Aruba Networks Products
Mobility Controllers
MMC-3000 Multi-Service Mobility Controller Series

The Aruba MMC-3000 Multi-Service Mobility Controller series is a family of three fully-featured controllers able to aggregate up to 32, 64 and 128 campus-connected access points (APs) respectively.

The MMC-3000 series provides a truly usercentric network experience, delivering follow-me connectivity, identity-based access, and application continuity services.

The MMC-3200 is designed for the small/branch offices, while the MMC-3400 and MMC-3600 are designed for medium/large enterprise or dense office deployments. The MMC-3000 series can be easily deployed as an overlay without any disruption to the existing wired network. Advanced voice-over-WLAN features such as Call Admission Control (CAC), voice-aware RF management and strict over-the-air QoS allow the MMC-3000 series to deliver mobile VoIP capabilities. The MMC-3000 series is managed via ArubaOS or the Aruba Mobility Management System.

Additionally, the MMC-3000 series can be deployed as a user-centric security gateway to authenticate wired and wireless users, enforce role-based access control policies and quarantine unsafe endpoints from accessing the corporate network. Guest users can be easily and safely supported with the built-in captive portal server and advanced network services. The MMC-3000 series can create a secure networking environment without requiring additional VPN/ firewall devices using integrated site-to-site VPN and NAT capabilities, split-tunneling and stateful firewall. Site-to-site VPN support can be integrated with all leading VPN concentrators to provide seamless integration into existing corporate VPNs.

Specifications

Controller Performance and Capacity

• Campus connected APs -> Up to 32/64/128
• Remote APs -> Up to 128/256/512
• Users -> Up to 512/1024/2048
• MAC addresses -> Up to 64,000
• VLAN IP interfaces -> 128
• Gigabit Ethernet ports (RJ-45 or SFP) -> 4
• 10 Gigabit Ethernet ports (XFP) -> Up to 8
• Active firewall sessions -> Up to Up to 128,000
• Concurrent IPSEC tunnels -> Up to 512/1024/2048
• Firewall throughput -> 3/4/4 Gbps
• Encrypted throughput (3DES) -> 1.6/4/8 Gbps
• Encrypted throughput (AES-CCM) -> 0.8/2/4 Gbps

Wireless LAN Security and Control Features

• 802.11i security (WFA certified WPA2 and WPA)
• 802.1X user and machine authentication
• EAP-PEAP, EAP-TLS, EAP-TTLS support
• Centralized AES-CCM, TKIP and WEP encryption
• 802.11i PMK caching for fast roaming applications
• EAP offload for AAA server scalability and survivability
• Stateful 802.1X authentication for standalone APs
• MAC address, SSID and location based authentication
• Multi-SSID support for operation of multiple WLANs
• SSID-based RADIUS server selection
• Secure AP control and management over IPSEC or GRE
• CAPWAP compatible and upgradeable
• Distributed WLAN mode for remote AP deployments
• Simultaneous centralized and distributed WLAN support

Identity-based Security Features

• Wired and wireless user authentication
• Captive portal, 802.1X and MAC address authentication
• Username, IP address, MAC address and encryption key binding for strong network identity creation
• Per-packet identity verifi cation to prevent impersonation
• Endpoint posture assessment, quarantine and remediation
• Microsoft NAP, Cisco NAC, Symantec SSE support
• RADIUS and LDAP based AAA server support
• Internal user database for AAA server failover protection
• Role-based authorization for eliminating excess privilege
• Robust policy enforcement with stateful packet inspection
• Per-user session accounting for usage auditing
• Web-based guest enrollment with Aruba GuestConnect
• Configurable acceptable use policies for guest access
• XML-based API for external captive portal integration
• xSec option for wired LAN authentication and encryption (802.1X authentication, 256-bit AES-CBC encryption)

Convergence Features

• Voice and data on a single SSID for converged devices
• Flow-based QoS using Voice Flow Classification
• SIP, Spectralink SVP, Cisco SCCP and Vocera ALGs
• Strict priority queuing for over-the-air QoS
• 802.11e support - WMM, U-APSD and T-SPEC
• QoS policing for preventing network abuse via 802.11e
• Diffserv marking and 802.1p support for network QoS
• On-hook and off-hook VoIP client detection
• VoIP call admission control (CAC) using VFC
• Call reservation thresholds for mobile VoIP calls
• Voice-aware RF management for ensuring voice quality
• Fast roaming support for ensuring mobile voice quality
• SIP early media and ringing tone generation (RFC 3960)
• Per-user and per-role rate limits (bandwidth contracts)

Adaptive Radio Management™ (ARM) Features

• Automatic channel and power settings for controlled APs
• Simultaneous air monitoring and end user services
• Self-healing coverage based on dynamic RF conditions
• Dense deployment options for capacity optimization
• AP load balancing based on number of users
• AP load balancing based on bandwidth utilization
• Coverage hole and RF interference detection
• 802.11h support for radar detection and avoidance
• Automated location detection for Active RFID tags
• Built-in XML based Location API for RFID applications

