Campus Reference Architectures
This section describes the components and features of the security first, AI-powered campus, with reference designs for small, medium, and large campus networks. Each design includes a sample bill-of-materials.
Select the reference design that most closely aligns with specific production requirements as a starting point for building the required campus solution.
Table of contents
HPE GreenLake for Aruba Networking
HPE GreenLake for Aruba Networking offers an experience leveraging the breadth of HPE Aruba Networking solutions with a flexible way to consume network infrastructure via monthly subscription versus an up-front capital expenditure.
HPE GreenLake for Aruba networking solutions are enabled using modular “Service Packs.” Each Service Pack consists of the required HPE Aruba Networking hardware (“Systems”), software, and service components for the specific use case. Service Packs are delivered as a monthly subscription invoiced in advance and can include options for customers to flex their subscription to Service Pack quantities up or down as their needs change.
Where available, a service pack is listed for each product in the reference architecture tables.
Campus Components
The following products and features provide the foundation for the campus architecture. Use the tables below for guidance on designing a properly sized campus network.
Switches
| 6100 | 6200 | 6300 | 6400v2 | 8325 | 8360 | 8400 | |
|---|---|---|---|---|---|---|---|
| Recommended Function | Access | Access | Access | Access / Core | Aggregation / Core | Aggregation / Core | Aggregation / Core |
| VSF Support | No | Yes | Yes | No | No | No | No |
| VSX Support | No | No | No | Yes | Yes | Yes | Yes |
| Redundant power option | No | No | Yes | Yes | Yes | Yes | Yes |
| Layer 3 routes | 576 (static only) | 1024 | 64K | 64K | 131K | 600K | 1M |
| MAC addresses | 8,192 | 32K | 32K | 32K | 98K | 212K | 786K |
Access Points
| 510 | 530 | 550 | 630 | 650 | |
|---|---|---|---|---|---|
| Wi-Fi 6 Support | Yes | Yes | Yes | Yes | Yes |
| Radio configuration | 2 radio 2x2:2 (2.4GHz), 4x4:4 (5GHz) | 2 radio 4x4:4 | 2 or 3 radio 4x4:4 (2.4GHz), single 8x8:8 or dual 4x4:4 (5GHz) | 3 radio 2x2:2 | 3 radio 4x4:4 |
| AP peak data rate | 2.7Gb/s | 3Gb/s | 5.4Gb/s | 3.9 Gb/s | 7.8Gb/s |
| Max clients per radio (recommended) | 100 | 150 | 150 | 100 | 150 |
| Ethernet ports | 1x2.5GE, 1xGE | 2x5GE | 2x5GE | 2x2.5GE | 2x5GE |
| Max active PoE consumption | 20.8W | 26.4W | 38.2W | 23.8W | 32W |
UXI Sensors
| Sensor Model | UX-G5 | UX-G5C | UX-G6 | UX-G6C |
|---|---|---|---|---|
| Arm CPU | 1.3GHz | 1.3GHz | 2.0GHz | 2.0GHz |
| Wi-Fi 2G/5G Radio | .11ac | .11ac | .11ax | .11ax |
| BLE | Yes | Yes | Yes | Yes |
| Cellular as back-haul | - | Yes | - | Yes |
| eMMC | 4GB | 4GB | 8GB | 8GB |
| RAM | 1GB | 1GB | 2GB | 2GB |
| TPM2.0 | 1 | 1 | 1 | 1 |
| 1GBE PHY | 1 | 1 | 1 | 1 |
| PoE 802.3af | 1 | 1 | 1 | 1 |
| Power Backup | - | 30s | - | >30s |
| Power Consumption (limit) | 12W | 12W | 12W | 12W |
| Ambient T & V sensing | 0 | 0 | 1 | 1 |
Cables and Transceivers
Refer to the following document to ensure proper selection of supported cables and transceivers when planning for physical connectivity within the campus:
AOS-Switch and AOS-CX Transceiver Guide
Campus Features
Additional design consideration should be given to enabling the following features within the campus network.
