Aruba ESP Campus Reference Architectures
This section describes the components and features of an Aruba ESP campus, with reference designs for small, medium, and large campus networks. Each design includes a sample bill-of-materials.
Select the reference design that most closely aligns with specific production requirements as a starting point for building the required campus solution.
Table of contents
HPE GreenLake for Aruba
HPE GreenLake for Aruba Networking offers an experience leveraging the breadth of HPE Aruba solutions with a flexible way to consume network infrastructure via monthly subscription versus an up-front capital expenditure.
HPE GreenLake for Aruba networking solutions are enabled using modular “Service Packs”. Each Service Pack consists of the required Aruba hardware (“Systems”), software, and service components for the specific use case. Service Packs are delivered as a monthly subscription invoiced in advance and can include options for customers to flex their subscription to Service Pack quantities up or down as their needs change.
Where available, a service pack is listed for each product in the reference architecture tables.
Campus Components
The following products and features provide the foundation for the campus architecture. Use the tables below for guidance on designing a properly sized campus network.
Switches
6100 | 6200 | 6300 | 6400v2 | 8325 | 8360 | 8400 | |
---|---|---|---|---|---|---|---|
Reccommended Function | Access | Access | Access | Access / Core | Aggregation / Core | Aggregation / Core | Aggregation / Core |
VSF Support | No | Yes | Yes | No | No | No | No |
VSX Support | No | No | No | Yes | Yes | Yes | Yes |
Redundant power option | No | No | Yes | Yes | Yes | Yes | Yes |
Layer 3 routes | 576 (static only) | 1024 | 64K | 64K | 131K | 600K | 1M |
MAC addresses | 8,192 | 16K | 32K | 32K | 98K | 212K | 786K |
Access Points
510 | 530 | 550 | 630 | 650 | |
---|---|---|---|---|---|
Wi-Fi 6 Support | Yes | Yes | Yes | Yes | Yes |
Radio configuration | 2 radio 2x2:2 (2.4GHz), 4x4:4 (5GHz) | 2 radio 4x4:4 | 2 or 3 radio 4x4:4 (2.4GHz), single 8x8:8 or dual 4x4:4 (5GHz) | 3 radio 2x2:2 | 3 radio 4x4:4 |
AP peak data rate | 2.7Gb/s | 3Gb/s | 5.4Gb/s | 3.9 Gb/s | 7.8Gb/s |
Max clients per radio (recommended) | 100 | 150 | 150 | 100 | 150 |
Ethernet ports | 1x2.5GE, 1xGE | 2x5GE | 2x5GE | 2x2.5GE | 2x5GE |
Max active PoE consumption | 20.8W | 26.4W | 38.2W | 23.8W | 32W |
UXI Sensors
Sensor Model | UX-G5 | UX-G5C | UX-G6 | UX-G6C |
---|---|---|---|---|
Arm CPU | 1.3GHz | 1.3GHz | 2.0GHz | 2.0GHz |
Wi-Fi 2G/5G Radio | .11ac | .11ac | .11ax | .11ax |
BLE | Yes | Yes | Yes | Yes |
Cellular as back-haul | - | Yes | - | Yes |
eMMC | 4GB | 4GB | 8GB | 8GB |
RAM | 1GB | 1GB | 2GB | 2GB |
TPM2.0 | 1 | 1 | 1 | 1 |
1GBE PHY | 1 | 1 | 1 | 1 |
PoE 802.3af | 1 | 1 | 1 | 1 |
Power Backup | - | 30s | - | >30s |
Power Consumption (limit) | 12W | 12W | 12W | 12W |
Ambient T & V sensing | 0 | 0 | 1 | 1 |
Cables and Transceivers
Refer to the following document to ensure proper selection of supported cables and transceivers when planning for physical connectivity within the campus:
ArubaOS-Switch and ArubaOS-CX Transceiver Guide
Campus Features
Additional design consideration should be given to enabling the following features within the campus network.
