ZDC ZA-5000-WS Series Wireless Access Controller
1. Evolution
Enterprises prefer Wi-Fi WLAN in order to enhance work efficiency via mobile office in conventional wireless network solution. Basically, they use wireless AP on the access layer switch and achieve security with WEP encryption or MAC address filtering, user can access wired network via simple authentication. In this structure, user’s data would be forwarded through wireless AP and gateway thus with rather good forward efficiency. However, as business develops, scale of enterprise WLAN grows, networking difficulty, RF interference, security hidden trouble, and equipment and user management become complicated as well.
Conventional WLAN, which is made up of wireless AP (fat AP) + switch, has the following problems: separate configuration on each AP is required; potential network attack and interference can not be checked in the whole system, this reduces the load balance capability; AP can not distinguish the application demands between real time wireless voice and data transmission; security will be in danger if any AP is attacked.
Wireless access controller is a kind of centralized management structure consists of core and simple AP (thin AP), it provides strengthened security, more intelligent wireless broadband management and more efficient wireless security strategy via centralized management, simplified AP and P2P communication, thus helps to break problems in WLAN. In this structure, thin AP takes the place of previous enterprise AP; security, mobility, QoS and other features within the enterprise network can be managed together.
|
|
Conventional WLAN Solution
|
WLAN Solution with Wireless Access Controller
|
|
Deployment Cycle
|
◆Long
Worker and staff must configure and modify AP at site, takes time and human resource.
|
◆Short
Centralized configuration on thin AP at where the wireless access controller is, plug and play, much time and human resource can be saved.
|
|
Networking Scale
|
◆Small and middle scale
Layer 2 roaming
|
◆Large scale
Layer 2/3 roaming, topology independence
|
|
Maintenance Cost
|
◆High
Configure RF, security and network parameters on each AP, and is limited by wired network security and network settings.
|
◆Low
Centralized and intelligent network management. No more settings on each thin AP, config file can be loaded to thin AP as it connects to the wireless access controller. Configuration on controller means that on all thin AP.
|
|
Security
|
◆Low
All settings are saved in wireless AP, one AP being attacked will lead to exposure of the whole network.
|
◆High
Unified and secure system. Authentication between AP and wireless access controller via data certificate. Layer 2/3 security mechanism supported. Overall RF condition surveillance gives solid security.
|
|
Seamless Roaming
|
◆No
IP address of wireless client changes along with the wired network it’s in. Upper layer application will disconnect during wireless client roaming.
|
◆Yes
Wireless client won’t be limited by wired network when roaming among thin AP. IP address, security and authentication won’t change along with the location of client.
|
|
Network Performance
|
◆Low
Overall load balance is impossible due to wired network.
|
◆High
Wireless access controller performs overall load balance on all thin AP, no more limitation by wired network.
|
2. Introduction
ZDC ZA-5000-WS Series Wireless Access Controller is a series of wireless access controller (AC, Access Controller) researched and developed by Nanjing Z-Com Wireless Co., Ltd. Designed for unified wireless network structure; it has overcome the technical difficulties in networking, RF interference, network security and management. Features high stability, kinds of products, various services and abundant data processes, it integrates RF and user management, security mechanism, seamless roaming, and failure switch together, providing powerful WLAN access control functions.
This series contains integrated type and multi-module rack type, covering from small size network with at least 256 sets of AP to carrier-class large metropolitan area network based on product specification and configuration.
