|[Digital Electronics] - [Network equipment]|
H3C | WB-WAC361 | Beckham Series Wireless AC Controller | Manage 32 A
Provides management of 802.11ac APs
WAC360 / 361 series wireless controllers support traditional 802.11a / b / g / n AP management, but also with H3C based on 802.11ac AP protocol networking, which provides the equivalent of traditional 802.11a / b / g / N protocol several times the wireless access rate, so that wireless multimedia applications become a reality.
Providing flexible data forwarding
Conventional wireless controller deployment generally adopts the centralized forwarding mode. The AC can fully control and supervise the packets. However, all the wireless traffic needs to be processed uniformly. The core link bandwidth and the AC forwarding capability are easy to become bottlenecks. In particular, when an AP and an AC are connected through a WAN, the AP is deployed as a data access device at the branch office, while the AC is deployed at the headquarters. All user data is sent from the AP to the AC and then forwarded by the AC for centralized forwarding.
WAC360 / 361 series wireless controllers can support centralized forwarding and distributed forwarding. Users can flexibly set the forwarding mode according to service needs and network realities.
Support for carrier-class wireless user access control and management
User-based access control is a feature of the WAC360 / 361 series of wireless controllers, and the User Profile provides a configuration template that stores preset configurations (a collection of configurations). Applicable Environment Configure different contents for the user profile, such as the CAR (Committed Access Rate) policy and the QoS (Quality of Service) policy.
When the user accesses the device, authentication is required, and the authentication server sends the user profile name to the device, and the device immediately enables the configuration of the user profile, and when the user accesses the device through authentication, When the user goes offline, the system automatically disables the configuration items in the user profile, thus canceling the user profile restriction on the user profile.Therefore, the User profile is applicable to restrict the access behavior of the online users, and there is no limitation on the user's access behavior. If the user is online (the user is not connected, the user is not authenticated, or the user goes offline), the user profile is the default configuration and does not take effect.
In addition, WAC360 / 361 series wireless controller also supports MAC-based authentication access control, this approach can not only enable customers to AAA users on the server group configuration and modify the permissions, while supporting the specific user permissions configuration , This fine user access control greatly enhances the availability of wireless networks, network administrators can easily through the different levels of people or groups access rights allocation.
The MAC-based VLAN is also a feature of the WAC360 / 361 series. On the control strategy, the administrator can assign the same user MAC to the same VLAN, and configure the security policy based on the VLAN on the controller. , This can simplify the system configuration, but also can do fine-grained user-level management.
For security or billing reasons, the system administrator may wish to control the wireless user access to the location in the network.WAC360 / 361 series wireless controller supports user access control based on AP location.When wireless users access the network , You can use the authentication server to send an AP list of permitted users to the AC and perform access control on the AC so as to restrict the wireless users to access only the APs in the specified locations.
Providing a reliable gateway function
WAC360 / 361 positioning and small and medium enterprises, branch gateways, integrated gateway and AC dual function. WAN port for Gigabit electrical interface, support PPPOE, NAT gateway function, dynamic IP address, static IP address setting function.
Support channel intelligent switching
Wireless LAN, the channel is a very scarce resource, each AP can only work in a very limited non-overlapping channel, such as for 2.4G network, only three non-overlapping channel, so how to intelligently allocate channel for the AP is The key to wireless applications.
Wireless LAN work in the frequency band there are a large number of possible sources of interference, such as radar, microwave ovens, their presence in the network will interfere with the normal work of the AP through the channel intelligent switching function, can ensure that each AP can be assigned to the best channel, It is possible to reduce and avoid the adjacent channel interference, and real-time channel interference detection, AP can be real-time to avoid radar, microwave ovens and other sources of interference.
It supports smart AP load balancing
802.11 protocol to the wireless roaming decision to the wireless client, wireless clients generally according to the AP signal strength (RSSI) select the AP, which can easily lead to a large number of clients only because of a strong AP signal to connect to the same AP, because these clients share wireless media, resulting in each client's network throughput will be greatly reduced.
The intelligent load sharing method can analyze the location of the wireless clients in real time, dynamically determine which APs can share the load with each other at the current time and the current position, and control the APs accessed by the wireless clients to implement the load sharing among these APs. Which not only supports load balancing according to the number of online sessions, but also supports load sharing according to user traffic.
