Alcatel-Lucent 4504 Switch User Manual

OmniAccess 4504, OmniAccess 4604, OmniAccess 4704
WIRELESS LAN SWITCHES
The Alcatel-Lucent OmniAccess™ 4504, 4604 and 4704 (OAW-4504, OAW-4604, OAW-4704) switches are high
performance, fully-featured WLAN switches that are able to aggregate up to 32, 64 and 128 campus connected access
points (APs) respectively. These WLAN switches provide a true user-centric network experience, delivering follow-me
connectivity, identity-based access, and application continuity services.
F E A T U R E S
B E N E F I T S
• High performance
• Platforms designed from the ground
up to support IEEE 802.11n high
performance networks.
• Scalable architecture
• Supports pay as you grow capability
through software licensing model.
WLAN switch AP capacity can grow
by adding SW licenses.
• Centralized WLAN switching
• Allows for overlay deployments
without disruption to the existing
wireline infrastructure. Simplifies
management task by minimizing the
number of network elements.
• Dynamic RF management
• Provides analysis of the RF environment
to facilitate deployment with self
tuning access points and facilitates
operation of the network with virtual
real time site survey.
• Integrated wireless intrusion prevention
• Integrates both wireless networking
and wireless intrusion detection and
prevention thus reducing the cost of
wireless infrastructure and cost of
operating the wireless network.
• User-centric security with
stateful firewall
• Prevents unauthenticated users
from accessing the corporate wireless network while safely supporting guest users, contractors as
well as corporate users. Decreases
management burden of security
through role-based security.
F E A T U R E S
B E N E F I T S
• Real time location tracking
• Allows for the real time location tracking of wireless users to enrich presence
information. Also supports location tracking of wireless asset tags throughout
the enterprise.
• Quality of service, extended battery
capabilities, application layer gateway
(ALG) for voice protocols
• Improves voice quality through support of QoS mechanisms such as WMM, DSCP
marking and prioritization, and connection admission control. Also improves
voice end user experience by maximizing battery lifer with protocols such as
U-APSD. Provides un-matched voice security through embedded stateful firewall.
The OAW-4504 is designed for small businesses and branch offices, while the OAW-4604 and OAW-4704 are
designed for medium to large enterprise or dense office deployments. These three WLAN switches can be easily
deployed as an overlay without any disruption to the existing wired network.
Advanced voice-over-WLAN features such as Call Admission Control (CAC), voice-aware RF management and strict
over-the-air quality of service (QoS) allow the OAW-4504, OAW-4604, and OAW-4704 to deliver mobile VoIP capabilities.
These switches are managed via the integrated management capability of the Alcatel-Lucent OmniAccess Wireless Operating
System or the Alcatel-Lucent OmniVista™ Mobility Manager.
Additionally, the OAW-4504, OAW-4604, OAW-4704 offer best in class, user-centric security framework to authenticate
wireless users, enforce role-based access control policies and quarantine unsafe endpoints from accessing the corporate
wireless network. Guest users can be easily and safely supported with the built-in captive portal server and advanced
network services.
The OAW-4504, OAW-4604, OAW-4704 can create a secure networking environment without requiring additional
VPN/firewall devices using integrated site-to-site VPN and NAT capabilities, split-tunneling and stateful firewall.
Site-to-site VPN support can be integrated with all leading VPN concentrators to provide seamless integration into
existing corporate VPNs
T E C H N I C A L
S P E C I F I C A T I O N S
Performance and capacity
(OAW-4504 / OAW-4604 /
OAW-4704)
•
•
•
•
•
•
•
•
•
•
Campus-connected APs: Up to 32/64/128
Remote APs: Up to 128/256/512
Users: Up to 512/1024/2048
MAC addresses: Up to 64,000
VLAN IP interfaces: 128
Gigabit Ethernet ports (RJ-45 or SFP): 4
Active firewall sessions: Up to 128,000
Concurrent IPSec tunnels: Up to 512/1024/2048
Firewall throughput: 3/4/4 Gbps
Encrypted throughput (3DES, AESCBC256):
1.6/4/8 Gbps
• Encrypted throughput (AES-CCM): 0.8/2/4 Gbps
Wireless LAN security and
control features
•
•
•
•
802.11i security (WFA certified WPA2 and WPA)
802.1X user and machine authentication
EAP-PEAP, EAP-TLS, EAP-TTLS support
Centralized AES-CCM, TKIP and WEP encryption
2
• 802.11i PMK caching for fast roaming applications
• EAP offload for AAA server scalability and
survivability
• Stateful 802.1X authentication for standalone APs
• MAC address, SSID and location-based
authentication Multi-SSID support for operation
