SPECIFICATION Sheet RFS 7000 Wireless Services Controller Enabling a secure and reliable Wireless Enterprise for campus, data center and large deployments FEATURES Wi-NG operating system — delivering a unified voice, data and RF management platform Improve business process flow with one platform for wireless voice, video, data and multiple RF technologies — such as RFID, Wi-Fi (including 802.11n) and future technologies such as Wi-MAX; rich enterpriseclass functionality includes seamless roaming across L2/L3 deployments, resilient failover capabilities, comprehensive security, toll-quality voice and other value-added services, such as multi-RF locationing Role-based wired/ wireless firewall Comprehensively secures and protects the wired and wireless network against attacks and unauthorized access at Layer 2 and Layer 3 with stateful inspection; ability to create identity and location-based policies provides granular control of network access SMART RF Management Next generation self-healing: enables the WLAN to automatically and intelligently adapt to changes in the RF environment to eliminate unforeseen gaps in coverage High performance Wireless LAN Controller for the demanding enterprise networks Designed for large scale, high bandwidth deployments, the RFS 7000 Wireless Services Controller provides highly scalable enterprise mobility in large enterprises, campuses and data centers. Motorola’s landmark Wireless Next Generation (Wi-NG) operating system enables a comprehensive set of services, offering unmatched security, reliability and mobility for high performance 802.11n networks. Easy to deploy and manage, the RFS 7000 provides a converged platform to deliver multimedia applications (data, voice, video), wireless networking, and value-added mobility services such as secure guest access and locationing for multi-RF networks. Cost-effective centralized management The RFS 7000 provides the tools you need to simplify and minimize the costs associated with day-to-day management of mobility solutions. The Wi-NG operating system provides unified management of network hardware, software configuration, and network policies, complete with built-in process monitors and troubleshooting tools. A valuable modular software offering, the AirDefense Infrastructure Management Solution, provides centralized control over the entire lifecycle of your Motorola mobility solution — allowing you to easily design, deploy, monitor and secure your wireless network. Raising the bar on enterprise-class performance The RFS 7000 offers a multicore, multithreaded Wi-NG operating system, intended for large scale, high bandwidth enterprise deployments. It easily handles from 8,000 to 96,000 mobile devices and 256 to 3,000 802.11 dual-radio thin a/b/g access points or 1,024 adaptive access points (AP 5131 a/b/g or AP 7131a/b/g/n) per switch/controller. The RFS 7000 delivers the investment protection enterprises require: Motorola’s patent pending clustering technology provides a 12X capacity increase, and a build-as-you-grow expansion of your network. Gap-free security for the Wireless Enterprise Comprehensive network security features keep wireless transmissions secure and provide compliance for HIPAA and PCI. The RFS 7000 provides gap-free security for the WLAN network, following a tiered approach to protect and secure data at every point in the network, wired or wireless. This complete solution includes a wired/wireless firewall, a built-in Wireless Intrusion Protection System (IPS), an integrated IPSec VPN gateway, AAA RADIUS server and secure guest access with a captive web portal, reducing the need to purchase and manage additional infrastructure. Additional security features include MAC-based authentication, 802.11w to secure management frames, NAC support, anomaly analysis and more. Motorola also offers a Common Criteria Evaluation Assurance Level 4 (CC EAL4) and FIPS 140-2 certified version of the RFS 7000. Enabling toll-quality voice for the Wireless Enterprise Support for VoWLAN provides cost-effective voice services throughout the wireless enterprise, enabling push-to-talk and more for employees inside the four walls as well as in outside areas such as the yard. The rich feature set provides granular control over the many wireless networking functions required to deliver high performance persistent clear connections with toll-quality voice. Quality of service (QoS) ensures superior performance for voice and video services. WMM Admission Control and 802.11k radio resource management, including TSPEC and SIP Call Adaptive AP: extending the enterprise Enables centralized management of adaptive access points at remote sites including automatic firmware upgrades; provides site survivability for remote locations with 802.11a/b/g/n networks for unparalleled resiliency Wireless Intrusion Protection System (IPS) The built-in wireless IPS defends against over-theair attacks by leveraging the sensing capabilities