The H3C WX5500E series wireless Access Controller (AC) features large capacity, high reliability and rich services, and offers strong wired and wireless data processing capacity. The next generation enterprise access controller provides refined user control and management, comprehensive RF management, 7x24 wireless security control, fast layer 2 and layer 3 roaming, strong QoS and IPv4/IPv6 dual protocol stacks in one box.
The H3C WX5500E series AC consists of two models，WX5510E and WX5540E. When paired with H3C Fit Access Point (AP), it serves as an ideal access control solution for WLAN access of large enterprise campus networks, wireless MAN coverage and hot spot coverage.
The following contents are relatively complicated, please use PC for browsing.
Pls enter c.h3c.com.cn in the PC browser and follow the instruction from the page, you will continue to sync to PC.
Continue mobile phone browsing.
In addition to 802.11a/b/g/ac AP management, the WX5500E series AC can work together with H3C 802.11ac-based APs to provide wireless access speed several times faster than that on a traditional 802.11a/b/g/ac network. 802.11ac covers a wider range and makes WLAN multimedia applications a reality.
In a wireless network of centralized forwarding modes, all wireless traffic is sent to an AC for processing. Therefore, the forwarding capability of the AC may become a bottleneck. This is especially true on wireless networks where APs are deployed at branches, ACs are deployed at the headquarters, and APs and ACs are connected over a WAN.
However, distributed forwarding cannot provide traffic control as good as the centralized forwarding mode does. The WX5500E series supports both forwarding modes. You can set SSID based forwarding as needed.
User-based access control is a key feature of WX5500E series AC. The WX5500E series AC comes with a user profile that serves as a configuration template to save predefined configurations. For different application scenarios, you can configure different items in a user profile, such as Committed Access Rate (CAR) and QoS policies.
During authentication, an authentication server assigns a user profile to the device. If the user passes authentication, the device uses the configuration contents in the user profile to restrict the accessibility of resources of the user. When the user goes offline, the device disables the user profile. Thus, user profiles are applicable to online users rather than offline users and users that fail to pass authentication.
The WX5500E series AC also supports MAC-based access control, which allows you to configure and modify the access rights of a user group or a particular user on an AAA server. The refined user rights control method enhances the availability of WLANs and facilitates access right assignment.
MAC-based VLAN is another strong feature of the WX5500E series AC. The administrator can assign users (or MAC addresses) with the same attributes into the same VLAN and configure a VLAN-based security policy on the AC. This simplifies system configuration and refines user management to the per-user granularity.
For security or accounting, the administrator may need to control the physical positions of wireless clients. The WX5500E series can satisfy this requirement. During authentication, the AC gets a list of permitted APs from the authentication server and then selects an AP for the requesting wireless client. In this way, the wireless client can only associate with that AP and thus its position is controlled.
· Hardware Reliability
The WX5500E series AC comes in rack mounted form factor, with swappable key components and redundant power supply to meet high reliability requirements.
The 1+1 redundancy configuration of the WX5500E series supports millisecond failover. Fit APs establish CAPWAP links with both ACs, but only the links to the active AC are active.. When the active AC fails, the heartbeat mechanism between the two ACs ensures that the standby AC can sense the failure within 100 ms and then informs APs to switch CAPWAP link, thus ensuring service continuity.
N+1 redundancy is the best solution in terms of reliability and economy, in which N WX5500E series ACs operate independently, while another AC operates as a standby AC. When one of the N ACs fails, the standby AC will replace it. When the active AC recovers, APs will associate with it again. The WX5500E series AC supports up to 4 plus 1 redundancy
· N+N Redundancy
When N WX5500E series ACs are deployed in a WLAN, the N+N redundancy feature allows an AP to choose an optimal AC for access. If the optimal AC fails, the AP will choose another optimal AC for access. This mechanism implements both AC redundancy and load sharing. You can configure the AP to select the optimal AC according to the dynamic loading or predefined priorities of ACs. To implement N+N redundancy, the N-1 ACs must be capable of managing all the deployed APs.
Multiple WX5500E series ACs can work in active-active configuration to implement a highly reliable portal configuration that is needed by carriers. When a user finishes portal authentication through one of the ACs, the pair will synchronize the user’s authentication status together with other data. If one of the ACs is down, the other AC can avoid repeated authentication and service interruption with previously synchronized data.
