Aruba MMC-6000 Multi-Service Mobility Controller

Aruba MMC-6000 Multi-Service Mobility Controller

Photo of Aruba 6000 Mobility Controller

The Aruba MMC-6000 Multi-Service Mobility Controller is a fully-featured modular controller able to aggregate up to 2,048 campus-connected access points (APs).

The MMC-6000 controller provides a truly user-centric network experience, delivering follow-me connectivity, identitybased access, and application continuity services.

Designed to support large deployments in a scaleable manner and can be easily implemented as an overlay without any disruption to the existing wired network. Advanced voice-over-WLAN features such as Call Admission Control (CAC), voice-aware RF management and strict over-the-air QoS allow the MMC-6000 controller to deliver mobile VoIP capabilities. The MMC-6000 is managed via ArubaOS or the Aruba Mobility Management System.

The MMC-6000 controller can also be deployed as a user-centric security gateway to authenticate wired and wireless users, enforce role-based access control policies and quarantine unsafe endpoints from accessing the corporate network. Guest users can be easily and safely supported with the built-in captive portal server and advanced network services. The Aruba MMC-6000 can create a secure networking environment without requiring additional VPN/firewall devices using integrated site-to-site VPN and NAT capabilities, split-tunneling and an ICSA certified stateful firewall. Site-to-site VPN support can be integrated with all leading VPN concentrators to provide seamless integration into existing corporate VPNs.