of Motorola’s AP 300, AP 650, AP51x1, or AP 7131 access points Secure Guest Access (Hotspot) Provides secure guest access for wired and wireless clients. built-in captive portal, customizable login/ welcome pages, URL redirection for user login, usage-based charging, dynamic VLAN assignment of clients, DNS white list, GRE tunneling of traffic to central site, API support for interoperabilty with custom web portals (e.g. Wandering WiFi), Amigopod, support for external authentication and billing systems Enhanced End-to-End Quality of Service (QoS) Enhances voice and video capabilities; prioritizes network traffic to minimize latency and provide optimal quality of experience; SIP Call Admission Control and Wi-Fi Multimedia Extensions (WMM-Power Save) with Admission Control enhances multimedia application support and improves battery life and capacity; network optimization through granular bandwidth contracts based on bandwidth utilization network load and number of users for different applications being used, in different locations; TSPEC 2 RFS 7000 network architecture The RFS 7000 offers the comprehensive functionality necessary to extend wireless voice and data access inside the largest of enterprises — as well as to remote locations inside and outside the enterprise campus walls. Admission Control, ensure dedicated bandwidth for voice calls as well as better control over active voice calls for a variety of VoIP handsets. Layer 3 hyper-fast secure roaming combines with readiness for external fixed-mobile convergence (FMC) solutions, enabling seamless voice services with true mobility across the enterprise. Enabling value-added mobility services The RFS 7000 supports seamless mobile access to multi-RF networks, enabling locationing and simplified real-time asset tracking throughout the network. In addition, the RFS 7000 offers unparalleled management flexibility — the user is free to choose between Motorola’s AirDefense Infrastructure Management solution, a partner portal or any other enterprise application for central monitoring and visualization. Secure guest access, onboard RADIUS services, granular access, bandwidth control at the client level and automatic load balancing enable highly optimized, flexible and secure hotspot deployments managed centrally through one console. Adaptive AP for increased network flexibility — and site survivability The RFS 7000 simplifies and reduces the cost of extending mobility to remote and branch offices as well as telecommuters. Motorola’s Independent Mesh Access Points (AP 51X1 a/b/g and AP 7131 a/b/g/n) can be deployed at remote locations yet centrally managed in the Network Operations Center (NOC) through the RFS 7000 (single controller or a cluster for scalability). An IPSec VPN tunnel secures all traffic between the access points and the wireless controller. Remote Site Survivability (RSS) mesh access points deliver secure uninterrupted wireless service — providing unparalleled resiliency that survives a WAN link outage. Put your RF on autopilot The Wi-NG operating system delivers SMART RF Management, which provides the dynamic RF tuning required for optimal network performance. This feature takes self-healing to the next level, dramatically reducing network monitoring IT costs by enabling the WLAN to intelligently adapt to the ever-changing RF environment. The ability to dynamically adjust the power and channels on any access port automatically eliminates the gaps in coverage that occur when an AP fails or there is a change in your environment — for example, the introduction of an increased volume of liquid or metal — all without any physical intervention. The elegant feature protects against under- or over-powering — scenarios that could reduce performance and network availability. And adjustments are completely transparent — there is no impact on voice calls and data sessions in progress — protecting the quality of service and the user experience to ensure user productivity. Maximize benefits — and minimize costs All the enterprise class services such as security, voice, performance and resiliency are built into the Wi-NG operating system — the innovative and modular operating system (OS) for the RFS 7000. These comprehensive services come at no additional cost and are packaged together to make mobility work — even better. End-to-end support As an industry leader in mobility, Motorola offers the experience gained from deploying mobility solutions all over the globe in many of the world’s largest enterprises. Leverage this expertise through Motorola Enterprise Mobility Services, which provides the comprehensive support programs you need to deploy and maintain your RFS 7000 at peak performance. Motorola recommends protecting your investment with Service from the Start Advance Exchange Support, a multi-year program that provides the next-business-day device replacement, technical software support and software downloads you need to keep