Aruba 2930F Switch Series in Dubai, UAE – are easy to deploy and manage – optimized for mobile users with an integrated wired and wireless approach. Interact with product animations in this online 3D model using simple gestures to explore the product.

Aruba 2930F Switch Series

Aruba 2930F Switch Series

• Aruba Layer 3 switch series with VSF stacking, static, RIP and Access OSPF Routing, Dynamic Segmentation, ACLs, and robust QoS
• Supports advanced security and network management via Aruba ClearPass Policy Manager, Aruba AirWave and Aruba Central
• Convenient built-in 1GbE or 10GbE uplinks and up to 740 W PoE+
• Software defined ready with REST APIs and OpenFlow support
• Simple deployment with Zero Touch Provisioning

Aruba 2530 Switch Series - Features

The Aruba 2930F Switch Series is designed for customers creating smart digital workplaces that are optimized for mobile users with an integrated wired and wireless approach. These convenient Layer 3 network switches include built-in uplinks and PoE power and are simple to deploy and manage with advanced security and network management tools like Aruba ClearPass Policy Manager, Aruba AirWave and cloud- based Aruba Central.

A powerful Aruba ProVision ASIC delivers performance , robust feature support and value with programmability for the latest applications. Stacking with Virtual Switching Framework (VSF) provides simplicity and scalability. The
2930F supports built-in 1GbE or 10GbE uplinks, PoE+, Access OSPF routing, Dynamic Segmentation, robust QoS, RIP routing, and IPv6 with no software licensing required.

The Aruba 2930F Switch Series provides a convenient and cost-effective access switch solution that can be quickly set up with Zero Touch Provisioning. The robust Layer 3 feature set includes a limited lifetime warranty.

ENHANCED CAPABILITIES

Unified Wired and Wireless Support

• Supports unified wired and wireless policies using Aruba ClearPass Policy Manager
• Switch auto-configuration automatically configures switch for different settings such as VLAN, CoS, PoE max. power, and PoE priority when an Aruba access point is detected
• User Role defines a set of switch-based policies in areas such as security, authentication, and QoS. A user role can be assigned to a group of users or devices, using switch-based local user role or download from ClearPass
• For improved network simplicity and security, Aruba Dynamic Segmentation automatically enforces user, device and application-aware policies on Aruba wired and wireless networks. Automated device profiling, role-based access control, and Layer 7 firewall features deliver enhanced visibility and performance for a better overall experience for both IT and end users alike
• Dynamic Segmentation provides a secure tunnel that transports network traffic on a per-port or per-user role basis to an Aruba Controller. In a per-user role Tunnel Node, users are authenticated by the ClearPass Policy Manager which directs traffic to be tunneled to an Aruba controller or switch locally
• Static IP visibility allows ClearPass to do accounting for clients with a static IP address

Software-defined networks

• Supports multiple programmatic interfaces, including REST APIs and Openflow 1.0 and 1.3, to enable automation of network operations, monitoring, and troubleshooting

Quality of Service (QoS)

• Traffic prioritization (IEEE 802.1p) for classification into eight priority levels mapped to eight queues
• Layer 4 prioritization based on TCP/UDP port numbers
• Class of Service (CoS) sets the IEEE 802.1p priority tag based on IP address, IP Type of Service (ToS), Layer 3 protocol, TCP/UDP port number, source port, and DiffServ
• Rate limiting sets per-port ingress enforced maximums and per-port, per-queue minimums
• Large buffers provide graceful congestion management
• Unknown Unicast Rate Limiting throttles unicast packets with unknown destination addresses and limits flooding on the VLAN

Connectivity

• Convenient built-in 10 Gbps Ethernet (4 x SFP+) uplinks
available on select models
• 12 port fanless model with built-in power supply includes 12 x 1 Gbps Ethernet PoE+ ports and four built-in uplinks (2 x SFP+ and 2 x 1GBASE-T)
• Auto-MDIX provides automatic adjustments for straight-through or crossover cables on all 10/100 and 10/100/1000 ports
• IEEE 802.3at Power over Ethernet (PoE+) provides up to 30 W per port that allows support of the latest PoE+-capable devices such as IP phones, wireless access points, and security cameras, as well as any IEEE 802.3af-compliant end device; eliminates the cost of additional electrical cabling and circuits that would otherwise be necessary in IP phone and WLAN deployments
• Support for pre-standard PoE detects and provides power to pre-standard PoE devices
• IPv6
– IPv6 host enables switches to be managed in an IPv6 network
– Dual stack (IPv4 and IPv6) transitions from IPv4 to IPv6, supporting connectivity for both protocols
– MLD snooping forwards IPv6 multicast traffic to the appropriate interface
– IPv6 ACL/QoS supports ACL and QoS for IPv6 network traffic
– IPv6 routing supports static and RIPng protocols
– Security provides RA guard, DHCPv6 protection, dynamic IPv6 lockdown, and ND snooping

