DATA SHEET
ARUBA CX 6200 SWITCH
SERIES
PRODUCT OVERVIEW
The Aruba CX 6200 Switch Series is a next-gen family of
stackable access switches ideal for enterprise branch oces,
campuses, and SMB networks. Created for game-changing
operational eciency with built-in analytics and automation,
the CX 6200 switches provide an enterprise-class access
layer solution that’s simple and secure.
Built from the ground up with a combination of cutting-
edge hardware, software and analytics and automation
tools, the stackable CX 6200 switches are part of the
Aruba CX switching portfolio. By combining a modern,
fully programmable OS with the Aruba Network Analy tics
Engine, the CX 6200 brings industry leading monitoring and
troubleshooting capabilities to the access layer.
A powerful Aruba Gen7 ASIC architecture delivers reliable
performance and enterprise-class feature support with
exible programmability for tomorrow’s applications. The CX
6200 is designed for simple deployment using the intuitive
Aruba CX Mobile App that speeds install, conguration and
stacking of up to 8 switches. The CX 6200 has built-in high
speed uplinks and up to 740W of PoE to support IoT devices
such as security cameras and the latest wireless APs.
Aruba Dynamic Segmentation extends Aruba’s foundational
wireless role-based policy capability to Aruba wired switches.
What this means is that the same security, user experience
and simplied IT management can be enjoyed throughout
the network. Regardless of how users and IoT devices
connect, consistent policies are enforced across wired and
wireless networks, keeping trac secure and separate.
PRODUCT DIFFERENTIATORS
AOS-CX - a modern software system
The Aruba CX 6200 Switch Series is based on AOS-CX, a
modern, database-driven operating system that automates
and simplies many critical and complex network tasks.
A built-in time series database enables customers and
developers to utilize software scripts for historical
troubleshooting, as well as analysis of past trends.
KEY FEATURES
• Enterprise-class connectivity with support for ACLs,
robust QoS and common protocols such as static
and Access OSPF routing
• Scalability with 8 member switch VSF stacking
• Convenient built-in 1/10GbE uplinks and up to 740W
of Class 4 PoE
• Intelligent monitoring, visibility, and troubleshooting
with Aruba Network Analytics Engine
• Simple, one touch deployment with the Aruba CX
Mobile App
• Automated conguration and verication with Aruba
NetEdit
• Secure and simple access for users and IoT with
Aruba Dynamic Segmentation
This helps predict and avoid future problems due to scale,
security, and performance bottlenecks. Easy access to
all network state information allows unique visibility and
analytics.
DATA SHEET
ARUBA CX 6200 SWITCH SERIES
Our AOS-CX software also includes Aruba Network Analytics
Engine (NAE) and support for Aruba NetEdit. Because AOS-
CX is built on a modular Linux architecture with a stateful
database, our operating system provides the following
unique capabilities:
• Easy access to all network state information allows unique
visibility and analytics
• REST APIs and Python scripting for ne-grained
programmability of network tasks
• A micro-services architecture that enables full integration
with other workow systems and services
• Continuous telemetry data with WebSocket subscriptions
for event driven automation
• Continual state synchronization that provides superior
fault tolerance and high availability
• All software processes communicate with the database
rather than each other, ensuring near real-time state and
resiliency and allowing individual software modules to be
independently upgraded for higher availability
Aruba Central - unied single pane of glass management
Flexible cloud-based or on-premises management for unied
network operations of wired, WLAN, SD-WAN, and public
cloud infrastructure. Designed to simplify day zero through
day two operations with streamlined workows. Switch
management capabilities include conguration, onboarding,
monitoring, troubleshooting, and reporting.
Aruba Network Analytics Engine - advanced monitoring
and diagnostics
For enhanced visibility and troubleshooting, Aruba’s Network
Analytics Engine (NAE) automatically monitors and analyzes
events that can impact network health. Advanced telemetry
and automation provide the ability to easily identif y and
troubleshoot network, system, application and security
related issues easily, through the use of Python agents and
REST APIs.
The Time Series Database (TSDB) stores conguration and
operational state historical data making it available to quickly
resolve network issues. The data may also be used to analyze
trends, identif y anomalies and predict future capacity
requirements.
