H3C WLAN Product Training - 群環科技 BestCom file/HPN A... · 3Com/H3C Wireless AC Compatible List Contents H3C WLAN Product Introduction Key Technical Features H3C UMN Solutions

H3C WLAN Product Training

APR Nico Wang2010 May

Contents

H3C WLAN Product Introduction

Key Technical Features

H3C UMN Solutions and Advantages

Annex: Product Details

H3C Wireless Product Series

AC

WX5002

WX6103 S7500E Blade

WX3024

FIT/FAT AP WA2110-AG

WA2210-AGWA2220-AG

WA2210X-GWA2220X-AG

WA2620E-AGN

WA2610E-AGN

WX5004

WX3010 WX3008

58(small)58(big)

S9500E Blade

WA 2620-AGN

WA2612-AGN

H3C AC Products PositionProduct Model Maximum APs Positioning

H3C WX3008 8 Unified Switch, For SOHO & small-sized enterprise networks



H3C WX5002-64 64 For medium and small-sized enterprise networks and medium and small-scale hotspot coverage

H3C WX5004-256 256 For medium enterprise networks and hotspot coverage

H3C S5800 64AP wireless blade module

64 For medium and small-sized enterprise networks and medium and small-scale hotspot coverage

H3C S5800 256AP wireless blade module

256 For medium enterprise networks and hotspot coverage

H3C WX6103 640 For large enterprise network, WLAN access to MANs, wireless MAN coverage, and hotspot coverage

H3C LSQM1WCMB0 640 For S7500E chassis switch

H3C LSRM1WCM2A1 640 For S9500E chassis switch.

11n, SMB marketUnified Switch

Enterprise Main Product Unique

H3C AP Products Position

Product Model AP Type PositioningH3C WA2110-AG FIT AP Indoor model (single radio)

For small radius indoor areas and normal environment

H3C WA2210-AG FIT/FAT AP Indoor model (single radio)For small radius indoor areas and normal environment

H3C WA2220-AG FIT/FAT AP Indoor model (double radios)For small radius indoor areas and normal environment

H3C WA2210X-G FIT/FAT AP Outdoor model (single radio)For outdoor harsh environments

H3C WA2220X-AG FIT/FAT AP Outdoor model (double radios)For outdoor harsh environments

H3C WA2610E-AGN

FIT/FAT AP Enhanced 11n model (single radio)For harsh environments, like warehouse, factory workshop, etc.

H3C WA2620E-AGN

FIT/FAT AP Enhanced 11n model (double radios)For harsh environments like warehouse, factory workshop, etc.

H3C WA2612-AGN FIT/FAT AP Indoor 11n model (single radio)

H3C WA2620-AGN FIT/FAT AP Indoor 11n model (double radios)

11n indoor APNew Product

Low-cost11 a/b/g

Both unified wired and wireless solution. (Cisco alternative; Aruba can notprovide such kind of unified solution).

Can provide FIT/FAT AP solution. (Aruba only has FIT AP solution).

WX3000 series unified switch with 10Gigabit uplink and PoE+ capability.(HP/Aruba can not provide such kind of unified switch).

Unified management for wired and wireless products. (Cisco uses twoNMS to manage wired [Ciscoworks] and wireless WCS] products).

Big scale and high-performance stand-alone AC: WX6103. (Cisco can notprovide such kind of access controller).

Big scale and high-performance AC blade for high-end switches. (Arubacannot provide such kind of access controller).

H3C WLAN Products Selling Points

Item FAT AP 3Com WX(Trapeze)

3Com WX 3000 H3C WX 3000/5000/SecBlade

3Com AP 7760 Yes No Yes, need switch to FIT Yes, need switch to FIT

3Com AP 8760 Yes Yes, need switch to FIT Yes, need switch to FIT Yes, need switch to FIT



3Com AP 2750 No Yes No No





H3C WA 2110 No No Yes Yes



H3C WA 2610E No No Yes Yes

H3C WA 2620E No No Yes Yes

3Com/H3C Wireless AC Compatible List

Contents





Wireless Transmission Between AP and AC

802.11 data

CAPWAP Tunnel

802.11 data 802.11 data 802.11 data

Wireless Client AP AC

802.3 data

User data is transferred via CAPWAP tunnel between AP and AC.

