Alcatel-Lucent OmniAccess 4604 User Manual
Page 2
T E C H N I C A L
S P E C I F I C A T I O N S
Performance and capacity
(OAW-4504 / OAW-4604 /
OAW-4704)
• Campus-connected APs: Up to 32/64/128
• Remote APs: Up to 128/256/512
• Users: Up to 512/1024/2048
• MAC addresses: Up to 64,000
• VLAN IP interfaces: 128
• Gigabit Ethernet ports (RJ-45 or SFP): 4
• Active firewall sessions: Up to 128,000
• Concurrent IPSec tunnels: Up to 512/1024/2048
• Firewall throughput: 3/4/4 Gbps
• Encrypted throughput (3DES, AESCBC256):
1.6/4/8 Gbps
• Encrypted throughput (AES-CCM): 0.8/2/4 Gbps
Wireless LAN security and
control features
• 802.11i security (WFA certified WPA2 and WPA)
• 802.1X user and machine authentication
• EAP-PEAP, EAP-TLS, EAP-TTLS support
• Centralized AES-CCM, TKIP and WEP encryption
• 802.11i PMK caching for fast roaming applications
• EAP offload for AAA server scalability and
survivability
• Stateful 802.1X authentication for standalone APs
• MAC address, SSID and location-based
authentication Multi-SSID support for operation
of multiple WLANs
• SSID-based RADIUS server selection
• Secure AP control and management over IPSec
or GRE
• CAPWAP compatible and upgradeable
• Distributed WLAN mode for remote AP deployments
• Simultaneous centralized and distributed
WLAN support
Identity based security features
• Captive portal, 802.1X and MAC address
authentication
• Username, IP address, MAC address and
encryption key binding for strong network
identity creation
• Per-packet identity verification to prevent
impersonation
• RADIUS and LDAP-based AAA server support
• Internal user database for AAA server failover
protection
• Role-based authorization for eliminating
excess privilege
• Robust policy enforcement with stateful
packet inspection
• Per-user session accounting for usage auditing
• Web-based guest enrollment
• Configurable acceptable use policies for
guest access
• XML-based API for external captive
portal integration
• xSec option for wired LAN authentication and
encryption (802.1X authentication, 256-bit
AES-CBC encryption)
2
Alcatel-Lucent OmniAccess 4504, OmniAccess 4604, OmniAccess 4704
The OAW-4504 is designed for small businesses and branch offices, while the OAW-4604 and OAW-4704 are
designed for medium to large enterprise or dense office deployments. These three WLAN switches can be easily
deployed as an overlay without any disruption to the existing wired network.
Advanced voice-over-WLAN features such as Call Admission Control (CAC), voice-aware RF management and strict
over-the-air quality of service (QoS) allow the OAW-4504, OAW-4604, and OAW-4704 to deliver mobile VoIP capabilities.
These switches are managed via the integrated management capability of the Alcatel-Lucent OmniAccess Wireless Operating
System or the Alcatel-Lucent OmniVista™ Mobility Manager.
Additionally, the OAW-4504, OAW-4604, OAW-4704 offer best in class, user-centric security framework to authenticate
wireless users, enforce role-based access control policies and quarantine unsafe endpoints from accessing the corporate
wireless network. Guest users can be easily and safely supported with the built-in captive portal server and advanced
network services.
The OAW-4504, OAW-4604, OAW-4704 can create a secure networking environment without requiring additional
VPN/firewall devices using integrated site-to-site VPN and NAT capabilities, split-tunneling and stateful firewall.
Site-to-site VPN support can be integrated with all leading VPN concentrators to provide seamless integration into
existing corporate VPNs
B E N E F I T S
F E A T U R E S
• Real time location tracking
• Quality of service, extended battery
capabilities, application layer gateway
(ALG) for voice protocols
• Allows for the real time location tracking of wireless users to enrich presence
information. Also supports location tracking of wireless asset tags throughout
the enterprise.
• Improves voice quality through support of QoS mechanisms such as WMM, DSCP
marking and prioritization, and connection admission control. Also improves
voice end user experience by maximizing battery lifer with protocols such as
U-APSD. Provides un-matched voice security through embedded stateful firewall.