Wireless LAN Security and Control Features |
• |
802.11i security (WiFi Alliance certified WPA2 and WPA) |
• |
802.1X user and machine authentication |
• |
EAP-PEAP, EAP-TLS, EAP-TTLS support |
• |
Centralized AES-CCM, TKIP and WEP encryption |
• |
802.11i PMK caching for fast roaming applications |
• |
EAP offload for AAA server scalability and survivability |
• |
Stateful 802.1X authentication for standalone APs |
• |
MAC address, SSID and location based authentication |
• |
Multi-SSID support for operation of multiple WLANs |
• |
SSID-based RADIUS server selection |
• |
Secure AP control and management over IPSEC or GRE |
• |
CAPWAP compatible and upgradeable |
• |
Distributed WLAN mode for remote AP deployments |
• |
Simultaneous centralized and distributed WLAN support |
Adaptive Radio Management™ (ARM) Features
|
• |
Automatic channel and power settings for controlled APs |
• |
Simultaneous air monitoring and end user services |
• |
Self-healing coverage based on dynamic RF conditions |
• |
Dense deployment options for capacity optimization |
• |
AP load balancing based on number of users |
• |
AP load balancing based on bandwidth utilization |
• |
Coverage hole and RF interference detection |
• |
802.11h support for radar detection and avoidance |
• |
Automated location detection for active RFID tags |
• |
Built-in XML based Location API for RFID applications |
VPN Server Features
|
• |
Site-to-site VPN support for branch office deployments |
• |
Site-to-site interoperability with 3rd party VPN servers |
• |
VPN server emulation for easy integration into WLAN |
• |
L2TP/IPSEC VPN termination for Windows VPN clients |
• |
Mobile client shim for roaming with RSA Tokens |
• |
XAUTH/IPSEC VPN termination for 3rd Party clients |
• |
PPTP VPN termination for legacy VPN integrationPAP, CHAP, MS-CHAP and MS-CHAPv2 authentication |
• |
Hardware encryption for DES, 3DES, AES, MPPE |
• |
Secure point-to-point xSec tunnels for L2 VPNs
|
Administration Features |
• |
Web-based user interface access over HTTP and HTTPS |
• |
QuickStart screens for easy wireless LAN switch configuration |
• |
CLI access using SSH, Telnet and console port |
• |
Role-based access control for restricted admin access |
• |
Authenticated access via RADIUS, LDAP or Internal DB |
• |
SNMPv3 and SNMPv2 support for controller monitoring |
• |
Standard MIBs and private enterprise MIBs |
• |
Detailed message logs with syslog event notification |
|
Identity-Based Security Features |
• |
Captive portal, 802.1X and MAC address authentication |
• |
Username, IP address, MAC address and encryption key binding for strong network identity creation |
• |
Per-packet identity verification to prevent impersonation |
• |
Endpoint posture assessment, quarantine and remediation |
• |
Role-based authorization for eliminating excess privilege |
• |
Robust policy enforcement with stateful packet inspection |
• |
Per-user session accounting for usage auditing |
• |
Web-based guest account creation |
• |
Configurable acceptable use policies for guest access |
• |
XML-based API for external captive portal integration |
• |
xSec option for authentication and encryption (802.1X authentication, 256-bit AES-CBC encryption) |
• |
Microsoft NAP, Symantec SSE support |
• |
RADIUS and LDAP based AAA server support |
• |
Internal user database for AAA server failover protection |
Wireless Intrusion Protection Features
|
• |
Integration with WLAN infrastructure |
• |
Simultaneous or dedicated air monitoring capabilities |
• |
Rogue AP detection and built-in location visualization |
• |
Automatic rogue, interfering and valid AP classification |
• |
Over-the-air and over-the-wire rogue AP containment |
• |
Ad-hoc WLAN network detection and containment |
• |
Windows client bridging and wireless bridge detection |
• |
Denial of service attack protection for APs and stations |
• |
Mis-configured standalone AP detection and containment |
• |
3rd party AP performance monitoring and troubleshooting |
• |
Flexible attack signature creation for new WLAN attacks |
• |
EAP handshake and sequence number analysis |