Performance and efficiency

• Energy-efficient design
– 80 PLUS Silver Certified power supply increases power efficiency and savings
– Energy-efficient Ethernet (EEE) support reduces power consumption in accordance with IEEE 802.3az
• Designed with the latest Aruba Provision ASIC, providing very low latency, increased packet buffering, and adaptive power consumption
• Selectable queue configurations allows for increased performance by selecting the number of queues and associated memory buffering that best meet the requirements of the network applications
• Stacking Topology
– Virtual Switching Framework (VSF) front plane stacking creates one virtual resilient switch from up to eight* switches
– Ring topology—Supports up to eight member stack
– Virtualized switching provides simplified management as the switches act as a single chassis when stacked

Convergence

• IP multicast snooping and data-driven IGMP automatically
prevents flooding of IP multicast traffic
• LLDP-MED (Media Endpoint Discovery) defines a standard extension of LLDP that stores values for parameters such as QoS and VLAN to automatically configure network devices such as IP phones
• IEEE 802.1AB Link Layer Discovery Protocol (LLDP) facilitates easy mapping using network management applications with LLDP automated device discovery protocol
• PoE and PoE+ allocations support multiple methods (automatic, IEEE 802.3at dynamic, LLDP-MED fine grain, IEEE 802.3af device class, or user-specified) to allocate and manage PoE/PoE+ power for more efficient energy savings
• Local MAC Authentication assigns attributes such as VLAN and QoS using a locally configured profile that can be a list of MAC prefixes
• IP multicast routing includes PIM Sparse and Dense modes
to route IP multicast traffic (limited to 16 interfaces)
• Protocol Independent Multicast for IPv6 supports one-to- many and many-to-many media casting use cases such as IPTV over IPv6 networks

Resiliency and high availability

• IEEE 802.1s Multiple Spanning Tree provides high link availability by allowing Multiple Spanning Trees; provides legacy support for IEEE 802.1d and IEEE 802.1w
• Virtual Router Redundancy Protocol (VRRP) allows groups of two routers to dynamically back each other up to create highly available routed environments for IPv4 and IPv6 networks (limited to 128 VRs)
• IEEE 802.3ad link aggregation control protocol (LACP) and port trunking support up to 60 static or dynamic trunks active across a stack, with each trunk having up to eight links (ports) per static trunk; and offer support for trunking across stack members
• SmartLink provides easy-to-configure link redundancy of active and standby links

Simplified configuration and management

• Aruba Central cloud-based management platform offers a simple, secure and cost-effective way to manage switches
• Zero Touch Provisioning (ZTP) simplifies installation of the switch infrastructure using Aruba Activate or a DHCP-based process with AirWave and Central Network Management
• Flexible management with same hardware – Supports both cloud-based Central and on-premises AirWave with the same hardware, ensuring management platform changes without ripping and replacing switching infrastructure
• Out-of-band Ethernet management port enables management on a separate physical management network, and keeps management traffic segmented from network data traffic
• Built-in programmable and easy-to-use REST API interface provides configuration automation for campus networks
• SNMPv1, v2, and v3 provide complete support of SNMP; provide full support of industry-standard Management Information Base (MIB) plus private extensions; SNMPv3 supports increased security using encryption

Manageability

• Dual flash images provide independent primary and secondary operating system files for backup while upgrading
• Friendly port names allow assignment of descriptive names to ports
• Find-Fix-Inform feature finds and fixes common network problems automatically, then informs administrator
• Supports multiple configuration files to be stored to a flash image
• RMON, XRMON, and sFlow provide advanced monitoring and reporting capabilities for statistics, history, alarms, and events
• Troubleshooting ingress and egress port monitoring enable more efficient network problem solving
• Unidirectional link detection (UDLD) monitors the link between two switches and blocks the ports on both ends of the link if the link goes down at any point between the two devices
• IP SLA for Voice monitors quality of voice traffic using the UDP Jitter and UDP Jitter for VoIP tests