your business running smoothly and productively. This service also includes Comprehensive Coverage, which covers normal wear and tear, as well as internal and external components damaged through accidental breakage — significantly reducing your unforeseen repair expenses. For more information, visit us on the web at www.motorola.com/rfs7000 or access our global contact directory at www.motorola.com/enterprisemobility/contactus RFS 7000 Specifications Packet Forwarding 802.1D-1999 Ethernet bridging; 802.11-.802.3 bridging; 802.1Q VLAN tagging and trunking; proxy ARP; IP packet steering-redirection Wireless Networking Wireless LAN: Supports 256 WLANs; multi-ESS/BSSID traffic segmentation; VLAN to ESSID mapping; auto assignment of VLANs (on RADIUS authentication); power save protocol polling; pre-emptive roaming; VLAN Pooling and dynamic VLAN adjustment; IGMP Snooping Bandwidth management: Congestion control per WLAN; per user based on user count or bandwidth utilization; dynamic load balancing thin and Adaptive APs in a cluster. Bandwidth provisioning via AAA server. Admission Control ensures ample bandwidth and a superior user experience for VoIP calls Real Time Locationing System (RTLS) Provides rich locationing services to enable realtime enterprise assettracking through support for 802.11, RFID and third party locationing solutions — including industry leaders AeroScout, Ekahau, and Newbury Networks. Standards-based support for: EPC Global ALE interface for processing and filtering data from all active and passive tags; and EPC Global LLRP interface for passive RFID tag support Clustering and failover features Supports multiple levels of redundancy and failover capabilities to ensure high availability networks; provides a single virtual IP (per VLAN) for the cluster for use as a default gateway by mobile devices/wired infrastructure, on-board DHCP/AAA server synchronized failover; multi-platform license sharing enables deployment of cost-effective networks True mobility Virtual AP provides better control of broadcast traffic and enables multiple mobile and wireless applications with quality of service when network is congested; Pre-emptive Roaming ensures Motorola mobile devices roam before signal quality degrades; Power Save Protocol optimizes battery life Access points: Supports 256 802.11 a/b/g AP 300s or 802.11a/b/g/n AP 650 thin access points for L2 or L3 deployment per switch and 3,072 AP 300s or AP 650s per cluster; Legacy support: AP100 for L2 deployments only Adaptive AP: Supports adoption of 1,024 adaptive AP 51X1 802.11a/b/g and AP 7131 802.11a/b/g/n access points in Adaptive Mode per switch/controller and 12,288 per cluster; multiple country configuration support; Legacy support: AP 4131 port conversion for L2 deployments only) Layer 2 or Layer 3 deployment of thin access points and adaptive AP AP 51X1 802.11a/b/g and AP 7131 802.11a/b/g/n access points IPv6 client support Continued on back 3 SPECIFICATION Sheet RFS 7000 Enabling a secure and reliable Wireless Enterprise for campus, data center and large deployments RFS 7000 Part Numbers: Layer 3 Mobility (Inter-Subnet Roaming) Optimized Wireless QoS RFS-7010-100R0-WR: Zero Port Wireless Switch Radio frequency automatic channel select (ACS); Transmit power control management (TPC); Country code-based RF configuration; 802.11b, 802.11g, 802.11a, and 802.11n RF priority: 802.11 traffic prioritization and precedence Wi-Fi Multimedia extensions: WMM-power save with TSPEC Admission Control; WMM U-APSD IGMP snooping: Optimizes network performance by preventing flooding of the broadcast domain RFS-7010-10030-WR: 64 Port Wireless Switch RFS-7010-10010-WR: 128 Port Wireless Switch RFS-7010-10020-WR: 256 Port Wireless Switch RFS-7010-UC-16-WR: 16 Port Upgrade License Certificate RFS-7010-ADSEC-LIC: RFS 7000 License for Advanced Security RFS-7010-ADP-64: RFS 7000 Licenses for 64 Adaptive Access Points RFS-7010-ADP-512: RFS 7000 Licenses for 512 Adaptive Access Points RFS-7010-ADP-1024: RFS 7000 Licenses for 1,024 Adaptive Access Points RFS-7010-APPL-LIC: RFS 7000 License for the Location Application License Network Security Role-based wired/wireless firewall ( L2-L7) with stateful inspection for wired and wireless traffic; Active firewall sessions — 205,000 per controller and 2,460,000 per cluster; protects against IP Spoofing and ARP Cache Poisoning Access Control Lists (ACLs): L2/L3/L4 ACLs SIP Call Admission Control: Controls the number of active SIP sessions initiated by a wireless VoIP phone Wireless IDS/IPS: Multi-mode rogue AP detection, Rogue AP Containment, 802.11n Rogue Detection, Ad-Hoc Network Detection, Denial of Service protection against wireless attacks, client blacklisting, excessive authentication/association; excessive probes; excessive disassociation/deauthentication; excessive decryption errors; excessive authentication failures; excessive 802.11 replay; excessive crypto IV failures (TKIP/CCMP replay); Suspicious