HPE Aruba Networking CX 6300M 24p Smart Rate 1G/2.5G/5G/10G Class6 PoE 2p 50G 2p 25G Switch

24x ports SmartRate 100M/1G/2.5G/5G/10G BaseT Class 6 PoE ports supporting up to 60W per port (MACsec)

2x 10G/25G/50G¹ SFP ports

2x 10G/25G SFP ports (MACsec)

Supports PoE Standards IEEE 802.3af, 802.3at and 802.3bt (up to 60W)

1x USB-C Console Port

1x RJ Console Port

1x OOBM port

1x USB Type A Host port

1x Bluetooth dongle to be used with CX Mobile App

2 field-replaceable, hotswappable power supply

slots 1 minimum power supply required (ordered separately)

Supported PSUs

JL086A

JL087A

JL670A

JL758A

Max PoE Power: 2880W

Switch has two fan tray slots and comes with two fan trays installed.

Min 2 fan trays required.

Fan trays are field replaceable and hotswappable.

Each fan tray contains two fans.

(H) 4.4 cm x (W) 44.2 cm x

(D) 38.5 cm (1.73" x 17.4" x 15.2")

5.26 kg (11.60 lbs)

Mounts in an EIA- standard 19 in. telco rack or equipment cabinet.

Horizontal surface mounting only. 2-post rack kit included.

Quad Core ARM Cortex^TM A72 @ 1.8GHz

8 GB DDR4 32 GB eMMC

16 MB

880 Gbps

660 Mpps

880 Gbps

654 Mpps

1Gbps: 4.24µSec 10Gbps:

1.50µSec 25Gbps:

2.91µSec 50Gbps¹:

3.49µSec

10 members

Up to 10 kms with long range transceivers

200 Gbps

1,024

49,152

49,152

61,000

61,000

8,192

8,192

32,768

8,192

8,192

20,480/5,120/20,480

8,192/2,048/8,192

256

32°F to 113°F (0°C to 45°C) up to 5,000 ft.

Derate -1 degree C for every 1,000 ft from 5,000 ft to 10,000 ft.

Can support excursion to 131°F (55°C) for short periods¹ of time.

55C excursion not supported when 10G LRM/LR/ER inserted:

• When 10G BT and 10G LRM/LR/ER transceivers are installed together, fan redundancy is only supported up to 104°F (40°C), 5,000ft

15% to 95% @ 104°F (40°C) non-condensing

-40°F to 158°F (-40°C to 70°C) up to 15,000 ft

15% to 90% @ 149°F (65°C) non-condensing

10,000 feet (3.04 km) Max

15,000 feet (4.6 km) Max

Sound Power,

LWAd = 4.9 Bel

Sound Pressure, LpAm (Bystander) = 33.0 dB

Front and side-to-back

50Hz/60Hz

JL670A PSU:

110V-120V/208V-240V

JL086A PSU: 100V-240V

JL087A PSU: 110V-240V

JL670A PSU: 11A/8A

JL086A PSU: 8A/3.5A

JL087A PSU: 12A/5A

With JL086A PSU:

Idle: 90W

100% Traffic Rate: 143W

Idle: 90W

100% Traffic Rate: 140W

With JL670A PSU:

Idle: 101W

100% Traffic Rate: 152W

Include US, Canada, Europe, Worldwide

Europe:

EN 62368-1:2014 +A11:2017 2nd Ed.

EN 62368-1:2020 +A11:2020 3rd Ed.

UK:

BS EN 62368-1:2014 + A11:2017 2nd Ed

BS EN 62368-1:2020 + A11:2020 3rd Ed

US/Canada:

UL 62368-1 2nd Ed.

CAN/CSA-C22.2 No. 62368-1-14 2nd Ed.

Worldwide:

IEC 60950-1:2005 + Am1:2009 + Am2:2013 w/all known National Deviations

IEC 62368-1:2014 2^nd Ed. w/all known National Deviations

IEC 62368-1:2018 3^rd Ed. w/all known National Deviations

Include US, Canada, Europe, Worldwide

Europe:

EN 55032:2015 +A11:2020, Class A

EN 55035:2017 +A11:2020

EN 61000-3-2:2014, Class A

EN 61000-3-3:2013

US/Canada:

FCC CFR47 Part 15:2014, Class A

ICES-003 Class A

Worldwide:

VCCI Class A

CISPR 32 Class A

CISPR 35:2016

Include US, Canada, Europe, Worldwide

EN 60825-1:2014 / IEC 60825-1:2014 Class 1 Class 1 Laser Products / Laser Klasse 1

(Applicable for accessories - Optical Transceivers only)

CISPR 35

EN 55035:2017

IEC 61000-4-2

IEC 61000-4-3

IEC 61000-4-4

IEC 61000-4-5

IEC 61000-4-6

IEC 61000-4-8

IEC 61000-4-11

IEC 61000-3-2, EN 61000-3-2

IEC 61000-3-3, EN 61000-

3-3

Mounts in an EIAstandard 19 in. telco rack or equipment cabinet. Horizontal surface mounting only. 2-post rack kit included.

