Seria przełączników Aruba CX 6300 to nowoczesna, elastyczna i inteligentna rodzina przełączników AOS-CX, które można ustawiać jeden na drugim, idealnych do dostępu, agregacji i wdrożeń TOR w centrach danych. Dzięki projektowi zorientowanemu na chmurę, który łączy w pełni programowalny system operacyjny z Aruba Network Analytics Engine, Aruba CX 6300 rozszerza wiodące w branży możliwości monitorowania i rozwiązywania problemów na warstwę dostępową. Wsparcie Aruba NetEdit i Aruba CX Mobile App weryfikuje, czy konfiguracje są bezbłędne i łatwe do wdrożenia.
Potężna architektura Aruba Gen7 ASIC zapewnia szybką, nieblokującą wydajność, co oznacza, że Twoja sieć jest gotowa na nieprzewidywalne wymagania jutra. Aruba Virtual Stacking Framework (VSF) umożliwia układanie w stos do 10 przełączników, zapewniając skalowalność i uproszczone zarządzanie.
Informacje o produkcie |
Klasa przełącznika |
Zarządzalny |
Zastosowanie |
Średnie i duże firmy (powyżej 16 portów) |
Warstwa przełączania |
L3 |
Architektura sieci |
GigabitEthernet |
Liczba portów 10/100/1000 Mbps |
48 |
Liczba portów SFP56 |
4 |
Port konsoli |
Tak |
Przepustowość |
496 Gb/s |
Prędkość przekazywania |
369 Mpps |
Bufor pakietów |
8 MB |
Rozmiar tablicy adresów MAC |
32768 |
Obsługa ramek Jumbo |
Tak |
Rozmiar ramki Jumbo |
9.198 KB |
Możliwość łączenia w stos |
Tak |
Maksymalna ilość urządzeń w stosie |
10 |
Obsługiwane protokoły i standardy |
- ANSI/TIA-1057 LLDP Media Endpoint Discovery (LLDP-MED)
- CPU DoS Protection
- Bootstrap Router (BSR) Mechanism for PIM, PIM WG
- Draft-ietf-savi-mix
- IEEE 802.1AB-2005
- IEEE 802.1ak-2007
- IEEE 802.1AX-2008 Link Aggregation
- IEEE 802.1D MAC Bridges
- IEEE 802.1p Priority
- IEEE 802.1Q VLANs
- IEEE 802.1s Multiple Spanning Trees
- IEEE 802.1t-2001
- IEEE 802.1v VLAN classification by Protocol and Port
- IEEE 802.1w Rapid Reconfiguration of Spanning Tree
- IEEE 802.3ab 1000BASE-T
- IEEE 802.3ad Link Aggregation Control Protocol (LACP)
- IEEE 802.3ae 10-Gigabit Ethernet
- IEEE 802.3af Power over Ethernet
- IEEE 802.3at Power over Ethernet
- IEEE 802.3bt Power over Ethernet
- IEEE 802.3az Energy Efficient Ethernet (EEE)
- IEEE 802.3x Flow Control
- IEEE 802.3z 1000BASE-X
- RFC 783 TFTP Protocol (revision 2)
- RFC 791 IP
- RFC 792 ICMP
- RFC 793 TCP
- RFC 813 Window and Acknowledgement Strategy in TCP
- RFC 815 IP datagram reassembly algorithms
- RFC 826 ARP
- RFC 879 TCP maximum segment size and related topics
- RFC 896 Congestion control in IP/TCP internetworks
- RFC 917 Internet subnets
- RFC 919 Broadcasting Internet Datagrams
- RFC 922 Broadcasting Internet Datagrams in the Presence of Subnets (IP_BROAD)
- RFC 925 Multi-LAN address resolution
- RFC 951 BOOTP
- RFC 1027 Proxy ARP
- RFC 1122 Requirements for Internet Hosts - Communications Layers
- RFC 1215 Convention for defining traps for use with the SNMP
- RFC 1256 ICMP Router Discovery Messages
- RFC 1350 TFTP Protocol (revision 2)
- RFC 1393 Traceroute Using an IP Option
- RFC 1403 BGP OSPF Interaction
- RFC 1519 CIDR
- RFC 1542 BOOTP Extensions
- RFC 1583 OSPF Version 2
- RFC 1591 Domain Name System Structure and Delegation
- RFC 1657 Definitions of Managed Objects for BGP-4 using SMIv2
- RFC 1772 Application of the Border Gateway Protocol in the Internet
- RFC 1757 Remote Network Monitoring Management Information Base
- RFC 1812 Requirements for IP Version 4 Router
- RFC 1918 Address Allocation for Private Internet
- RFC 1997 BGP Communities Attribute
- RFC 1998 An Application of the BGP Community Attribute in Multi-home Routing
- RFC 2131 DHCP
- RFC 2132 DHCP Options and BOOTP Vendor Extensions
- RFC 2236 IGMP
- RFC 2328 OSPF Version 2
- RFC 2375 IPv6 Multicast Address Assignments
- RFC 2385 Protection of BGP Sessions via the TCP MD5 Signature Option
- RFC 2401 Security Architecture for the Internet Protocol
- RFC 2402 IP Authentication Header
- RFC 2439 BGP Route Flap Damping
- RFC 2460 Internet Protocol, Version 6 (IPv6) Specification
- RFC 2464 Transmission of IPv6 over Ethernet Networks
