H3C WX3800H Series Access Controller

HomeProducts & TechnologyEnterprise ProductsWirelessH3C WX3800H Series Access Controller
WX3820H
WX3840H

The H3C WX3800H series wireless access controller is the latest generation of unified wired and wireless access controller featuring high performance, large capacity, high reliability and versatile business services and is targeted at enterprise networks. The WX3800H series AC equips with a high performance multi-core CPU and it adopts the innovative Comware V7 platform (referred to as V7 hereafter). V7 comes with the standard granular user control management, comprehensive RF resource management, 7x24 wireless security control, fast layer-2 and layer-3 roaming, strong QoS and IPv4/IPv6 dual stack. V7 adds in various novel wireless technologies such as multi-core control plane, next generation CUPID wireless positioning technology, Bonjour and Hotspot 2.0. It also supports multiple network configurations such as cloud computing management, hierarchical AC and IRF.

H3C WX3800H series AC consists of two models: WX3820H and WX3840H. When paired with H3C Fit Access Point (AP), it serves as an ideal access control solution for WLAN access of medium to large enterprise campus networks and wireless MAN coverage.

*Warranty Information:H3Care CT Foundation Basic 9X5 NBD-Ship Service(1Y)

  • Warranty Information

    H3Care CT Foundation Basic 9X5 NBD-Ship Service(1Y)

  • 802.11ax AP Management

    In addition to 802.11a/b/g/n/ac AP management, the WX3800H series AC can work together with H3C 802.11ax based APs to provide wireless access speed several times faster than a traditional 802.11a/b/g/n/ac network. With 802.11ax large proximity which makes WLAN multimedia applications deployment a reality.

    Brand New Operating System

    WX3800H series AC is developed based on the latest H3C V7 platform. The new system sports significantly improvements in performance and reliability over the previous version, and is able to run the increasingly complicated network applications in the enterprise market. V7 features the following advantages:

    Multi-core control: V7 can adjust the ratio of control cores to the forwarding cores in the CPU to make the most out of CPU computing power and strike the balance between control tasks and forwarding tasks, while providing strong concurrent computing power

    User mode multi-tasking: V7 adopts a completely new software privilege level system, where most network applications are executed in user mode, and allow each application runs a different task. Each task has its own dedicated resource and when a task fault occurs which will be isolated at its own space avoiding interruption of other tasks. This makes system run more securely and reliably

    User task monitoring: V7 comes with task monitoring feature, in which all tasks are monitored. When a user task goes wrong, system will reload and application will quickly recover

    New independent application upgrade: V7 supports independent application upgrade, where a single application module is upgraded instead of the whole operating system. This greatly reduces the number of system reboots compared with the previous version, keeping the upgrade secure and sustaining the network stability

    Wired and Wireless Processing Capability

    WX3800H series AC adopts the latest high performance multi-core CPU. WX3840H AC CPU possesses 8 independent cores that can be virtualized to 32 logical cores, WX3820H series ACs have 4 independent cores that can be virtualized to 16 logical cores. The strong computing power allows the devices to handle more users, more concurrent transactions, decrease latency in order to improve user experience.

    High Port Density for Access

    WX3800H series AC provides high port density for external access. This results in better unified wired and wireless access (integrated wired and wireless user management including user access, user authentication and billing management) and satisfy network construction and access requirements.

    WX3820H provides 8 GE Combo and 2 10G SFP+ ports;

    WX3840H provides 8 GE Combo, 2 10G SFP+ ports and 1 management port. The management provides out-of-band management capability

    IRF Hot-standby

    WX3800H series AC supports IRF (Intelligent Resilient Framework) developed by H3C. The rationale behind the IRF model is virtualized as a single distributed device, which possesses the following advantages:

    Simple network configuration: IRF does not require dedicated stack cables and ports, the stack is created once they are connected in layer 2

    Capability stacks: IRF group appears to be a single virtualized AC, with the number of users and APs managed equal to individual AC’s capacity

    Simple configuration: configuration changes made to the virtual AC will automatically synchronized to other physical AC

    Highly reliable backup: supports 1+1 hot backup, meaning all applications have backups, and a single AC failure will not affect the functioning of virtual AC. WX3800H series AC supports a maximum of two-device stack

    Flexible license control: A license installed in one device of IRF can be shared by other devices, number of APs that can be connected to the virtual AC is the sum of licenses possessed by all physical ACs; although licenses are installed and tied to individual device, unload and migration becomes more convenient

