The OAW-6000 provides a true user-centric network experience, delivering follow-me connectivity, identity-based access, and application continuity services. The OAW-6000 offers a scalable design that supports large deployments and can be easily implemented as an overlay without any disruption to the existing wired network. Advanced voice-over-WLAN features such as Call Admission Control (CAC), voice-aware RF management and strict over-the-air quality of service (QoS) allow the OAW-6000 to deliver mobile VoIP capabilities. The OAW-6000 is managed via the integrated management capability of the Alcatel-Lucent OmniAccess Wireless Operating System or the Alcatel-Lucent OmniVista™ Mobility Manager. FEATURES BENEFITS • High capacity and high performance for large deployments • Scalable design • Mobile VoIP • Integrated network management • User-centric security • Secure network environment • A scalable design that supports up to 32,768 users with follow-me connectivity, identity based access and application continuity • Does not make existing deployments obsolete since it is implemented as an overlay without disturbing the existing wired network • Improves voice quality through support of Call Admission Control, voice-aware RF management and strict over-the-air quality of service (QoS) • Eliminates need for multiple network management applications via OmniAccess Wireless Operating System and OmniVista Mobility Manager • Prevents unauthenticated users and unsafe endpoints from access the corporate wireless network while safely supporting guest users • Eliminates need for additional VPN/firewall devices The OAW-6000 offers a best in class, user-centric security framework to authenticate wireless users, enforce role-based access control policies and quarantine unsafe endpoints from accessing the corporate wireless network. Guest users can be easily and safely supported with the built-in captive portal server and advanced network services. The OAW-6000 can create a secure networking environment without requiring additional VPN/firewall devices using integrated site-to-site VPN and NAT capabilities, split-tunneling and an ICSA-certified stateful firewall. Site-to-site VPN support can be integrated with all leading VPN concentrators to provide seamless integration into existing corporate VPNs. TECHNICAL SPECIFICATIONS Performance and capacity • Campus-connected APs: Up to 2,048 • Remote APs: Up to 8,192 • Users: Up to 32,768 • MAC addresses: Up to 256,000 • VLAN IP interfaces: 512 • Fast Ethernet ports (10/100): Up to 72 • Gigabit Ethernet ports (GBIC or SFP): Up to 40 • 10 Gigabit Ethernet ports (XFP): Up to 8 • Active firewall sessions: Up to 2,097,200 • Concurrent IPSec tunnels: Up to 32,768 • Firewall throughput: Up to 80 Gbps • Encrypted throughput (3DES): Up to 32 Gbps • Encrypted throughput (AES-CCM): Up to 16 Gbps Wireless LAN security and control features • 802.11i security (WFA-certified WPA2 and WPA) • 802.1X user and machine authentication • EAP-PEAP, EAP-TLS, EAP-TTLS support • Centralized AES-CCM, TKIP and WEP encryption • 802.11i PMK caching for fast roaming applications • EAP offload for AAA server scalability and survivability • Stateful 802.1X authentication for standalone APs • MAC address, SSID and location-based authentication • Multi-SSID support for operation of multiple WLANs • SSID-based RADIUS server selection • Secure AP control and management over IPSec or GRE • CAPWAP-compatible and upgradeable • Distributed WLAN mode for remote AP deployments • Simultaneous centralized and distributed WLAN support Identity-based security features • Captive portal, 802.1X and MAC address authentication • Username, IP address, MAC address and encryption key binding for strong network identity creation • Per-packet identity verification to prevent impersonation • RADIUS and LDAP-based AAA server support • Internal user database for AAA server failover protection • Role-based authorization for eliminating excess privilege • Robust policy enforcement with stateful packet inspection • Per-user session accounting for usage auditing • Web-based guest enrollment • Configurable acceptable use policies for guest access • XML-based API for external captive portal integration • xSec option for wired LAN authentication and encryption(802.1X authentication, 256-bit AES-CBC encryption) Convergence features • Voice and data on a single SSID for converged devices • Flow-based QoS using voice flow classification (VFC) • Alcatel-Lucent NOE, SIP, Spectralink SVP, SCCP and Vocera ALGs • Strict priority queuing for over-the-air QoS • 802.11e support – WMM, U-APSD and T-SPEC • QoS policing for preventing network abuse via 802.11e • DiffServ marking and 802.1p support for network QoS • On-hook and off-hook VoIP client detection • VoIP call admission control (CAC) using VFC • Call reservation thresholds for mobile VoIP calls • Voice-aware RF management for ensuring voice quality • Fast roaming support for ensuring mobile voice qual...