lancom oap-322 - Aria Technologies

Dual-radio outdoor access point based on 802.11n for professional WLAN applications in the
1 Four external antennas for the parallel radio operation in 2.4 and 5 GHz
1 Optimized network load at 2.4 GHz due to Band Steering
1 Connectors for Gigabit Ethernet with Power over Ethernet based on IEEE 802.3af and Fast Ethernet
1 Optionally with external power supply for 10 - 28V
1 Robust IP66 protective housing reliable even at extreme temperatures (-33°C to +70°C)
1 Comfortable integration of external users with the Public Spot Option
The dual-radio outdoor access point LANCOM OAP-322 is ideal for professional WLAN applications outdoors, for instance for the installation of hotspot scenarios. Thanks
to two WLAN radio modules based in IEEE 802.11n for parallel operation in 2.4 and 5 GHz as well as the robust IP66 protective housing for extreme environmental
conditions, versatile fields of application can be realized. Further, due to the support of Power over Ethernet based on IEEE 802.3af, the LANCOM OAP-322 can also be
operated reliably at locations without power supply.
More flexibility.
The LANCOM OAP-322 provides versatile fields of application in the outdoors: Whether it be the comfortable installation of outdoor hotspots with the LANCOM Public
Spot Option, the professional WLAN coverage of outdoor areas, or the WLAN connectivity to the corporate network via point-to-point connections. Whatever the case,
the device can either be operated as an autonomous standalone access point or managed by a WLAN controller. There are also versatile options for choosing the power
supply: Depending on the local conditions, the LANCOM OAP-322 can either be operated via Power over Ethernet based on IEEE 802.3af even at locations without power
supply or, alternatively, via an external power supply for 10 – 28 V. Due to the robust IP66 protective housing, the device is also fit for operation in extreme environments
at temperatures between -30 and +70°C.
More security.
LANCOM ensures the highest security standards as it supports a comprehensive range of encryption and authentication mechanisms, including 802.11i, 802.1X, and
WPA2. With the aid of Multi-SSID and protocol filters, up to 16 different user groups can each be assigned with different levels of security. Even outdoor hotspots can be
securely realized with the LANCOM OAP-322 in combination with the LANCOM Public Spot Option: A flexibly configurable user authentication ensures that only authorized
guests are able to login to the hotspot. Matured quality-of-service functionalities as well as bandwidth limitation cater for a prioritization of business-critical applications
and thus contribute to failure safety.
More management.
Especially outdoors where conditions are difficult, for example when it is difficult to see the LEDs on an access point mounted on a high mast, a management system is
of high importance. With the free-of-charge LANconfig all device functions can be centrally managed. Further, and especially for hotspot scenarios with multiple clients,
an optimization of the radio field and the network load is vital. With Band Steering dual-band clients can be steered automatically to the more powerful 5 GHz frequency
band. And with Spectral Scan you have a useful, free-of-charge tool for the identification of WLAN sources of interference and an efficient network troubleshooting.
More reliability for the future.
LANCOM products are fundamentally designed for a product life spanning several years. They are equipped with hardware dimensioned for the future. Even reaching back
to older product generations, updates to the LANCOM Operating System – LCOS – are available several times a year, free of charge and offering major features.
Features as of: LCOS 9.00
Frequency band 2.4 GHz and 5 GHz
2400 -2483.5 MHz (ISM) and 5150-5825 MHz (depending on country-specific restrictions)
Data rates IEEE 802.11n
300 Mbps according to IEEE 802.11n with MCS15 (Fallback to 6,5 Mbps with MCS0)
Data rates IEEE 802.11b/g