Switching
Small campus | Medium campus | Large campus | |
---|---|---|---|
IP Routing | Optional | Yes | Yes |
Multicast routing | Optional | Optional | Yes |
NTP | Yes | Yes | Yes |
sFlow | Optional | Yes | Yes |
Spanning tree | Yes | Yes | Yes, consider layer 3 access |
QoS | Yes, if voice traffic | Yes | Yes |
Wireless
Small campus | Medium campus | Large campus | |
---|---|---|---|
DMO | Optional | Optional | Yes |
NTP | Yes | Yes | Yes |
QoS | Yes, if voice over Wi-Fi | Yes | Yes |
RADIUS | Yes | Yes | Yes |
Services
Services | Description | Notes |
---|---|---|
Aruba ClearPass | Virtual appliance | Recommended (on-premises) |
Aruba Central | Cloud services | Recommended |
Small Campus
The small campus typically supports up to 5000 users with 2-3 devices per user. The network can be a single building, several floors in a larger building, or a group of small buildings located near one another.
The illustration below depicts a small campus consisting of three IDFs in a single location connected to a VSX collapsed core.
Example Design
The example small campus design includes one combined server room/MDF, and three intermediate IDFs that connect to the MDF using multimode fiber. This small campus reference design supports 750 employees and requires 75 APs to provide 2.4 GHz and 5 GHz coverage.
Building characteristics:
- 3 floors, 75,000 square feet total size
- 10 wiring closets (IDFs)
- 750 employees with up to 2500 concurrent IPv4 clients
- 75 APs
- 1 combined server room/MDF
Example Bill-of-Materials
The example small campus bill-of-materials includes redundancy and bandwidth suitable for a highly reliable LAN and WLAN for a US based, small campus.
Quantity | Example SKU | Description | GreenLake for NaaS |
---|---|---|---|
20 | Aruba 6300M 48-port HPE Smart Rate 1/2.5/5GbE Class 6 PoE and 4-port SFP56 Switch (JL659A) | Operate the access switches as 2-device, VSF stacks providing 96 access ports per IDF with redundant 25 Gb/s uplinks. | HPE GreenLake for NaaS Wired Aggregation Service Pack (JN038AAS) |
2 | Aruba 8360-32Y4C v2 32p 25G SFP/+/28 4 Sec 4p 100G QSFP+/28 Front-to-Back 3 Fans 2 AC (JL700C) | Operate the collapsed core switches as a VSX pair with 25 Gb/s downlinks to the access stacks | HPE GreenLake for NaaS Wired Core Service Pack (JN037AAS) |
75 | Aruba AP-635 (US) Tri-radio 2x2:2 802.11ax Wi-Fi 6E Internal Antennas Campus AP (R7J28A) | A cost-effective, 3-radio AP providing market leading Wi-Fi 6 services and performance. | HPE GreenLake for NaaS Wireless Indoor Service Pack (JN039AAS) |
Aruba ClearPass | Authentication and policy services for the campus network. | HPE GreenLake for NaaS Network Policy Service Pack (S1F99AAS) | |
Aruba Central | Cloud management and AI-driven insights for the campus network. | Included with above service packs. |
Medium Campus
The medium campus architecture is targeted for organizations supporting 5,000–15,000 users with multiple devices per user. The network can be a group of buildings located near one another, one large building, or several large or high-density floors in a building. This architecture uses access aggregation switches to consolidate traffic onto higher bandwidth uplinks toward the core and to provide layer 3 services to the access layer.
The illustration below depicts a medium campus consisting of six IDFs connecting to two, VSX access aggregation points that are further connected to a VSX core with directly connected gateways.
Example Design
The example medium campus design includes a VSX redundant core with directly connected gateway cluster and WAN services. Each floor includes two IDFs that connect to the MDF. This medium campus reference design supports 5,000 employees and requires 500 APs to provide full 2.4 GHz and 5 GHz coverage.
Campus characteristics:
- 3 buildings of 5 floors each and 500,000 square feet total size
- 2 IDFs per floor
- 1 aggregation point per building
- 5,000 employees with up to 18,000 concurrent IPv4 clients
- 500 APs
- 2 gateways
- 1 MDF/computer room
Example Bill-of-Materials
The example medium campus bill-of-materials includes redundancy and bandwidth suitable for a highly reliable LAN and WLAN for a US-based, medium campus.