AC is the bridge between wireless and wired communications. Incentralized control mode, all the wireless and wired packets exchangingmust be forwarded by AC.

IP Network LAN

FIT APDHCPServer

AC

IP address、DNS Server、Domain name

AC receives discovery request

AP firmware downloading

AP configuration downloading

User data transferring

1. AP gets IP address, DNS server and domain name from DHCP server.

2. AP sends discovery request message to AC.

3. If there is no response after the AP tries several times: The AP will get the IP address of

H3C.xxxx.xxx (xxxx.xxx is the domain name that AP learns from the DHCP server) and sends discovery request message to this IP address.

4. After receiving the discovery request message, the AC will check if the AP has the authority to join it, if Yes, the AC will respond with discovery response message and validate the AP in.

5. AP downloads the latest firmware from AC.

6. AP downloads the latest configurations from AC.

7. Last, the AP begins to work and exchange user data with AC.

If no response

DNSServer

Get the AC IP address from DNS server

AC receives discovery request

AC responds with discovery response

Management Initiation of AC to FIT AP

Forwarding Modes of FIT AP

• All AP traffic must pass through AC.

• Delicacy management

• The AC will be overloaded if there is too much 11n traffic.

Centralized Forwarding

Offered load increases with 802.11n

XOffered load exceeds

controller capacity

Local Forwarding

• The AP traffic does not pass through AC.

• No delicacy management.

• Can forward large-capacity 11n traffic without bottleneck from AC.

Any Smart MobileIntelligent WLAN controller

Offered load increases with 802.11n

Flexible Switching Between FAT/FIT

FAT AP

FIT AP

AC

FAT AP deployed in small network scale no controllers required

FIT AP deployed in large network scale Centralized management by controllers Zero configuration “Plug and Play”

All H3C access points (except WA2110-AG), support both FAT and FIT modes.

“Just one Command Line Change WLAN Deployment”

H3C RRM

Collection Analysis

Implementation Decision

C

A B

D

A: The AP collects the RF information in real time and reports it to AC periodically;B: The AC analyze the data collected from APs;C: The AC make a global plan of each AP about transmitting power, channel, etc.D: The AP implement the optimized RF configurations from AC

RRM: Radio Recourse Management

FIT AP Channel Auto Selection

BSS4

BSS1BSS

2

BSS5

BSS 3 BSS 3

BSS 5

BSS 1

BSS 2

BSS 4

CHANNEL1

CHANNEL6

CHANNEL11

Before adjustment After adjustment

Basic Points Key APs in the network will get best channels first; Avoid to use the channels interfered by radar; Statistics of channel status, including channel utilization, interference, etc. Avoid Co-channel interference; Avoid the channel interference of other networks’ APs.

Auto Adjustment of FIT AP FR PowerBasic principles To ensure reasonable signal coverage. Too large coverage will influence the networkthroughput and performance. To ensure certain signal overlapping, to avoid coverage black hole. The AC will adjust the AP power one by one to make every AP provide enough signals to gettotal coverage of the network. The AC supports to recover the signal coverage black hole in case some of the APs be offline.(see below example)

Before adjustment After adjustment

Intelligent Load Balance

AP1 AP2

Rejection of association

Acceptation of association

Load balancing mechanism

AP1 AP2

H3C intelligent load balancing technique

Overlapped area for load balancing

Non-overlapped areas

The AC can make user load balancing among

the APs

Load balancing can be based on accessed

user number, or AP traffic

If the AP traffic has passed its threshold, the

AC will reject any new access user and

calculate automatically to find a neighbored

AP to permit the user access

The H3C load balancing technique will be

effective only for the wireless users in the

overlapped area to avoid false load balancing

in non-overlapped areas.

H3C WLAN Reliability

1+1

(1) To ensure non-stop service for wireless users in case of single point failure.

(2) The backup of AP and user data is required.(3) Fast failure detection and fast switching are required(4) Support hot backup of plain text or certificate

authentication users.

N+1(1) One AC will provide backup for multiple ACs to

save network construction cost.(2) If the master AC recovers, the backup AC should

be switched back to the master AC.(3) Support maximum 4+1 AC backup

N+N(1) N ACs provide backup for another N ACs.(2) Support both redundant backup and load

balancing.

Master AC Backup AC

Access Network

AP

Heartbeat detection

Master CAPWAP Tunnel

Backup CAPWAP Tunnel

The backup AC will notify the AP to switch its backup CAPWAP tunnel as master.

The backup AC can detect the master AC which is shutdown immediately (For WX6100 in 100ms ; for WX5004 in 300ms) and implement the switch operation.In the 1+1 fast backup mode, the backup AC will not provide user access services.

If master AC is

shutdown

User data flow

User data flowAggregation switch

1+1 AC Fast Backup Only supported by WX6100 and WX5004

AP

AC1 AC2 ACN

In N+1 AC backup mode, there are N normal ACs which provide WLAN services to the APs, and another AC as backup.

The backup AC will be activated only in case that one of the N normal ACs is shutdown. Furthermore, the backup AC will be switched to the normal AC after the normal AC is

recovered.

N+1 AC BackupBackup AC

….

The AP can select the AC with high priority.The AP can select the AC with low load when AC priority is the same.The AP will select the backup AC when its associating AC is shutdown.For N+N backup, the total AP quantity should be less than the AP quantity that N-1 ACs can support.

N+N AC Backup

AC Lists:AC1AC2。。ACn+1

AP

DHCP/DNSserver

AC1

AC2

ACn+1

1、Obtain AC lists

2、Obtain the load information and access priority of AC13、initialize connection with AC1

AC Lists:AC1 PRI＝H，20 APs connectedAC2 PRI＝H，30 APs connected。。ACn+1 PRI＝L，40 APs connected

AC Lists:AC1 PRI＝H， 20 APs connectedAC2 PRI＝H， 30 APs connected。。ACn+1 PRI＝L， 40 APs connected

Unified Switch Integrated AAA Server

Have to purchase AAA server which will increase the TCO

Before Now

The purchased server may not keep up with the diverse and updating wireless authentication ways

Probable interoperability problem between the AAA server and the wireless devices.

The configuration of AAA server may be a great challenge to part-time IT staff

AC integrated with AAA server

User Database

Identity Authentication

Dynamic Authorization

Supported authentication ways802.1x: EAP-TLS/PEAP/MD5MAC authentication

Unified Switch Integrated Portal Server

Local portal authentication: An easy way of wireless authentication

Tailored portal page

No need to purchase extra portal server

Different portal pages based on different SSID

HTTPs supported to provide secure access

internetUser Bandwidth Authorization

Data user 2M Internet access

Voice

user

64K Voice network

APAP

AC

1, User launches authentication

AAA server

2, Authorization allocation

3, Authentication configuration

User Bandwidth Authorization

Data user 2M Internet access

Voice user 64K Voice network

4、Data user bandwidth:2M

3, Authorization configuration

4, Voice user bandwidth： 64K

1, User launches authentication

User-based Authorization and Bandwidth Control

Voice Network

Internet

AP AP

AC

AAA server Corporate internal network

Guest VLAN - Guest Access Service

User Authorization

Guest Internet access

Employee Corporate internal network

Guest Employee

If user authentication fails, he can be authorized as guest to access limited network resources.

ACLDAP server

User information interaction

Authentication Compatible with and LDAP Server

Wired network

Portal authentication

Supported LDAPMicrosoft Active DirectorySUN ONE DirectoryIBM Tivoli Directory

APAP

Avg.Bandwith

0.0

5.0

10.0

15.0

20.0

25.0

30.0

35.0

1 2 3 4 5 6 7 8 9 10

Users

Band

with

•AP can adjust the bandwidth automatically to ensure user average bandwidth dynamically

Two working modesUser-number based access bandwidth limitationUser based access bandwidth limitation

Advantage: Avoid P2P applications to waste unnecessary bandwidth resource

Intelligent Bandwidth Limitation

Contents





H3C UMN Solution

The H3C UMN Solution can provide real unification between wired

and wireless networks and its key advantages are as follows:

Unified Network

Unified Management

Unified Security

UMN: Unified Mobile Network

29

Unified Wired/Wireless Integration

Today, WLAN is critical to network infrastructure Mobility solutions evolving from point products

to integrated solutions over time Integrated Wired & WLAN extends functionality

and flexibility WLAN support integrated into core networking

platform and branch switches

Core networking services extended to wireless

Seamless end-to-end user policy and security

Unified Networking yields increased Value Reduces cost of acquisition

Increases operational efficiency, lowers OPEX

Wired/WLAN Convergence Evolution

WLAN Overlay

• Separate Wired and Wireless LANs

• Multiple network management platforms

Functionality & Flexibility

Valu

e

Unified Networking

• Integrated Switching, Routing, Voice, Security, WLAN + More

• Truly integrated network management

Past

Present

30

Unified Platform Integration Integrated Wired and WLAN Hardware

Unified Switches integrate wired and WLAN functionality for branch

WLAN Controller modules integrate into chassis backplane, network fabric

Results: Lower CAPEX, improved reliability and scalability

Common, Unified OS: ComWareTM

Simplifies deployment and management Reduces staff training requirements Modular architecture – enhance and enable

feature set w/o wholesale changes Results: Lower OPEX and faster time to market

Integrated Solution extends Wired/WLAN functionality WLAN support integrated into core networking

platform and branch switches Core networking services extended to wireless Seamless end-to-end user policy and security

WX5002

S7500E Module

WX5004

S9500E Module

WLAN Controllers

WLAN Controller Modules

S5800 Module

WX3024

WX3010

Unified Switches

31

Unified Network Management - IMC

WLAN ‘Overlay’ complexity leads to Poor network reliability Reduced network performance Susceptibility to security breaches

Wired and Wireless LAN must be managed as an integrated system

IMC Unified Management critical to integrating wired and wireless Enables the IT Mgr to Provision, monitor, configure WLAN

and Wired LAN from single screen, in consistent manner Unified Network Management extends network utility

Unified Policy and SecurityUser Policy may be configured and maintained across wired and wireless networkUnified Security binds together wired and wireless security for most comprehensive security solution Unified Network Management and Software simplifies configuration and maintenance

•Endpoint Admission Defense

•Authentication•ACL•VLANs•WIDS

End-to-End Unified Security: Defense in Depth

•WPA2

IPSAPWireless

Controller

•Intrusion Prevention

•WIPS

VPN, FirewallNetwork

Management

•VPN•Firewall

•Access Mgmt Control•Service Mgmt•Billing•Topology Alarm Mgt

Future-proof IPv6 Evolution

IPv6 island

IPv6 island

IPv6 island

Protocol conversion

IPv4 Internet

IPv6 Internet

IPv4 island

IPv4 island

IPv4 Internet

IPv6 island

IPv6 island

IPv6 Internet

Three phases of IPv6 deployment: IPv6 leader

The backbone of Internet is IPv6 and IPv4islands connect to each other through anIPv4 over IPv6 tunnel.

Coexistence of IPv6 and IPv4

The scale of IPv6 applications expands andIPv6 backbone emerges. IPv4 services stillexist. The intercommunication between IPv6and IPv4 needs protocol conversion.

Early phase

IPv4 takes the lead and IPv6 islandsconnect to each other through an IPv6 overIPv4 tunnel .