The HPE Aruba Networking CX 6300 Switch Series is based on AOS-CX, a modern, database-driven operating system that automates and simplifies many critical and complex network tasks.

A built-in time series database enables customers and developers to utilize software scripts for historical troubleshooting, as well as analysis of past trends. This helps predict and avoid future problems due to scale, security, and performance bottlenecks AOS-CX operating system features are organized into Aruba CX Foundation and Aruba CX Advanced software licenses.

Every Aruba CX switch includes an active, embedded Aruba CX Foundation license at no additional cost with the option to upgrade to an Aruba CX Advanced license.

The CX Foundation license has everything needed to deploy, connect, and troubleshoot an enterprise network, including:

• Aruba Network Analytics Engine (NAE)
• Dynamic Segmentation
• Switch Stacking
• High Availability and Resiliency
• Quality of Service (QoS)
• Layer 2 Switching
• Layer 3 Services and Routing
• IP Multicast
• Network Security
• Support for Aruba NetEdit

The Aruba CX Advanced license includes Aruba CX Edge Insights, offering deep visibility with application recognition, identification, and flow capture from layer 4 to layer 7.

For more information on the CX Advanced License, read the

Because AOS- CX is built on a modular Linux architecture with a stateful database, our operating system provides the following unique capabilities:

• Easy access to all network state information allows unique visibility and analytics
• REST APIs and Python scripting for fine-grained programmability of network tasks
• A micro-services architecture that enables full integration with other workflow systems and services
• Continuous telemetry data with WebSocket subscriptions for event driven automation
• Continual state synchronization that provides superior fault tolerance and high availability
• All software processes communicate with the database rather than each other, ensuring near real-time state and resiliency and allowing individual software modules to be independently upgraded for higher availability.

Aruba Central is an AI-powered solution that simplifies IT operations, improves agility, and reduces costs by unifying management of all network infrastructure. Built for enterprise-grade resiliency and security, while simple enough for smaller businesses with limited IT staff, Aruba Central is your single point of visibility and control that spans the entire network --from branch to data center, wired and wireless LAN to WAN.

Available as a cloud-based or on-premises solution, Aruba Central is designed to simplify day zero through day two operations with streamlined workflows for tasks such as virtual switch stack creation, automated monitoring using AI-powered insights and NAE, as well as a unified view of all devices and users, both wired and wireless. Comprehensive switch management capabilities include configuration, on-boarding, monitoring, troubleshooting, and reporting.

An Aruba Central Foundation license subscription enables comprehensive switch management capabilities that include configuration, onboarding, monitoring, troubleshooting, and reporting. An Aruba Central Advanced license expands these capabilities with premium security and AIOps, including the Aruba Central NetConductor Fabric Wizard and Policy Manager to enable dynamic segmentation and distributed enforcement at a global scale.

For enhanced visibility and troubleshooting, Aruba's Network Analytics Engine (NAE) automatically monitors and analyzes events that can impact network health. Advanced telemetry and automation provide the ability to easily identify and troubleshoot network, system, application and security related issues easily, through the use of python agents, CLI-based agents, and REST APIs.

The Time Series Database (TSDB) stores configuration and operational state data, making it available to quickly resolve network issues. The data may also be used to analyze trends, identify anomalies and predict future capacity requirements.

The entire Aruba CX portfolio empowers IT teams to orchestrate multiple switch configuration changes for smooth end-to-end service rollouts. Aruba NetEdit introduces automation that allows for rapid network-wide changes, and ensures policy conformance post network updates. Intelligent capabilities include search, edit, validation (including conformance checking), deployment and audit features.

Capabilities include:

• Centralized configuration with validation for consistency and compliance
• Time savings via simultaneous viewing and editing of multiple configurations
• Customized validation tests for corporate compliance and network change analysis
• Automated large-scale configuration deployment without programming
• Network health and topology visibility via Aruba NAE integration

An easy to use mobile app simplifies connecting and managing HPE Aruba Networking CX 6300 Switch Series for any size project. Switch information can also be imported into Aruba NetEdit for simplified configuration management and to continuously validate the conformance of configurations anywhere in the network. The Aruba CX Mobile App is available for download.

