The H3C WX2540E wireless Access Controller (AC) is well designed and positioned for enterprise branch network. It features gateway and AC function integration, reducing the number of devices and TCO in network. The WX2540E provides refined user control and management, comprehensive RF management, 7x24 wireless security control, fast layer 2 and layer 3 roaming, strong QoS and IPv4/IPv6 dual protocol stacks in one box. In addition, the WX2540E provides abundant port types including two USB ports, which can be used to connect with other enterprise peripheral devices.
The following contents are relatively complicated, please use PC for browsing.
Pls enter c.h3c.com.cn in the PC browser and follow the instruction from the page, you will continue to sync to PC.
Continue mobile phone browsing.
· In addition to 802.11a/b/g/n AP management, the WX2540E AC can work together with H3C 802.11ac-based APs to provide wireless access speed several times faster than that on a traditional 802.11a/b/g/n network. 802.11ac covers a wider range and makes WLAN multimedia applications a reality.
· In a wireless network of centralized forwarding modes, all wireless traffic is sent to an AC for processing. Therefore, the forwarding capability of the AC may become a bottleneck. This is especially true on wireless networks where APs are deployed at branches, ACs are deployed at the headquarters, and APs and ACs are connected over a WAN. However, distributed forwarding cannot provide traffic control as good as the centralized forwarding mode does. The WX2540E AC supports both forwarding modes. You can set SSID based forwarding as needed.
· User-based access control is a key feature of WX2540E AC. The WX2540E AC comes with a user profile that serves as a configuration template to save predefined configurations. For different application scenarios, you can configure different items in a user profile, such as Committed Access Rate (CAR) and QoS policies.
· During authentication, an authentication server assigns a user profile to the device. If the user passes authentication, the device uses the configuration contents in the user profile to restrict the accessibility of resources of the user. When the user goes offline, the device disables the user profile. Thus, user profiles are applicable to online users rather than offline users and users that fail to pass authentication.
· The WX2540E AC also supports MAC-based access control, which allows you to configure and modify the access rights of a user group or a particular user on an AAA server. The refined user rights control method enhances the availability of WLANs and facilitates access right assignment.
· MAC-based VLAN is another strong feature of the WX2540E AC. The administrator can assign users (or MAC addresses) with the same attributes into the same VLAN and configure a VLAN-based security policy on the AC. This simplifies system configuration and refines user management to the per-user granularity.
· For security or accounting, the administrator may need to control the physical positions of wireless clients. The WX2540E AC can satisfy this requirement. During authentication, the AC gets a list of permitted APs from the authentication server and then selects an AP for the requesting wireless client. In this way, the wireless client can only associate with that AP and thus its position is controlled.
· The WX2540E AC is categorized for small and middle size enterprises and/or branch networks, with integrating gateway and AC function. WAN port provides GE copper and GE fiber (Combo), supporting PPPOE, NAT, Dynamic IP address and static IP address configuration. The WX2540E AC also supports security encryption connections, such as GRE, SSL VPN and IPSec VPN
· In a WLAN, adjacent wireless APs should work in different channels to avoid channel interference. However, channels are very rare resources for a WLAN. There are a small number of non-overlapping channels for APs. For example, there are only three non-overlapping channels for the 2.4GHz network. Therefore, the key to wireless applications is how to allocate channels for APs intelligently.
· Meanwhile, there are many possible interference sources that can affect the normal operation of APs in a WLAN, such as rogue APs, radars and microwave ovens. The intelligent channel switching function can ensure the allocation of an optimal channel to each AP, thereby minimizing adjacent channel interference. Additionally, the real-time interference detection function can help keep APs away from interference sources such as radars and microwave ovens.
· According to IEEE 802.11, wireless clients control wireless roaming in WLANs. Generally, a wireless client chooses an AP based on the Received Signal Strength Indication (RSSI) which might cause many clients choosing the same AP with a high RSSI. As these clients share the same wireless medium, the throughput of each client is reduced greatly.
· The intelligent AP load sharing function can analyze the locations of wireless clients in real time, dynamically determine which APs at the current location can share their loading among one another in order to implement load sharing. In addition, the system carries out load sharing not only based on the number of online sessions, also determines by the traffic of online wireless users.
· The WX2540E AC supports the blacklist, whitelist, rogue device defense, bad packet detection, illegal user removal, upgradeable Signature MAC layer attack detection (DoS attack, Flood attack or man-in-the-middle attack) and counter measures. With the built-in knowledge base in WX2540E AC, you can perform timely and accurate wireless security decisions. For determined attack sources such as rogue AP or terminals, you can perform visible physical location monitoring and switch physical port removing.
· With H3C firewall/IPS device, network infrastructure can also implement layer 7 security defense in wireless campus, covering wired (802.11) and wireless (802.3) secure connections on an end-to-end basis.
· Real Time Spectrum Guard (RTSG) is the innovative H3C professional state-monitoring program for the wireless spectrum. All AC models support the internal RF data acquisition module of Sensor AP to achieve deeply integrated monitoring and real time spectrum protection.
