Huawei ACU2 Wireless Access Controller Datasheet

Huawei ACU2 Wireless Access Controller Datasheet
Huawei Wireless Access Controller
Unit2 Brochure-Detailed
Huawei Wireless Access Controller Unit2 Brochure-Detailed
Huawei Access Controller Unit 2 (ACU2) is a WLAN service unit installed on Huawei S12700/S9700/S7700 switches, and
provides Access Controller (AC) functions. The ACU2 can be used to provide wireless services on large enterprise or campus
networks. It features large capacity, high reliability, various types of services, and works with Huawei wireless Access Points
(APs) to deliver large-scale, high-density access services.
High access capacity and processing capability
• An ACU2 can manage a maximum of 2048 APs and 32K
STAs.
• The ACU2 provides a nearly 40 Gbit/s line-speed forwarding
capability.
Flexible user policy management and authorization control
capability
• The ACU2 implements per-user access control based on ACLs,
VLAN IDs, and bandwidth limits sent from the RADIUS server.
• You can define user groups for users of different roles and
apply access control policies to the user groups. Access of
users in a user group is controlled based on the ACL, user
isolation policy, and bandwidth limit applied to the user
group. You can configure inter-group user isolation or intragroup user isolation as required to implement access control.
A WLAN can be built rapidly by adding ACU2s to wired
network switches. This shortens WLAN construction
costs and time, and reduces the Total Cost of
Ownership (TCO). Huawei ACU2 leads the industry
with the capacity to manage 2,048 APs. It provides
Independent service unit, facilitating centralized deployment
and capacity expansion
flexible data forwarding, fine-grained user group
• The ACU2, as a switch card, provides both wired and wireless
service capabilities, reducing space occupied and cables in
equipment rooms and lowering network construction cost.
management, and end-to-end QoS guarantees.
• Multiple ACU2s can be installed on a switch to manage N x
2,048 APs (N is the number of ACU2s).
802.11ac-Compatible
Visualized WLAN network management and maintenance
Huawei ACU2 is compatible with Huawei 802.11ac
•
wireless APs, permitting users to seamlessly expand
The ACU2 and APs establish Fit AP + AC networking
for centralized AP management, facilitating network
management and maintenance. Huawei AC and AP
products support the standard Link Layer Discovery Protocol
(LLDP), which helps display topologies of wired and wireless
networks for visualized management and maintenance.
1 WLAN
Product Characteristics
management control policies, comprehensive radio
wireless networks without incurring additional
administrative or equipment expense.
Typical Networking
The ACU 2 can be installed on switches as a WLAN service unit. It can be deployed in the following
modes:
•
Inline mode
The ACU2 is installed on the aggregation switch to manage downstream APs or APs connected to access
switches.
•
Bypass mode
The ACU2 is installed on the aggregation switch, but the ACU2 and APs are located in different areas.
APs communicate with the aggregation switch through Layer 3 routing.
ACU2 topology
Service
management
layer
eSight
Internet
Aggregation switch
Service
access
layer
User layer
Aggregation switch
ACU2
Access switch
Access switch
WLAN 2
Physical Specifications
Parameter
Description
Board dimensions
35.56 mm x 380.00 mm x 378.45 mm (height x width x
depth)
Maximum power consumption
168 w
Board weight
3.2 kg
Performance Specifications
3 WLAN
Parameter
Specifications
Forwarding capability
40 Gbit/s
Number of managed APs
2048
Number of access users
• Entire device: 32K
• Single AP: a maximum of 256 (depending on the AP model)
Number of MAC address entries
32K
Number of VLANs
4K
Number of routing entries
16K
Number of ARP entries
48K
Number of multicast forwarding
entries
2K
Number of DHCP IP address
pools
256 IP address pools, each of which contains a maximum of 16K IP
addresses
Number of local users
1000
Number of ACLs
32K
Number of ESSIDs
8K
User group management
• 128 user groups
• Each user group can reference a maximum of eight ACLs.
