Sie sind auf Seite 1von 5

#213102

November 2013
Commissioned by
H3C Technologies Co., Ltd

H3C WX Series WLAN Access Controller (AC)


Feature Verication
EXECUTIVE SUMMARY THE BOTTOM LINE
The demand for WLAN connectivity is ever-growing, specifically The H3C WX series WLAN Access Controller (AC) provides:
in large enterprise and metropolitan area networks (MANs).
These high-demand areas require a WLAN solution that is able 1 Security features including real-time RF spectrum guard,
to handle high capacities, provide high availability and security 7x24 multi-layer WIPS, etc.
and is feature-rich. 2 Access control features including device-based &
location-based access control (BYOD), intelligent
H3C commissioned Tolly to validate the features/functionalities committed bandwidth, dynamic VLAN assignment, etc.
of its WX Series WLAN Access Controller (AC). Tolly validated that
the WX Series provides refined device control and management 3 IPv4/IPv6 dual-stack
for BYOD, comprehensive RF management and security 4 High availability features such as AC 1+1 redundancy
mechanisms, strong QoS and IPv4/IPv6 features, and powerful
WLAN access control capability. See Table 1. 5 Management features such as time-based PoE (with the
H3C iMC server)

H3C WX Series WLAN Access Controller Features

Tolly Veried H3C WLAN Solution Features

Access Control IPsec tunnel between AC and AP Remote AP (Keep Live)

Client Isolation Rogue AP Detection based on SSID Value-added Services

Dynamic VLAN Assignment 7x24 Multi-layer WIPS Green AP (Time-based RF)

Device-based Access Control (BYOD) IPv4/IPv6 Dual-stack Packet Capture on AP

Location-based Access Control DHCPv4/DHCPv6 Server RF Ping

Band Navigation IPv4/IPv6 Dual-stack Central Management

Control APs across NAT High Availability Time-based PoE (with the H3C iMC server)

Intelligent Committed Bandwidth AC 1+1 Redundancy Mobile console for iMC

Security Flexible Network


Real-time RF Spectrum Guard AP Centralized Forwarding and Local Forwarding

Source: Tolly, November 2012 Table 1

2013 Tolly Enterprises, LLC Tolly.com Page 1 of 5


H3C WLAN Solution #213102

Test Results Location-Based Access Control


In order to simplify management and H3C
Access Control maintain security, H3C APs can be grouped
Technologies,
together, for example, by location. Tolly
Client Isolation engineers verified that an administrator Co., Ltd
could permit a device to connect to the
When the client isolation feature was wireless network only through APs in a
enabled, Tolly engineers verified that
WX Series WLAN
specific group. Based on Tollys tests, the
devices connected to the same SSID on the device, once configured, could not connect Access Controller
same AP could not ping each other. When
Tested
to the network using unauthorized APs.
the client isolation feature was disabled, Features November
devices could ping each other. Band Navigation Verication 2012
Dynamic VLAN Assignment An SSID was associated with both 2.4GHz
and 5GHz. When band navigation was
Tolly engineers validated that a VLAN pool disabled, most devices connected to the
could be assigned to one SSID. Devices 2.4GHz band. After enabling the band
connected to the SSID could be assigned navigation features in H3Cs AC, Tolly IPsec Tunnel Between AC and AP
into different VLANs in the VLAN pool engineers verified that devices balanced
dynamically. into both bands. The H3C AC and AP use IPsec tunnels to
communicate. Tolly engineers verified that
Device-Based Access Control Control APs across NAT the packets were encrypted.
(BYOD) Tolly engineers verified that an H3C AC Rogue AP Detection based on SSID
With help of the H3C iMC DHCP agent for could control APs in different subnets and
the Microsoft DHCP server, a H3C iMC across NAT. Administrators can configure APs with
server could control access to the network specific SSIDs as rogue APs. Once
based on device. Intelligent Committed Bandwidth configured, Tolly verified that the H3C AP
Tolly engineers verified that administrators could detect the rogue APs.
When PCs and mobile phones log into the
network, administrators can see the device could setup committed bandwidth for an
SSID. When different SSIDs would compete 7x24 Multi-Layer WIPS
type (e.g. Windows XP, Windows 7, iOS,
Android, etc.) for bandwidth, the committed bandwidth
was guaranteed. H3C WX series AC supports Wireless
Intrusion Prevention System functions
For example, when users use the H3C
(WIPS). When the WIPS feature was
iNode app for Android to log into the Real-Time RF Spectrum Guard
enabled, the H3C AP detected the
network, H3C iMCs Endpoint Admission When a bluetooth device and a microwave deauthentication flood (deauth_flood)
Defense (EAD) feature could be used to were operating near an H3C AP, the AP attack under test. Tolly engineers verified
control access to the network. To verify could detect, analyze and identify the that the attack was shown in the event
functionality, Tolly engineers configured spectrum and type of the interference logs.
the policy to refuse connection if the signal with the help of the spectrum
Android client did not have a Symantec
anti-virus app installed. Tolly then verified
protection feature. DHCPv4/DHCPv6 Server
that the policy worked when the endpoint Tolly engineers verified that the H3C WX
attempted to login to the network without series AC could act as both a DHCPv4 and
the proper requirements and was denied. DHCPv6 server when clients retrieved IP
addresses from the pools successfully.