of multiple WLANs
• SSID-based RADIUS server selection
• Secure AP control and management over IPSec
or GRE
• CAPWAP compatible and upgradeable
• Distributed WLAN mode for remote AP deployments
• Simultaneous centralized and distributed
WLAN support
Identity based security features
• Captive portal, 802.1X and MAC address
authentication
• Username, IP address, MAC address and
encryption key binding for strong network
identity creation
Alcatel-Lucent OmniAccess 4504, OmniAccess 4604, OmniAccess 4704
• Per-packet identity verification to prevent
impersonation
• RADIUS and LDAP-based AAA server support
• Internal user database for AAA server failover
protection
• Role-based authorization for eliminating
excess privilege
• Robust policy enforcement with stateful
packet inspection
• Per-user session accounting for usage auditing
• Web-based guest enrollment
• Configurable acceptable use policies for
guest access
• XML-based API for external captive
portal integration
• xSec option for wired LAN authentication and
encryption (802.1X authentication, 256-bit
AES-CBC encryption)
T E C H N I C A L
S P E C I F I C A T I O N S
Convergence features
• Voice and data on a single SSID for
converged devices
• Flow-based QoS using voice flow classification (VFC)
• Alcatel-Lucent NOE, SIP, Spectralink SVP, SCCP
and Vocera ALGs
• Strict priority queuing for over-the-air QoS
• 802.11e support – WMM, U-APSD and T-SPEC
• QoS policing for preventing network abuse
via 802.11e
• DiffServ marking and 802.1p support for
network QoS
• On-hook and off-hook VoIP client detection
• VoIP call admission control (CAC) using VFC
• Call reservation thresholds for mobile VoIP calls
• Voice-aware RF management for ensuring
voice quality
• Fast roaming support for ensuring mobile
voice quality
• SIP early media and ringing tone generation
(RFC 3960)
• Per-user and per-role rate limits (bandwidth
contracts)
Adaptive radio management
(ARM ) features
• Automatic channel and power settings for
thin APs
• Simultaneous air monitoring and end-user services
• Self-healing coverage-based on dynamic
RF conditions
• Dense deployment options for capacity optimization
• AP load balancing-based on number of users
• AP load balancing-based on bandwidth utilization
• Coverage hole and RF interference detection
• 802.11h support for radar detection and avoidance
• Automated location detection for active RFID tags
• Built-in XML-based Location API for
RFID applications
Wireless intrusion protection
features
• Integration with WLAN infrastructure
• Simultaneous or dedicated air monitoring
capabilities
• Rogue AP detection and built-in location
visualization
• Automatic rogue, interfering and valid AP
classification
• Over-the-air and over-the-wire rogue
AP containment
• Ad hoc WLAN network detection and containment
• Windows client bridging and wireless
bridge detection
• Denial of service attack protection for APs
and stations
• Mis-configured standalone AP detection
and containment
• Third party AP performance monitoring
and troubleshooting
• Flexible attack signature creation for new
WLAN attacks
• EAP handshake and sequence number analysis
• Valid AP impersonation detection
• Frame floods, fake AP and Airjack attack detection
• ASLEAP, death broadcast, null probe
response detection
• Netstumbler-based network probe detection
Networking features and
advanced services
• L2 and L3 switching over-the-air and over-the-wire
• VLAN pooling for easy, scalable network designs
• VLAN mobility for seamless L2 roaming
• Proxy mobile IP and proxy DHCP for L3 roaming
• Built-in DHCP server and DHCP relay
• VRRP-based N+1 WLAN switch redundancy (L2)
• AP provisioning-based N+1 WLAN
switch redundancy (L3)
• Etherchannel support for link redundancy
Stateful firewall features
• 802.1d Spanning Tree Protocol (STP)
• Stateful packet inspection tied to user identity
or ports
• Location and time-of-day aware policy definition
• 802.11 station awareness for WLAN firewalling
• Over-the-air policy enforcement and station
blacklisting
• Session mirroring and per-packet logs for
forensic analysis
• Detailed firewall traffic logs for usage auditing
• Application layer gateway (ALG) support for
NOE, SIP, SCCP, RTSP, Vocera, FTP, TFTP, PPTP
• Source and destination Network Address
Translation (NAT)
• Dedicated flow processing hardware for high
performance
• TCP, ICMP denial of service attack detection
and protection
• Policy-based forwarding into GRE tunnels for
guest traffic
• External service interface for third party security
integration for inline anti-virus, anti-spam and
content filtering apps
• Heath checking and load balancing for
external services
• 802.1Q VLAN tags
WLAN switch-based
management features
• RF Planning and AP Deployment Toolkit
• Centralized AP provisioning and image management