• Each user group can associate with a maximum of 128 ACL rules.
Feature List
Switching and forwarding features
Feature
Description
Ethernet
•
•
•
•
•
VLAN
• Access modes of access, trunk, and hybrid
• Default VLAN
MAC
•
•
•
•
ARP
• Static and dynamic ARP entries
• ARP in a VLAN
• Aging of ARP entries
LLDP
• LLDP
MSTP
•
•
•
•
•
STP
RSTP
MSTP
BPDU protection, root protection, and loop protection
Partitioned STP
IPv4 features
•
•
•
•
ARP and RARP
ARP proxy
Auto-detection
NAT
Ethernet
features
Ethernet loop
protection
IPv4
forwarding
•
•
•
•
Unicast routing
•
features
•
•
•
•
Multicast
routing
features
•
•
•
•
Jumbo frames
Link aggregation
Load balancing among links of a trunk
Interface isolation and forwarding restriction
Broadcast storm suppression
Automatic learning and aging of MAC addresses
Static, dynamic, and blackhole MAC address entries
Packet filtering based on source MAC addresses
Interface-based MAC learning limiting
Static route
RIP-1 and RIP-2
OSPF
BGP
IS-IS
Routing policies and policy-based routing
URPF check
DHCP server and relay
DHCP snooping
IGMPv1, IGMPv2, and IGMPv3
PIM-SM
Multicast routing policies
RPF
WLAN 4
Feature
Description
IPv6 features
IPv6
forwarding
• ND Protocol
•
•
•
Unicast routing
•
features
•
•
•
Static route
RIPng
OSPFv3
BGP4+
IS-IS IPv6
DHCPv6
DHCPv6 Snooping
Multicast
routing
features
• MLD
Device
reliability
BFD
• BFD
Layer 2
multicast
features
Layer 2
multicast
•
•
•
•
IGMP snooping
Prompt leave
Multicast traffic control
Inter-VLAN multicast replication
EFM OAM
•
•
•
•
Neighbor discovery
Link monitoring
Fault notification
Remote loopback
Traffic
classification
• Traffic classification based on the combination of the L2 protocol
header, IP 5-tuple, and 802.1p priority
Action
•
•
•
•
•
Access control after traffic classification
Traffic policing based on traffic classification
Re-marking packets based on traffic classifiers
Class-based packet queuing
Associating traffic classifiers with traffic behaviors
Queue
scheduling
•
•
•
•
•
PQ scheduling
DRR scheduling
PQ+DRR scheduling
WRR scheduling
PQ+WRR scheduling
Congestion
avoidance
• SRED
• WRED
Ethernet OAM
QoS features
5 WLAN
Feature
Description
•
•
Terminal service •
•
•
File system
Configuration
and
maintenance
• File systems
• Directory and file management
• File uploading and downloading using FTP and TFTP
• Unified management over logs, alarms, and debugging
information
• Electronic labels
Debugging and
• User operation logs
maintenance
• Detailed debugging information for network fault diagnosis
• Network test tools such as traceroute and ping commands
• Interface mirroring and flow mirroring
Version
upgrade
Security and
management
Configurations using command lines
Error message and help information in English
Configurations using Web Platform
Login through console and Telnet terminals
Send function and data communications between terminal users
• Device software loading and online software loading
• BIOS online upgrade
• In-service patching
• Different user levels for commands, preventing unauthorized
users from accessing device
• SSHv2.0
• RADIUS and HWTACACS authentication for login users
• ACL filtering
System security • DHCP packet filtering (with the Option 82 field)
• Defense against control packet attacks
• Defenses against attacks such as source address spoofing, Land,
SYN flood (TCP SYN), Smurf, ping flood (ICMP echo), Teardrop,
and Ping of Death attacks
• IPSec
Network
management
•
•
•
•
ICMP-based ping and traceroute
SNMPv1, SNMPv2c, and SNMPv3
Standard MIB
RMON
Wireless networking capabilities
Feature
Description
Networking between APs and
ACs
• APs and ACs can be connected through a Layer 2 or Layer 3
network.
