1 / 36

Enterprise Data Pre-Sales Training OmniAccess WLAN

Enterprise Data Pre-Sales Training OmniAccess WLAN. Module 1 Product Overview. Agenda. Product Overview Product Details RFView Software. Wi-Fi Evolution. 1990-2000. 2000-2003. 2004. 2005. 2006. Mobility Changes Everything. Rethink: Security All the old threats

idra
Télécharger la présentation

Enterprise Data Pre-Sales Training OmniAccess WLAN

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enterprise Data Pre-Sales TrainingOmniAccess WLAN Module 1Product Overview

  2. Agenda • Product Overview • Product Details • RFView Software

  3. Wi-Fi Evolution 1990-2000 2000-2003 2004 2005 2006

  4. Mobility Changes Everything • Rethink: Security • All the old threats • Worms, sniffing, spoofing… • New generation of threats • Wireless specific • Rethink: User Management • They move ! • Where is he ? • Where was he ? • Is he connected ? • Protect User Experience

  5. Rethinking Security for Mobility RF is everywhere… physical security isn’t enough It’s not just about PCs Users must be protected from other users

  6. Traditional Wireless Network • Wi-Fi is Installed as an Extension to the Wired Network Wi-Fi NETWORK PLANE • Wireless traffic terminated at access point • Wireless and wired traffic share the same VLANs • Requires: • VLAN per SSID - Customer has to provision an extra VLAN for wireless • Separate roaming / layer 3 routing function • Extra VPN Concentrator for secure wireless…… • Management server for Access point configuration and user management • But customers want • No disruption • Fewer boxes • Least manual intervention

  7. Centralizing Wireless Centralized WLAN Switch Management Policy GRE Tunnel Signaling (PAPI) Mobility Forwarding Encryption Authentication 802.11a/b/g Antennas “Thin” Access Points Solves Security and TCO for WLANs “Fat” Access Points

  8. Traditional Wireless LANsInsecure, Complex Integration Process STEP 7b:Remote Sensors For IDS & RMON EMPLOYEE E 203 103 G GUEST 203 E 103 103 203 G EMPLOYEE 202 102 E 202 G 102 GUEST 202 E 102 201 G WLSE 101 EMPLOYEE STEP 2:Add WLSE for- AP Management - RF Management E 201 G 101 201 GUEST E 101 G ACCESS CORE DATA CENTER DISTRIBUTION STEP 7a:Bolt on Wireless IDS • STEP 6:New blades for • Stateful Firewall • IPSEC VPNs STEP 8:Deploy Racks of Gateways For User and Policy Enforcement 3 3 RADIUS 3 4 4 ACCESS BLOCK 3 STEP 3:- Configure Radius for 802.1X - Configure each AP entry 2 2 2 ACCESS BLOCK 2 1 STEP 5:IOS Upgrade for - Inter-VLAN Mobility 5 5 1 STEP 1:Add Wireless VLANs Everywhere 1 STEP 4:IOS Upgrade for - 802.1X Fast Roaming ACCESS BLOCK 1

  9. Centralized Wireless EMPLOYEE GUEST 6 EMPLOYEE 5 4 3 GUEST VLANs Simplified and Scalable with Alcatel Wi-Fi Switching ACCESS DISTRIBUTION CORE DATA CENTER FLOOR 2 2 8 1 Standby 2 FLOOR 1 7 2 1 1 GRE Tunnel

  10. Dense Wireless Deployment Access Points Low-Cost, IP Connected WiFi Smart Radios Wireless Client Y X GRE – Generic Routing Encapsulation IPsec – DES 3 encrypted Secure Tunnels “No Touch Zone” Existing Network Layer 2/3 = Transport WLAN Mobility Controller WLAN Management Wireless Security Authentication/Encryption Authorization Control Traffic Services Network Integration Secured Differentiated Prioritized Access

  11. Campus DeploymentNon-disruptive to Existing Network Main Building & Data Center Remote Campus Building FLOOR 1 FLOOR 1 FLOOR 2 FLOOR 2 10/100 Mbps 10/100 Mbps DATA CENTER BASEMENT Fiber Link BACKBONE

  12. How WLAN switching works - 1 4. 1. 3. L2/3 Server 10/100 Mbps DHCP Server AP Communications • AP is attached to any switch port. AP is powered on and receives DHCP address (or statically configured). • AP finds IP address of Alcatel switch (DNS or static) • AP Boots image (TFTP) from switch and creates a PAPI (UDP 8211) connection to switch (control protocol). AP authenticates to switch and creates a GRE tunnel between AP and switch. • All client communications to the AP are encapsulated in the GRE tunnel and forwarded to the switch.

  13. How WLAN Switching Works - 2 5 3 4 2 1 1.Client sends 802.11 association request that is automatically forwarded by AP to WLAN switch 2.WLAN switch responds with association acknowledgement 3.Client and WLAN switch start 802.1x authentication conversation along with RADIUS server Corp Backbone 4.Encryption keys pass to the WLAN switchand user derives own encryption keys…begins sending encrypted data 5.WLAN switch decrypts data, processes packet, applies services and forward packets based on .11 MAC RADIUS

  14. OmniAccess 2nd Generation Elements Master Controller Local Controller AP PAPI GRE Local Backup Controller Backup Master Controller

  15. Master Controller AP • Booting and configuring all APs in the network • Providing APs with the address of their local mobility controller • WLAN configuration for the entire network PAPI Master Controller Local Controller • Ensuring inter-controller mobility home agent tables sync. • Ensuring consistent user access policies across all controllers • RF management for all APs • Central consolidation of security IDS events, rogues, DoS Attack • Terminate GRE tunnel • Forward L2-L3 local AP traffic

  16. A Complete Wi-Fi System in a Single, Scalable Network Platform From System Integration to an Integrated System Firewall OAW - 6000 VPN Gateway WirelessIntrusionDetection OAW - 4324 Distributed Wireless Sniffers OAW – 4308/4 RF SpectrumManagement Voice Support REMOTE MANAGEABILITY

  17. MAC Authentication 802.1x, 802.11i (WPA 1/2) User-User Quarantine MS-PEAP, EAP-TLS, EAP-TTLS, LEAP WPA (static/dynamic), TKIP, AES, WEP Role and AAA based VLANs Per-User/Flow Stateful Firewall Policy-Based Access (time, location, device, etc.) Captive Portal Rate Anomalies / Thresholds Protocol Awareness Multi-Layered Security Network-Layer Security Application Security VPN Termination - L2TP/IPSec, PPTP Captive Portal ACLs NAT, DHCP Link-Layer Security Wireless Intrusion Protection Wireless Intrusion Detection and Prevention Rogue AP Detection, Classification and Containment On-the-fly IDS/IPS signature upgrade

  18. Working and Playing Well with Others 3rd Party AP & Alcatel Switch 3rd Party AP, Alcatel Switch & Air Monitor Alcatel AP, Alcatel Switch & Air Monitor Per User Mobile Firewall Clientless Mobile VPN Rogue AP Detection Wireless Intrusion Prevention Upgradeable 802.11 encryption D E P L O Y M E N T Plug and Play Access Points Dynamic Site Survey, Self -healing Wireless RMON Packet Capture Serial & Power over Ethernet (SPOE) Adding Value to Existing 802.11 Deployments

  19. Agenda • Product Overview • Product Details • RFView Software

  20. Award-Winning Product Portfolio OAW-4308/4for the Branch Office OAW-6000for the Enterprise HQ OAW-4324for Regional Locations RFView Embedded Mobility Software Applications RFVIew RF ManagementApplications Access Points Dual-Radio (a/b/g) Dual Function

  21. Deployment Choices OAW-4324 OAW-4308/4 OAW-6000 DeploymentCampusBuildingBranch SIZE3U1U1U ACCESS POINTS48-512484-16 USERS8000500128 CLEAR TEXT8 Gbps2 Gbps1 Gbps ENCRYPTED (3DES)7 Gbps400 Mbps200/200 Mbps

