3 x Gigabit Ethernet port1x RJ 45 Cosole port
2x USB 2.0 ports
NAC-200I Series Wireless AC
| NAC-210I | NAC-220I | NAC-230I | NAC-238I | NAC-260I |
|---|
 |
 |
 |
 |
 |
|
| Port Number | |||||
|---|---|---|---|---|---|
|
|
6 GE Ethernet ports 1 RJ 45 Console port 2 USB 2.0 ports |
6 GE Ethernet ports 1 RJ 45 Console port 2 USB 2.0 ports |
6 GE Ethernet ports 2 x10 GE SFP+ optical ports 1 RJ 45 Console port 2 USB 2.0 ports |
6 GE Ethernet ports 4 GE SFP optical ports 1 RJ 45 Console port 2 USB 2.0 ports |
|
| External dimensions length x width x height, unit: mm | |||||
|
275*175*44.5 |
430*300*44.5 |
430*375*44.5 |
430*375*44.5 |
430*500*89 |
|
| Weight | |||||
|
1.6kg |
3.85kg |
6.65kg |
6.75kg |
15.3kg |
|
| Power consumption | |||||
|
<20w |
<25w |
<180w |
<190w |
<212w |
|
| Power | |||||
|
Single power input |
Dual power redundancy by default |
||||
| Input voltage | |||||
|
Rated voltage range: 100V~240V AC;50/60Hz Maximum voltage range: 90V~264V AC;47/63Hz |
|||||
| Operating storage temperature | |||||
|
-10℃~55℃/-40℃~70℃ |
|||||
| Operating storage humidity | |||||
|
5% ~ 95% (non-condensation) |
|||||
| Hard disk | |||||
|
32G SSD |
500G HDD |
500G HDD |
500G HDD |
500G HDD |
|
| Basic performances | |||||
| The default management AP number: | |||||
|
8 |
16 |
32 |
32 |
32 |
|
| Maximum number of management AP(centralized forward/local forward): | |||||
|
72/600 |
144/900 |
288/1200 |
480/1300 |
560/1600 |
|
| License step size: | |||||
|
1 |
|||||
| The maximum number of online concurrent users | |||||
|
>=4000 |
>=8000 |
>=15000 |
>=18000 |
>=35000 |
|
| The maximum number of concurrent connections | |||||
|
50000 |
71000 |
200000 |
250000 |
550000 |
|
| The number of new connections per second | |||||
|
1500 |
2200 |
7000 |
9000 |
15000 |
|
| Built-in local certification account number | |||||
|
65000 |
65000 |
65000 |
65000 |
65000 |
|
| VLAN quantity | |||||
|
4094 |
4094 |
4094 |
4094 |
4094 |
|
| ESSID quantity | |||||
|
32 |
32 |
32 |
32 |
32 |
|
| Wireless Foundation | |||||
| 802.11 protocol stack: | |||||
|
Support 802.11a/b/g/n/ac |
|||||
| Virtual AP: | |||||
|
Supported |
|||||
| Chinese SSID: | |||||
|
Supported |
|||||
| Hidden SSID: | |||||
|
Supported |
|||||
| Code deployment of various countries: | |||||
|
Supported |
|||||
| Isolation of wireless user: | |||||
|
A second segregation and isolation function based on SSID |
|||||
| On line detection: | |||||
|
AP and online detection function of user |
|||||
| Forced disconnection of wireless user: | |||||
|
Supported |
|||||
| No flow automatic aging of user: | |||||
|
Supported |
|||||
| 802.11 ac 80 MHZ information channel binding: | |||||
|
Supported |
|||||
| 20 MHZ / 40 MHZ automatic switching of 40 MHZ model: | |||||
|
Supported |
|||||
| Data Forward | |||||
| Local forward: | |||||
Supported | |||||
| Centralised forward: | |||||
Supported | |||||
| Part of centralised forward and part of local forward: | |||||
Support local forwarding and centralized forwarding in the same AP under different SSID | |||||
| Roaming | |||||
| the second and third layer of roaming within the same AC under different AP: | |||||
Supported | |||||
| the second and third layer of roaming between different AC under different AP: | |||||
Supported | |||||
| Access authentication | |||||
| Authentication type: | |||||
| Support WPA-PSK, WPA2-PSK, and WPA-PSK/WPA2-PSK mixed encryption, open + web authentication, WPA-PSK/WPA2-PSK+web authentication, WPA (enterprise), WPA2 (enterprise), WPA/WPA2 (enterprise) | |||||
| 802.1 x authentication: | |||||
| Support 802.1 x one-key automatic configuration deployment and support 802.1 x non-awareness certification, which only needs to download one-key automatic configuration tool when accessing for the first time, to quickly complete the wireless network configuration, greatly reducing the network deployment work. | |||||
| Portal authentication: | |||||
| Support intelligent identification terminal type, provide matching page with suitable size for different terminals, support custom page logo, display information, etc., and support setting verification, certification interval and time threshold for off-line re-connection and re-certification. | |||||
| QR code audit certification: | |||||
| Once visitor terminal is accessed to the wireless network, the terminal will automatically pop up QR code page, and the reviewer scans the QR code of visitor terminal by mobile phone to surf the Internet. And record the visitor user by the reviewer+ note + visitor terminal MAC three dimension, which can be traced and guarantee the network security. | |||||
| WeChat certification: | |||||
