Better Together: True Integration for Wired and Wireless

By Mark Verbloot, Systems Engineering Director, Asia Pacific, Japan
Share Post

Peanut butter and jelly. Milk and cookies. Wired and wireless. Mix them together, and you have something even better. When it comes to wireless and wired networks, deep integration delivers a better user experience, strengthens security and simplifies operations. Advanced integration makes it easier to deal with the deluge of mobile and connected devices and the growing use of real-time collaboration tools like Microsoft Skype for Business.

A History of Integration

At Aruba, we know the inherent value of unified networks. Shortly after we started shipping products, we had a product called Aruba Wired Mux. To oversimplify, it was an access point without radios that could connect wired devices and tunnel their traffic (just like access points do for wireless traffic) back to a central controller. It allowed IT managers to enforce the same kinds of role-based security policies for both wired and wireless networks. One of the main use cases was access policy enforcement for desktops whereby the port used by a desktop in a public space could be protected without using 802.1x. It was innovative for the time.

Fast forward to 2011 when Aruba introduced our first wired switch, the S3500. Given our mobility heritage, the Mobility Access Switch was designed from the ground up to integrate wired and wireless worlds and ensure holistic security across domains. S3500 switches supported context-sensitive, role-based network access for wired networks. They implemented per-port tunneled node, which allowed individual ports to be tunneled back to the controller and their traffic enforced via its stateful firewall. This was a function a switch had never before supported. Again, it was leading edge.


Figure 1: The S3500 Mobility Access Switch integrated wireless and wired networks with capabilities like role-based access and per-port tunneled node.


Digging Deeper to Meet Today's Demands

In a world of mobile, IoT and cloud, wired and wireless integration is more important than ever. A unified network makes it easier to deliver the mobile first experience that your users expect. It simplifies the network, making it easier to increase reliability and scalability while simplifying operations. And that lowers operational expenses.

When Aruba became part of the HPE family, we gained access to HP's ProVision switching product family with a great heritage built on the ProVision ASIC and Open Flow support for SDN. This was an ideal platform to integrate all of the unique Aruba wired security features, but still go further. We wanted to simplify the deployment and management of a combined Aruba wired and wireless solution. Here is what we have done so far.

We started with release 16.01 of the Aruba switch (which was when we changed its name from HP ProVision to Aruba). We first needed to add basic management with AirWave and integration with ClearPass. AirWave was given the ability to discover and monitor switches, while many basic wired authentication functions such as CoA disconnect, Mac Auth, and Dynamic VLANs were not supported with ClearPass prior to this release. We also added Zero Touch Provisioning (ZTP) with AirWave using DHCP.

In addition, we started to add some of the original MAS wired/wireless integration features such as automatically configuring the VLANs on a port were an Aruba Instant AP was connected, automatically increase the PoE priority on the port where the AP is plugged into, and detecting / mitigation rogue APs when they are plugged into a switch port.

With this release, there was no support by Central for the newly branded Aruba switches.

Next came release 16.02. This added full management support via AirWave, including firmware upgrades as well as more integration with ClearPass. ZTP supported Aruba Activate in addition to AirWave via DHCP. Release 16.02 saw the first two switches (2920 and 2930F) supported in Central, which allowed customers to deploy a cloud-managed wired and wireless solution.  The wired/wireless integration continued with Trust QoS and per-port tunneled node.

Now with the current release, 16.03, we have AirWave support for the new 2540, and Central support for the 2540, 3810M and 5400R.

We have a strong roadmap for continued innovation and integration of our wired and wireless solutions. Release 16.04 is just around the corner, and it will add per-user tunneled node, which allows any individual wired device (not all the traffic on a switch port) to be tunneled back to a mobility controller. Per user tunneled node is not only unique to Aruba but more relevant than ever in the IoT world. It allows an enterprise to apply access control policies for headless IoT wired devices far beyond just separation by VLAN. 16.04 also will add downloadable user roles from ClearPass and Central support for the 2530 and 2930M.

Look out for more integration and wired/wireless innovation in the future, especially with the new 8400 switch.

With Aruba, you can build a flexible, unified network infrastructure that delivers on the demands of a mobile first enterprise.