Enterprise data pre sales training omniaccess wlan
This presentation is the property of its rightful owner.
Sponsored Links
1 / 36

Enterprise Data Pre-Sales Training OmniAccess WLAN PowerPoint PPT Presentation


  • 78 Views
  • Uploaded on
  • Presentation posted in: General

Enterprise Data Pre-Sales Training OmniAccess WLAN. Module 1 Product Overview. Agenda. Product Overview Product Details RFView Software. Wi-Fi Evolution. 1990-2000. 2000-2003. 2004. 2005. 2006. Mobility Changes Everything. Rethink: Security All the old threats

Download Presentation

Enterprise Data Pre-Sales Training OmniAccess WLAN

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Enterprise data pre sales training omniaccess wlan

Enterprise Data Pre-Sales TrainingOmniAccess WLAN

Module 1Product Overview


Agenda

Agenda

  • Product Overview

  • Product Details

  • RFView Software


Wi fi evolution

Wi-Fi Evolution

1990-2000

2000-2003

2004

2005

2006


Mobility changes everything

Mobility Changes Everything

  • Rethink: Security

    • All the old threats

      • Worms, sniffing, spoofing…

    • New generation of threats

      • Wireless specific

  • Rethink: User Management

    • They move !

  • Where is he ?

  • Where was he ?

  • Is he connected ?

  • Protect User Experience


Rethinking security for mobility

Rethinking Security for Mobility

RF is everywhere… physical security isn’t enough

It’s not just about PCs

Users must be protected from other users


Traditional wireless network

Traditional Wireless Network

  • Wi-Fi is Installed as an Extension to the Wired Network

Wi-Fi

NETWORK PLANE

  • Wireless traffic terminated at access point

    • Wireless and wired traffic share the same VLANs

  • Requires:

    • VLAN per SSID - Customer has to provision an extra VLAN for wireless

    • Separate roaming / layer 3 routing function

    • Extra VPN Concentrator for secure wireless……

    • Management server for Access point configuration and user management

  • But customers want

    • No disruption

    • Fewer boxes

    • Least manual intervention


Centralizing wireless

Centralizing Wireless

Centralized

WLAN Switch

Management

Policy

GRE Tunnel

Signaling (PAPI)

Mobility

Forwarding

Encryption

Authentication

802.11a/b/g

Antennas

“Thin”

Access Points

Solves Security and TCO for WLANs

“Fat”

Access Points


Traditional wireless lans insecure complex integration process

Traditional Wireless LANsInsecure, Complex Integration Process

STEP 7b:Remote Sensors For IDS & RMON

EMPLOYEE

E

203

103

G

GUEST

203

E

103

103

203

G

EMPLOYEE

202

102

E

202

G

102

GUEST

202

E

102

201

G

WLSE

101

EMPLOYEE

STEP 2:Add WLSE for- AP Management

- RF Management

E

201

G

101

201

GUEST

E

101

G

ACCESS

CORE

DATA CENTER

DISTRIBUTION

STEP 7a:Bolt on Wireless IDS

  • STEP 6:New blades for

  • Stateful Firewall

  • IPSEC VPNs

STEP 8:Deploy Racks of Gateways For User and Policy Enforcement

3

3

RADIUS

3

4

4

ACCESS BLOCK 3

STEP 3:- Configure Radius for 802.1X

- Configure each AP entry

2

2

2

ACCESS BLOCK 2

1

STEP 5:IOS Upgrade for

- Inter-VLAN Mobility

5

5

1

STEP 1:Add Wireless VLANs

Everywhere

1

STEP 4:IOS Upgrade for

- 802.1X Fast Roaming

ACCESS BLOCK 1


Centralized wireless

Centralized Wireless

EMPLOYEE

GUEST

6

EMPLOYEE

5

4

3

GUEST

VLANs

Simplified and Scalable with Alcatel Wi-Fi Switching

ACCESS

DISTRIBUTION

CORE

DATA CENTER

FLOOR 2

2

8

1

Standby

2

FLOOR 1

7

2

1

1

GRE Tunnel


Dense wireless deployment

Dense Wireless Deployment

Access Points

Low-Cost,

IP Connected

WiFi Smart Radios

Wireless Client

Y

X

GRE – Generic Routing Encapsulation

IPsec – DES 3 encrypted

Secure Tunnels

“No Touch Zone”

