Huawei AC650-256AP Wireless Access Controller, up to 256 AP

Huawei AC650-256AP Wireless Access Controller, up to 256 AP

Marca: Huawei

Código de producto: HUA-AC650-256AP

Número de catálogo: 9866

Garantía (meses):

Precio

387,53 €

476,66 € IVA incluido

favoriteAñadir a la lista de deseos

Descripción

The Huawei AC650-256AP is a device that combines a Wireless Access Controller (WAC) and a switch. It can simultaneously manage up to 256 access points, making it suitable for various types of networks. It is equipped with 10 gigabit Ethernet ports (10/100/1000 Mbps) and 2 SFP+ slots (10 Gbps), capable of handling 10 Gbps traffic, which is crucial for large networks. The AC650-256AP features a built-in AAA/Portal server, providing authentication through a portal or 802.1X. You can configure it in in-path, off-path, bridge, or mesh modes with Layer 2 or Layer 3 connections. It supports backup connections for multiple WACs - 1+1 HSB and N+1 backup. The system provides administrators with rich tools for error detection and diagnostics, greatly facilitating and speeding up centralized network management, such as through quick configuration of connected access points.

Controller for 256 access points

The device is designed to operate as a controller in Huawei wireless systems and can handle up to 256 access points. It supports load balancing using smart roaming, the DFA algorithm for automatic detection of overlapping channels, as well as EDCA and airtime scheduling.

The controller features a built-in portal/AAA server, providing user authentication based on a portal or 802.1X. Authentication covers both wired and wireless users.

High performance, 2 SFP+ slots, 10 gigabit Ethernet ports

The AC650-256AP is equipped with 2 SFP+ slots with a throughput of 10 Gbps each, along with 10 gigabit Ethernet ports (10/100/1000 Mbps). It has an integrated switch function, which is useful if you are using an in-path configuration.

The device features a high-performance quad-core ARM processor clocked at 1.2 GHz and 2 GB of DDR4 RAM. Depending on the authentication method, it is capable of handling up to 2048 users connected simultaneously.

Advanced monitoring and diagnostics, numerous configuration options

The web interface provides rich capabilities for network monitoring, checking user and access point status, and each radio. In the event of performance degradation, you can quickly identify which segment of the network is malfunctioning. Configuration is simplified with the ability to create profiles and groups of access points. When connecting a new AP, configuration can be copied from another device. With just one click, you can access advanced network diagnostics with suggested solutions for any issues encountered.

The controller can operate in various network modes: in-path, off-path, bridge, or mesh. Access points can be connected at either Layer 2 or Layer 3, depending on the requirements of the location. Additionally, the AC650-256AP supports multiple backup features to ensure operational stability. You can utilize 1+1 HSB and N+1 WAC backup as well as port backups using LACP (Link Aggregation Control Protocol) or MSP (Multiple Spanning Tree Protocol).

Usage

The offered product has been designed for use in large networks where advanced management and convenient monitoring are necessary, allowing for quick configuration and connection of new devices and rapid detection of various errors. External controller deployment also enhances the overall stability of the network; in the case of three devices (controller + router + switch), the workload is evenly distributed among them. Conversely, with a single gateway, there's a risk of it becoming a bottleneck for the entire system.