    Hierarchical AC Architecture

    Hierarchical AC architecture is the brand new network configuration engineered by H3C to cater for the need of multi-layer network construction in the market. Hierarchical AC employs the centralized management hierarchy similar to the large enterprise, where one core layer management AC associates with multiple local access layer ACs, and access layer ACs directly connects with underlying APs. Access layer ACs’ mainly serve real-time applications such as AP access and data forwarding, while core layer ACs’ mainly focus on non-realtime tasks such as management control and centralized authentication, and still retain the functions of connecting APs and forwarding data that typical ACs have. Core layer ACs are high performance ACs and are deployed in the convergence layer; access layer ACs can be comprised of standard ACs, all-in-one ACs (with router and DPI features), or wired and wireless ACs, and are deployed in parallel with existing network. Hierarchical AC network construction model puts wired and wireless integration to the next level, and is applicable to large-scale wireless network construction. Hierarchical AC model maps naturally to the head quarter and branch deployment scenario, where core link bandwidth and core AC forwarding power no longer become a bottleneck. Core layer AC centralized control, access layer AC and lower level APs can be conveniently upgraded and synchronized automatically, and greatly simplifies version upgrade tasks. Access layer AC will be responsible for AP switching and significantly improves roaming performance

    CUPID Wireless Positioning

    H3C CUPID is a highly precise wireless positioning technology based on WLAN environment. It has the following advantages and features:

    Highly precise

    Traditional triangular and fingerprint positioning is based on Received Signal Strength Indicator (RSSI) power, and its precision is inevitably affected by RSSI power level fluctuation. Indoor decorations and the random nature of customer traffic will cause perturbation in RSSI data. H3C CUPID based positioning technology integrates information from Atheros chips and WLAN to make indoor positioning more precise, and overcome the limitation of RSSI based positioning systems. The positioning error could be as little as 3-5 meters under good conditions

    Low latency

    CUPID has lower latency compared with traditional signal based positioning technology. As it is based on active information compiled from the Access Point, its delay can be limited to within 2 seconds, and significantly improve the efficiency in signal and data collection

    No pre-sampling

    Traditional fingerprint based positioning requires substantial time and resource in sampling, and re-sampling is needed whenever changes are made to the deployment configuration, such as AP antenna or position. This creates considerable impact to the positioning system performance. CUPID positioning can skip the sampling process and the AP can start positioning right away with existing deployment configurations. CUPID also supports cross-channel deployment. Each channel could be deployed in up to six spectra, this would suppress interfaces in the same spectrum and improve positioning precision

    Flexible Forwarding Modes

    In a wireless network of centralized forwarding mode, all wireless traffic is sent to an AC for processing which the forwarding capability of the AC may become a bottleneck. Especially on wireless networks where APs are deployed at branches, ACs are deployed at the headquarters, and APs and ACs are connected over a WAN. In this scenario, Distributed forwarding is more suitable. The WX3800H series AC supports both distributed forwarding modes and centralized forwarding mode and it can set SSID based forwarding as needed.

    Carrier-Class Wireless User Access Control and Management

    User-based access control is a key feature of WX3800H series AC. The WX3800H series AC comes with a user profile that serves as a configuration template to save predefined configurations. For different application scenarios, you can configure different items in a user profile, such as Committed Access Rate (CAR) and QoS policies

    During authentication, an authentication server assigns a user profile to the device. If the user passes authentication, the device uses the configuration contents in the user profile to restrict the accessibility of resources of the user. When the user goes offline, the device disables the user profile. Thus, user profiles are applicable to online users rather than offline users and users that fail to pass authentication

    The WX3800H series AC also supports MAC-based access control, which allows you to configure and modify the access rights of a user group or a particular user on an AAA server. The refined user rights control method enhances the availability of WLANs and facilitates access right assignment

    MAC-based VLAN is another strong feature of the WX3800H series AC. The administrator can assign users (or MAC addresses) with the same attributes into the same VLAN and configure a VLAN-based security policy on the AC. This simplifies system configuration and refines user management to the per-user granularity

    For security or accounting, the administrator may need to control the physical positions of wireless clients. The WX3800H series can satisfy this requirement. During authentication, the AC gets a list of permitted APs from the authentication server and then selects an AP for the requesting wireless client. In this way, the wireless client can only associate with that AP and thus its position is controlled

    Smart Roaming Features

    Supports intra-AC roaming, cross-AC roaming, and cross-VLAN Layer 3 roaming

    Portal roaming information synchronization function: AC and AP support Portal users' non-perceived roaming between ACs on a large-scale network, without the Portal mac-trigger server. The wireless controller can independently assume the mac-trigger server function. This reduces the pressure on the portal server and prevents the portal server from becoming a performance bottleneck. When the Portal server is done, the online terminal can still roam without authentication between no less than 10 wireless controllers.