Quantity | Example SKU | Description | GreenLake for NaaS |
---|---|---|---|
90 | Aruba 6300M 48-port HPE Smart Rate 1/2.5/5GbE Class 6 PoE and 4-port SFP56 Switch (JL659A) | Operate the access switches as 3-device, VSF stacks providing 144 access ports per IDF with redundant 25 Gb/s uplinks. | HPE GreenLake for NaaS Wired Aggregation Service Pack (JN038AAS) |
6 | Aruba 6200F 48G Class4 PoE 4SFP+ 370W Switch (JL727A) | Use alternative switches for wired access service to low-density areas or a management LAN. | HPE GreenLake for NaaS Wired Access Service Pack (JN036AAS) |
66 | Aruba 25G SFP28 LC eSR 400m MMF XCVR (JL485A) | 25 Gb/s links to aggregation switches from access switches. | Configured with wired service pack. |
6 | Aruba 8360-32Y4C v2 32p 25G SFP/+/28 4 Sec 4p 100G QSFP+/28 Front-to-Back 3 Fans 2 AC (JL700C) | Operate the aggregation switches as a VSX pair with 25 Gb/s downlinks to the access stacks and 100Gb/s uplinks to the core. | HPE GreenLake for NaaS Wired Core Service Pack (JN037AAS) |
66 | Aruba 25G SFP28 LC eSR 400m MMF XCVR (JL485A) | 25 Gb/s links to access switches from aggregation switches. | Configured with wired service pack. |
12 | Aruba 100G QSFP28 LC CWDM4 2km SMF Transceiver (R0Z30A) | 100 Gb/s links to core switches from aggregation switches. | Configured with wired service pack. |
2 | Aruba 8360-12C v2 12-port 100G QSFP+/QSFP28 Front-to-Back 3 Fans 2 AC (JL708C) | 12-port, VSX capable core switches with 100 Gb/s ports. | HPE GreenLake for NaaS Wired Core Service Pack (JN037AAS) |
12 | Aruba 100G QSFP28 LC CWDM4 2km SMF Transceiver (R0Z30A) | 100 Gb/s links to building aggregation switches from core switches. | Configured with wired service pack. |
4 | Aruba 25G SFP28 LC SR 100m MMF Transceiver (JL484A) | 25 Gb/s links to WLAN gateway cluster from core switches. | Configured with wired service pack. |
2 | Aruba 9240 (US) Campus Gateway 4xSFP28 1 Expansion Slot (R7H95A) | Gateway cluster. | HPE GreenLake for NaaS SD-Branch Service Pack (JN043AAS) |
4 | Aruba 25G SFP28 LC SR 100m MMF Transceiver (JL484A) | 25 Gb/s links to core from gateway cluster. | Configured with wired service pack. |
500 | Aruba AP-655 (US) Tri-radio 4x4:4 802.11ax Wi-Fi 6E Internal Antennas Campus AP (R7J39A) | A high-performance, 3-radio AP providing best-in-class Wi-Fi 6E services and performance. | HPE GreenLake for NaaS Wireless Indoor Service Pack (JN039AAS) |
Aruba ClearPass | Authentication and policy services for the campus network. | HPE GreenLake for NaaS Network Policy Service Pack (S1F99AAS) | |
Aruba Central | Cloud management and AI-driven insights for the campus network. | Included with above service packs. |
Large Campus
The large campus architecture is targeted for organizations supporting more than 15,000 users with multiple devices per user. The network would typically be a group of large buildings located near one another. This architecture uses a standalone, layer 3 core and services aggregation points connecting to gateways and WAN services.
The illustration below depicts a large campus comprising six IDFs connecting to two access aggregation points that are further connected to a standalone, layer 3-only core with gateways connected to a services aggregation VSX pair.
Example Design
The example large campus design includes a standalone, layer 3 redundant core and services aggregation points for WLAN and WAN. Each floor includes two IDFs that connect to the MDF. This large campus reference design supports 15,000 employees and requires 1500 APs to provide full 2.4 GHz and 5 GHz coverage.
