H3C WX2800X New Generation Access

HomeProducts & TechnologyEnterprise ProductsWirelessH3C WX2800X New Generation Access

The H3C WX2800X wireless Access Controller (AC) features gateway and AC function integration, reducing the number of devices and TCO in network. It adopts the innovative Comware V7 platform (referred to as V7 hereafter). V7 comes with the standard granular user control management, comprehensive RF resource management, 7x24 wireless security control, fast layer-2 and layer-3 roaming, strong QoS and IPv4/IPv6 dual stack. V7 adds in various novel wireless technologies such as multi-core control plane, Bonjour and Hotspot 2.0. It also supports multiple network configurations such as cloud management and hierarchical AC.

H3C WX2800X series AC consists of 2 models: WX2860X, WX2880X. When paired with H3C Fit Access Point (AP), it serves as an ideal access control solution for WLAN access of small or medium network such as Branch, retail, small campus.

All-in-one Gateway

The WX2800X series AC (WX2860X & WX2880X) integrates gateway and AC function in one box, which is perfect for SOHO, SMB and SME environment. WX2800X series AC supports full enterprise controller feature sets, in addition, WX2800X series AC supports gateway function, such as PPPOE, NAT, dynamic IP address, and static IP address setting function. It also support Bonjour Gateway, which helps enterprise to easily manage and control Apple devices, such as AirPrint printers, Apple TVs, iPad and more.

802.11ax AP Management

In addition to 802.11a/b/g/ac/ac wave2 AP management, the WX2800X series AC can work together with H3C 802.11ax based APs to provide wireless access speed several times faster than a traditional 802.11a/b/g/ac/ac wave2 network. With 802.11ax large proximity which makes WLAN multimedia applications deployment a reality.

Brand New Operating System

WX2800X series AC is developed based on the latest H3C V7 platform. The new system sports significantly improvements in performance and reliability over the previous version, and is able to run the increasingly complicated network applications in the enterprise market. V7 features the following advantages:

Multi-core control: V7 can adjust the ratio of control cores to the forwarding cores in the CPU to make the most out of CPU computing power and strike the balance between control tasks and forwarding tasks, while providing strong concurrent computing power

User mode multi-tasking: V7 adopts a completely new software privilege level system, where most network applications are executed in user mode, and allow each application runs a different task. Each task has its own dedicated resource and when a task fault occurs which will be isolated at its own space avoiding interruption of other tasks. This makes system run more securely and reliably

User task monitoring: V7 comes with task monitoring feature, in which all tasks are monitored. When a user task goes wrong, system will reload and application will quickly recover

New independent application upgrade: V7 supports independent application upgrade, where a single application module is upgraded instead of the whole operating system. This greatly reduces the number of system reboots compared with the previous version, keeping the upgrade secure and sustaining the network stability

Flexible Forwarding Modes

In a wireless network of centralized forwarding mode, all wireless traffic is sent to an AC for processing which the forwarding capability of the AC may become a bottleneck. Especially on wireless networks where APs are deployed at branches, ACs are deployed at the headquarters, and APs and ACs are connected over a WAN. In this scenario, Distributed forwarding is more suitable. The WX2800X series AC supports both distributed forwarding modes and centralized forwarding mode and it can set SSID based forwarding as needed.

Carrier-Class Wireless User Access Control and Management

User-based access control is a key feature of WX2800X series AC. The WX2800X series AC comes with a user profile that serves as a configuration template to save predefined configurations. For different application scenarios, you can configure different items in a user profile, such as Committed Access Rate (CAR) and QoS policies

During authentication, an authentication server assigns a user profile to the device. If the user passes authentication, the device uses the configuration contents in the user profile to restrict the accessibility of resources of the user. When the user goes offline, the device disables the user profile. Thus, user profiles are applicable to online users rather than offline users and users that fail to pass authentication

The WX2800X series AC also supports MAC-based access control, which allows you to configure and modify the access rights of a user group or a particular user on an AAA server. The refined user rights control method enhances the availability of WLANs and facilitates access right assignment