• APs can be directly connected to an AC.
• APs are deployed on a private network, while ACs are deployed
on the public network to implement NAT traversal.
• ACs can be used for Layer 2 bridge forwarding or Layer 3 routing.
WLAN 6
Feature
Description
Forwarding mode
• Direct forwarding (distributed forwarding or local forwarding)
• Tunnel forwarding (centralized forwarding)
• Centralized authentication and distributed forwarding
Before users are authenticated, tunnel forwarding is used. After
users are authenticated, local forwarding is used.
Wireless networking mode
WDS bridging:
• Point-to-point (P2P) wireless bridging
• Point-to-multipoint (P2MP) wireless bridging
• Automatic topology detection and loop prevention (STP)
Wireless mesh network
• Access authentication for mesh devices
• Mesh routing algorithm
• Go-online without configuration
AC discovery
• An AP can obtain the device's IP address in any of the following
ways:
- Static configuration
- DHCP
- DNS
• The AC uses DHCP or DHCPv6 to allocate IP addresses to APs.
• DHCP or DHCPv6 relay is supported.
• On a Layer 2 network, APs can discover the AC by sending
broadcast CAPWAP packets.
CAPWAP tunnel
• Centralized CAPWAP
• CAPWAP control tunnel and data tunnel (optional)
• CAPWAP tunnel forwarding and direct forwarding in an extended
service set (ESS)
• Datagram Transport Layer Security (DTLS) encryption, which is
enabled by default for the CAPWAP control tunnel
• Heartbeat detection and tunnel reconnection
Active and standby ACs
•
•
•
•
Enables and disables the switchback function.
Supports load balancing.
Supports 1+1 hot backup.
Supports N+1 backup.
AP management
7 WLAN
Feature
Description
AP access control
• Displays MAC addresses or SNs of APs in the whitelist.
• Adds a single AP or multiple APs (by specifying a range of MAC
addresses or SNs) to the whitelist.
• Automatically discovering and manually confirming APs.
• Automatically discovering APs without manually confirming them.
Feature
Description
AP region management
• Supports three AP region deployment modes:
- Distributed deployment: APs are deployed independently. An
AP is equivalent to a region and does not interfere with other
APs. APs work at the maximum power and do not perform
radio calibration.
- Common deployment: APs are loosely deployed. The transmit
power of each radio is less than 50% of the maximum transmit
power.
- Centralized deployment: APs are densely deployed. The
transmit power of each radio is less than 25% of the maximum
transmit power.
• Specifies the default region to which automatically discovered
APs are added.
AP profile management
• Specifies the default AP profile that is applied to automatically
discovered APs.
AP type management
• Manages AP attributes including the number of interfaces, AP
types, number of radios, radio types, maximum number of virtual
access points (VAPs), maximum number of associated users, and
radio gain (for APs deployed indoors).
• Provides default AP types.
• Supports user-defined AP types.
Network topology management
Supports LLDP topology detection.
Radio management
Feature
Description
Radio profile management
• The following parameters can be configured in a radio profile:
- Radio working mode and rate
- Automatic or manual channel and power adjustment mode
- Radio calibration interval
• The radio type can be set to 802.11n, 802.11b/g/n, 802.11a/n,
or 802.11ac.
• You can bind a radio to a specified radio profile.
Unified static configuration of
parameters
Radio parameters such as the channel and power of each radio are
configured on the AC and then delivered to APs.
Dynamic management
• APs can automatically select working channels and power when
they go online.
• In an AP region, APs automatically adjust working channels and
power in the event of signal interference:
- Partial calibration: The optimal working channel and power of
a specified AP can be adjusted.
