Reduce costs and effectively manage wireless Switches

There are many things worth learning about wireless switches. Here we mainly introduce how to effectively manage wireless switches and solve the power supply problem of Wireless AP, which is an important prerequisite for ensuring the flexibility of Wireless AP deployment location. This requires that the AP can achieve remote power supply through POE while providing local power supply.

There are currently two solutions: the POE Power Supply Module and the POE Power Supply wireless switch. To ensure the reliability of POE power supply, it is the first choice to use a wireless switch of POE power supply to provide power for a single Wireless AP. Currently, the POE switch complies with the IEEE 802.3af standard, and the maximum output power is about 15 W, the mainstream IEEE802.11n AP in the industry requires more than 15 W of working power. To solve such power supply requirements, the POE + power supply wireless switch in the IEEE 802.3at draft should be followed, in order to truly leverage the performance advantages of IEEE802.11n.

The preceding WX3024 enables 24 Gigabit ports to provide both the POE power supply function and the PoE + power supply function. Each port can provide a maximum power of 25 W, the test shows that after the POE power supply function is enabled, the gigabit network interface of the WX3024 can supply power to the 802.11g and 802.11n AP through the network cable, you can also display the power supply of each POE-powered AP on the console, which is especially convenient for the deployment of IEEE802.11n AP. This is particularly important in the future when 802.11n may be "popular.

Reduce management costs

Generally, enterprises do not have powerful IT maintenance power. This is also an important factor in deploying enterprise WLAN networks for fit ap. Mainstream fit ap vendors in the industry provide no AP configuration, all AP configuration operations are performed on the wireless controller or switch, and the system upgrade is also performed centrally by the wireless switch. Therefore, the management of enterprise wlan ap is simplified to the management of wireless switches. More importantly, enterprise WLAN network management is not only about AP management, user IP Address Allocation, user identity authentication, and other user management series.

IP addresses of wireless users are generally allocated by DHCP servers. User authentication can be performed by MAC address authentication, IEEE802.1x authentication, PORTAL authentication, and other methods. A complete wireless network generally requires a RADIUS server, a PORTAL authentication server, and the DHCP server mentioned above. These devices are combined with wireless controllers and Wireless AP, which is undoubtedly a serious challenge for enterprises that do not have powerful IT maintenance capabilities. If they can integrate the DHCP service, RADIUS Authentication Service, and PORTAL authentication service, the simple and intuitive WEB management interface facilitates the maintenance of enterprise IT managers, so that enterprise IT administrators can be avoided as fire fighters. The H3C WX3024 mentioned above can achieve this.

Emphasize wireless security

WLAN uses invisible public media to transmit air signals. The security problem is a huge challenge for deploying wireless networks. The complexity of wireless network security restricts the deployment of wireless networks in enterprises. How to solve the security problems faced by WLAN Access and ensure customers' safe use is an important issue. The security challenges facing wireless networks are analyzed carefully, mainly to prevent illegal AP access, prevent illegal user access, prevent ARP attacks, prevent AP overload, and prevent unreasonable applications. Both external threats and internal threats should be prevented, as well as threats from the user end and network end.

The first is to prevent unauthorized access to the AP, that is, access to the Rouge device. The 802.11 Network is vulnerable to a large number of network threats, such as unauthorized AP users, Ad-hoc networks, and denial of service-type attacks, therefore, Rouge devices are a serious threat to enterprise network security. This requires the wireless intrusion detection (WIDS) function to prevent early detection of malicious user attacks and intrusion into wireless networks through WIDS, detect the rogue devices in WLAN networks, and report them to the management center, anti-DDoS measures are taken to maximize the protection of wireless networks.

The second is to prevent illegal users, which is ensured by authentication and encryption technologies. Common authentication methods include 802.1x authentication, MAC address authentication, Portal authentication, and other authentication methods to ensure the security of wireless user identity, combined with WEP (64/128) WPA, WPA2, and other encryption methods to ensure the security of wireless users. In addition, through user identity authentication and configuration and modification of user group permissions on the AAA Server, network administrators can easily assign access permissions to different levels of users, it implements fine-grained user permission control, greatly enhancing the availability of wireless networks. The third is to prevent ARP attacks. There are common ARP attack methods in enterprises. ARP spoofing is implemented by forging IP addresses and wireless switch addresses, resulting in a large amount of ARP traffic to block the network or implement man-in-the-middle attacks. Serious ARP attacks can make the network unavailable, hazards to enterprise applications. To prevent attackers from launching "man-in-the-middle" attacks through ARP packets, the wireless switch must have the ARP intrusion detection function, that is, by detecting the legitimacy of ARP packets and forwarding valid ARP packets, discards invalid ARP packets to effectively prevent ARP spoofing.

The fourth is to prevent network bandwidth abuse. This is not a direct security problem, but it will prevent normal network applications within the enterprise. Some smart management measures are required to solve this problem. In a WLAN, multiple wireless terminals are connected to the same Wireless AP at the same time. If some terminals use BT or other download applications, all wireless port bandwidths will be occupied, as a result, other terminals cannot work normally. To avoid the above problems, it is recommended that the Network Support SMART bandwidth speed limit, restrict the use of fixed bandwidth on the terminal, or limit the average sharing bandwidth of all terminals, so as to effectively solve the bandwidth usage problem.

In addition, in order to avoid the overload of some aps in the wireless network, some APs are idle and affect network usage, the load balancing function is also essential. The smart load balancing method dynamically determines which APS can share the load at the current time and at the current location. By controlling the AP accessed by the wireless client, the load sharing between these APS is realized.

In terms of security, WX3024 is also a "good hand ". It has 802.1X, MAC address, PORTAL and other security authentication and AP security management capabilities. It provides security technologies such as anti-ARP attack, wireless intrusion detection (WIDS), and multiple encryption technologies, it can effectively solve the security challenges faced by enterprise networks. To sum up, a device is integrated with 48 Wireless AP management, featuring the performance of a wireless switch, POE power supply, DHCP server, and PORTAL authentication server, wireless switches for RADIUS servers, WEB management and other application services can reflect the highest performance and price ratio for enterprise networks. It not only brings economic, efficient, and freedom to the network, but also increases the cost of network construction and maintenance. It is the pursuit of every network builder.