Aruba 3810 Series Switches
Performance and power for the mobile-first campus
Models:
Performance and scalability for enterprise campus and SMB
Entry-level access switches ideal for branch offices, mid-market enterprises, and SMB networks looking for reliable and convenient access.
The CX 6100 access switches provide the performance, security, and simplicity that you need.
Download the Aruba 3810 Series Datasheet (.PDF)
Overview:
The Aruba 3810 Switch Series is an industry-leading mobile campus access solution for enterprises, SMBs, and branch office networks. With HPE Smart Rate multi-gigabit ports for high-speed IEEE 802.11ac devices, the Aruba 3810 will prepare your network for tomorrow. Right-size deployment and back haul capacity with modular 10GbE and 40GbE uplinks.
Full PoE+ provisioning available on 48-ports. Dual, redundant, hot-swappable power supplies and innovative backplane stacking technology delivers resiliency and scalability in a convenient 1U form factor. Advanced Layer 2 and 3 feature set with OSPF, IPv6, IPv4 BGP, Tunneled node, robust QoS, and policy-based routing are included with no software licensing.
With support for OpenFlow, the Aruba 3810 is ready to take advantage of SDN applications such as HPE Network Visualizer, HPE Network Optimizer, and HPE Network Protector applications. Easy to deploy and manage withadvanced security and network management tools like Aruba ClearPass Policy Manager and Aruba AirWave. With support from Aruba Central, you can quickly set up remote branch sites with little or no IT support.
Key Features
- Advanced Layer 3 switch series with backplane stacking, low latency and resiliency
- Security and network management tools with ClearPass Policy Manager, AirWave and Central support
- Modular line rate 10GbE and 40GbE ports for wireless aggregation
- HPE Smart Rate for high-speed multi-gigabit capacity and PoE+ power
- Optimized for innovative SDN applications with OpenFlow support
Features and Benefits:
Software-defined networking
- OpenFlow is a key technology that enables SDN by allowing separation of the data (packet forwarding) and control (routing decision) paths
Unified wired and wireless
- Aruba ClearPass Policy Manager provides profiling, authentication, and policy management across multi- vendor wired and wireless networks
- HTTP redirect function supports HPE Intelligent Management Center (IMC) bring your own device (BYOD) solution
- Switch auto-configuration automatically configures switch for different settings such as VLAN, CoS, PoE max power, and PoE priority when Aruba AP is detected
- User Role a set of switch-based policies in areas such as security, authentication, and QoS. A User Role can be assigned to a group of users or devices, using switch configuration or ClearPass
- Per-port Tunneled Node provide secured tunnel to transport network traffic on a per-port basis to Aruba Controller. Authentication and network policies will be applied and enforced at the Controller
- NEW Static IP Visibility allows ClearPass to do accounting for clients with static IP address
Quality of Service (QoS)
- Advanced classifier-based QoS classifies traffic using multiple match criteria based on Layer 2, 3, and 4 information; applies QoS policies such as setting priority level and rate limit to selected traffic on a per-port or per-VLAN basis
- Layer 4 prioritization enables prioritization based on TCP/UDP port numbers
- Class of Service (CoS) sets the IEEE 802.1p priority tag based on IP address, IP Type of Service (ToS), Layer 3 protocol, TCP/UDP port number, source port, and DiffServ
- Bandwidth shaping
- Port-based rate limiting provides per-port ingress-/ egress-enforced increased bandwidth
- Classifier-based rate limiting uses an access control list (ACL) to enforce increased bandwidth for ingress traffic on each port
- Reduced bandwidth provides per-port, per-queue egress-based reduced bandwidth
- Remote intelligent mirroring mirrors selected ingress/egress traffic based on an ACL, port, MAC address, or VLAN to a local or remote HPE 8200 zl, 6600, 6200 yl, 5400 zl, 5400R, or 3500 Switch anywhere on the network
- Remote monitoring (RMON), Extended RMON (XRMON), and sFlow® v5 provide advanced monitoring and reporting capabilities for statistics, history, alarms, and events
- Traffic prioritization allows real-time traffic classification into eight priority levels that are mapped to eight queues
Management
- NEW Aruba Central support Cloud based management platform offers simple, secure, and cost effective way to manage switches
- Friendly port names allows assignment of descriptive names to ports
- IEEE 802.1AB Link Layer Discovery Protocol (LLDP) advertises and receives management information from adjacent devices on a network, facilitating easy mapping by network management applications
- Command authorization leverages RADIUS to link a custom list of CLI commands to an individual network administrator's login; an audit trail documents activity
- Multiple configuration files stores easily to the flash image
- Dual flash images provides independent primary and secondary operating system files for backup while upgrading
- Out-of-band Ethernet management port enables management over a separate physical management network; and keeps management traffic segmented from network data traffic
- Comware CLI
- Comware-compatible CLI bridges the experience of Hewlett Packard Enterprise (HPE) Comware CLI users who are using the ArubaOS-Switch CLI
- Display and fundamental Comware CLI commands are natively embedded in the switch CLI; display output is formatted as on Comware-based switches; fundamental commands provide Comware-familiar initial switch setup