Layer 2 switching

• VLAN support and tagging support IEEE 802.1Q (4,094 VLAN IDs) and 2K VLANs simultaneously
• Jumbo packet support improves the performance of large data transfers; supports frame size of up to 9,220 bytes
• IEEE 802.1v protocol VLANs isolate select non-IPv4 protocols automatically into their own VLANs
• Rapid Per-VLAN Spanning Tree (RPVST+) allows each VLAN to build a separate spanning tree to improve link bandwidth usage; is compatible with PVST+
• GVRP and MVRP allows automatic learning and dynamic assignment of VLANs
• VxLAN encapsulation (tunneling) protocol for overlay network that enables a more scalable virtual network deployment

Layer 3 services

• DHCP server centralizes and reduces the cost of IPv4 address management

Layer 3 routing

• Static IP routing provides manually configured routing; includes ECMP capability
• 256 static and 10,000 RIP routes facilitate segregation of user data, without adding external hardware
• Routing Information Protocol (RIP) provides RIPv1, RIPv2, and RIPng routing
• Access OSPF
– Provides OSPFv2 and OSPFv3 protocols for routing between access and the next layer on the LAN. Only one OSPF area and up to 8 interfaces are supported.
• Policy-based routing uses a classifier to select traffic that can be forwarded based on policy set by the network administrator (limited to 16 next hop routes)

Security

• Control Plane Policing sets rate limit on control protocols to protect CPU overload from DOS attacks
• Multiple user authentication methods
– Uses an IEEE 802.1X supplicant on the client in conjunction with a RADIUS server to authenticate in accordance with industry standards
– Supports web-based authentication
– Supports MAC-based client authentication
• Authentication flexibility
– Multiple IEEE 802.1X users per port provides authentication of multiple devices on a single port; prevents a user from “piggybacking” on another user’s IEEE 802.1X authentication
– Concurrent IEEE 802.1X, Web, and MAC authentication schemes per port switch port will accept up to 32 sessions of IEEE 802.1X, Web, and MAC authentications
• TPM-based Security
– Includes a Trusted Platform Module (TPM) for secure hardware-based generation and storage of cryptographic keys that can be used for a variety of authentication purposes
• Access control lists (ACLs) provide IP Layer 3 filtering based on source/destination IP address/subnet and source/ destination TCP/UDP port number
• Source-port filtering allows only specified ports to
communicate with each other
• RADIUS/TACACS+ eases switch management security administration by using a password authentication server
• Secure shell encrypts all transmitted data for secure remote CLI access over IP networks
• Secure Sockets Layer (SSL) encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch
• Port security allows access only to specified MAC addresses, which can be learned or specified by the administrator
• Radius over TLS (RadSec) allows users to use a more secure and reliable mode of communications between switch and radius servers over unsecure networks
• MAC address lockout prevents particular configured MAC addresses from connecting to the network
• Secure FTP allows secure file transfer to and from the switch; protects against unwanted file downloads or unauthorized copying of a switch configuration file
• Switch management logon security helps secure switch CLI logon by optionally requiring either RADIUS or TACACS+ authentication
• Custom banner displays security policy when users log in to the switch
• STP BPDU port protection blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks
• DHCP protection blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
• Dynamic ARP protection blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data
• STP root guard protects the root bridge from malicious attacks or configuration mistakes
• Identity-driven ACL enables implementation of a highly granular and flexible access security policy and VLAN assignment specific to each authenticated network user
• Per-port broadcast throttling configures broadcast control selectively on heavy traffic port uplinks
• Private VLAN provides network security by restricting peer- to-peer communication to prevent a variety of malicious attacks; typically a switch port can only communicate with other ports in the same community and/or an uplink port, regardless of VLAN ID or destination MAC address
• Open Authentication Role simplifies first-time deployment of AAA in brownfield deployments by allowing full network access for failed clients and provides instant connectivity as soon as a client is plugged-in
• Critical Authentication Role ensures that important infrastructure devices such as IP phones are allowed network access even in the absence of a RADIUS server
• MAC Pinning allows non-chatty legacy devices to stay authenticated by pinning client MAC addresses to the port until the clients logoff or get disconnected
• Enrollment over Secure Transport (EST) enhances the switch PKI infrastructure with a simpler, scalable and more secure method of certificate provisioning, re-enrollment and renewal

