H3C WX3800X New Generation Access Controller

802.11be AP Management

In addition to 802.11a/b/g/n/ac/ax AP management, the WX3800X series AC can work together with H3C 802.11be based APs to provide wireless access speed several times faster than a traditional 802.11a/b/g/n/ac/ax network. With 802.11be large proximity which makes WLAN multimedia applications deployment a reality.

Brand New Operating System

WX3800X series AC is developed based on the latest H3C V9 platform. The new system sports significantly improvements in performance and reliability over the previous version, and is able to run the increasingly complicated network applications in the enterprise market. V9 features the following advantages:

Multi-core control: V9 can adjust the ratio of control cores to the forwarding cores in the CPU to make the most out of CPU computing power and strike the balance between control tasks and forwarding tasks, while providing strong concurrent computing power

User mode multi-tasking: V9 adopts a completely new software privilege level system, where most network applications are executed in user mode, and allow each application runs a different task. Each task has its own dedicated resource and when a task fault occurs which will be isolated at its own space avoiding interruption of other tasks. This makes system run more securely and reliably

User task monitoring: V9 comes with task monitoring feature, in which all tasks are monitored. When a user task goes wrong, system will reload and application will quickly recover

New independent application upgrade: V9 supports independent application upgrade, where a single application module is upgraded instead of the whole operating system. This greatly reduces the number of system reboots compared with the previous version, keeping the upgrade secure and sustaining the network stability

Wired and Wireless Processing Capability

WX3800X series AC adopts the latest high performance multi-core CPU. WX3840X AC CPU possesses 8 independent cores that can be virtualized to 32 logical cores, WX3820X series ACs have 4 independent cores that can be virtualized to 16 logical cores. The strong computing power allows the devices to handle more users, more concurrent transactions, decrease latency in order to improve user experience.

Flexible Forwarding Modes

In a wireless network of centralized forwarding mode, all wireless traffic is sent to an AC for processing which the forwarding capability of the AC may become a bottleneck. Especially on wireless networks where APs are deployed at branches, ACs are deployed at the headquarters, and APs and ACs are connected over a WAN. In this scenario, Distributed forwarding is more suitable. The WX3800X series AC supports both distributed forwarding modes and centralized forwarding mode and it can set SSID based forwarding as needed.

Carrier-Class Wireless User Access Control and Management

User-based access control is a key feature of WX3800X series AC. The WX3800X series AC comes with a user profile that serves as a configuration template to save predefined configurations. For different application scenarios, you can configure different items in a user profile, such as Committed Access Rate (CAR) and QoS policies

During authentication, an authentication server assigns a user profile to the device. If the user passes authentication, the device uses the configuration contents in the user profile to restrict the accessibility of resources of the user. When the user goes offline, the device disables the user profile. Thus, user profiles are applicable to online users rather than offline users and users that fail to pass authentication

The WX3800X series AC also supports MAC-based access control, which allows you to configure and modify the access rights of a user group or a particular user on an AAA server. The refined user rights control method enhances the availability of WLANs and facilitates access right assignment

MAC-based VLAN is another strong feature of the WX3800X series AC. The administrator can assign users (or MAC addresses) with the same attributes into the same VLAN and configure a VLAN-based security policy on the AC. This simplifies system configuration and refines user management to the per-user granularity

For security or accounting, the administrator may need to control the physical positions of wireless clients. The WX3800X series can satisfy this requirement. During authentication, the AC gets a list of permitted APs from the authentication server and then selects an AP for the requesting wireless client. In this way, the wireless client can only associate with that AP and thus its position is controlled

Smart Roaming Features

Supports intra-AC roaming, cross-AC roaming, and cross-VLAN Layer 3 roaming

Portal roaming information synchronization function: AC and AP support Portal users' non-perceived roaming between ACs on a large-scale network, without the Portal mac-trigger server. The wireless controller can independently assume the mac-trigger server function. This reduces the pressure on the portal server and prevents the portal server from becoming a performance bottleneck. When the Portal server is done, the online terminal can still roam without authentication between no less than 10 wireless controllers.

