Aruba 5400R Series Switches
Performance and power for the mobile-first campus
Overview:
The Aruba 5400R zl2 Switch Series is an industry-leading mobile campus access solution with HPE Smart Rate multi- gigabit ports for high-speed 802.11ac devices. It delivers enterprise-class resiliency with innovative flexibility and scalability for customers creating digital workplaces that are optimized for mobile users with an integrated wired and wireless approach. This series brings scalable aggregation with Virtual Switching Framework (VSF) stacking technology, hitless failover, and Fast Software Upgrade for 5400R VSF stacks. The advanced Layer 2 and 3 feature set includes OSPF, IPv6, IPv4 BGP, Tunneled Node, robust QoS and policy- based routing with no software licensing required.
Based on a powerful ProVision ASIC, the Aruba 5400R zl2 Switch Series has a high-speed, high-capacity architecture with 2 Tbps crossbar switching fabric with low 2.1µ latency, unprecedented programmability, and supports innovative SDN applications. This series offers flexible connectivity options with 6- or 12-slot compact chassis, line rate 40GbE, up to 96 line rate 10GbE ports and up to 288 ports of PoE+.
The 5400R is SDN optimized with OpenFlow support and is easy to deploy and manage with advanced security and network management tools like Aruba ClearPass Policy Manager and Aruba AirWave.
Key Features
- Powerful Aruba Layer 3 modular switch series with VSF stacking, low latency and resiliency.
- HPE Smart Rate for high-speed multi-gigabit bandwidth and PoE+ power.
- Scalable line rate 40GbE for wireless traffic aggregation.
- Optimized for innovative SDN applications with OpenFlow support.
- Security and network management tools with ClearPass Policy Manager and AirWave support.
Features and Benefits:
Software-defined networking
- OpenFlow supports OpenFlow 1.0 and 1.3 specifications to enable SDN by allowing separation of the data (packet forwarding) and control (routing decision) paths
- Fully flexible OpenFlow creates custom OpenFlow pipelines (processing stages) on-demand to support new SDN applications (requires v3 modules)
Unified Wired and Wireless
- ClearPass Policy Manager supports unified wired and wireless policies using Aruba ClearPass Policy Manager
- HTTP redirect function supports HPE Intelligent Management Center (IMC) bring your own device (BYOD) solution
- Switch auto-configuration automatically configures switch for different settings such as VLAN, CoS, PoE max power, and PoE priority when Aruba AP is detected
- Local User Role a set of switch-based policies in areas such as security, authentication, and QoS. A User Role can be assigned to a group of users or devices, using switch configuration or ClearPass
- Per-port Tunneled Node provide secured tunnel to transport network traffic on a per-port basis to Aruba Controller. Authentication and network policies will be applied and enforced at the Controller
- NEW Static IP Visibility allows ClearPass to do accounting for clients with static IP address
Quality of Service (QoS)
- Advanced classifier-based QoS classifies traffic using multiple match criteria based on Layer 2, 3, and 4 information; applies QoS policies such as setting priority level and rate limit to selected traffic on a per-port or per-VLAN basis
- Traffic prioritization allows real-time traffic classification into eight priority levels mapped to eight queues
- Bandwidth shaping
- Port-based rate limiting provides per-port ingress-/ egress-enforced increased bandwidth
- Classifier-based rate limiting uses an access control list (ACL) to enforce increased bandwidth for ingress traffic on each port
- Reduced bandwidth provides per-port, per-queue egress-based reduced bandwidth
- Class of Service (CoS) sets the IEEE 802.1p priority tag based on IP address, IP Type of Service (ToS), Layer 3 protocol, TCP/UDP port number, source port, and DiffServ
Management
- Zero-Touch ProVisioning (ZTP) simplifies installation of the switch infrastructure using Aruba Activate-based or DHCP- based process with AirWave Network Management
- NEW IP SLA for Voice monitors quality of voice traffic using the UDP Jitter and UDP Jitter for VoIP tests (requires v3 modules)
- Remote intelligent mirroring mirrors selected ingress/egress traffic based on ACL, port, MAC address, or VLAN to a local or remote HPE 8200 zl, 6600, 6200 yl, 5400 zl, 5400R, 3500, or 3800 Switch located anywhere on the network