Monitor and diagnostics

• Digital optical monitoring of SFP+ and 1000BASE-T transceivers allows detailed monitoring of the transceiver settings and parameters

FEATURES

Aruba 2530 Switch Series - Features

The Aruba 2930F Switch Series is designed for customers creating smart digital workplaces that are optimized for mobile users with an integrated wired and wireless approach. These convenient Layer 3 network switches include built-in uplinks and PoE power and are simple to deploy and manage with advanced security and network management tools like Aruba ClearPass Policy Manager, Aruba AirWave and cloud- based Aruba Central.

A powerful Aruba ProVision ASIC delivers performance , robust feature support and value with programmability for the latest applications. Stacking with Virtual Switching Framework (VSF) provides simplicity and scalability. The
2930F supports built-in 1GbE or 10GbE uplinks, PoE+, Access OSPF routing, Dynamic Segmentation, robust QoS, RIP routing, and IPv6 with no software licensing required.

The Aruba 2930F Switch Series provides a convenient and cost-effective access switch solution that can be quickly set up with Zero Touch Provisioning. The robust Layer 3 feature set includes a limited lifetime warranty.

ENHANCED CAPABILITIES

Unified Wired and Wireless Support

• Supports unified wired and wireless policies using Aruba ClearPass Policy Manager
• Switch auto-configuration automatically configures switch for different settings such as VLAN, CoS, PoE max. power, and PoE priority when an Aruba access point is detected
• User Role defines a set of switch-based policies in areas such as security, authentication, and QoS. A user role can be assigned to a group of users or devices, using switch-based local user role or download from ClearPass
• For improved network simplicity and security, Aruba Dynamic Segmentation automatically enforces user, device and application-aware policies on Aruba wired and wireless networks. Automated device profiling, role-based access control, and Layer 7 firewall features deliver enhanced visibility and performance for a better overall experience for both IT and end users alike
• Dynamic Segmentation provides a secure tunnel that transports network traffic on a per-port or per-user role basis to an Aruba Controller. In a per-user role Tunnel Node, users are authenticated by the ClearPass Policy Manager which directs traffic to be tunneled to an Aruba controller or switch locally
• Static IP visibility allows ClearPass to do accounting for clients with a static IP address

Software-defined networks

• Supports multiple programmatic interfaces, including REST APIs and Openflow 1.0 and 1.3, to enable automation of network operations, monitoring, and troubleshooting

Quality of Service (QoS)

• Traffic prioritization (IEEE 802.1p) for classification into eight priority levels mapped to eight queues
• Layer 4 prioritization based on TCP/UDP port numbers
• Class of Service (CoS) sets the IEEE 802.1p priority tag based on IP address, IP Type of Service (ToS), Layer 3 protocol, TCP/UDP port number, source port, and DiffServ
• Rate limiting sets per-port ingress enforced maximums and per-port, per-queue minimums
• Large buffers provide graceful congestion management
• Unknown Unicast Rate Limiting throttles unicast packets with unknown destination addresses and limits flooding on the VLAN

Connectivity

• Convenient built-in 10 Gbps Ethernet (4 x SFP+) uplinks
available on select models
• 12 port fanless model with built-in power supply includes 12 x 1 Gbps Ethernet PoE+ ports and four built-in uplinks (2 x SFP+ and 2 x 1GBASE-T)
• Auto-MDIX provides automatic adjustments for straight-through or crossover cables on all 10/100 and 10/100/1000 ports
• IEEE 802.3at Power over Ethernet (PoE+) provides up to 30 W per port that allows support of the latest PoE+-capable devices such as IP phones, wireless access points, and security cameras, as well as any IEEE 802.3af-compliant end device; eliminates the cost of additional electrical cabling and circuits that would otherwise be necessary in IP phone and WLAN deployments
• Support for pre-standard PoE detects and provides power to pre-standard PoE devices
• IPv6
– IPv6 host enables switches to be managed in an IPv6 network
– Dual stack (IPv4 and IPv6) transitions from IPv4 to IPv6, supporting connectivity for both protocols
– MLD snooping forwards IPv6 multicast traffic to the appropriate interface
– IPv6 ACL/QoS supports ACL and QoS for IPv6 network traffic
– IPv6 routing supports static and RIPng protocols
– Security provides RA guard, DHCPv6 protection, dynamic IPv6 lockdown, and ND snooping