• |
Valid AP impersonation detection |
• |
Frame floods, fake AP and Airjack attack detection |
• |
ASLEAP, death broadcast, null probe response detection |
• |
NetStumbler-based network probe detection
|
Networking Features and Advanced Services |
• |
L2 and L3 switching over-the-air and over-the-wire |
• |
VLAN pooling for easy, scalable network designs |
• |
VLAN mobility for seamless L2 roaming |
• |
Proxy mobile IP and proxy DHCP for L3 roaming |
• |
Built-in DHCP server and DHCP relayAP provisioning based N+1 Wireless LAN switch redundancy (L3) |
• |
VRRP based N+1 Wireless LAN switch redundancy (L2) |
• |
Ether channel support for link redundancy |
• |
802.1d Spanning Tree Protocol (STP) |
• |
802.1Q VLAN tags |
Power Specifications |
• |
Power consumption 12 Watts |
• |
Input voltage 12V DC |
• |
Input current 1A |
|
|
AC-DC Power Adapter Specifications
|
• |
AC input voltage 100 to 240VAC (auto-sensing) |
• |
AC input current 1.1A RMS, maximum |
• |
AC input frequency 47-63 Hz |
• |
DC output voltage 12VDC |
• |
DC output current 3A, maximum |
|
Convergence Features |
• |
Voice and data on a single SSID for converged devices |
• |
Flow-based QoS using Voice Flow Classification™ (VFC) |
• |
Alcatel-Lucent NOE, SIP, Spectralink SVP, Cisco SCCP and Vocera ALGs |
• |
Strict priority queuing for over-the-air QoS |
• |
802.11e support – WMM, U-APSD and T-SPEC |
• |
QoS policing for preventing network abuse via 802.11e |
• |
DiffServ marking and 802.1p support for network QoS |
• |
On-hook and off-hook VoIP client detection |
• |
VoIP call admission control (CAC) using VFC |
• |
Call reservation thresholds for mobile VoIP calls |
• |
Voice-aware RF management for ensuring voice quality |
• |
Fast roaming support for ensuring mobile voice quality |
• |
SIP early media and ringing tone generation (RFC 3960) |
• |
Per-user and per-role rate limits (bandwidth contracts) |
Stateful Firewall Features
|
• |
Stateful packet inspection tied to user identity or ports |
• |
Location and time-of-day aware policy definition |
• |
802.11 station awareness for WLAN firewalling |
• |
Over-the-air policy enforcement and station blacklisting |
• |
Session mirroring and per-packet logs for forensic analysis |
• |
Detailed firewall traffic logs for usage auditing |
• |
ICSA corporate firewall 4.1 compliance |
• |
Application Layer Gateway (ALG) support for Alcatel-Lucent NOE, SIP, SCCP, RTSP, Vocera, FTP, TFTP, PPTP |
• |
Source and destination network address translation (NAT) |
• |
Dedicated flow processing hardware for high performance |
• |
TCP, ICMP denial of service attack detection and protection |
• |
Policy-based forwarding into GRE tunnels for guest traffic |
• |
External service interface for 3rd party security integration for inline anti-virus, anti-spam and content filtering apps |
• |
Heath checking and load balancing for external services |
Wireless LAN Switch-Based Management Features
|
• |
RF Planning and AP Deployment Toolkit |
• |
Centralized AP provisioning and image management |
• |
Live coverage visualization with RF heat maps |
• |
Detailed statistics visualization for monitoring |
• |
Remote packet capture for RF troubleshooting |
• |
Interoperable with Ethereal, Airopeek and AirMagnet analyzers |
• |
Multi-wireless LAN switch configuration management |
• |
Location visualization and device tracking |
• |
System-wide event collection and reporting |
Operating Specifications and Dimensions
|
• |
Operating temperature range 0° to 40° C |
• |
Storage temperature range 10° to 70° C |
• |
Humidity, non-condensing 5 to 95% |
• |
Height 1.1in (27.9 mm) |
• |
Width 9.5 in (241 mm) |
• |
Depth 6.7 in (171 mm) |
• |
Weight 2 lbs. (unboxed) |
|
|
Regulatory and Safety Compliance
|
• |
FCC part 15 Class A CE |
• |
Industry Canada Class A |
• |
VCCI Class A (Japan) |
• |
EN 55022 Class A (CISPR 22 Class A), EN 61000-3 |
• |
EN 61000-4-2, EN 61000-4-3, EN 61000-4-4, |
• |
EN 61000-4-5, EN 61000-4- 6, EN 61000-4-8, |
• |
EN 61000-4-11, EN 55024, AS/NZS 3548 |
• |
UL 60950 |
• |
CAN/CSA 22.2 #60950 |
• |
CE mark |
• |
PSE mark |
|