Aruba NetEdit – automated switch conguration and
management
The entire Aruba CX por tfolio empowers IT teams to
orchestrate multiple switch conguration changes for
smooth end-to-end service rollouts. Aruba NetEdit
introduces automation that allows for rapid network-wide
changes, and ensures policy conformance post network
updates. Intelligent capabilities include search, edit,
validation (including conformance checking), deployment and
audit features. Capabilities include:
• Centralized conguration with validation for consistency
and compliance
• Time savings via simultaneous viewing and editing of
multiple congurations
• Customized validation tests for corporate compliance and
network design
• Automated large-scale conguration deployment without
programming
• Network health and topology visibility with Aruba NAE
integration
Note: A separate software license is required to use Aruba
NetEdit.
Aruba CX Mobile App – unparalleled deployment
convenience
An easy-to-use mobile app simplies connecting, stacking
and managing Aruba CX 6200 switches for any size project.
Switch information can also be imported into Aruba NetEdit
for simplied conguration management and to continuously
validate the conformance of congurations anywhere in the
network.
Aruba ASICs - programmable innovation
Based on over 30 years of continuous investment, Aruba’s
ASICs create the basis for innovative and agile software
feature advancements, unparalleled performance and deep
visibility. These programmable ASICs are purpose-built
to allow for a tighter integration of switch hardware and
software within campus and data center architectures to
optimize performance and capacity. Virtual Output Queuing
(VOQ) isolates congestion, prevents Head of Line Blocking
(HOLB) and allows full line rate on outgoing (egress) ports.
Flexible ASIC resources enable Aruba’s NAE solution to
inspect all data, which allows for rapid feature development
and delivery. The Aruba CX 6200 is based on the Aruba Gen7
ASIC architecture.
Aruba Dynamic Segmentation – simple, secure, and
scalable segmentation
The Aruba Dynamic Segmentation solution enables seamless
mobility, consistent policy enforcement, and automated
congurations for wired and wireless clients across networks.
2
DATA SHEET
ARUBA CX 6200 SWITCH SERIES
This innovation begins with colorless ports and role-
based micro-segmentation technologies. Colorless ports
allows wired clients to connect to any switch port, with the
conguration automated using Radius-Based Access Control.
This eliminates the need for manual on-boarding of clients,
including IoT devices, onto the network.
Role-based micro-segmentation delivers benets of reduced
subnet and VLAN sprawl, simplied policy denition, and
scales policy enforcement by introducing the concept of
client User Roles. These roles are independent of network
constructs such as VLANs, and allows clients to be grouped
into a User Role based on their identity. This allows the
colorless ports technology to automatically on-board clients
onto User Based Tunnels or onto static VXLAN tunnels based
on the associated User Role policy. By steering trac to
Aruba’s application aware Policy Enforcement Firewall, User
Based Tunneling provides the ability to micro segment and
perform deep packet inspections for enhanced security.
Mobility and IoT performance
The Aruba CX 6200 Switch Series uses a fully distributed
architecture that utilizes the Gen7 Aruba ASICs. This ensures
that our switches oer ver y low latency, increased packet
buering, and adaptive power consumption. All switching
and routing are wire-speed to meet the demands of
bandwidth-intensive applications today and in the future.
Each switch includes the following:
• Up to 176 Gbps in non-blocking bandwidth and up to
130.9 Mpps for forwarding
• Selectable queue congurations that allow for increased
performance by dening a number of queues and
associated memory buering to best meet the
requirements of network applications
VSF Stacking - scale and simplicity
The Aruba Virtual Switching Framework (VSF) allows you to
quickly grow your network using high performance front
plane stacking. Four built-in SFP+ ports support speeds of
1GbE and 10GbE. Additional features include:
• Support for up to 8 switches (or members) in a stack via
chain or ring topology
• Flexibility to create stacks that span longer distances such
as hundreds of meters across campuses to kilometres
between sites using long-range 1GbE and 10GbE
transceivers
• Simplied conguration and management as the switches
act as a single chassis when stacked
• The Aruba CX Mobile app provides support for a validated
stack deployment that ensure that all stack links and
uplinks are connected properly
Enterprise-class connectivity for all environments
Whether in the branch oce or a small to large enterprise
environment, you can choose from ve xed 1U models.
