1 Access Point Management and Support
1.1 WMS-308N Network Access Gateway / Controller Support
· Max: 120 Access Points per Controller
· Max: 1000 wireless client per Controller
· Provide Local Account : 5000
1.2 AP Management – Control - Monitoring
1.2.1 Centralized AP Management
· AP Group management –maintain a set of setting templates that simplify the task to assign the same setting to multiple APs
· AP-Automatic configuration and provisioning by WMS-308N
· Locally maintained configuration profiles for managed APs
· Auto discovery for managed APs
· Automatic recovery of APs in case of system failure
· Central firmware Upgrade-Select multiple APs and upgrade their firmware at the same time , including bulk upgrade
· Remote Firmware upgrade
· Zero Configuration technology to restore defective AP’s setting onto the replacement AP
1.2.2 Central AP Control
· Provides MAC address Control list of client stations for each managed APs
· Access Filter
· Time-based AP access control
· Single UI for upgrading and restoring managed APs’ firmware
· Max allowed APs
· Support Roaming – Intra-Switch , Inter-band , Inter-Switch
1.2.3 Central AP Monitoring
· Monitor AP Status
· The number of associated clients to the AP
· The AP RF information
· Associated Station List
· Monitoring IP List
· Load balancing based on number of users
· Load balancing based on utilization
· AP User Statistic – Maintain all wireless clients connection history and depict statics in diagrams
· Support Monitor IP on third-party APs
· System alarms and status reports on managed APs
· Topology Monitor-list monitored device; periodically updates devices’ status
· AP life check-real time tracking monitors APs status (AP Health Checking)
· Provide centralized remote management via HTTP/SNMP interface
· Support MIB’s: 802.11, 802.1X, MIBII, RADIUS authentication, RADIUS Accounting
· SYSLOG support including remote servers
· Log-system log: operator action log
1.3 Radio Resource Management
· Automatic Channel Assignment and power setting for controlled APs
· Simultaneous air monitoring and end user service
· Self-healing coverage based on dynamic RF condition
· Dense deployment options for capacity optimizations
· Multiple BSSID per Radio: 8
· Hot Standby at AP mode (supports fail-over as a standby AP)
· Load Balance with another available AP (Real-time users limitation)
· Radio Management
· Coverage interference detection
1.4 Convergence
· 8 Hardware queues per port
· IEEE802.11p Class of Service/Quality of Service (CoS/QoS)
· IEEE802.11e Wi-Fi Multimedia (WMM)
· DiffServ Codpoint (DSCP)
1.5 Wireless Encryption
· WPA personal and enterprise
· WPA2 personal and enterprise
· AES(CCMP): 128bit (FIP-197)
· WEP40/64 and 104/128-bit
· TKIP: RC4-40
· SSL and TLS: RC4 128-bit and RSA1024 and 2048 bit
· EAP-TLS, EAP-TTL/MSCHAPv2
1.6 Wireless Security
· IEEE802.1X network login user authentication (EAP-MD5/TLS/TTLs)
· EAP over LAN (EAPoL) transport with PEAP and EAP-TLS authentication
· RADIUS server authentication (RFC2618)
· IEEE802.1X user authentication of controller management on controller · Telnet and console sessions
· Multiple access privilege levels
· Hierarchical management and password protection for management interface
· EAP offload for AAA server scalability and survivability
· Stateful 802.1X authentication for standalone APs
· SSID and Location based authentication
· Multi-SSID support for operation of Multiple WLANs
· Simultaneous Centralized and distributed WLAN support
1.7 Identity –Based Security
· 802.1X Authentication with WPA,WAP2 and 802.11i
· Local Accounts of 802.1X Authentication
· Support RADIUS /LDAP for AAA server
· User Name and encryption key binding for strong network identity creation
· Local User Data Base for AAA fail-over protection
1.8 Wireless Roaming Support
· Inter AP roaming
· Fast roaming
· L2 roaming
2 User Management
· Support 1000 simultaneous authentication users
· Max 5000 Pregenerated/ On-Demand/ Local RADIUS/ authentication users
· Users Session Management
· Configurable user Black list (with schedule)
· Allows MAC address and user identity binding for local user authentication
· Authentication methods supported: Pregenerated/ On-Demand, Local RADIUS, LDAP, and Remote RADIUS
· SSL protected login portal page
· Session idle timer
· Login Session idle time out setting
· Session and account expiration control
· User Log and traffic statistic notification via automatically email service
· Login time frame control
· Session limit
· Real-Time Online Users Traffic Statistic Reporting
3 Service Domain
· Integrating with WAP-854NP/ WAP-954GP and other future PheeNet products to have Service Domain feature and each Service Domain can have its own settings:
· The network is divided into maximum of 8 groups, each defined by VLAN Tag
· Each Domain has its own (1) login portal page (2) authentication options (3) LAN/VLAN interface IP address range (4) Session number limit control (5) Traffic shaping (6) IP Plug and Play (IP PnP) (7) Multiple Authentication
· Enable DHCP or not, and DHCP address range
· Enable authentication or not
· Types of authentication options (Local, RADIUS, LDAP, On-Demand and Pregenerated)
· Web login/ logout/ redirected page (customizable)
3.1 Default Policy
· NAT or Route Mode
· Specific Route (WAN1 or WAN2 , or a specified gateway)
· Login schedule
· Bandwidth (max/min)
4 Authentication
