|
WMS-308N
Network Access Control Gateway for user / device management (Authentication, Authorization, Accounting) (Concurrent Users:500) (2WAN + 4 LAN Giga Ethernet) |
||||||||||||||||||||||||||||||||||||||||||
PheeNet WMS-308N – applies to public access network such as WiFi-Hotspot, network management guest access, hospitality deployments – which requires reliability, efficiency, and security. It combines an IP Router / Firewall, Multi-WAN / QoS enforcement and Access Controller for use in wireless environments. One single WMS-308N Network Access Control Gateway can serve up to 500 simultaneous users, takes control over authentication, authorization, accounting and routing to the Internet as well as to the operating central. Built-in AAA system allows the owners set up public access services without extra RADIUS server.
WMS-308N Network Access Control Gateway / Controller provides authentication, authorization and accounting for a wired/or wireless networks. Hotspot technology allows Internet providers to offer Internet access to customers, while applying certain Internet use rules and limitation. It is convenient for Internet cafes, hotels, airports, schools and universities. The Internet provider gets complete tracking records of per customer time spent on the network, data amount sent/ received, real-time accounting and more. To begin browsing, a client must go through a registration process with the provider, and then enter a Passcode/Username of access ticket in a browser Login window that appears on the attempt to open a webpage. Hotspot technology proposes providers to establish and administrate a user database, which can be useful for enterprise such as airports, hotels or universities that offer wireless or Ethernet Internet connectivity to employees, students, guests or other groups of users. Technique scope: Wireless hotspot gateway, Wireless Gateway, Hotspot Gateway, Visitor Access Gateway, Wireless coverage, Network access control, Indoor ap, in wall ap, in-wall access point, ceiling ap, Ceiling access point, Indoor Wireless Access Point, Network Access Controller, Gateway, Secure WLAN Controller, Secure Wireless Office Controller, Enterprise Access Point, access point, managed access point, wireless AP, 802.11abgn, Wireless Mesh Network, Wireless Mesh, Wireless Management, Management Access Controller    Access Point Management and Support ■ WMS-308N Network Access Gateway / Controller Support 1.Max: 120 Access Points per Controller 2.Max: 500 wireless client per Controller 3.Provide Local Account : 5000 ■ AP Management - Control - Monitoring 1.Centralized AP Management (1)AP Group management-maintain a set of setting templates that simplify the task to assign the same setting to multiple APs (2)AP-Automatic configuration and provisioning by WMS-308N (3)Locally maintained configuration profiles for managed APs (4)Auto discovery for managed APs (5)Automatic recovery of APs in case of system failure (6)Central firmware Upgrade-Select multiple APs and upgrade their firmware at the same time , including bulk upgrade (7)Remote Firmware upgrade (8)Zero Configuration technology to restore defective AP's setting onto the replacement AP 2.Central AP Control (1)Provides MAC address Control list of client stations for each managed APs (2)Access Filter (3)Time-based AP access control (4)Single UI for upgrading and restoring managed APs’ firmware (5)WLAN Partition – if enabled, WLAN clients are not allowed to exchange data through the AP (WAP-854NP, WAP-1954NP, WAP-1954NP-C, WAP-3954NP, WAP-3954NP-C, WAP-3150NP, CPE-2010G / CPE-2000GN-1, WLO-12410N / WLO-12400N, WLO-15814N / WLO-15802N) (6)Max allowed APs (7)Support Roaming – Intra-Switch , Inter-band , Inter-Switch 3.Central AP Monitoring (1)Monitor AP Status (2)The number of associated clients to the AP (3)The AP RF information (4)Associated Station List (5)Monitoring IP List (6)Load balancing based on number of users (7)Load balancing based on utilization (8)AP User Statistic – Maintain all wireless clients connection history and depict statics in diagrams (9)Support Monitor IP on third-party APs (10)System alarms