Vous êtes sur la page 1sur 8

ArubaOS 5.

0 Feature Matrix by Forwarding Mode


Campus AP Centralized Tunnel Mode Distributed Mode Decrypt Tunnel Bridge Mode Bridge Mode Centralized Tunnel Mode Remote AP Distributed Mode Decrypt Tunnel Distributed Split Tunnel Bridge Mode SSID

Architecure
IPSec tunnel for control plane still exists. If the bridge SSID is .1x then there is a per VAP GRE tunnel for IPSEC/GRE Tunnel to EAPOL frames. An Controller - WiFi traffic additional base in GRE tunnel tunnel per AP is also created if there is a bridge mode VAP. This tunnel is used by system processes. AP AP AP Not supported Controller AP Contoller Not applicable IPSec tunnel for control plane still exists. If the bridge SSID is .1x then GRE Tunnel to there is a per VAP Controller - ENET GRE tunnel for Traffic in GRE EAPOL frames. An Tunnel and Local additional base Traffic forwarding on tunnel per AP is also AP created if there is a bridge mode VAP. This tunnel is used by system processes. AP AP AP Supported AP AP AP Supported

AP to controller tunnel termination

GRE Tunnel to GRE tunnel to Controller - ENET Controller - WiFi Traffic in GRE traffic in GRE Tunnel Tunnel

GRE Tunnel to Controller - ENET Traffic in GRE Tunnel

Encryption and Decryption (per VAP) 802.11 management frame processing Firewall Remote network survivability if WAN is down ARM Bandsteering Client fairness Co-channel interference mitigation Spectrum load balancing Channel reuse Airtime performance protection Coordinated access to single channel Coverage hole detection Self healing Voice aware scanning Load aware scanning Video aware scanning

Controller AP Controller Not applicable

AP AP Controller NA

AP AP Controller NA

Supported Managed by AP Supported Supported Supported Supported Supported No Support Supported Supported Supported Supported

Supported Managed by AP Supported Supported Supported Supported Supported No Support Supported Supported Supported Supported

Supported Managed by AP Supported Supported Supported Supported Supported No Support Supported Supported Supported Supported

Supported Managed by AP Supported Supported Supported Supported Supported No Support Supported Supported Supported Supported

Supported Managed by AP Supported Supported Supported Supported Supported No Support Supported Supported Supported Supported

Supported Managed by AP Supported Supported Supported Supported Supported No Support Supported Supported Supported Supported

Supported Managed by AP Supported Supported Supported Supported Supported No Support Supported Supported Supported Supported

802.11 standards
a,b/g,n Supported Supported Supported Supported Supported Supported Supported

Page 1 of 8

ArubaOS 5.0 Feature Matrix by Forwarding Mode


Campus AP Centralized Tunnel Mode d - MAC bridging e - WMM QoS h - DFS, TPC j - 4.9 - 5Ghz Japan k - RRM based Roaming Supported Supported Supported Supported Supported Distributed Mode Decrypt Tunnel Supported Supported Supported Supported Supported Bridge Mode Bridge Mode Supported Supported Supported Supported Supported Centralized Tunnel Mode Supported Supported Supported Supported Supported Remote AP Distributed Mode Decrypt Tunnel Supported Supported Supported Supported Supported Distributed Split Tunnel Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Bridge Mode SSID