    802.1X roaming information synchronization function: AC and AP support 802.1X users for fast roaming between ACs on a large-scale network. Support dot1x authentication for fast roaming between ACs. Terminals do not need to do authentication again after roaming to a new AC. Alleviate server pressure and ensure fast access of terminals, and support fast roaming between more than 10 ACs.

    Support 802.11k/v/r fast roaming protocols

    Intelligent Channel Switching

    In a WLAN, adjacent wireless APs should work in different channels to avoid channel interference. However, channels are very rare resources for a WLAN. There are a small number of non-overlapping channels for APs. For example, there are only three non-overlapping channels for the 2.4GHz network. Therefore, the key to wireless applications is how to allocate channels for APs intelligently

    Meanwhile, there are many possible interference sources that can affect the normal operation of APs in a WLAN, such as rogue APs, radars and microwave ovens. The intelligent channel switching technique can ensure the allocation of an optimal channel to each AP, thereby minimizing adjacent channel interference. Besides, the real-time interference detection function can help keep APs away from interference sources such as radars and microwave ovens

    Intelligent AP Load Sharing

    According to IEEE 802.11, wireless clients control wireless roaming in WLANs. Usually, a wireless client chooses an AP based on the Received Signal Strength Indication (RSSI). Therefore, many clients may choose the same AP with a high RSSI. As these clients share the same wireless medium, the throughput of each client is reduced greatly.

    The intelligent AP load sharing function can analyze the locations of wireless clients in real time, dynamically determine which APs at the current location can share load with one another, and implement load sharing among these APs. In addition to load sharing based on the number of online sessions, the system also supports load sharing based on the traffic of online wireless users

    l Support SSID automatic hiding function based on radio resource utilization. When the radio resource reaches or exceeds the configured threshold, the SSID automatically hides to provide users with stable and reliable wireless services.

    Layer 4-7 Deep packet inspection

    The WX3800H series AC can identify variety of applications and policy control can be implemented including priority adjustment, scheduling, blocking, and rate limiting to ensure efficient bandwidth resource and improve the network quality.

    Layer 7 Wireless Intrusion Detection and Prevention Systems (WIDS / WIPS)

    The WX3800H series AC supports the blacklist, whitelist, rogue device defense, bad packet detection, illegal user removal, upgradeable Signature MAC layer attack detection (DoS attack, Flood attack or man-in-the-middle attack) and counter measures

    With the built-in knowledge base in WX3800H, you can perform timely and accurate wireless security decisions. For determined attack sources such as rogue AP or terminals, you can perform visible physical location monitoring and switch physical port removing

    With H3C firewall/IPS device, network infrastructure can also implement layer 7 security defense in wireless campus, covering wired (802.11) and wireless (802.3) secure connections on an end-to-end basis

    New Wireless Intelligent Application Aware (WIAA)

    Wireless Intelligent Application Aware Feature (WIAA) provides a user role based application layer security, QoS and forwarding policy for wired and wireless users. With WIAA, administrator can specify websites users’ browsing, application protocols (i.e. HTTP, FTP) they use and bandwidth they are allocated. H3C V7 AC comes with Deep Packet Inspection (DPI) capability, expanding application detection and detailed statistics. The detection of previous generation AC is based on layer 4 Ethernet protocol (e.g. 80 maps to HTTP, 20/21 maps to FTP, etc.), which can be easily circumvented by agents, while the new V7 AC is based on layer 7 characteristics of Ethernet protocols, as well as the typical packet signature to implement a more precise recognition and complete restriction. With DPI, administrator can instead of prohibiting user visit all e-commerce websites but to set restriction on a per-website basis. This simplifies configuration and improves productivity.