- Global calibration: The optimal working channels and power of
all the APs in a specified region can be adjusted.
• When an AP is removed or goes offline, the AC increases the
power of neighboring APs to compensate for the coverage hole.
• Automatic selection and calibration of radio parameters in AP
regions are supported.
WLAN 8
Feature
Description
Enhanced service capabilities
• The AC supports 802.1a/b/g/n/ac. These modes can be used
independently or jointly (a\n, b\g, b\g\n, and g\n).
• The AC preferentially uses the 5 GHz frequency band for STAs.
• 2.4 GHz and 5 GHz frequency load balancing
WLAN service management
9 WLAN
Feature
Description
ESS management
• Allows you to enable SSID broadcast, set the maximum number
of access users, and set the association aging time in an ESS.
• Isolates APs at Layer 2 in an ESS.
• Maps an ESS to a service VLAN.
• Associates an ESS with a security profile or a QoS profile.
• Enables IGMP for APs in an ESS.
VAP-based service management
• Adds multiple VAPs at a time by binding radios to ESSs.
• Displays information about a single VAP, VAPs with a specified
ESS, or all VAPs.
• Supports configuration of offline APs.
• Creates VAPs according to batch delivered service provisioning
rules in automatic AP discovery mode.
Service provisioning
management
• Supports service provisioning rules configured for a specified
radio of a specified AP type.
• Adds automatically discovered APs to the default AP region. The
default AP region is configurable.
• Applies a service provisioning rule to a region to enable APs in
the region to go online.
Multicast service management
• Supports IGMP snooping.
• Supports IGMP proxy.
Load balancing
• Performs load balancing among radios in a load balancing group.
• Supports two load balancing modes:
- Based on the number of STAs connected to each radio
- Based on the traffic volume on each radio
BYOD (Bring Your Own Device)
• Identification of device types according to the OUI in the MAC
address
• Identification of device types according to the user agent (UA)
field in an HTTP packet
• Identification of device types according to DHCP Option
information
• Carrying of device type information in RADIUS authentication and
accounting packets
Positioning services
• Locating AeroScout and Ekahau tags
• Locating Wi-Fi terminals
Feature
Description
Spectrum analysis
• Identification of the following interference sources: bluetooth,
microwave ovens, cordless phones, ZigBee, game controller, 2.4
GHz/5 GHz wireless audio and video devices, and baby monitors.
• Working with the eSight to locate the interference sources and
display spectrum.
WLAN user management
Feature
Description
Address allocation of wireless
users
Functions as a DHCP server to assign IP addresses to wireless users.
WLAN user management
• Supports user blacklist and whitelist.
• Controls the number of access users:
- Based on APs
- Based on SSIDs
• Logs out users in any of the following ways:
- Using RADIUS DM messages
- Using commands
• Supports various methods to view information:
- Allows you to view the user status by specifying the user MAC
address, AP ID, radio ID, or WLAN ID.
- Displays the number of online users in an ESS, AP, or radio.
- Collects packet statistics on air interface based on user.
• Supports intra-AC Layer 2 roaming.
NOTE
WLAN user roaming
Users can roam between APs connected to different physical ports
on an AC.
• Supports inter-VLAN Layer 3 roaming on an AC.
• Supports roaming between ACs.
• Supports fast key negotiation in 802.1x authentication.
• Authenticates users who request to reassociate with the AC and
rejects the requests of unauthorized users.
• Delays clearing user information after a user goes offline so that
the user can rapidly go online again.
User group management
• Supports ACLs.
• Supports user isolation:
- Inter-group isolation
- Intra-group isolation
WLAN security profile
management
• Manages authentication and encryption modes using WLAN
security profiles.
• Binds security profiles to ESS profiles.