- RMON, XRMON, and sFlow® v5 provide advanced monitoring and reporting capabilities for statistics, history, alarms, and events
- IEEE 802.1AB Link Layer Discovery Protocol (LLDP) advertises and receives management information from adjacent devices on a network, facilitating easy mapping by network management applications
- Uni-Directional Link Detection (UDLD) support Hewlett Packard Enterprise (HPE) UDLD and DLDP protocols to monitor a cable between two switches and shut down the ports on both ends if the cable is broken
- Management simplicity provides common software features and CLI implementation across all HPE ProVision-based switches (including the zl and yl switches)
- Command authorization leverages RADIUS to link a custom list of CLI commands to an individual network administrator’s login; an audit trail documents activity
- Friendly port names allows assignment of descriptive names to ports
- Dual flash images provides independent primary and secondary operating system files for backup while upgrading
- Multiple configuration files stores easily to the flash image
- Comware CLI
- Comware-compatible CLI bridges the experience of HPE Comware CLI users who are using the HPE ProVision software CLI
- Display and fundamental Comware CLI commands are embedded in the switch CLI as native commands; display output is formatted as on Comware-based switches, and fundamental commands provide a Comware-familiar initial switch setup
- Configuration Comware CLI commands when Comware commands are entered, CLI help is elicited to formulate the correct ProVision software CLI command
Connectivity
- IEEE 802.3az Energy Efficient Ethernet lowers power consumption in periods of low link usage (supported on v2 zl 10/100/1000 and 10/100 modules)
- IEEE 802.3af Power over Ethernet (PoE) provides up to 15.4 W per port to IEEE 802.3af-compliant PoE-powered devices such as IP phones, wireless access points, and security cameras
- IEEE 802.3at Power over Ethernet Plus provides up to 30 W per port, for up to 288 ports simultaneously, for PoE- and PoE+-powered devices, such as video IP phones, IEEE 802.11n wireless access points, and advanced pan/zoom/ tilt security cameras
- Prestandard PoE support detects and provides power to prestandard PoE devices
- High-density port connectivity provides up to 12 interface module slots and up to 288 wire-speed 10/100/1000 PoE- enabled ports or 96 10GbE ports per system
- Jumbo frames on Gigabit Ethernet and 10-Gigabit Ethernet ports, jumbo frames allow high-performance remote backup and disaster-recovery services
- Auto-MDIX provides automatic adjustments for straight-through or crossover cables on all 10/100 and 10/100/1000 ports
- IPv6
- IPv6 host enables switches to be managed in an IPv6 network
- Dual stack (IPv4 and IPv6) transitions IPv4 to IPv6, supporting connectivity for both protocols
- MLD snooping forwards IPv6 multicast traffic to the appropriate interface
- IPv6 ACL/QoS supports ACL and QoS for IPv6 traffic
- IPv6 routing supports static, RIPng, OSPFv3 routing protocols
- 6in4 tunneling supports encapsulation of IPv6 traffic in IPv4 packets
- Security provides RA guard, DHCPv6 protection, dynamic IPv6 lockdown, and ND snooping
Performance
- High-speed, high-capacity architecture 2 Tbps crossbar switching fabric provides intra-module and inter-module switching with 785.7 million pps throughput on the purpose-built ProVision ASICs
- Selectable queue configurations allows for increased performance by selecting the number of queues and associated memory buffering that best meet the requirements of the network applications
Resiliency and high availability
- Virtual Switching Framework (VSF) creates one virtual resilient switch from two switches; servers or switches can be attached using standard LACP for automatic load balancing and high availability; simplify network operation by reduce the need for complex protocols like Spanning Tree Protocol (STP), Equal- Cost Multipath (ECMP), and VRRP (requires v3 modules)
- NEW Fast Software Upgrade reduces downtime of the VSF stack during an upgrade by sequentially upgrading the members in the stack shrinking the downtime to a few seconds (requires v3 modules)
- Virtual Router Redundancy Protocol (VRRP) allows groups of two routers to dynamically back each other up to create highly available routed environments for IPv4 and IPv6 networks