| After accessing wi-fi, the user can scan the QR code of shopping mall or corporate public ID to log in. The one-key log in function can complete deployment without any code development. In addition, We Chat certification supports clicking on text messages Internet link, clicking on the menu bar to view ads online, and We Chat aouth authorized log in. | |||||
| Text message certification: | |||||
| Support certification effective permanently. That is, it needs certification by text message for the first access, and the subsequent access needs no certification. This saves cost of text message and improves the user’s online experience. | |||||
| Temporary visitor authentication: | |||||
| It is internally installed with a temporary user information management system, by which a temporary user can log in during the effective period; It is internally installed with secondary authority system for temporary account management, which can only be used for creation and management of temporary account; Support to print QR code of temporary visitors, and temporary visitors can scan QR code to get to the Internet; Support grouping of temporary visitors; | |||||
| Free user authentication: | |||||
| Support to only show portal pages, just click the log in button to get to the Internet with no need to input ID and password and without certification; | |||||
| CA certificate authentication: | |||||
| It is internally installed with CA certificate issuing center, can realize safe authentication certificate with no need to set up certificate server (at the same time support external certificate server for import certification) | |||||
| Local account authentication: | |||||
| Support 802.1 x, Portal authentication | |||||
| The external authentication database: | |||||
| Support related external RADIUS, LDAP, Active Directory, achieve authentication of 802.1 x, Portal, etc. | |||||
| The user name and MAC binding: | |||||
| Support automatic binding of terminal access for the first time | |||||
| Data encryption: | |||||
| Support TKIP and AES (CCMP) | |||||
| EAP Protocol categories: | |||||
| Support EAP TLS, EAP PEAP, EAP - MD5, EAP - MSCHAPv2, etc. | |||||
| MAC static black and white list: | |||||
| Supported | |||||
| The dynamic blacklist: | |||||
| Supported | |||||
| (ACL)Access Control Policy | |||||
| Identification application and control: | |||||
| It is internally installed with over 1,800 kinds of largest application recognition libraries in China, which can accurately identify the application type, and update once every two weeks, to ensure accuracy of application identification. | |||||
| URL identification and control: | |||||
| It is internally installed with more than 30 million URL addresses library, supporting URL control based on URL category. | |||||
| Intelligent terminal identification: | |||||
| Intelligent identification access terminal type and operation system can accurately identify the android, ios, windows phone, and laptop or desktop devices. | |||||
| Multidimensional user access and role assignment: | |||||
| Support user access and role assignment based on access location; Support access and role assignment based on terminal types such as android, ios, windows, etc.; Support access and role assignment based on terminal MAC address; Support permission assignment based on user, and set different access permission for each specific user; Support permission assignment based on time bucket, and provide different access permission in different time bucket, which can flexibly control the access permission of the staff on and off duty; Support different access permissions based on user groups and temporary visitor groups; Support different access permissions based on visitors types such as authentication-free user, message visitors, WeChat visitors, WeChat + message authentication visitors; Support access control based on the Class Tunnel Private Group ID returned at user’s Radius authentication; Support access control based on organizational unit, security group, and user name of LDAP; | |||||
| Access control based on intranet applications: | |||||
| Support access control for intranet applications | |||||
| QoS | |||||
| Bandwidth management: | |||||
| Support to ensure or limit flow on different lines, according to different applications, users and user groups; Support to set channel bandwidth according to the percentage or numerical value and support to set the priority of each channel. | |||||
| Intelligent channel management: | |||||
| Support flow father and son channel technology, and support three-level father and son channel; Support channel limit and ensure the channel technology, dynamically adjust the channel bandwidth; | |||||
| Flexible and rational allocation of bandwidth resource: | |||||
| Support flow channel division and priority setting based on application, user, and user group; Up and down flow control based on single user, with flow control granularity of 1 KBPS; Support flow control based on time, which distributes different flow strategy in different time, flexibly allocating bandwidth resources; Support intelligent average distribution of the user bandwidth in flow channels; Support flow control based on terminal access position, distributing different flow strategies at different access position; Support flow control based on terminal types such as android, ios, windows, etc.; | |||||
| Resource management based on wireless hollow: | |||||
| Fine management of resource pipe-lining based on the application wireless hollow, ensure rational distribution of wireless bandwidth resource and prior transmission of important application; Support the average allocation of bandwidth among users and fair scheduling of terminal (time fairness algorithm); Support intelligent dynamic bandwidth allocation based on the SSID, guarantee the priority of important SSID flow; | |||||
| 802.11e/WMM: | |||||
| Support priority scheduling based on business application type (voice, video and data) | |||||
| The end-to-end QoS service: | |||||
| Supported | |||||
| Radio frequency management | |||||
| Channel automatic and manual adjustment: | |||||
| Supported | |||||
| Power automatic adjustment: | |||||
| Supported | |||||
| Power manual adjustment: | |||||
| Support adjustment with the granularity of 1 dBm, and the adjusting range is 1 dBm to the scope of power prescribed by the state; | |||||
| Radio frequency time opening or closing: | |||||
| Support radio frequency time opening or closing based on period of time; | |||||
| Load balanced between AP: | |||||
| Support load balancing based on users, flow rate and frequency band, realize 2.4 G and 5 G dual-band loads in the case of dual-band; | |||||
| Wireless coverage black hole detection and compensation: | |||||
| Supported | |||||
| Security defense | |||||
| WIDS/WIPS: | |||||
| Supported | |||||
| Power automatic adjustment: | |||||
| Supported | |||||
| Illegal AP detection, inhibition: | |||||
| Supported | |||||
| Anti phishing: | |||||
| Supported | |||||
| Attack defense: | |||||
| Support the defense against the DoS attack, spoofing attack, and flooding attack | |||||
| The loiter network preventing strategy | |||||
| Online time control: | |||||
| Support online time control (to minutes)based on users, access position, and terminal type, can set time of taking effect (only calculating planned time specified, not calculating the online time out of the validity time, and the time of taking effect can be recycled or one-time).When the accumulative value reaches the threshold, it can refuse to use online service again in the control period or continue to use online service after blocking for a period of time | |||||
| Flow quota: | |||||
| Support flow quota (to MB) based on users, access position, and type of terminal, and you can set the daily quota and monthly quota, and can also set the start date of a month. When the accumulative value exceeds the quota, it can refuse to use online service again in the control period or continue to use online service after blocking for a period of time. | |||||
| Wireless Optimization | |||||
| Acceleration of application layer: | |||||
| Support acceleration of application layer and choose acceleration service application, which can promote the transmission speed by 1.5 to 4 times | |||||
| Electronic schoolbag scene optimization: | |||||
| To speed up multicast packets, and comprehensively improve scene effect of electronic schoolbag; | |||||
| Intelligent broadcasting speeding up: | |||||
| According to the practical environment, improve the transmitting speed of broadcast packets automatically, and speed up the transmission efficiency of broadcast packets; | |||||
| Prevent terminal dragging: | |||||
| Prevent low-speed terminal to lower overall speed of network based on time fairness algorithm; | |||||
| Prevent terminal viscocity: | |||||
| APPerceive the STA connected to AP, and intelligently guide STA to access to the best AP; | |||||
| Low rate of terminal access is prohibited: | |||||
| Set a threshold for velocity of access terminal, to prohibit weak signal terminal access below a certain speed and improve overall speed of network | |||||
| High density access scene optimization: | |||||
| High-density optimization of dense area of wireless users (more than 40 terminals in the coverage of a single access point) can save a certain wireless air resources and improve overall performance of the AP; | |||||
| ARP turned to unicast: | |||||