  22. OAW-6000 Modular Mobility Controller • Line Cards • Single or Dual Supported • 24FE/2GE • 24FE/2GE SPOE (802.3af PoE) • 2GE (GBIC) Redundant PSUs Fan Tray • Supervisor Cards I or II • Single or Dual Supported • Dedicated Control Processors • Dedicated Network Processors • Hardware Accelerated Crypto FPGAs 3RU 19” Enclosure • Capacity • Up to 512 Access Points / 8,192 Users • Supervisor Card I – 48 APs or 128 APs • Supervisor Card II – 256 APs • Performance • 8 Gbps Clear / 7 Gbps Crypto • Modular Supervisor Cards • Supervisor Card I – 4 Gbps/2 Gbps Crypto • Supervisor Card II – 4 Gbps/3.5 Gbps Crypto • 1 x RJ-45 Serial Management Port • Modular Line Cards • 24 x 10/100 Ethernet (RJ-45) Line Card • 24 x 10/100 Ethernet (RJ-45) Line Card with 802.3af PoE Support • 2 x GigE (GBIC) Line Card • Programmable Architecture • Control and Data Planes • Network Processor Core • Hardware Crypto Engine • All Components Modular and Hot-Swappable

  23. OAW-4324 Mobility Controller Dedicated Network Processor Dedicated Hardware Accelerated Crypto FPGA Dedicated Control processor 802.3af PoE Port status LEDs Management Ethernet 2 x GigE (GBIC) ports 24 x 10/100 RJ-45 Ethernet ports • Capacity • 48 Access Points • 512 Users • Performance • Crypto 2Gbps Clear / 400Mbps 3DES • Interfaces • 24 x 10/100 Ethernet (RJ-45) • Auto-sensing MDI/MDX • 802.3af PoE Support • 2 x Gigabit Ethernet (GBIC) • 1 x RJ-45 Serial Management Port • Programmable Architecture • Control & Data Planes • Network Processor Core • Cryptographic Accelerator Engine 1RU 19” Enclosure

  24. OAW-4308/4 Series Mobility Controllers Dedicated Network Processor Dedicated Hardware Accelerated Crypto FPGA Dedicated Control processor 802.3af PoE Management Ethernet 1 x GigE Ethernet port (TX or SX) options 8 x 10/100 RJ-45 Ethernet ports • Capacity • 4 or 16 Access Points • 128 Users • Performance • Crypto 800Mbps Clear / 200Mbps 3DES • Interfaces • 8 x 10/100 Ethernet (RJ-45) • Auto-sensing MDI/MDX • 802.3af PoE Support • 1 x Gigabit Ethernet (TX or SX options) • 1 x RJ-45 Serial Management Port • Programmable Architecture • Control & Data Planes • Network Processor Core • Cryptographic Accelerator Engine 1RU 19” Enclosure Port status LEDs

  25. Alcatel WLAN Access Point Family Single Radio • Software configurable 802.11a/b/g radio as Thin-AP / AM • Ideal for dense Office or Home-Office Deployments • Internal or External antenna options • Low cost Dual Radio • Dual-Radio Thin-AP / AM • Ideal for Remote / Branch Office AP • High Availability Features • Wired + Wireless Security • Extensible USB Interface Port Specialty APs • Dual-Radio WDS Bridging / Thin-AP Functionality • Fully Environmentally Hardened Design • Desert, Snow, Rain, Harsh Environment

  26. AP60 Series Access Points Detachable antenna interfaces 10/100Ethernet port with 802.3af PoE Integral High-gain, omni- directional antenna AC power Single, Multi-mode 802.11a or b/g radio AC power Multi-band, Single Radio APs • Supported Applications • 802.11a or b/g Access Point / Air Monitor • Dense AP Deployments • Remote / Home Office Deployment • Air Monitoring • Features • Software Configurable Multi-band 802.11a/b/g Radio • 10/100Base-T RJ-45 Interface • 802.3af PoE Power Sourcing • AC/DC Power Adapter Interface • Integrated High-Gain, Tri-Band Antennas (AP-61) • Detachable Antenna Interfaces (AP-60) • Wide Range of Antenna Types Supported • Small Form Factor (Cube, Ceiling, Under Desk Deployable) • Plenum Rated • Low Cost - List US $295 AP60 AP61

  27. AP70 Access Point AC power Twodual-mode 802.11a+b/g radios USB port DualEthernet ports Integral omni-directional antenna Detachable antennas(2 sets) AP70™ - Dual Radio Supported • Applications • 802.11a+b/g Access Point / Air Monitor • Remote / Branch Office Deployment • Mission Critical Wi-Fi Deployments • Advanced Wireless Spectrum Monitoring • Features • Dual 802.11a/b/g Radios • Dual 10/100Base-T RJ-45 Interfaces (2nd Interface Supports Wired Secure-Access) • High Availability / Redundancy • Redundant Ethernet Interfaces • Redundant 802.3af PoE Power Sourcing • Integrated Antenna & Detachable Antenna Interfaces • Wide Range of Antenna Types Supported • Extensible USB 2.0 Interface • Smart Card Authentication (Q4 2005) • Wireless IDS RF Spectrum Analyzer Plug-on (Q4 2005) – Advanced Wireless Threat Detection • AP