Building characteristics:
- 10 buildings of 3 floors each and 1.8 million square feet total size
- 2 IDFs per floor
- 1 aggregation point per building
- 15,000 employees with up to 50,000 concurrent IPv4 clients
- 1,500 APs
- 6 gateways (2 for optional MultiZone cluster)
- 1 MDF/on-prem data center
Optional
- 2 gateways in DMZ
Example Bill-of-Materials
The example large campus bill-of-materials includes redundancy and bandwidth suitable for a highly reliable LAN and WLAN for a US based, large campus.
Quantity | Example SKU | Description | GreenLake for NaaS |
---|---|---|---|
180 | Aruba 6300M 48-port HPE Smart Rate 1/2.5/5GbE Class 6 PoE and 4-port SFP56 Switch (JL659A) | Operate the access switches as 3-device, VSF stacks providing 144 access ports per IDF with redundant 25 Gb/s uplinks. | HPE GreenLake for NaaS Wired Aggregation Service Pack (JN038AAS) |
10 | Aruba 6200F 48G Class4 PoE 4SFP+ 370W Switch (JL727A) | Use alternative switches for wired access service to low-density areas or a management LAN. | HPE GreenLake for NaaS Wired Access Service Pack (JN036AAS) |
190 | Aruba 25G SFP28 LC eSR 400m MMF XCVR (JL485A) | 25 Gb/s links to aggregation switches from access switches. | Configured with wired service pack. |
10 | Aruba 8360-32Y4C v2 32p 25G SFP/+/28 4 Sec 4p 100G QSFP+/28 Front-to-Back 3 Fans 2 AC (JL700C) | Operate the aggregation switches as a VSX pair with 25 Gb/s downlinks to the access stacks and 100Gb/s uplinks to the core. | HPE GreenLake for NaaS Wired Core Service Pack (JN037AAS) |
190 | Aruba 25G SFP28 LC eSR 400m MMF XCVR (JL485A) | 25 Gb/s links to access switches from aggregation switches. | Configured with wired service pack. |
20 | Aruba 100G QSFP28 LC CWDM4 2km SMF Transceiver (R0Z30A) | 100 Gb/s links to core switches from aggregation switches. | Configured with wired service pack. |
2 | Aruba 8325-32C 32-port 100G QSFP+/QSFP28 Front-to-Back 6 Fans 2 AC (JL626A) | 32-port, VSX capable core switches with 100 Gb/s ports. | HPE GreenLake for NaaS Wired Aggregation Service Pack (JN038AAS) |
10 | Aruba 100G QSFP28 LC CWDM4 2km SMF Transceiver (R0Z30A) | 100 Gb/s links to building aggregation switches from core switches. | Configured with wired service pack. |
2 | Aruba 8360-16Y2C v2 16p 25G SFP/SFP+/SFP28 2p 100G QSFP+/28 Front-to-Back 3 Fans 2 AC (JL702C) | 16-port, VSX capable WLAN aggregation switches. | HPE GreenLake for NaaS Wired Core Service Pack (JN037AAS) |
4 | Aruba 100G QSFP28 LC CWDM4 2km SMF Transceiver (R0Z30A) | 100 Gb/s links to core switches from aggregation switches. | Configured with wired service pack. |
8 | Aruba 25G SFP28 LC SR 100m MMF Transceiver (JL484A) | 25 Gb/s links to WLAN gateway cluster from aggregation switches. | Configured with wired service pack. |
4 | Aruba 9240 (US) Campus Gateway 4xSFP28 1 Expansion Slot (R7H95A) | Gateway cluster. | HPE GreenLake for NaaS SD-Branch Service Pack (JN043AAS) |
8 | Aruba 25G SFP28 LC SR 100m MMF Transceiver (JL484A) | 25 Gb/s links to core from gateway cluster. | Configured with wired service pack. |
2* | Aruba 9240 (US) Campus Gateway 4xSFP28 1 Expansion Slot (R7H95A) | DMZ gateway cluster. | HPE GreenLake for NaaS SD-Branch Service Pack (JN043AAS) |
4* | Aruba 25G SFP28 LC SR 100m MMF Transceiver (JL484A) | 25 Gb/s links from DMZ gateway cluster. | Configured with wired service pack. |
1500 | Aruba AP-655 (US) Tri-radio 4x4:4 802.11ax Wi-Fi 6E Internal Antennas Campus AP (R7J39A) | A high-performance, 3-radio AP providing best-in-class Wi-Fi 6E services and performance. | HPE GreenLake for NaaS Wireless Indoor Service Pack (JN039AAS) |
Aruba ClearPass | Authentication and policy services for the campus network. | HPE GreenLake for NaaS Network Policy Service Pack (S1F99AAS) | |
Aruba Central | Cloud management and AI-driven insights for the campus network. | Included with above service packs. |
*Optional for MultiZone support
MultiZone
If an organization’s security policy mandates wireless guest traffic to be tunneled to the DMZ, ArubaOS 10’s MultiZone feature can be configured to send Wi-Fi client traffic from a campus AP or switch to other gateway clusters through IPsec and GRE tunnels. It is supported by the following:
- Campus APs using profiles configured for mixed or tunnel forwarding
- Microbranch APs with profiles configured for Centralized Layer 2 (CL2) forwarding
- CX switches configured for User-Based Tunneling (UBT).