Specifications

Performance
Huawei AC650-256AP
Number of managed APs	256
Number of access users	2048 (The maximum number of access users varies depending on the authentication mode)
Number of MAC address entries	8192
Forwarding capability	10 Gb/s
Number of VLANs	4096
Number of routing entries	IPv4 4096 IPv6: 2048
Number of ARP entries	4096
Number of multicast forwarding entries	2048
Number of DHCP IP address pools	64 IP address pools, each of which contains a maximum of 8192 IP addresses
Number of local accounts	1024
Number of ACLs	4096
Physical features
Dimensions (H x W x D)	43.6 mm x 210 mm x 250 mm
Interface type	2 x 10GE optical ports +10 x GE electrical ports 1 x Console (RJ45), 1 x USB
Maximum power consumption	21 W
Weight	1,47 kg
Operating temperature and altitude	-60 m to +1800 m: 0°C to 45°C 1800 m to 5000 m: Temperature decreases by 1°C every time the altitude increases 220 m.
Relative humidity	5% RH to 95% RH, noncondensing
Power modules	AC/DC adapter
Switching and forwarding features
Ethernet features	Ethernet Operating modes of full duplex, half duplex, and auto-negotiation Rates of an Ethernet interface: 10 Mbps, 100 Mbps, 1000 Mbps, and auto-negotiation Flow control on interfaces Jumbo frames Link aggregation Load balancing among links of a trunk Interface isolation and forwarding restriction Broadcast storm suppression VLAN Access modes of access, trunk, and hybrid Default VLAN VLAN pool MAC Automatic learning and aging of MAC addresses Static, dynamic, and blackhole MAC address entries Packet filtering based on source MAC addresses Interface-based MAC learning limiting ARP Static and dynamic ARP entries ARP in a VLAN Aging of ARP entries LLDP
Ethernet loop protection	MSTP STP RSTP MSTP BPDU protection, root protection, and loop protection Partitioned STP
IPv4 forwarding	IPv4 ARP and RARP Proxy ARP Auto-detection NAT Bonjour protocol Unicast routing Static route RIP-1 and RIP-2 OSPF BGP IS-IS Routing policies and policy-based routing URPF check DHCP server and relay DHCP snooping Multicast routing IGMPv1, IGMPv2, and IGMPv3 PIM-SM Multicast routing policies RPF
IPv6 forwarding	IPv6 ND protocol Unicast routing Static route RIPng OSPFv3 BGP4+ IS-IS IPv6 DHCPv6 DHCPv6 snooping Multicast routing MLD MLD snooping
Device reliability	BFD
Layer 2 multicast	IGMP snooping Prompt leave Multicast traffic control Inter-VLAN multicast replication
Ethernet OAM	Neighbor discovery Link monitoring Fault notification Remote loopback
QoS	Traffic classification Traffic classification based on the combination of the L2 protocol header, IP 5-tuple, and 802.1p priority Action Access control after traffic classification Traffic policing based on traffic classification Re-marking packets based on traffic classifiers Class-based packet queuing Associating traffic classifiers with traffic behaviors Queue scheduling PQ DRR PQ+DRR WRR PQ+WRR Congestion avoidance SRED WRED Application control Smart Application Control (SAC)
Configuration and maintenance	Terminal service Configurations using command lines Error message and help information in English Login through console and Telnet terminals Send function and data communications between terminal users File system File systems Directory and file management File uploading and downloading using FTP and TFTP Debugging and maintenance Unified management of logs, alarms, and debugging information Electronic labels User operation logs Detailed debugging information for network fault diagnosis Network test tools such as traceroute and ping commands Intelligent diagnosis Interface mirroring and flow mirroring Version upgrade Device software loading and online software loading BIOS online upgrade In-service patching
Network management	Different user levels for commands, preventing unauthorized users from accessing device SSHv2.0 RADIUS and HWTACACS authentication for login users ACL filtering DHCP packet filtering (with the Option 82 field) Local attack defense function that can protect the CPU and ensure that the CPU can process services Defense against control packet attacks Defenses against attacks such as source address spoofing, Land, SYN flood (TCP SYN), Smurf, ping flood (ICMP echo), Teardrop, broadcast flood, and Ping of Death attacks IPsec URL filtering Antivirus Intrusion prevention ICMP-based ping and traceroute SNMPv1, SNMPv2c, and SNMPv3 Standard MIB RMON NetStream
Wireless networking
Networking between APs and WACs	APs and WACs can be connected through a Layer 2 or Layer 3 network. APs can be directly connected to a WAC. APs are deployed on a private network, while WACs are deployed on the public network to implement NAT traversal. WACs can be used for Layer 2 bridge forwarding or Layer 3 routing. WAN authentication escape is supported between APs and WACs. In local forwarding mode, this feature retains the online state of existing STAs and allows access of new STAs when APs are disconnected from WACs, ensuring service continuity.
Forwarding mode	Direct forwarding (distributed forwarding or local forwarding) Tunnel forwarding (centralized forwarding) Centralized authentication and distributed forwarding In direct forwarding mode, user authentication packets support tunnel forwarding. Soft GRE forwarding Tunnel forwarding + EoGRE tunnel