Switching
| Small campus | Medium campus | Large campus | |
|---|---|---|---|
| IP Routing | Optional | Yes | Yes |
| Multicast routing | Optional | Optional | Yes |
| NTP | Yes | Yes | Yes |
| sFlow | Optional | Yes | Yes |
| Spanning tree | Yes | Yes | Yes, consider layer 3 access |
| QoS | Yes, if voice traffic | Yes | Yes |
Wireless
| Small campus | Medium campus | Large campus | |
|---|---|---|---|
| DMO | Optional | Optional | Yes |
| NTP | Yes | Yes | Yes |
| QoS | Yes, if voice over Wi-Fi | Yes | Yes |
| RADIUS | Yes | Yes | Yes |
Services
| Services | Description | Notes |
|---|---|---|
| ClearPass | Virtual appliance | Recommended (on-premises) |
| Central | Cloud services | Recommended |
Small Campus
The small campus architecture is targeted for organizations supporting 500–1,500 endpoints, typically 200–750 users with 2–3 devices per user. This architecture is appropriate for environments that require a simple, cost-effective campus network without dedicated wireless gateway infrastructure. The network is typically a single building or several floors within a single building.
- Switching: A flattened Layer 2-only switching fabric consolidates all routing and policy enforcement at the SD-WAN gateway layer. Access switches are deployed as VSF stacks connecting to a VSF aggregation pair. VSX is also supported at the aggregation layer; the BOM below includes both options.
- Wireless: AOS-10 architecture with WLANs operating in bridge mode and access control enforced through user roles. Where HPE Aruba Networking AOS-10 gateways are deployed as the WAN edge, tunneled WLAN forwarding and UBT are fully supported.
- WAN: HPE Networking SD-WAN solutions provide WAN connectivity, SSE integration, and policy enforcement at the network edge.
- Security: HPE Aruba Networking ClearPass or Central NAC is used for network access control. Wireless policy is enforced at the AP through user roles, and may be further enforced at the WAN gateway. Wired policy is enforced at the WAN gateway.
The illustration below depicts a small campus topology.
Organizations that require the advanced security and policy features provided by HPE Aruba Networking AOS-10 gateways can extend the small campus design without moving to a medium campus architecture. AOS-10 gateways are connected to the collapsed core via MC-LAG, enabling tunneled WLAN forwarding and UBT for wired clients. Moving Layer 3 SVIs to the collapsed core/aggregation layer reduces the routing and policy load on the WAN gateway and allows the wireless network to scale beyond what is practical in a pure bridge mode deployment. Together these enhancements provide a unified policy enforcement point for both wired and wireless traffic, consistent with the model used in the medium and large campus architectures.
Moving Layer 3 SVIs to the collapsed core without deploying UBT removes the WAN gateway as the centralized policy enforcement point for wired east-west traffic. Organizations that require SVI migration without UBT should implement ACLs on the collapsed core to enforce inter-VLAN wired policy.
The illustration below depicts the enhanced small campus with AOS-10 gateways and a Layer 3 collapsed core.
Example Design
The example small campus design includes one combined server room/MDF and three IDFs connected to the MDF using multimode fiber. This reference design supports 750 employees and requires 75 APs to provide Wi-Fi coverage.
Building characteristics:
- 3 floors, 75,000 square feet total size
- 10 wiring closets (IDFs)
- 750 employees with up to 1500 concurrent IPv4 clients
- 75 APs
- 1 combined server room/MDF
Example Bill-of-Materials
The example small campus bill-of-materials includes redundancy and bandwidth suitable for a highly reliable LAN and WLAN for a US based, small campus.