MAC-based VLAN is another strong feature of the WX2800X series AC. The administrator can assign users (or MAC addresses) with the same attributes into the same VLAN and configure a VLAN-based security policy on the AC. This simplifies system configuration and refines user management to the per-user granularity

For security or accounting, the administrator may need to control the physical positions of wireless clients. The WX2800X series can satisfy this requirement. During authentication, the AC gets a list of permitted APs from the authentication server and then selects an AP for the requesting wireless client. In this way, the wireless client can only associate with that AP and thus its position is controlled

Smart Roaming Features

Supports intra-AC roaming, cross-AC roaming, and cross-VLAN Layer 3 roaming

Portal roaming information synchronization function: AC and AP support Portal users' non-perceived roaming between ACs on a large-scale network, without the Portal mac-trigger server. The wireless controller can independently assume the mac-trigger server function. This reduces the pressure on the portal server and prevents the portal server from becoming a performance bottleneck. When the Portal server is done, the online terminal can still roam without authentication between no less than 10 wireless controllers.

802.1X roaming information synchronization function: AC and AP support 802.1X users for fast roaming between ACs on a large-scale network. Support dot1x authentication for fast roaming between ACs. Terminals do not need to do authentication again after roaming to a new AC. Alleviate server pressure and ensure fast access of terminals, and support fast roaming between more than 10 ACs.

Support 802.11k/v/r fast roaming protocols

Hierarchical AC Architecture

Hierarchical AC architecture is the brand new network configuration engineered by H3C to cater for the need of multi-layer network construction in the market. Hierarchical AC employs the centralized management hierarchy similar to the large enterprise, where one core layer management AC associates with multiple local access layer ACs, and access layer ACs directly connects with underlying APs. Access layer ACs’ mainly serve real-time applications such as AP access and data forwarding, while core layer ACs’ mainly focus on non-realtime tasks such as management control and centralized authentication, and still retain the functions of connecting APs and forwarding data that typical ACs have. Core layer ACs are high performance ACs and are deployed in the convergence layer; access layer ACs can be comprised of standard ACs, all-in-one ACs (with router and DPI features), or wired and wireless ACs, and are deployed in parallel with existing network. Hierarchical AC network construction model puts wired and wireless integration to the next level, and is applicable to large scale wireless network construction. Hierarchical AC model maps naturally to the head quarter and branch deployment scenario, where core link bandwidth and core AC forwarding power no longer become a bottleneck. Core layer AC centralized control, access layer AC and lower level APs can be conveniently upgraded and synchronized automatically, and greatly simplifies version upgrade tasks. Access layer AC will be responsible for AP switching and significantly improves roaming performance.

Intelligent Channel Switching

In a WLAN, adjacent wireless APs should work in different channels to avoid channel interference. However, channels are very rare resources for a WLAN. There are a small number of non-overlapping channels for APs. For example, there are only three non-overlapping channels for the 2.4GHz network. Therefore, the key to wireless applications is how to allocate channels for APs intelligently

Meanwhile, there are many possible interference sources that can affect the normal operation of APs in a WLAN, such as rogue APs, radars and microwave ovens. The intelligent channel switching technique can ensure the allocation of an optimal channel to each AP, thereby minimizing adjacent channel interference. Besides, the real-time interference detection function can help keep APs away from interference sources such as radars and microwave ovens

Intelligent AP Load Sharing

According to IEEE 802.11, wireless clients control wireless roaming in WLANs. Usually, a wireless client chooses an AP based on the Received Signal Strength Indication (RSSI). Therefore, many clients may choose the same AP with a high RSSI. As these clients share the same wireless medium, the throughput of each client is reduced greatly.

The intelligent AP load sharing function can analyze the locations of wireless clients in real time, dynamically determine which APs at the current location can share load with one another, and implement load sharing among these APs. In addition to load sharing based on the number of online sessions, the system also supports load sharing based on the traffic of online wireless users

Support SSID automatic hiding function based on radio resource utilization. When the radio resource reaches or exceeds the configured threshold, the SSID automatically hides to provide users with stable and reliable wireless services.