    Hardware specifications

    Item

    WX3820H

    WX3840H

    Dimensions (WxDxH)

    440mm×420mm×43.6mm

    Weight

    7.3kg (installed with dual power supplies)

    Throughput

    8Gbps

    16Gbps

    Port

    8 GE+SFP combo

    2 SFP+

    1 console

    8 GE+SFP combo

    2 SFP+

    1 console

    1 OBM

    Power supplies

    1 AC power supply included, swappable power supply, 1+1 redundant backup (separately ordered)

    Max power consumption

    <300W

    Operating and storage

    temperature

    0℃~45℃/-40℃~70℃

    Operating and storage relative humidity

    5%~95%

    Safety Compliance

    UL 60950-1

    CAN/CSA C22.2 No 60950-1

    IEC 60950-1

    EN 60950-1/A11

    AS/NZS 60950

    EN 60825-1

    EN 60825-2

    EN60601-1-2

    FDA 21 CFR Subchapter J

    EMC

    ETSI EN 300 386 V1.3.3:2005

    EN 55024: 1998+ A1: 2001 + A2: 2003

    EN 55022 :2006

    VCCI V-3:2007

    ICES-003:2004

    EN 61000-3-2:2000+A1:2001+A2:2005

    EN 61000-3-3:1995+A1:2001+A2:2005

    AS/NZS CISPR 22:2004

    FCC PART 15:2005

    GB 9254:1998

    GB/T 17618:1998

    MTBF

    ≥38 years

    Software specifications

    Item

    Feature

    WX3820H

    WX3840H

    Basic functions

    Number of managed APs by default

    0

    0

    Size of license

    1/4/8/16/32/64/128/512/1024

    Maximum number of managed APs

    512(Recommend local forwarding)

    256(Recommend centralized forwarding)

    1024

    Maximum number of STA

    8192

    20480

    802.11MAC

    802.11 Protocols

    Multi-SSID (Per RF)

    16

    SSID hiding

    11G protection

    11n only

    Use number limit

    Supported: SSID based, per RF based

    Keep-alive

    Idle

    Multi-country code assignment

    Wireless user isolation

    Supported:

    VLAN based wireless users 2-layer isolation

    SSID based wireless user 2-layer isolation

    20MHz/40MHz auto-switch in 40MHz mode

    Local forwarding

    Local forwarding based on SSID+VLAN

    CAPWAP

    Auto AP serial number entry

    AC discovery (DHCP option43, DNS)

    IPv6 tunnel

    Clock synchronization

    Jumbo frame forwarding

    Assign basic AP network parameter through AC

    Supported: Static IP, VLAN, connected AC address

    L2/L3 connection between AP and AC

    NAT traversal between AP and AC

    Roaming

    Intra-AC, Inter-AP L2 and L3 roaming

    Inter-AC, Inter-AP L2 and L3 roaming

    GW features

    NAT

    PPPoE

    DDNS

    IPSEC VPN

    SSL VPN

    GRE

    Access control

    Open system, Shared-Key

    WEP-64/128, dynamic WEP

    WPA,WPA2,WPA3

    TKIP

    CCMP

    √(11n recommended)

    SSH v1.5/v2.0

    Wireless EAD (End-point Access Domination)

    Portal authentication

    Supported: Remote Authentication, external server

    Portal page redirection

    Supported: SSID based, AP Portal page push

    Portal by-pass Proxy

    802.1x authentication

    EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-MD5, EAP-SIM, LEAP, EAP-FAST, EAP offload (TLS, PEAP only)

    Local authentication

    802.1X, Portal, MAC authentication

    LDAP authentication

    802.1X and Portal

    EAP-GTC and EAP-TLS supported by 802.1X login

    AP location-based user access control

    Guest Access control

    VIP channel

    ARP attack detection

    Supported: Wireless SAVI

    SSID anti-spoofing

    SSID + user name binding

    AAA server selection based on SSID and domain

    AAA server back up

    Local AAA server for wireless user

    TACACS+

    QoS

    Priority mapping

    L2-L4 packet filtering and traffic classification

    Rate limit

    Supported with granularity of 8Kbps

    802.11e/WMM

    Access control based on user profile

    Intelligent bandwidth limit (equal bandwidth share algorithm)

    Intelligent bandwidth limit (user specific)

    Intelligent bandwidth guarantee

    Supported: Free flow for packets coming from every SSID When traffic is not congested, and guarantee a minimum bandwidth for each SSID when traffic is congested

    QoS Optimization for SVP phone

    CAC(Call Admission Control)