Based on over 30 years of continuous investment, Aruba's ASICs create the basis for innovative and agile software feature advancements, unparalleled performance and deep visibility. These programmable ASICs are purpose-built to allow for a tighter integration of switch hardware and software within campus and data center architectures to optimize performance and capacity. Virtual Output Queuing (VOQ) isolates congestion prevents Head of Line Blocking (HOLB) and allows full line rate on outgoing (egress) ports. Flexible ASIC resources enable Aruba's NAE solution to inspect all data, which allows for industry-leading analytics capabilities. The HPE Aruba Networking CX 6300 Switch Series is based on the Aruba Gen7 ASIC architecture.

The Aruba Dynamic Segmentation solution enables seamless mobility, consistent policy enforcement, and automated configurations for wired and wireless clients across networks of all sizes. And it extends these benefits to applications hosted on the data center and the public cloud.

This innovation begins with colorless ports and role-based micro-segmentation technologies. Colorless ports allows wired clients to connect to any switch port, with the configuration automated using Radius-Based Access Control. This eliminates the need for manual on-boarding of clients, including IoT devices, onto the network.

Role-based micro-segmentation delivers benefits of reduced subnet and VLAN sprawl, simplified policy definition, and scales policy enforcement by introducing the concept of client User Roles. These roles are independent of network constructs such as VLANs and VRFs, and allows clients to be grouped into a User Role based on their identity. This allows the colorless ports technology to be extended to the overlay fabric, as clients are on-boarded with automatic tunnel creation based on the associated User Role policy. The User Role policy also offers the choice between micro-segmentation with a Layer 4 Role-Role ACL on switches or a Layer 7 stateful firewall enforcement.

Dynamic Segmentation provides much needed scale and flexibility in network design by allowing the stretching of VLANs and subnets across the entire network. Fabric overlays offer VXLAN or VXLAN-GBP tunnels on the data plane and provide the option of a Multi-Protocol BGP eVPN control plane for large deployments, or a static Layer 2 control plane for simplified deployments.

Dynamic Segmentation also eliminates the complexity of service-chaining and redirection of traffic to 3rd party firewalls. User Role Policy can steer client's traffic on overlay tunnels (User Based Tunnels) to Aruba's Policy Enforcement Firewall for deep-packet inspection and application aware Layer 7 stateful firewall filtering. After performing this stateful inspection for any security threats, the traffic is automatically put back on the VXLAN fabric to be delivered to its destination.

The HPE Aruba Networking CX 6300 Switch Series uses a fully distributed architecture that utilizes the Aruba Gen7 ASICs. This ensures that our switches offer very low latency, increased packet buffering, and adaptive power consumption. All switching and routing are wire-speed to meet the demands of bandwidth-intensive applications today and in the future.

Each switch includes the following:

• Up to 880 Gbps in non-blocking bandwidth and up to 660 Mpps for forwarding
• 1/10/25/50GbE uplinks¹ and large TCAM sizes ideal for mobility and IoT deployments in large campuses with several thousand clients
• Selectable queue configurations that allow for increased performance by defining a number of queues and associated memory buffering to best meet the requirements of network applications

The Aruba Virtual Switching Framework (VSF) allows you to quickly grow your network using high performance front plane stacking. Additional features include:

• Support for up to 10 switches (or members) in a stack via chain or ring topology
• Flexibility to create stacks that span longer distances such as hundreds of meters across campuses to kilometers between sites using long-range 10GbE/25GbE transceivers
• Flexibility to mix both modular and fixed HPE Aruba Networking CX 6300 Switch Series models within a single stack to meet your deployment requirements
• Simplified configuration and management as the switches act as a single chassis when stacked
• Support for in-service software upgrades (ISSU) for standalone and VSF stacked 6300 switches
• The Aruba CX Mobile app provides support for a validated stack deployment that ensure that all stack links and uplinks are connected properly

To support congestion actions and traffic prioritization, the HPE Aruba Networking CX 6300 Switch Series includes the following:

