Aruba MMC-3000 Multi-Service Mobility Controller Series

Aruba MMC-3000 Multi-Service Mobility Controller Series

Photo of Aruba 3000 Series Mobility Controllers

The Aruba MMC-3000 Multi-Service Mobility Controller series is a family of three fully-featured controllers able to aggregate up to 32, 64 and 128 campus-connected access points (APs) respectively.

The MMC-3000 series provides a truly usercentric network experience, delivering follow-me connectivity, identity-based access, and application continuity services.

The MMC-3200 is designed for the small/branch offices, while the MMC-3400 and MMC-3600 are designed for medium/large enterprise or dense office deployments. The MMC-3000 series can be easily deployed as an overlay without any disruption to the existing wired network. Advanced voice-over-WLAN features such as Call Admission Control (CAC), voice-aware RF management and strict over-the-air QoS allow the MMC-3000 series to deliver mobile VoIP capabilities. The MMC-3000 series is managed via ArubaOS or the Aruba Mobility Management System.

Additionally, the MMC-3000 series can be deployed as a user-centric security gateway to authenticate wired and wireless users, enforce role-based access control policies and quarantine unsafe endpoints from accessing the corporate network. Guest users can be easily and safely supported with the built-in captive portal server and advanced network services. The MMC-3000 series can create a secure networking environment without requiring additional VPN/ firewall devices using integrated site-to-site VPN and NAT capabilities, split-tunneling and stateful firewall. Site-to-site VPN support can be integrated with all leading VPN concentrators to provide seamless integration into existing corporate VPNs.