| Quantity | Example SKU | Description | GreenLake for NaaS |
|---|---|---|---|
| 24 | 6300M 48-port HPE Smart Rate 1/2.5/5GbE Class 6 PoE and 4-port SFP56 Switch (JL659A) | Operate the access switches as VSF stacks providing access ports with redundant 25 Gb/s uplinks. | HPE GreenLake for NaaS Wired Aggregation Service Pack (JN038AAS) |
| 24 | 6300F 48G Class4 PoE 4SFP+ 370W Switch (JL727A) | Alternative: Use as an alternative access switch in IDFs where fixed uplinks are sufficient and modular uplink flexibility is not required. | HPE GreenLake for NaaS Wired Access Service Pack (JN036AAS) |
| 2 | 6300M 24-port HPE Smart Rate 1/2.5/5GbE Class 6 PoE and 4-port SFP56 Switch (JL658A) | Operate the aggregation switches as a VSF pair with 25 Gb/s uplinks to the gateway layer and downlinks to the access stacks. | HPE GreenLake for NaaS Wired Core Service Pack (JN037AAS) |
| 2 | 8360-32Y4C v2 32p 25G SFP/+/28 4 Sec 4p 100G QSFP+/28 Front-to-Back 3 Fans 2 AC (JL700C) | Alternative: Operate the aggregation switches as a VSX pair for environments requiring chassis-independent high-availability at the aggregation layer. | HPE GreenLake for NaaS Wired Core Service Pack (JN037AAS) |
| 75 | AP-635 (US) Tri-radio 2x2:2 802.11ax Wi-Fi 6E Internal Antennas Campus AP (R7J28A) | A cost-effective, 3-radio AP providing Wi-Fi 6E services and performance. | HPE GreenLake for NaaS Wireless Indoor Service Pack (JN039AAS) |
| ClearPass | Authentication and policy services for the campus network. | HPE GreenLake for NaaS Network Policy Service Pack (S1F99AAS) | |
| Central | Cloud management and AI-driven insights for the campus network. | Included with above service packs. |
Medium Campus
The medium campus architecture is targeted for organizations supporting 5,000–15,000 endpoints, typically 2,000–5,000 users with 2–3 devices per user. This architecture is appropriate when network growth has exceeded the capacity of a collapsed core design, when the physical wiring layout spans multiple buildings, or when the number of access aggregation points requires a dedicated core to connect them. The network can be a group of buildings located near one another, one large building, or several large or high-density floors in a building, managed entirely through Central.
- Switching: A three-tier design with a VSX core providing redundant attachment for AOS-10 mobility and SD-WAN gateways, connecting to VSX access aggregation pairs per building via high-speed routed links with ECMP. The aggregation layer provides Layer 3 services and default gateway functions for wired clients. Access switches are deployed as VSF stacks connecting to the aggregation layer via LAGs and remain Layer 2 only. UBT is supported as an optional feature to tunnel wired client traffic to the AOS-10 mobility gateway cluster for centralized policy enforcement.
- Wireless: AOS-10 architecture with HPE Aruba Networking AOS-10 gateways providing tunneled WLAN forwarding and centralized policy enforcement for wireless clients. When UBT is deployed, wired client traffic is also tunneled to the gateway cluster for a unified policy enforcement point across wired and wireless.
- WAN: HPE Networking SD-WAN solutions provide WAN connectivity, SSE integration, and policy enforcement at the network edge.
- Security: HPE Aruba Networking ClearPass or Central NAC is used for network access control. Wireless policy is enforced at the AOS-10 mobility gateway through user roles via tunneled WLANs. Wired policy is enforced at the AOS-10 mobility gateway for tunneled clients utilizing UBT, or at the WAN gateway for non-tunneled clients.
The illustration below depicts a medium campus topology. UBT and WLAN GRE tunnels originate from all devices; a subset are shown for clarity.
Example Design
The example medium campus design includes a VSX redundant collapsed core with directly connected gateway cluster and WAN services. Each floor includes two IDFs that connect to the MDF. This reference design supports 5,000 employees and requires 500 APs to provide full Wi-Fi coverage.