| Turn ARP broadcast message into unicast, which can reduce broadcast packets and improve transmission speed. | |||||
| DHCP request to the wireless terminal is prohibited: | |||||
| After start using this option, the broadcast message required by DHCP will be only forwarded to wired network, and won't be forwarded to the other wireless network, which can improve the throughput of the overall wireless network and improve the performance of wireless network. | |||||
| Automatic VLAN segmentation: | |||||
| Support automatic VLAN division based on the users/user groups, AP access position/AP group, terminal type /MAC, RADIUS Class attribute value/Group ID, AD attribute value, and certificate attribute value, automatically distributing to the corresponding VLAN pool at terminal access; | |||||
| Authentication page push | |||||
| Authentication Webpage: | |||||
| WEB authentication page can self-define LOGO, background color, page word and disclaimer, and supports the switch between Chinese and English; before the WEB authentication (including several authentication methods such as Portal, we-chat, short message and two dimension code), full-screen advertisement illustration is supported to play; the countdown method is supported; after being forced to watch the advertisement display for certain time, the user is allowed to access to internet; | |||||
| Terminal self-adaptation: | |||||
| Intelligently identify terminal type, and push the authentication page matching the terminal with the right the size; | |||||
| Authentication page push: | |||||
| Push different certification pages according to different SSID, access position, terminal types, and time. | |||||
| Skip to push after certification: | |||||
| Support skipping pages or skipping to the original page before certification after setting different certifications based on access position, terminal type users/user groups, and type of certification. Support to transmit information of user name, terminal MAC, IP, and access AP/AP group, used for secondary development or website statistical analysis. | |||||
| Marketing Push | |||||
| Data-push method: | |||||
| Support four kinds of data-push, namely WeChat, text messages, web page embedded, and full-screen web page, able to customize images, texts, hyperlinks, etc; | |||||
| Marketing of search behavior: | |||||
| Support marketing push based on the user behavior, the marketing push can match with the key word searched by the user in Baidu, search engine collection, Sougou, Taobao and Jingdong to push the specific advertisement, and support the web page floating window, we-chat and short message. | |||||
| Marketing based on the online time: | |||||
| Support to push to online user messages, WeChat, and web advertising, and support to push only to the users with online time greater than a certain period of time and for a certain number of times; | |||||
| First access marketing: | |||||
| Intelligently identify the first access user, support to automatically push the preset messages and WeChat information to the first access user. | |||||
| Terminal marketing: | |||||
| Automatically calculate the occurrence number of customer terminal, and support to automatically push to the reappearing old customer the preset messages and WeChat information (can set to push to the users with offline time greater than a certain period of time and appearing for a certain number of times); | |||||
| Marketing based on the user's location: | |||||
| Support to set different push information for different AP, realize push based on access position or location change; | |||||
| Marketing based on the period: | |||||
| Support to push different advertising information in different time period, applicable to access rules such as online time, first access, terminal appearing, and access position. | |||||
| WeChat active marketing: | |||||
| It is internally installed with WeChat marketing platform, which supports to actively push directional messages to WeChat user (not mass texting without being limited by the number of times); | |||||
| SMS active marketing: | |||||
| It is internally installed with SMS marketing platform, which supports to actively push directional messages to text message users; | |||||
| Search analysis: | |||||
| Rank the search keywords according to searching times on Baidu, search.com, sougou.com, taobao.com and jingdong.com, to analyze customers’ preference and propensity to consume. | |||||
| Marketing statistics: | |||||
| Make statistic of search behavior, first access, terminal appearing, and online time and total time and trend of push; | |||||
| Consumer flow analysis | |||||
| Consumer flow analysis: | |||||
