Key features

Powerful Aruba Layer 3 switch series with backplane stacking, low latency and resiliency
HPE Smart Rate for high-speed multigigabit capacity and PoE+ power
Modular line rate 10GbE and 40GbE ports for wireless aggregation
Full PoE+ on all 48 ports for power-hungry high-speed wireless APs
Ready for innovative SDN applications with OpenFlow support

Product overview

The Aruba 3810 Switch Series is an industry-leading mobile campus access solution for enterprises, SMBs, and branch office networks. With HPE Smart Rate multi-gigabit ports for high-speed IEEE 802.11ac devices, the Aruba 3810 will prepare your network for tomorrow. Rightsize deployment and back haul capacity with modular 10GbE and 40GbE uplinks.

Full PoE+ provisioning available on 48-ports. Dual, redundant, hot-swappable power supplies and innovative backplane stacking technology delivers resiliency and scalability in a convenient 1U form factor. Advanced Layer 2 and 3 feature set with OSPF, IPv6, IPv4 BGP, robust QoS and policy-based routing are included with no software licensing.

With support for OpenFlow, the Aruba 3810 is ready to take advantage of SDN applications such as HPE Network Visualizer, Optimizer, and Protector Applications. Delivers consistent wired and wireless user experience by supporting ClearPass Policy Manager and AirWave Network Management.

Features and benefits

Software-defined networking

OpenFlow
is a key technology that enables SDN by allowing separation of the data (packet forwarding) and control (routing decision) paths
Unified Wired and Wireless

·         ClearPass Policy Manager support
unified wired and wireless policies using Aruba ClearPass Policy Manager
·         HTTP redirect function:
supports HPE Intelligent Management Center (IMC) bring your own device (BYOD) solution
·         Switch auto-configuration
automatically configures switch for rogue AP detection, add VLAN, and set PoE priority when Aruba AP is detected
Quality of Service (QoS)

Advanced classifier-based QoS
classifies traffic using multiple match criteria based on Layer 2, 3, and 4 information; applies QoS policies such as setting priority level and rate limit to selected traffic on a per-port or per-VLAN basis
Layer 4 prioritization
enables prioritization based on TCP/UDP port numbers
Class of Service (CoS)
sets the IEEE 802.1p priority tag based on IP address, IP Type of Service (ToS), Layer 3 protocol, TCP/UDP port number, source port, and DiffServ
Bandwidth shaping:
—          Port-based rate limiting: provides per-port ingress-/egress-enforced increased bandwidth

—          Classifier-based rate limiting: uses an access control list (ACL) to enforce increased bandwidth for ingress traffic on each port

—          Reduced bandwidth: provides per-port, per-queue egress-based reduced bandwidth

Remote intelligent mirroring
mirrors selected ingress/egress traffic based on an ACL, port, MAC address, or VLAN to a local or remote HPE 8200 zl, 6600, 6200 yl, 5400 zl, or 3500 switch anywhere on the network
Remote monitoring (RMON), Extended RMON (XRMON), and sFlow v5
provide advanced monitoring and reporting capabilities for statistics, history, alarms, and events
Traffic prioritization
allows real-time traffic classification into eight priority levels that are mapped to eight queues
Management

Friendly port names
allows assignment of descriptive names to ports
IEEE 802.1AB Link Layer Discovery Protocol (LLDP)
advertises and receives management information from adjacent devices on a network, facilitating easy mapping by network management applications
Command authorization
leverages RADIUS to link a custom list of CLI commands to an individual network administrator’s login; an audit trail documents activity
Multiple configuration files
stores easily to the flash image
Dual flash images
provides independent primary and secondary operating system files for backup while upgrading
Out-of-band Ethernet management port
enables management over a separate physical management network; and keeps management traffic segmented from network data traffic
Comware CLI
—          Comware-compatible CLI
bridges the experience of Hewlett Packard Enterprise Comware CLI users who are using the ProVision CLI

—          Display and fundamental Comware CLI commands
are natively embedded in the switch CLI; display output is formatted as on Comware-based switches; fundamental commands provide Comware-familiar initial switch setup

—          Configuration Comware CLI commands
when Comware commands are entered, CLI help is elicited to formulate the correct ProVision software CLI command

Zero-Touch ProVisioning (ZTP)
uses settings in DHCP to enable ZTP with Aruba AirWave Network Management
Unidirectional Link Detection (UDLD)
support HPE UDLD and DLDP protocols to monitor a cable between two switches and shut down the ports on both ends if a broken link is detected, preventing network problems such as loops
Connectivity