2013 Tolly Enterprises, LLC Tolly.com Page 2 of 5


H3C WLAN Solution #213102

IPv4/IPv6 Dual-stack
Tolly Certied Products
Tolly verified that the H3C AC and AP could
support concurrent IPv4 and IPv6. In the
H3C WX6100E, WX5500E, WX3500E and WX2500E series Access Controller
test, one AP was connected to the AC with
40G AC module for the H3C S7500E and S10500 series Ethernet switch families
IPv4 and the other AP was connected to
the AC with IPv6. Clients connected to both
APs and were able to access the network.
Green AP accessed via mobile device and H3Cs iMC
AC 1+1 Redundancy app for the iOS platform could be used to
Tolly engineers verified that the H3C AC view logs and alerts.
Two H3C WX Series Access Controllers were could set up a time window for the APs RF
configured in active and backup
statuses. Tolly engineers verified that when
to work and sleep. Test Setup &
the active AC was down, the failover time Packet Capture on AP
was less than 3 seconds. Clients already Methodology
connected to the network still had network Tolly engineers verified that the H3C AP
access without the need to log in again. could capture packets being transmitted Test Environment
nearby. Two APs were configured with the
AP Centralized Forwarding and same channel. A client was connected to Table 2 provides details of the WLAN
solution under test.
Local Forwarding the SSID on one AP (AP1). The other AP
(AP2) could capture the packets between A Dell E6230 with an Intel Core i3 CPU and
The H3C AP supports centralized the client and AP1. Tolly verified that packet Intel Centrino Ultimate-N 6300 AGN
forwarding and local forwarding at the capture file could be transferred to the AC wireless card running Windows 7
same time. Tolly engineers configured one and downloaded to a PC. Professional and a Lenovo Thinkpad T400
SSID with centralized forwarding and one with an Intel Core 2 Duo CPU and Intel WiFi
SSID with local forwarding. Tolly confirmed RF Ping Link 5300 AGN wireless card running
that clients could connect to both SSIDs. Windows XP Professional SP3 were used as
When a client was connected to an H3C AP,
Centralized forwarding routes all traffic in the WLAN clients for testing.
administrators could run the RF ping
the WLAN to go through the AC using command to the client and get the signal
tunnels between each AP to the AC. Local strength and rate.
forwarding, on the other hand, deals with
unencrypted traffic and does not need to Time-Based PoE
go to the AC.
Using H3Cs iMC server, Tolly engineers
Remote AP (Keep Live) were able to control when the PoE should
be enabled on specific ports of a H3Cs PoE
Tolly engineers configured one SSID with switch, which in turn was connected to
local for warding. When the AP uplinks of the APs. As a result, the APs could
disconnected from the AC, Tolly engineers be turned on and off.
verified that clients could still access the
network. Mobile Console for iMC
Tolly verified that H3Cs iMC server could be
used to manage the WLAN infrastructure.
on mobile devices. The Web portal could be

2013 Tolly Enterprises, LLC Tolly.com Page 3 of 5


H3C WLAN Solution #213102

Test Bed Diagram

H3C i Series Intelligent APs (WA3620i-AGN, etc.)