54 Mbps to IEEE 802.11g (fallback to 48, 36 , 24, 18, 12, 9, 6 Mbps, Automatic Rate Selection) compatible to IEEE 802.11b (11, 5.5, 2, 1 Mbps,
Automatic Rate Selection), IEEE 802.11 b/g compatibility mode or pure g or pure b
Data rates IEEE 802.11a/ h
54 Mbps (fallback to 48, 36 , 24, 18, 12, 9, 6 Mbps, Automatic Rate Selection), fully compatible with TPC (adjustable power output) and DFS
(automatic channel selection, radar detection) according to EN 301 893
Output power at radio module, 2.4 GHz
IEEE 802.11b: +19 dBm @ 1 and 2 Mbps, +19 dBm @ 5.5 und 11 Mbps IEEE 802.11g: +18 dBm @ 6 to 36 Mbps, +17 dBm @ 48 Mbps, +16 dBm
@ 54 Mbps IEEE 802.11n: +19 dBm @ 6,5/13 Mbps (MCS0/8, 20 MHz), +10 dBm @ 65/130 Mbps (MCS7/15, 20 MHz), +17 dBm @ 15/30 Mbps
(MCS0/8, 40 MHz), +10 dBm @ 150/300 Mbps (MCS7/15, 40 MHz)
Output power at radio module, 5 GHz
IEEE 802.11a/h: +18 dBm @ 6 to 24 Mbps, +17 dBm @ 36 Mbps, +16 dBm @ 48 Mbps, +15 dBm @ 54 Mbps IEEE 802.11n: +18 dBm @ 6,5/13
Mbps (MCS0/8, 20 MHz), +10 dBm @ 65/130 Mbps (MCS7/15, 20 MHz), +17 dBm @ 15/30 Mbps (MCS0/8, 40 MHz), +10 dBm @ 150/300 Mbps
(MCS7/15, 40 MHz)
Output power at radio module, 2.4 GHz
IEEE 802.11b: 19 dBm@ 5.5 and 11 Mbps IEEE 802.11g: 16 dBm @ 54 Mbps IEEE 802.11n: 15 dBm @ 65/130 Mbps (MCS7, 20 MHz) 14 dBm @
150/300 Mbps (MCS7, 40 MHz)
Output power at radio module, 5 GHz
IEEE 802.11a/h: +14 dBm @ 54 Mbps IEEE 802.11n: +12 dBm @ 65/130 Mbps (MCS7, 20 MHz) +11 dBm @ 150/300 Mbps (MCS7, 40 MHz)
Max. radiated power (EIRP), 2.4 GHz band
IEEE 802.11b/g: Up to 20 dBm / 100 mW EIRP (transmission power control according to TPC)
Max. radiated power (EIRP), 5 GHz band
IEEE 802.11a/h: Up to 30 dBm / 1000 mW or up to 36 dBm / 4000 mW EIRP (depending on national regulations on channel usage and subject to
further obligations such as TPC and DFS)
Minimum transmission power
Transmission power reduction in software in 1 dB steps to min. 0.5 dBm
Receiver sensitivity 2.4 GHz
IEEE 802.11b: -91 dBm @ 11 Mbps, -96 dBm @ 1 Mbps; IEEE 802.11g: -96 dBm @ 6 Mbps, -83 dBm @ 54 Mbps; IEEE 802.11n: -96 dBm @ 6,5
Mbps (MCS0, 20 MHz), -79 dBm @ 65 Mbps (MCS7, 20 MHz); -93 dBm @ 13 Mbps (MCS8, 20 MHz), -77 dBm @ 130 Mbps (MCS15, 20 MHz); -90
dBm @ 15 Mbps (MCS0, 40 MHz), -75 dBm @ 150 Mbps (MCS7, 40 MHz); -90 dBm @ 30 Mbps (MCS8, 40 MHz), -73 dBm @ 300 Mbps (MCS15,
40 MHz)
Receiver sensitivity 5 GHz
IEEE 802.11a/h: -95 dBm @ 6 Mbps, -82 dBm @ 54 Mbps; IEEE 802.11n: -95 dBm @ 6,5 Mbps (MCS0, 20 MHz), -77 dBm @ 65 Mbps (MCS7, 20
MHz); -94 dBm @ 13 Mbps (MCS8, 20 MHz), -74 dBm @ 130 Mbps (MCS15, 20 MHz); -91 dBm @ 15 Mbps (MCS0, 40 MHz), -75 dBm @ 150 Mbps
(MCS7, 40 MHz); -90 dBm @ 30 Mbps (MCS8, 40 MHz), -71 dBm @ 300 Mbps (MCS15, 40 MHz)
Receiver sensitivity 2.4 GHz (WLAN-2)
IEEE 802.11b: -90 dBm @11 Mbps IEEE 802.11g: -73 dBm @ 54 Mbps IEEE 802.11n: -69 dBm @ 65 Mbps (MCS7, 20 MHz) -65 dBm @ 150 Mbps
(MCS7, 40 MHz)
Receiver sensitivity 5 GHz (WLAN-2)
IEEE 802.11a/h: -72 dBm @ 54 Mbps IEEE 802.11n: -69 dBm@ 65 Mbps (MCS7, 20 MHz) -67 dBm @ 150 Mbps (MCS7, 40 MHz)
Radio channels 2.4 GHz
Up to 13 channels, max. 3 non-overlapping (depending on country-specific restrictions)
Radio channels 5 GHz
Up to 26 non-overlapping channels (available channels and further obligations such as automatic DFS dynamic channel selection depending on
national regulations)
Seamless handover between radio cells, IAPP support with optional restriction to an ARF context, IEEE 802.11d support
Opportunistic Key Caching**
Opportunistic key caching allows fast roaming processes between access points. WLAN installations utilizing a WLAN controller and IEEE 802.1X
authentication cache the access keys of the clients and are transmitted by the WLAN controller to all mananged access points
Fast roaming*
Based on IEEE 802.11r, allows fast roaming procedures between access points. This is possible by using IEEE 802.1X authentication or pre-shared
keys in controller based WLAN installations, which save the access keys temporarily and distribute them to the managed access points.