- RFC 2545 Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing
- RFC 2576 (Coexistence between SNMP V1, V2, V3)
- RFC 2579 (SMIv2 Text Conventions)
- RFC 2580 (SMIv2 Conformance)
- RFC 2710 Multicast Listener Discovery (MLD) for IPv6
- RFC 2711 IPv6 Router Alert Option
- RFC 2787 Definitions of Managed Objects for the Virtual Router Redundancy Protocol
- RFC 2918 Route Refresh Capability for BGP-4
- RFC 2925 Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations (Ping only)
- RFC 2934 Protocol Independent Multicast MIB for IPv4
- RFC 3019 MLDv1 MIB
- RFC 3046 DHCP Relay Agent Information Option
- RFC 3056 Connection of IPv6 Domains via IPv4 Clouds
- RFC 3065 Autonomous System Confederation for BGP
- RFC 3068 An Anycast prefix for 6to4 Relay Route
- RFC 3101 OSPF Not-so-stubby-area option
- RFC 3137 OSPF Stub Router Advertisement sFlow
- RFC 3376 IGMPv3
- RFC 3416 (SNMP Protocol Operations v2)
- RFC 3417 (SNMP Transport Mappings)
- RFC 3418 Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)
- RFC 3484 Default Address Selection for IPv6
- RFC 3509 Alternative Implementations of OSPF Area Border Routers
- RFC 3575 IANA Considerations for RADIUS
- RFC 3623 Graceful OSPF Restart
- RFC 3768 VRRP
- RFC 3810 Multicast Listener Discovery Version 2 (MLDv2) for IPv6
- RFC 3973 PIM Dense Mode
- RFC 4022 MIB for TCP
- RFC 4113 MIB for UDP
- RFC 4213 Basic Transition Mechanisms for IPv6 Hosts and Routers
- RFC 4251 The Secure Shell (SSH) Protoco
- RFC 4252 SSHv6 Authentication
- RFC 4253 SSHv6 Transport Layer
- RFC 4254 SSHv6 Connection
- RFC 4271 A Border Gateway Protocol 4 (BGP-4)
- RFC 4273 Definitions of Managed Objects for BGP-4
- RFC 4291 IP Version 6 Addressing Architecture
- RFC 4292 IP Forwarding Table MIB
- RFC 4293 Management Information Base for the Internet Protocol (IP)
- RFC 4360 BGP Extended Communities Attribute
- RFC 4419 Key Exchange for SSH
- RFC 4443 ICMPv6
- RFC 4456 BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP)
- RFC 4486 Subcodes for BGP Cease Notification Message
- RFC 4541 IGMP & MLD Snooping Switch
- RFC 4552 Authentication/Confidentiality for OSPFv3
- RFC 4601 PIM Sparse Mode
- RFC 4607 Source-Specific Multicast for IP
- RFC 4675 RADIUS VLAN & Priority
- RFC 4724 Graceful Restart Mechanism for BGP
- RFC 4750 OSPFv2 MIB partial support no SetMIB
- RFC 4760 Multiprotocol Extensions for BGP-4
- RFC 4861 IPv6 Neighbor Discovery
- RFC 4862 IPv6 Stateless Address Auto-configuration
- RFC 4940 IANA Considerations for OSPF
- RFC 5065 Autonomous System Confederation for BGP
- RFC 5095 Deprecation of Type 0 Routing Headers in IPv6
- RFC 5187 OSPFv3 Graceful Restart
- RFC 5340 OSPFv3 for IPv6
- RFC 5424 Syslog Protocol
- RFC 5492 Capabilities Advertisement with BGP-4
- RFC 5519 Multicast Group Membership Discovery MIB (MLDv2 only)
- RFC 5701 IPv6 Address Specific BGP Extended Community Attribute
- RFC 5722 Handling of Overlapping IPv6 Fragments
- RFC 5798 VRRP (exclude Accept Mode and sub-sec timer)
- RFC 5880 Bidirectional Forwarding Detection
- RFC 5905 Network Time Protocol Version 4: Protocol and Algorithms Specification
- RFC 6620 FCFS SAVI
- RFC 6987 OSPF Stub Router Advertisement
- RFC 7047 The Open vSwitch Database Management Protocol
- RFC 7313 Enhanced Route Refresh Capability for BGP-4
- RFC 8201 Path MTU Discovery for IP version 6
- SNMPv1/v2c/v3
- ITU-T Rec G.8032/Y.1344 Mar. 2010
- 2.5G/5GBASE-T (IEEE 802.3bz-2016), 2.5G/5G NBASE-T
- 10GBASE-T (IEEE 802.3an-2006)
- 25-Gigabit Ethernet (IEEE 802.3by-2016, 802.3cc-2017)
- 40-Gigabit Ethernet (IEEE 802.3ba-2010)
- 50-Gigabit Ethernet (IEEE 802.3cd-2018)
- 100-Gigabit Ethernet (IEEE 802.3ba-2010, 802.3bj-2014, 802.3bm-2014)
|
QoS |
- Strict priority (SP) queuing and Deficit Weighted Round Robin (DWRR)
- Traffic prioritization (IEEE 802.1p) for real-time classification into 8 priority levels that are mapped to 8 queues
- Layer 4 prioritization based on TCP/UDP port numbers
- Class of Service (CoS) sets the IEEE 802.1p priority tag based on IP address, IP Type of Service (ToS), Layer 3 protocol,