Wireless Intrusion Protection Features

• Integration with WLAN infrastructure
• Simultaneous or dedicated air monitoring capabilities
• Rogue AP detection and built-in location visualization
• Automatic rogue, interfering and valid AP classification
• Over-the-air and over-the-wire rogue AP containment
• Adhoc WLAN network detection and containment
• Windows client bridging and wireless bridge detection
• Denial of service attack protection for APs and stations
• Misconfigured standalone AP detection and containment
• 3rd party AP performance monitoring and troubleshooting
• Flexible attack signature creation for new WLAN attacks
• EAP handshake and sequence number analysis
• Valid AP impersonation detection
• Frame floods, Fake AP and Airjack attack detection
• ASLEAP, death broadcast, null probe response detection
• Netstumbler-based network probe detection

Stateful Firewall Features

• Stateful packet inspection tied to user identity or ports
• Location and time-of-day aware policy definition
• 802.11 station awareness for WLAN firewalling
• Over-the-air policy enforcement and station blacklisting
• Session mirroring and per-packet logs for forensic analysis
• Detailed firewall traffic logs for usage auditing
• ICSA corporate firewall 4.1 compliance
• Application Layer Gateway (ALG) support for SIP, SCCP, RTSP, Vocera, FTP, TFTP, PPTP
• Source and destination Network Address Translation (NAT)
• Dedicated flow processing hardware for high performance
• TCP, ICMP denial of service attack detection and protection
• Policy-based forwarding into GRE tunnels for guest traffic
• External service interface for 3rd party security integration for inline anti-virus, anti-spam and content filtering apps
• Heath checking and load balancing for external services

VPN Server Features

• Site-to-site VPN support for branch office deployments
• Site-to-site interoperability with 3rd party VPN servers
• VPN server emulation for easy integration into WLAN
• L2TP/IPSEC VPN termination for Windows VPN clients
• Mobile edge client shim for roaming with RSA Tokens
• XAUTH/IPSEC VPN termination for 3rd Party clients
• PPTP VPN termination for legacy VPN integration
• RADIUS and LDAP server support for VPN authentication
• PAP, CHAP, MS-CHAP and MS-CHAPv2 authentication
• Hardware encryption for DES, 3DES, AES, MPPE
• Secure point-to-point xSec tunnels for L2 VPNs

Networking Features and Advanced Services

• L2 and L3 switching over-the-air and over-the-wire
• VLAN pooling for easy, scalable network designs
• VLAN mobility for seamless L2 roaming
• Proxy mobile IP and proxy DHCP for L3 roaming
• Built-in DHCP server and DHCP relay
• VRRP based N+1 controller redundancy (L2)
• AP provisioning based N+1 controller redundancy (L3)
• Wired access concentrator mode for centralized security
• Etherchannel support for link redundancy
• 802.1d Spanning Tree Protocol
• 802.1Q VLAN tags

Controller-based Management Features

• RF Planning and AP Deployment Toolkit
• Centralized AP provisioning and image management
• Live coverage visualization with RF heat maps
• Detailed statistics visualization for monitoring
• Remote packet capture for RF troubleshooting
• Interoperable with Ethereal, Airopeek and AirMagnet analyzers
• Multi-controller configuration management
• Location visualization and device tracking
• System-wide event collection and reporting

Controller Administration Features

• Web-based user interface access over HTTP and HTTPS
• Quickstart screens for easy controller configuration
• CLI access using SSH, Telnet and console port
• Role-based access control for restricted admin access
• Authenticated access via RADIUS, LDAP or Internal DB
• SNMPv3 and SNMPv2 support for controller monitoring
• Standard MIBs and private enterprise MIBs
• Detailed message logs with syslog event notification

Controller Power Supply Options

• Power Consumption
  • Aruba 3200 -> 35 W maximum
  • Aruba 3400 -> 45 W maximum
  • Aruba 3600 -> 60 W maximum

Operating Specifications and Dimensions

• Operating temperature range -> 0° to 40° C
• Storage temperature range -> 10° to 70° C
• Humidity, non-condensing -> 5 to 95%
• Height -> 1.75" (44 mm)
• Width -> 13.8" (351 mm)
• Depth -> 11.7" (297 mm)
• Weight -> 3200: 7.1 lbs. (unboxed), 3400/3600 7.4 lbs (unboxed)

Warranty

• Hardware -> 1 year parts/labor
• Software -> 90 days

Regulatory and Safety Compliance

• FCC part 15 Class A CE
• Industry Canada Class A
• VCCI Class A (Japan)
• EN 55022 Class A (CISPR 22 Class A), EN 61000-3
• EN 61000-4-2, EN 61000-4-3, EN 61000-4-4
• EN 61000-4-5, EN 61000-4- 6, EN 61000-4-8
• EN 61000-4-11, EN 55024, AS/NZS 3548
• UL 60950, EN60950
• CAN/CSA 22.2 #60950
• CE mark, cTUVus, GS, CB, C-tick, Anatel, NOM, MIC, IQC