Concurrent WLAN clients
Up to 30 clients per radio (recommended), 512 clients (max.)
Fast client roaming
With background scanning, moving LANCOM 'client mode' access points pre-authenticate to alternative access points which offer a better signal
before Roaming fails
VLAN ID definable per interface, WLAN SSID, point-to-point connection and routing context (4094 IDs) IEEE 802.1q
Dynamic VLAN assignment
Dynamic VLAN assignment for target user groups based on MAC addresses, BSSID or SSID by means of external RADIUS server.
Q-in-Q tagging
Support of layered IEEE 802.1q VLANs (double tagging)
Simultaneous use of up to 8 independent WLAN networks per WLAN interface
IGMP snooping
Support for Internet Group Management Protocol (IGMP) in the WLAN bridge for WLAN SSIDs and LAN interfaces for specific switching of multicast
packets (devices with integrated WLAN only). Automated detection of multicast groups. Configurable action for multicast packets without registration.
Configuration of static multicast group members per VLAN ID. Configuration of query simulation for multicast membership per VLAN ID
Protected Management Frames
Protection of WLAN Management Frames, based on the standard IEEE 802.11w, against man-in-the-middle attacks by using Message Ingegrity
Codes (MIC)
Features as of: LCOS 9.00
IEEE 802.11i / WPA2 with passphrase (WPA2-Personal) or IEEE 802.1X (WPA2-Enterprise) and hardware-accelerated AES, closed network, WEP64,
WEP128, WEP152, user authentication, IEEE 802.1x /EAP, LEPS, WPA1/TKIP
EAP Types
RADIUS server
Integrated RADIUS server for MAC address list management
EAP server
Integrated EAP server for authentication of IEEE 802.1X clients via EAP-TLS, EAP-TTLS, PEAP, MSCHAP or MSCHAPv2
RADIUS Accounting per SSID
A RADIUS server can be set for each individual SSID
Quality of Service
Prioritization according to Wireless Multimedia Extensions (WME, subset of IEEE 802.11e)
U-APSD/WMM Power Save
Extension of power saving according to IEEE 802.11e by Unscheduled Automatic Power Save Delivery (equivalent to WMM Power Save). U-APSD
supports the automatic switch of clients to a doze mode. Increasmed battery lifetime for telephone calls over VoWLAN (Voice over WLAN)
Bandwidth limitation per WLAN client
Maximum transmit and receive bandwith and an individual VLAN ID can be assigned to each WLAN client (MAC address)
Bandwidth limitation per SSID
Maximum transmit and receive bandwith can be assigned to each SSID
Broken link detection
If the link of a chosen LAN interface breaks down, a WLAN module can be deactivated to let the associated clients search for a new base station
Background scanning
Detection of rogue AP's and the channel information for all WLAN channels during normal AP operation. The Background Scan Time Interval defines
the time slots in which an AP or Router searches for a foreign WLAN network in its vicinity. The time interval can be specified in either milliseconds,
seconds, minutes, hours or days
Client detection
Rogue WLAN client detection based on probe requests
IEEE 802.1X supplicant
Authentication of an access point in WLAN client mode at another access point via IEEE 802.1X (EAP-TLS, EAP-TTLS and PEAP)
Layer-3 Tunneling
Layer-3 Tunneling in conformity with the CAPWAP standard allows the bridging of WLANs per SSID to a separate IP subnet. Layer-2 packets are
encapsulated in Layer-3 tunnels and transported to a LANCOM WLAN controller. By doing this the access point is independent of the present
infrastructure of the network. Possible applications are roaming without changing the IP address and compounding SSIDs without using VLANs.
IEEE 802.11u
The WLAN standard IEEE 802.11u (Hotspot 2.0) allows for a seamless transition from the cellular network into WLAN hotspots. Authentication
methods using SIM card information, certificates or username and password, enable an automatic, encrypted login to WLAN hotspots - without
the need to manually enter login credentials.
Packet loss of point-2-point connections can be reduced by using the Parallel Redundancy Protocol with dual radio access points due to parallel
data transmissions
Auto WDS**
Auto WDS allows wireless integration of access points in existing WLAN infrastructure, including managment via WLAN controller.
**) Note
Only in installations with WLAN controller
LANCOM Active Radio Control
Client Steering*
WLAN clients are directed actively to the best available access point to provide the best overall load balancing and the highest possible bandwidth
for each client. Client Steering can be based on client number, frequency band, and signal strength.