Existing Network Layer 2/3 = Transport

WLAN Mobility Controller

WLAN Management

Wireless Security

Authentication/Encryption

Authorization Control

Traffic Services

Network Integration

Secured Differentiated

Prioritized Access


Campus deployment non disruptive to existing network

Campus DeploymentNon-disruptive to Existing Network

Main Building & Data Center

Remote Campus Building

FLOOR 1

FLOOR 1

FLOOR 2

FLOOR 2

10/100 Mbps

10/100 Mbps

DATA CENTER

BASEMENT

Fiber Link

BACKBONE


How wlan switching works 1

How WLAN switching works - 1

4.

1.

3.

L2/3

Server

10/100 Mbps

DHCP Server

AP Communications

  • AP is attached to any switch port. AP is powered on and receives DHCP address (or statically configured).

  • AP finds IP address of Alcatel switch (DNS or static)

  • AP Boots image (TFTP) from switch and creates a PAPI (UDP 8211) connection to switch (control protocol). AP authenticates to switch and creates a GRE tunnel between AP and switch.

  • All client communications to the AP are encapsulated in the GRE tunnel and forwarded to the switch.


How wlan switching works 2

How WLAN Switching Works - 2

5

3

4

2

1

1.Client sends 802.11 association request that is automatically forwarded by AP to WLAN switch

2.WLAN switch responds with association acknowledgement

3.Client and WLAN switch start 802.1x authentication conversation along with RADIUS server

Corp Backbone

4.Encryption keys pass to the WLAN switchand user derives own encryption keys…begins sending encrypted data

5.WLAN switch decrypts data, processes packet, applies services and forward packets based on .11 MAC

RADIUS


Omniaccess 2nd generation elements

OmniAccess 2nd Generation Elements

Master Controller

Local Controller

AP

PAPI

GRE

Local Backup Controller

Backup Master Controller


Master controller

Master Controller

AP

  • Booting and configuring all APs in the network

  • Providing APs with the address of their local mobility controller

  • WLAN configuration for the entire network

PAPI

Master Controller

Local Controller

  • Ensuring inter-controller mobility home agent tables sync.

  • Ensuring consistent user access policies across all controllers

  • RF management for all APs

  • Central consolidation of security IDS events, rogues, DoS Attack

  • Terminate GRE tunnel

  • Forward L2-L3 local AP traffic


A complete wi fi system in a single scalable network platform

A Complete Wi-Fi System in a Single, Scalable Network Platform

From System Integration to an Integrated System

Firewall

OAW - 6000

VPN

Gateway

WirelessIntrusionDetection

OAW - 4324

Distributed

Wireless

Sniffers

OAW – 4308/4

RF SpectrumManagement

Voice

Support

REMOTE MANAGEABILITY


Multi layered security

MAC Authentication

802.1x, 802.11i (WPA 1/2)

User-User Quarantine

MS-PEAP, EAP-TLS, EAP-TTLS, LEAP

WPA (static/dynamic), TKIP, AES, WEP

Role and AAA based VLANs

Per-User/Flow Stateful Firewall

Policy-Based Access (time, location, device, etc.)