· Authentication : single sign-on (SSO) client with authentication integrated into the local authentication environment through local/domain, LDAP, RADIUS, MAC authentication, and 802.1X
· Customizable Login and Logout Portal Pages
· Customizable Advertisement Links on Login Portal Page
· User authentication with UAM (Universal Access Method), 802.1X/EAPoLAN, MAC address
· Allow MAC address and user identity binding for local user authentication
· No. Of Registered RADIUS Servers: 2
· Support MAC control list (ACL)
· Support Multiple Login service on one Accounts
· Support auto-expired guest accounts
· Users can be divided into user groups
· Each group (role) may get different network policies in different service zones
· Authentication Type
· IEEE802.1X (EAP, LEAP, EAP-TLS, EAP-TTLS, EAP-GTC, EAP-MD5)
· RFC2865 RADIUS Authentication
· RFC3579 RADIUS Support for EAP
· RFC3748 Extensible Authentication Protocol
· MAC Address authentication
· Web-based captive portal authentication
5 Authorization
Authorization: access control to network resource such as protected network with Intranet, Internet, bandwidth, VPN, and full stateful packet firewall
6 Accounting
· Provides billing plans for Pregenerated accounts
· Provides billing plans for On-Demand accounts
· Enables session expiration control for On-Demand accounts by time (hour) and data volume (MB)
· Detailed per-user traffic history based on time and data volume for both local and on-demand accounts
· Support local on-demand and external RADIUS server
· Contain 10 configurable billing plans for on-demand accounts
· Support credit card billing system by PayPal
· Provide session expiration control for on-demand accounts
· Support automatic email network traffic history
7 Dual WAN
Load Balancing
· Outbound Fault Tolerance
· Outbound load balance
· Multiple Domain Support
· By Traffic
· Bandwidth Management by individual and distribution on different network(Service Domain)
8 QoS Enforcement
· Packet classification via DSCP (Differentiated Services code Point )
· Diff/ToS
· IEEE802.11p/CoS
· IEEE 802.1Q Tag VLAN priority control
· IEEE 802.11e WMM
· Automatic mapping of WMM priorities to 802.1p and IP DSCP
· IGMP Snooping for efficient multicast delivery
· Upload and Download Traffic Management
9 Firewall
· Built-in DoS attack protection
· Inspection Full stateful packet filter
· Access Control List
· Layer 7 Protocol Blocking
· Multiple Domain Support
· Active Firewall Session – 16,000
10 Network
· Support NAT or Router Mode
· Support Static IP, Dynamic IP (DHCP Client), PPPoE and PPTP on WAN connection
· DHCP Server per Interface; Multiple DHCP Networks
· 802.3 Bridging
· Proxy DNS/Dynamic DNS
· IP/Port destination redirection
· DMZ server mapping
· Virtual server mapping
· H.323 pass-through
· Built-in with DHCP server
· Support Static Routing
· Binding VLAN with Ethernet interface
· Support MAC Filter
· Support IP Filter
· Support Walled garden (free surfing zone)
· Support MAC-address and IP –address pass through
· Support IP Plug and Play (IP PnP)
11 System Administration
· Three administrator accounts
· Provide customizable login and logout portal page
· CLI access (Remote Management) via Telnet and SSH
· Remote firmware upgrade (via the Web)
· Utilities to backup and restore the system configuration
· Full Statistics and Status Reporting
· Real-time traffic monitoring
· Ping Watchdog
12 Network Management
· Event Syslog
· Status monitoring of on-line users
· IP-based monitoring of network devices
· Interface connection status
· Support Syslog for diagnosing and troubleshooting
· User traffic history logging
· User’s session log can be sent to Syslog server
· Remote Syslog reporting to external server
· Traffic Analysis and Statistics
· SNMP v1, v2c, v3
· SNMP Traps to a list of IP Addresses
· Support MIB-II
· NTP Time Synchronization
· Administrative Access : HTTP / HTTPS
PheeNet WMS-308N контроллер точек доступа WiFi является центром управления беспроводной сети, одновременно сочетает в себе IP-маршрутизатор / Firewall / Multi- WAN / QoS, а так же AAA шлюз (Authentication, Authorization, Accounting). Контроллер WMS-308N создан для быстрого развертывания и обеспечения надежной работы защищённых Wi-Fi сетей средних и крупных предприятий, складов, офисов, гостиниц и торговых центров.
Встроенный AAA шлюз позволяет настроить общедоступные сервисы, используя гибкие правила и ограничения клиентского доступа, без дополнительного сервера RADIUS. Это удобно для беспроводных сетей кафе, отелей , торговых центров или университетов, где необходимо развернуть коммерческую WiFi сеть. Провайдер будет иметь полную информацию о клиентских подключениях (времени соединения, объеме переданных / полученных данных, биллинга и т.д.)
Поддержка контроллером WMS-308N функции бесшовного роуминга, а так же высокая производительность системы позволяет полностью осуществить переход проводной корпоративной сети на беспроводную. Данная функция позволит сотрудникам иметь непрерывное WiFi соединение при перемещение в зоне покрытия беспроводной сети (IP телефония и мобильные устройства)
Функция предварительного генерирования и печати паролей, реализованная в контроллере PheeNet позволит сохранить надёжность корпоративной сети, не усложняя процедуру предоставления гостевого доступа.
Видеоинструкция “Как настроить бесшовный роуминг на контроллере Pheenet WMS-308N”
Тестирование времени переключения (handover) между точками доступа Pheenet под управлением контроллера WMS-308N