Performance and efficiency

• Energy-efficient design
– 80 PLUS Silver Certified power supply increases power efficiency and savings
– Energy-efficient Ethernet (EEE) support reduces power consumption in accordance with IEEE 802.3az
• Designed with the latest Aruba Provision ASIC, providing very low latency, increased packet buffering, and adaptive power consumption
• Selectable queue configurations allows for increased performance by selecting the number of queues and associated memory buffering that best meet the requirements of the network applications
• Stacking Topology
– Virtual Switching Framework (VSF) front plane stacking creates one virtual resilient switch from up to eight* switches
– Ring topology—Supports up to eight member stack
– Virtualized switching provides simplified management as the switches act as a single chassis when stacked

Convergence

• IP multicast snooping and data-driven IGMP automatically
prevents flooding of IP multicast traffic
• LLDP-MED (Media Endpoint Discovery) defines a standard extension of LLDP that stores values for parameters such as QoS and VLAN to automatically configure network devices such as IP phones
• IEEE 802.1AB Link Layer Discovery Protocol (LLDP) facilitates easy mapping using network management applications with LLDP automated device discovery protocol
• PoE and PoE+ allocations support multiple methods (automatic, IEEE 802.3at dynamic, LLDP-MED fine grain, IEEE 802.3af device class, or user-specified) to allocate and manage PoE/PoE+ power for more efficient energy savings
• Local MAC Authentication assigns attributes such as VLAN and QoS using a locally configured profile that can be a list of MAC prefixes
• IP multicast routing includes PIM Sparse and Dense modes
to route IP multicast traffic (limited to 16 interfaces)
• Protocol Independent Multicast for IPv6 supports one-to- many and many-to-many media casting use cases such as IPTV over IPv6 networks

Resiliency and high availability

• IEEE 802.1s Multiple Spanning Tree provides high link availability by allowing Multiple Spanning Trees; provides legacy support for IEEE 802.1d and IEEE 802.1w
• Virtual Router Redundancy Protocol (VRRP) allows groups of two routers to dynamically back each other up to create highly available routed environments for IPv4 and IPv6 networks (limited to 128 VRs)
• IEEE 802.3ad link aggregation control protocol (LACP) and port trunking support up to 60 static or dynamic trunks active across a stack, with each trunk having up to eight links (ports) per static trunk; and offer support for trunking across stack members
• SmartLink provides easy-to-configure link redundancy of active and standby links

Simplified configuration and management

• Aruba Central cloud-based management platform offers a simple, secure and cost-effective way to manage switches
• Zero Touch Provisioning (ZTP) simplifies installation of the switch infrastructure using Aruba Activate or a DHCP-based process with AirWave and Central Network Management
• Flexible management with same hardware – Supports both cloud-based Central and on-premises AirWave with the same hardware, ensuring management platform changes without ripping and replacing switching infrastructure
• Out-of-band Ethernet management port enables management on a separate physical management network, and keeps management traffic segmented from network data traffic
• Built-in programmable and easy-to-use REST API interface provides configuration automation for campus networks
• SNMPv1, v2, and v3 provide complete support of SNMP; provide full support of industry-standard Management Information Base (MIB) plus private extensions; SNMPv3 supports increased security using encryption

Manageability

• Dual flash images provide independent primary and secondary operating system files for backup while upgrading
• Friendly port names allow assignment of descriptive names to ports
• Find-Fix-Inform feature finds and fixes common network problems automatically, then informs administrator
• Supports multiple configuration files to be stored to a flash image
• RMON, XRMON, and sFlow provide advanced monitoring and reporting capabilities for statistics, history, alarms, and events
• Troubleshooting ingress and egress port monitoring enable more efficient network problem solving
• Unidirectional link detection (UDLD) monitors the link between two switches and blocks the ports on both ends of the link if the link goes down at any point between the two devices
• IP SLA for Voice monitors quality of voice traffic using the UDP Jitter and UDP Jitter for VoIP tests