Each switch includes four high-speed built-in uplinks that
auto-negotiate from 1GbE to 10GbE to deliver non-blocking
performance. Additional highlights:
• 1U models support 24 and 48 access ports of IEEE 802.3
(100M/1GbE) with four built-in 1GbE/10GbE uplink SFP+
ports
• PoE models support up to 740W IEEE 802.3at Class 4
Power over Ethernet for up to 30W per port as well as any
IEEE 802.3af-compliant end device
• Support for pre-standard PoE detects and provides power
to pre-standard PoE devices
• High availability with always-on PoE that supplies PoE
power even during scheduled reboots and rmware
upgrades
• Quick PoE supplies PoE power to powered devices as
soon as the switch is plugged into AC power so device can
initialize at same time as switch OS boots up
• Auto-MDIX provides automatic adjustments for straight-
through or crossover cables on all 10/100/1000 ports
• Unsupported Transceiver Mode (UTM) allows to insert
and enable all unsupported 1G and 10G transceivers and
cables. Note that there is no warranty nor support for the
transceiver/cable when this feature is used.
• IPv6 capabilities include:
- IPv6 host enables switches to be managed in an IPv6
network
- Dual stack (IPv4 and IPv6) transitions from IPv4 to IPv6,
supporting connectivity for both protocols
- MLD snooping forwards IPv6 multicast trac to the
appropriate interface
- IPv6 ACL/QoS supports ACL and QoS for IPv6 network
trac
- IPV6 routing supports Static and OSPFv3 protocols
- Security provides RA guard, dynamic IPv6 lockdown, and
ND snooping
• Jumbo frames allow for high-performance backups and
disaster-recovery systems; provides a maximum frame
size of 9198 bytes
3
DATA SHEET
ARUBA CX 6200 SWITCH SERIES
• Packet storm protection against broadcast, multicast and
unknown unicast storms with user-dened thresholds
• Smart link enables simple, fast converging link redundancy
and load balancing with dual uplinks avoiding Spanning
Tree complexities
High availability and resiliency
To ensure a high degree of up-time we oer high availability
and multicast features needed for a highly-available Layer 2
access deployment including:
• Uni-directional Link Detection (UDLD) to monitor
link connectivity and shut down ports at both ends if
uni-directional trac is detected, preventing loops in
STP-based networks
• IEEE 802.3ad LACP supports up to 32 LAGs, each with
up to 8 links per LAG; and provides support for static or
dynamic groups and a user-selectable hashing algorithm
• IEEE 802.1s Multiple Spanning Tree provides high link
availability in VLAN environments where multiple spanning
trees are required; and legacy support for IEEE 802.1d
and IEEE 802.1w
• IEEE 802.3ad link-aggregation-control protocol (LACP) and
port trunking support static and dynamic trunks where
each trunk supports up to eight links (ports) per static
trunk
Quality of Service (QoS) features
To support congestion actions and trac prioritization, the
Aruba CX 6200 Series includes the following:
• Strict priority (SP) queuing and Decit Weighted Round
Robin (DWRR)
• Trac prioritization (IEEE 802.1p) for real-time
classication
• Class of Service (CoS) sets the IEEE 802.1p priority tag
based on IP address, IP Type of Service (ToS), Layer 3
protocol, TCP/UDP port number, source port, and DiServ
• Rate limiting sets per-port ingress enforced maximums
and per-port, per-queue minimums
• Transmission rates of egressing frames can be limited on
a per-queue basis using Egress Queue Shaping (EQS)
• Large buers for graceful congestion management
Simplied conguration and management
In addition to the Aruba CX Mobile App, Aruba NetEdit and
Aruba Network Analytics Engine, the 6200 series oers the
following:
• sFlow (RFC 3176) is ASIC-based wire speed network
monitoring and accounting with no impact on network
performance; network operators can gather a variety of
network statistics and information for capacity planning
and real-time network monitoring purposes
• Management interface control enables or disables each of
the following depending on security preferences, console
port, or reset button
• Industry-standard CLI with a hierarchical structure for
reduced training time and expense. Delivers increased
productivity in multivendor environments
• Management security restricts access to critical
conguration commands, provides multiple privilege
levels with password protection and local and remote
syslog capabilities allow logging of all access
• SNMP v2c/v3 provides SNMP read and trap support of
industry standard Management Information Base (MIB),
and private extensions
• Remote monitoring (RMON) with standard SNMP to
monitor essential network functions. Supports events,