• Strict priority (SP) queuing and Deficit Weighted Round Robin (DWRR)
• Traffic prioritization (IEEE 802.1p) for real-time classification into 8 priority levels that are mapped to 8 queues
• Layer 4 prioritization based on TCP/UDP port numbers
• Class of Service (CoS) sets the IEEE 802.1p priority tag based on IP address, IP Type of Service (ToS), Layer 3 protocol, TCP/UDP port number, source port, and DiffServ
• Rate limiting sets per-port ingress enforced maximums and per-port, per-queue minimums
• Transmission rates of egressing frames can be limited on a per-queue basis using Egress Queue Shaping (EQS)
• Large buffers for graceful congestion management

Whether in the branch office or a small to large enterprise environment, you can choose from 24 and 48 ports of HPE Smart Rate Multi-Gigabit. Each switch includes four high-speed built-in uplinks that auto-negotiate from 1GbE, 10GbE to 50GbE¹ to deliver non-blocking performance. Fixed format (F) models include built-in power supplies. The modular (M) models have rear slots for hot swappable power supplies that allow you to customize your PoE requirements, and its fans are field replaceable. Additional highlights:

• Compact 1U models support:

­ 24 and 48 ports of HPE Smart Rate Multi-gigabit Ethernet IEEE 802.3bz (100M/1GbE/2.5GbE/5GbE/10GbE) supporting high power IEEE 802.3bt Class 6 (60W) to Class 8 (90W)

­ High density 24 port SFP+ model which is ideal for aggregation

­ 1/10/25/50GbEuplink¹ port connectivity

• HPE Smart Rate Multi-Gigabit (IEEE 802.3bz) Ethernet supports high speed wireless access points
• For deployments that need higher port and PoE density, the 6300 supports up to 90W of PoE in a 48-port switch for a total of 2880W of PoE.
• Industry standard IEEE 802.3bt High Power PoE support (Class 8) provides up to 90W per port for support of the latest IoT devices and APs. PoE support for IEEE 802.3at Power over Ethernet (PoE+) provides up to 30W per port as well as any IEEE 802.3af-compliant end device
• Support for pre-standard PoE detection provides power to legacy PoE devices
• High availability with always-on PoE that supplies PoE power even during scheduled reboots and firmware upgrades
• Quick PoE supplies PoE power to powered devices as soon as the switch is plugged into AC power so device can initialize at the same time as the switch OS boots up
• Support for Energy Efficient Ethernet IEEE 802.3az reduces power consumption during periods of low network traffic
• Support for top-of-rack (ToR) and out-of-band management (OOBM) data center deployments with CX 6300M power-to-port bundle that delivers required power-to-port (back to front) airflow
• Auto-MDIX provides automatic adjustments for straight-through or crossover cables on all 10M/100M/1G and Smart Rate ports
• Unsupported Transceiver Mode (UTM) allows to insert and enable all unsupported 1/10/25/50GbE transceivers and cables. Note that there is no warranty nor support for the transceiver/cable when this feature is used.
• IPv6 capabilities include:

­ IPv6 host enables switches to be managed in an IPv6 network

­ Dual stack (IPv4 and IPv6) transitions from IPv4 to IPv6, supporting connectivity for both protocols

­ MLD snooping forwards IPv6 multicast traffic to the appropriate interface

­ IPv6 ACL/QoS supports ACL and QoS for IPv6 network traffic

­ IPv6 routing supports Static and OSPFv3 protocols

­ Security provides RA guard, DHCPv6 protection, dynamic IPv6 lockdown, ND snooping, IPv6 Destination Guard, IPv6 DHCP Guard, and IPv6 Router Advertisement Guard

• Jumbo frames allow for high-performance backups and disaster-recovery systems; provides a maximum frame size of 9198 bytes
• Packet storm protection against broadcast and multicast storms with user-defined thresholds
• Smart link enables simple, fast converging link redundancy and load balancing with dual uplinks avoiding Spanning Tree complexities

To ensure a high degree of up-time we offer high availability and multicast features needed for a full Layer 3 deployment at access and aggregation such as PBR, BFD, MSDP, BSR, and IP SLA without the need for software licenses. This includes:

• Hot Swappable Power Supplies available in the 6300 "M" models

­ Provides N+1 and N+N redundancy for high reliability in the event of power line or supply failures