WLAN 10
11 WLAN
Feature
Description
Authentication modes
• Open system authentication with no encryption
• WEP authentication/encryption
• WPA/WPA2 authentication and encryption:
- WPA/WPA2-PSK+TKIP
- WPA/WPA2-PSK+CCMP
- WPA/WPA2-802.1x+TKIP
- WPA/WPA2-802.1x+CCMP
• WAPI authentication and encryption:
- Supports centralized WAPI authentication.
- Supports three-certificate WAPI authentication, which is
compatible with traditional two-certificate authentication.
- Issues a certificate file together with a private key.
• Allows users to use MAC addresses as accounts for authentication
by the RADIUS server.
• Portal authentication:
- Allows an AC to function as a portal gateway.
- Prohibits an AC from functioning as a portal gateway.
- Supports only Layer 2 portal.
Combined authentication
• Combined MAC authentication:
- PSK+MAC authentication
• MAC+portal authentication:
- MAC authentication is used first. When MAC authentication
fails, portal authentication is used.
- This type of authentication applies only to centralized
forwarding.
AAA
• Local authentication/local accounts (MAC addresses and
accounts)
• RADIUS authentication
• Multiple authentication servers:
- Supports backup authentication servers.
- Specifies authentication servers based on account.
- Configures authentication servers based on account.
- Binds user accounts to SSIDs.
Security isolation
• Port-based isolation
• User group-based isolation
WIDS
Rouge device scan, identification, defense, and countermeasures,
which includes dynamic blacklist configuration and detection of
rogue APs, STAs, and network attacks.
Authority control
ACL limit based on the following:
• Port
• User group
• User
Other security features
• �SSID hiding
• �IP source guard:
- �Configures IP and MAC binding entries statically.
- �Generates IP and MAC binding entries dynamically.
WLAN QoS
Feature
Description
WMM profile management
• Enables or disables Wi-Fi Multimedia (WMM).
• Allows a WMM profile to be applied to radios of multiple APs.
Traffic profile management
• Manages traffic from APs and maps packet priorities according to
traffic profiles.
• Applies a QoS policy to each ESS by binding a traffic profile to
each ESS.
AC traffic control
• Manages QoS profiles.
• Uses ACLs to perform traffic classification.
• Limits incoming and outgoing traffic rates for each user based on
inbound and outbound CAR parameters.
• Limits the traffic rate based on ESSs or VAPs.
AP traffic control
• Controls traffic of multiple users and allows users to share
bandwidth.
• Limits the rate of a specified VAP.
Packet priority configuration
• Sets the QoS priority (IP precedence or DSCP priority) for CAPWAP
control channels.
• Sets the QoS priority for CAPWAP data channels:
- Allows you to specify the CAPWAP header priority.
- Maps 802.1p priorities of user packets to ToS priorities of
tunnel packets.
Airtime scheduling
• Allocates equal time to users for occupying the channel, which
improves users' Internet access experience.
Professional Service and Support
Huawei WLAN planning tools deliver expert network design and optimization services using the most
professional simulation platform in the industry. Backed by fifteen years of continuous investment in
wireless technologies, extensive network planning and optimization experience, as well as rich expert
resources, Huawei helps customers:
•
Design, deploy, and operate a high-performance network that is reliable and secure.
•
Maximize return on investment and reduce operating expenses.
More Information
For more information, please visit http://e.huawei.com or contact your local Huawei office.
Enterprise Services
13 WLAN
Product Overview
Marketing Documentation
WLAN 14
Copyright © Huawei Technologies Co., Ltd. 2014. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei
Technologies Co., Ltd.
Trademark Notice
, HUAWEI, and
are trademarks or registered trademarks of Huawei Technologies Co., Ltd.
Other trademarks, product, service and company names mentioned are the property of their respective owners.
General Disclaimer
The information in this document may contain predictive statements including,
without limitation, statements regarding the future financial and operating results,
future product portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially from those
expressed or implied in the predictive statements. Therefore, such information is
provided for reference purpose only and constitutes neither an offer nor an
acceptance. Huawei may change the information at any time without notice.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement