H3C WLAN Product Training APR Nico Wang 2010 May Contents H3C - - PowerPoint PPT Presentation

H3C WLAN Product Training

APR Nico Wang 2010 May

Contents



H3C WLAN Product Introduction



Key Technical Features



H3C UMN Solutions and Advantages



Annex: Product Details

H3C Wireless Product Series

AC AC

WX5002 WX6103 S7500E Blade WX3024

FIT/F /FAT A AT AP

WA2110-AG WA2210-AG WA2220-AG WA2210X-G WA2220X-AG WA2620E-AGN WA2610E-AGN WX5004 WX3010 WX3008 58(small) 58(big) S9500E Blade WA 2620-AGN WA2612-AGN

H3C AC Products Position

Product Model Maximum APs Positioning

H3C WX3008 8 Unified Switch, For SOHO & small-sized enterprise networks H3C WX3010 24 Unified Switch, For SOHO & small-sized enterprise networks H3C WX3024 48 Unified Switch, For SOHO & small-sized enterprise networks H3C WX5002-64 64 For medium and small-sized enterprise networks and medium and small-scale hotspot coverage H3C WX5004-256 256 For medium enterprise networks and hotspot coverage H3C S5800 64AP wireless blade module 64 For medium and small-sized enterprise networks and medium and small-scale hotspot coverage H3C S5800 256AP wireless blade module 256 For medium enterprise networks and hotspot coverage H3C WX6103 640 For large enterprise network, WLAN access to MANs, wireless MAN coverage, and hotspot coverage H3C LSQM1WCMB0 640 For S7500E chassis switch H3C LSRM1WCM2A1 640 For S9500E chassis switch. 11n, SMB market Unified Switch Enterprise Main Product Unique

H3C AP Products Position

Product Model AP Type Positioning

H3C WA2110-AG FIT AP Indoor model (single radio) For small radius indoor areas and normal environment H3C WA2210-AG FIT/FAT AP Indoor model (single radio) For small radius indoor areas and normal environment H3C WA2220-AG FIT/FAT AP Indoor model (double radios) For small radius indoor areas and normal environment H3C WA2210X-G FIT/FAT AP Outdoor model (single radio) For outdoor harsh environments H3C WA2220X-AG FIT/FAT AP Outdoor model (double radios) For outdoor harsh environments H3C WA2610E- AGN FIT/FAT AP Enhanced 11n model (single radio) For harsh environments, like warehouse, factory workshop, etc. H3C WA2620E- AGN FIT/FAT AP Enhanced 11n model (double radios) For harsh environments like warehouse, factory workshop, etc. H3C WA2612-AGN FIT/FAT AP Indoor 11n model (single radio) H3C WA2620-AGN FIT/FAT AP Indoor 11n model (double radios) 11n indoor AP New Product Low-cost 11 a/b/g

• Both unified wired and wireless solution. (Cisco alternative; Aruba can not

provide such kind of unified solution).

• Can provide FIT/FAT AP solution. (Aruba only has FIT AP solution).
• WX3000 series unified switch with 10Gigabit uplink and PoE+ capability.

(HP/Aruba can not provide such kind of unified switch).

• Unified management for wired and wireless products. (Cisco uses two

NMS to manage wired [Ciscoworks] and wireless WCS] products).

• Big scale and high-performance stand-alone AC: WX6103. (Cisco can not

provide such kind of access controller).

• Big scale and high-performance AC blade for high-end switches. (Aruba

cannot provide such kind of access controller).

H3C WLAN Products Selling Points

Item FAT AP 3Com WX (Trapeze) 3Com WX 3000 H3C WX 3000/5000/SecBlade

3Com AP 7760 Yes No Yes, need switch to FIT Yes, need switch to FIT 3Com AP 8760 Yes Yes, need switch to FIT Yes, need switch to FIT Yes, need switch to FIT 3Com AP 9152 Yes No Yes, need switch to FIT Yes, need switch to FIT 3Com AP 9552 Yes No Yes, need switch to FIT Yes, need switch to FIT 3Com AP 2750 No Yes No No 3Com AP 3150 No Yes No No 3Com AP 3750 No Yes No No 3Com AP 3850 No Yes No No 3Com AP 3950 No Yes No No H3C WA 2110 No No Yes Yes H3C WA 2220 No No Yes Yes H3C WA 2620 No No Yes Yes H3C WA 2610E No No Yes Yes H3C WA 2620E No No Yes Yes

3Com/H3C Wireless AC Compatible List

Contents



H3C WLAN Product Introduction



Key Technical Features



H3C UMN Solutions and Advantages



Annex: Product Details

Wireless Transmission Between AP and AC

802.11 dat a CAPWAP Tunnel 802.11 dat a 802.11 dat a 802.11 dat a

Wireless Client AP AC

802.3 dat a

• User data is transferred via CAPWAP tunnel between AP and AC.
• AC is the bridge between wireless and wired communications. In

centralized control mode, all the wireless and wired packets exchanging must be forwarded by AC.

IP Network LAN

FIT AP DHCP Server AC

IP address、 DNS Server、 Domain name AC receives discovery request AP firmware downloading AP configuration downloading User data transferring

1. AP gets IP address, DNS server and domain name from DHCP server. 2. AP sends discovery request message to AC. 3. If there is no response after the AP tries several times:

• The AP will get the IP address of

H3C.xxxx.xxx (xxxx.xxx is the domain name that AP learns from the DHCP server) and sends discovery request message to this IP address. 4. After receiving the discovery request message, the AC will check if the AP has the authority to join it, if Yes, the AC will respond with discovery response message and validate the AP in. 5. AP downloads the latest firmware from AC. 6. AP downloads the latest configurations from AC. 7. Last, the AP begins to work and exchange user data with AC.

If no response

DNS Server

Get the AC IP address from DNS server AC receives discovery request AC responds with discovery response

Management Initiation of AC to FIT AP

Forwarding Modes of FIT AP

• All AP traffic must pass through AC.
• Delicacy management
• The AC will be overloaded if there is

too much 11n traffic. Centralized Forwarding

Offered load increases with 802.11n

X

Offered load exceeds controller capacity

Local Forwarding

• The AP traffic does not pass through

AC.

• No delicacy management.
• Can forward large-capacity 11n traffic

without bottleneck from AC.

Any Smart Mobile Intelligent WLAN controller Offered load increases with 802.11n

Flexible Switching Between FAT/FIT

FAT AP FIT AP AC

FAT AP deployed in small network scale

no controllers required

FIT AP deployed in large network scale

 Centralized management by controllers  Zero configuration  “Plug and Play”

All H3C access points (except WA2110-AG), support both FAT and FIT modes.

“Just one Command Line Change WLAN Deployment”

H3C RRM

Collection Analysis Implementation Decision C A B D

A: The AP collects the RF information in real time and reports it to AC periodically; B: The AC analyze the data collected from APs; C: The AC make a global plan of each AP about transmitting power, channel, etc. D: The AP implement the optimized RF configurations from AC

RRM: Radio Recourse Management

FIT AP Channel Auto Selection

BSS 4 BSS1 BSS 2 BSS 5 BSS 3 BSS 3 BSS 5 BSS 1 BSS 2 BSS 4

CHANNEL 1 CHANNEL 6 CHANNEL 11

Before adjustment After adjustment Basic Points

 Key APs in the network will get best channels first;  Avoid to use the channels interfered by radar;  Statistics of channel status, including channel utilization, interference, etc.  Avoid Co-channel interference;  Avoid the channel interference of other networks’ APs.

Auto Adjustment of FIT AP FR Power

Basic principles

 To ensure reasonable signal coverage. Too large coverage will influence the network throughput and performance.  To ensure certain signal overlapping, to avoid coverage black hole.  The AC will adjust the AP power one by one to make every AP provide enough signals to get total coverage of the network.  The AC supports to recover the signal coverage black hole in case some of the APs be offline. (see below example)

Before adjustment After adjustment

Intelligent Load Balance

AP1 AP2



Rejection of association Acceptation of association

Load balancing mechanism

AP1 AP2

H3C intelligent load balancing technique

Overlapped area for load balancing Non-overlapped areas

 The AC can make user load balancing among the APs  Load balancing can be based on accessed user number, or AP traffic  If the AP traffic has passed its threshold, the AC will reject any new access user and calculate automatically to find a neighbored AP to permit the user access  The H3C load balancing technique will be effective only for the wireless users in the

• verlapped area to avoid false load balancing

in non-overlapped areas.

H3C WLAN Reliability 1+1

(1) To ensure non-stop service for wireless users in case

• f single point failure.

(2) The backup of AP and user data is required. (3) Fast failure detection and fast switching are required (4) Support hot backup of plain text or certificate authentication users.

N+1

(1) One AC will provide backup for multiple ACs to save network construction cost. (2) If the master AC recovers, the backup AC should be switched back to the master AC. (3) Support maximum 4+1 AC backup

N+N

(1) N ACs provide backup for another N ACs. (2) Support both redundant backup and load balancing.

Master AC Backup AC

Access Network

AP

Heartbeat detection

Master CAPWAP Tunnel Backup CAPWAP Tunnel The backup AC will notify the AP to switch its backup CAPWAP tunnel as master. The backup AC can detect the master AC which is shutdown immediately (For WX6100 in 100ms ; for WX5004 in 300ms) and implement the switch operation. In the 1+1 fast backup mode, the backup AC will not provide user access services.



If master AC is shutdown User data flow User data flow Aggregation switch

1+1 AC Fast Backup

Only supported by WX6100 and WX5004

AP AC1 AC2 ACN



 In N+1 AC backup mode, there are N normal ACs which provide WLAN services to the APs, and another AC as backup.  The backup AC will be activated only in case that one of the N normal ACs is shutdown.  Furthermore, the backup AC will be switched to the normal AC after the normal AC is recovered.

N+1 AC Backup

Backup AC

….





The AP can select the AC with high priority. The AP can select the AC with low load when AC priority is the same. The AP will select the backup AC when its associating AC is shutdown. For N+N backup, the total AP quantity should be less than the AP quantity that N-1 ACs can support.

N+N AC Backup

AC Lists:

AC1 AC2 。 。 ACn+1

AP DHCP/DNS server AC1 AC2 ACn+1

1、Obtain AC lists 2、Obtain the load information and access priority of AC1 3、initialize connection with AC1



AC Lists:

AC1 PRI＝H，20 APs connected AC2 PRI＝H，30 APs connected 。 。 ACn+1 PRI＝L，40 APs connected



AC Lists:

AC1 PRI＝H， 20 APs connected AC2 PRI＝H， 30 APs connected 。 。 ACn+1 PRI＝L， 40 APs connected





Unified Switch Integrated AAA Server

Have to purchase AAA server which will increase the TCO

Before Now

The purchased server may not keep up with the diverse and updating wireless authentication ways Probable interoperability problem between the AAA server and the wireless devices. The configuration of AAA server may be a great challenge to part-time IT staff

AC integrated with AAA server

User Database Identity Authentication Dynamic Authorization

Supported authentication ways

• 802.1x: EAP-TLS/PEAP/MD5
• MAC authentication

Unified Switch Integrated Portal Server

Local portal authentication: An easy way of wireless authentication Tailored portal page No need to purchase extra portal server Different portal pages based on different SSID HTTPs supported to provide secure access

internet

User Bandwidth Authorization Data user 2M Internet access Voice user 64K Voice network AP AP AC

1, User launches authentication

AAA server

2, Authorization allocation 3, Authentication configuration

User Bandwidth Authorization Data user 2M Internet access Voice user 64K Voice network

4、Data user bandwidth:2M 3, Authorization configuration 4, Voice user bandwidth： 64K 1, User launches authentication

User-based Authorization and Bandwidth Control

Voice Network

Internet

AP AP AC

AAA server

Corporate internal network

Guest VLAN - Guest Access Service

User Authorization Guest Internet access Employee Corporate internal network

Guest Employee

If user authentication fails, he can be authorized as guest to access limited network resources.