Security - AAA
802.1X authenticator Authtentiaction server EAP offload Authentication - 802.1X Authentication - 802.1X (PEAP Offload) Authentication - 802.1X (EAP-TLS Offload) Authentication - 802.1X (PEAP-GTC Offload) Authentication - 802.1X Stateful Snooping Authentication - WPA-PSK Authentication - WPA2-PSK Authentication - Captive Portal Authentication - MAC Address Authentication - L2TP/IPSEC (VPN) Authentication - XAUTH/IPSEC (VPN) Authentication - PPTP (VPN) Authentication - NTLM Snooping Authenticaiton - SIP Snooping WPA2 Opportunistic Key Caching Authentication via SecurID Token Voice-aware 802.1X rekey timers Encryption - WEP (64, 128) Encryption - TKIP Encryption - CCMP/AES Controller Internal/External Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Deprecated Supported Supported Supported Controller Internal/External Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Deprecated Supported Supported Supported Controller/AP (PSK on AP, 802.1x on Controller) Internal/External Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Deprecated Supported Supported Supported Controller Internal/External Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Deprecated Supported Supported Supported Controller Internal/External Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Deprecated Supported Supported Supported Controller/AP (PSK on AP, 802.1x on Controller Internal/External Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Deprecated Supported Supported Supported Controller/AP (PSK on AP, 802.1x on Controller Internal/External Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Deprecated Supported Supported Supported

Page 2 of 8

ArubaOS 5.0 Feature Matrix by Forwarding Mode


Campus AP Centralized Tunnel Mode API - External Authentication (XML) API - External Authorization (RFC 3576) API - Syslog Processor RADIUS Authentication RADIUS Accounting RADIUS Dynamic Authorization (RFC 3576) AAA Server - Internal Database AAA Server - RADIUS AAA Server - LDAP AAA Server - LDAP/SSL AAA Server - TACACS+ AAA Server Selection (FQDN Matching) AAA Server Selection (String Matching) Authentication Fail-Through Captive Portal Customization Captive Portal Per-SSID Customization VPN - IKE PSK VPN - Certificate-based IKE VPN - IPSEC ESP/3DES VPN - IPSEC ESP/AES-CBC-256 VPN - Client Dialer Application VPN - IKE Dead Peer Detection ACL - MAC Address ACL - Ethertype ACL - Standard ACL - Extended ACL - Role-based MAC/Ethertype ACLs Firewall - Stateful Session ACLs Firewall - User roles Firewall - DSCP QoS Support Firewall - IPv6 Support Firewall - Blacklist on ACL hit Firewall - NAT (Rule Based) Firewall - SIP/SCCP/RTP/RTSP Voice Support Firewall - Alcatel NOE Support Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Distributed Mode Decrypt Tunnel Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Bridge Mode Bridge Mode Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Not supported Not supported Centralized Tunnel Mode Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Remote AP Distributed Mode Decrypt Tunnel Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Distributed Split Tunnel Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Suppoted Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Not supported Not supported Bridge Mode SSID

Page 3 of 8

ArubaOS 5.0 Feature Matrix by Forwarding Mode


Campus AP Centralized Tunnel Mode Distributed Mode Decrypt Tunnel Bridge Mode Bridge Mode Centralized Tunnel Mode Remote AP Distributed Mode Decrypt Tunnel Distributed Split Tunnel Bridge Mode SSID

VLAN Mgmt
VLAN Pooling Client VLAN assignment VLAN Derivation Role derivation Named VLAN Managed by controller station manager process Controller Controller Supported Supported Managed by controller station manager process Controller Controller Supported Supported Not supported AP Not supported Supported Not supported Managed by controller station manager process Controller Controller Supported Supported Managed by controller station manager process Controller Controller Supported Supported Not supported Controller Not supported Supported Not supported Not supported AP Not supported Supported Not supported

Mobility
802.11e action frames 802.11k action frames Layer 2 Layer 3 IGMP Proxy Mobile IP Controller Controller Supported SUpported Controller based Controller AP AP Supported Supported Controller Controller AP AP Supported Not supported Not supported Not supported Controller Controller Supported Supported Controller Controller AP AP Supported Supported Controller Controller AP AP Not supported Not supported Not supported Not supported AP AP Supported Not supported Not supported Not supported

Security IDS/IPS
Station Blacklisting & TKIP countermeasure mgmt Association flood attack detection Rogue AP detection Rogue AP classification Rogue AP containment (wireless de-auth) Rogue AP containment (wired) Rogue classification confidence Wireless router detection Ad-hoc network detection Detection of misconfigured client Detection of misconfigured AP Attack signature detection Denial of service attack detection WDS bridging detection Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Not supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Not supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Not supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Not supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Not supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported

Page 4 of 8

ArubaOS 5.0 Feature Matrix by Forwarding Mode


Campus AP Centralized Tunnel Mode AP impersonation detection Reserved SSID detection Man-in-the-Middle attack detection Event correlation with WirelessVE.org Valid station protection RFprotect sensor management Dedciated air monitors Hybrid AP/Airmonitor Supported Supported Supported Supported Supported Not supported Supported Supported Distributed Mode Decrypt Tunnel Supported Supported Supported Supported Supported Not supported Supported Supported Bridge Mode Bridge Mode Supported Supported Supported Supported Supported Not supported Supported Supported Centralized Tunnel Mode Supported Supported Supported Supported Supported Not supported Supported Supported Remote AP Distributed Mode Decrypt Tunnel Supported Supported Supported Supported Supported Not supported Supported Supported Distributed Split Tunnel Supported Supported Supported Supported Supported Not supported Supported Supported Supported Supported Supported Supported Supported Not supported Supported Supported Bridge Mode SSID

Voice & Video


Bandwidth based CAC QoS - 802.1p QoS - IP DSCP/TOS QoS - Priority Mapping QoS: WMM/802.11e QoS: WMM queue content enforcement QoS: U-APSD QoS: T-SPEC/T-CLAS QoS: Configurable EDCA parameters QoS: Multicast rate optimization Dynamic Multicast Optimzation Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Not Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Not Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Not Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Not Supported Not Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Not Supported

Redudnancy and Resiliency


VRRP Redundancy - VRRP Interface Tracking LMS Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported

Platform
Captive portal L2 - Intra-VLAN forwarding L2 - 802.1D Spanning Tree + RSTP L2 - Port Channel (static mapping) + LACP L2 - 802.1q VLAN Trunks L2 - Rate Limiting for bcast/mcast L2 - GRE Tunnels Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Not supported NA NA NA NA Not supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Not supported NA NA NA NA Not supported Supported

Page 5 of 8

ArubaOS 5.0 Feature Matrix by Forwarding Mode


Campus AP Centralized Tunnel Mode L3 - Inter-VLAN forwarding L3 - VLAN addressing through DHCP L3 - VLAN addressing through PPPoE L3 - IGMPv1 Snooping L3 - NAT (VLAN based) L3 - NAT (rule based) L3 - NAT (NAT pools) L3 - GRE Tunnels L3 - DHCP Helper L3 - Proxy ARP (global) L3 - Proxy ARP (per-SSID) Access Concentrator/MUX Support MUX Server Redundancy Span/Monitor Port (port-based) Span/Monitor Port (IP mirroring) Span/Monitor Port (L2 mirroring) DHCP Server DNS Lookup Master-local centralized config Master-local encryption Policy-based Routing Policy-based Traffic Redirection Bandwidth Contracts Bandwidth Contracts - Asymmetric Digital Certificate Management Power save: Wireless battery boost Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Distributed Mode Decrypt Tunnel Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Bridge Mode Bridge Mode NA NA NA NA NA NA Not Supported NA Supported Supported Supported NA NA NA NA NA Supported Supported Supported Supported Supported Supported NA NA Supported Not supported Not supported Not supported Not supported Not supported Not supported Not supported Not supported Not supported Not supported Not supported Centralized Tunnel Mode Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Remote AP Distributed Mode Decrypt Tunnel Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Distributed Split Tunnel Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported NA NA NA NA NA NA Not Supported NA Supported Supported Supported NA NA NA NA NA Supported Supported Supported Supported Supported Supported NA NA Supported Not supported Not supported Not supported Not supported Not supported Not supported Not supported Not supported Not supported Not supported Not supported Bridge Mode SSID