Campus characteristics:
- 3 buildings of 5 floors each and 500,000 square feet total size
- 2 IDFs per floor
- 1 aggregation point per building
- 5,000 employees with up to 15,000 concurrent IPv4 clients
- 500 APs
- 2 gateways
- 1 MDF/computer room
Example Bill-of-Materials
The example medium campus bill-of-materials includes redundancy and bandwidth suitable for a highly reliable LAN and WLAN for a US-based, medium campus.
| Quantity | Example SKU | Description | GreenLake for NaaS |
|---|---|---|---|
| 120 | 6300M 48-port HPE Smart Rate 1/2.5/5GbE Class 6 PoE and 4-port SFP56 Switch (JL659A) | Operate the access switches as VSF stacks providing access ports with redundant 25 Gb/s uplinks. | HPE GreenLake for NaaS Wired Aggregation Service Pack (JN038AAS) |
| 6 | 6200F 48G Class4 PoE 4SFP+ 370W Switch (JL727A) | Alternative: alternative switches for wired access service to low-density areas or a management LAN. | HPE GreenLake for NaaS Wired Access Service Pack (JN036AAS) |
| 66 | 25G SFP28 LC eSR 400m MMF XCVR (JL485A) | 25 Gb/s links to aggregation switches from access switches. | Configured with wired service pack. |
| 6 | 8360-32Y4C v2 32p 25G SFP/+/28 4 Sec 4p 100G QSFP+/28 Front-to-Back 3 Fans 2 AC (JL700C) | Operate the aggregation switches as a VSX pair with 25 Gb/s downlinks to the access stacks and 100Gb/s uplinks to the core. | HPE GreenLake for NaaS Wired Core Service Pack (JN037AAS) |
| 88 | 25G SFP28 LC eSR 400m MMF XCVR (JL485A) | 25 Gb/s links to access switches from aggregation switches. | Configured with wired service pack. |
| 12 | 100G QSFP28 LC CWDM4 2km SMF Transceiver (R0Z30A) | 100 Gb/s links to core switches from aggregation switches. | Configured with wired service pack. |
| 2 | 8360-12C v2 12-port 100G QSFP+/QSFP28 Front-to-Back 3 Fans 2 AC (JL708C) | 12-port, VSX capable core switches with 100 Gb/s ports. | HPE GreenLake for NaaS Wired Core Service Pack (JN037AAS) |
| 12 | 100G QSFP28 LC CWDM4 2km SMF Transceiver (R0Z30A) | 100 Gb/s links to building aggregation switches from core switches. | Configured with wired service pack. |
| 4 | 25G SFP28 LC SR 100m MMF Transceiver (JL484A) | 25 Gb/s links to WLAN gateway cluster from core switches. | Configured with wired service pack. |
| 2 | 9240 (US) Campus Gateway 4xSFP28 1 Expansion Slot (R7H95A) | Gateway cluster. | HPE GreenLake for NaaS SD-Branch Service Pack (JN043AAS) |
| 4 | 25G SFP28 LC SR 100m MMF Transceiver (JL484A) | 25 Gb/s links to core from gateway cluster. | Configured with wired service pack. |
| 500 | AP-655 (US) Tri-radio 4x4:4 802.11ax Wi-Fi 6E Internal Antennas Campus AP (R7J39A) | A high-performance, 3-radio AP providing best-in-class Wi-Fi 6E services and performance. | HPE GreenLake for NaaS Wireless Indoor Service Pack (JN039AAS) |
| ClearPass | Authentication and policy services for the campus network. | HPE GreenLake for NaaS Network Policy Service Pack (S1F99AAS) | |
| Central | Cloud management and AI-driven insights for the campus network. | Included with above service packs. |
Large Campus
The large campus architecture is targeted for organizations supporting more than 15,000 endpoints, typically 5,000 or more users with 2–3 devices per user. This architecture is appropriate when network scale, east-west traffic volume, or physical distribution across multiple large buildings requires a dedicated Layer 3 core separate from the aggregation layer, and a services aggregation block to provide a dedicated attachment point for gateway and WAN infrastructure. The network would typically span a group of large buildings located near one another, managed entirely through Central.
- Switching: A standalone Layer 3 core connects to two distinct aggregation tiers: an access aggregation layer that consolidates traffic from building IDFs onto higher bandwidth uplinks toward the core, and a services aggregation layer that provides a dedicated connection point for gateways and WAN services. Access switches are deployed as VSF stacks connecting to a VSX aggregation pair per building. UBT is supported as an optional feature to tunnel wired client traffic to the AOS-10 mobility gateway cluster for centralized policy enforcement.