AC AC

LDAP server User information interaction

Authentication Compatible with and LDAP Server

Wired network

Portal authentication

Supported LDAP

• Microsoft Active Directory
• SUN ONE Directory
• IBM Tivoli Directory

AP AP AP AP

Avg.Bandwith 0.0 5.0 10.0 15.0 20.0 25.0 30.0 35.0 1 2 3 4 5 6 7 8 9 10 Users Bandwith

• AP can adjust the bandwidth automatically to ensure

user average bandwidth dynamically

Two working modes

• User-number based access bandwidth limitation
• User based access bandwidth limitation

Advantage: Avoid P2P applications to waste unnecessary bandwidth resource

Intelligent Bandwidth Limitation

Contents



H3C WLAN Product Introduction



Key Technical Features



H3C UMN Solutions and Advantages



Annex: Product Details

H3C UMN Solution

 The H3C UMN Solution can provide real unification between wired and wireless networks and its key advantages are as follows:

• Unified Network
• Unified Management
• Unified Security

UMN: Unified Mobile Network

29

Unified Wired/Wireless Integration

 Today, WLAN is critical to network infrastructure  Mobility solutions evolving from point products to integrated solutions over time  Integrated Wired & WLAN extends functionality and flexibility  WLAN support integrated into core networking platform and branch switches  Core networking services extended to wireless  Seamless end-to-end user policy and security  Unified Networking yields increased Value  Reduces cost of acquisition  Increases operational efficiency, lowers OPEX Wired/WLAN Convergence Evolution

WLAN Overlay

• Separate Wired and

Wireless LANs

• Multiple network

management platforms

Functionality & Flexibility Value

Unified Networking

• Integrated Switching,

Routing, Voice, Security, WLAN + More

• Truly integrated network

management

Past Present

30

Unified Platform Integration

 Integrated Wired and WLAN Hardware  Unified Switches integrate wired and WLAN functionality for branch  WLAN Controller modules integrate into chassis backplane, network fabric  Results: Lower CAPEX, improved reliability and scalability  Common, Unified OS: ComWareTM  Simplifies deployment and management  Reduces staff training requirements  Modular architecture – enhance and enable feature set w/o wholesale changes  Results: Lower OPEX and faster time to market  Integrated Solution extends Wired/WLAN functionality  WLAN support integrated into core networking platform and branch switches  Core networking services extended to wireless  Seamless end-to-end user policy and security

WX5002 S7500E Module WX5004 S9500E Module

WLAN Controllers WLAN Controller Modules

S5800 Module WX3024 WX3010

Unified Switches

31

Unified Network Management - IMC

 WLAN ‘Overlay’ complexity leads to  Poor network reliability  Reduced network performance  Susceptibility to security breaches  Wired and Wireless LAN must be managed as an integrated system  IMC Unified Management critical to integrating wired and wireless  Enables the IT Mgr to Provision, monitor, configure WLAN and Wired LAN from single screen, in consistent manner  Unified Network Management extends network utility

Unified Policy and Security

User Policy may be configured and maintained across wired and wireless network Unified Security binds together wired and wireless security for most comprehensive security solution Unified Network Management and Software simplifies configuration and maintenance

• Endpoint

Admission Defense

• Authentication
• ACL
• VLANs
• WIDS

End-to-End Unified Security: Defense in Depth

• WPA2

IPS AP Wireless Controller

• Intrusion

Prevention

• WIPS

VPN, Firewall Network Management

• VPN
• Firewall
• Access Mgmt Control
• Service Mgmt
• Billing
• Topology Alarm Mgt

Future-proof IPv6 Evolution

IPv6 island IPv6 island IPv6 island

Protocol conversion

IPv4 Internet IPv6 Internet IPv4 island IPv4 island IPv4 Internet IPv6 island IPv6 island IPv6 Internet

Three phases of IPv6 deployment:

 IPv6 leader The backbone of Internet is IPv6 and IPv4 islands connect to each other through an IPv4 over IPv6 tunnel.  Coexistence of IPv6 and IPv4 The scale of IPv6 applications expands and IPv6 backbone emerges. IPv4 services still

• exist. The intercommunication between IPv6

and IPv4 needs protocol conversion.  Early phase IPv4 takes the lead and IPv6 islands connect to each other through an IPv6 over IPv4 tunnel .

Notes: All H3C WLAN products (except WX3000 series) support IPv4/IPv6 dual stack.

Contents



H3C WLAN Product Introduction



Key Technical Features



H3C UMN Solutions and Advantages



Annex: Product Details

WA2110-AG

100 Mbps POE Control port Power jack

 Indoor FIT AP Supports single radio and multiple modes.  Supports IEEE802.11a or IEEE802.11b/IEEE802.11g.  Supports the virtual AP feature realized with multiple SSIDs.  Supports encryption algorithms such as WEP, TKIP, and AES.  Supports IPv6 networks.

WA2210-AG

100 Mbps POE Control port Power jack

 Indoor FIT/FAT AP Supports single radio and multiple modes.  Supports IEEE802.11a or IEEE802.11b/IEEE802.11g.  Supports the virtual AP feature realized with multiple SSIDs.  Supports encryption algorithms such as WEP, TKIP, and AES.  Supports IPv6 networks.

WA2220-AG

100 Mbps POE Control port Power jack

 Indoor FIT/FAT AP Supports double radios and multiple modes.  Supports IEEE802.11a, IEEE802.11b, and IEEE802.11g.  Supports the virtual AP feature realized with multiple SSIDs.  Supports encryption algorithms such as WEP, TKIP, and AES.  Supports IPv6 networks.

WA2210X-G

 Outdoor FIT/FAT AP Supports single radio and multiple modes.  Environment temperature requirement: -40 to 65℃ Outdoor chassis is not required.  Supports IEEE802.11b and IEEE802.11g.  Supports the 100 Mbps optical and electrical uplink port.  Supports IPv6 networks.

100BASE-FX 10/100BASE-TX Antenna & Feed line Port Ground Console

WA2220X-AG

 Outdoor FIT/FAT AP Supports double radios and multiple modes.  Environment temperature requirement: -40 to 65℃ Outdoor chassis is not required.  Supports IEEE802.11a, IEEE802.11b,and IEEE802.11g.  Supports the 100 Mbps optical and electrical uplink port.  Supports IPv6 networks.

100BASE-FX 10/100BASE-TX Antenna & Feed line Port 1 Ground Console Antenna & Feed line Port 2

WA2612-AGN

 Indoor FIT/FAT 11n AP Supports single radio and multiple modes.  Environment temperature requirement: -10 to 55℃.  Supports IEEE802.11AN, or IEEE802.11GN.  Supports 10/100/1000 Mbps electrical Ethernet uplink port.  Supports IPv6 networks.  802.3af (PoE) supported.

WA2620-AGN

 Indoor FIT/FAT 11n AP Supports dual radios and multiple modes.  Work environment temperature requirement: -10 to 55℃.  Supports IEEE802.11a, IEEE802.11b, IEEE802.11g, and IEEE802.11n.  Supports 10/100/1000 Mbps electrical Ethernet uplink port.  Supports IPv6 networks.  802.3af (PoE) supported.

Console Six built-in dual-band antennas and three RSMA interfaces

WA2610E-AGN

 Enhanced FIT/FAT 11n AP Supports single radio and multiple modes.  Environment temperature requirement: -10 to 55℃  Supports IEEE802.11AN, or IEEE802.11GN.  Supports 10/100/1000 Mbps electrical Ethernet uplink port.  Supports IPv6 networks.  DC power consumption: 13W.  802.3af (PoE) supported.

DC Input GE Uplink Console

WA2620E-AGN

 Enhanced FIT/FAT 11n AP Supports dual radios and multiple modes.  Work environment temperature requirement: -10 to 55℃  Supports IEEE802.11a, IEEE802.11b, IEEE802.11g, and IEEE802.11n.  Supports 10/100/1000 Mbps electrical Ethernet uplink port.  Supports IPv6 networks.  DC power consumption: 16W.  802.3at (PoE+) supported.