Band Steering
Steering of WLAN clients towards the 5 GHz frequency band by restricting the access to the 2.4 GHz band.
RF Optimization*
Automatic selection of optimal WLAN channels. Due to reduced channel overlaps, WLAN clients benefit from an improved data throughput. In
controller-based installations, an automatic selection of optimal channels is conducted for all managed access points.
Adaptive Noise Immunity
By using adaptive noise immunity an access point can cut out sources of interferences in the radio field and focusses on clients with a sufficent
signal strength. Therefore, WLAN clients profit by having a higher data throughput available due to less interferences.
Spectral Scan (WLAN-2 only)
By scanning the entire RF spectrum, interferences in the WLAN can be identified and graphically illustrated. Up to 13 channels (2.4 GHz) or up to
26 channels (5 GHz) (depending on national regulations and manual configuration). Illustration of signal strength on individual WLAN channels
at a certain point of time
*) Note
Only in installations with WLAN controller
IEEE 802.11n Features
MIMO technology is a technique which uses multiple transmitters to deliver multiple data streams via different spatial channels. Depending on the
existing RF conditions the throughput is multiplied with MIMO technology.
40 MHz Channels
Two adjacent 20 MHz channels are combined to create a single 40 MHz channel. Depending on the existing RF Conditions channel bonding doubles
the throughput.
20/40MHz Coexistence Mechanisms in the
2.4GHz Band
Support of coexisting accesspoints with 20 and 40MHz channels in 2.4GHz band.
MAC Aggregation and Block
MAC Aggregation increase the IEEE 802.11 MAC efficiency by combining MAC data frames and sending it out with a single header. The receiver
acknowledges the combined MAC frame with a Block Acknowledgement. Depending on existing RF conditions, this technique improves throughput
by up to 20%.
Features as of: LCOS 9.00
IEEE 802.11n Features
Space Time Block Coding (STBC) (WLAN-2
Coding method according to IEEE 802.11n. The Space Time Block Coding improves reception by coding the data stream in blocks.
Low Density Parity Check (LDPC) (WLAN-2
Low Density Parity Check (LDPC) is an error correcting method. IEEE 802.11n uses convolution coding (CC) as standard error correcting method,
the usage of the more effective Low Density Parity Check (LDPC) is optional.
Maximal Ratio Combining (MRC)
Maximal Ratio Combining (MRC) enables the receiver (access point), in combination with multiple antennas, to optimally combine MIMO signals
to improve the client reception at long-range.
Short Guard Interval
The guard interval is the time between OFDM symbols in the air. IEEE 802.11n gives the option for a shorter 400 nsec guard interval compared to
the legacy 800 nsec guard interval. Under ideal RF conditions this increases the throughput by upto 10%
WLAN operating modes
WLAN access point
Infrastructure mode (autonomous operation or managed by LANCOM WLAN controller)
WLAN router
Use of the LAN connector for simultaneous DSL over LAN, IP router, NAT/Reverse NAT (IP masquerading) DHCP server, DHCP client, DHCP relay
server, DNS server, PPPoE client (incl.Multi-PPPoE), PPTP client and server, NetBIOS proxy, DynDNS client, NTP, port mapping, policy-based routing
based on routing tags, tagging based on firewall rules, dynamic routing with RIPv2, VRRP
WLAN client
Transparent WLAN client mode for wireless Ethernet extensions, e.g. connecting PCs or printers by Ethernet; up to 64 MAC addresses. Automatic
selection of a WLAN profile (max. 8) with individual access parameters depending on signal strength or priority
Stateful inspection firewall
Incoming/Outgoing Traffic inspection based on connection information. Trigger for firewall rules depending on backup status, e.g. simplified rule
sets for low-bandwidth backup lines. Limitation of the number of sessions per remote site (ID)
Packet filter
Check based on the header information of an IP packet (IP or MAC source/destination addresses; source/destination ports, DiffServ attribute);
remote-site dependant, direction dependant, bandwidth dependant
Extended port forwarding
Network Address Translation (NAT) based on protocol and WAN address, i.e. to make internal webservers accessible from WAN
N:N IP address mapping
N:N IP address mapping for translation of IP addresses or entire networks
The firewall marks packets with routing tags, e.g. for policy-based routing; Source routing tags for the creation of independent firewall rules for
different ARF contexts
Forward, drop, reject, block sender address, close destination port, disconnect
Via e-mail, SYSLOG or SNMP trap
Quality of Service
Traffic shaping
Dynamic bandwidth management with IP traffic shaping
Bandwidth reservation
Dynamic reservation of minimum and maximum bandwidths, totally or connection based, separate settings for send and receive directions. Setting
relative bandwidth limits for QoS in percent
Priority queuing of packets based on DiffServ/TOS fields
Packet-size control
Automatic packet-size control by fragmentation or Path Maximum Transmission Unit (PMTU) adjustment
Layer 2/Layer 3 tagging
Automatic or fixed translation of layer-2 priority information (IEEE 802.11p-marked Ethernet frames) to layer-3 DiffServ attributes in routing mode.