and status reports on managed APs (11)Topology Monitor-list monitored device; periodically updates devices’ status (12)AP life check-real time tracking monitors APs status (AP Health Checking) (13)Provide centralized remote management via HTTP/SNMP interface (14)Support MIB’s: 802.11, 802.1X, MIBII, RADIUS authentication, RADIUS Accounting (15)SYSLOG support including remote servers (16)Log-system log: operator action log ■ Radio Resource Management 1.Automatic Channel Assignment and power setting for controlled APs 2.Simultaneous air monitoring and end user service 3.Self-healing coverage based on dynamic RF condition 4.Dense deployment options for capacity optimizations 5.Multiple BSSID per Radio: 8 6.Hot Standby at AP mode (supports fail-over as a standby AP) 7.Load Balance with another available AP (Real-time users limitation) 8.Radio Management 9.Coverage interference detection ■ Convergence 1.8 Hardware queues per port 2.IEEE802.11p Class of Service/Quality of Service (CoS/QoS) 3.IEEE802.11e Wi-Fi Multimedia (WMM) 4.DiffServ Codpoint (DSCP) ■ Wireless Encryption 1.WPA personal and enterprise 2.WPA2 personal and enterprise 3.AES(CCMP): 128bit (FIP-197) 4.WEP40/64 and 104/128-bit 5.TKIP: RC4-40 6.SSL and TLS: RC4 128-bit and RSA1024 and 2048 bit 7.EAP-TLS, EAP-TTL/MSCHAPv2 ■ Wireless Security 1.IEEE802.1X network login user authentication (EAP-MD5/TLS/TTLs) 2.EAP over LAN (EAPoL) transport with PEAP and EAP-TLS authentication 3.RADIUS server authentication (RFC2618) 4.IEEE802.1X user authentication of controller management on controller Telnet and console sessions 5.Multiple access privilege levels 6.Hierarchical management and password protection for management interface 7.EAP offload for AAA server scalability and survivability 8.Stateful 802.1X authentication for standalone APs 9.SSID and Location based authentication 10.Multi-SSID support for operation of Multiple WLANs 11.Simultaneous Centralized and distributed WLAN support ■ Identity – Based Security 1.802.1X Authentication with WPA,WAP2 and 802.11i 2.Local Accounts of 802.1X Authentication 3.Support RADIUS /LDAP for AAA server 4.User Name and encryption key binding for strong network identity creation 5.Local User Data Base for AAA fail-over protection ■ Wireless Roaming Support 1.Inter AP roaming 2.Fast roaming 3.L2 roaming User Management ■ Support 500 simultaneous authentication users ■ Max 5000 Pregenerated/ On-Demand/ Local RADIUS/ authentication users ■ Users Session Management ■ Configurable user Black list (with schedule) ■ Allows MAC address and user identity binding for local user authentication ■ Authentication methods supported: Pregenerated/ On-Demand, Local RADIUS, LDAP, and Remote RADIUS and POP3 ■ SSL protected login portal page ■ Session idle timer ■ Login Session idle time out setting ■ Session and account expiration control ■ User Log and traffic statistic notification via automatically email service ■ Login time frame control ■ Session limit ■ Real-Time Online Users Traffic Statistic Reporting ■ Support local account roaming ■ Seamless Mobility: User-centric networking manages wired and wireless users as they roam between ports or wireless APs Service Domain ■ Integrating with WAP-854NP, WAP-1954NP, WAP-1954NP-C, WAP-3954NP, WAP-3954NP-C, WAP-3150NP, CPE-2010G / CPE-2000GN-1, WLO-12410N / WLO-12400N, WLO-15814N / WLO-15802N and other future PheeNet products to have Service Domain feature and each Service Domain can have its own settings: ■ The network is divided into maximum of 8 groups, each defined by VLAN Tag ■ Each Domain has its own 1.login portal page 2.authentication options 3.LAN/VLAN interface IP address range 4.Session number limit control 5.Traffic shaping 6.IP Plug and Play (IP PnP) 7.Multiple Authentication ■ Enable DHCP or not, and DHCP address range ■ Enable authentication or not ■ Types of authentication options (Local, RADIUS, LDAP, On-Demand and Pregenerated) ■ Web login/ logout/ redirected page (customizable) ■ Default Policy 1.NAT or Route Mode 2.Specific Route (WAN1 or WAN2 , or a specified gateway) 3.Login schedule 4.Bandwidth (max/min) Authentication ■ Authentication : single sign-on (SSO) client with authentication integrated into the local authentication environment through local/domain, LDAP, RADIUS, MAC authentication, and 802.1X ■ Customizable Login and Logout Portal Pages ■ Customizable Advertisement Links on Login Portal Page ■ User authentication with UAM (Universal Access Method), 802.1X/EAPoLAN, MAC address ■ Allow MAC address and user identity binding for local user authentication ■ No. Of Registered RADIUS Servers: 2 ■ Support MAC control list (ACL) ■ Support Multiple Login service on one Accounts ■ Support auto-expired guest accounts ■ Users can be divided into user groups ■ Each group (role) may get different network policies in different service zones ■ Max simultaneous user session (TCP/UDP) limit ■ Configurable user black list ■ Export/Import local users list to/from a text file ■ Web-based Captive Portal for SSL browser-based authentication ■ Authentication Type ■ IEEE802.1X (EAP, LEAP, EAP-TLS, EAP-TTLS, EAP-GTC, EAP-MD5) ■ RFC2865 RADIUS Authentication ■ RFC3579 RADIUS Support for EAP ■ RFC3748 Extensible Authentication Protocol ■ MAC Address authentication ■ Web-based captive portal authentication Authorization ■ Authorization: access control to network resource such as protected network with Intranet, Internet, bandwidth, VPN, and full stateful packet firewall Accounting ■ Provides billing plans for Pregenerated accounts ■ Provides billing plans for On-Demand accounts ■ Enables session expiration control for On-Demand accounts by time (hour) and data volume (MB) ■ Detailed per-user traffic history based on time and data volume for both local and on-demand accounts ■ Support local on-demand and external RADIUS server ■ Contain 10 configurable billing plans for on-demand accounts ■ Support credit card billing system by PayPal ■ Provide session expiration control for on-demand accounts ■ Support automatic email network traffic history Dual WAN ■ Load Balancing 1.Outbound Fault Tolerance 2.Outbound load balance 3.Multiple Domain Support 4.By Traffic 5.Bandwidth Management by individual and distribution on different network(Service Domain) ■ WAN Connection Detection QoS Enforcement ■ Packet classification via DSCP (Differentiated Services code Point ) ■ Diff/ToS ■ IEEE802.11p/CoS ■ IEEE 802.1Q Tag VLAN priority control ■ IEEE 802.11e WMM ■ Automatic mapping of WMM priorities to 802.1p and IP DSCP ■ IGMP Snooping for efficient multicast delivery ■ Upload and Download Traffic Managemen Firewall ■ Built-in DoS attack protection ■ Inspection Full stateful packet filter ■ Access Control List ■ Layer 7 Protocol Blocking ■ Multiple Domain Support ■ Active Firewall Session 16,000 Network ■ Support NAT or Router Mode ■ Support Static IP, Dynamic IP (DHCP Client), PPPoE and PPTP on WAN connection ■ DHCP Server per Interface; Multiple DHCP Networks ■ 802.3 Bridging ■ Proxy DNS/Dynamic DNS ■ IP/Port destination redirection ■ DMZ server mapping ■ Virtual server mapping ■ H.323 pass-through ■ Built-in with DHCP server ■ Support Static Routing ■ Binding VLAN with Ethernet interface ■ Support MAC Filter ■ Support IP Filter ■ Support Walled garden (free surfing zone) ■ Support MAC-address and IP address pass through ■ Support IP Plug and Play (IP PnP) System Administration ■ Three administrator accounts ■ Provide customizable login and logout portal page ■ CLI access (Remote Management) via Telnet and SSH ■ Remote firmware upgrade (via the Web) ■ Utilities to backup and restore the system configuration ■ Full Statistics and Status Reporting ■ Real-time traffic monitoring ■ Ping Watchdog Network Management ■ Event Syslog ■ Status monitoring of on-line users ■ IP-based monitoring of network devices ■ Interface connection status ■ Support Syslog for diagnosing and troubleshooting ■ User traffic history logging ■ User’s session log can be sent to Syslog server ■ Remote Syslog reporting to external server ■ Traffic Analysis and Statistics ■ SNMP v1, v2c, v3 ■ SNMP Traps to a list of IP Addresses ■ Support MIB-II ■ NTP Time Synchronization ■ Administrative Access : HTTP / HTTPS 
|
|||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||
