Performance and capacity, Wireless lan security and control features, Identity-based security features – Alcatel-Lucent OmniAccess 6000 User Manual

T E C H N I C A L

S P E C I F I C A T I O N S

Performance and capacity

• Campus-connected APs: Up to 2,048

• Remote APs: Up to 8,192

• Users: Up to 32,768

• MAC addresses: Up to 256,000

• VLAN IP interfaces: 512

• Fast Ethernet ports (10/100): Up to 72

• Gigabit Ethernet ports (GBIC or SFP): Up to 40

• 10 Gigabit Ethernet ports (XFP): Up to 8

• Active firewall sessions: Up to 2,097,200

• Concurrent IPSec tunnels: Up to 32,768

• Firewall throughput: Up to 80 Gbps

• Encrypted throughput (3DES): Up to 32 Gbps

• Encrypted throughput (AES-CCM): Up to 16 Gbps

Wireless LAN security and
control features

• 802.11i security (WFA-certified WPA2 and WPA)

• 802.1X user and machine authentication

• EAP-PEAP, EAP-TLS, EAP-TTLS support

• Centralized AES-CCM, TKIP and WEP encryption

• 802.11i PMK caching for fast roaming applications

• EAP offload for AAA server scalability and

survivability

• Stateful 802.1X authentication for standalone APs

• MAC address, SSID and location-based

authentication

• Multi-SSID support for operation of multiple WLANs

• SSID-based RADIUS server selection

• Secure AP control and management over

IPSec or GRE

• CAPWAP-compatible and upgradeable

• Distributed WLAN mode for remote AP deployments

• Simultaneous centralized and distributed

WLAN support

Identity-based security features

• Captive portal, 802.1X and MAC address

authentication

• Username, IP address, MAC address and encryption

key binding for strong network identity creation

• Per-packet identity verification to prevent

impersonation

• RADIUS and LDAP-based AAA server support

• Internal user database for AAA server failover

protection

• Role-based authorization for eliminating

excess privilege

• Robust policy enforcement with stateful

packet inspection

• Per-user session accounting for usage auditing

• Web-based guest enrollment

• Configurable acceptable use policies for guest

access

• XML-based API for external captive portal

integration

• xSec option for wired LAN authentication and

encryption(802.1X authentication, 256-bit

AES-CBC encryption)

Convergence features

• Voice and data on a single SSID for

converged devices

• Flow-based QoS using voice flow classification (VFC)

• Alcatel-Lucent NOE, SIP, Spectralink SVP, SCCP

and Vocera ALGs

• Strict priority queuing for over-the-air QoS

• 802.11e support – WMM, U-APSD and T-SPEC

• QoS policing for preventing network abuse

via 802.11e

• DiffServ marking and 802.1p support for

network QoS

• On-hook and off-hook VoIP client detection

• VoIP call admission control (CAC) using VFC

• Call reservation thresholds for mobile VoIP calls

• Voice-aware RF management for ensuring

voice quality

• Fast roaming support for ensuring mobile

voice quality

• SIP early media and ringing tone generation

(RFC 3960)

• Per-user and per-role rate limits (bandwidth

contracts)

Adaptive radio management
(ARM) features

• Automatic channel and power settings for

thin APs

• Simultaneous air monitoring and end user services

• Self-healing coverage based on dynamic

RF conditions

• Dense deployment options for capacity optimization

• AP load balancing based on number of users

• AP load balancing based on bandwidth utilization

• Coverage hole and RF interference detection

• 802.11h support for radar detection and avoidance

• Automated location detection for active RFID tags

• Built-in XML-based Location API for RFID

applications

Wireless intrusion protection
features

• Integration with WLAN infrastructure
• Simultaneous or dedicated air monitoring

capabilities

• Rogue AP detection and built-in location

visualization

• Automatic rogue, interfering and valid AP

classification

• Over-the-air and over-the-wire rogue AP

containment

• Adhoc WLAN network detection and containment
• Windows client bridging and wireless bridge

detection

• Denial of service attack protection for APs

and stations

• Misconfigured standalone AP detection and

containment

• Third party AP performance monitoring and

troubleshooting

• Flexible attack signature creation for new

WLAN attacks

• EAP handshake and sequence number analysis
• Valid AP impersonation detection
• Frame floods, Fake AP and Airjack attack detection
• ASLEAP, death broadcast, null probe response

detection

• Netstumbler-based network probe detection

Stateful firewall features

• Stateful packet inspection tied to user identity

or ports

• Location and time-of-day aware policy definition
• 802.11 station awareness for WLAN firewalling
• Over-the-air policy enforcement and station

blacklisting

• Session mirroring and per-packet logs for

forensic analysis

2

Alcatel-Lucent OmniAccess 6000

The OAW-6000 offers a best in class, user-centric security framework to authenticate wireless users, enforce role-based

access control policies and quarantine unsafe endpoints from accessing the corporate wireless network. Guest users can

be easily and safely supported with the built-in captive portal server and advanced network services.

The OAW-6000 can create a secure networking environment without requiring additional VPN/firewall devices using

integrated site-to-site VPN and NAT capabilities, split-tunneling and an ICSA-certified stateful firewall. Site-to-site VPN

support can be integrated with all leading VPN concentrators to provide seamless integration into existing corporate VPNs.