AP, device in ad-hoc mode, unauthorized AP using authorized SSID, EAP flood, fake AP flood, ID theft, ad-hoc advertising authorized SSID 802.11k: Provides radio resource management to improve client throughput (11k client required) Classification and marking: Layer 1-4 packet classification; 802.1p VLAN priority; DiffServ/TOS Geofencing: Add location of users as a parameter that defines access control to the network WIPS sensor conversion: Supported on the AP 300, AP 650, and the adaptive AP 5131 and AP 7131 SMART RF: Network optimization to ensure user quality of experience at all times by dynamic adjustments to channel and power (on detection of RF interference or loss of RF coverage/neighbor recovery). Available for both thin APs and Adaptive APs. Anomaly Analysis: Source Media Access Control (MAC) = Dest MAC; Illegal frame sizes; Source MAC is multicast; TKIP countermeasures; all zero addresses Authentication:Access Control Lists (ACLS); pre-shared keys (PSK); 802.1x/EAP—transport layer security (TLS), tunneled transport layer security (TTLS), protected EAP (PEAP); Kerberos Integrated AAA/RADIUS Server with native support for EAP-TTLS, EAP-PEAP (includes a built in user name/password database; supports LDAP), and EAP-SIM Transport encryption:WEP 40/128 (RC4), KeyGuard, WPA—TKIP, WPA2CCMP (AES), WPA2-TKIP 802.11w:Provides origin authentication, integrity, confidentiality and replay protection of management frames for AP 300 System Resiliency and Redundancy Active:Standby; Active:Active and N+1 redundancy with access port and MU load balancing; Critical resource monitoring Virtual IP: Single virtual IP (per VLAN) for a switch cluster for use as a default gateway for mobile devices or by wired infrastructure. Seamless fail-over of associated services e.g. DHCP Server. Dual Firmware bank supports Image Failover capability Management Command line interface (serial, telnet, SSH); secure Web-based GUI (SSL) for the wireless controller and the cluster; SNMP v1/v2/v3; SNMP traps—40+ user configurable options; Syslog; Firmware, Config upgrade via TFTP, FTP & SFTP (clients); simple network time protocol (SNTP); text-based switch/controller configuration files; DHCP (client/server/relay), controller auto-configuration and firmware updates with DHCP options; multiple user roles (for controller access); MIBs (MIB-II, Etherstats, wireless controller specific monitoring and configuration); Email notifications for critical alarms; MU naming capability Physical Characteristics Form factor: 1U Rack Mount Dimensions: 1.75 in. H x 17.32 in. W x 15.39 in. D 44.45 mm H x 440 mm W x 390.8 mm D Weight: 13.5 lbs./6.12 kg Physical interfaces: 4 10/100/1000 Cu/SFP Ethernet interfaces, 1 10/100 OOB port, 1 CF card slot, 2 USB slots, 1 serial port (RJ45 style) >65,000 Hours IPSec VPN gateway: Supports DES, 3DES and AES-128 and AES-256 encryption, with site-to-site and client-to-site VPN capabilities; supports 2,048 concurrent IPSEC tunnels per switch/controller — 24,576 per cluster Secure guest access (Hotspot provisioning) Provides secure guest access for wired and wireless clients. built-in captive portal, customizable login/ welcome pages, URL redirection for user login, usagebased charging, dynamic VLAN assignment of clients, DNS white list, GRE tunneling of traffic to central site, API support for interoperability with custom web portals (e.g. Wandering WiFi), Amigopod, support for external authentication and billing systems MTBF: Operating temperature: 32° F to 104° F /0° C to 40° C User Based VLANs (Standard) MAC Based Authentication (Standard) User Based QoS (Motorola VSA) Location Based Authentication (Motorola VSA) Allowed ESSIDs (Motorola VSA) Storage temperature: -40° F to 158° F/-40° C to 70° C Operating humidity: 5% to 85% (w/o condensation) Wireless RADIUS Support (Standard and Motorola Vendor Specific Attributes): NAC support with third party systems from Microsoft, Symantec and Bradford Real Time Locationing System (RTLS) RSSI based triangulation for Wi-Fi assets Tags supported: Ekahau, Aeroscout, Newbury, Gen 2 Tags Power Requirements AC input voltage: 90 – 264 VAC 50/60Hz Max Power Consumption 100W User Environment Storage humidity: 5% to 85% (w/o condensation) Max Operating Altitude 3000m Regulatory Product safety: UL / cUL 60950-1, IEC / EN60950-1 EMC compliance: FCC (USA), Industry Canada, CE (Europe), VCCI (Japan), C-Tick (Australia/New Zealand) RFID support: Compliant with LLRP protocol. Built-in support for the following Motorola RFID readers: fixed (XR440, XR450, XR480; mobile (RD5000) and handheld (MC9090-G RFID) motorola.com Part number SS-RFS 7000. Printed in USA 10/09. MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. ©2009 Motorola, Inc. All rights reserved. For system, product or services availability and specific information within your country, please contact your local Motorola office or Business Partner. Specifications are subject to change without notice.