Multiple WX5500E series ACs can work in active-active configuration. When a client obtains an IP address from an AC DHCP server, ACs will synchronize the pool of IP addresses and information. If one of the ACs is down while the IP address lease expires, the client’s lease extension request will be handled by another AC with saved IP pool information, which can avoid renewing client’s address and service interruption.
In a WLAN, adjacent wireless APs should work in different channels to avoid channel interference. However, channels are very rare resources for a WLAN. There are a small number of non-overlapping channels for APs. For example, there are only three non-overlapping channels for the 2.4GHz network. Therefore, the key to wireless applications is how to allocate channels for APs intelligently.
Meanwhile, there are many possible interference sources that can affect the normal operation of APs in a WLAN, such as rogue APs, radars and microwave ovens. The intelligent channel switching technique can ensure the allocation of an optimal channel to each AP, thereby minimizing adjacent channel interference. Besides, the real-time interference detection function can help keep APs away from interference sources such as radars and microwave ovens.
According to IEEE 802.11, wireless clients control wireless roaming in WLANs. Usually, a wireless client choose an AP based on the Received Signal Strength Indication (RSSI). Therefore, many clients may choose the same AP with a high RSSI. As these clients share the same wireless medium, the throughput of each client is reduced greatly.
The intelligent AP load sharing function can analyze the locations of wireless clients in real time, dynamically determine which APs at the current location can share load with one another, and implement load sharing among these APs. In addition to load sharing based on the number of online sessions, the system also supports load sharing based on the traffic of online wireless users.
The WX5500E series AC supports the blacklist, whitelist, rogue device defense, bad packet detection, illegal user removal, upgradeable Signature MAC layer attack detection (DoS attack, Flood attack or man-in-the-middle attack) and counter measures. With the built-in knowledge base in WX5500E, you can perform timely and accurate wireless security decisions. For determined attack sources such as rogue AP or terminals, you can perform visible physical location monitoring and switch physical port removing.
With H3C firewall/IPS device, network infrastructure can also implement layer 7 security defense in wireless campus, covering wired (802.11) and wireless (802.3) secure connections on an end-to-end basis.
RealTime Spectrum Guard (RTSG) is the innovative H3C professional state-monitoring program for the wireless spectrum. All AC models support the internal RF data acquisition module of Sensor AP to achieve deeply integrated monitoring and real time spectrum protection.
The RTSG Console is integrated into the H3C iMC (intelligent Management Center), and performs data acquisition through the CAPWAP tunnel management and Sensor AP. It can achieve 24x7 wireless signal quality monitoring, trend assessment and unauthorized interference alert. Through active probe and 2.4GHz/5GHz RF interference source (WiFi or non-WiFi) in every band, it provides a graphic representation of real-time FFT plot of the spectral density plot, spectrum diagram, the duty cycle map, event spectrum diagram, channel gain and interference gain. It can also automatically identify the source of interference, to determine the location of rogue wireless equipment, to ensure the wireless network is always in great shape. Combined with H3C iMC iAR (intelligent Analysis Report) module, it can maintain a complete history of RF quality in the coverage area, including its trace and playback, automatically generate customized trend, compliance and audit reports.
To cater for the different supervision demands in user's wireless environment, the RTSG solution can be deployed in either Local mode or Monitor Mode. In Local Mode, you can maintain normal user access and data packet forwarding without compromising effective spectrum protection.
WX5500E series AC supports intelligent detection of wireless traffic such as VoIP and video applications, conducts flexible, strategic differentiation and management based on wireless user status, and optimize the wireless access controller so that users can enjoy smooth video playback, jitter-free VoIP conversations.
Remote probe analysis
WX5500E series AC allows remote probing and analysis for AP. It can intercept WiFi packets nearby and save to a local device in real-time for troubleshooting and optimization analysis. Remote probing can conduct a non-convergent image for working channels, or a polling of all channels to satisfy wireless network monitoring and maintenance requirements.
WX5500E series AC features the RF Optimizing Engine (ROE), which effectively increases the number of concurrent sessions in middle to high-density access, accomplishes streaming media application acceleration and QoS through character and protocol based RF optimization. Features include multi-user fairness, mixed access fairness, interference filtering, speed optimization, multicast enhancement (IPv4/IPv6), per-packet power control and intelligent bandwidth guarantee.