Captive Portal

Rate Anomalies / Thresholds

Protocol Awareness

Multi-Layered Security

Network-Layer Security

Application Security

VPN Termination - L2TP/IPSec, PPTP

Captive Portal

ACLs

NAT, DHCP

Link-Layer Security

Wireless Intrusion Protection

Wireless Intrusion Detection and Prevention

Rogue AP Detection, Classification and Containment

On-the-fly IDS/IPS signature upgrade


Working and playing well with others

Working and Playing Well with Others

3rd Party AP &

Alcatel Switch

3rd Party AP,

Alcatel Switch

& Air Monitor

Alcatel AP,

Alcatel Switch

& Air Monitor

Per User Mobile Firewall

Clientless Mobile VPN

Rogue AP Detection

Wireless Intrusion Prevention

Upgradeable 802.11 encryption

D E P L O Y M E N T

Plug and Play Access Points

Dynamic Site Survey, Self -healing

Wireless RMON

Packet Capture

Serial & Power over Ethernet (SPOE)

Adding Value to Existing 802.11 Deployments


Agenda1

Agenda

  • Product Overview

  • Product Details

  • RFView Software


Award winning product portfolio

Award-Winning Product Portfolio

OAW-4308/4for the Branch Office

OAW-6000for the Enterprise HQ

OAW-4324for Regional Locations

RFView

Embedded Mobility

Software Applications

RFVIew

RF ManagementApplications

Access Points

Dual-Radio (a/b/g) Dual Function


Deployment choices

Deployment Choices

OAW-4324

OAW-4308/4

OAW-6000

DeploymentCampusBuildingBranch

SIZE3U1U1U

ACCESS POINTS48-512484-16

USERS8000500128

CLEAR TEXT8 Gbps2 Gbps1 Gbps

ENCRYPTED (3DES)7 Gbps400 Mbps200/200 Mbps


Oaw 6000 modular mobility controller

OAW-6000 Modular Mobility Controller

  • Line Cards

  • Single or Dual Supported

  • 24FE/2GE

  • 24FE/2GE SPOE (802.3af PoE)

  • 2GE (GBIC)

Redundant PSUs

Fan Tray

  • Supervisor Cards I or II

  • Single or Dual Supported

  • Dedicated Control Processors

  • Dedicated Network Processors

  • Hardware Accelerated Crypto FPGAs

3RU 19”

Enclosure

  • Capacity

    • Up to 512 Access Points / 8,192 Users

    • Supervisor Card I – 48 APs or 128 APs

    • Supervisor Card II – 256 APs

  • Performance

    • 8 Gbps Clear / 7 Gbps Crypto

  • Modular Supervisor Cards

    • Supervisor Card I – 4 Gbps/2 Gbps Crypto

    • Supervisor Card II – 4 Gbps/3.5 Gbps Crypto

    • 1 x RJ-45 Serial Management Port

  • Modular Line Cards

    • 24 x 10/100 Ethernet (RJ-45) Line Card

    • 24 x 10/100 Ethernet (RJ-45) Line Card with 802.3af PoE Support

    • 2 x GigE (GBIC) Line Card

  • Programmable Architecture

    • Control and Data Planes

    • Network Processor Core

    • Hardware Crypto Engine

  • All Components Modular and Hot-Swappable


Oaw 4324 mobility controller

OAW-4324 Mobility Controller

Dedicated

Network Processor

Dedicated

Hardware Accelerated

Crypto FPGA

Dedicated

Control processor

802.3af

PoE

Port status LEDs

Management

Ethernet

2 x GigE

(GBIC) ports

24 x 10/100 RJ-45

Ethernet ports

  • Capacity

    • 48 Access Points

    • 512 Users

  • Performance

    • Crypto 2Gbps Clear / 400Mbps 3DES

  • Interfaces

    • 24 x 10/100 Ethernet (RJ-45)

      • Auto-sensing MDI/MDX

      • 802.3af PoE Support

    • 2 x Gigabit Ethernet (GBIC)

    • 1 x RJ-45 Serial Management Port

  • Programmable Architecture

    • Control & Data Planes

    • Network Processor Core

    • Cryptographic Accelerator Engine

1RU 19”