| Support to check statistics and trends of visiting customers(people), new visiting customers(people), new registered users (people), access users (people), visiting customer not for the first time, returning rate, and the average residence time (locally save a maximum of 90 days); Support to collect the information of terminal MAC, terminal types, occurrence time, and residence time of non-access users; Support to check statistic of residence time distribution; Support contrast figure according to time of the above data trend; Support to check the above information according to the AP group and divided area; | |||||
| The original data export: | |||||
| Support export of original data on visitor flow analysis, including the scanned terminal type, terminal MAC, first appearing time, final appearing time, occurrence times and the terminal type, terminal MAC, first access time, last access time, access number of access terminal. | |||||
| Hot Map | |||||
| Real-time display of AP dynamic information: | |||||
| Real-time display of each AP position, AP real-time status, number of access users, real-time flow, online user list, which is convenient for administrator to know real-time online health information. | |||||
| Architectural figure import: | |||||
| Support manual import of building figure, floor area distribution, and free allocation of AP sign location | |||||
| Visitor Density: | |||||
| Support to display the regional traffic density and export images through thermodynamic diagram, by which the regional population distribution can be viewed. | |||||
| Internet activity management audit | |||||
| Websites, web page audit: | |||||
| Support to record all or specified category of URL page title or other information; Can audit and record body content of the web page; | |||||
| Network application audit: | |||||
| Support the audit users, within a specified time period, to use QQ, P2P and streaming media, investing in stocks, network game, etc. Support total time length and flow consumed by the audit users, within a specified time period, to use P2P and streaming media, investing in stocks, network game, etc. | |||||
| Mail Audit: | |||||
| Support to audit the E-mail and its attachments sent or received by user by mail client or web mail. | |||||
| Posting audit: | |||||
| Support the audit user's posting content on Web BBS and Weibo; | |||||
| FTP Audit: | |||||
| Support to audit file name and content uploaded by FTP and file name downloaded by FTP; | |||||
| TELNET Audit: | |||||
| Support to audit command executed by TELNET; | |||||
| Audit-free strategy: | |||||
| Support to exclude specific users, make no audit for the user's online behavior; | |||||
| Data Center | |||||
| Data Center: | |||||
| Support two reserved ways of internal data center and external data center; | |||||
| Log Query: | |||||
| Support to search online behaviors such as visiting website/email sending and receiving/ posting on BBS and Weibo /outgoing documents; Support self-defined search of online flow and online time of designated IP/groups of users/user/application within a specified time period. Support self-defined search of visiting time of designated IP visiting a specific website within a specified time period; | |||||
| Statistical statement: | |||||
| Support self-defined statistic of online behavior/online flow/online keywords/online time of specified IP/groups of users/users/application within a specified period of time and form a statement; | |||||
| Trend statement: | |||||
| Support self-defined statistic of online behavior/online flow/online keywords/online time of specified IP/groups of users/users/application within a specified period of time and form a statement; | |||||
| Wired Management | |||||
| Wired and wireless integration: | |||||
| Support authentication, access control, flow management, behavior audit, etc. for wired users, and provide a unified Web management interface in both Chinese and English. | |||||
| Access authentication: | |||||
| Support Web authentication, temporary visitor authentication, and access authentication without user authentication; Support IP address-based authentication method; | |||||
| AP wired port side access authentication: | |||||
| The same with wireless side access authentication, WEB WEB, WeChat authentication, and SMS authentication are supported. | |||||
| IP address and user name binding: | |||||
| IP address and user name binding are supported; Support automatic binding of access for the first time | |||||
| Acess Control Policy (ACL): | |||||
| The same with wireless side, access rights allocation based on user accounts, user groups, time and external server properties are supported; | |||||
| Traffic management: | |||||