· The RTSG Console is integrated into the H3C iMC (intelligent Management Center), and performs data acquisition through the CAPWAP tunnel management and Sensor AP. It can achieve 24x7 wireless signal quality monitoring, trend assessment and unauthorized interference alert. Through active probe and 2.4GHz/5GHz RF interference source (WiFi or non-WiFi) in every band, it provides a graphic representation of real-time FFT plot of the spectral density plot, spectrum diagram, the duty cycle map, event spectrum diagram, channel gain and interference gain. It can also automatically identify the source of interference, determine the location of rogue wireless equipment andensure that the wireless network is always in great shape. Combined with H3C iMC iAR (intelligent Analysis Report) module, it can maintain a complete history of RF quality in the coverage area, including its trace and playback, automatically generate customized trend, compliance and audit reports.
· To cater for the different supervision demands in user's wireless environment, the RTSG solution can be deployed in either Local mode or Monitor Mode. In Local Mode, you can maintain normal user access and data packet forwarding without compromising effective spectrum protection.
· WX2540E AC supports intelligent detection of wireless traffic such as VoIP and video applications, conducts flexible, strategic differentiation and management based on wireless user status. Optimization performed by the wireless access controller enables users to enjoy smooth video playback, and jitter-free VoIP conversations.
· WX2540E AC allows remote probing and analysis for AP. It can intercept WiFi packets nearby and save to a local device in real-time for troubleshooting and optimization analysis. Remote probing can conduct a non-convergent image for working channels, or a polling of all channels to satisfy wireless network monitoring and maintenance requirements.
· WX2540E AC features the RF Optimizing Engine (ROE), which effectively increases the number of concurrent sessions in middle to high-density access, accomplishes streaming media application acceleration and QoS through character and protocol based RF optimization. Features include multi-user fairness, mixed access fairness, interference filtering, speed optimization, multicast enhancement (IPv4/IPv6), per-packet power control and intelligent bandwidth guarantee.
· 802.1X authentication: the WX2540E AC supports multiple 802.1X authentication modes, such as TLS, PEAP, TTLS, MD5, and SIM card. The local 802.1X authentication mode supports MD5, TLS and PEAP which eliminates the need to configure a separate AAA server. The WX2540E AC also supports dynamic VLAN and ACL assignment to wireless clients after they pass 802.1X authentication. You can predefine the access control policies such that the system can automatically configure user rights during user authentication.
· MAC address authentication: authentication modes for computer users may not suitable for some hand-held terminals (such as WiFi phones and hand-held mobile terminals). By supporting MAC address authentication, the WX2540E AC can easily solve this problem. On a wireless access controller or AAA server, you can configure which MAC addresses are allowed to access the wireless network. MAC addresses not configured are considered illegal and cannot access the wireless network. This function facilitates some wireless applications such as the wireless medicine system, where MAC address authentication can ensure that only the PDA terminals of the hospital can access the wireless network but not those owned by patients.
· Portal authentication: WX2540E AC also runs an embedded portal server to authenticate users in place. This authentication mode does not need to work with clients, and is instead performed with WEB Portal page directly through the browser as the authentication channel, and can flexibly redirects user to specific home page for authentication and billing. It can alternatively be used for applications like customized Portal redirected page, advertising, information transfer, and widely used in the wireless campus, wireless city and visitor access scenarios.
· The WX2540E AC supports IPv6 wireless users access. The ingress AP can recognize IPv6 packets, and map IPv6 priority to the tunnel priority. AC can also use ACLs to control and filter IPv6 packets.
· The WX2540E AC can be deployed in IPv6 networks, in which an AC automatically negotiates an IPv6 tunnel with each AP. Although the AC and AP are working in IPv6 mode, the AC can still correctly recognize and process IPv4 packets from wireless clients. The flexible IPv4/v6 adaptability enables the WX2540E AC to work with various complicated applications in the process of IPv4 to IPv6 migration. When deployed on an IPv6 island, the AC can provide services for IPv4 wireless clients. When deployed on an IPv4 island, it can also allow wireless clients to log in to the network through IPv6.
· To cope with emerging IPv6 forged packet attacks in campus, WX2540E AC supports IPv6 SAVI (Source Address Validation). Through address allocation protocol eavesdropping, it captures client’s IP address and ensures it uses the correct address while going online, eradicates the possibility of forging IP address, and determines the authenticity of source IP address. The integration of IPv6 SAVI and Portal technology can further guarantee the integrity and security of network packets.
· Developed based on the Comware platform, the WX2540E AC supports not only the Diff-Serv standard but also the IPv6 QoS. The QoS Diff-Serv model includes traffic classification, policing, queuing and scheduling, completely implementing the six groups of Per-Hop Behavior (PHB) including EF, AF1 through AF4, BE and their services. This enables ISPs to provide differentiated services for users, making the Internet a truly integrated network carrying data, voice and video services at the same time.
· Layer 3 roaming is hard to implement in a WLAN comprised of fat APs due to limited communication between APs. With H3C centralized forwarding and control architecture, the WX2540E AC supports Layer-2 and Layer-3 roaming and solves the inter-subnet roaming problem. This excellent roaming feature allows you to chart a wireless network without worrying about the planning of the existing wired network. All you need to consider is wireless signal coverage. This greatly simplifies the early wireless network planning and reduces the network planning cost.