Enclosure


Oaw 4308 4 series mobility controllers

OAW-4308/4 Series Mobility Controllers

Dedicated

Network Processor

Dedicated

Hardware Accelerated

Crypto FPGA

Dedicated

Control processor

802.3af

PoE

Management

Ethernet

1 x GigE Ethernet port (TX or SX) options

8 x 10/100 RJ-45

Ethernet ports

  • Capacity

    • 4 or 16 Access Points

    • 128 Users

  • Performance

    • Crypto 800Mbps Clear / 200Mbps 3DES

  • Interfaces

    • 8 x 10/100 Ethernet (RJ-45)

      • Auto-sensing MDI/MDX

      • 802.3af PoE Support

    • 1 x Gigabit Ethernet (TX or SX options)

    • 1 x RJ-45 Serial Management Port

  • Programmable Architecture

    • Control & Data Planes

    • Network Processor Core

    • Cryptographic Accelerator Engine

1RU 19”

Enclosure

Port status LEDs


Alcatel wlan access point family

Alcatel WLAN Access Point Family

Single Radio

  • Software configurable 802.11a/b/g radio as Thin-AP / AM

  • Ideal for dense Office or Home-Office Deployments

  • Internal or External antenna options

  • Low cost

Dual Radio

  • Dual-Radio Thin-AP / AM

  • Ideal for Remote / Branch Office AP

  • High Availability Features

  • Wired + Wireless Security

  • Extensible USB Interface Port

Specialty APs

  • Dual-Radio WDS Bridging / Thin-AP Functionality

  • Fully Environmentally Hardened Design

  • Desert, Snow, Rain, Harsh Environment


Ap60 series access points

AP60 Series Access Points

Detachable

antenna interfaces

10/100Ethernet

port with 802.3af PoE

Integral

High-gain, omni-

directional

antenna

AC power

Single, Multi-mode

802.11a or b/g radio

AC power

Multi-band, Single Radio APs

  • Supported Applications

    • 802.11a or b/g Access Point / Air Monitor

    • Dense AP Deployments

    • Remote / Home Office Deployment

    • Air Monitoring

  • Features

    • Software Configurable Multi-band 802.11a/b/g Radio

    • 10/100Base-T RJ-45 Interface

    • 802.3af PoE Power Sourcing

    • AC/DC Power Adapter Interface

    • Integrated High-Gain, Tri-Band Antennas (AP-61)

    • Detachable Antenna Interfaces (AP-60)

    • Wide Range of Antenna Types Supported

    • Small Form Factor (Cube, Ceiling, Under Desk Deployable)

    • Plenum Rated

    • Low Cost - List US $295

AP60

AP61


Ap70 access point

AP70 Access Point

AC power

Twodual-mode

802.11a+b/g

radios

USB

port

DualEthernet

ports

Integral

omni-directional

antenna

Detachable

antennas(2 sets)

AP70™ - Dual Radio Supported

  • Applications

    • 802.11a+b/g Access Point / Air Monitor

    • Remote / Branch Office Deployment

    • Mission Critical Wi-Fi Deployments

    • Advanced Wireless Spectrum Monitoring

  • Features

    • Dual 802.11a/b/g Radios

    • Dual 10/100Base-T RJ-45 Interfaces (2nd Interface Supports Wired Secure-Access)

    • High Availability / Redundancy

      • Redundant Ethernet Interfaces

      • Redundant 802.3af PoE Power Sourcing

    • Integrated Antenna & Detachable Antenna Interfaces

    • Wide Range of Antenna Types Supported

    • Extensible USB 2.0 Interface

      • Smart Card Authentication (Q4 2005)

      • Wireless IDS RF Spectrum Analyzer Plug-on (Q4 2005) – Advanced Wireless Threat Detection

      • AP


Ap80 outdoor access point

AP80 Outdoor Access Point

Detachable

antenna

interfaces

Integral

heater

Hardened

Ethernet I/F

(8Pin DIN), PoE

powered

Dual802.11a+b/g

radios

Integral

lightening

arrester &

ground point

Integral

directional

17dBi 5Ghz antenna

(model 80S only)

