WLAN Services
Why Alcatel-Lucent Complete communication solutions provider Market leadership in key data, voice, video and fixed mobile convergence technologies
turnkey solutions
over 500,000 customers Presence in over 130 countries
data/IP
voice
broadband
satellite
outsourcing
optical
submarine
Communications Applications
Voice over IP
VoIP
IP Network Infrastructure
High
Manageability
simple ideal second source common edge / core, chassis / stack superior management solutions
Availability
designed for convergence cost-optimized for redundancy smarter availability and QoS
Security
Enterprise WLAN
A Business Solution
April, 2007
Enterprise WLAN
The Business Benefits
Mobility
enterprise-wide WLAN guest access
Location tracking
users equipment assets
security
Enterprise WLAN
Requirements / Challenges
Deployment
no disruption of existing network RF engineering new infrastructure network redesign and upgrades
Security
authentication and encryption identity-based security and guest access rogues, ad-hoc networks, hacks and attacks firewalling
Management
design and configuration monitoring troubleshooting growth
Availability
coverage reliability mobility performance
Convergence
QoS security load balancing voice-aware
HotStandby
Data Center
Internet
Branch Office
Remote AP with IPSec VPN
Regional Office
Home Office
Public Hotspot
OAW Client
Integrated stateful firewall Role-based access control Built-in client integrity Centralized 802.11i security Built-in AAA services L1-L7 wireless IPS Rogue detection services Quarantine Manager
Built-in Rogue Detection & Containment Direct Interface to Microsoft Active Directory
Active Directory
Wireless Controller
Wired L2 / L3 Transport
Access Point
SSID: CORP SSID: GUEST SSID: VOICE
Rogue AP
Scan & Quarantine Un-trusted Users Employees
Voice
Guest
QoS for application-aware traffic management Security to protect the network, users, and remote clients Load-balancing automatically distributes clients across multiple APs Application-aware design allows better management of time sensitive applications (voice)
1 Protocol-aware voice
flow classification and security Wired
2 802.1p or DSCP
prioritized voice packets
Data Packets
WLAN controller
802.1x AAA server
802.11i encryption
WLAN management Location appliance Role-based firewall site-to-site VPN NAC appliance
13 | Enterprise Networks | March 2007 All Rights Reserved Alcatel-Lucent-Lucent 2007
OmniAccess 6000
128, 256, 512 access points Integrated firewall, IDS / IPS Centralized encryption
Building / floor
Software modules Client Integrity Advanced AAA Policy Enforcement Firewall External Services Interface Wireless Intrusion Protection (WIP) Remote AP licenses
Adaptive personality Rogue AP detection / containment Support for VoWLAN Indoor / outdoor APs Multiple antenna options
All Rights Reserved Alcatel-Lucent-Lucent 2007
Regional Headquarters
Branch Office Small/Home Office
April, 2007
OmniAccess Wireless
Deployment Options
OAW-AP70
OAW-6000 HEADQUARTERS
OAW-AP61
BRANCH OFFICE
WAN
OAW-AP61
OAW-AP70
REGIONAL HEADQUARTER
16 | Enterprise Networks | March 2007 All Rights Reserved Alcatel-Lucent-Lucent 2007
OmniAccess Wireless
4300 / 6000 Portfolio Number of APs *
Branch / SMB Regional HQ Large Branch Medium - Large HQ OAW-6000-512
512
256
OAW-6000-256
128 48
OAW-4308 OAW-4324
16
OAW-4302
6
200 Mbps 400 Mbps 1 Gbps 3.6 Gbps
Performance
(Mbps of encrypted traffic throughput)
7.2 Gbps
OAW-AP70
OAW-AP65 OAW-AP60/61 Advanced dual band deployments - Efficient RF coverage - External antenna support - In or out ceiling installation - PoE or external AC powered - Dual Ethernet ports - USB port for extensions (e.g. Spectrum Analyzer)
OAW-AP41
Cost-effective single band deployments - Simple RF environments - Out of ceiling installation - PoE powered
Single band deployments - Efficient RF coverage - In or out ceiling installation - PoE or external AC powered
Dual band deployments - Efficient RF coverage - In or out ceiling installation - PoE or external AC powered
AP-80P/MB/SB
Versions
OAW-AP80P outdoor thin AP OAW-AP80SB outdoor point to point bridge fat AP OAW-AP80MB outdoor point to multi-point bridge fat AP
Designed for:
extreme, all-weather deployment
AP-80SB
AP-80MB
AP-80SB
HOST SITE
Layer 2/3 networks
AP-80SB
AP-80SB
REMOTE SITE
AP-80SB
AP-80MB and SB
AP-80SB
OMNI VISTA MOBILITY MANAGER OmniAccess WLAN switch base software Alcatel-Lucents standard WLAN software provides unprecedented control over the entire wireless environment, offering intelligent / centralized WLAN switching and advanced services
Advanced services (included in Base Software) WLAN switching and RF management Policy management Adaptive Radio resource Management (ARM) Authentication choices Association choices User services Mobility Intrusion detection Feature management
All Rights Reserved Alcatel-Lucent-Lucent 2007
VPN Server module Wireless Intrusion Protection (WIP) module Client Integrity module External Services Interface module xSec Remote AP licenses
Data Center
Branch Office
security policies can be centrally defined and enforced on a per-user or per-group basis
policies are enforced dynamically, following users as they move and taking into account a variety of metrics such as:
user location time-of-day device type authentication method
Key benefits role based services for user / group class of service differentiation, bandwidth contracts firewall permit/deny/drop/log (ICSA certified to version 4.1 corporate standard) QoS - priority traffic queues, Wi-Fi voice prioritization
hardware acceleration provides LAN-speed VPN connectivity both client termination as well as site-to-site VPNs are supported supported VPN protocols include:
L2TP/IPSec IPSec/XAUTH PPTP
Key benefits complete client VPN services - PPTP, L2TP/IPSec site-to-site VPN services - IPSec NAT-T transport mode tunnels between OmniAccess WLAN switches or third-party VPN concentrators
Key benefits detection of: - network probing and DoS attacks, impersonation and man-in-the-middle attacks - unauthorized devices (ad-hoc networks,Windows bridging, wireless bridges) prevention of: - clients roaming to unauthorized APs - attempted intrusion
Key benefits embedded Sygate On Demand agent support for host integrity policy enforcement user quarantine - client session role change (quarantine) with Sygate Note: requires that the Policy Enforcement Firewall module is installed
Key benefits choice of AAA server for authentication XML API for captive portal (external captive portal server support) content inspection with external appliance, Fortinet integration Note: requires that the Policy Enforcement Firewall module is installed
xSec module
termination of highly secure xSec client sessions link-layer 256-bit AES-CBC encryption with complete header obscuration for highly sensitive environments enables encryption of trunk ports between mobility controllers based on the same strong encryption standard
Key benefits client/server xSec: termination of AES layer 2 xSec secure VPN sessions point/point xSec: termination of AES layer 2 xSec secure VPN switch port session
Remote AP module
securely extend corporate wireless functionality to any location with an Internet connection remote APs allow seamless, corporatelike WLAN connectivity
remote office home anywhere a mobile worker chooses to work
Key benefits remote access point - termination of remotely deployed APs using IPSec transport local bridging - termination of data traffic at the remote AP survivability - pre-shared key for backup WLAN encryption during WAN failure
management
security availability convergence services
www.Alcatel-Lucent.com U&ME