For more information, visit the MultiZone section on the WLAN Features page.
NetConductor
The NetConductor section provides guidance on selecting the correct topology and platforms in a campus network when deploying a NetConductor overlay network.
Platform Support
The table below lists the switch models appropriate for each persona required in a NetConductor overlay design. Bold model numbers are the preferred options for each persona.
Fabric Persona | Place in the Network | Supported Platforms |
---|---|---|
Route Reflector (RR) | Campus Core | 6300 ,6400, 8100, 8325, 8360, 8400, 9300, 9300S, 10000 |
Edge | Campus Access | 6300, 6400, 8100 |
Extended Edge | Extending Campus Access | 6200, 6300, 6400 |
Border (Single Fabric) | WAN Aggregation | 6400, 8325, 8360, 8400, 9300, 9300S, 10000 |
Border Leader (Multi-Fabric) | Fabric Interconnection | 6400, 8325, 8360, 9300, 10000 |
Stub | Wireless Aggregation | 6300, 6400, 8360 , 8100 |
Stub | Access Aggregation Distribution | 8360 |
WLAN Gateway | WLAN Gateway | 7XXX, 9XXX |
Platform Collocation
For small and medium campuses, it is more cost effective to collocate multiple fabric personas on the same switch. The following options are supported in NetConductor. Bold model numbers are the preferred options for each persona collocation.
Collocated Fabric Personas | Place in the Network | Supported Platforms |
---|---|---|
Border + Route Reflector (RR) | Campus Core | 6400, 8325, 8360, 8400, 9300 |
Border + Route Reflector (RR) + WLAN-Stub | Campus Core | 6400, 8360 |
Border + WLAN-Stub | WAN-Aggregation | 6400, 8360 |
Routed Access Validated Scale
The below scale validation was conducted on a large campus topology with each persona located on dedicated devices. More scaling information can be found in the NetConductor Architecture Guide. To achieve the scale below all switches must be running AOS-CX 10.14 or higher.
Scale | |
---|---|
VRFs | 16 |
IPv4 routes | 2,000 |
IPv6 routes | 2,000 |
MAC | 23,000 |
IPv4 ARP | 20,000 |
IPv6 ND | 10,000 |
L2 VNIs/VLANs | 32 |
Overlay hosts (MAC / ARP / ND) | 30,000 |
EVPN VTEP peers (number of VXLAN tunnels) | 256 |
Licensing
All switches, gateways, and APs that participate in the NetConductor fabric require Central Advanced subscriptions. Advanced licenses are sold for CX switches but are not required when a Central Advanced subscription is assigned to the switch. Unique switch and gateway subscriptions are available to cover models with different capabilities and capacities. For example, a subscription for a CX6200 switch is not interchangeable with one for a CX8360, and, likewise, 9004 and 9240 gateways use different subscriptions. Subscriptions can be purchased in 1, 3, 5, 7 and 10 year increments.
SKUs and pricing for these subscriptions can be found in this ordering guide. SKUs with a suffix of “AAS” are flexible and allow delayed activation (up to 90 days), license co-termination, mid-cycle tier upgrade, and seamless license renewals. “AAE” suffix subscriptions are activated immediately.