RSSI

interface

AP80 ™ - Outdoor AP

  • Supported Applications

    • 802.11a or b/g Bridge / Fat AP

    • Hardened thin-AP 802.11a+b/g

  • Features

    • Dual Radio 802.11a+b/g

    • Fully Environmentally Hardened

      • Operating Temperature -300C to 550C

      • Heat/Cold/Rain/UV Resistant

      • Wind Resistant to 125Mph

      • Hardened Interfaces

      • Integrated Lightening Arrestor & Ground

    • 30W PoE Power Injectors

      • Not 802.3af Compliant

    • Media Converters

      • Ethernet 10/100Base-T RJ-45

      • Multi-Mode Fiber SC


Agenda2

Agenda

  • Product Overview

  • Product Details

  • RFView Software


Rfview base software

RFView - Base Software

BASE SOFTWARE FEATURES

  • WLAN Switching & RF Management

    • L2/L3 switching, VLANs, termination of Alcatel Wireless APs, RF Plan/RF Live, location tracking, triangulation

  • Policy Management

    • Allow Any-Any per SSID/VLAN, VLAN policy segregation (no firewall or ACLs)

  • Radio Resource Management (ARM)

    • Calibration, coverage hole detection / correction, interference detection / correction, multi-band RF scanning

  • Authentication

    • MAC, local user DB, LDAP, AAA, wired and wireless 802.1x

  • Association Types

    • Open, Static & Dynamic WEP, TKIP, 802.1x, WPA, WPA2

  • User Services

    • SSID to VLAN mapping, AAA VLAN assignment, (no role based services or captive portal)

  • Mobility Services

    • Roaming across APs, VLANs and switches

  • Intrusion Detection

    • Rogue AP detection, interfering APs / clients, classification (no containment)


Rfview software modules

RFView - Software Modules

ADD-ON MODULE

  • Policy Enforcement Firewall Module

  • VPN Server Module

  • Wireless Intrusion Protection (WIP) Module

  • Advanced AAA Module

  • Client Integrity Module

  • External Services Interface Module

  • xSec Module

  • Remote AP Licenses


Rfview software modules1

Policy Enforcement Firewall

Full Stateful Firewall

Dynamic User Policy Management

Captive Portal

Role-based User Services

QoS for Data and Voice

Wireless Intrusion Protection

Intrusion Detection

DoS Attack Detection

Man-in-the-middle Detection

Intrusion Prevention and Containment

VPN Services

PPTP, L2TP/IPSec

Cisco and Nortel Client VPN Termination

VPN Dialer

Advanced AAA

Open XML Interface

External CP Server Support

Client Integrity

Embedded Sygate SODA Client Remediation

RFView – Software Modules

SECURITY


Rfview software modules2

Remote Access Point License

Termination of thin APs with L2TP/IPSec

Encryption of Remote AP client traffic (control and payload)

Licensed by Access Point on any Switch

Licensees are Cumulative

External Services Interface

OOB Fortinet Anti-Virus Support

Server load balancing

xSec

L2 AES Encryption

Client - Server or Switch - Switch

RFView – Software Modules

NETWORKING

SECURITY


Key components to licensing

Key Components To Licensing

1

  • License Certificate

  • Platform Specific

  • License Feature Specific

  • Unique Certificate ID

3

License Management Server

4

Sales Order Processing

5

  • OmniAccess WLAN switch

  • Unique Key

  • Serial # Specific

  • License Type Specific

  • Permanent / Evaluation

2

  • OmniAccess WLAN switch

  • Platform Specific

  • Unique Serial Number


Evaluation certificates

Evaluation Certificates

  • Valid for a specific feature and platform

    • for example: PEF module for 4308

  • Can be used to create a license key and applied to any system matching the requirement

  • Valid for 90 days total:

    • 3 x 30 day increments

    • After each 30 days system saves config to a restorable location and forces an automatic reset of the system at midnight

    • System reverts back to valid licenses

    • The license key can be reapplied for another 30 days

    • After 90 days the licensed feature may only be reactivated if a permanent license key is applied


Thank you

Thank You


  • Login