Power save: Drop wireless multicast traffic Supported Power save: Proxy ARP (global) Power save: Proxy ARP (per-SSID) Automatic Voice Flow Classification SIP ALG SVP ALG H.323 ALG Vocera ALG SCCP ALG NOE ALG Supported Supported Supported Supported Supported Supported Supported Supported Supported

Page 6 of 8

ArubaOS 5.0 Feature Matrix by Forwarding Mode


Campus AP Centralized Tunnel Mode Controller-to-AP traffic QoS outer GRE tagging AP-to-Controller traffic QoS outer tagging Mobility: Voice-aware HA Reassignment SIP: SIP authentication tracking SIP: CAC enforcement enhancements SIP: Phone number awareness SIP: R-Value computation SIP: Delay measurement Management: Voice-specific views Management: Voice client statistics Management: Voice client troubleshooting AP Maintenance Mode Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Distributed Mode Decrypt Tunnel Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Bridge Mode Bridge Mode NA NA Supported Not supported Not supported Not supported Not supported Not supported Not supported Not supported Not supported Supported Centralized Tunnel Mode Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Remote AP Distributed Mode Decrypt Tunnel Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Distributed Split Tunnel Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported NA NA Supported Not supported Not supported Not supported Not supported Not supported Not supported Not supported Not supported Supported Bridge Mode SSID

Mesh
Mesh: LAN-to-LAN bridging Mesh: Mesh-connected thin AP Mesh: AP-120 and 10x family Mesh: SecureJack on Mesh Point Remote Mesh Dynamic Multicast Optimization Voice over Mesh Video over Mesh Supported Supported Supported Supported Not Applicable Not Supported Supported Supported Supported Supported Supported Supported Not Applicable Not supported Supported Supported Supported Not Applicable Not Applicable Not Applicable Not Applicable Not supported Not supported Not supported Not Applicable Supported Supported Supported Supported Not Supported Supported Supported Not Applicable Supported Supported Supported Supported Not supported Supported Supported Not Applicable Supported Supported Supported Supported Not supported Not supported Not supported Not Applicable Not Applicable Not Applicable Not Applicable Not Applicable Not supported Not supported Not supported

Location Tracking
Wireless location tracking Wireless location tracking - PanGo Wireless location tracking - AeroScout Wireless location tracking - Ekahau Wireless location tracking - AWMS Supported Not Applicable Supported Supported Supported Supported Not Applicable Supported Supported Supported Supported Not Applicable Supported Supported Supported Supported Not Applicable Supported Supported Supported Supported Not Applicable Supported Supported Supported Supported Not Applicable Supported Supported Supported Supported Not Applicable Supported Supported Supported

Management
Centralized configuration of APs Master-local controller management Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported

Page 7 of 8

ArubaOS 5.0 Feature Matrix by Forwarding Mode


Campus AP Centralized Tunnel Mode Web-based configuration interface (HTTP) Supported Distributed Mode Decrypt Tunnel Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Bridge Mode Bridge Mode Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Not supported Supported Supported Supported Centralized Tunnel Mode Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Remote AP Distributed Mode Decrypt Tunnel Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Distributed Split Tunnel Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Not supported Supported Supported Supported Bridge Mode SSID

Web-based configuration interface (HTTPS) Supported Command line interface (serial port) Command line interface (telnet) Command line interface (SSHv2) Guided configuration wizards Admin authentication: RADIUS Admin authentication: LDAP Admin authentication: TACACS+ Admin authentication: Local database Admin authentication: Token cards Admin authentication: X.509 certificates Multiple admin user roles Syslog SNMP (v1, v2c, v3) SNMP Traps File copy: TFTP File copy: FTP File copy: SCP Network Time Protocol (NTP) Guest user administrator Guest user password generation Guest account information printing Voice protocol monitoring/reporting AWMS Monitoring via SNMP AWMS Configuration of startup-config AWMS offload of WMS database Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported

Page 8 of 8