Announcing ArubaOS for the Mobility Access Switches!

By Madani Adjali, Blog Contributor

Hi Airheads!

I hope a lot of you will be able to join us this week at Airheads 2013 in Las Vegas. The agenda is packed with a lot of great content including a session on the role-based access security architecture of the Mobility Access Switches. There will be two identical sessions, one on Wednesday at 1:15 and another on Thursday at 11:15 so we hope to see you there! Also, for those of you who can attend, we'll have a little treat for you. Don't tell anyone else but it could be a new member of the Mobility Access Switch family.

I also wanted to take this opportunity to let you know that we released AOS last week. It includes a number of bug fixes but also several new features!

Radius Fail-Open Capability

Prior to, when the Mobility Access Switch could not communicate with an external Radius server, new users would be stuck in the "initial-role". In some applications, the "initial-role" provided no network access for security reasons and therefore even minimal local connectivity would not be provided when the external Radius was down. With, you now have a new "unreachable-role" which you can roll users into when the Mobility Access Switch cannot communicate with an external radius server. This new role can have all the same attributes as a regular user-role in terms of VLAN IDs, ACLs, etc so you can allow users to communicate during this failure situation but block traffic unless authenticated by Radius when it is accessible.


Auto Configuration Enhancements
Prior to, auto-configuration only worked when a DHCP server provided the Mobility Access Switch with the TFTP server address and configuration filename to download which meant administrators had to create per switch DHCP reservations. With, the DHCP server can just send the Mobility Access Switch the TFTP server address and the Mobility Access Switch will request a filename based upon it's own serial number (e.g. AU0001024.cfg). No more DHCP reservations!

ArubaStack Enhancements
Prior to, ArubaStack links could only be supported by SFP/SFP+ interfaces. With, you can now use the 10/100/1000 Base-T ports or the SFP ports (24F Only). We've also added some additional resiliency to our distributed wiring closet design. Take a look at the new ways to ArubaStack!

ArubaStack with 10/100/1000 Base Ports

Screen Shot 2013-03-11 at 7.18.04 PM.png


ArubaStack with S3500-24F Base Ports

Screen Shot 2013-03-11 at 7.18.18 PM.png

ArubaStack across Multiple Wiring Closets

Screen Shot 2013-03-11 at 7.18.34 PM.png

ArubaStack across Two Wiring Closets with Two Layer Redundancy

Screen Shot 2013-03-11 at 7.18.48 PM.png

These enhancement now give you even more ArubaStack topologies to chose from!

Cisco Pre-Standard PoE (aka Legacy PoE)
A new command called "cisco-compatibility" has been added to "poe-management-profile slot <#>" enabling pre-standard PoE support. This is especially useful if you have non-G 7940/7960 phones you would like to use with the Mobility Access Switch. Don't forget we also have CDP Fingerprinting so the Mobility Access Switch can direct voice traffic to an appropriate voice-vlan.

Additional details on configuring these new features as well as the bugs we fixed can be found in the release notes posted on the support page.

A big thanks to our Mobility Access Switch Engineering, Quality Assurance and Technical Documentation teams for getting this release out!