Translation from layer 3 to layer 2 with automatic recognition of IEEE 802.11p-support in the destination device
Intrusion Prevention
Monitoring and blocking of login attempts and port scans
IP spoofing
Source IP address check on all interfaces: only IP addresses belonging to the defined IP networks are allowed
Access control lists
Filtering of IP or MAC addresses and preset protocols for configuration access
Denial of Service protection
Protection from fragmentation errors and SYN flooding
Detailed settings for handling reassembly, PING, stealth mode and AUTH port
URL blocker
Filtering of unwanted URLs based on DNS hitlists and wildcard filters
Password protection
Password-protected configuration access can be set for each interface
Alerts via e-mail, SNMP traps and SYSLOG
Authentication mechanisms
EAP-TLS, EAP-TTLS, PEAP, MS-CHAP, MS-CHAPv2 as EAP authentication mechanisms, PAP, CHAP, MS-CHAP and MS-CHAPv2 as PPP authentication
WLAN protocol filters
Limitation of the allowed transfer protocols, source and target addresses on the WLAN interface
Features as of: LCOS 9.00
IP redirect
Fixed redirection of any packet received over the WLAN interface to a dedicated target address
High availability / redundancy
VRRP (Virtual Router Redundancy Protocol) for backup in case of failure of a device or remote station. Enables passive standby groups or reciprocal
backup between multiple active devices including load balancing and user definable backup priorities
For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updates
Line monitoring
Line monitoring with LCP echo monitoring, dead-peer detection and up to 4 addresses for end-to-end monitoring with ICMP polling
Routing functions
IP and NetBIOS/IP multi-protocol router
Advanced Routing and Forwarding
Separate processing of 16 contexts due to virtualization of the routers. Mapping to VLANs and complete independent management and configuration
of IP networks in the device, i.e. individual settings for DHCP, DNS, Firewalling, QoS, VLAN, Routing etc. Automatic learning of routing tags for
ARF contexts from the routing table
HTTP and HTTPS server for configuration by web interface
DNS client, DNS server, DNS relay, DNS proxy and dynamic DNS client
DHCP client, DHCP relay and DHCP server with autodetection. Cluster of several LANCOM DHCP servers per context (ARF network) enables caching
of all DNS assignments at each router. DHCP forwarding to multiple (redundant) DHCP servers
NetBIOS/IP proxy
NTP client and SNTP server, automatic adjustment for daylight-saving time
Policy-based routing
Policy-based routing based on routing tags. Based on firewall rules, certain data types are marked for specific routing, e.g. to particular remote
sites or lines
Dynamic routing
Dynamic routing with RIPv2. Learning and propagating routes; separate settings for LAN and WAN. Extended RIPv2 including HopCount, Output
Delay, Poisoned Reverse, Triggered Update for LAN (acc. to RFC 2453) and WAN (acc. to RFC 2091) as well as filter options for propagation of
routes. Definition of RIP sources with wildcards
DHCPv6 client, DHCPv6 server, DHCPv6 relay, stateless- and stateful mode, IPv6 address (IA_NA), prefix delegation (IA_PD), DHCPv6 reconfigure
(server and client)
Layer 2 functions
ARP lookup
Packets sent in response to LCOS service requests (e.g. for Telnet, SSH, SNTP, SMTP, HTTP(S), SNMP, etc.) via Ethernet can be routed directly to the
requesting station (default) or to a target determined by ARP lookup
Automatic discovery of network topology in layer 2 networks (Link Layer Discover Protocol)
DHCP option 82
DHCP relay agent information (option 82) can be insterted on devices with WLAN bridge (RFC 3046)
IPv6 layer 2 protocol filter
Router advertisement snopping blocks illegal IPv6 router advertisements in the WLAN bridge. DHCPv6 snopping blocks all illegal DHCPv6 servers.
The lightweight DHCPv6 relay agent (LDRA) can insert relay agent information on layer 2.