Jumbo frames
on Gigabit Ethernet and 10-Gigabit Ethernet ports, jumbo frames allow high-performance remote backup and disaster-recovery services
IEEE 802.3at PoE+
provides up to 30 W per port to IEEE 802.3at-complaint PoE/PoE+-powered devices such as video IP phones, IEEE 802.11n wireless access points, and advanced pan/zoom/tilt security cameras
Pre-standard PoE support
detects and provides power to pre-standard PoE devices (refer to the list of supported devices in the product FAQs, which can be accessed at http://www.hpe.com/networking)
Choice of uplinks:
—          SFP+ uplink models: provide fiber-optic (up to 70 km) or direct-attach-cable (DAC) connectivity

—          10GBASE-T uplink models: offer 10GbE speeds, using standard RJ-45 connectors and standard twisted-pair cabling up to 100 m

Auto-MDIX
provides automatic adjustments for straight-through or crossover cables on all RJ-45 ports
IPv6:
—          IPv6 host: enables switch management in an IPv6 network

—          Dual stack (IPv4 and IPv6): transitions IPv4 to IPv6, supporting connectivity for both protocols

—          MLD snooping: forwards IPv6 multicast traffic to the appropriate interface

—          IPv6 ACL/QoS: supports ACL and QoS for IPv6 traffic

—          IPv6 routing: supports static, RIPng, OSPFv3 routing protocols

—          6in4 tunneling: supports encapsulation of IPv6 traffic in IPv4 packets

—          Security: provides RA guard, DHCPv6 protection, dynamic IPv6 lockdown, and ND snooping

Performance

Selectable queue configurations
allows for increased performance by selecting the number of queues and associated memory buffering that best meet the requirements of the network applications
Energy-efficient design:
—          80 PLUS Silver Certified power supply: increases power efficiency and savings

—          Energy-efficient Ethernet (EEE) support: reduces power consumption in accordance with IEEE 802.3az

Meshed stacking technology:
—          High-performance stacking: provides up to 336 Gb/s of stacking throughput; each 4-port stacking module can support up to 42 Gb/s in each direction per stacking port

—          Ring, chain, and mesh topologies: support up to a 10-member ring or chain and 5-member fully meshed stacks; meshed topologies offer increased resiliency vs. a standard ring

—          Virtualized switching: provides simplified management as the switches appear as a single chassis when stacked

HPE ProVision ASIC architecture
is designed with the latest ProVision ASIC, providing very low latency, increased packet buffering, and adaptive power consumption
Resiliency and high availability

Virtual Router Redundancy Protocol (VRRP)
allows groups of two routers to dynamically back each other up to create highly available routed environments in IPv4 and IPv6 networks
Nonstop switching and routing
improves network availability to better support critical applications, such as unified communication and mobility; traffic will continue to be forwarded during failovers, when the backup member of the stack becomes the commander
IEEE 802.3ad Link Aggregation Protocol (LACP) and Hewlett Packard Enterprise port trunking
support up to 144 trunks, each with up to 8 links (ports) per trunk
IEEE 802.1s Multiple Spanning Tree
provides high link availability in multiple VLAN environments by allowing multiple spanning trees; provides legacy support for IEEE 802.1d and IEEE 802.1w
Dual hot-swappable power supplies
—          Increased resiliency: provides secondary power supply to enable complete switch power redundancy in case of power line or supply failure

—          Increased PoE+ power: provides the secondary power supply to increase the total available PoE+ power

Distributed trunking
enables loop-free and redundant network topology without using Spanning Tree Protocol; allows a server or switch to connect to two switches using one logical trunk for redundancy and load sharing
SmartLink
provides easy-to-configure link redundancy of active and standby links
Layer 2 switching

IEEE 802.1ad QinQ
increases the scalability of an Ethernet network by providing a hierarchical structure; connects multiple LANs on a high-speed campus or metro network
VLAN support and tagging
supports the IEEE 802.1Q standard and 4096 VLANs simultaneously
IEEE 802.1v protocol VLANs
isolate select non-IPv4 protocols automatically into their own VLANs
MAC-based VLAN
provides granular control and security; uses RADIUS to map a MAC address/user to specific VLANs
Rapid Per-VLAN Spanning Tree (RPVST+)
allows each VLAN to build a separate spanning tree to improve link bandwidth usage; is compatible with PVST+
Hewlett Packard Enterprise switch meshing
dynamically load balances across multiple active redundant links to increase available aggregate bandwidth; allows concurrent Layer 3 routing
GVRP and MVRP
allows automatic learning and dynamic assignment of VLANs
Layer 3 services