- Wireless: AOS-10 architecture with HPE Aruba Networking AOS-10 gateways providing tunneled WLAN forwarding and a unified policy enforcement point for both wired and wireless traffic via UBT. MultiZone is supported as an optional feature for organizations requiring guest or IoT traffic to be tunneled to a separate gateway cluster.
- WAN: HPE Networking SD-WAN solutions provide WAN connectivity, SSE integration, and policy enforcement at the network edge.
- Security: HPE Aruba Networking ClearPass or Central NAC is used for network access control. Wireless policy is enforced at the AOS-10 mobility gateway through user roles via tunneled WLANs. Wired policy is enforced at the AOS-10 mobility gateway for tunneled clients utilizing UBT, or at the WAN gateway for non-tunneled clients.
The illustration below depicts a large campus topology. UBT and WLAN GRE tunnels originate from all devices; a subset are shown for clarity.
MultiZone
If an organization’s security policy mandates wireless guest traffic to be tunneled to the DMZ, AOS 10’s MultiZone feature can be configured to send Wi-Fi client traffic from a campus AP or switch to other gateway clusters through IPsec and GRE tunnels. It is supported by the following:
- Campus APs using profiles configured for mixed or tunnel forwarding
- Microbranch APs with profiles configured for Centralized Layer 2 (CL2) forwarding
- CX switches configured for User-Based Tunneling (UBT).
For more information, visit the MultiZone section on the WLAN Features page.
The below image depicts a large campus utilizing MultiZone via a dedicated pair of gateways in the DMZ to terminate certain WLANs, like guest.
Example Design
The example large campus design includes a standalone, layer 3 redundant core and services aggregation points for WLAN and WAN. Each floor includes two IDFs that connect to the MDF. This large campus reference design supports 15,000 employees and requires 1500 APs to provide full 2.4 GHz and 5 GHz coverage.
Building characteristics:
- 10 buildings of 3 floors each and 1.8 million square feet total size
- 2 IDFs per floor
- 1 aggregation point per building
- 15,000 employees with up to 50,000 concurrent IPv4 clients
- 1,500 APs
- 6 gateways (2 for optional MultiZone cluster)
- 1 MDF/on-prem data center
Optional
- 2 gateways in DMZ
Example Bill-of-Materials
The example large campus bill-of-materials includes redundancy and bandwidth suitable for a highly reliable LAN and WLAN for a US based, large campus.
| Quantity | Example SKU | Description | GreenLake for NaaS |
|---|---|---|---|
| 270 | 6300M 48-port HPE Smart Rate 1/2.5/5GbE Class 6 PoE and 4-port SFP56 Switch (JL659A) | Operate the access switches as VSF stacks providing access ports with redundant 25 Gb/s uplinks. | HPE GreenLake for NaaS Wired Aggregation Service Pack (JN038AAS) |
| 10 | 6200F 48G Class4 PoE 4SFP+ 370W Switch (JL727A) | Use alternative switches for wired access service to low-density areas or a management LAN. | HPE GreenLake for NaaS Wired Access Service Pack (JN036AAS) |
| 190 | 25G SFP28 LC eSR 400m MMF XCVR (JL485A) | 25 Gb/s links to aggregation switches from access switches. | Configured with wired service pack. |
| 10 | 8360-32Y4C v2 32p 25G SFP/+/28 4 Sec 4p 100G QSFP+/28 Front-to-Back 3 Fans 2 AC (JL700C) | Operate the aggregation switches as a VSX pair with 25 Gb/s downlinks to the access stacks and 100Gb/s uplinks to the core. | HPE GreenLake for NaaS Wired Core Service Pack (JN037AAS) |
| 285 | 25G SFP28 LC eSR 400m MMF XCVR (JL485A) | 25 Gb/s links to access switches from aggregation switches. | Configured with wired service pack. |