Wireless networking mode	WDS bridging: Point-to-point (P2P) wireless bridging Point-to-multipoint (P2MP) wireless bridging Automatic topology detection and loop prevention (STP) Wireless mesh network: Access authentication for mesh devices Mesh routing algorithm Zero-configuration provisioning (ZTP) Mesh network with multiple MPPs Vehicle-ground fast link handover Mesh client mode
WAC discovery	An AP can obtain the WAC's IP address in any of the following ways: Static configuration DHCP DNS The WAC uses DHCP or DHCPv6 to allocate IP addresses to APs. DHCP or DHCPv6 relay is supported. On a Layer 2 network, APs can discover a WAC by sending broadcast CAPWAP packets.
CAPWAP tunnel	Centralized CAPWAP CAPWAP control tunnel and (optional) data tunnel CAPWAP tunnel forwarding and direct forwarding in an extended service set (ESS) Datagram Transport Layer Security (DTLS) encryption, which is enabled by default for the CAPWAP control tunnel Heartbeat detection and tunnel reconnection
Active and standby WACs	Enables and disables the switchback function. Supports load balancing. Supports 1+1 HSB. Supports N+1 backup. Supports wireless configuration synchronization between WACs. Supports license sharing between WACs
AP management
AP access control	Displays MAC addresses or SNs of APs in the whitelist. Adds a single AP or multiple APs (by specifying a range of MAC addresses or SNs) to the whitelist. Automatically discovers and manually confirms APs. Automatically discovers APs without manually confirming them.
AP region management	Supports three AP region deployment modes: Distributed deployment: APs are deployed independently. An AP is equivalent to a region and does not interfere with other APs. APs work at the maximum power and do not perform radio calibration. Common deployment: APs are loosely deployed. The transmit power of each radio is less than 50% of the maximum transmit power. Centralized deployment: APs are densely deployed. The transmit power of each radio is less than 25% of the maximum transmit power. Specifies the default region to which automatically discovered APs are to be added.
AP profile management	Specifies the default AP profile that is applied to automatically discovered APs
AP type management	Manages AP attributes including the number of interfaces, AP types, number of radios, radio types, maximum number of virtual access points (VAPs), maximum number of associated users, and radio gain (for some APs deployed indoors). Provides built-in default AP types.
Network topology management	Supports LLDP topology detection.
AP working mode management	Supports AP working mode switchover. The AP working mode can be switched to the Fat or cloud mode on the WAC
Radio management
Radio profile management	Supports the following parameter settings in a radio profile: Radio working mode and rate Automatic or manual channel and power adjustment mode Radio calibration interval Radio type, which can be set to 802.11b, 802.11b/g, 802.11b/g/n, 802.11g, 802.11n, 802.11g/n, 802.11a, 802.11a/n, 802.11ac, or 802.11ax Allows you to bind a radio to a specified radio profile. Supports MU-MIMO.
Unified static configuration of parameters	Configures radio parameters such as the channel and power of each radio on the WAC and delivers the configurations to APs.
Dynamic management	APs can automatically select working channels and power when they go online. In an AP region, APs automatically adjust working channels and power in the event of signal interference: Partial calibration: The optimal working channel and power of a specified AP can be adjusted. Global calibration: The optimal working channels and power of all the APs in a specified region can be adjusted. The DFA function automatically identifies, switches, or disables redundant radios, reducing 2.4 GHz co-channel interference and increasing system capacity. When an AP is removed or goes offline, the WAC increases the power of neighboring APs to compensate for the coverage hole. Automatic selection and calibration of radio parameters in AP regions are supported.
Enhanced service capabilities	Band steering: enables terminals to preferentially access the 5 GHz frequency band, achieving load balancing between the 2.4 GHz and 5 GHz frequency bands. Smart roaming: enables sticky terminals to roam to APs with better signals. 802.11k and 802.11v smart roaming 802.11r fast roaming (≤ 50 ms)
WLAN service management
ESS management	Allows you to enable SSID broadcast, set the maximum number of access users, and set the association aging time in an ESS. Isolates APs at Layer 2 in an ESS. Maps an ESS to a service VLAN. Associates an ESS with a security profile or a QoS profile. Enables IGMP for APs in an ESS. Supports Chinese SSIDs.
VAP-based service management	Adds multiple VAPs at a time by binding radios to ESSs. Displays information about a single VAP, VAPs with a specified ESS, or all VAPs. Supports configuration of offline APs. Creates VAPs according to batch delivered service provisioning rules in automatic AP discovery mode
Automatic service provisioning management	Supports service provisioning rules configured for a specified radio of a specified AP type. Adds automatically discovered APs to the default AP region. The default AP region can be preconfigured. Applies a service provisioning rule to a region to enable APs in the region to go online.
Multicast service management	IGMP snooping IGMP proxy
Load balancing	Performs load balancing among radios in a load balancing group. Supports two load balancing modes: Based on the number of STAs connected to each radio Based on the traffic volume on each radio