­ Optional secondary power supplies to increase the total available PoE power

­ Fixed power supplies in 6300 "F" models

• Bidirectional Forward Detection (BFD) enables sub-second failure detection for rapid routing protocol re-balancing, supporting both IPV4 and IPv6 networks.
• Virtual Router Redundancy Protocol (VRRP) allows groups of two routers to dynamically create highly available routed environments in IPV4 and IPV6 networks
• Uni-directional Link Detection (UDLD) to monitor link connectivity and shut down ports at both ends if uni- directional traffic is detected, preventing loops in STP- based networks
• EEE 802.3ad LACP supports up to 256 LAGs, each with up to 8 links per LAG; and provides support for static or dynamic groups and a user-selectable hashing algorithm
• IEEE 802.1s Multiple Spanning Tree provides high link availability in VLAN environments where multiple spanning trees are required; and legacy support for IEEE 802.1d and IEEE 802.1w
• IEEE 802.3ad link-aggregation-control protocol (LACP) and port trunking support static and dynamic trunks where each trunk supports up to eight links (ports) per static trunk
• Support for Microsoft Network Load Balancer (NLB) for server applications
• Ethernet Ring Protection Switching (ERPS) supports rapid protection and recovery in a ring topology.
• Hot-Patching support and ISSU for standalone CX 6300 and for 6300 with VSF Stacking

The CX 6300M 48 port power-to-port switch bundle serves as a top of rack (ToR) switch for 1GbE servers and also as a 1GbE out-of-band management (OOBM) switch for data centers server racks. Features include:

• Power-to-port bundle (JL762A) includes 48 port 1GbE switch with 2 x Fan Trays (JL761A) and 1 x power supply (JL760A)
• Back (power-side)-to-front (1GbE port side) airflow
• 1GbE/10GbE/25GbE/50GbE¹ SFP uplinks

In addition to Aruba Central, the Aruba CX Mobile App, Aruba NetEdit and Aruba Network Analytics Engine, the 6300 series offers the following:

• Built-in programmable and easy to use REST API interface
• Aruba AirWave on-premises and Aruba Central cloud- based management
• Zero-Touch Provisioning (ZTP) simplifies installation of switching infrastructure using DHCP-based or Aruba Activate-based process with Aruba AirWave and Aruba Central
• Scalable ASIC-based wire speed network monitoring and accounting with no impact on network performance; network operators can gather a variety of network statistics and information for capacity planning and real- time network monitoring purposes
• Management interface control enables or disables each of the following depending on security preferences, console port, or reset button
• Industry-standard CLI with a hierarchical structure for reduced training time and expense. Delivers increased productivity in multivendor environments
• Management security restricts access to critical configuration commands, provides multiple privilege levels with password protection and local and remote syslog capabilities allow logging of all access
• SNMP v2c/v3 provides SNMP read and trap support of industry standard Management Information Base (MIB), and private extensions
• SNMP support includes: Write Set Speed and Duplex, Write Port Security, Write POE Priority, Write Config Mgmt, SNMP-Read single OID for average CPU and memory, SNMP MIB View
• SNMP Trap include: Transceiver Traps (insertion/removal), SNMP Trap, SNMP MIB-SNMB Authentication, SNMPv2 MIB, Port Sec MIB-Port Sec, Config MIB-Running Config Change, Config MIB, AAA Server MIB, AAA Server State
• Remote monitoring (RMON) with standard SNMP to monitor essential network functions. Supports events, alarms, history, and statistics groups as well as a private alarm extension group; RMON and sFlow provide advanced monitoring and reporting capabilities for statistics, history, alarms and events
• IP Flow Information Export (IPFix) enables client flow information collection to enhance visibility
• Simplifies configuration while onboarding switches with Zero Touch Provisioning by using Dynamic Border Gateway Protocol (BGP) peering to establish a peer group of switches within an IP range
• Enhanced visibility during client onboarding, providing insights on latency, failures, and error events
• Client telemetries and application visibility using IP Flow Information Export (IPFix), Deep Packet Inspection (DPI) and traffic insights
• Simplifies configuration while onboarding switches with Zero Touch Provisioning by using Dynamic Border Gateway Protocol (BGP) peering to establish a peer group of switches within an IP range
• Enhanced visibility during client onboarding, providing insights on latency, failures, and error events
• TFTP and SFTP support offers different mechanisms for configuration updates; trivial FTP (TFTP) allows bidirectional transfers over a TCP/ IP network; Secure File Transfer Protocol (SFTP) runs over an SSH tunnel to provide additional security
• Debug and sampler utility supports ping and traceroute for IPv4 and IPv6
• Network Time Protocol (NTP) synchronizes timekeeping among distributed time servers and clients; keeps timekeeping consistent among all clock-dependent devices within the network so the devices can provide diverse applications based on the consistent time
• IEEE 802.1AB Link Layer Discovery Protocol (LLDP) advertises and receives management information from adjacent devices on a network, facilitating easy mapping by network management applications
• Dual flash images provides independent primary and secondary operating system files for backup while upgrading
• Assignment of descriptive names to ports for easy identification
• Multiple configuration files can be stored to a flash image
• Ingress and egress port monitoring enable more efficient network problem solving
• Unidirectional link detection (UDLD) monitors the link between two switches and blocks the ports on both ends of the link if the link goes down at any point between the two devices
• Power down mode delivers energy savings by allowing the switch to power down most of the switch, except a clock which will boot up the switch when scheduled
• IP SLA for Voice monitors quality of voice traffic using the UDP Jitter and UDP Jitter for VoIP tests
• Precision Time Protocol (PTP) allows for precise clock synchronization across distributed network switches as defined in IEEE 1588. Transparent Clock (PTP-TC) and Boundary Clock (PTP-BC) are needed for time critical applications like Audio Video Bridging (AVB), smart grid power automation, financial systems and more. Boundary Clock makes use of 2-Step time stamping mode.