- Configuration Comware CLI commands when Comware commands are entered, CLI help is elicited to formulate the correct ArubaOS-Switch software CLI command
- Zero-Touch Provisioning (ZTP) simplified installation of the switch infrastructure using Aruba Activate-based or DHCP- based process with AirWave Network Management
- Unidirectional Link Detection (UDLD) supports HPE UDLD and DLDP protocols to monitor a cable between two switches and shut down the ports on both ends if a broken link is detected, preventing network problems such as loops
- NEW IP SLA for Voice Monitor quality of voice traffic with UDP Jitter and UDP Jitter for VoIP tests
Connectivity
- Jumbo frames on Gigabit Ethernet and 10-Gigabit Ethernet ports, jumbo frames allow high-performance remote backup and disaster-recovery services
- IEEE 802.3at PoE+ provides up to 30 W per port to IEEE 802.3at-complaint PoE/PoE+-powered devices such as video IP phones, IEEE 802.11n wireless access points, and advanced pan/zoom/tilt security cameras
- Pre-standard PoE support detects and provides power to pre-standard PoE devices (refer to the list of supported devices in the product FAQs, which can be accessed at www.hpe.com/networking)
- Choice of uplinks
- SFP+ uplink models provide fiber-optic (up to 70 km) or direct-attach-cable (DAC) connectivity
- 10GBASE-T uplink models offer 10GbE speeds, using standard RJ-45 connectors and standard twisted-pair cabling up to 100 m
- Auto-MDIX provides automatic adjustments for straight- through or crossover cables on all RJ-45 ports
- IPv6
- IPv6 host enables switch management in an IPv6 network
- Dual stack (IPv4 and IPv6) transitions IPv4 to IPv6, supporting connectivity for both protocols
- MLD snooping forwards IPv6 multicast traffic to the appropriate interface
- IPv6 ACL/QoS supports ACL and QoS for IPv6 traffic
- IPv6 routing supports static, RIPng, OSPFv3 routing protocols
- 6in4 tunneling supports encapsulation of IPv6 traffic in IPv4 packets
- Security provides RA guard, DHCPv6 protection, dynamic IPv6 lockdown, and ND snooping
Performance
- Selectable queue configurations allows for increased performance by selecting the number of queues and associated memory buffering that best meet the requirements of the network applications
- Energy-efficient design
- 80 PLUS Silver Certified Power Supply increases power efficiency and savings
- Energy-efficient Ethernet (EEE) support reduces power consumption in accordance with IEEE 802.3az
- Meshed stacking technology
- High-performance stacking provides up to 336 Gbps of stacking throughput; each 4-port stacking module can support up to 42 Gbps in each direction per stacking port
- Ring, chain, and mesh topologies support up to a 10-member ring or chain and 5-member fully meshed stacks; meshed topologies offer increased resiliency vs. a standard ring
- Virtualized switching provides simplified management as the switches appear as a single chassis when stacked
- Aruba Provision ASIC architecture is designed with the latest ProVision ASIC, providing very low latency, increased packet buffering, and adaptive power consumption
Resiliency and high availability
- Virtual Router Redundancy Protocol (VRRP) allows groups of two routers to back each other up dynamically to create highly available routed environments in IPv4 and IPv6 networks
- Nonstop switching and routing improves network availability to better support critical applications, such as unified communication and mobility; traffic will continue to be forwarded during failovers, when the backup member of the stack becomes the commander
- IEEE 802.3ad Link Aggregation Protocol (LACP) and Hewlett Packard Enterprise port trunking support up to 144 trunks, each with up to 8 links (ports) per trunk
- IEEE 802.1s Multiple Spanning Tree provides high link availability in multiple VLAN environments by allowing multiple spanning trees; provides legacy support for IEEE 802.1d and IEEE 802.1w
- Dual hot-swappable power supplies
- Increased resiliency provides secondary power supply to enable complete switch power redundancy in case of power line or supply failure
- Increased PoE+ power provides the secondary power supply to increase the total available PoE+ power
- Distributed trunking enables loop-free and redundant network topology without using Spanning Tree Protocol; allows a server or switch to connect to two switches using one logical trunk for redundancy and load sharing
- SmartLink provides easy-to-configure link redundancy of active and standby links
Layer 2 switching
- IEEE 802.1ad QinQ increases the scalability of an Ethernet network by providing a hierarchical structure; connects multiple LANs on a high-speed campus or metro network
- VLAN support and tagging supports the IEEE 802.1Q standard and 4096 VLANs simultaneously
- IEEE 802.1v protocol VLANs isolate select non-IPv4 protocols automatically into their own VLANs
- MAC-based VLAN provides granular control and security; uses RADIUS to map a MAC address/user to specific VLANs
- Rapid Per-VLAN Spanning Tree (RPVST+) allows each VLAN to build a separate spanning tree to improve link bandwidth usage; is compatible with PVST+
- HPE switch meshing dynamically load balances across multiple active redundant links to increase available aggregate bandwidth; allows concurrent Layer 3 routing
- GVRP and MVRP allows automatic learning and dynamic assignment of VLANs
Layer 3 services
- Loopback interface address defines an address in Routing Information Protocol (RIP) and Open Shortest Path First (OSPF), improving diagnostic capability