- Nonstop switching improves network availability to better support critical applications such as unified communication and mobility; interface and fabric modules continue switching traffic during failover from active to standby management module
- Nonstop routing enhances Layer 3 high availability; OSPFv2/v3 and VRRP will continue to operate and route network traffic during failover from an active to a standby management module
- Redundant management and power provide enhanced system availability and continuity of operations
- IEEE 802.1s Multiple Spanning Tree Protocol provides high link availability in multiple VLAN environments by allowing multiple spanning trees; encompasses IEEE 802.1D Spanning Tree Protocol and IEEE 802.1w Rapid Spanning Tree Protocol
- IEEE 802.3ad Link Aggregation Control Protocol (LACP) and HPE port trunking support up to 144 trunks, each with up to eight links (ports) per trunk
- Distributed trunking enables loop-free and redundant network topology without using Spanning Tree Protocol; allows a server or switch to connect to two switches using one logical trunk for redundancy and load sharing
- Optional redundant power supply provides uninterrupted power and allows hot-swapping of the redundant power supplies when installed
- Hot-swappable modules allows dissimilar modules, and power supplies in a redundant power supply configuration to be added or swapped without interrupting the network
- Sparing simplicity HPE zl-common accessories (interface modules and power supplies)
- Uplink Failure Detection provides active-standby network path redundancy for servers that are configured for active-standby NIC teaming
- SmartLink provides easy-to-configure link redundancy of active and standby links
Layer 2 switching
- VLAN support and tagging supports the IEEE 802.1Q standard and 4,094 VLANs simultaneously
- IEEE 802.1v protocol VLANs isolate select non-IPv4 protocols automatically into their own VLANs
- VxLAN encapsulation (tunneling) protocol for overlay network that enables a more scalable virtual network deployment (requires v3 modules)
- GVRP and MVRP allows automatic learning and dynamic assignment of VLANs
- IEEE 802.1ad Q-in-Q increases the scalability of an Ethernet network by providing a hierarchical structure; connects multiple LANs on a high-speed campus or metro network
- MAC-based VLAN provides granular control and security; uses RADIUS to map a MAC address/user to specific VLANs (requires v2 or higher modules)
- Rapid Per-VLAN Spanning Tree (RPVST+) allows each VLAN to build a separate spanning tree to improve link bandwidth usage; is compatible with PVST+
- HPE switch meshing dynamically load balances across multiple active redundant links to increase available aggregate bandwidth; allows concurrent Layer 3 routing with v2 or higher modules
Layer 3 services
- Bidirectional Forwarding Detection (BFD) enables link connectivity monitoring and reduces network convergence time for OSPFv2 and VRRP (requires v3 modules)
- User Datagram Protocol (UDP) helper function allows UDP broadcasts to be directed across router interfaces to specific IP unicast or subnet broadcast addresses and prevents server spoofing for UDP services such as DHCP
- Loopback interface address defines an address in Routing Information Protocol (RIP) and Open Standard Path First (OSPF), improving diagnostic capability
- Route maps provide more control during route redistribution; allow filtering and altering of route metrics
- DHCPserver centralizes and reduces the cost of IPv4 address management
Layer 3 routing
- Static IP routing provides manually configured routing for both IPv4 and IPv6 networks
- Routing Information Protocol (RIP) provides RIPv1, RIPv2, and RIPng routing
- OSPF provides OSPFv2 for IPv4 routing and OSPFv3 for IPv6 routing
- Policy-based routing uses a classifier to select traffic that can be forwarded based on policy set by the network administrator (requires v2 or higher modules)
- Border Gateway Protocol (BGP) provides IPv4 Border Gateway Protocol routing, which is scalable, robust, and flexible
Security
- Access control lists (ACLs) provide filtering based on the IP field, source/destination IP address/subnet, and source/ destination TCP/UDP port number on a per-VLAN or per- port basis
- Multiple user authentication methods