802.1X roaming information synchronization function: AC and AP support 802.1X users for fast roaming between ACs on a large-scale network. Support dot1x authentication for fast roaming between ACs. Terminals do not need to do authentication again after roaming to a new AC. Alleviate server pressure and ensure fast access of terminals, and support fast roaming between more than 10 ACs.

Support 802.11k/v/r fast roaming protocols

Client reassociation, this feature enables an AP to send unsolicited deauthentication frames to a client when the signal strength of the client is lower than the specified RSSI threshold. Then, the client can reassociate with the AP or roam to another AP.

Intelligent Channel Switching

In a WLAN, adjacent wireless APs should work in different channels to avoid channel interference. However, channels are very rare resources for a WLAN. There are a small number of non-overlapping channels for APs. For example, there are only three non-overlapping channels for the 2.4GHz network. Therefore, the key to wireless applications is how to allocate channels for APs intelligently

Meanwhile, there are many possible interference sources that can affect the normal operation of APs in a WLAN, such as rogue APs, radars and microwave ovens. The intelligent channel switching technique can ensure the allocation of an optimal channel to each AP, thereby minimizing adjacent channel interference. Besides, the real-time interference detection function can help keep APs away from interference sources such as radars and microwave ovens

Intelligent AP Load Sharing

According to IEEE 802.11, wireless clients control wireless roaming in WLANs. Usually, a wireless client chooses an AP based on the Received Signal Strength Indication (RSSI). Therefore, many clients may choose the same AP with a high RSSI. As these clients share the same wireless medium, the throughput of each client is reduced greatly.

The intelligent AP load sharing function can analyze the locations of wireless clients in real time, dynamically determine which APs at the current location can share load with one another, and implement load sharing among these APs. In addition to load sharing based on the number of online sessions, the system also supports load sharing based on the traffic of online wireless users

Support SSID automatic hiding function based on radio resource utilization. When the radio resource reaches or exceeds the configured threshold, the SSID automatically hides to provide users with stable and reliable wireless services.

Layer 4-7 Deep packet inspection

The WX3800X series AC can identify variety of applications and policy control can be implemented including priority adjustment, scheduling, blocking, and rate limiting to ensure efficient bandwidth resource and improve the network quality.

Layer 7 Wireless Intrusion Detection and Prevention Systems (WIDS / WIPS)

The WX3800X series AC supports the blacklist, whitelist, rogue device defense, bad packet detection, illegal user removal, upgradeable Signature MAC layer attack detection (DoS attack, Flood attack or man-in-the-middle attack) and counter measures

With the built-in knowledge base in WX3800X, you can perform timely and accurate wireless security decisions. For determined attack sources such as rogue AP or terminals, you can perform visible physical location monitoring and switch physical port removing

With H3C firewall/IPS device, network infrastructure can also implement layer 7 security defense in wireless campus, covering wired (802.11) and wireless (802.3) secure connections on an end-to-end basis

Network optimization

RRM

Radio Resource Management (RRM), the AP monitors air interface channel utilization, channel interference, and signal conflict in real time, and works with H3C Cloudnet to adjust RF parameters such as working channel, bandwidth, and power in a timely manner to maintain the optimal RF resource status.

RROP

Radio Resource Optimization Policy (RROP) refers to the collection of multiple wireless air interface optimization methods, which is committed to reducing or controlling the consumption of air interface media resources by management packets, broadcast packets, and invalid packets. Set aside more resources to provide users with better wireless application services.

SACP

The Station Access Control Policy (SACP) restricts, controls, and guides the access of wireless terminals to better AP or wireless services. In addition, terminal traffic is controlled and scheduled according to network applications to improve the overall performance of the wireless network and improve the experience and effect of wireless access applications.

Roaming Protection

Wireless AP fully supports the Fast BSS Transition function defined in the 802.11r standard, which can accelerate the roaming process of wireless users, reduce the probability of connection interruption, and improve the roaming service quality. Through 802.11k protocol mechanism, AP and wireless client interact with each other to perceive the network topology in multiple dimensions. The AC recognizes and calculates the roaming time and roaming access location of the wireless client in full view, and negotiates the switch with the client through 802.11v and 802.11r mechanisms.