ZA-5000-WS series wireless access controller can be co-used with ZA/ZG-5000-TAP (fat/thin AP) on any existing layer 2 or layer 3 network without configuration on current wired network again. Thanks to this series of products, the administrator can realize management based on wired and wireless fundamental facilities and user application surveillance as well.
|
|
Model
|
Features
|
|
ZA-5000-WS20
|
※Enterprise-class integrated structure
※ Carrier-class high reliability
※ N+1 backup
※ Support 256 sets of thin AP at most
※Designed for small and middle enterprise, large enterprise branch and campus
|
|
ZA-5000-WS
|
※Enterprise-class integrated structure
※ Carrier-class high reliability
※ N+1 backup
※ Support 512 sets of thin AP at most
※ Designed for middle and large industry park and campus
|
3. Features
l Intelligent Data Forward
It supports centralized and local forward. Among which, local forward allows user’s data to be forwarded in the local Ethernet port of wireless AP instead of going back to wireless access controller. User can be integrated into wired network as soon as connects to the wireless network, it is a further improvement of the integration of wired and wireless solution. It not only keeps the advantage of centralized control and management, but also allows user’s data to be forwarded based on application classification either via local AP or through wireless access controller.
l Switch between Fat & Thin AP
At the beginning of network establishment, fat AP is an ideal choice as the hotspots spread around with fewer users or the equipments are not so many. However, as the development of WLAN, hotspot and user grows, equipment maintenance and network optimization work increases, thin AP is recommended for convenient management and maintenance. ZDC products support switch between fat and thin AP, allowing you to select a best networking according to the scale thus protect your investment. Under fat AP operation, by adding AC, simple switch settings upon AP could be realized via AC or network management system, and centralized control and management upon the whole network can be made.
l Plug & Play Network Deployment
The wireless access controller is able to detect newly accessed AP and make configuration, which relieves users from configuration at site. It realizes plug and play network deployment.
l Easy Management & Deployment
ZA-5000-WS Series wireless access controller offers auto FW upgrade, auto configuration distribution and central management upon its thin AP based on advanced centralized intelligent management and control concept. This reduces the investment and difficulty of equipment deployment and maintenance, and it offers plug and play network deployment to users. What’s more, ZA-5000-WS Series wireless access controller supports WEB and SNMP management, allowing administrator to complete equipment configuration and maintenance in the shortest time.
l Support Intelligent Load Balance
It supports complicated balance based on the quantity and flow of accessed users. The wireless access controller will calculate whether there is any AP with fewer loads available around the newly accessed user if it detects the load value on current AP exceeds its threshold. When it finds that AP, it will refuse the connection demand of user and the user will access to that AP then. However, if the wireless client is out of AP overlap coverage, conventional load balance will cause connection failure and wrong balance thereof. ZDC supports auto load balance which ensures only users in AP overlap coverage may have AP load balance; it effectively avoids wrong balance and enhances wireless network capacity to its utmost.
l Abundant RF Management & Security
RF management enhances the flexibility of wireless network deployment and the ability of network maintenance. ZA-5000-WS Series support auto power adjustment and channel switch which are indispensable in network deployment and debug, simplifying network deployment. Besides, the constant update of RSSI/SNR allows system to know the RF situation every wireless client is in, thus corresponding strategy can be adopted to enhance the network availability.
l N+1 Backup
It offers a more secure solution for large network deployment. For example, there are n sets of AC operating individually, and one more as backup AC. If any AC in those “n” group breaks down, that backup one will take its place immediately, and later AP will switch to the primary AC as soon as that primary one gets normal, it ensures that the AP takes primary AC as first choice.
l Wireless Intrusion Check
1) Illegal AP Scan
It helps to monitor illegal equipment (e.g. Rouge AP, Ad hoc wireless client), and report to wireless access controller in time for convenient deployment adjustment of thin AP.
2) White List
It ensures only wireless clients in this white list can perform data transmission, others will be taken as illegal users, and their messages will be dropped on AP, thus the attack to wireless network by illegal messages can be avoided.
3) Black List
It ensures that all messages from the devices in this black list will be dropped on AP, thus the attack to wireless network by illegal messages can be avoided.