Specifications

Print
Controller Performance and Capacity (3200/3400/3600)
Campus connected APs Up to 32/64/128
Remote APs Up to 128/256/512
Users Up to 512/1024/2048
MAC addresses Up to 64,000
VLAN IP interfaces 128
Gigabit Ethernet ports (RJ-45 or SFP) 4
Active firewall sessions Up to 128,000
Concurrent IPSEC tunnels Up to 512/1024/2048
Firewall throughput 3/4/4 Gbps
Encrypted throughput (3DES) 1.6/4/8 Gbps
Encrypted throughput (AES-CCM) 0.8/2/4 Gbps
Wireless LAN Security and Control Features
802.11i security (WFA certified WPA2 and WPA)
802.1X user and machine authentication
EAP-PEAP, EAP-TLS, EAP-TTLS support
Centralized AES-CCM, TKIP and WEP encryption
802.11i PMK caching for fast roaming applications
EAP offload for AAA server scalability and survivability
Stateful 802.1X authentication for standalone APs
MAC address, SSID and location-based authentication
Multi-SSID support for operation of multiple WLANs
SSID-based RADIUS server selection
Secure AP control and management over IPSEC or GRE
CAPWAP compatible and upgradeable
Distributed WLAN mode for remote AP deployments
Simultaneous centralized and distributed WLAN support
Identity-based Security Features
Wired and wireless user authentication
Captive portal, 802.1X and MAC address authentication
Username, IP address, MAC address and encryption key binding for strong network identity creation
Per-packet identity verifi cation to prevent impersonation
Endpoint posture assessment, quarantine and remediation
Microsoft NAP, Cisco NAC, Symantec SSE support
RADIUS and LDAP based AAA server support
Internal user database for AAA server failover protection
Role-based authorization for eliminating excess privilege
Robust policy enforcement with stateful packet inspection
Per-user session accounting for usage auditing
Web-based guest enrollment with Aruba GuestConnect
Configurable acceptable use policies for guest access
XML-based API for external captive portal integration
xSec option for wired LAN authentication and encryption (802.1X authentication, 256-bit AES-CBC encryption)
Convergence Features
Voice and data on a single SSID for converged devices
Flow-based QoS using Voice Flow Classification
SIP, Spectralink SVP, Cisco SCCP and Vocera ALGs
Strict priority queuing for over-the-air QoS
802.11e support - WMM, U-APSD and T-SPEC
QoS policing for preventing network abuse via 802.11e
Diffserv marking and 802.1p support for network QoS
On-hook and off-hook VoIP client detection
VoIP call admission control (CAC) using VFC
Call reservation thresholds for mobile VoIP calls
Voice-aware RF management for ensuring voice quality
Fast roaming support for ensuring mobile voice quality
SIP early media and ringing tone generation (RFC 3960)
Per-user and per-role rate limits (bandwidth contracts)
Adaptive Radio Management (ARM) Features
Automatic channel and power settings for controlled APs
Simultaneous air monitoring and end user services
Self-healing coverage based on dynamic RF conditions
Dense deployment options for capacity optimization
AP load balancing based on number of users
AP load balancing based on bandwidth utilization
Coverage hole and RF interference detection
802.11h support for radar detection and avoidance
Automated location detection for Active RFID tags
Built-in XML based Location API for RFID applications
Wireless Intrusion Protection Features
Integration with WLAN infrastructure
Simultaneous or dedicated air monitoring capabilities
Rogue AP detection and built-in location visualization
Automatic rogue, interfering and valid AP classification
Over-the-air and over-the-wire rogue AP containment
Adhoc WLAN network detection and containment
Windows client bridging and wireless bridge detection
Denial of service attack protection for APs and stations
Misconfigured standalone AP detection and containment
3rd party AP performance monitoring and troubleshooting
Flexible attack signature creation for new WLAN attacks
EAP handshake and sequence number analysis
Valid AP impersonation detection
Frame floods, Fake AP and Airjack attack detection
ASLEAP, death broadcast, null probe response detection
Netstumbler-based network probe detection
Stateful Firewall Features
Stateful packet inspection tied to user identity or ports
Location and time-of-day aware policy definition
802.11 station awareness for WLAN firewalling
Over-the-air policy enforcement and station blacklisting
Session mirroring and per-packet logs for forensic analysis
Detailed firewall traffic logs for usage auditing
ICSA corporate firewall 4.1 compliance
Application Layer Gateway (ALG) support for SIP, SCCP, RTSP, Vocera, FTP, TFTP, PPTP
Source and destination Network Address Translation (NAT)
Dedicated flow processing hardware for high performance
TCP, ICMP denial of service attack detection and protection
Policy-based forwarding into GRE tunnels for guest traffic
External service interface for 3rd party security integration for inline anti-virus, anti-spam and content filtering apps
Heath checking and load balancing for external services
VPN Server Features
Site-to-site VPN support for branch office deployments
Site-to-site interoperability with 3rd party VPN servers
VPN server emulation for easy integration into WLAN
L2TP/IPSEC VPN termination for Windows VPN clients
Mobile edge client shim for roaming with RSA Tokens
XAUTH/IPSEC VPN termination for 3rd Party clients
PPTP VPN termination for legacy VPN integration
RADIUS and LDAP server support for VPN authentication
PAP, CHAP, MS-CHAP and MS-CHAPv2 authentication
Hardware encryption for DES, 3DES, AES, MPPE
Secure point-to-point xSec tunnels for L2 VPNs
Networking Features and Advanced Services
L2 and L3 switching over-the-air and over-the-wire
VLAN pooling for easy, scalable network designs
VLAN mobility for seamless L2 roaming
Proxy mobile IP and proxy DHCP for L3 roaming
Built-in DHCP server and DHCP relay
VRRP based N+1 controller redundancy (L2)
AP provisioning based N+1 controller redundancy (L3)
Wired access concentrator mode for centralized security
Etherchannel support for link redundancy
802.1d Spanning Tree Protocol
802.1Q VLAN tags
Controller-based Management Features
RF Planning and AP Deployment Toolkit
Centralized AP provisioning and image management
Live coverage visualization with RF heat maps
Detailed statistics visualization for monitoring
Remote packet capture for RF troubleshooting
Interoperable with Ethereal, Airopeek and AirMagnet analyzers
Multi-controller confi guration management
Location visualization and device tracking
System-wide event collection and reporting
Controller Administration Features
Web-based user interface access over HTTP and HTTPS
Quickstart screens for easy controller configuration
CLI access using SSH, Telnet and console port
Role-based access control for restricted admin access
Authenticated access via RADIUS, LDAP or Internal DB
SNMPv3 and SNMPv2 support for controller monitoring
Standard MIBs and private enterprise MIBs
Detailed message logs with syslog event notification
Controller Power Specification
Power Consumption  
Aruba 3200 35 W maximum
Aruba 3400 45 W maximum
Aruba 3600 60 W maximum
Operating Specifications and Dimensions
Operating temperature range 0° to 40° C
Storage temperature range 10° to 70° C
Humidity, non-condensing 5 to 95%
Height 1.75” (44 mm)
Width 13.8” (351 mm)
Depth 11.7” (297 mm)
Weight

3200: 7.1 lbs. (unboxed)
3400/3600 7.4 lbs (unboxed)
Warranty
Hardware 1 year parts/labor
Software 90 days
Regulatory and Safety Compliance
FCC part 15 Class A CE
Industry Canada Class A
VCCI Class A (Japan)
EN 55022 Class A (CISPR 22 Class A), EN 61000-3
EN 61000-4-2, EN 61000-4-3, EN 61000-4-4
EN 61000-4-5, EN 61000-4- 6, EN 61000-4-8
EN 61000-4-11, EN 55024, AS/NZS 3548
UL 60950, EN60950
CAN/CSA 22.2 #60950
CE mark, cTUVus, GS, CB, C-tick, Anatel, NOM, MIC, IQC

Mobility Controllers