    Supported: based on user number/bandwidth

    End-to-end QoS

    AP upload speed limit

    RF management

    Country code lock

    Static channel and power configuration

    Auto channel and power configuration

    Auto transmission rate adjustment

    Coverage hole detection and correction

    Load balancing

    Supported: based on traffic, user & frequency (dual-frequency supported)

    Intelligent load balancing

    AP load balancing group

    Supported: auto-discovery and flexible setting

    Security

    Static blacklist

    Dynamic blacklist

    White list

    Rogue AP detection

    Supported: SSID based, BSSID, device OUI and more

    Rouge AP countermeasure

    Flooding attack detection

    Spoof attack detection

    Weak IV attack detection

    WIPS

    Supported: 7-layer mobile security

    Layer 2 protocol

    ARP (gratuitous ARP)

    802.1p

    802.1q

    802.1x

    IP protocol

    IPv4 protocol

    Native IPv6

    IPv6 SAVI

    IPv6 Portal

    DHCP Server (IPv4, IPv6)

    Multicast

    MLD Snooping

    IGMP Snooping

    Multicast group

    256

    Multicast to Unicast (IPv4, IPv6)

    Supported: Set unicast limit based on operating environment

    Redundancy

    1+1 failover between ACs

    Intelligent AP sharing among ACs

    Remote AP

    Management and deployment

    Network management

    WEB, SNMP v1/v2/v3, RMON and more

    Network deployment

    WEB, CLI, Telnet, FTP and more

    WiFi location

    CUPID location

    Green features

    Scheduled shutdown of AP RF interface

    Scheduled shutdown of wireless service

    Per-packet power adjust­ment (PPC)

    WLAN

    application

    RF Ping

    Remote probe analysis

    RealTime Spectrum Guard (RTSG)

    Wireless Intelligent Application Aware (WIAA)

    Supported/ Stateful Inspection Firewall

    Packet forwarding fairness adjustment

    802.11n packet forwarding suppression

    Access based traffic shaping

    Co-AP channel sharing

    Co-AP channel reuse

    RF interface transmission rate adjustment algorithm

    Drop wireless packet with weak signal

    Disable user access with weak signal

    Disable multicast packet caching

    Status blink(limited to some AP)

    New added features

    Policy forwarding

    VLAN pool

    Bonjour gateway

    802.11w

    802.11k

    Hotspot2.0 (802.11u)

    NAT

    VPN

    Product ID

    Product Description

    EWP-WX3820H-GL

    H3C WX3820H Access Controller

    EWP-WX3840H-GL

    H3C WX3840H Access Controller

    PSR150-A1-GL

    150W AC Power Module

    LIS-WX-1-BE

    Enhanced Access Controller License, 1 AP, for V7

    LIS-WX-4-BE

    Enhanced Access Controller License,4 APs, for V7

    LIS-WX-8-BE

    Enhanced Access Controller License,8 APs, for V7

    LIS-WX-16-BE

    Enhanced Access Controller License,16 APs, for V7

    LIS-WX-32-BE

    Enhanced Access Controller License,32 APs, for V7

    LIS-WX-64-BE

    Enhanced Access Controller License,64 APs, for V7

    LIS-WX-128-BE

    Enhanced Access Controller License,128 APs, for V7

    LIS-WX-512-BE

    Enhanced Access Controller License,512 APs, for V7

    LIS-WX-1024-BE

    Enhanced Access Controller License,1024 APs, for V7

    SFP-XG-LX-SM1310-E

    SFP+ Module(1310nm,10km,LC)

    SFP-XG-SX-MM850-E

    SFP+ Module(850nm,300m,LC)

    SFP-GE-SX-MM850-A

    1000BASE-SX SFP Transceiver, Multi-Mode (850nm, 550m, LC)

    SFP-GE-LX-SM1310-A

    1000BASE-LX SFP Transceiver, Single Mode (1310nm, 10km, LC)

    SFP-FE-SX-MM1310-A

    100BASE-FX SFP Transceiver, Multi-Mode (1310nm, 2km, LC)

    SFP-FE-LX-SM1310-A

    100BASE-LX SFP Transceiver, Single Mode (1310nm, 15km, LC)

    Are you an H3C partner? Log in to see additional resources.
    You can find excellent H3C partners, or you can become one of them to build a
    partnership with H3C and share success together.
    Contact Sales