LAN protocols
Rapid Spanning Tree
IEEE 802.1d Spanning Tree and IEEE 802.1w Rapid Spanning Tree support for dynamic path selection with redundant layer 2 connections
NDP, stateless address autoconfiguration (SLAAC), stateful address autoconfiguration (with DHCPv6), router advertisements, ICMPv6, DHCPv6,
Dual Stack
IPv4/IPv6 dual stack
IPv6 compatible LCOS applications
WEBconfig, HTTP, HTTPS, SSH, Telnet, DNS, TFTP, Firewall, RAS dial-in
WAN protocols
PPPoE, Multi-PPPoE, ML-PPP, PPTP (PAC or PNS), L2TPv2 (LAC or LNS) and IPoE (with or without DHCP), RIP-1, RIP-2, VLAN, IP
IPv6 over PPP (IPv6 and IPv4/IPv6 dual stack session), IPoE (autoconfiguration, DHCPv6 or static)
Tunneling protocols (IPv4/IPv6)
6to4, 6in4, 6rd (static and via DHCP), Dual Stack Lite (IPv4 in IPv6 tunnel)
WAN operating mode
xDSL (ext. modem)
ADSL1, ADSL2 or ADSL2+ with external ADSL2+ modem
Features as of: LCOS 9.00
10/100/1000 Mbps, auto-sensing algorithm
10/100 Mbps, auto-sensing algorithm
External antenna connectors
Four N connectors for external LANCOM AirLancer Extender antennas or for antennas from other vendors. Please respect the restrictions which
apply in your country when setting up an antenna system. For information about calculating the correct antenna setup, please refer to
LCMS (LANCOM Management System)
Configuration program for Microsoft Windows, incl. convenient Setup Wizards. Optional group configuration, simultaneous remote configuration
and management of multiple devices over IP connection (HTTPS, HTTP, SSH, TFTP). A tree view of the setting pages like in WEBconfig provides
quick access to all settings in the configuration window. Password fields which optionally display the password in plain text and can generate
complex passwords. Configuration program properties per project or user. Automatic storage of the current configuration before firmware updates.
Exchange of configuration files between similar devices, e.g. for migrating existing configurations to new LANCOM products. Detection and display
of the LANCOM managed switches. Extensive application help for LANconfig and parameter help for device configuration. LANCOM QuickFinder
as search filter within LANconfig and device configurations that reduces the view to devices with matching properties. Central configuration of
each management port.
Monitoring application for Microsoft Windows for (remote) surveillance and logging of the status of LANCOM devices and connections, incl. PING
diagnosis and TRACE with filters and save to file. Search function within TRACE tasks. Wizards for standard diagnostics. Export of diagnostic files
for support purposes (including bootlog, sysinfo and device configuration without passwords). Graphic display of key values (marked with an icon
in LANmonitor view) over time as well as table for minimum, maximum and average in a separate window, e. g. for Rx, Tx, CPU load, free memory.
Monitoring of the LANCOM managed switches. Flick easily through different search results by LANCOM QuickFinder
Monitoring application for Microsoft Windows for the visualization and monitoring of LANCOM WLAN installations, incl. Rogue AP and Rogue
Client visualization. LANCOM QuickFinder as search filter that reduces the view to devices with matching properties
Firewall GUI
Graphical user interface for configuring the object-oriented firewall in LANconfig: Tabular presentation with symbols for rapid understanding of
objects, choice of symbols for objects, objects for actions/Quality of Service/remote sites/services, default objects for common scenarios, individual
object definition (e.g. for user groups)
Automatic software update
Voluntary automatic updates for LCMS. Search online for LCOS updates for devices managed by LANconfig on the myLANCOM download server
(myLANCOM account mandatory). Updates can be applied directly after the download or at a later time
Integrated web server for the configuration of LANCOM devices via Internet browsers with HTTPS or HTTP. Similar to LANconfig with a system
overview, SYSLOG and events display, symbols in the menu tree, quick access with side tabs. WEBconfig also features Wizards for basic configuration,
security, Internet access, LAN-LAN coupling. Online help for parameters in LCOS menu tree
LANCOM Layer 2 Management (emergency
The LANCOM Layer 2 Management protocol (LL2M) enables an encrypted access between the command line interfaces of two LANCOM device
directly via a Layer 2 connection
Alternative boot configuration
During rollout devices can be preset with project- or customer-specific settings. Up to two boot- and reset-persistent memory spaces can store
customized configurations for customer-specific standard settings (memory space '1') or as a rollout configuration (memory space '2'). A further
option is the storage of a persistent standard certificate for the authentication of connections during rollouts
SYSLOG buffer in the RAM (size depending on device memory) to store events for diagnosis. Default set of rules for the event protocol in SYSLOG.