The WX5500E series AC supports the following types of authentication:
· 802.1X authentication: the WX5500E series AC supports multiple 802.1X authentication modes, such as TLS, PEAP, TTLS, MD5, and SIM card. The local 802.1X authentication mode supports MD5, TLS and PEAP and thus users do not need to configure a separate AAA server. The WX5500E series AC also supports dynamic VLAN and ACL assignment to wireless clients after they pass 802.1X authentication. You can predefine the access control policies so that the system can automatically configure user rights during user authentication.
· MAC address authentication: authentication modes for computer users are not suitable for some hand-held terminals (such as WiFi phones and hand-held mobile terminals). By supporting MAC address authentication, the WX5500E series AC can easily solve this problem. On a wireless access controller or AAA server, you can configure which MAC addresses are allowed to access the wireless network. MAC addresses not configured are considered illegal and cannot access the wireless network. This function facilitates some wireless applications such as the wireless medicine system, where MAC address authentication can ensure that only the PDA terminals of the hospital can access the wireless network but not those owned by patients.
· Portal authentication: WX5500E series AC also runs an embedded portal server to authenticate users in place. This authentication mode does not need to work with clients, and is instead performed with WEB Portal page directly through the browser as the authentication channel, and can flexibly redirects user to specific home page for authentication and billing. It can alternatively be used for applications like customized Portal redirected page, advertising, information transfer, and widely used in the wireless campus, wireless city and visitor access scenarios.
The WX5500E series AC supports IPv6 wireless users access. The ingress AP can recognize IPv6 packets, and map IPv6 priority to the tunnel priority. AC can also use ACLs to control and filter IPv6 packets.
The WX5500E series AC can be deployed in IPv6 networks, in which an AC automatically negotiates an IPv6 tunnel with each AP. Although the AC and AP are working in IPv6 mode, the AC can still correctly recognize and process IPv4 packets from wireless clients. The flexible IPv4/v6 adaptability enables the WX5500E series AC to work with various complicated applications in the process of IPv4 to IPv6 migration. When deployed on an IPv6 island, the AC can provide services for IPv4 wireless clients. When deployed on an IPv4 island, it can also allow wireless clients to log in to the network through IPv6.
To cope with emerging IPv6 forged packet attacks in campus, WX5500E series AC supports IPv6 SAVI (Source Address Validation). Through address allocation protocol eavesdropping, it captures client’s IP address and ensures it uses the correct address while going online, eradicates the possibility of forging IP address, and determines the authenticity of source IP address. The integration of IPv6 SAVI and Portal technology can further guarantee the integrity and security of network packets.
Developed based on the Comware V5 platform, the WX5500E series AC supports not only the Diff-Serv standard but also the IPv6 QoS. The QoS Diff-Serv model includes traffic classification, policing, queuing and scheduling, completely implementing the six groups of Per-Hop Behavior (PHB) including EF, AF1 through AF4, BE and their services. This enables ISPs to provide differentiated services for users, making the Internet a truly integrated network carrying data, voice and video services at the same time.
Layer 3 roaming is hard to implement in a WLAN comprised of fat APs due to limited communication between APs. With H3C centralized forwarding and control architecture, the WX5500E series AC supports Layer-2 and Layer-3 roaming and solves the inter-subnet roaming problem. This excellent roaming feature allows you to chart a wireless network without worrying about the planning of the existing wired network. All you need to consider is wireless signal coverage. This greatly simplifies the early wireless network planning and reduces the network planning cost.
When a wireless terminal uses 802.1X for 802.11 access authentication and key exchange, there will be a large number of packets exchange between the terminal and the AP. If the complete 802.1X authentication process is followed by a wireless terminal that roams from one AP to another, this results in a very long handover time. This is unacceptable for delay sensitive services such as VoIP. The WX5500E series AC uses Key Caching to implement fast handover of roaming wireless terminals. The Key Cache functionality allows wireless terminals to roam from one AP to another without following the complete 802.1X authentication process while it ensures user identification and the continuity of key use. With fast handover, single AC handover time is kept within 50 ms and fulfills the stringent requirements of VoIP service.
● When ACs and APs are connecting through WAN, users may choose centralized forwarding mode or local forwarding mode, which improves the performance of applications such as LAN printing or terminal access within the local office.
● Users can sustain their local resource access when a WAN link or AC failure, the AP can support remote AP function as well.