Notes: All H3C WLAN products (except WX3000 series) support IPv4/IPv6 dual stack.

Contents





WA2110-AG

100 Mbps POE

Control portPower jack

Indoor FIT AP

Supports single radio and multiple

modes.

Supports IEEE802.11a or

IEEE802.11b/IEEE802.11g.

Supports the virtual AP feature

realized with multiple SSIDs.

Supports encryption algorithms

such as WEP, TKIP, and AES.

Supports IPv6 networks.

WA2210-AG

100 Mbps POE

Control port

Power jack

Indoor FIT/FAT APSupports single radio and multiple modes.

Supports IEEE802.11a or IEEE802.11b/IEEE802.11g.

Supports the virtual AP feature realized with multiple SSIDs.

Supports encryption algorithms such as WEP, TKIP, and AES.


WA2220-AG

100 Mbps POE

Control port

Power jack

Indoor FIT/FAT APSupports double radios and multiple modes.

Supports IEEE802.11a, IEEE802.11b, and IEEE802.11g.

Supports the virtual AP feature realized with multiple SSIDs.

Supports encryption algorithms such as WEP, TKIP, and AES.


WA2210X-G

Outdoor FIT/FAT APSupports single radio and multiple modes.

Environment temperature requirement: -40 to 65℃

Outdoor chassis is not required.

Supports IEEE802.11b and IEEE802.11g.

Supports the 100 Mbps optical and electrical uplink port.


100BASE-FX 10/100BASE-TX

Antenna & Feed line Port

Ground Console

WA2220X-AG

Outdoor FIT/FAT APSupports double radios and multiple modes.

Environment temperature requirement: -40 to 65℃Outdoor chassis is not required.

Supports IEEE802.11a, IEEE802.11b,and IEEE802.11g.

Supports the 100 Mbps optical and

electrical uplink port. Supports IPv6 networks.

100BASE-FX 10/100BASE-TX

Antenna & Feed line Port 1

Ground Console

Antenna & Feed line Port 2

WA2612-AGN

Indoor FIT/FAT 11n APSupports single radio and multiple modes.

Environment temperature requirement: -10 to 55℃.

Supports IEEE802.11AN, or IEEE802.11GN.

Supports 10/100/1000 Mbps

electrical Ethernet uplink port. Supports IPv6 networks.

802.3af (PoE) supported.

WA2620-AGN

Indoor FIT/FAT 11n APSupports dual radios and multiple modes.

Work environment temperature requirement: -10 to 55℃.

Supports IEEE802.11a, IEEE802.11b, IEEE802.11g, and IEEE802.11n.



802.3af (PoE) supported.

Console

Six built-in dual-band antennas and three RSMA interfaces

WA2610E-AGN

Enhanced FIT/FAT 11n APSupports single radio and multiple modes.

Environment temperature requirement: -10 to 55℃

Supports IEEE802.11AN, or IEEE802.11GN.



DC power consumption: 13W.

802.3af (PoE) supported.DC Input GE Uplink Console

WA2620E-AGN

Enhanced FIT/FAT 11n APSupports dual radios and multiple modes.

Work environment temperature requirement: -10 to 55℃

Supports IEEE802.11a, IEEE802.11b, IEEE802.11g, and IEEE802.11n.



DC power consumption: 16W.

802.3at (PoE+) supported.DC Input GE Uplink Console

Unified Switch-WX3008

Controller

Integrated Access Controller, 8AP supported

802.11n supported, 4 port PoE/POE+ power supply

8 10/100/1000 switch

Software Feature : “The same as WX3024”

Console


Controller

Integrated Access Controller, License step: 12 24 AP supported at maximum

802.11n supported, 8 port POE+ power supply

8 10/100/1000 switch

2 1000M SFP Console

Software Feature : “The same as WX3024”


