WLAN Software
Standard with every wireless LAN, the Alcatel-Lucent OmniAccess™ base software provides unprecedented control over the entire wireless environment and enables advanced adaptive WLAN, identity-based security and application continuity services.
The base feature set of Alcatel-Lucent OmniAccess wireless LAN base software includes sophisticated authentication and encryption, protection against rogue access points (APs), seamless mobility with fast roaming, RF management and analysis tools, centralized configuration, location tracking, and more.
Wireless intrusion protection (WIP)
Policy enforcement firewall (PEF)
Voice service module (VSM)
VPN server (VPN)
Remote access point (RAP)
Wireless mesh (MAP and IMP)
External services interface (ESI)
Customer Benefits (Individual Modules) Base Software
• Secure Authentication, Encryption& Access Control
• Seamless Mobility
• RF Management, RF Planning & Troubleshooting
• QOS, VOIP Support and Location Tracking
External Services Interface Module
• Choice of AAA server for authentication
• XML API for captive portal (external captive portal server support) content inspection with external appliance, Fortinet integration
• Note: requires that the Policy Enforcement Firewall module is installed
• Flexible Delivery of Network Services
• Policy-Based Network Traffic Inspection
• Fault Tolerance for Mission-Critical Networks
• Extended Authorization Control Using API
Policy Enforcement Firewall Module
• Role based services for user / group class of service differentiation, bandwidth contracts
• Firewall permit/deny/drop/log (ICSA certified to version 4.1 corporate standard)
• QoS - priority traffic queues, Wi-Fi voice prioritization
• Identity-Based Stateful Firewalls
• ICSA Certification
• Policy-Based Access Control
• Stateful Flow Classification
• Web-Based Captive Portal
• High-Performance Security
Advanced AAA AOS Software Module
• Automatic selection of authentication servers based on distinct SSIDs
• Domain and realm selection of authentication server
• RFC 3576 API
• Auto selection of authentication server based on SSID
Remote AP Module
• Remote access point - termination of remotely deployed APs using IPSec transport
• Local bridging - termination of data traffic at the remote AP
• Survivability - pre-shared key for backup WLAN encryption during WAN failure
• Secure Mobile Connectivity
• entralized Management and Security
• Ideal Solution for Telecommuters
VPN Server Module
• Complete client VPN services - PPTP, L2TP/IPSec
• Site-to-site VPN services - IPSec NAT-T transport mode tunnels between OmniAccess WLAN switches or third-party VPN concentrators
• Massive Scalability and Performance
• VPN Concentrator Emulation
• Streamlined Deployment
• Site-To-Site VPN
Wireless Intrusion Protection Module
• Detection of network probing and DoS attacks, impersonation and man-in-the-middle attacks
• Detection of unauthorized devices (ad-hoc networks,Windows bridging, wireless bridges)
• Prevention of clients roaming to unauthorized APs attempted intrusion
• Rogue AP Prevention
• Denial Of Service (DOS) Attack Detection
• Probing and Network Discovery
• Surveillance
xSec Module
• Client/server xSec: termination of AES layer 2 xSec secure VPN sessions
• Point/point xSec: termination of AES layer 2 xSec secure VPN switch port session
Features
The selected WLAN Modules below, with the exception of the Base Software module, are all optional components of the WLAN Software solution. Please click on their corresponding links to view their detailed features.
Base Software
The base software comes pre-loaded with each OmniAccess Wireless switch. It includes the following capabilities:
Centralized wireless switching: the WLAN switches are the single point of configuration, management, security and troubleshooting for all access points and wireless users.
Authentication and encryption: includes 802.1x, captive portal authentication and WEP, TKIP (WPA), AES-CCMP (WPA2, 802.11i) encryption
Mobility services: handoffs within and across IP domains without loosing connection or impacting application performance.
Automatic radio management (ARM): automatic calibration of access points for optimal coverage and channel usage, detection and correction and coverage holes or RF interference.
N+1 redundancy for WLAN switches
Wi-Fi rogue access point prevention: detection, classification, location and shut down of rogue APs.
External Services Interface Module
• Standards-based extensibility
• Allows an OmniAccess WLAN switch to communicate with external service devices
• Supports advanced interaction with authentication, authorization, and accounting (AAA) services infrastructure
Policy Enforcement Firewall Module
• User and group policy enforcement through an integrated, ICSA-certified stateful firewall
• Security policies can be centrally defined and enforced on a per-user or per-group basis
• Policies are enforced dynamically, following users as they move and taking into account a variety of metrics such as: (1) User location (2) Time-of-day (3)Device type (4) Authentication method
Remote AP Module
• Securely extend corporate wireless functionality to any location with an Internet connection
• Remote APs allow seamless, corporate-like WLAN connectivity
› Remote office
› Home
› Anywhere a mobile worker chooses to work
VPN Server Module
• Integration support for a variety of VPN implementations
• Eliminates need for discrete, external VPN concentrators
• Hardware acceleration provides LAN-speed VPN connectivity
• Both client termination as well as site-to-site VPNs are supported
• Supported VPN protocols include: (1) L2TP/IPSec (2) IPSec/XAUTH (3) PPTP
Wireless Intrusion Protection
• Patented classification technology that identifies and protects against vulnerabilities and malicious attacks
› Rogue APs
› Ad-hoc networks
› Client and AP impersonation
› Denial of service attacks
› Man-in-the-middle attacks
XSec Module
• Termination of highly secure xSec client sessions
• Link-layer 256-bit AES-CBC encryption with complete header obscuration for highly sensitive environments
• Enables encryption of trunk ports between mobility controllers based on the same strong encryption standard
