OmniAccess 6000
WIR ELESS LAN SWITC H
The Alcatel-Lucent OmniAccess™ 6000 (OAW-6000) Wireless LAN Switch is a high performance, fully featured modular WLAN switch able to aggregate up to 2,048 campus connected access points (APs). The OAW-6000 provides a true user-centric network experience, delivering follow-me connectivity, identity-based access, and application continuity services.
The OAW-6000 offers a scalable design that supports large deployments and can be easily implemented as an overlay without any disruption to the existing wired network.
Advanced voice-over-WLAN features such as Call Admission Control (CAC), voice-aware RF management and strict over-the-air quality of service (QoS) allow the OAW-6000 to deliver mobile VoIP capabilities. The OAW-6000 is managed via the integrat ed manageme nt capability of the Alca tel-Lucent OmniAcce ss Wireless Operating System or the Alcatel-Lucent OmniVista™ Mobility Manager.
FEA TU RE S |
|
B ENE FIT S |
•High capacity and high performance for large deployments
•Scalable design
•Mobile VoIP
•Integrated network management
•User-centric security
•Secure network environment
•A scalable design that supports up to 32,768 users with follow-m e connectivity, identity based access and application continuity
•Does not make existing deployments obsolete since it is implemented as an overlay without disturbing the existing wired network
•Improves voice quality through support of Call Admission Control, voice-aware RF management and strict over-the-air quality of service (QoS)
•Eliminates need for multiple network manage ment applicati ons via OmniAccess Wireless Operating System and OmniVista Mobility Manager
•Prevents unauthenticated users and unsafe endpoints from access the corporate wireless netwo rk while safely supporting guest users
•Eliminates need for additional VPN/firewall devices
The OAW-6000 offers a best in class, user-centric security framework to authenticate wireless users, enforce role-based access control policies and quarantine unsafe endpoints from accessing the corporate wireless network. Guest users can be easily and safely supported with the built-in captive portal server and advanced network services.
The OAW-6000 can create a secure networking environment without requiring additional VPN/firewall devices using integrated site-to-site VPN and NAT capabilities, split-tunneling and an ICSA-certified stateful firewall. Site-to-site VPN support can be integrated with all leading VPN concentrators to provide seamless integration into existing corporate VPNs.
TE CHN I CAL |
SPECIFICAT |
IONS |
Performanc e and capaci ty
•Campus-connected APs: Up to 2,048
•Remote APs: Up to 8,192
•Users: Up to 32,768
•MAC addresses: Up to 256,000
•VLAN IP interfaces: 512
•Fast Ethernet ports (10/100): Up to 72
•Gigabit Ethernet ports (GBIC or SFP): Up to 40
•10 Gigabit Ethernet ports (XFP): Up to 8
•Active firewall sessions: Up to 2,097,200
•Concurrent IPSec tunnels: Up to 32,768
•Firewall throughput: Up to 80 Gbps
•Encrypted throughput (3DES): Up to 32 Gbps
•Encrypted throughput (AES-CCM): Up to 16 Gbps
Wireless LAN security and control features
•802.11i security (WFA-certified WPA2 and WPA)
•802.1X user and machine authentication
•EAP-PEAP, EAP-TLS, EAP-TTLS support
•Centralized AES-CCM, TKIP and WEP encryption
•802.11iPMK cachingfor fast roamingapplications
•EAP offload for AAA server scalability and survivability
•Stateful 802.1X authenticationfor standaloneAPs
•MAC address, SSID and location-based authentication
•Multi-SSIDsupportfor operationof multipleWLANs
•SSID-based RADIUS server selection
•Secure AP control and management over IPSec or GRE
•CAPWAP-compatible and upgradeable
•DistributedWLAN mode for remoteAP deployments
•Simultaneous centralized and distributed WLAN support
Identity-bas ed security features
•Captive portal, 802.1X and MAC address authentication
•Username,IP address,MAC addressand encryption key binding for strong network identity creation
•Per-packet identity verification to prevent impersonation
•RADIUS and LDAP-based AAA server support
•Internal user database for AAA server failover protection
•Role-based authorization for eliminating excess privilege
•Robust policy enforcement with stateful packet inspection
•Per-user session accounting for usage auditing
•Web-based guest enrollment
•Configurable acceptable use policies for guest access
•XML-based API for external captive portal integration
•xSec option for wired LAN authentication and encryption(802.1X authentication, 256-bit AES-CBC encryption)
Convergence features
•Voice and data on a single SSID for converged devices
•Flow-basedQoS usingvoiceflow classification(VFC)
•Alcatel-Lucent NOE, SIP, Spectralink SVP, SCCP and Vocera ALGs
•Strict priority queuing for over-the-air QoS
•802.11e support – WMM, U-APSD and T-SPEC
•QoS policing for preventing network abuse via 802.11e
•DiffServ marking and 802.1p support for network QoS
•On-hook and off-hook VoIP client detection
•VoIP call admission control (CAC) using VFC
•Call reservation thresholds for mobile VoIP calls
•Voice-aware RF management for ensuring voice quality
•Fast roaming support for ensuring mobile voice quality
•SIP early media and ringing tone generation (RFC 3960)
•Per-user and per-role rate limits (bandwidth contracts)
Adaptive radio management (ARM) features
•Automatic channel and power settings for thin APs
•Simultaneousair monitoringand end user services
• Self-healing coverage based on dynamic
RF conditions
•Dense deploymentoptionsfor capacityoptimization
•AP load balancing based on number of users
•AP load balancing based on bandwidth utilization
•Coverage hole and RF interference detection
•802.11hsupportfor radar detectionand avoidance
•Automated location detection for active RFID tags
•Built-in XML-based Location API for RFID applications
Wireless intrusion protection features
•Integration with WLAN infrastructure
•Simultaneous or dedicated air monitoring capabilities
•Rogue AP detection and built-in location visualization
•Automatic rogue, interfering and valid AP classification
•Over-the-air and over-the-wire rogue AP containment
•Adhoc WLAN network detection and containment
•Windows client bridging and wireless bridge detection
•Denial of service attack protection for APs and stations
•Misconfigured standalone AP detection and containment
•Third party AP performance monitoring and troubleshooting
•Flexible attack signature creation for new WLAN attacks
•EAP handshake and sequence number analysis
•Valid AP impersonation detection
•Framefloods,FakeAP and Airjackattack detection
•ASLEAP, death broadcast, null probe response detection
•Netstumbler-based network probe detection
Stateful firewall features
•Stateful packet inspection tied to user identity or ports
•Location and time-of-day aware policy definition
•802.11 station awareness for WLAN firewalling
•Over-the-air policy enforcement and station blacklisting
•Session mirroring and per-packet logs for forensic analysis
2Alcatel-Lucent OmniAccess 6000