| 20 | 100G QSFP28 LC CWDM4 2km SMF Transceiver (R0Z30A) | 100 Gb/s links to core switches from aggregation switches. | Configured with wired service pack. |
| 2 | 8325-32C 32-port 100G QSFP+/QSFP28 Front-to-Back 6 Fans 2 AC (JL626A) | 32-port, VSX capable core switches with 100 Gb/s ports. | HPE GreenLake for NaaS Wired Aggregation Service Pack (JN038AAS) |
| 10 | 100G QSFP28 LC CWDM4 2km SMF Transceiver (R0Z30A) | 100 Gb/s links to building aggregation switches from core switches. | Configured with wired service pack. |
| 2 | 8360-16Y2C v2 16p 25G SFP/SFP+/SFP28 2p 100G QSFP+/28 Front-to-Back 3 Fans 2 AC (JL702C) | 16-port, VSX capable WLAN aggregation switches. | HPE GreenLake for NaaS Wired Core Service Pack (JN037AAS) |
| 4 | 100G QSFP28 LC CWDM4 2km SMF Transceiver (R0Z30A) | 100 Gb/s links to core switches from aggregation switches. | Configured with wired service pack. |
| 8 | 25G SFP28 LC SR 100m MMF Transceiver (JL484A) | 25 Gb/s links to WLAN gateway cluster from aggregation switches. | Configured with wired service pack. |
| 4 | 9240 (US) Campus Gateway 4xSFP28 1 Expansion Slot (R7H95A) | Gateway cluster. | HPE GreenLake for NaaS SD-Branch Service Pack (JN043AAS) |
| 8 | 25G SFP28 LC SR 100m MMF Transceiver (JL484A) | 25 Gb/s links to core from gateway cluster. | Configured with wired service pack. |
| 2* | 9240 (US) Campus Gateway 4xSFP28 1 Expansion Slot (R7H95A) | DMZ gateway cluster. | HPE GreenLake for NaaS SD-Branch Service Pack (JN043AAS) |
| 4* | 25G SFP28 LC SR 100m MMF Transceiver (JL484A) | 25 Gb/s links from DMZ gateway cluster. | Configured with wired service pack. |
| 1500 | AP-655 (US) Tri-radio 4x4:4 802.11ax Wi-Fi 6E Internal Antennas Campus AP (R7J39A) | A high-performance, 3-radio AP providing best-in-class Wi-Fi 6E services and performance. | HPE GreenLake for NaaS Wireless Indoor Service Pack (JN039AAS) |
| ClearPass | Authentication and policy services for the campus network. | HPE GreenLake for NaaS Network Policy Service Pack (S1F99AAS) | |
| Central | Cloud management and AI-driven insights for the campus network. | Included with above service packs. |
*Optional for MultiZone support
NetConductor
HPE Aruba Networking Central NetConductor is a network and security framework that delivers dynamic, consistent policy across CX switches, AOS-10 gateways, AOS-10 APs, and EdgeConnect SD-WAN gateways using intelligent overlays and role-based micro-segmentation, managed entirely through Central.
- Switching: A routed underlay connects all switches within the fabric using OSPF and ECMP across all links. The core acts as the BGP route reflector. Access aggregation switches operate as intermediate underlay devices. Wired access switches operate as edge nodes providing VXLAN tunnel ingress/egress and distributed policy enforcement closest to the client.
- Wireless: AOS-10 architecture with AOS-10 gateways deployed in clusters connecting to the fabric via MC-LAG at the service aggregation stub nodes. WLANs operate in tunnel mode with WLAN GRE tunnels from APs to the gateway cluster. Static VXLAN tunnels are configured between the gateway cluster and the stub nodes to carry wireless client traffic, role, and VNI information into the EVPN-VXLAN fabric.
- WAN: HPE Networking SD-WAN solutions provide WAN connectivity, SSE integration, and policy enforcement at the network edge. Border switches provide external connectivity between the fabric and SD-WAN, firewall, or WAN edge devices. When HPE Aruba Networking EdgeConnect SD-WAN or SD-Branch solutions are deployed, user role and VRF information from the EVPN-VXLAN fabric can be propagated across the SD-WAN fabric, enabling consistent policy enforcement and segmentation across geographically distributed sites.