- TCP/UDP port number, source port, and DiffServ
- Rate limiting sets per-port ingress enforced maximums and per-port, per-queue minimums
- Transmission rates of egressing frames can be limited on a per-queue basis using Egress Queue Shaping (EQS)
- Large buffers for graceful congestion management
|
Bezpieczeństwo |
- ACLs also provide filtering based on the IP field, source/ destination IP address/subnet, and source/ destination TCP/UDP
- port number on a per-VLAN or per-port basis
- Enrollment over Secure Transport (EST) enables secure certificate enrollment, allowing for easier enterprise management of PKI
- Remote Authentication Dial-In User Service (RADIUS)
- Terminal Access Controller Access-Control System (TACACS+) delivers an authentication tool using TCP with encryption of the full authentication request, providing additional security
- Management access security for both on- and off- box authentication for administrative access. RADIUS or TACACS+ can be used to provide encrypted user authentication. Additionally, TACACS+ can also provide admin authorization services
- Control Plane Policing sets rate limit on control protocols to protect CPU overload from DOS attacks
- Supports multiple user authentication methods. Uses an IEEE 802.1X supplicant on the client in conjunction with a
- RADIUS server to authenticate in accordance with industry standards
- Supports MAC-based client authentication
- Concurrent IEEE 802.1X, Web, and MAC authentication schemes per switch port accepts up to 32 sessions of IEEE 802.1X, Web, and MAC authentications
- DHCP protection blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
- Secure management access delivers secure encryption of all access methods (CLI, GUI, or MIB) through SSHv2, SSL, and/or SNMPv3
- Switch CPU protection provides automatic protection against malicious network traffic trying to shut down the switch
- ICMP throttling defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP traffic
- Identity-driven ACL enables implementation of a highly granular and flexible access security policy and VLAN assignment specific to each authenticated network user
- STP BPDU port protection blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks
- Dynamic IP lockdown works with DHCP protection to block traffic from unauthorized hosts, preventing IP source address spoofing
- Dynamic ARP protection blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data
- STP root guard protects the root bridge from malicious attacks or configuration mistakes
- Port security allows access only to specified MAC addresses, which can be learned or specified by the administrator
- MAC address lockout prevents particular configured MAC addresses from connecting to the network
- Source-port filtering allows only specified ports to communicate with each other
- Secure shell encrypts all transmitted data for secure remote CLI access over IP networks
- Secure Sockets Layer (SSL) encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch
- Secure FTP allows secure file transfer to and from the switch; protects against unwanted file downloads or unauthorized copying of a switch configuration file
- Critical Authentication Role ensures that important infrastructure devices such as IP phones are allowed network access even in the absence of a RADIUS server
- MAC Pinning allows non-chatty legacy devices to stay authenticated by pinning client MAC addresses to the port until the clients logoff or get disconnected
- Security banner displays a customized security policy when users log in to the switch
- RadSec enables RADIUS authentication and accounting data to be passed safely and reliably across insecure networks
- Private VLAN (PVLAN) provides traffic isolation between users on the same VLAN; typically a switch port can only communicate with other ports in the same community and/or an uplink port, regardless of VLAN ID or destination MAC address. This extends network security by restricting peer-peer communication to prevent variety of malicious attacks.