The following layer 2 services are supported:

• VLAN support and tagging for IEEE 802.1Q (4094 VLAN IDs)
• Jumbo packet support improves the performance of large data transfers; supports frame size of up to 9198 bytes
• IEEE 802.1v protocol VLANs isolate select non-IPv4 protocols automatically into their own VLANs
• Rapid Per-VLAN Spanning Tree (RPVST+) allows each VLAN to build a separate spanning tree to improve link bandwidth usage; is compatible with PVST+
• MVRP allows automatic learning and dynamic assignment of VLANs
• VXLAN encapsulation (tunnelling) protocol for overlay network that enables a more scalable virtual network deployment
• Bridge Protocol Data Unit (BPDU) tunnelling Transmits STP BPDUs transparently, allowing correct tree calculations across service providers, WANs, or MANs
• Port mirroring duplicates port traffic (ingress and egress) to a monitoring port; supports 4 mirroring groups
• STP supports standard IEEE 802.1D STP, IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) for faster convergence, and IEEE 802.1s Multiple Spanning Tree Protocol (MSTP)
• Internet Group Management Protocol (IGMP) Controls and manages the flooding of multicast packets in a Layer 2 network
• IPv4 Multicast in VXLAN/EVPN Overlay support allows PIM-SM/IGMP snooping in the VXLAN Overlay
• IPv6 VXLAN/EVPN Overlay support, allows IPv6 traffic over the VXLAN overlay
• VXLAN ARP/ND suppression allows minimization of ARP and ND traffic flooding within individual VXLAN segments, thus optimizing the VXLAN network
• QinQ support to improve the VLAN utilization by adding another 802.1Q tag to tagged packets

The following layer 3 services are supported:

• Bidirectional Forwarding Detection (BFD) enables link connectivity monitoring and reduces network convergence time for static route, OSPFv2 and VRRP
• User Datagram Protocol (UDP) helper function allows UDP broadcasts to be directed across router interfaces to specific IP unicast or subnet broadcast addresses and prevents server spoofing for UDP services such as DHCP
• Loopback interface address defines an address in Open Shortest Path First (OSPF), improving diagnostic capability
• Route maps provide more control during route redistribution; allow filtering and altering of route metrics
• Address Resolution Protocol (ARP) determines the MAC address of another IP host in the same subnet; supports static ARPs; gratuitous ARP allows detection of duplicate IP addresses; proxy ARP allows normal ARP operation between subnets or when subnets are separated by a Layer 2 network
• Dynamic Host Configuration Protocol (DHCP) simplifies the management of large IP networks and supports client; DHCP Relay enables DHCP operation across subnets
• DHCP server centralizes and reduces the cost of IPv4 address management
• Domain Name System (DNS) provides a distributed database that translates domain names and IP addresses, which simplifies network design; supports client and server
• mDNS (Multicast Domain Name System) Gateway enables discovery of mDNS groups across L3 boundaries
• Generic Routing Encapsulation (GRE) enables tunneling traffic from site-to-site over a Layer 3 path
• Supports internal loopback testing for maintenance purposes and increased availability; loopback detection protects against incorrect cabling or network configurations and can be enabled on a per-port or per-VLAN basis for added flexibility
• IP sub-interface is a virtual interface created by dividing physical interface into multiple logical interfaces tagged using different VLAN-IDs. A physical interface can be a regular physical, Split port or LAG L3 interface. A sub-interface is used for many uses-cases such as VRF-lite interconnection and inter-vlan routing (router on-a-stick)