- Security: HPE Aruba Networking ClearPass or Central NAC is used for network access control. Policy is enforced at the edge switch for wired clients using VXLAN Group Based Policy. Wireless policy is enforced at the AOS-10 mobility gateway through user roles via tunneled WLANs, with role and VNI information carried into the fabric via static VXLAN tunnels at the stub nodes.
The illustration below depicts a NetConductor distributed campus fabric topology. A subset of WLAN GRE tunnels are shown for clarity.
Platform Support
The table below lists the switch models appropriate for each persona required in a NetConductor overlay design. Bold model numbers are the preferred options for each persona.
| Fabric Persona | Place in the Network | Supported Platforms |
|---|---|---|
| Route Reflector (RR) | Campus Core | 6300, 6400, 8100, 8325, 8360, 8400, 9300, 9300S, 10000 |
| Edge | Campus Access | 6300, 6400, 8100 |
| Extended Edge | Extending Campus Access | 6200, 6300, 6400 |
| Border (Single Fabric) | WAN Aggregation | 6400, 8325, 8360, 8400, 9300, 9300S, 10000 |
| Border Leader (Multi-Fabric) | Fabric Interconnection | 6400, 8325, 8360, 9300, 10000 |
| Stub | Wireless Aggregation | 6300, 6400, 8360 |
| Stub | Access Aggregation Distribution | 8360 |
| WLAN Gateway | WLAN Gateway | 7XXX, 9XXX |
Platform Collocation
For small and medium campuses, it is more cost effective to collocate multiple fabric personas on the same switch. The following options are supported in NetConductor. Bold model numbers are the preferred options for each persona collocation.
| Collocated Fabric Personas | Place in the Network | Supported Platforms |
|---|---|---|
| Border + Route Reflector (RR) | Campus Core | 6400, 8325, 8360, 8400, 9300 |
| Border + Route Reflector (RR) + WLAN-Stub | Campus Core | 6400, 8360 |
| Border + WLAN-Stub | WAN-Aggregation | 6400, 8360 |
Validated Multi-Dimension Values for Routed-Access Design
The following scale values were validated in a large campus topology with each persona deployed on dedicated devices using the recommended platforms. These values reflect what was validated during end-to-end solution testing, but do not represent the absolute platform limits. For additional scaling considerations, refer to the NetConductor Architecture Guide. To achieve the scale below all switches must be running AOS-CX 10.14 or higher.
| Scale Element | Description | Scale | Comment |
|---|---|---|---|
| VRFs | Number of Virtual Routing and Forwarding instances. | 32 | |
| Underlay Routes | Number of IPv4 and IPv6 routes in the underlay. | 6,000 | |
| L2 VNIs/VLANs | Number of Layer 2 Virtual Network Identifiers (VNIs). | 64 | AOS-CX 6200 platform supports 32 L2 VNIs / VLANs. |
| Overlay hosts | Represents active host entries in the EVPN-VXLAN fabric. | 20,000 | |
| EVPN VTEP peers | Number of switches participating in overlay. | 168 |
Licensing
All switches, gateways, and APs that participate in the NetConductor fabric require Central Advanced subscriptions. Advanced licenses are sold for CX switches but are not required when a Central Advanced subscription is assigned to the switch. Unique switch and gateway subscriptions are available to cover models with different capabilities and capacities. For example, a subscription for a CX6200 switch is not interchangeable with one for a CX8360, and, likewise, 9004 and 9240 gateways use different subscriptions. Subscriptions can be purchased in 1, 3, 5, 7 and 10 year increments.
SKUs and pricing for these subscriptions can be found in this ordering guide. SKUs with a suffix of “AAS” are flexible and allow delayed activation (up to 90 days), license co-termination, mid-cycle tier upgrade, and seamless license renewals. “AAE” suffix subscriptions are activated immediately.