  28. AP80 Outdoor Access Point Detachable antenna interfaces Integral heater Hardened Ethernet I/F (8Pin DIN), PoE powered Dual802.11a+b/g radios Integral lightening arrester & ground point Integral directional 17dBi 5Ghz antenna (model 80S only) RSSI interface AP80 ™ - Outdoor AP • Supported Applications • 802.11a or b/g Bridge / Fat AP • Hardened thin-AP 802.11a+b/g • Features • Dual Radio 802.11a+b/g • Fully Environmentally Hardened • Operating Temperature -300C to 550C • Heat/Cold/Rain/UV Resistant • Wind Resistant to 125Mph • Hardened Interfaces • Integrated Lightening Arrestor & Ground • 30W PoE Power Injectors • Not 802.3af Compliant • Media Converters • Ethernet 10/100Base-T RJ-45 • Multi-Mode Fiber SC

  29. Agenda • Product Overview • Product Details • RFView Software

  30. RFView - Base Software BASE SOFTWARE FEATURES • WLAN Switching & RF Management • L2/L3 switching, VLANs, termination of Alcatel Wireless APs, RF Plan/RF Live, location tracking, triangulation • Policy Management • Allow Any-Any per SSID/VLAN, VLAN policy segregation (no firewall or ACLs) • Radio Resource Management (ARM) • Calibration, coverage hole detection / correction, interference detection / correction, multi-band RF scanning • Authentication • MAC, local user DB, LDAP, AAA, wired and wireless 802.1x • Association Types • Open, Static & Dynamic WEP, TKIP, 802.1x, WPA, WPA2 • User Services • SSID to VLAN mapping, AAA VLAN assignment, (no role based services or captive portal) • Mobility Services • Roaming across APs, VLANs and switches • Intrusion Detection • Rogue AP detection, interfering APs / clients, classification (no containment)

  31. RFView - Software Modules ADD-ON MODULE • Policy Enforcement Firewall Module • VPN Server Module • Wireless Intrusion Protection (WIP) Module • Advanced AAA Module • Client Integrity Module • External Services Interface Module • xSec Module • Remote AP Licenses

  32. Policy Enforcement Firewall Full Stateful Firewall Dynamic User Policy Management Captive Portal Role-based User Services QoS for Data and Voice Wireless Intrusion Protection Intrusion Detection DoS Attack Detection Man-in-the-middle Detection Intrusion Prevention and Containment VPN Services PPTP, L2TP/IPSec Cisco and Nortel Client VPN Termination VPN Dialer Advanced AAA Open XML Interface External CP Server Support Client Integrity Embedded Sygate SODA Client Remediation RFView – Software Modules SECURITY

  33. Remote Access Point License Termination of thin APs with L2TP/IPSec Encryption of Remote AP client traffic (control and payload) Licensed by Access Point on any Switch Licensees are Cumulative External Services Interface OOB Fortinet Anti-Virus Support Server load balancing xSec L2 AES Encryption Client - Server or Switch - Switch RFView – Software Modules NETWORKING SECURITY

  34. Key Components To Licensing 1 • License Certificate • Platform Specific • License Feature Specific • Unique Certificate ID 3 License Management Server 4 Sales Order Processing 5 • OmniAccess WLAN switch • Unique Key • Serial # Specific • License Type Specific • Permanent / Evaluation 2 • OmniAccess WLAN switch • Platform Specific • Unique Serial Number

  35. Evaluation Certificates • Valid for a specific feature and platform • for example: PEF module for 4308 • Can be used to create a license key and applied to any system matching the requirement • Valid for 90 days total: • 3 x 30 day increments • After each 30 days system saves config to a restorable location and forces an automatic reset of the system at midnight • System reverts back to valid licenses • The license key can be reapplied for another 30 days • After 90 days the licensed feature may only be reactivated if a permanent license key is applied

  36. Thank You

More Related