4) Wireless Broadcast Separation
It prevents malicious attack by wireless client to other clients, and reduces expansion on the wireless network of broadcast messages from this wireless client, thus network performance could be ensured.
l Seamless Roaming
ZA-5000-WS Series Wireless Access Controller can provide seamless L2/L3 roaming services among different wireless access controllers and network segments, while the IP, security and authentication features in wireless clients won’t change along with the location of wireless clients, and the roaming switch time can fully satisfy the demand of delay-sensitive applications like wireless voice communication and mobile video surveillance.
l Support kinds of authentication
Support kinds of authentication including 802.1x, WPA, WPA2, MAC address filtering, Portal authentication, PPPoE authentication, WAPI, and etc.
4. Specifications
|
ZA-5000-WS20 Wireless Access Controller
|
|
|
ZA-5000-WS20 Wireless Access Controller integrates wireless network and security functions into central WLAN switch, realizing centralized management on all thin APs and wireless clients. Radio management, fault auto recovery, forced STA roaming and load balance makes it easy to upgrade and extend. This series can achieve seamless and secure enterprise wireless network deployment on any existing L2/L3 network without disturbing current network operation. Its 6 kilomega Ethernet ports and 4 kilomega optical ports (SFP interface) allow users to select single or multiple-mode optical SFP module at will. ZA-5000-WS20 is able to integrate with existing network completely with no structure change, which simplifies network deployment and management and reduces investment greatly.
|
|
Features
|
|
Standard Compliant
|
IEEE802.3/u 10/100Base-Tx RJ-45, IIEEE 802.3z 1000BaseX kilomega Ethernet protocol, IEEE802.1q (VLAN) ,IEEE802.1x (Security Authentication), IEEE802.1d, etc.
|
|
Protocol
|
TCP/IP, IPX, NetBEUI
|
|
Host Name Configuration
|
Yes
|
|
Country/Region Configuration
|
Yes
|
|
IP Address Configuration of Thin AP Port
|
Yes
|
|
VLAN
|
Yes
|
|
VLAN Virtual Interface
|
Yes
|
|
Flow Control
|
Yes
|
|
Hot ID
|
Yes
|
|
DHCP Server
|
Yes
|
|
NAT/NAPT
|
Yes
|
|
Static Routing
|
Yes
|
|
Broadcast Packet Filtering
|
Yes
|
|
DHCP Snooping
|
Yes
|
|
DHCP Relay
|
Yes
|
|
Wireless Isolation
|
Yes
|
|
VOIP
|
Yes
|
|
Load Balance
|
Yes
|
|
Bandwidth Control
|
Yes
|
|
Centralized Data Forward
|
Yes
|
|
Local Data Forward
|
Yes
|
|
Thin AP Configuration Template
|
Yes
|
|
HTTP Redirect
|
Yes
|
|
WEB Authentication (Portal Server)
|
Yes
|
|
PPPOE Server
|
Yes
|
|
Radius Server
|
Yes
|
|
IGMP Snooping
|
Yes
|
|
IGMP Proxy
|
Yes
|
|
Black List
|
Yes
|
|
NTP Server
|
Yes
|
|
User Management
|
Yes
|
|
Host/Slave Mode Management
|
Yes
|
|
PPTP
|
Yes
|
|
Radio
|
|
Radio On/Off
|
Yes
|
|
Wireless Mode
|
Yes(802.11A/B/G)
|
|
Manual Frequency Adjustment
|
Yes
|
|
Auto Frequency Adjustment
|
Yes
|
|
Auto Power Adjustment
|
Yes
|
|
Manual Power Adjustment
|
Yes
|
|
Data Rate
|
Best / 54 / 48 / 36 / 24 / 18 / 12 / 9 / 6/11/5.5/2/1 Mbps
|
|
WMM
|
Yes
|
|
Super G
|
Yes
|
|
Forced STA Roaming
|
Yes
|
|