alarms, history, and statistics groups as well as a private
alarm extension group; RMON, and sFlow provide
advanced monitoring and reporting capabilities for
statistics, history, alarms and events
• TFTP and SFTP support oers dierent mechanisms
for conguration updates; trivial FTP (TFTP) allows
bidirectional transfers over a TCP/ IP network; Secure
File Transfer Protocol (SFTP) runs over an SSH tunnel to
provide additional security
• Debug and sampler utility supports ping and traceroute
for IPv4 and IPv6
• Network Time Protocol (NTP) synchronizes timekeeping
among distributed time servers and clients; keeps
timekeeping consistent among all clock-dependent
devices within the network
• IEEE 802.1AB Link Layer Discovery Protocol (LLDP)
advertises and receives management information from
adjacent devices on a network, facilitating easy mapping
by network management applications
• Dual ash images provides independent primary and
secondary operating system les for backup while
upgrading
• Multiple conguration les can be stored to a ash image
• Ingress and egress port monitoring enable more ecient
network problem solving
• Built-in programmable and easy-to-use REST API interface
• Simple day zero provisioning
4
DATA SHEET
ARUBA CX 6200 SWITCH SERIES
• Unidirectional link detection (UDLD) monitors the link
between two switches and blocks the ports on both ends
of the link if the link goes down at any point between the
two devices
• IP SLA responders for Voice helps in monitoring quality of
voice trac using the UDP Jitter for VoIP tests
Layer 2 Switching
The following layer 2 services are supported:
• VLAN support and tagging support IEEE 802.1Q (4094
VLAN IDs) and 2K VLANS simultaneously
• Jumbo packet support improves the performance of large
data transfers; supports frame size of up to 9220 bytes
• IEEE 802.1v protocol VLANs isolate select non-IPv4
protocols automatically into their own VLANs
• Rapid Per-VLAN Spanning Tree (RPVST+) allows each
VLAN to build a separate spanning tree to improve link
bandwidth usage; is compatible with PVST+
• MVRP allows automatic learning and dynamic assignment
of VLANs
• VXLAN encapsulation (tunnelling) protocol for overlay
network that enables a more scalable virtual network
deployment
• Bridge Protocol Data Unit (BPDU) tunnelling Transmits STP
BPDUs transparently, allowing correct tree calculations
across service providers, WANs, or MANs
• Port mirroring duplicates port trac (ingress and egress)
to a monitoring port; supports 4 mirroring groups
• STP supports standard IEEE 802.1D STP, IEEE 802.1w
Rapid Spanning Tree Protocol (RSTP) for faster
convergence, and IEEE 802.1s Multiple Spanning Tree
Protocol (MSTP)
• Internet Group Management Protocol (IGMP) Controls
and manages the ooding of multicast packets in a Layer
2 network
• Domain Name System (DNS) provides a distributed
database that translates domain names and IP addresses,
which simplies network design; supports client and
server
• Supports internal loopback testing for maintenance
purposes and increased availability; loopback
detection protects against incorrect cabling or network
congurations and can be enabled on a per-port or per-
VLAN basis for added exibility
Layer 3 Routing
The following layer 3 routing services are supported:
• Routing Information Protocol version 2 (RIPv2) provides an
easy to congure routing protocol for small networks as
while RIPng provides support for small IPv6 networks
• Single-area Open shortest path rst (OSPF) delivers
faster convergence; uses link-state routing Interior
Gateway Protocol (IGP), which supports NSSA, and MD5
authentication for increased security and graceful restart
for faster failure recovery
• OSPF provides OSPFv2 for IPv4 routing and OSPFv3 for
IPv6 routing
• Static IP routing provides manually congured routing
• Static IPv4 routing provides simple manually congured
IPv4 routing
• IP performance optimization provides a set of tools to
improve the performance of IPv4 networks; includes
directed broadcasts, customization of TCP parameters,
support of ICMP error packets, and extensive display
capabilities
• Static IPv6 routing provides simple manually congured
IPv6 routing
• Dual IP stack maintains separate stacks for IPv4 and IPv6
to ease the transition from an IPv4-only network to an
IPv6-only network design
Layer 3 Services
The following layer 3 services are suppor ted:
• Loopback interface address denes an address in Open
Shortest Path First (OSPF), improving diagnostic capability
• Address Resolution Protocol (ARP) determines the MAC
address of another IP host in the same subnet; supports
static ARPs; gratuitous ARP allows detection of duplicate
