The Aruba ESP Campus design provides wired and wireless connectivity, policy for local users, and services that extend across the network. The wired LAN interconnects the wireless APs, WAN, data center, and Internet DMZ, making it a critical part of the network. Campus networks require a high-availability design to support mission-critical applications and real-time multimedia communications that drive organizational operations.
The Aruba ESP Campus provides the following benefits:
- Specific functions of individual layers make the network easier to operate and maintain.
- Modular building blocks quickly scale as the network grows.
- Location-independent network access improves employee and guest productivity.
- Hard-to-wire locations receive network connectivity without costly construction.
- ESP Campus facilitates plug-and-play wireless deployment with wired LAN switches preconfigured to recognize APs.
- Centralized control of wireless environment is easy to manage and operate.
- Reliable wireless connectivity, including complete RF spectrum management, is available with key Aruba management features.
- Configuration, management, and operations are simplified with using cloud-based controls.
- Simple, repeatable designs are easier to deploy, manage, and maintain.
This guide outlines recommended deployment options and provides general guidance for which options to use.
This deployment guide covers the Campus in the Edge Services Platform (ESP) architecture. It contains an explanation of the requirements that shaped the design and the benefits they can provide to an organization. The guide describes a single system that integrates access points, gateways, access switches, aggregation switches, core switches, cloud-based orchestration, and network management.
For design guidance, refer to volume one of this VSG:
The overall goal is to create a readily scalable design that is easy to replicate at different sites. The components are limited to a specific set of products to help with operations and maintenance. The design has a target of sub-second failover when a network device or link between two network devices becomes unavailable. The protocols are tuned for a highly available network in all functional areas.
This guide can be used to deploy new networks. It is not intended as an exhaustive discussion of all options, but rather to present the best recommended designs, features, software, and hardware.
This guide is written for IT professionals who need to deploy Aruba solutions for small, medium, and large campus networks. These IT professionals can serve in a variety of roles:
- Systems Engineers who need a standard set of procedures for implementing Aruba solutions.
- Project Managers who create statements of work for Aruba implementations.
- Aruba Partners who sell technology or create implementation documentation.
With so many wireless devices on a network, performance and availability are key. Wireless clients with different capabilities support different performance levels. If the wireless network does not self-optimize, slower clients can degrade performance for faster clients.
The Wi-Fi 5 and Wi-Fi 6 standards support speeds greater than 1 Gbps. To accommodate the increased data rates, the APs implement the IEEE 802.3bz Ethernet standard of 2.5 and 5 Gbps. An organization can achieve the higher data rates on existing building twisted-pair cabling when connecting to Aruba switches with Smart Rate ports that also support the 802.3bz Ethernet standard. To support the explosion of IoT devices and latest wireless technologies, IEEE 802.3bt Power over Ethernet (PoE) provides simplicity and cost savings by eliminating the need for dedicated power. The access layer acts as a collection point for high-performance wired and wireless devices and must have enough capacity to support the power and bandwidth needs of today as well as scale for the future as the number of devices grows.
Security is a critical part of the campus network. Users must be authenticated and granted access to the services they need to do their jobs. IoT devices must be identified using MAC authentication and profiling to prevent rogue devices from using the network. In addition to corporate-managed assets, users connect personal devices, guests need access to the Internet, and contractors need access to the Internet and the organization’s internal network. This type of broad access must be accomplished while maintaining the security and integrity of the network. Connecting so many devices and user types increases the administrative burden, and the network should allow automation of device onboarding in a secure manner.
Before wireless became the primary network access method, typical network designs provided two or more wired ports per user. It was common to run two network drops to each user’s desk and have additional ports for conference rooms, network printers, and other shared areas, adding up to just over two ports per user. In networks where 80% or more of the users are connecting over wireless, and wired IoT devices continue to rise, the number of wired ports in the network is closer to one per user.