Controller

Integrated Access Controller, 48 AP supported at maximum

Embedded WEB, Radius Server, Portal Server and DHCP Server

802.11n supported, 24 port POE+ power supply

24 10/100/1000 switch

4 SFP combo

10GE Uplink

Wireless Controller-WX5002

IPV6

Independent desktop wireless controllers

WX5002-64

Output ports

2x1000BASE-T ports combo SFP

1xconsole port

1x10/100 Base-TX with external management port

Power supply

1+1 redundant AC power supply

Performance

Switching capacity: 4Gbps

Number of managed APs: 64

Wireless Controller-WX5004

IPV6

Independent desktop wireless controllers

WX5004-256

Output ports

4x1000BASE-T ports combo SFP

1xconsole port

1x10/100 Base-TX with external management port

Power supply

1+1 redundant AC power supply

Performance


Max Number of managed APs: 256

Default 64, License step 32

S5800 Wireless Blade Module (64AP)

IPV6

64AP wireless blade module for S5800 series switch:

LSWM1WCM20

No output port

Performance



Dimensions (L×W×H):221×166×36.6 (mm)

Access Controller Switch model

LSWM1WCM20

S5800-60C-PWRS5800-32CS5800-56CS5800-32C-PWRS5800-56C-PWRS5800-32F

S5800 Wireless Blade Module (256AP)

IPV6

256AP wireless blade module for S5800 series switch:

LSWM1WCM10

No output port

Performance



Dimensions (L×W×H): 230×220×30 (mm)

Access Controller Switch model

LSWM1WCM10 S5800-60C-PWRS5820X-28C

Chassis Wireless Controller-WX6100

IPv6

Wireless controller chassis for both cable and wireless networks

Output ports

High density GE port：24GE(4 Combo）

First wireless controller that supports 10GE ports in the industry

Performance



Number of managed APs of two main controllers: 1280

Reliability

Two main controllers with 1+1 redundant power supply

Wireless Controller Blades

LSQM1WCMB0

S7500E

The performance of the S7500E/S9500E wireless controller module is the same as that of the WX6100.

LSRM1WCM2A1

S9500E

Unified Management

RogueDevice Detection

Terminal Roaming Records

RF Management

Abundant reports

Multiple different network resources

WSM Five Highlights

Highlights of iMC WSM management

Wire-Wireless Unified Management

Wireless switch

FAT AP

FIT AP

Terminal

Wireless Terminal

AC

Wire-Wireless Unified Management

Unified Performance Monitor

UnifiedAlarm Mgt

Unifiedconfiguration

UnifiedSoftware upgrade

Recording the following terminal information: IP address、tunnel、SSID、belonged AC、belonged AP、used Radio,etc.

Recording complete terminal information when accessing wireless network（time、belonged AC、belonged AP、used Radio、IP address, etc.）

Comprehensive terminal roaming informationMulti-way to locate terminal positionBackdating conveniently

<<Wireless terminal Inquiry Interface

Wireless terminal Roaming Inquiry Interface>>

Terminal Roaming Records Tracking

Adding the rogue devices into black list and launching attack

iMC Rogue device and terminal topology>> Showing intruded rogue device information and attacking status

<<iMC Rogue device and terminal attacking interface

Rogue AP management

Step 2：AP layout

Step 1：Input engineering base map

<<iMC RF SCT

Simplify process

Improve efficiency

Traditional layout: very complex and has blind area.iMC RF SCT: simple layout, no blind area

RF Simulation Coverage Topology

Traditional layout: must run service first then adjust.iMC RF SCT: simulation in iMC, no need adjust in fact environment

iMC Self-Defined Report Interface>>

Supported self-definition：report form、generating time、report format (PDF\HTML\Excel\TXT)、sending object、sending way (Email\FTP), etc.

Self-Defined Reports

Q&A

Documents

H3C WLAN Product Training - 群環科技 BestCom file/HPN A... · 3Com/H3C Wireless AC Compatible List Contents H3C WLAN Product Introduction Key Technical Features H3C UMN Solutions