H3C WX6100E Access Controllers H3C WA2620 AP

Source: Tolly, November 2012 Figure 1

Systems Under Test

Vendor Controller Access Point

H3C S7506E, S7510E switch chassis

LSQ1WCMD0 Access Controller module H3C WA3620iAGN Access Point


H3C Technologies LSQ1WCMB0/LSQ3WCMD0 Access H3C WA2620 Series Access Point
Co., Ltd. Controller module
H3C Comware Software, Version 5.20, Release 1103P04
H3C Comware Software, Version 5.20,
Release 2308P13

Source: Tolly, November 2012 Table 2

2013 Tolly Enterprises, LLC Tolly.com Page 4 of 5


H3C WLAN Solution #213102

About Tolly H3C Technologies Co., Ltd.


The Tolly Group companies have been
delivering worldclass IT services for
more than 20 years. Tolly is a leading
global provider of thirdparty validation
services for vendors of IT products,
components and services.
You can reach the company by email
at sales@tolly.com, or by telephone at
+1 561.391.5610.
www.h3c.com
Visit Tolly on the Internet at:
http://www.tolly.com

Terms of Usage
This document is provided, freeofcharge, to help you understand whether a given product, technology or service merits additional investigation
for your particular needs. Any decision to purchase a product must be based on your own assessment of suitability based on your needs. The
document should never be used as a substitute for advice from a qualified IT or business professional. This evaluation was focused on
illustrating specific features and/or performance of the product(s) and was conducted under controlled, laboratory conditions. Certain tests may
have been tailored to reflect performance under ideal conditions; performance may vary under realworld conditions. Users should run tests
based on their own realworld scenarios to validate performance for their own networks.

Reasonable efforts were made to ensure the accuracy of the data contained herein but errors and/or oversights can occur. The test/audit
documented herein may also rely on various test tools the accuracy of which is beyond our control. Furthermore, the document relies on certain
representations by the sponsor that are beyond our control to verify. Among these is that the software/hardware tested is production or
production track and is, or will be, available in equivalent or better form to commercial customers. Accordingly, this document is provided "as
is", and Tolly Enterprises, LLC (Tolly) gives no warranty, representation or undertaking, whether express or implied, and accepts no legal
responsibility, whether direct or indirect, for the accuracy, completeness, usefulness or suitability of any information contained herein. By
reviewing this document, you agree that your use of any information contained herein is at your own risk, and you accept all risks and
responsibility for losses, damages, costs and other consequences resulting directly or indirectly from any information or material available on it.
Tolly is not responsible for, and you agree to hold Tolly and its related affiliates harmless from any loss, harm, injury or damage resulting from or
arising out of your use of or reliance on any of the information provided herein.

Tolly makes no claim as to whether any product or company described herein is suitable for investment. You should obtain your own
independent professional advice, whether legal, accounting or otherwise, before proceeding with any investment or project related to any
information, products or companies described herein. When foreign translations exist, the English document is considered authoritative. To
assure accuracy, only use documents downloaded directly from Tolly.com.

No part of any document may be reproduced, in whole or in part, without the specific written permission of Tolly. All trademarks used in the
document are owned by their respective owners. You agree not to use any trademark in or as the whole or part of your own trademarks in
connection with any activities, products or services which are not ours, or in a manner which may be confusing, misleading or deceptive or in a
manner that disparages us or our information, projects or developments.

213102gt5yxmts20131029VerI

2013 Tolly Enterprises, LLC Tolly.com Page 5 of 5

Das könnte Ihnen auch gefallen