DC Input GE Uplink Console

Unified Switch-WX3008

Controller Integrated Access Controller, 8AP supported 802.11n supported, 4 port PoE/POE+ power supply

8 10/100/1000 switch

Software Feature : “The same as WX3024”

Console

Unified Switch-WX3010

Controller Integrated Access Controller, License step: 12 24 AP supported at maximum 802.11n supported, 8 port POE+ power supply

8 10/100/1000 switch 2 1000M SFP Console

Software Feature : “The same as WX3024”

Unified Switch-WX3024

Controller Integrated Access Controller, 48 AP supported at maximum Embedded WEB, Radius Server, Portal Server and DHCP Server 802.11n supported, 24 port POE+ power supply

24 10/100/1000 switch 4 SFP combo

10GE Uplink

Wireless Controller-WX5002

IPV6

 Independent desktop wireless controllers

• WX5002-64

 Output ports

• 2x1000BASE-T ports combo

SFP

• 1xconsole port
• 1x10/100 Base-TX with

external management port  Power supply

• 1+1 redundant AC power

supply  Performance

• Switching capacity: 4Gbps

 Number of managed APs: 64

Wireless Controller-WX5004

IPV6

 Independent desktop wireless controllers

• WX5004-256

 Output ports

• 4x1000BASE-T ports combo SFP
• 1xconsole port
• 1x10/100 Base-TX with external

management port  Power supply

• 1+1 redundant AC power supply

 Performance

• Switching capacity: 8Gbps

 Max Number of managed APs: 256  Default 64, License step 32

S5800 Wireless Blade Module (64AP)

IPV6

 64AP wireless blade module for S5800 series switch:

• LSWM1WCM20

 No output port  Performance

• Switching capacity: 4Gbps

 Number of managed APs: 64

Dimensions (L×W×H):221×166×36.6 (mm) Access Controller Switch model LSWM1WCM20 S5800-60C-PWR S5800-32C S5800-56C S5800-32C-PWR S5800-56C-PWR S5800-32F

S5800 Wireless Blade Module (256AP)

IPV6

 256AP wireless blade module for S5800 series switch:

• LSWM1WCM10

 No output port  Performance

• Switching capacity: 10Gbps
• Number of managed APs:

256

Dimensions (L×W×H): 230×220×30 (mm) Access Controller Switch model LSWM1WCM10 S5800-60C-PWR S5820X-28C

Chassis Wireless Controller-WX6100

IPv6

 Wireless controller chassis for both cable and wireless networks  Output ports

• High density GE port：24GE(4

Combo）

• First wireless controller that

supports 10GE ports in the industry  Performance

• Switching capacity: 48Gbps
• Number of managed APs: 640
• Number of managed APs of

two main controllers: 1280  Reliability

• Two main controllers with 1+1

redundant power supply

Wireless Controller Blades

LSQM1WCMB0

S7500E

 The performance of the S7500E/S9500E wireless controller module is the same as that of the WX6100. LSRM1WCM2A1

S9500E

Unified Management Rogue Device Detection Terminal Roaming Records RF Management Abundant reports

Multiple different network resources

WSM Five Highlights

Highlights of iMC WSM management

Wire-Wireless Unified Management

Wireless switch FAT AP FIT AP

Termina l Wireless Terminal

AC

Wire Wire-Wireless Unified Management Wireless Unified Management

Unified fied Performance M formance Monitor tor Unified fied Alarm Alarm Mgt Mgt Unified fied configuration figuration Unified fied Software u tware upgrade ade

Recording the following terminal information: IP address、tunnel、 SSID、belonged AC、belonged AP、used Radio,etc. Recording complete terminal information when accessing wireless network（time、 belonged AC、 belonged AP、 used Radio、IP address, etc.）

Comprehensive terminal roaming information Multi-way to locate terminal position Backdating conveniently

<<Wireless terminal Inquiry Interface Wireless terminal Roaming Inquiry Interface>>

Terminal Roaming Records Tracking

Adding the rogue devices into black list and launching attack

iMC Rogue device and terminal topology>>

Showing intruded rogue device information and attacking status

<<iMC Rogue device and terminal attacking interface

Rogue AP management

Step 2：AP layout Step 1：Input engineering base map

<<iMC RF SCT

Simplify process Improve efficiency

Traditional layout: very complex and has blind area. iMC RF SCT: simple layout, no blind area

RF Simulation Coverage Topology

Traditional layout: must run service first then adjust. iMC RF SCT: simulation in iMC, no need adjust in fact environment

iMC Self-Defined Report Interface>> Supported self-definition：report form、 generating time、report format (PDF\HTML\Excel\TXT)、sending object、sending way (Email\FTP), etc.

Self-Defined Reports

Q&A