- Route maps provide more control during route redistribution; allow filtering and altering of route metrics
- User datagram protocol (UDP) helper function allows UDP broadcasts to be directed across router interfaces to specific IP unicast or subnet broadcast addresses; and helps prevent server spoofing for UDP services such as DHCP
- DHCP server centralizes and reduces the cost of IPv4 address management
- Bidirectional Forwarding Detection (BFD) enables link connectivity monitoring and reduces network convergence time for OSPFv2, and VRRP
Layer 3 routing
- Static IP routing provides manually configured routing for both IPv4 and IPv6 networks
- OSPF provides OSPFv2 for IPv4 routing and OSPFv3 for IPv6 routing
- Policy-based routing makes routing decisions based on policies set by the network administrator
- Border Gateway Protocol (BGP) provides IPv4 Border Gateway Protocol routing, which is scalable, robust, and flexible
- Routing Information Protocol (RIP) provides RIPv1, RIPv2, and RIPng
Security
- Source-port filtering allows only specified ports to communicate with each other
- RADIUS/TACACS+ eases switch management security administration by using a password authentication server
- Secure shell encrypts all transmitted data for secure remote CLI access over IP networks
- Secure Sockets Layer (SSL) encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch
- Port security allows access only to specified MAC addresses, which can be learned or specified by the administrator
- MAC address lockout prevents particular configured MAC addresses from connecting to the network
- Detection of malicious attacks monitors 10 types of network traffic and sends a warning when an anomaly that potentially can be caused by malicious attacks is detected
- Secure FTP allows secure file transfer to and from the switch; protects against unwanted file downloads or unauthorised copying of a switch configuration file
- Switch management logon security helps secure switch CLI logon by optionally requiring either RADIUS or TACACS+ authentication
- Secure management access delivers secure encryption of all access methods (CLI, GUI, or MIB) through SSHv2, SSL, and/or SNMPv3
- ICMP throttling defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle ICMP traffic automatically
- Identity-driven ACL enables implementation of a highly granular and flexible access security policy and VLAN assignment specific to each authenticated network user
- STP BPDU port protection blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks
- Dynamic IP lockdown works with DHCP protection to block traffic from unauthorised hosts, preventing IP source address spoofing
- DHCP protection blocks DHCP packets from unauthorised DHCP servers, preventing denial-of-service attacks
- Dynamic ARP protection blocks ARP broadcasts from unauthorised hosts, preventing eavesdropping or theft of network data
- STP root guard protects the root bridge from malicious attacks or configuration mistakes
- Management Interface Wizard helps secure management interfaces such as SNMP, telnet, SSH, SSL, Web, and USB at the desired level
- Security banner displays a customized security policy when users log in to the switch
- Switch CPU protection provides automatic protection against malicious network traffic trying to shut down the switch
- ACLs provide filtering based on the IP field, source/ destination IP address/subnet and source/destination TCP/UDP port number on a per-VLAN or per-port basis
- Multiple authentication methods
- IEEE 802.1X authenticates multiple IEEE 802.1X users per port; prevents a user from "piggybacking" on another user's authentication
- Web-based authentication authenticates from Web browser for clients that do not support 802.1X supplicant
- MAC-based authentication authenticates client with the RADIUS server based on client's MAC address
- Concurrent authentication modes enables a switch port to accept up to 32 sessions of 802.1X, Web, and MAC authentication
- Private VLAN provides network security by restricting peer- to-peer communication to prevent a variety of malicious attacks; typically a switch port can only communicate with other ports in the same community and/or an uplink port, regardless of VLAN ID or destination MAC address
Convergence
- IP multicast snooping (data-driven IGMP) prevents flooding of IP multicast traffic
- LLDP-MED (Media Endpoint Discovery) defines a standard extension of LLDP that stores values for parameters such as QoS and VLAN to configure network devices such as IP phones automatically
- PoE allocations supports multiple methods (automatic, IEEE 802.3af class, LLDP-MED, or user-specified) to allocate PoE power for more efficient energy savings
- IP multicast routing includes PIM sparse and dense modes to route IP multicast traffic
- Auto VLAN configuration for voice
- RADIUS VLAN uses a standard RADIUS attribute and LLDP-MED to configure a VLAN automatically for IP phones
- CDPv2 uses CDPv2 to configure legacy IP phones
- Local MAC Authentication assigns attributes such as VLAN and QoS using locally configured profile that can be a list of MAC prefixes
Warranty and support
- Limited Lifetime Warranty See www.hpe.com/networking/warrantysummary for warranty and support information included with your product purchase.
- Software releases to find software for your product, refer to www.hpe.com/networking/support; for details on the software releases available with your product purchase, refer to www.hpe.com/networking/warrantysummary