Multi BSSID
|
Yes(8 group)
|
|
Management
|
|
Web Management
|
Yes
|
|
SNMP MIB
|
Yes
|
|
SSH
|
Yes
|
|
CLI
|
Yes
|
|
Performance
|
|
Thin AP Q’ty
|
256
|
|
Maximum User Q’ty
|
5120
|
|
Concurrent User Q’ty
|
1024
|
|
DHCP Address Q’ty
|
5120
|
|
WEB Authentication Q’ty
|
1024
|
|
Security
|
|
WEP Encryption
|
64 / 128 / 152-bit
|
|
WAPI
|
Yes
|
|
WPA
|
WPA, WPA2, WPA-PSK, WPA2-PSK
|
|
802.1x
|
Yes
|
|
ACL Control
|
Yes
|
|
Web Authentication Black/White List
|
Yes
|
|
Electrical
|
|
Power Supply
|
AC 220V
|
|
Power Consumption
|
130W
|
|
Physical
|
|
System
|
CPU P4 2.8G 512M Memory 1G CF
|
|
Dimensions (mm)
|
1u height, 430 (L) x 270(W)× 43.6 (H)
|
|
Interface
|
4x10/100/1000M kilomega Ethernet interface, 1xCF slot, built-in USB2.0 interface, 1xRJ45 to RS-232 interface
|
|
Weight
|
5.2kg
|
|
Environment
|
|
Operating Temperature
|
0~60℃
|
|
Storage Temperature
|
-40~60℃
|
|
Humidity
|
5 ~ 90%
|
|
ZA-5000-WS High Performance Wireless Access Controller
|
|
ZA-5000-WS Wireless Access Control integrates wireless network and security functions into central WLAN switch, realizing centralized management on all thin APs and wireless clients. Radio management, fault auto recovery, forced STA roaming and load balance makes it easy to upgrade and extend. This series can achieve seamless and secure enterprise wireless network deployment on any existing L2/L3 network without disturbing current network operation. Its 6 kilomega Ethernet ports and 4 kilomega optical ports (SFP interface) allow users to select single or multiple-mode optical SFP module at will. ZA-5000-WS is able to integrate with existing network completely with no structure change, which simplifies network deployment and management and reduces investment greatly.
|
|
Features
|
|
Standard Compliant
|
IEEE802.3/u 10/100Base-Tx RJ-45, IIEEE 802.3z 1000BaseX kilomega Ethernet protocol, IEEE802.1q(VLAN) ,IEEE802.1x (Security Authentication), IEEE802.1d, etc.
|
|
Protocol
|
TCP/IP, IPX, NetBEUI
|
|
Host Name Configuration
|
Yes
|
|
Country/Region Configuration
|
Yes
|
|
IP Address Configuration of Thin AP Port
|
Yes
|
|
VLAN
|
Yes
|
|
VLAN Virtual Interface
|
Yes
|
|
Flow Control
|
Yes
|
|
Hot ID
|
Yes
|
|
DHCP Server
|
Yes
|
|
NAT/NAPT
|
Yes
|
|
Static Routing
|
Yes
|
|
Broadcast Packet Filtering
|
Yes
|
|
DHCP Snooping
|
Yes
|
|
DHCP Relay
|
Yes
|
|
Wireless Isolation
|
Yes
|
|
VOIP
|
Yes
|
|
Load Balance
|
Yes
|
|
Bandwidth Control
|
Yes
|
|
Centralized Data Forward
|
Yes
|
|
Local Data Forward
|
Yes
|
|
Thin AP Configuration Template
|
Yes
|
|
HTTP Redirect
|
Yes
|
|
WEB Authentication (Portal Server)
|
Yes
|
|
PPPOE Server
|
Yes
|
|
Radius Server
|
Yes
|
|
IGMP Snooping
|
Yes
|
|
IGMP Proxy
|
Yes
|
|
White List
|
Yes
|
|
NTP Server
|
Yes
|
|
User Management
|
Yes
|
|
Host/Slave Mode Management
|
Yes
|
|
PPTP
|
Yes
|
|
Radio
|
|
Radio On/Off
|
Yes
|
|
Wireless Mode
|
Yes(802.11A/B/G)
|
|
Manual Frequency Adjustment
|
Yes
|
|
Auto Frequency Adjustment
|
Yes
|
|
Auto Power Adjustment
|
Yes
|
|
Manual Power Adjustment
|
Yes
|
|
Data Rate
|
Best / 54 / 48 / 36 / 24 / 18 / 12 / 9 / 6/11/5.5/2/1 Mbps
|
|
WMM
|
Yes
|
|
Super G
|
Yes
|
|
Forced STA Roaming
