from
unauthorized hosts, preventing IP source address
spoong
• Dynamic ARP protection blocks ARP broadcasts from
unauthorized hosts, preventing eavesdropping or theft of
network data
• STP root guard protects the root bridge from malicious
attacks or conguration mistakes
• Port security allows access only to specied MAC
addresses, which can be learned or specied by the
administrator
• MAC address lockout prevents particular congured MAC
addresses from connecting to the network
• Source-port ltering allows only specied ports to
communicate with each other
• Secure shell encrypts all transmitted data for secure
remote CLI access over IP networks
• Secure Sockets Layer (SSL) encrypts all HTTP trac,
allowing secure access to the browser-based
management GUI in the switch
• Secure FTP allows secure le transfer to and from the
switch; protects against unwanted le downloads or
unauthorized copying of a switch conguration le
• Critical Authentication Role ensures that important
infrastructure devices such as IP phones are allowed
network access even in the absence of a RADIUS server
• MAC Pinning allows non-chatty legacy devices to stay
authenticated by pinning client MAC addresses to the port
until the clients logo or get disconnected
• Security banner displays a customized security policy
when users log in to the switch
• RadSec enables RADIUS authentication and accounting
data to be passed safely and reliably across insecure
networks
Multicast
• IGMP Snooping allows multiple VLANs to receive the
same IPv4 multicast trac, lessening network bandwidth
demand by reducing multiple streams to each VLAN
• Multicast Listener Discovery (MLD) enables discovery of
IPv6 multicast listeners; support MLD v1 and v2
• Internet Group Management Protocol (IGMP) utilizes
Any-Source Multicast (ASM) to manage IPv4 multicast
networks; supports IGMPv1, v2, and v3
6
Loading...
+ 11 hidden pages