Support 7-layer mobile security detection / defense (wIDS / wIPS)
The WAC360 / 361 series supports the following modes: blacklist, whitelist, Rogue defense, malformed packet detection, unauthorized user logout, signature MAC attack detection and countermeasure based on preset upgrade (for example, : DoS attack, Flood attack, man-in-the-middle attack, etc. With the built-in massive knowledge expert knowledge base of wireless application consoles, flexible wireless security policy judgment basis can be obtained. For clear illegal attack source (AP or terminal) Depending on the physical location tracking monitoring and switch physical port removal.
With the H3C professional core layer firewall / IPS equipment, it can realize the 7-layer security defense of the mobile campus, and meet the real end-to-end security requirements from wireless (802.11) to wired (802.3).
RealTime Spectrum Guard mode is supported
RealTime Spectrum Guard (RTSG) is a professional monitoring solution for wireless environment, which can be integrated with the RF AP module of the RF module to realize the deep integration of RF monitoring and real-time spectrum protection.
The RTSG console is deployed in the H3C iMC Intelligent Management Center to communicate with the Sensor AP and collect data through the CAPWAP management tunnel to achieve 7X24-hour wireless environment quality monitoring, wireless network capability trend assessment, and unlicensed interference alarming. Spectrum spectrum, duty cycle graph, event spectrum, channel, frequency spectrum, and so on. It can detect and identify all RF interference sources (Wi-Fi or non-Wi-Fi) in the 2.4GHz / 5GHz band proactively. Power, interference power, etc .; can automatically identify the interference source to determine the location of the wireless device in question to ensure that the wireless network to play the best performance combined with H3C iAR intelligent reporting components, can achieve full coverage of the radio frequency quality history of storage , Tracking, playback, etc., automatically generate custom trends, compliance and audit reports.
The RTSG solution can be deployed flexibly with Local mode or Monitor Mode for different levels of wireless environment supervision. When working in Local Mode, you can maintain normal user access and packet forwarding while obtaining effective spectrum protection. .
Support for Intelligent Wireless Service Awareness (WIAA)
The WAC360 / 361 series supports intelligent perceptual wireless traffic, enabling flexible policy identification and management based on wireless subscriber status, and optimizing the voice and video traffic bearer.
Supports remote probe analysis
The WAC360 / 361 series supports remote probe analysis for APs, which can capture and capture the Wi-Fi packets in the coverage area and mirror them in real-time to the local analyzer for network administrators to troubleshoot and optimize the analysis. The remote probe analysis function can be used to perform non-convergence mirroring for the working channel or to poll and sample all the channels flexibly to meet the requirements of the wireless network monitoring and operation and maintenance.
Built-in RF Optimization Engine (ROE)
The WAC360 / 361 Series Wireless Controller incorporates an RF Optimizing Engine for APs that enhances application acceleration and quality in high-density access, streaming media, and more in wireless deployments through feature-based and protocol-based RF optimization (IPv4 / IPv6), packet-by-packet power control, and intelligent bandwidth guarantee, and so on, which can be divided into three categories: the multi-user fair scheduling, the mixed access fairness, the filtering interference, the optimal rate, the spectrum navigation, multicast enhancement.
Support 802.1x authentication, MAC address authentication, Portal authentication, and so on
WAC360 / 361 series wireless controllers support multiple authentication modes:
802.1x authentication: The WAC360 / 361 series supports multiple 802.1x authentication modes such as TLS, PEAP, TTLS, MD5, and SIM card. It also supports 802.1x local authentication, and provides MD5, TLS and PEAP. The WAC360 / 361 series wireless controller also supports 802.1x authentication, dynamic authorization VLAN and ACL function, the user's strategy can be set in advance, the user authentication, the user authentication, The system automatically configures customer rights.
MAC Address Authentication: The WAC360 / 361 series wireless controllers support MAC authentication. For some handheld devices (such as Wi-Fi phones and handheld mobile terminals), it is not convenient to adopt the authentication method on the computer. However, MAC authentication can be easily solved. The problem is that a legitimate MAC address is configured on the controller or the AAA server, and the terminals corresponding to the MAC addresses can be allowed to access to the network, and the illegal terminals that have not been configured in advance can not access the wireless network. The functionality greatly facilitates applications such as wireless medical systems, which ensure that only hospital PDAs can access the wireless network and deny the patient's wireless PDA access to a dedicated wireless network.