• IGMP Snooping allows multiple VLANs to receive the same IPv4 multicast traffic, lessening network bandwidth demand by reducing multiple streams to each VLAN
• Multicast Listener Discovery (MLD) enables discovery of IPv6 multicast listeners; support MLD v1 and v2
• Protocol Independent Multicast (PIM) defines modes of IPv4 and IPv6 multicasting to allow one-to-many and many-to-many transmission of information; supports PIM Sparse Mode (SM), Source-Specific Multicast (SSM), and Dense Mode (DM) for both IPv4 and IPv6
• Internet Group Management Protocol (IGMP) utilizes Any-Source Multicast (ASM) to manage IPv4 multicast networks; supports IGMPv1, v2, and v3
• Multicast Service Discovery Protocol (MSDP) efficiently routes multicast traffic through core networks
• MSDP for Anycast RP is an intra-domain feature that provides redundancy and load-sharing capabilities

Customers can choose to upgrade the active, embedded CX Foundation license to the term-based CX Advanced license to unlock the following benefits for their business:

• Delivers deep visibility with Aruba CX Edge Insights for application recognition, identification, and flow capture from layer 4 to layer 7. CX Edge Insights enables granular datapoint collection with search, sort and reporting as well as the ability to recognize 22 categories and more than 3700 applications.

The HPE Aruba Networking CX 6300 Switch Series come with an integrated trusted platform module (TPM) for platform integrity. This ensures the boot process started from a trusted combination of Aruba AOS-CX switches. Other security features include:

• AOS-CX uses FIPS 140-2 validated cryptography for protection of sensitive information.
• Access control list (ACL) support for both IPv4 and IPv6; allows for filtering traffic to prevent unauthorized users from accessing the network, or for controlling network traffic to save resources; rules can either deny or permit traffic to be forwarded; rules can be based on a Layer 2 header or a Layer 3 protocol header
• ACLs also provide filtering based on the IP field, source/ destination IP address/subnet, and source/ destination TCP/UDP port number on a per-VLAN or per-port basis
• Enrollment over Secure Transport (EST) enables secure certificate enrollment, allowing for easier enterprise management of PKI
• Remote Authentication Dial-In User Service (RADIUS)
• Terminal Access Controller Access-Control System (TACACS+) delivers an authentication tool using TCP with encryption of the full authentication request, providing additional security
• Management access security for both on- and off- box authentication for administrative access. RADIUS or TACACS+ can be used to provide encrypted user authentication. Additionally, TACACS+ can also provide admin authorization services
• Control Plane Policing sets rate limit on control protocols to protect CPU overload from DOS attacks
• Supports multiple user authentication methods. Uses an IEEE 802.1X supplicant on the client in conjunction with a RADIUS server to authenticate in accordance with industry standards
• Supports MAC-based client authentication
• Concurrent IEEE 802.1X, Web, and MAC authentication schemes per switch port accepts up to 32 sessions of IEEE 802.1X, Web, and MAC authentications
• DHCP protection blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
• Secure management access delivers secure encryption of all access methods (CLI, GUI, or MIB) through SSHv2, SSL, and/or SNMPv3
• Switch CPU protection provides automatic protection against malicious network traffic trying to shut down the switch
• ICMP throttling defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP traffic
• Identity-driven ACL enables implementation of a highly granular and flexible access security policy and VLAN assignment specific to each authenticated network user
• STP BPDU port protection blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks
• Dynamic IP lockdown works with DHCP protection to block traffic from unauthorized hosts, preventing IP source address spoofing
• Dynamic ARP protection blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data
• STP root guard protects the root bridge from malicious attacks or configuration mistakes
• Port security allows access only to specified MAC addresses, which can be learned or specified by the administrator
• MAC address lockout prevents particular configured MAC addresses from connecting to the network
• Source-port filtering allows only specified ports to communicate with each other
• Secure shell encrypts all transmitted data for secure remote CLI access over IP networks
• Secure Sockets Layer (SSL) encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch
• Secure FTP allows secure file transfer to and from the switch; protects against unwanted file downloads or unauthorized copying of a switch configuration file
• Critical Authentication Role ensures that important infrastructure devices such as IP phones are allowed network access even in the absence of a RADIUS server
• MAC Pinning allows non-chatty legacy devices to stay authenticated by pinning client MAC addresses to the port until the clients logoff or get disconnected
• Security banner displays a customized security policy when users log in to the switch
• RadSec enables RADIUS authentication and accounting data to be passed safely and reliably across insecure networks
• Private VLAN (PVLAN) provides traffic isolation between users on the same VLAN; typically a switch port can only communicate with other ports in the same community and/or an uplink port, regardless of VLAN ID or destination MAC address. This extends network security by restricting peer-peer communication to prevent variety of malicious attacks.
• Auto VLAN Creation automates VLAN creation on access switches for authenticated clients.
• DHCP smart relay allows the DHCP relay agent to use secondary IP addresses when the DHCP server does not reply the DHCP-OFFER message
• IEEE 802.1AE MACsec provides switch-to-switch and switch-to-host security on a link between two ports using standard encryption and authentication, available on uplink and downlink ports

