T E C H N I C A L S P E C I F I C A T I O N S
Performance and capacity
• Campus-connected APs: Up to 2,048
• Remote APs: Up to 8,192
• Users: Up to 32,768
• MAC addresses: Up to 256,000
• VLAN IP interfaces: 512
• Fast Ethernet ports (10/100): Up to 72
• Gigabit Ethernet ports (GBIC or SFP): Up to 40
• 10 Gigabit Ethernet ports (XFP): Up to 8
• Active firewall sessions: Up to 2,097,200
• Concurrent IPSec tunnels: Up to 32,768
• Firewall throughput: Up to 80 Gbps
• Encrypted throughput (3DES): Up to 32 Gbps
• Encrypted throughput (AES-CCM): Up to 16 Gbps
Wireless LAN security and
control features
• 802.11i security (WFA-certified WPA2 and WPA)
• 802.1X user and machine authentication
• EAP-PEAP, EAP-TLS, EAP-TTLS support
• Centralized AES-CCM, TKIP and WEP encryption
• 802.11i PMK caching for fast roaming applications
• EAP offload for AAA server scalability and
survivability
• Stateful 802.1X authentication for standalone APs
• MAC address, SSID and location-based
authentication
• Multi-SSID support for operation of multipleWLANs
• SSID-based RADIUS server selection
• Secure AP control and management over
IPSec or GRE
• CAPWAP-compatible and upgradeable
• DistributedWLANmode forremoteAP deployments
• Simultaneous centralized and distributed
WLAN support
Identity-based security features
• Captive portal, 802.1X and MAC address
authentication
• Username,IP address,MAC address and encryption
key binding for strong network identity creation
• Per-packet identity verification to prevent
impersonation
• RADIUS and LDAP-based AAA server support
• Internal user database for AAA server failover
protection
• Role-based authorization for eliminating
excess privilege
• Robust policy enforcement with stateful
packet inspection
• Per-user session accounting for usage auditing
• Web-based guest enrollment
• Configurable acceptable use policies for guest
access
• XML-based API for external captive portal
integration
• xSec option for wired LAN authentication and
encryption(802.1X authentication, 256-bit
AES-CBC encryption)
Convergence features
• Voice and data on a single SSID for
converged devices
• Flow-based QoS usingvoice flow classification (VFC)
• Alcatel-Lucent NOE, SIP, Spectralink SVP, SCCP
and Vocera ALGs
• Strict priority queuing for over-the-air QoS
• 802.11e support – WMM, U-APSD and T-SPEC
• QoS policing for preventing network abuse
via 802.11e
• DiffServ marking and 802.1p support for
network QoS
• On-hook and off-hook VoIP client detection
• VoIP call admission control (CAC) using VFC
• Call reservation thresholds for mobile VoIP calls
• Voice-aware RF management for ensuring
voice quality
• Fast roaming support for ensuring mobile
voice quality
• SIP early media and ringing tone generation
(RFC 3960)
• Per-user and per-role rate limits (bandwidth
contracts)
Adaptive radio management
(ARM) features
• Automatic channel and power settings for
thin APs
• Simultaneous air monitoring and end user services
• Self-healing coverage based on dynamic
RF conditions
• Dense deployment options for capacity optimization
• AP load balancing based on number of users
• AP load balancing based on bandwidth utilization
• Coverage hole and RF interference detection
• 802.11h support for radar detection and avoidance
• Automated location detection for active RFID tags
• Built-in XML-based Location API for RFID
applications
Wireless intrusion protection
features
• Integration with WLAN infrastructure
• Simultaneous or dedicated air monitoring
capabilities
• Rogue AP detection and built-in location
visualization
• Automatic rogue, interfering and valid AP
classification
• Over-the-air and over-the-wire rogue AP
containment
• Adhoc WLAN network detection and containment
• Windows client bridging and wireless bridge
detection
• Denial of service attack protection for APs
and stations
• Misconfigured standalone AP detection and
containment
• Third party AP performance monitoring and
troubleshooting
• Flexible attack signature creation for new
WLAN attacks
• EAP handshake and sequence number analysis
• Valid AP impersonation detection
• Frame floods,FakeAP andAirjack attack detection
• ASLEAP, death broadcast, null probe response
detection
• Netstumbler-based network probe detection
Stateful firewall features
• Stateful packet inspection tied to user identity
or ports
• Location and time-of-day aware policy definition
• 802.11 station awareness for WLAN firewalling
• Over-the-air policy enforcement and station
blacklisting
• Session mirroring and per-packet logs for
forensic analysis
2 Alcatel-Lucent OmniAccess 6000
The OAW-6000 offers a best in class, user-centric security framework to authenticate wireless users, enforce role-based
access control policies and quarantine unsafe endpoints from accessing the corporate wireless network. Guest users can
be easily and safely supported with the built-in captive portal server and advanced network services.
The OAW-6000 can create a secure networking environment without requiring additional VPN/firewall devices using
integrated site-to-site VPN and NAT capabilities, split-tunneling and an ICSA-certified stateful firewall. Site-to-site VPN
support can be integrated with all leading VPN concentrators to provide seamless integration into existing corporate VPNs.