IP addresses; proxy ARP allows normal ARP operation
between subnets or when subnets are separated by a
Layer 2 network
Security
Each Aruba CX 6200 Switch comes with an integrated trusted
platform module (TPM) for platform integrity. This ensures
the boot process started from a trusted combination of
AOS-CX switches. Other security features include:
• TAA Compliance uses FIPS 140-2 validated cryptography
for protection of sensitive information
• Access control list (ACL) support for both IPv4 and IPv6;
allows for ltering trac to prevent unauthorized users
from accessing the network, or for controlling network
5
DATA SHEET
ARUBA CX 6200 SWITCH SERIES
trac to save resources; rules can either deny or permit
trac to be forwarded; rules can be based on a Layer 2
header or a Layer 3 protocol header
• ACLs also provide ltering based on the IP eld, source/
destination IP address/subnet, and source/ destination
TCP/UDP port number on a per-VLAN or per-port basis
• Remote Authentication Dial-In User Service (RADIUS)
• Terminal Access Controller Access-Control System
(TACACS+) delivers an authentication tool using TCP with
encryption of the full authentication request, providing
additional security
• Management access security for both on- and o-
box authentication for administrative access. RADIUS
or TACACS+ can be used to provide encrypted user
authentication. Additionally, TACACS+ can also provide
admin authorization services
• Control Plane Policing sets rate limit on control protocols
to protect CPU overload from DOS attacks
• Supports multiple user authentication methods. Uses an
IEEE 802.1X supplicant on the client in conjunction with a
RADIUS server to authenticate in accordance with industry
standards
• Web based authentication using Captive Portal on
ClearPass is supported for use cases such as Guest
Access and for devices that don’t support 802.1x or
MACAuth.
• Supports MAC-based client authentication
• Concurrent IEEE 802.1X, Web, and MAC authentication
schemes per switch port accepts up to 32 sessions of IEEE
802.1X, Web, and MAC authentications
• Secure management access delivers secure encryption of
all access methods (CLI, GUI, or MIB) through SSHv2, SSL,
and/or SNMPv3
• Switch CPU protection provides automatic protection
against malicious network trac trying to shut down
theswitch
• ICMP throttling defeats ICMP denial-of-service attacks
byenabling any switch port to automatically throttle
ICMPtrac
• Identity-driven ACL enables implementation of a highly
granular and exible access security policy and VLAN
assignment specic to each authenticated network user
• STP BPDU port protection blocks Bridge Protocol Data
Units (BPDUs) on ports that do not require BPDUs,
preventing forged BPDU attacks
• Dynamic IP lockdown works to block trac from
unauthorized hosts, preventing IP source address
spoong
• Dynamic ARP protection blocks ARP broadcasts from
unauthorized hosts, preventing eavesdropping or theft of
network data
• STP root guard protects the root bridge from malicious
attacks or conguration mistakes
• Port security allows access only to specied MAC
addresses, which can be learned or specied by the
administrator
• MAC address lockout prevents particular congured MAC
addresses from connecting to the network
• Source-port ltering allows only specied ports to
communicate with each other
• Secure shell encrypts all transmitted data for secure
remote CLI access over IP networks
• Secure Sockets Layer (SSL) encrypts all HTTP trac,
allowing secure access to the browser-based
management GUI in the switch
• Secure FTP allows secure le transfer to and from the
switch; protects against unwanted le downloads or
unauthorized copying of a switch conguration le
• Critical Authentication Role ensures that important
infrastructure devices such as IP phones are allowed
network access even in the absence of a RADIUS server
• MAC Pinning allows non-chatty legacy devices to stay
authenticated by pinning client MAC addresses to the port
until the clients logo or get disconnected
• Security banner displays a customized security policy
when users log in to the switch
• RadSec enables RADIUS authentication and accounting
data to be passed safely and reliably across insecure
networks
Multicast
• IGMP Snooping allows multiple VLANs to receive the
same IPv4 multicast trac, lessening network bandwidth
demand by reducing multiple streams to each VLAN
• Multicast Listener Discovery (MLD) enables discovery of
IPv6 multicast listeners; support MLD v1 and v2
• Internet Group Management Protocol (IGMP) utilizes
Any-Source Multicast (ASM) to manage IPv4 multicast
networks; supports IGMPv1, v2, and v3
6
Loading...