Loopback interface address
defines an address in Routing Information Protocol (RIP) and Open Standard Path First (OSPF), improving diagnostic capability
Route maps
provide more control during route redistribution; allow filtering and altering of route metrics
User datagram protocol (UDP) helper function
allows UDP broadcasts to be directed across router interfaces to specific IP unicast or subnet broadcast addresses; and helps prevent server spoofing for UDP services such as DHCP
DHCP server
centralizes and reduces the cost of IPv4 address management
Bidirectional Forwarding Detection (BFD)
enables link connectivity monitoring and reduces network convergence time for static routing, OSPFv2, and VRRP
Layer 3 routing

Static IP routing
provides manually configured routing for both IPv4 and IPv6 networks
OSPF
provides OSPFv2 for IPv4 routing and OSPFv3 for IPv6 routing
Policy-based routing
makes routing decisions based on policies set by the network administrator
Border Gateway Protocol (BGP)
provides IPv4 Border Gateway Protocol routing, which is scalable, robust, and flexible
Routing Information Protocol (RIP)
provides RIPv1, RIPv2, and RIPng routing
Security

Source-port filtering
allows only specified ports to communicate with each other
RADIUS/TACACS+
eases switch management security administration by using a password authentication server
Secure shell
encrypts all transmitted data for secure remote CLI access over IP networks
Secure Sockets Layer (SSL)
encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch
Port security
allows access only to specified MAC addresses, which can be learned or specified by the administrator
MAC address lockout
prevents particular configured MAC addresses from connecting to the network
Detection of malicious attacks
monitors 10 types of network traffic and sends a warning when an anomaly that potentially can be caused by malicious attacks is detected
Secure FTP
allows secure file transfer to and from the switch; protects against unwanted file downloads or unauthorized copying of a switch configuration file
Switch management logon security
helps secure switch CLI logon by optionally requiring either RADIUS or TACACS+ authentication
Secure management access
delivers secure encryption of all access methods (CLI, GUI, or MIB) through SSHv2, SSL, and/or SNMPv3
ICMP throttling
defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP traffic
Virus throttling
detects traffic patterns typical of worm-type viruses and either throttles or entirely prevents the virus from spreading across the routed VLANs or bridged interfaces without requiring external appliances
Identity-driven ACL
enables implementation of a highly granular and flexible access security policy and VLAN assignment specific to each authenticated network user
STP BPDU port protection
blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks
Dynamic IP lockdown
works with DHCP protection to block traffic from unauthorized hosts, preventing IP source address spoofing
DHCP protection
blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
Dynamic ARP protection
blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data
STP root guard
protects the root bridge from malicious attacks or configuration mistakes
Management Interface Wizard
helps secure management interfaces such as SNMP, Telnet, SSH, SSL, Web, and USB at the desired level
Security banner
displays a customized security policy when users log in to the switch
Switch CPU protection
provides automatic protection against malicious network traffic trying to shut down the switch
ACLs
provide filtering based on the IP field, source/destination IP address/subnet and source/destination TCP/UDP port number on a per-VLAN or per-port basis
Multiple authentication methods
—          IEEE 802.1X
authenticates multiple IEEE 802.1X users per port; prevents a user from «piggybacking» on another user’s authentication

—          Web-based authentication
authenticates from Web browser for clients that do not support 802.1X supplicant

—          MAC-based authentication
authenticates client with the RADIUS server based on client’s MAC address

—          Concurrent authentication modes
enables a switch port to accept up to 32 sessions of 802.1X, Web, and MAC authentication

Private VLAN
provides network security by restricting peer-to-peer communication to prevent a variety of malicious attacks; typically a switch port can only communicate with other ports in the same community and/or an uplink port, regardless of VLAN ID or destination MAC address
Convergence

IP multicast snooping (data-driven IGMP)
prevents flooding of IP multicast traffic
LLDP-MED (Media Endpoint Discovery)
defines a standard extension of LLDP that stores values for parameters such as QoS and VLAN to automatically configure network devices such as IP phones
PoE allocations
supports multiple methods (automatic, IEEE 802.3af class, LLDP-MED, or user-specified) to allocate PoE power for more efficient energy savings
IP multicast routing
includes PIM sparse and dense modes to route IP multicast traffic
Auto VLAN configuration for voice
—          RADIUS VLAN
uses a standard RADIUS attribute and LLDP-MED to automatically configure a VLAN for IP phones

—          CDPv2
uses CDPv2 to configure legacy IP phones

Local MAC Authentication
assigns attributes such as VLAN and QoS using locally configured profile that can be a list of MAC prefixes