The rules can be modified by the administrator. Display and saving of internal SYSLOG buffer (events) from LANCOM devices with LANmonitor,
display only with WEBconfig
Access rights
Individual access and function rights for up to 16 administrators. Alternative access control on a per parameter basis with TACACS+
User administration
RADIUS user administration for dial-in access (PPP/PPTP). Support for RADSEC (Secure RADIUS) providing secure communication with RADIUS
Remote maintenance
Remote configuration with Telnet/SSL, SSH (with password or public key), browser (HTTP/HTTPS), TFTP or SNMP, firmware upload via HTTP/HTTPS
Support of TACACS+ protocol for authentication, authorization and accounting (AAA) with reliable connections and encrypted payload. Authentication
and authorization are separated completely. LANCOM access rights are converted to TACACS+ levels. With TACACS+ access can be granted per
parameter, path, command or functionality for LANconfig, WEBconfig or Telnet/SSH. Each access and all changes of configuration are logged.
Access verification and logging of SNMP Get and Set requests. WEBconfig supports the access rights of TACACS+ and choice of TACACS+ server
at login. LANconfig provides a device login with the TACACS+ request conveyed by the addressed device. Authorization to execute scripts and each
command within them by checking the TACACS+ server’s database. CRON, action-table and script processing can be diverted to avoid TACACS+
to relieve TACACS+ servers. Redundancy by setting several alternative TACACS+ servers. Configurable option to fall back to local user accounts in
case of connection drops to the TACACS+ servers. Compatibility mode to support several free TACACS+ implementations
Support of RADIUS protocol for authentication of configuration access. Administrative privileges can be assigned for each administrator.
Remote maintenance of 3rd party devices
A remote configuration for devices behind der LANCOM can be accomplished (after authentication) via tunneling of arbitrary TCP-based protocols,
e.g. for HTTP(S) remote maintenance of VoIP phones or printers of the LAN. Additionally, SSH and Telnet client allow to access other devices from
a LANCOM device with an interface to the target subnet if the LANCOM device can be reached at its command line interface
Features as of: LCOS 9.00
TFTP & HTTP(S) client
For downloading firmware and configuration files from a TFTP, HTTP or HTTPS server with variable file names (wildcards for name, MAC/IP address,
serial number), e.g. for roll-out management. Commands for live Telnet session, scripts or CRON jobs. HTTPS Client authentication possible by
username and password or by certificate
SSH & Telnet client
SSH-client function compatible to Open SSH under Linux and Unix operating systems for accessing third-party components from a LANCOM router.
Also usable when working with SSH to login to the LANCOM device. Support for certificate- and password-based authentication. Generates its own
key with sshkeygen. SSH client functions are restricted to administrators with appropriate rights. Telnet client function to login/administer third
party devices or other LANCOM devices from command line interface
HTTPS Server
Option to choose if an uploaded certificate or the default certificate is used by the HTTPS server
Large Scale Monitor (LSM)
The LANCOM Large Scale Monitor (LSM) is a professional tool for monitoring medium-sized to large-scale networks with 25 to 1,000 network
components. Designed especially for LANCOM components including WLAN access points, controllers, switches, and routers, this system based on
open-source components additionally allows for the monitoring of third-party products such as servers and printers. Problems in the network are
clearly displayed in tables or graphical floor plans, and they trigger alert messages via e-mail if certain threshold values are not maintained.
Access rights (read/write) over WAN or (W)LAN can be set up separately (Telnet/SSL, SSH, SNMP, HTTPS/HTTP), access control list
Scripting function for batch-programming of all command-line parameters and for transferring (partial) configurations, irrespective of software
versions and device types, incl. test mode for parameter changes. Utilization of timed control (CRON) or connection establishment and termination
to run scripts for automation. Scripts can send e-mails with various command line outputs as attachments
Load commands
LoadFirmware, LoadConfig and LoadScript can be executed conditionally in case certain requirements are met. For example, the command
LoadFirmware could be executed on a daily basis and check each time if the current firmware is up to date or if a new version is available. In
addition, LoadFile allows the upload of files including certificates and secured PKCS#12 containers
SNMP management via SNMPv2, private MIB exportable by WEBconfig, MIB II
Timed control
Scheduled control of parameters and actions with CRON service
Extensive LOG and TRACE options, PING and TRACEROUTE for checking connections, LANmonitor status display, internal logging buffer for SYSLOG
