Alcatel-Lucent OMNIACCESS 6000 User Manual

OmniAccess 6000
W I R E L E S S L A N S W I T C H
The Alcatel-Lucent OmniAccess™ 6000 (OAW-6000) Wireless LAN Switch is a high performance, fully featured modular
WLAN switch able to aggregate up to 2,048 campus connected access points (APs). The OAW-6000 provides a true
user-centric network experience, delivering follow-me connectivity, identity-based access, and application continuity services.
The OAW-6000 offers a scalable design that supports large deployments and can be easily implemented as an overlay
without any disruption to the existing wired network.
Advanced voice-over-WLAN features such as Call Admission Control (CAC), voice-aware RF management and strict
via the integrated management capability of the Alcatel-Lucent OmniAccess Wireless Operating System or the
Alcatel-Lucent OmniVista™ Mobility Manager.
B E N E F I T SF E A T U R E S
• High capacity and high performance for large deployments
• Scalable design
• Mobile VoIP
• Integrated network management
• User-centric security
• Secure network environment
• A scalable design that supports up to 32,768 users with follow-me connectivity, identity based access and application continuity
• Does not make existing deployments obsolete since it is implemented as an overlay without disturbing the existing wired network
• Improves voice quality through support of Call Admission Control, voice-aware RF management and strict over-the-air quality of service (QoS)
• Eliminates need for multiple network management applications via OmniAccess Wireless Operating System and OmniVista Mobility Manager
• Prevents unauthenticated users and unsafe endpoints from access the corporate wireless network while safely supporting guest users
• Eliminates need for additional VPN/firewall devices
The OAW-6000 offers a best in class, user-centric security framework to authenticate wireless users, enforce role-based
access control policies and quarantine unsafe endpoints from accessing the corporate wireless network. Guest users can
be easily and safely supported with the built-in captive portal server and advanced network services.
The OAW-6000 can create a secure networking environment without requiring additional VPN/firewall devices using
integrated site-to-site VPN and NAT capabilities, split-tunneling and an ICSA-certified stateful firewall. Site-to-site VPN
support can be integrated with all leading VPN concentrators to provide seamless integration into existing corporate VPNs.
T E C H N I C A L S P E C I F I C A T I O N S
Performance and capacity
• Campus-connected APs: Up to 2,048
• Remote APs: Up to 8,192
• Users: Up to 32,768
• MAC addresses: Up to 256,000
• VLAN IP interfaces: 512
• Fast Ethernet ports (10/100): Up to 72
• Gigabit Ethernet ports (GBIC or SFP): Up to 40
• 10 Gigabit Ethernet ports (XFP): Up to 8
• Active firewall sessions: Up to 2,097,200
• Concurrent IPSec tunnels: Up to 32,768
• Firewall throughput: Up to 80 Gbps
• Encrypted throughput (3DES): Up to 32 Gbps
• Encrypted throughput (AES-CCM): Up to 16 Gbps
Wireless LAN security and control features
• 802.11i security (WFA-certified WPA2 and WPA)
• 802.1X user and machine authentication
• EAP-PEAP, EAP-TLS, EAP-TTLS support
• Centralized AES-CCM, TKIP and WEP encryption
• 802.11i PMK caching for fast roaming applications
• E AP off loa d for AAA se rve r s cal abi lit y and survivability
• Stateful 802.1X authentication for standalone APs
• MAC address, SSID and location-based authentication
• Multi-SSID support for operation of multiple WLANs
• SSID-based RADIUS server selection
• Secure AP control and management over IPSec or GRE
• CAPWAP-compatible and upgradeable
• DistributedWLAN mode for remoteAP deployments
• Simultaneous centralized and distributed
WLAN support
Identity-based security features
• C apt ive portal, 802. 1X and MAC ad dre ss authentication
• Username,IP address,MAC address and encryption key binding for strong network identity creation
• Per-packet identity verification to prevent impersonation
• RADIUS and LDAP-based AAA server support
• Internal user database for AAA server failover protection
• R ole -ba sed authori zat ion for eliminati ng excess privilege
• R obu st pol icy enfo rce men t w ith stat efu l
packet inspection
• Per-user session accounting for usage auditing
• Web-based guest enrollment
• Configurable acceptable use policies for guest
access
• X ML- bas ed API for exte rna l c apt ive port al
integration
• xSec option for wired LAN authentication and
encryption(80 2.1 X a uth ent ica tio n, 256- bit AES-CBC encryption)
Convergence features
• Voi ce and data on a si ngl e SSID for
converged devices
• Flow-based QoS using voice flow classification (VFC)
• Alcatel-Lucent NOE, SIP, Spectralink SVP, SCCP
and Vocera ALGs
• Strict priority queuing for over-the-air QoS
• 802.11e support – WMM, U-APSD and T-SPEC
• Q oS policing f or preventing networ k abuse
via 802.11e
• D iff Ser v m arking and 802 .1p support fo r
network QoS
• On-hook and off-hook VoIP client detection
• VoIP call admission control (CAC) using VFC
• Call reservation thresholds for mobile VoIP calls
• Voice-aware RF management for ensurin g
voice quality
• Fa st roaming support for e nsuring mobile
voice quality
• SIP early media and ringing tone generation
(RFC 3960)
• Per-user and per-role rate limits (bandwidth
contracts)
Adaptive radio management (ARM) features
• A utomatic ch annel and power settin gs for
thin APs
• Simultaneous air monitoring and end user services
• S elf -he ali ng coverage based on dyna mic
RF conditions
• Dense deployment options for capacity optimization
• AP load balancing based on number of users
• AP load balancing based on bandwidth utilization
• Coverage hole and RF interference detection
• 802.11h support for radar detection and avoidance
• Automated location detection for active RFID tags
• B uil t-i n X ML-based Location A PI for RFID applications
Wireless intrusion protection features
• Integration with WLAN infrastructure
• S imu lta neo us or dedicated a ir mon ito rin g capabilities
• R ogu e AP detection and built-in l oca tio n visualization
• Automatic rogue, interfering and valid AP classification
• O ver-the-ai r a nd ove r-th e-w ire rogue AP containment
• Adhoc WLAN network detection and containment
• Windows client bridging and wireless bridge detection
• D enial of serv ice attack protectio n for APs and stations
• Misconfigured standalone AP detection and containment
• Third party AP performance monitoring and troubleshooting
• F lex ibl e a ttack signature c rea tio n f or new WLAN attacks
• EAP handshake and sequence number analysis
• Valid AP impersonation detection
• Frame floods, Fake AP and Airjack attack detection
• ASLEAP, death broadcast, null probe response detection
• Netstumbler-based network probe detection
Stateful firewall features
• Stateful packet inspection tied to user identity or ports
• Location and time-of-day aware policy definition
• 802.11 station awareness for WLAN firewalling
• Over-the-air policy enforcement and station blacklisting
• S ess ion mirroring and per-pa cket logs for forensic analysis
2 Alcatel-Lucent OmniAccess 6000
Loading...
+ 2 hidden pages