Layer 4-7 Deep packet inspection

The WX2800X series AC can identify variety of applications and policy control can be implemented including priority adjustment, scheduling, blocking, and rate limiting to ensure efficient bandwidth resource and improve the network quality.

Layer 7 Wireless Intrusion Detection and Prevention Systems (WIDS / WIPS)

The WX2800X series AC supports the blacklist, whitelist, rogue device defense, bad packet detection, illegal user removal, upgradeable Signature MAC layer attack detection (DoS attack, Flood attack or man-in-the-middle attack) and counter measures

With the built-in knowledge base in WX2800X, you can perform timely and accurate wireless security decisions. For determined attack sources such as rogue AP or terminals, you can perform visible physical location monitoring and switch physical port removing

With H3C firewall/IPS device, network infrastructure can also implement layer 7 security defense in wireless campus, covering wired (802.11) and wireless (802.3) secure connections on an end-to-end basis

Real Time Spectrum Guard

Real Time Spectrum Guard (RTSG) is the innovative H3C professional state-monitoring program for the wireless spectrum. All AC models support the internal RF data acquisition module of Sensor AP to achieve deeply integrated monitoring and real time spectrum protection.

It can achieve 24x7 wireless signal quality monitoring, trend assessment and unauthorized interference alert. Through active probe and 2.4GHz/5GHz RF interference source (WiFi or non-WiFi) in every band, it provides a graphic representation of real-time FFT plot of the spectral density plot, spectrum diagram, the duty cycle map, event spectrum diagram, channel gain and interference gain. It can also automatically identify the source of interference, determine the location of rogue wireless equipment and ensure that the wireless network is always in great shape.

Hardware Specifications




Dimensions (WxDxH)

440 mm *250 mm *43.6 mm



Wireless throughput



WAN 2*2.5GE & LAN 8*GE & LAN 2*SFP+ & 1*USB + 1*Console

Power supplies

Built in single power supply

Built in dual power supply

Operating and storage



Operating and storage relative humidity


Safety Compliance

UL 60950-1

CAN/CSA C22.2 No 60950-1

IEC 60950-1

EN 60950-1/A11

AS/NZS 60950

EN 60825-1

EN 60825-2


FDA 21 CFR Subchapter J


ETSI EN 300 386 V1.3.3:2005

EN 55024: 1998+ A1: 2001 + A2: 2003

EN 55022 :2006

VCCI V-3:2007


EN 61000-3-2:2000+A1:2001+A2:2005

EN 61000-3-3:1995+A1:2001+A2:2005

AS/NZS CISPR 22:2004

FCC PART 15:2005

GB 9254:1998

GB/T 17618:1998


≥145 years

Software specifications





Basic functions

Number of managed APs by default


Size of license


Maximum number of managed APs



Maximum number of configured APs



Maximum users of authentication



ARP table



ND table




802.11 Protocols

Maximum SSID number of the whole machine


SSID hiding

11G protection

11n only

Use number limit

Supported: SSID based, per RF based



Multi-country code assignment

Wireless user isolation


VLAN based wireless users 2-layer isolation

SSID based wireless user 2-layer isolation

20MHz/40MHz auto-switch in 40MHz mode

Local forwarding

Local forwarding based on SSID+VLAN


Auto AP serial number entry

AC discovery (DHCP option43, DNS)

IPv6 tunnel

Clock synchronization

Jumbo frame forwarding

Assign basic AP network parameter through AC

Supported: Static IP, VLAN, connected AC address

L2/L3 connection between AP and AC

NAT traversal between AP and AC


Intra-AC, Inter-AP L2 and L3 roaming

Inter-AC, Inter-AP L2 and L3 roaming

GW Features








Access control

Open system, Shared-Key

WEP-64/128, dynamic WEP




SSH v1.5/v2.0

Wireless EAD (End-point Access Domination)