Specifications

Print
Controller Performance and Capacity
Campus connected APs Up to 2048
Remote APs Up to 8192
Users Up to 32,768
MAC addresses Up to 256,000
VLAN IP interfaces 512
Fast Ethernet ports (10/100) Up to 72
Gigabit Ethernet ports (GBIC or SFP) Up to 40
10 Gigabit Ethernet ports (XFP) Up to 8
Active firewall sessions Up to 2,097,200
Concurrent IPSEC tunnels Up to 32,768
Firewall throughput Up to 80 Gbps
Encrypted throughput (3DES) Up to 32 Gbps
Encrypted throughput (AES-CCM) Up to 16 Gbps
Wireless LAN Security and Control Features
802.11i security (WFA certified WPA2 and WPA)
802.1X user and machine authentication
EAP-PEAP, EAP-TLS, EAP-TTLS support
Centralized AES-CCM, TKIP and WEP encryption
802.11i PMK caching for fast roaming applications
EAP offload for AAA server scalability and survivability
Stateful 802.1X authentication for standalone APs
MAC address, SSID and location based authentication
Multi-SSID support for operation of multiple WLANs
SSID-based RADIUS server selection
Secure AP control and management over IPSEC or GRE
CAPWAP compatible and upgradeable
Distributed WLAN mode for remote AP deployments
Simultaneous centralized and distributed WLAN support
Identity-based Security Features
Wired and wireless user authentication
Captive portal, 802.1X and MAC address authentication
Username, IP address, MAC address and encryption key binding for strong network identity creation
Per-packet identity verifi cation to prevent impersonation
Endpoint posture assessment, quarantine and remediation
Microsoft NAP, Cisco NAC, Symantec SSE support
RADIUS and LDAP based AAA server support
Internal user database for AAA server failover protection
Role-based authorization for eliminating excess privilege
Robust policy enforcement with stateful packet inspection
Per-user session accounting for usage auditing
Web-based guest enrollment with Aruba GuestConnect™
Confi gurable acceptable use policies for guest access
XML-based API for external captive portal integration
xSec option for wired LAN authentication and encryption (802.1X authentication, 256-bit AES-CBC encryption)
Convergence Features
Voice and data on a single SSID for converged devices
Flow-based QoS using Voice Flow Classifi cation™
SIP, Spectralink SVP, Cisco SCCP and Vocera ALGs
Strict priority queuing for over-the-air QoS
802.11e support - WMM, U-APSD and T-SPEC
QoS policing for preventing network abuse via 802.11e
Diffserv marking and 802.1p support for network QoS
On-hook and off-hook VoIP client detection
VoIP call admission control (CAC) using VFC
Call reservation thresholds for mobile VoIP calls
Voice-aware RF management for ensuring voice quality
Fast roaming support for ensuring mobile voice quality
SIP early media and ringing tone generation (RFC 3960)
Per-user and per-role rate limits (bandwidth contracts)
Adaptive Radio Management™ (ARM) Features
Automatic channel and power settings for controlled APs
Simultaneous air monitoring and end user services
Self-healing coverage based on dynamic RF conditions
Dense deployment options for capacity optimization
AP load balancing based on number of users
AP load balancing based on bandwidth utilization
Coverage hole and RF interference detection
802.11h support for radar detection and avoidance
Automated location detection for Active RFID tags
Built-in XML based Location API for RFID applications
Wireless Intrusion Protection Features
Integration with WLAN infrastructure
Simultaneous or dedicated air monitoring capabilities
Rogue AP detection and built-in location visualization
Automatic rogue, interfering and valid AP classification
Over-the-air and over-the-wire rogue AP containment
Adhoc WLAN network detection and containment
Windows client bridging and wireless bridge detection
Denial of service attack protection for APs and stations
Misconfigured standalone AP detection and containment
3rd party AP performance monitoring and troubleshooting
Flexible attack signature creation for new WLAN attacks
EAP handshake and sequence number analysis
Valid AP impersonation detection
Frame floods, Fake AP and Airjack attack detection
ASLEAP, death broadcast, null probe response detection
Netstumbler-based network probe detection
Stateful Firewall Features
Stateful packet inspection tied to user identity or ports
Location and time-of-day aware policy definition
802.11 station awareness for WLAN firewalling
Over-the-air policy enforcement and station blacklisting
Session mirroring and per-packet logs for forensic analysis
Detailed firewall traffic logs for usage auditing
ICSA corporate firewall 4.1 compliance
Application Layer Gateway (ALG) support for SIP, SCCP, RTSP, Vocera, FTP, TFTP, PPTP
Source and destination Network Address Translation (NAT)
Dedicated flow processing hardware for high performance
TCP, ICMP denial of service attack detection and protection
Policy-based forwarding into GRE tunnels for guest traffic
External service interface for 3rd party security integration for inline anti-virus, anti-spam and content filtering apps
Heath checking and load balancing for external services
VPN Server Features
Site-to-site VPN support for branch office deployments
Site-to-site interoperability with 3rd party VPN servers
VPN server emulation for easy integration into WLAN
L2TP/IPSEC VPN termination for Windows VPN clients
Mobile edge client shim for roaming with RSA Tokens
XAUTH/IPSEC VPN termination for 3rd Party clients
PPTP VPN termination for legacy VPN integration
RADIUS and LDAP server support for VPN authentication
PAP, CHAP, MS-CHAP and MS-CHAPv2 authentication
Hardware encryption for DES, 3DES, AES, MPPE
Secure point-to-point xSec tunnels for L2 VPNs
Networking Features and Advanced Services
L2 and L3 switching over-the-air and over-the-wire
VLAN pooling for easy, scalable network designs
VLAN mobility for seamless L2 roaming
Proxy mobile IP and proxy DHCP for L3 roaming
Built-in DHCP server and DHCP relay
VRRP based N+1 controller redundancy (L2)
AP provisioning based N+1 controller redundancy (L3)
Wired access concentrator mode for centralized security
Etherchannel support for link redundancy
802.1d Spanning Tree Protocol
802.1Q VLAN tags
Controller-based Management Features
RF Planning and AP Deployment Toolkit
Centralized AP provisioning and image management
Live coverage visualization with RF heat maps
Detailed statistics visualization for monitoring
Remote packet capture for RF troubleshooting
Interoperable with Ethereal, Airopeek and AirMagnet analyzers
Multi-controller confi guration management
Location visualization and device tracking
System-wide event collection and reporting
Controller Administration Features
Web-based user interface access over HTTP and HTTPS
Quickstart screens for easy controller configuration
CLI access using SSH, Telnet and console port
Role-based access control for restricted admin access
Authenticated access via RADIUS, LDAP or Internal DB
SNMPv3 and SNMPv2 support for controller monitoring
Standard MIBs and private enterprise MIBs
Detailed message logs with syslog event notification
Controller Power Supply Options
Power Consumption Max. 466 Watts per PSU
HW-PSU-200 AC power supplies 200W of power
AC Input Voltage 90-132VAC, 170-264VAC
AC Input Frequency 47-63 Hz
AC input current 5A @ 110VAC
HW-PSU-400 AC power supplies 400W of power
AC Input Voltage 85-264 VAC, Auto-sensing
AC Input Frequency 47-63 Hz
AC input current 5A @ 110VAC
Operating Specifications and Dimensions
Operating temperature range 0° to 40° C
Storage temperature range 10° to 70° C
Humidity, non-condensing 5 to 95%
Height 5.75” (146 mm)
Width 17.4” (444 mm)
Depth 12.5” (317.5 mm)
Weight 30 lbs. (unboxed)
Warranty
Hardware 1 year parts/labor
Software 90 days
Regulatory and Safety Compliance
FCC part 15 Class A CE
Industry Canada Class A
VCCI Class A (Japan)
EN 55022 Class A (CISPR 22 Class A), EN 61000-3
EN 61000-4-2, EN 61000-4-3, EN 61000-4-4
EN 61000-4-5, EN 61000-4- 6, EN 61000-4-8
EN 61000-4-11, EN 55024, AS/NZS 3548
UL 60950, EN60950
CAN/CSA 22.2 #60950
CE mark, cTUVus, GS, CB, C-tick, Anatel, NOM, MIC, IQC

Mobility Controllers