· When a wireless terminal uses 802.1X for 802.11 access authentication and key exchange, there will be a large number of packets exchange between the terminal and the AP. If the complete 802.1X authentication process is followed by a wireless terminal that roams from one AP to another, this results in a very long handover time. This is unacceptable for delay sensitive services such as VoIP. The WX2540E AC uses Key Caching to implement fast handover of roaming wireless terminals. The Key Cache functionality allows wireless terminals to roam from one AP to another without following the complete 802.1X authentication process while it ensures user identification and the continuity of key use. With fast handover, single AC handover time is kept within 50 ms and fulfills the stringent requirements of VoIP service.
· Device centralized management, branch located WX2540E AC will be centrally managed by high performance AC in Headquarter, branch AP and AC configuration will be delivered via Headquarter AC, maintenance complexity will be significantly reduced.
· User centralized management, all users authentication traffic from brach network will be forwarded to H.Q for authentication and authorization.
· Branch users traffic distributed forwarding, Once users’ authentication successfully, all data traffic will be forwarded to Internet via branches WX2540E, reducing Headquarter AC burden.
Max power consumption
Operating and storage temperature
-10ºC ~55ºC / -40ºC ~ 70ºC
Operating and storage relative humidity
CAN/CSA C22.2 No 60950-1
FDA 21 CFR Subchapter J
ETSI EN 300 386 V1.3.3:2005
EN 55024: 1998+ A1: 2001 + A2: 2003
EN 55022 :2006
AS/NZS CISPR 22:2004
FCC PART 15:2005
Number of managed APs in stand configuration
Size of license
Maximum number of
Maximum number of users supported
Multi-SSID (Per RF)
Use number limit
Supported: SSID based, per RF based
Multi-country code assignment
Wireless user isolation
VLAN based wireless users 2-layer isolation
SSID based wireless user 2-layer isolation
20MHz/40MHz auto-switch in 40MHz mode
Local forwarding based on SSID+VLAN
Auto AP serial number entry
AC discovery (DHCP option43, DNS)
Jumbo frame forwarding
AP Dual uplink (with AC)
Assign basic AP network parameter through AC
Supported: Static IP, VLAN, connected AC address
L2/L3 network between AP and AC
NAT traversal between AP and AC
Intra-AC, Inter-AP L2 and L3 roaming
Inter-AC, Inter-AP L2 and L3 roaming
Open system, shared-Key
WEP-64/128, dynamic WEP
ü (11n recommended)
Wireless EAD (End-point Access Domination)
Supported: Remote Authentication, external server
Portal page redirection
Supported: SSID based, AP Portal page push
Portal by-pass Proxy
EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-MD5, EAP-SIM, LEAP, EAP-FAST, EAP offload support (TLS, PEAP only)
802.1X, Portal, MAC authentication
802.1X and Portal
EAP-GTC and EAP-TLS supported by 802.1X login
AP location-based user access control
Guest access control
ARP attack detection
Supported: Wireless SAVI
SSID+user name binding
AAA server selection based on SSID and domain
AAA server back up
Local AAA server for wireless user
Layer 2 to Layer 4 packet filtering and traffic classification
Supported with granularity of 8Kbps
bandwidth limit based on AP
Access control based on user profile
Intelligent bandwidth limit (equal bandwidth share algorithm)
Intelligent bandwidth limit (user specific)
Intelligent bandwidth guarantee
Free flow for packets coming from every SSID When traffic is not congested, and guarantee a minimum bandwidth for each SSID when traffic is congested
QoS optimization for SVP phone
CAC(Call Admission Control)
Supported: based on user number/bandwidth
AP upload speed limit
Country code lock
Static channel and power configuration
Auto channel and power configuration
Auto transmission rate adjustment
Coverage hole detection and correction
Supported: based on traffic, user & frequency(dual-frequency supported)
Intelligent load balancing
AP load balancing group
Supported: auto-discovery and flexible setting
Rogue AP detection
Supported: SSID based, BSSID, device OUI and more
Rouge AP countermeasure
Flooding attack detection
Spoof attack detection
Weak IV attack detection
Supported: 7-layer mobile security
Layer 2 protocol
ARP (gratuitous ARP)
Broadcast storm suppression
Multicast to Unicast (IPv4, IPv6)
Supported: Set unicast limit based on operating environment
Management and deployment
WEB, SNMP v1/v2/v3, RMON and more
WEB, CLI, Telnet, FTP and more
Scheduled shutdown of AP RF interface
Scheduled shutdown of wireless service
Per-packet power adjustment (PPC)
Remote probe analysis
RealTime Spectrum Guard (RTSG)
Wireless Intelligent Application Aware (wIAA)
Supported/ Stateful Inspection Firewall
Packet forwarding fairness adjustment
802.11n packet forwarding suppression
Access based traffic shaping
Co-AP channel sharing
Co-AP channel reuse
RF interface transmission rate adjustment algorithm
Drop wireless packet with weak signal
Disable user access with weak signal
Disable multicast packet caching
Status blink(limited to some AP)
New added feature