The OAW-6000 offers a best in class, user-centric security framework to authenticate wireless users, enforce role-based access control policies and quarantine unsafe endpoints from accessing the corporate wireless network. Guest users can be easily and safely supported with the built-in captive portal server and advanced network services.

The OAW-6000 can create a secure networking environment without requiring additional VPN/firewall devices using integrated site-to-site VPN and NAT capabilities, split-tunneling and an ICSA-certified stateful firewall. Site-to-site VPN support can be integrated with all leading VPN concentrators to provide seamless integration into existing corporate VPNs.

TE CHN I CAL

SPECIFICAT

IONS

Performanc e and capaci ty

Campus-connected APs: Up to 2,048

Remote APs: Up to 8,192

Users: Up to 32,768

MAC addresses: Up to 256,000

VLAN IP interfaces: 512

Fast Ethernet ports (10/100): Up to 72

Gigabit Ethernet ports (GBIC or SFP): Up to 40

10 Gigabit Ethernet ports (XFP): Up to 8

Active firewall sessions: Up to 2,097,200

Concurrent IPSec tunnels: Up to 32,768

Firewall throughput: Up to 80 Gbps

Encrypted throughput (3DES): Up to 32 Gbps

Encrypted throughput (AES-CCM): Up to 16 Gbps

Wireless LAN security and control features

802.11i security (WFA-certified WPA2 and WPA)

802.1X user and machine authentication

EAP-PEAP, EAP-TLS, EAP-TTLS support

Centralized AES-CCM, TKIP and WEP encryption

802.11iPMK cachingfor fast roamingapplications

EAP offload for AAA server scalability and survivability

Stateful 802.1X authenticationfor standaloneAPs

MAC address, SSID and location-based authentication

Multi-SSIDsupportfor operationof multipleWLANs

SSID-based RADIUS server selection

Secure AP control and management over IPSec or GRE

CAPWAP-compatible and upgradeable

DistributedWLAN mode for remoteAP deployments

Simultaneous centralized and distributed WLAN support

Identity-bas ed security features

Captive portal, 802.1X and MAC address authentication

Username,IP address,MAC addressand encryption key binding for strong network identity creation

Per-packet identity verification to prevent impersonation

RADIUS and LDAP-based AAA server support

Internal user database for AAA server failover protection

Role-based authorization for eliminating excess privilege

Robust policy enforcement with stateful packet inspection

Per-user session accounting for usage auditing

Web-based guest enrollment

Configurable acceptable use policies for guest access

XML-based API for external captive portal integration

xSec option for wired LAN authentication and encryption(802.1X authentication, 256-bit AES-CBC encryption)

Convergence features

Voice and data on a single SSID for converged devices

Flow-basedQoS usingvoiceflow classification(VFC)

Alcatel-Lucent NOE, SIP, Spectralink SVP, SCCP and Vocera ALGs

Strict priority queuing for over-the-air QoS

802.11e support – WMM, U-APSD and T-SPEC

QoS policing for preventing network abuse via 802.11e

DiffServ marking and 802.1p support for network QoS

On-hook and off-hook VoIP client detection

VoIP call admission control (CAC) using VFC

Call reservation thresholds for mobile VoIP calls

Voice-aware RF management for ensuring voice quality

Fast roaming support for ensuring mobile voice quality

SIP early media and ringing tone generation (RFC 3960)

Per-user and per-role rate limits (bandwidth contracts)

Adaptive radio management (ARM) features

Automatic channel and power settings for thin APs

Simultaneousair monitoringand end user services

Self-healing coverage based on dynamic RF conditions

Dense deploymentoptionsfor capacityoptimization

AP load balancing based on number of users

AP load balancing based on bandwidth utilization

Coverage hole and RF interference detection

802.11hsupportfor radar detectionand avoidance

Automated location detection for active RFID tags

Built-in XML-based Location API for RFID applications

Wireless intrusion protection features

Integration with WLAN infrastructure

Simultaneous or dedicated air monitoring capabilities

Rogue AP detection and built-in location visualization

Automatic rogue, interfering and valid AP classification

Over-the-air and over-the-wire rogue AP containment

Adhoc WLAN network detection and containment

Windows client bridging and wireless bridge detection

Denial of service attack protection for APs and stations

Misconfigured standalone AP detection and containment

Third party AP performance monitoring and troubleshooting

Flexible attack signature creation for new WLAN attacks

EAP handshake and sequence number analysis

Valid AP impersonation detection

Framefloods,FakeAP and Airjackattack detection

ASLEAP, death broadcast, null probe response detection

Netstumbler-based network probe detection

Stateful firewall features

Stateful packet inspection tied to user identity or ports

Location and time-of-day aware policy definition

802.11 station awareness for WLAN firewalling

Over-the-air policy enforcement and station blacklisting

Session mirroring and per-packet logs for forensic analysis

2Alcatel-Lucent OmniAccess 6000

Page 1 Page 3
Page 2
Image 2
Alcatel-Lucent 6000 manual TE CHN I CAL Specificat Ions
Page 1 Page 3
Top Page Image Contents