Spec Sheet

ManualsBrandsAruba ManualsData Networking DeviceS3500 Data Networking

S3500 Mobility Access Switch Aruba Data Sheet

The Aruba Networks™ S3500 Mobility Access Switch is a new

class of product that brings user role-based access to wired

networks. The S3500 is an integral part of the Aruba Mobile Virtual

Enterprise (MOVE) architecture, which delivers secure virtualized

access services to users, independent of their location, access

method, device or application.

Designed for network access deployments in building wiring

closets, the S3500 is available in four models with 24 or 48

10/100/1000BASE-T ports and an optional uplink module.

Power-over-Ethernet (PoE) models are available supporting up to

30 watts per port based on the IEEE 802.3af (PoE) and 802.3at

(PoE+) standards.

The S3500 provides connectivity to wired Ethernet devices

such as virtual desktops, IP phones, videophones, classroom

peripherals, medical devices, point-of-sale devices and security

cameras as well as any 802.11n wireless access point (AP).

FLEXIBLE WIRED ACCESS DEPLOYMENTS

What makes the S3500 unique is its ability to easily provision

role-based access for wired users. Any port may be conﬁgured

to tunnel trafﬁc to an Aruba Mobility Controller, which manages

network access and policy enforcement via an ICSA certiﬁed

ﬁrewall. When tunneling trafﬁc to a Mobility Controller, the S3500

operates as a wired AP, identical to Aruba 802.11n wireless APs.

As a wired AP, users and devices are authenticated and assigned

a role by the Mobility Controller. A single role is deﬁned based on

user, device and application and is enforced by Layer 2 through 7

policies in the Mobility Controller whether the user is connected to

the network via a wireless 802.11n AP or a port on the S3500.

As a result, security policies are consistently applied to users and

devices whether they use a wired port in one building, move to

another wired location or access the network through an Aruba

wireless LAN (WLAN) AP. The result is control and visibility of all

users and devices in the access network as well as a reduction in

time spent conﬁguring user additions and changes.

The S3500 also supports Layer 2 and Layer 3* protocols, and

ports can be conﬁgured for local forwarding. Access control lists

(ACLs) enable policy enforcement of bridged and routed trafﬁc on

the S3500.

Local forwarding as well as tunneled trafﬁc may be conﬁgured on

a port-by-port or per-user* basis. Depending on requirements,

some trafﬁc may be sent to the controller for role-based policy

enforcement, while other trafﬁc is bridged and enforced locally on

the S3500.

The S3500 may also be conﬁgured as a controller* to manage

wireless AP tunnel termination, user authentication and policy

enforcement. Conﬁgurations may be pushed to S3500 local

controllers by an Aruba master controller in a data center.

Optionally, the S3500 may act as the master controller for small

ofﬁce deployments.

In addition to network access security, the S3500 supports data

encryption via IEEE 802.1AE Media Access Control Security

(MACsec).* MACsec provides connectionless data conﬁdentiality

between MACsec-enabled devices, such as between the S3500

and Aruba AP-130 series 802.11n wireless APs.

ARUBASTACK™ EXTENDS BEYOND THE

WIRING CLOSET

With ArubaStack, the S3500 opens up new opportunities for

network access designs. ArubaStack allows up to eight S3500s

to be interconnected and managed as one logical device with

a single IP address and single conﬁguration ﬁle. Each S3500

supports an optional four-port 10 Gigabit Ethernet uplink module

to enable stacking.

ARUBA S3500 MOBILITY

ACCESS SWITCH

Brings User Role-based Access to Wired Networks

POWER

STATUS

STACK

ENTER

25 27 29 31 33 35 37 39 41 43 45 47

0 1 2 3

S3500-48T

24 26 28 30 32 34 36 38 40 42 44 46

1 3 5 7 9 11 13 15 17 19 21 23

2 4 6 8 10 12 14 16 18 20 22

Mobilty Controller

LAN Core

S3500

Option 2:

Local forwarding

Option 1:

Tunnel for user,

role-based access

Tunnel from wired port

Layer 2-7

Policy Enforcement

(Stateful Firewall)

Layer 2-4

Policy Enforcement

(ACL)

Figure 1: Flexible Wired Access

*Roadmap item

Summary of content (4 pages)

PAGE 1
S3500 Mobility Access Switch Aruba Data Sheet Aruba S3500 Mobility access Switch Brings User Role-based Access to Wired Networks wireless LAN (WLAN) AP. The result is control and visibility of all users and devices in the access network as well as a reduction in time spent configuring user additions and changes. The S3500 also supports Layer 2 and Layer 3* protocols, and ports can be configured for local forwarding.
PAGE 2
S3500 Mobility Access Switch Aruba Data Sheet In a typical configuration, two ports on the uplink module are used for the ArubaStack, creating a stack with 40 Gbps bandwidth. The remaining two ports of each module can be used for connection to the LAN core. The S3500 uplink module supports a variety of 1 Gbps or 10 Gbps optics and the uplink module can be used to connect S3500s across wiring closets and buildings separated by several kilometers.
PAGE 3
S3500 Mobility Access Switch Aruba Data Sheet Dimensions Quality of Serivce (QoS) • (H) 4.4 cm x (W) 44.5 cm x (D) 44.5 cm (1.75” x 17.5” x 17.5”) • Weight: –– S3500-24T: 15.4 lbs (7.0 kg) –– S3500-24P: 16.8 lbs (7.6 kg) –– S3500-48T: 15.9 lbs (7.2 kg) –– S3500-48P: 17.5 lbs (8.0 kg) • ACL-based QoS classification applicable to users, VLANs and ports • 802.1P: Class-of-service (CoS) prioritization • Trust 802.
PAGE 4
S3500 Mobility Access Switch Aruba Data Sheet Ordering Information Part Number Description S3500-24T S3500-24P S3500-24P-US S3500-24P-IL S3500-48PF S3500-48PF-US S3500-48PF-IL S3500-48T S3500-48P S3500-48P-US S3500-48P-IL S3500-4x10G PSU-350-AC PSU-600-AC PSU-1050-AC SPR-FAN-14 S3500-24T, 24 10/100/1000BASE-T, one 350-watt AC power supply S3500-24P, 24 10/100/1000BASE-T PoE, one 600-watt AC power supply, controller capable; unrestricted regulatory.