|
Yes
|
|
Multi BSSID
|
Yes(8 group)
|
|
Management
|
|
Web Management
|
Yes
|
|
SNMP MIB
|
Yes
|
|
SSH
|
Yes
|
|
CLI
|
Yes
|
|
Backup/Restore Settings
|
Yes
|
|
Soft reboot
|
Yes
|
|
Port Statistics
|
Yes
|
|
Thin AP Zero Configuration
|
Yes
|
|
Thin AP On-line List
|
Yes
|
|
Wireless Client On-line List
|
Yes
|
|
DHCP Assignment Record
|
Yes
|
|
Illegal AP List
|
Yes
|
|
Syslog
|
Yes
|
|
Routing Table
|
Yes
|
|
Performance
|
|
Thin AP Q’ty
|
512
|
|
Concurrent User Q’ty
|
4096
|
|
DHCP Address Q’ty
|
4096 for client &&1024 for AP
|
|
WEB Authentication Q’ty
|
4096
|
|
Security
|
|
WEP Encryption
|
64 / 128 / 152-bit
|
|
WAPI
|
Yes
|
|
WPA
|
WPA, WPA2, WPA-PSK, WPA2-PSK
|
|
802.1x
|
Yes
|
|
ACL Control
|
Yes
|
|
Web Authentication Black/White List
|
Yes
|
|
DOS Prevention
|
Yes
|
|
Electrical
|
|
Power Supply
|
AC100~ 240V 4-2A
|
|
Power Consumption
|
150W
|
|
Physical
|
|
System
|
CPU Core2 Duo E6400 2.13GHz 2G Memory 2G CF
|
|
Dimensions (mm)
|
1U, 427.4 (L) x 433(W)× 44mm (H)
|
|
Interface
|
6x10/100/1000M Ethernet interface, 4x1G kilomega optical interface, 1xCF slot, built-in USB2.0 interface, RJ45 to RS-232 interface
|
|
Weight
|
7KG
|
|
Environment
|
|
Operating Temperature
|
0~60℃
|
|
Storage Temperature
|
-20~80℃
|
|
Humidity
|
5 ~ 90%
|
5. Typical Applications
1. Enterprise Network Solution
ZDC designs a set of network solution for enterprise particularly, which combines WLAN into existing wired network so as to get an organic whole and enhance enterprise efficiency thereof. Based on this wireless switch structure, WLAN features more management and switch functions with less investment and no network overload. As a central point converging businesses in the network, this wireless access controller enables administrator to manage WLAN and ensure its security more efficiently while reduces the network deployment cost. In addition, this solution is able to offer Web and 802.1x authentication to wireless access users by adopting local forward. Its VLAN division can meet the extendibility, manageability, accessibility and reliability demand of enterprise.
2. Campus Network Solution
As the quick development of education informatization, campus network has become to be a big part in campus life, and is the first way to obtain resources and information by faculty and students. It gets colleges and students together with administrators of social contact, academy and business activities; therefore plays an important role in education system. ZDC designs a set of network solution for campus, which ensures manageability, security, QoS and seamless roaming of wireless network, especially takes future maintenance, management and extension into consideration. This solution can support not only existing network application, but also future network technologies and applications, such as VoIP, wireless video surveillance, video meeting, it fully meets the requirements of university education and research. Based on network security concern, centralized forward is recommended to interconnect wireless access points, besides, authentication and accounting system can be used to manage the users.