| The same with wireless side, traffic management based on application, user accounts, user groups and time are supported; | |||||
| Internet activity management audit: | |||||
| The same with wireless side, audit on website, web page, email, posting, application time and traffic, FTP, TELNET, etc. are supported. | |||||
| Site investigation management | |||||
| Embedded site investigation figure management software: | |||||
| Auto-completing AP point deployment according to import of deployment site scene graph is supported and reduce the project site investigation period and site investigation cost. | |||||
| Hotspot analysis | |||||
| AP-based access user quantity statistics: | |||||
| The number of connected users and change trends of each AP in the recent one day, one week, and one month can be measured. | |||||
| AP-based network flow analysis: | |||||
| The network flow and trendency changes of each AP in the recent one day, one week, and one month can be measured. | |||||
| AP-based signal quality analysis: | |||||
| Statistic analysis for the signal usage, noise, retransmit rate, BER, and BER change trends of each AP is supported. | |||||
| AP access methods | |||||
| Cross-WAN and cross-NAT remote AP deployment: | |||||
| Supported | |||||
| AC discovery methods: | |||||
| L2 and L3 discovery, DHCP option 43 and DNS domain name discovery are supported | |||||
| webAgent: | |||||
| Controller IP addresses can be dynamically discovered by using the webAgent technology. This avoids AP disconnection caused by unfixed controller IP addresses. | |||||
| Tunnel encryption: | |||||
| Supported | |||||
| Wireless relay bridge | |||||
| Relay Method: | |||||
| Point-to-point and point-to-multipoint supported | |||||
| Relay Frequency Band: | |||||
| Support GHz 2.4G/5.8G2.4/5.8 | |||||
| Disable wireless network on relay frequency band: | |||||
| Supported | |||||
| Wireless back-haul service: | |||||
| Supported | |||||
| The second floor | |||||
| Link aggregation: | |||||
| Up to eight of each group are supported and the maximum of eight groups are supported at the same time | |||||
| Line status monitoring: | |||||
| Supported | |||||
| ARP proxy: | |||||
| Supported | |||||
| L3 Function | |||||
| DHCP: | |||||
| DHCP Client, DHCP server, DHCP relay and DHCP Snooping are supported | |||||
| NAT: | |||||
| SNAT, DNAT, PAT, two-way NAT and port mapping are supported. | |||||
| Network access mode: | |||||
| static IP address, DHCP and PPPoE dial-up | |||||
| DNS Proxy: | |||||
| Supported | |||||
| Static route: | |||||
| Supported | |||||
| Strategy Route: | |||||
| Supported | |||||
| L3 physical port link detection: | |||||
| Supported | |||||
| High Reliability | |||||
| AC redundant hot standby: | |||||
| Supported | |||||
| Dual configuration synchronization: | |||||
| Supported | |||||
| AP fast switching between AC: | |||||
| Supported | |||||
| DHCP server backup: | |||||
| Supported | |||||
| Authentication server backup: | |||||
| Supported | |||||
| Disaster backup: | |||||
| The function of AC and authentication server disaster backup (escape) is supported; when the failure occurs, the normal access of new users and the normal access to the Internet of users can be guaranteed. | |||||
| Network management and configuration | |||||
| Management Modes: | |||||
| WEB, CLI, Telnet, SSH, etc. and Chinese and English interface management are supported. | |||||
| SNMP: | |||||
| SNMP v1/v2/v3,SNMP Traps | |||||
| Grading Administrator: | |||||
| Super administrator, administrator and read-only administrator are supported. | |||||
| System display: | |||||
| Support AC System Status Display AP and AP MESSAGE DISPLAY as well as;Online user information display; | |||||
| Warning mechanism: | |||||
| Port state warning; Network attack real-time warning; Double switch warning, etc. | |||||
| Application traffic display: | |||||
| Real-time and a period of time traffic conditions based on the application can be viewed. | |||||
| Traffic history query : | |||||
| AC and AC historical traffic query are supported. | |||||
| User quantity trend: | |||||
| Supported | |||||
| AP online and offline remind: | |||||
| Supported | |||||
| Record user online and offline information: | |||||
| Supported | |||||
| Firmware upgrade: | |||||
| AC firmware remote automatic or manual upgrade is supported;AC firmware automatic upgrade is supported. | |||||
| Backup configuration and backup recovery: | |||||
| Supported | |||||
| System log management: | |||||
| The function of view and export system log | |||||
| Strategy troubleshooting function: | |||||
| Supported | |||||
| Restart the device and restarting service: | |||||
| Supported | |||||
| Configuration date and NTP service: | |||||
| Supported | |||||