● ACs can traverse the NAT and communicate with AP when a branch office deploys APs in a private network
8 1000BASE-T/1000BASE-X Combo ports
2×10G/1G BASE-X SFP+ ports
12 1000BASE-T ports
12 1000BASE-X SFP ports
4×10G/1G BASE-X SFP+ ports
Swappable power supply, 1+1 redundant backup, AC or DC (separately ordered)
Max power consumption
Operating and storage temperature
-10ºC ~55ºC / -40ºC ~ 70ºC
Operating and storage relative humidity
5% to 95% (non-condensing)
CAN/CSA C22.2 No 60950-1
FDA 21 CFR Subchapter J
ETSI EN 300 386 V1.3.3:2005
EN 55024: 1998+ A1: 2001 + A2: 2003
EN 55022: 2006
VCCI V-3: 2007
EN 61000-3-2: 2000+A1:2001+A2:2005
EN 61000-3-3: 1995+A1:2001+A2:2005
AS/NZS CISPR 22: 2004
FCC PART 15:2005
Number of managed APs in standard configuration
Size of license
Maximum number of
Maximum configurable number of APs
Multi-SSID (Per RF)
Use number limit
Supported: SSID based, per RF based
Multi-country code assignment
Wireless user isolation
VLAN based wireless users 2-layer isolation
SSID based wireless user 2-layer isolation
20MHz/40MHz auto-switch in 40MHz mode
Local forwarding based on SSID+VLAN
Auto AP serial number entry
AC discovery (DHCP option43, DNS)
Jumbo frame forwarding
AP Dual uplink (with AC)
Assign basic AP network parameter through AC
Supported: Static IP, VLAN, connected AC address
NAT traversal between AP and A C
Intra-AC, Inter-AP L2 and L3 roaming
Inter-AC, Inter-AP L2 and L3 roaming
Open system, Shared-Key
WEP-64/128, dynamic WEP
ü (11n recommended)
Wireless EAD (End-point Access Domination)
Supported: Remote Authentication, external server
Portal page redirection
Supported: SSID based, AP Portal page push
Portal by-pass Proxy
EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-MD5, EAP-SIM, LEAP, EAP-FAST, EAP offload support (TLS, PEAP only)
802.1X, Portal, MAC authentication
802.1X and Portal
EAP-GTC and EAP-TLS supported by 802.1X login
AP location-based user access control
Guest access control
ARP attack detection
Supported: Wireless SAVI
SSID+user name binding
AAA server selection based on SSID and domain
AAA server back up
Local AAA server for wireless user
Layer 2 to Layer 4 packet filtering and traffic classification
Supported with granularity of 8Kbps
Access control based on user profile
Intelligent bandwidth limit (equal bandwidth share algorithm)
Intelligent bandwidth limit (user specific)
Intelligent bandwidth guarantee
Free flow for packets coming from each SSID When traffic is not congested, and guarantee a minimum bandwidth for each SSID when traffic is congested
QoS Optimization for SVP phone
CAC(Call Admission Control)
Supported: based on user number/bandwidth
AP upload speed limit
Country code lock
Static channel and power configuration
Auto channel and power configuration
Auto transmission rate adjustment
Coverage hole detection and correction
Supported: based on traffic, user & frequency(dual-frequency supported)
Intelligent load balancing
AP load balancing group
Supported: auto-discovery and flexible setting
Rogue AP detection
Supported: SSID based, BSSID, device OUI and more
Rouge AP countermeasure
Flooding attack detection
Spoof attack detection
Weak IV attack detection
Supported: 7-layer mobile security
Layer 2 protocol
ARP (gratuitous ARP)
Broadcast storm suppression
Multicast to Unicast (IPv4, IPv6)
Supported: Set unicast limit based on operating environment
1+1,N+1,N+N failover between ACs
fast switching between ACs
100ms fast detection/1s switching
Intelligent AP sharing among ACs
DHCP server hot standby
Portal hot standby
Management and deployment
WEB, SNMP v1/v2/v3, RMON and more
WEB, CLI, Telnet, FTP and more
Scheduled shutdown of AP RF interface
Scheduled shutdown of wireless service
Per-packet power adjustment (PPC)
Remote probe analysis
Real Time Spectrum Guard (RTSG)
Wireless Intelligent Application Aware (wIAA)
Supported/ Stateful Inspection Firewall
Packet forwarding fairness adjustment
802.11n packet forwarding suppression
Access based traffic shaping
Co-AP channel sharing
Co-AP channel reuse
RF interface transmission rate adjustment algorithm
Drop wireless packet with weak signal
Disable user access with weak signal
Disable multicast packet caching
Status blink(limited to some AP)