BYOD (Bring Your Own Device)	Identifies device types according to the OUI in the MAC address. Identifies device types according to the user agent (UA) field in an HTTP packet. Identifies device types according to DHCP Option information. Carries device type information in RADIUS authentication and accounting packets.
Location services	Locates AeroScout and Ekahau tags. Locates Wi-Fi terminals. Locates Bluetooth terminals. Locates Bluetooth tags.
Spectrum analysis	Identifies the following interference sources: Bluetooth, microwave ovens, cordless phones, ZigBee, game controller, 2.4 GHz/5 GHz wireless audio and video devices, and baby monitors. Works with the eSight to display spectrums of interference sources.
Hotspot 2.0	Supports a Hotspot2.0 network.
Internet of Things (IoT)	Supports IoT cards on the AP to converge the WLAN and IoT
Navi WAC	Supports remote STA access on the Navi WAC.
Centralized license control	Supports a license server as the centralized AP license control point. Allows a license server to manage license clients. Supports license synchronization between a license server and clients
WLAN user management
Address allocation of wireless users	Functions as a DHCP server to assign IP addresses to wireless users.
WLAN user management	Supports user blacklist and whitelist. Controls the number of access users: Based on APs Based on SSIDs Logs out users in any of the following ways: Using RADIUS DM messages Using commands Supports various methods to view information: Allows you to view the user status based on the user MAC address, AP ID, radio ID, or WLAN ID. Displays the number of online users by ESS, AP, or radio. Collects STA-based packet statistics on the air interface.
WLAN user roaming	Supports intra-AC Layer 2 roaming. Supports inter-VLAN Layer 3 roaming on a WAC. Supports roaming between WACs. Supports fast key negotiation in 802.1X authentication. Authenticates users who request to reassociate with the WAC and rejects the requests of unauthorized users. Delays clearing user information after a user goes offline so that the user can rapidly go online again.
User group management	Supports ACLs. Supports user isolation: Inter-group isolation Intra-group isolation
WLAN security
WLAN security profile management	Manages authentication and encryption modes using WLAN security profiles. Binds security profiles to ESS profiles.
Authentication modes	Open system authentication with no encryption WEP authentication/encryption WPA/WPA2 authentication and encryption: WPA/WPA2-PSK+TKIP WPA/WPA2-PSK+CCMP WPA/WPA2-802.1X+TKIP WPA/WPA2-802.1X+CCMP WPA/WPA2-802.1X+ CCMP WPA/WPA2-PSK+TKIP-CCMP WPA/WPA2-802.1X+TKIP-CCMP WPA/WPA2-PPSK authentication and encryption WAPI authentication and encryption: Supports centralized WAPI authentication. Supports three-certificate WAPI authentication, which is compatible with traditional two-certificate authentication. Issues a certificate file together with a private key. Allows users to use MAC addresses as accounts for authentication by the RADIUS server. Portal authentication: Authentication through an external Portal server Built-in Portal authentication and authentication page customization 802.1X authentication: Authentication through an external 802.1X server. Built-in 802.1X authentication.
Combined authentication	Combined MAC authentication: PSK+MAC authentication MAC+Portal authentication: MAC address-prioritized Portal authentication
AAA	Local authentication/local accounts (MAC addresses and accounts) RADIUS authentication Multiple authentication servers: Supports backup authentication servers. Specifies authentication servers based on the account. Configures authentication servers based on the account. Binds user accounts to SSIDs
Security isolation	Port-based isolation User group-based isolation
WIDS	Rogue device scan, identification, defense, and containment, which includes dynamic blacklist configuration and detection of rogue APs, STAs, and network attacks.
Authority control	ACL limit based on the following: Port User group User
Other security features	SSID hiding IP source guard: Configures IP and MAC binding entries statically. Generates IP and MAC binding entries dynamically.
WLAN QoS
WMM profile management	Enables or disables Wi-Fi Multimedia (WMM). Allows a WMM profile to be applied to radios of multiple APs.
Traffic profile management	Manages traffic from APs and maps packet priorities according to traffic profiles. Applies a QoS policy to each ESS by binding a traffic profile to each ESS.
AC traffic control	Manages QoS profiles. Uses ACLs to perform traffic classification. Limits incoming and outgoing traffic rates for each user based on inbound and outbound CAR parameters. Limits the traffic rate based on ESSs or VAPs.
AP traffic control	Controls traffic of multiple users and allows users to share bandwidth. Limits the rate of a specified VAP.
Packet priority configuration	Sets the QoS priority (IP precedence or DSCP priority) for CAPWAP control channels. Sets the QoS priority for CAPWAP data channels: Allows you to specify the CAPWAP header priority. Maps 802.1p priorities of user packets to ToS priorities of tunnel packets
Airtime fair scheduling	Allocates equal time to users for occupying the channel, which improves users' Internet access experience.