Portal authentication

Supported: Remote Authentication, external server

Portal page redirection

Supported: SSID based, AP Portal page push

Portal by-pass Proxy

802.1x authentication


Local authentication

802.1X, Portal, MAC authentication

LDAP authentication

802.1X and Portal

EAP-GTC and EAP-TLS supported by 802.1X login

AP location-based user access control

Guest Access control

VIP channel

ARP attack detection

Supported: Wireless SAVI

SSID anti-spoofing

SSID + user name binding

AAA server selection based on SSID and domain

AAA server back up

Local AAA server for wireless user



Priority mapping

L2-L4 packet filtering and traffic classification

Rate limit

Supported with granularity of 8Kbps


Access control based on user profile

Intelligent bandwidth limit (equal bandwidth share algorithm)

Intelligent bandwidth limit (user specific)

Intelligent bandwidth guarantee

Supported: Free flow for packets coming from every SSID When traffic is not congested, and guarantee a minimum bandwidth for each SSID when traffic is congested

QoS Optimization for SVP phone

CAC(Call Admission Control)

Supported: based on user number/bandwidth

End-to-end QoS

AP upload speed limit

RF management

Country code lock

Static channel and power configuration

Auto channel and power configuration

Auto transmission rate adjustment

Coverage hole detection and correction

Load balancing

Supported: based on traffic, user & frequency (dual-frequency supported)

Intelligent load balancing

AP load balancing group

Supported: auto-discovery and flexible setting


Static blacklist

Dynamic blacklist

White list

Rogue AP detection

Supported: SSID based, BSSID, device OUI and more

Rouge AP countermeasure

Flooding attack detection

Spoof attack detection

Weak IV attack detection


Supported: 7-layer mobile security

Layer 2 protocol

ARP (gratuitous ARP)



√ (Maximum VLANs: 4094)


IP protocol

IPv4 protocol

Native IPv6


IPv6 Portal


MLD Snooping

IGMP Snooping

Multicast group


Multicast to Unicast (IPv4, IPv6)

Supported: Set unicast limit based on operating environment


1+1 failover between ACs

Intelligent AP sharing among ACs

Remote AP

Management and deployment

Network management

WEB, SNMP v1/v2/v3, RMON and more

Network deployment

WEB, CLI, Telnet, FTP and more

WiFi location

CUPID location

Green features

Scheduled shutdown of AP RF interface

Scheduled shutdown of wireless service

Per-packet power adjust­ment (PPC)



RF Ping

Remote probe analysis

RealTime Spectrum Guard (RTSG)

Wireless Intelligent Application Aware (wIAA)

Supported/ Stateful Inspection Firewall

Packet forwarding fairness adjustment

802.11n packet forwarding suppression

Access based traffic shaping

Co-AP channel sharing

Co-AP channel reuse

RF interface transmission rate adjustment algorithm

Drop wireless packet with weak signal

Disable user access with weak signal

Disable multicast packet caching

Status blink(limited to some AP)

New added features

Policy forwarding

VLAN pool

Bonjour gateway



Hotspot2.0 (802.11u)



Product ID

Product Description


H3C WX2860X Access Controller with 10*1000BASE-T Ports and 2*SFP Plus Ports


H3C WX2880X Access Controller with 10*1000BASE-T Ports and 2*SFP Plus Ports


Enhanced Access Controller License, 1 AP, for V7


Enhanced Access Controller License,4 APs, for V7


Enhanced Access Controller License,8 APs, for V7


Enhanced Access Controller License,16 APs, for V7


Enhanced Access Controller License,32 APs, for V7


Enhanced Access Controller License,64 APs, for V7


Enhanced Access Controller License,128 APs, for V7


1000BASE-SX SFP Transceiver, Multi-Mode (850nm, 550m, LC)


1000BASE-LX SFP Transceiver, Single Mode (1310nm, 10km, LC)

Are you an H3C partner? Log in to see additional resources.
You can find excellent H3C partners, or you can become one of them to build a
partnership with H3C and share success together.
Contact Sales