Portal authentication: The WAC360 / 361 series wireless controller provides the built-in portal authentication server, which does not require the cooperation of the client and is directly passed through the WEB Portal page of the browser as the authentication channel. When the user authentication passes, the user can flexibly jump to the designated access home page And activate the corresponding authorization and billing.Also according to the policy requirements, flexible push custom Portal page, to advertising, information transmission role, widely used in wireless campus, wireless city, visitor access and other application scenarios.
Supports IPv4 / IPv6 dual protocol stack (Native IPv6)
The WAC360 / 361 series wireless controller supports IPV6 access of the wireless clients, which can be configured with IPv6 priority and tunnel priority mapping at the tunnel originating AP. Text filtering and other complex ACL control and filtering.
WAC360 / 361 series wireless controllers can also be deployed in IPv6 networks and automatically negotiate IPv6 tunnels between ACs and APs.When AC and AP are fully operational in IPv6, the controller can still sense IPv4 correctly and can process wireless Client IPv4 packets WAC360 / 361 series wireless controller IPv4 / 6 Flexible adaptability to meet the customers in IPv4 to IPv6 network migration in a variety of complex applications, both in the IPv6 island to provide customers with IPv4 services , But also in the IPv4 isolated island allows users to easily through the IPv6 protocol to log on to the network.
The WAC360 / 361 series of wireless controllers support IPv6 SAVI (Source Address Validation) technology for the IPv6 packet forgery attacks on the campus network, and obtains the IP addresses of the users by listening to the address assignment protocol, The IP address can not be forged to ensure the reliability of the source address.At the same time, through the combination of IPv6 SAVI and Portal technology to further ensure the authenticity and security of all Internet users' messages.
Providing end-to-end QoS
Based on the Comware platform, the WAC360 / 361 series wireless controllers not only provide perfect support for the Diff-Serv standard, but also increase the QoS support for the IPv6 protocol.
The QoS Diff-Serv model includes traffic classification, traffic policing, queue management, and queue scheduling. The services such as EF, AF1 to AF4, and BE, which are defined in the standard, are fully implemented. Operators can provide users with different levels of service quality of service assurance, the Internet truly become simultaneously carrying data, voice and video services integrated network.
Support fast two, three roaming
H3C's centralized wireless architecture not only facilitates Layer 2 roaming, but also facilitates inter-layer roaming. With WLAN APs deployed with Fat APs, the roaming between the APs is limited due to the limited information transfer between APs. The WAC360 / 361 series wireless controllers support Layer 2 and Layer 3 roaming, and the roaming domain is not restricted by subnets. This excellent roaming feature allows the WAC360 / 361 series of wireless controllers to communicate with each other at the same time. Customers in the planning of wireless networks, without too much consideration of the existing network planning, more attention to the wireless signal coverage can be, this approach greatly simplifies the pre-network planning, reducing network planning costs.
In the traditional mode, when the wireless user terminal uses 802.1x as the means of 802.11 authentication and key exchange, there will be a lot of interactive messages between the wireless user terminal and the AP.When the wireless user terminal roams between two APs , If the wireless user terminal in the new AP access process to fully comply with the complete 802.1x interactive process, will inevitably lead to roaming switching time is too long for some roaming switching time-sensitive services (such as voice services), such a long The switching time is unbearable.WAC360 / 361 series wireless controller using Keycaching technology to complete the rapid switching users when roaming, Key caching technology in the user's secure access and fast roaming done a good balance between, you can make wireless The user terminal does not need to re-complete the 802.1x authentication process when roaming between the two APs, while ensuring the identification of the user identity and the continuity of the key usage. The wireless user adopts the fast roaming mode, More than 50ms, to meet the demanding needs of voice services.
Support the branch to manage the business centrally
User centralized management, all branches of the user's authentication process forwarded to headquarters, the headquarters of the authentication server for unified access authentication.
Centralized management of equipment, WAC360 / 361 support by the headquarters of the large AC centralized management, through the headquarters of the AC can be large AC branch, AP release configuration, greatly reducing the difficulty of maintenance.
Supports branch office data distribution service
After the user authentication is successful, the data service is not forwarded to the headquarters AC, and the branch office AC WAC360 / 361 directly transfers data services to the Internet.