- Auto VLAN Creation automates VLAN creation on access switches for authenticated clients.
- DHCP smart relay allows the DHCP relay agent to use secondary IP addresses when the DHCP server does not reply the
- DHCP-OFFER message
- IEEE 802.1AE MACsec provides switch-to-switch and switch-to-host security on a link between two ports using standard encryption and authentication, available on uplink and downlink ports
|
Zarządzanie, monitorowanie, konfiguracja |
- Built-in programmable and easy to use REST API interface
- Aruba AirWave on-premises and Aruba Central cloud- based management
- Zero-Touch Provisioning (ZTP) simplifies installation of switching infrastructure using DHCP-based or Aruba Activatebased process with Aruba AirWave and Aruba Central
- Scalable ASIC-based wire speed network monitoring and accounting with no impact on network performance; network operators can gather a variety of network statistics and information for capacity planning and real- time network monitoring purposes
- Management interface control enables or disables each of the following depending on security preferences, console port, or reset button
- Industry-standard CLI with a hierarchical structure for reduced training time and expense. Delivers increased productivity in multivendor environments
- Management security restricts access to critical configuration commands, provides multiple privilege levels with password protection and local and remote syslog capabilities allow logging of all access
|
Funkcje L3 |
- Bidirectional Forwarding Detection (BFD) enables link connectivity monitoring and reduces network convergence time for static route, OSPFv2 and VRRP
- User Datagram Protocol (UDP) helper function allows UDP broadcasts to be directed across router interfaces to specific IP unicast or subnet broadcast addresses and prevents server spoofing for UDP services such as DHCP
- Loopback interface address defines an address in Open Shortest Path First (OSPF), improving diagnostic capability
- Route maps provide more control during route redistribution; allow filtering and altering of route metrics
- Address Resolution Protocol (ARP) determines the MAC address of another IP host in the same subnet; supports static ARPs; gratuitous ARP allows detection of duplicate IP addresses; proxy ARP allows normal ARP operation between subnets or when subnets are separated by a Layer 2 network
- Dynamic Host Configuration Protocol (DHCP) simplifies the management of large IP networks and supports client; DHCP
- Relay enables DHCP operation across subnets
- DHCP server centralizes and reduces the cost of IPv4 address management
- Domain Name System (DNS) provides a distributed database that translates domain names and IP addresses, which simplifies network design; supports client and server
- mDNS (Multicast Domain Name System) Gateway enables discovery of mDNS groups across L3 boundaries
- Generic Routing Encapsulation (GRE) enables tunneling traffic from site-to-site over a Layer 3 path
- Supports internal loopback testing for maintenance purposes and increased availability; loopback detection protects against incorrect cabling or network configurations and can be enabled on a per-port or per-VLAN basis for added flexibility
- IP sub-interface is a virtual interface created by dividing physical interface into multiple logical interfaces tagged using different VLAN-IDs. A physical interface can be a regular physical, Split port or LAG L3 interface. A sub-interface is used for many uses-cases such as VRF-lite interconnection and inter-vlan routing (router on-a-stick)
|
Typ obudowy |
Rack (Switche/UPS) |
Wentylator |
Tak |
Zasilacz |
Wewnętrzny |
Pobór mocy |
75 W |
Wymiary |
442 x 385 x 44 mm
|
Waga |
12.14 kg |