New Wireless Intelligent Application Aware (WIAA)

Wireless Intelligent Application Aware Feature (WIAA) provides a user role-based application layer security, QoS and forwarding policy for wired and wireless users. With WIAA, administrator can specify websites users’ browsing, application protocols (i.e. HTTP, FTP) they use and bandwidth they are allocated. H3C V9 AC comes with Deep Packet Inspection (DPI) capability, expanding application detection and detailed statistics. The detection of previous generation AC is based on layer 4 Ethernet protocol (e.g. 80 maps to HTTP, 20/21 maps to FTP, etc.), which can be easily circumvented by agents, while the new V9 AC is based on layer 7 characteristics of Ethernet protocols, as well as the typical packet signature to implement a more precise recognition and complete restriction. With DPI, administrator can instead of prohibiting user visit all e-commerce websites but to set restriction on a per-website basis. This simplifies configuration and improves productivity.

Flexible Networking

IMC-based Management

The access controller can be managed by the Wireless Service Manager (WSM) component of the H3C Intelligent Management Center (IMC). WSM offers a simple and user-friendly management platform for wireless network administrators. It implements panel management, troubleshooting, performance monitoring, software version control, configuration management, and user access management of wireless devices.

Cloud-based Management

This access controller can be managed through the cloud. It supports multiple authentication methods such as PPSK, Portal, 802.1X, SMS, and social media. At the same time, the cloud management platform can monitor the device status and terminal connection status, comprehensively evaluate and optimize the business operation status of the entire wireless network, and achieves the optimal wireless network Total Cost of Ownership (TCO).

License Control

The license-sharing solution, this feature enables master ACs to synchronize local licenses to the backup AC in an AP license synchronization group via AP license synchronization connections.

Licenses are installed on a per-AC basis. When the master AC fails, the backup AC will take over the service and APs will be reassociated with the backup AC. This feature avoids AP association failures on the backup AC due to lack of AP licenses.

According to the number of ACs configured with the AP license synchronization feature, WLAN license sharing functions in the following modes: dual-AC mode and N+1 mode (N≥2)

High Availability

Cloud cluster is a virtualization technology independently developed by H3C. Its core idea is to connect multiple devices and virtualize them into a single device to combine their hardware resources and software capabilities. This achieves collaboration, unified management, and service non-interruption (when one device fails, the others seamlessly take over services, ensuring no impact on the services).

Unified configuration management

The configuration synchronization of the cloud cluster includes: batch synchronization during initialization and real-time synchronization during stable operation. The master is responsible for synchronizing user configurations to each standby to ensure a high degree of uniformity in the settings of devices within the container cluster.

MAD (conflict detection)

If a cluster link fails, it will cause the cloud cluster to split into two sub-cloud clusters. Cloud cluster service configuration conflicts, such as management IP, bridge MAC, and address conflicts, can lead to fault spreading in the network, affecting packet forwarding.

Cloud cluster supports the use of ARP MAD, ND MAD, BFD MAD, and LACP MAD mechanisms to detect and handle conflicts caused by cloud cluster splits.

AP license synchronization

Two ACs in the cloud cluster share the AP licenses. An AP license installed on one AC can be used by the other AC.

AC 1 is installed with N licenses; AC 2 is installed with M licenses. After AC 1 and AC 2 form a cloud cluster, the cloud cluster has N+M licenses. After AC 1 fails or disconnects in the cloud cluster, AC 2 still possesses N+M licenses to provide time for AC 1's repair, allowing up to N+M APs to connect. If AC 1 is disconnected for more than 30 days, AC 2 cannot use licenses on AC 1 and can allow only M APs to connect.

Redundancy

Cloud cluster use device-level backup, link-level backup, and protocol hot backup technologies to ensure high reliability of the cloud cluster system.

Hardware specifications

Software specifications