Layer 2 switching

• VLAN support and tagging support IEEE 802.1Q (4,094 VLAN IDs) and 2K VLANs simultaneously
• Jumbo packet support improves the performance of large data transfers; supports frame size of up to 9,220 bytes
• IEEE 802.1v protocol VLANs isolate select non-IPv4 protocols automatically into their own VLANs
• Rapid Per-VLAN Spanning Tree (RPVST+) allows each VLAN to build a separate spanning tree to improve link bandwidth usage; is compatible with PVST+
• GVRP and MVRP allows automatic learning and dynamic assignment of VLANs
• VxLAN encapsulation (tunneling) protocol for overlay network that enables a more scalable virtual network deployment

Layer 3 services

• DHCP server centralizes and reduces the cost of IPv4 address management

Layer 3 routing

• Static IP routing provides manually configured routing; includes ECMP capability
• 256 static and 10,000 RIP routes facilitate segregation of user data, without adding external hardware
• Routing Information Protocol (RIP) provides RIPv1, RIPv2, and RIPng routing
• Access OSPF
– Provides OSPFv2 and OSPFv3 protocols for routing between access and the next layer on the LAN. Only one OSPF area and up to 8 interfaces are supported.
• Policy-based routing uses a classifier to select traffic that can be forwarded based on policy set by the network administrator (limited to 16 next hop routes)

Security

• Control Plane Policing sets rate limit on control protocols to protect CPU overload from DOS attacks
• Multiple user authentication methods
– Uses an IEEE 802.1X supplicant on the client in conjunction with a RADIUS server to authenticate in accordance with industry standards
– Supports web-based authentication
– Supports MAC-based client authentication
• Authentication flexibility
– Multiple IEEE 802.1X users per port provides authentication of multiple devices on a single port; prevents a user from “piggybacking” on another user’s IEEE 802.1X authentication
– Concurrent IEEE 802.1X, Web, and MAC authentication schemes per port switch port will accept up to 32 sessions of IEEE 802.1X, Web, and MAC authentications
• TPM-based Security
– Includes a Trusted Platform Module (TPM) for secure hardware-based generation and storage of cryptographic keys that can be used for a variety of authentication purposes
• Access control lists (ACLs) provide IP Layer 3 filtering based on source/destination IP address/subnet and source/ destination TCP/UDP port number
• Source-port filtering allows only specified ports to
communicate with each other
• RADIUS/TACACS+ eases switch management security administration by using a password authentication server
• Secure shell encrypts all transmitted data for secure remote CLI access over IP networks
• Secure Sockets Layer (SSL) encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch
• Port security allows access only to specified MAC addresses, which can be learned or specified by the administrator
• Radius over TLS (RadSec) allows users to use a more secure and reliable mode of communications between switch and radius servers over unsecure networks
• MAC address lockout prevents particular configured MAC addresses from connecting to the network
• Secure FTP allows secure file transfer to and from the switch; protects against unwanted file downloads or unauthorized copying of a switch configuration file
• Switch management logon security helps secure switch CLI logon by optionally requiring either RADIUS or TACACS+ authentication
• Custom banner displays security policy when users log in to the switch
• STP BPDU port protection blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs, preventing forged BPDU attacks
• DHCP protection blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
• Dynamic ARP protection blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft of network data
• STP root guard protects the root bridge from malicious attacks or configuration mistakes
• Identity-driven ACL enables implementation of a highly granular and flexible access security policy and VLAN assignment specific to each authenticated network user
• Per-port broadcast throttling configures broadcast control selectively on heavy traffic port uplinks
• Private VLAN provides network security by restricting peer- to-peer communication to prevent a variety of malicious attacks; typically a switch port can only communicate with other ports in the same community and/or an uplink port, regardless of VLAN ID or destination MAC address
• Open Authentication Role simplifies first-time deployment of AAA in brownfield deployments by allowing full network access for failed clients and provides instant connectivity as soon as a client is plugged-in
• Critical Authentication Role ensures that important infrastructure devices such as IP phones are allowed network access even in the absence of a RADIUS server
• MAC Pinning allows non-chatty legacy devices to stay authenticated by pinning client MAC addresses to the port until the clients logoff or get disconnected
• Enrollment over Secure Transport (EST) enhances the switch PKI infrastructure with a simpler, scalable and more secure method of certificate provisioning, re-enrollment and renewal

Monitor and diagnostics

• Digital optical monitoring of SFP+ and 1000BASE-T transceivers allows detailed monitoring of the transceiver settings and parameters