The following layer 3 routing services are supported:

• Border Gateway Protocol (BGP) provides IPv4 and IPv6 routing, which is scalable, robust, and flexible
• Border Gateway Protocol 4 (BGP-4) delivers an implementation of the Exterior Gateway Protocol (EGP) utilizing path vectors; uses TCP for enhanced reliability for the route discovery process; reduces bandwidth consumption by advertising only incremental updates; supports extensive policies for increased flexibility; scales to very large networks with graceful restart capability
• Equal-Cost Multipath (ECMP) enables multiple equal-cost links in a routing environment to increase link redundancy and scale bandwidth
• Multi-protocol BGP (MP-BGP) enables sharing of IPv6 routes using BGP and connections to BGP peers using IPv6
• Routing Information Protocol version 2 (RIPv2) provides an easy to configure routing protocol for small networks as while RIPng provides support for small IPv6 networks
• Open shortest path first (OSPF) delivers faster convergence; uses link-state routing Interior Gateway Protocol (IGP), which supports ECMP, NSSA, and MD5 authentication for increased security and graceful restart for faster failure recovery
• OSPF provides OSPFv2 for IPv4 routing and OSPFv3 for IPv6 routing
• Static IP routing provides manually configured routing; includes ECMP capability
• Policy-based routing uses a classifier to select traffic that can be forwarded based on policy set by the network administrator
• Static IPv4 and IPv6 routing provides simple manually configured IPv4 and IPv6 routes
• IP performance optimization provides a set of tools to improve the performance of IPv4 networks; includes directed broadcasts, customization of TCP parameters, support of ICMP error packets, and extensive display capabilities
• Dual IP stack maintains separate stacks for IPv4 and IPv6 to ease the transition from an IPv4-only network to an IPv6-only network design

• IP multicast routing includes PIM Sparse, Source Specific Multicast,and Dense modes to route IP multicast traffic
• IP multicast snooping (data-driven IGMP) prevents flooding of IP multicast traffic
• Protocol Independent Multicast for IPv6 supports one-to- many and many-to-many media casting use cases such as IPTV over IPv6 networks
• LLDP-MED (Media Endpoint Discovery) defines a standard extension of LLDP that stores values for parameters such as QoS and VLAN to automatically configure network devices such as IP phones
• PoE allocations supports multiple methods (allocation by usage or class, with LLDP and LLDP-MED) to allocate PoE power for more efficient power management and energy savings.
• Auto VLAN configuration for voice RADIUS VLAN uses a standard RADIUS attribute and LLDP-MED to automatically configure a VLAN for IP phones
• CDPv2 uses CDPv2 to configure legacy IP phones

• Green initiative support for RoHS (EN 50581:2012) and WEEE regulations
• TAA compliant models available

When your network is important to your business, then your business needs the backing of Aruba Support Services. Partner with Aruba product experts to increase your team productivity, keep pace with technology advances, software releases, and obtain break-fix support.

• Foundation Care for Aruba support services include priority access to Aruba Technical Assistance Center(TAC) engineers 24x7x365, flexible hardware and onsite support options, and total coverage for Aruba products. Aruba switches with assigned Aruba Central subscriptions benefit with option for additional hardware support only.
• Aruba Pro Care adds fast access to senior Aruba TAC engineers, who are assigned as a single point of contact for case management, reducing the time spent addressing and resolving issues.

For complete details on Foundation Care and Aruba Pro Care, please visit:

• Limited Lifetime Warranty, see
  https://www.arubanetworks.com/support-services/ product-warranties/
  for warranty and support information included with your product purchase
• For Software Releases and Documentation, refer to
  https://asp.arubanetworks.com/downloads
• For more detailed information on Aruba AOS-CX software release and features, please visit the
  AOS-CX Switch Software Documentation Portal
• Explore and compare switch features for each platform and software release on the
  Aruba Switch Feature Navigator
• For support and services information, visit
  https://www.arubanetworks.com/support-services/arubacare/