- IEEE 802.1X users per port provides authentication of multiple IEEE 802.1X users per port
- Web-based authentication authenticates from a Web browser for clients that do not support IEEE 802.1X supplicant
- MAC-based authentication client is authenticated with the RADIUS server based on the client’s MAC address
- Concurrent IEEE 802.1X, Web, and MAC authentication schemes per port switch port accepts up to 32 sessions of IEEE 802.1X, Web, and MAC authentications
- Private VLAN provides network security by restricting peer- to-peer communication to prevent a variety of malicious attacks; typically a switch port can only communicate with other ports in the same community and/or an uplink port, regardless of VLAN ID or destination MAC address
- DHCP protection blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
- Secure management access delivers secure encryption of all access methods (CLI, GUI, or MIB) through SSHv2, SSL, and/or SNMPv3
- Switch CPU protection provides automatic protection against malicious network traffic trying to shut down the switch
- ICMP throttling defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP traffic
- Identity-driven ACL enables implementation of a highly granular and flexible access security policy and VLAN assignment specific to each authenticated network user
- STP BPDU port protection blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks
- Dynamic IP lockdown works with DHCP protection to block traffic from unauthorized hosts, preventing IP source address spoofing
- Dynamic ARP protection blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data
- STP root guard protects the root bridge from malicious attacks or configuration mistakes
- Detection of malicious attacks monitors 10 types of network traffic and sends a warning when an anomaly that potentially can be caused by malicious attacks is detected
- Port security allows access only to specified MAC addresses, which can be learned or specified by the administrator
- MAC address lockout prevents particular configured MAC addresses from connecting to the network
- Source-port filtering allows only specified ports to communicate with each other
- RADIUS/TACACS+ eases switch management security administration by using a password authentication server
- Secure shell encrypts all transmitted data for secure remote CLI access over IP networks
- Secure Sockets Layer (SSL) encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch
- Secure FTP allows secure file transfer to and from the switch; protects against unwanted file downloads or unauthorized copying of a switch configuration file
- Management Interface Wizard helps secure management interfaces such as SNMP, telnet, SSH, SSL, Web, and USB at the desired level
- Switch management logon security helps secure switch CLI logon by optionally requiring either RADIUS or TACACS+ authentication
- Security banner displays a customized security policy when users log in to the switch
- IEEE 802.1AE MACsec provides security on a link between two switch ports (1Gbps or 10Gbps) using standard encryption and authentication (requires v3 modules)
Convergence
- IP multicast routing includes PIM Sparse and Dense modes to route IP multicast traffic
- IP multicast snooping (data-driven IGMP) prevents flooding of IP multicast traffic
- LLDP-MED (Media Endpoint Discovery) defines a standard extension of LLDP that stores values for parameters such as QoS and VLAN to automatically configure network devices such as IP phones
- PoE allocations supports multiple methods (automatic, IEEE 802.3af class, LLDP-MED, or user-specified) to allocate PoE power for more efficient energy savings
- Auto VLAN configuration for voice
- RADIUS VLAN uses a standard RADIUS attribute and LLDP- MED to automatically configure a VLAN for IP phones
- CDPv2 uses CDPv2 to configure legacy IP phones
- Local MAC Authentication assigns attributes such as VLAN and QoS using locally configured profile that can be a list of MAC prefixes
Warranty and support
- Limited Lifetime Warranty See www.hpe.com/networking/warrantysummary for warranty and support information included with your product purchase.
- Software releases to find software for your product, refer to www.hpe.com/networking/support; for details on the software releases available with your product purchase, refer to www.hpe.com/networking/warrantysummary