and firewall events, monitor mode for Ethernet ports
LANCOM WLAN controller
Supported by all LANCOM WLAN controller (separate optional hardware equipment for installation, optimization, operating and monitoring of
WLAN networks, except for P2P connections)
Extensive Ethernet, IP and DNS statistics; SYSLOG error counter
Volume budget
The used data volume of WAN connections (PPP, IPoE, PPTP, L2TP, IPSec) can be monitored and different actions can be triggered once certain
thresholds are passed
Connection time, online time, transfer volumes per station. Snapshot function for regular read-out of values at the end of a billing period. Timed
(CRON) command to reset all counters at once
Accounting information exportable via LANmonitor and SYSLOG
255 mm x 250 mm x 80 mm (LengthWidth/Height)
approximately 3 kg including pole mounting material
LED display
5 LEDs for Power, Ethernet 1, Ethernet 2, WLAN1 and WLAN2
Power supply
10-28 V DC input voltage, optionally available: 24 V DC power supply unit LANCOM OAP-320 PSU
Power supply
Via Power over Ethernet (max. distance between access point, injector and switch 100 m), 1 x PoE Injector supplied*
Reset button
Configurable reset switch for resetting and booting the device
-33° C to +70° C at 95% max. humidity (non condensing)
Robust metal housing, IP 66 protection rating, ready for wall and pole mounting, 3 LEDs for status display, please note: device must not be mounted
in salt water environments without a suitable protective housing
Power consumption (max)
approx. 12 Watts with 12 V/ 1 A power supply adapter (total power consumption of access point and power supply adapter), approx. 12.95 Watts
via PoE
Declarations of conformity*
EN 60950-1, EN 301 489-1, EN 301 489-17
2.4 GHz WLAN
EN 300 328
EN 301 893
Features as of: LCOS 9.00
Declarations of conformity*
IPv6 Ready Gold
*) Note
You will find all declarations of conformity in the products section of our website at
Hardware Quick Reference (EN, DE), Installation Guide (DE/EN/FR/ES/IT/PT/NL)
Data medium with management software (LANconfig, LANmonitor, WLANmonitor, LANCAPI) and documentation
Water-resistant, UV-resistant Ethernet PoE cable with water-resistant screw connector, 15m
Mounting Kit
Mounting kit for wall and pole mounting
Four 3 dBi dipole dual-band antennas
Power supply unit
Via Power over Ethernet compliant with IEEE 802.3af, 1 x PoE Injector supplied
3 years support via hotline and Internet KnowledgeBase
Software updates
Regular free updates (LCOS operating system and LANCOM Management System) via Internet
Warranty Extension
LANCOM Warranty Basic Option L, item no. 10712
Warranty Extension & Advanced Replacement LANCOM Warranty Advanced Option L, item no. 10177
Public Spot
LANCOM Public Spot Option (authentication and accounting software for hotspots, incl. Voucher printing through Standard PC printer), item no.
LANCOM Large Scale Monitor
Powerful monitoring system for WLAN, VPN, and LAN infrastructures of mid-sized to large networks, upgradable for up to 1000 monitored devices,
for a proactive error management, browser-based remote monitoring, intuitive user interface, graphic floorplans, configurable triggers for alarms
and messages, users, roles, and rights management, item no. 62910
LANCOM WLAN controller for central management of 6 (opt. up to 30) LANCOM access points and WLAN routers, item no. 62035 (EU), item no.
62036 (UK) and item no. 62037 (US)
LANCOM WLAN controller for central management of 25 (opt. up to 100) LANCOM access points and WLAN routers, item no. 61378, item no.
Art.-Nr. 61379 and item no. 61384 (US)
LANCOM WLAN controller for central management of 25 (opt. up to 100) LANCOM access points and WLAN routers, item no. 61550 (EU) and item
no. 61551 (UK) - only stock devices, article is no longer available
LANCOM WLAN controller for central management of 100 (opt. up to 1000) LANCOM access points and WLAN routers, item no. 61369 (EU) and
item no. 61377 (UK)
Antenna cable
AirLancer cable NJ-NP 3m antenna cable extension for connection with LANCOM outdoor antennas, item no. 61230
Antenna cable
AirLancer cable NJ-NP 6m antenna cable extension for connection with LANCOM outdoor antennas, item no. 61231
Antenna cable
AirLancer cable NJ-NP 9m antenna cable extension for connection with LANCOM outdoor antennas, item no. 61232
Surge arrestor (antenna cable)
AirLancer Extender SA-5L surge arrestor (2.4 and 5 GHz), to be integrated between Access Point and antenna, item no. 61553
Surge arrestor (LAN cable)
AirLancer Extender SA-LAN surge arrestor (LAN cable), item no. 61213
LAN cable (outdoor)
LANCOM OAP-320 Ethernet cable (30 m), item no. 61347
*) Note
The polarization diversity antennas require 2 cables and surge arrestors
Item number(s)
LANCOM Systems GmbH I Adenauerstr. 20/B2 I 52146 Wuerselen I Germany I E-Mail I Internet
LANCOM, LANCOM Systems and LCOS are registered trademarks. All other names or descriptions used may be trademarks or registered trademarks of their owners. Subject to change
without notice. No liability for technical errors and/or omissions. 1/2015
Scope of delivery