• Live coverage visualization with RF heat maps
• Detailed statistics visualization for monitoring
• Remote packet capture for RF troubleshooting
• Interoperable with Ethereal and Airopeek analyzers
• Multi-WLAN switch configuration management
• Location visualization and device tracking
• System-wide event collection and reporting
Administration features
• Web-based user interface access over HTTP
and HTTPS
• Quickstart screens for easy WLAN
switch configuration
• CLI access using SSH, Telnet and console port
• Role-based access control for restricted
admin access
• Authenticated access via RADIUS, LDAP or
Internal DB
VPN server features
• Site-to-site VPN support for branch
office deployments
• SNMPv3 and SNMPv2 support for WLAN
switch monitoring
• Site-to-site interoperability with third party
VPN servers
• Standard MIBs and private enterprise MIBs
• Detailed message logs with syslog event notification
• VPN server emulation for easy integration
into WLAN
Power consumption
• L2TP/IPSec VPN termination for Windows
VPN clients
• OAW-4604: 45 W maximum
• OAW-4504: 35 W maximum
• XAUTH/IPSec VPN termination for third
party clients
• OAW-4704: 60 W maximum
• PPTP VPN termination for legacy VPN integration
• RADIUS and LDAP server support for
VPN authentication
• PAP, CHAP, MS-CHAP and MS-CHAPv2
authentication
• Hardware encryption for DES, 3DES, AES, MPPE
• Secure point-to-point xSec tunnels for L2 VPNs
Alcatel-Lucent OmniAccess 4504, OmniAccess 4604, OmniAccess 4704
3
T E C H N I C A L
S P E C I F I C A T I O N S
Power specifications (AC input
requirements)
Operating specifications and
dimensions
OAW-4504
• Operating temperature range 0° to 40° C
• Industry Canada Class A
• AC Input Voltage: 90-264 V~, universal input
• Storage temperature range 10° to 70° C
• VCCI Class A (Japan)
• AC Input Current: 1.5 A
• Humidity, non-condensing 5 to 95%
• AC Input Frequency: 47-63 Hz
• Height 1.75˝ (44 mm)
OAW-4604 and OAW-4704
• Width 13.8˝ (351 mm)
• AC Input Voltage: 90-264 V~, universal input
• Depth 11.7˝ (297 mm)
• EN 55022 Class A (CISPR 22 Class A), EN 61000-3,
EN 61000-4-2, EN 61000-4-3, EN 61000-4-4,
EN 61000-4-5, EN 61000-4- 6, EN 61000-4-8,
EN 61000-4-11, EN 55024, AS/NZS 3548
• AC Input Current: 2.2 A
Weight
• AC Input Frequency: 47-63 Hz
• FCC part 15 Class A CE
• UL 60950, EN60950
• OAW-4504: 7.1 lbs/3.2 Kg (unboxed)
• OAW-4604 / OAW-4704: 7.4 lbs/3.4 Kg
(unboxed)
O R D E R I N G
Regulatory and safety compliance
• CAN/CSA 22.2 #60950
• CE mark, cTUVus, GS, CB, C-tick, Anatel, NOM,
MIC, IQC
I N F O R M A T I O N
PART NUMBER
DESCRIPTION
OAW-4504-0
OmniAccess 4504 - 4x 10/100/1000BaseT (RJ-45) or 1000BaseX (SFP) dual personality ports (no AP license included). Can support up to 32
APs (additional AP licenses required).
OAW-4504-8
OmniAccess 4504 - 4x 10/100/1000BaseT (RJ-45) or 1000BaseX (SFP) dual personality ports, bundled with 8 AP license. Can support up to
32 APs (additional AP licenses required).
OAW-4604-0
OmniAccess 4604 - 4x 10/100/1000BaseT (RJ-45) or 1000BaseX (SFP) dual personality ports (no AP license included). Can support up to 64
APs (additional AP licenses required).
OAW-4604-32
OmniAccess 4604 - 4x 10/100/1000BaseT (RJ-45) or 1000BaseX (SFP) dual personality ports, bundled with 32 AP license. Can support up to
64 APs (additional AP licenses required).
OAW-4704-0
OmniAccess 4704 - 4x 10/100/1000BaseT (RJ-45) or 1000BaseX (SFP) dual personality ports (no AP license included). Can support up to 128
APs (additional AP licenses required).
OAW-4704-64
OmniAccess 4704 - 4x 10/100/1000BaseT (RJ-45) or 1000BaseX (SFP) dual personality ports, bundled with 64 AP license. Can support up to
128 APs (additional AP licenses required).
OAW-SFP-SX
OmniAccess Wireless SFP - 1000BaseSX, LC Connector
OAW-SFP-LX
OmniAccess Wireless SFP - 1000BaseLX, LC connector
OAW-SFP-TX
OmniAccess Wireless SFP - 1000Base-T, RJ-45 connector
To learn more, contact your dedicated Alcatel-Lucent representative, authorized reseller, or sales agent. You can also visit our Web site at www.alcatel-lucent.com.
www.alcatel-lucent.com
This document is provided for planning purposes only and does not create, modify, or supplement
any warranties, which may be made by Alcatel-Lucent relating to the products and/or services described
herein. The publication of information contained in this document does not imply freedom from patent
or other protective rights of Alcatel-Lucent or other third parties.
Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other
trademarks are the property of their respective owners. Alcatel-Lucent assumes no responsibility for
the accuracy of the information presented, which is subject to change without notice.
© 2007 Alcatel-Lucent. All rights reserved. P/N 031970-00 Rev. B 1/08