WLC-3200

• Connection of up to 1000 access points
• Access points monitoring
  
• WPA/WPA2/WPA3 Enterprise, WPA/WPA2/WPA3 Personal user authorization

WLC-3200 are controllers for the stand-alone management of wireless networks for small- and medium-sized enterprises. The devices allow quick configuring of a Wi-Fi network and adding ELTEX access points of different performance and purpose to it.

The controllers provide monitoring of all access points, analyze traffic statistics and session time, perform individual Wi-Fi settings.

Enterprise user authorization with traffic encryption is performed by login/password

Interfaces

• 1000BASE-X/10GBASE-R/25GBASE-R (LAN/WAN) - 12
  
• OOB - 1
  
• Console (RJ-45) - 1
  
• USB 2.0 - 1
  
• HDD slot - 1
• microSD card slot - 1
  

System features

• Access points number1 - 1000
• Maximum clients number - 30000
• VPN tunnels - 500
• Static routes - 11K
• Concurrent sessions - 512 K
• VLAN support - up to 4К active VLANs according to 802.1Q
• BGP routes - 5 M
• OSPF routes - 500 K
• RIP routes - 10 K
• MAC table - 16К entries per bridge
• FIB size - 1.7 M
• VRF - 32

Access points management

• WPA/WPA2/WPA32 Personal
• WPA/WPA2/WPA32 Enterprise
• OWE1 open network
• Local collecting of user account information3
• Collecting user account information to an external RADIUS server
• IEEE 802.11r/k/v standard seamless roaming
• Integration with external portals4
• Automatic management of radio environment resources
• Access point authorization by certificate

Supported access points

• WEP-1L
• WEP-2L
• WEP-200L
• WEP-2ac
• WEP-2ac Smart
• WEP-3ax
• WEP-30L
• WEP-30L-Z
• WOP-2ac
• WOP-2ac rev.B
• WOP-2ac rev.C
• WOP-2L
• WOP-20L
• WOP-30L

Switching

• Up to 4094 VLAN (802.1Q)
• Voice-VLAN
• Q-in-Q (802.1ad)
• MAC-based VLAN
• Bridge domain
• LAG/LACP (802.3ad)
• Port-security, protected port
• Jumbo-frames

MPLS

• LDP
• L2VPN VPWS
• L2VPN VPLS Martini Mode, Kompella Mode
• L3VPN MP-BGP (Option A, B, C)
• L2VPN/L3VPN over GRE, DMVPN
• Transparent transfer of service protocols

Routing

BGP:

• Address family: IPv4, IPv6, VPNv4, L2VPN, IPv4 label- unicast, Flow-spec
• Flexible management of route information by attributes. Support for Conditional Advertisement, Route Aggregation and Local-AS mechanisms
• High scalability and configuration flexibility: support for peer-group, dynamic neighbor, as-range and
• Route-reflector
• Fall over based on BFD and Fast Error Peer Detection
• Graceful restart
• Authentication
• Flexible redistribution from/to BGP process of other protocol routes
• Ability to run up to 64 processes simultaneously
• ECMP
• Support for policy-based routing

OSFP(v3):

• Different types of zones: Normal, Stub, Totally stub, NSSA, Totally NSS
• Operation in different types of networks: Broadcast, NBMA, Point-to-point, Point-to-multipoint, Point-to- multipoint non-broadcast
• Summarization and filtering of route information
• Authentication
• ECMP
• Passive interface
• Flexible redistribution from/to OSPF process of other protocol routes
• Ability to run up to 64 processes simultaneously
• Support for BFD
• Auto cost calculation mechanism
• Support for policy-based routing

IS-IS:

• Operation in different types of networks: Broadcast, Point-to-point
• Setting the neighbourhood of L1/L2 layers
• Мetric style: narrow, wide, transition
• Authentication
• Filtering of route information
• Flexible redistribution from/to IS-IS process of other protocol routes
• Ability to run up to 64 processes simultaneously
• Support for policy-based routing

RIP(ng):

• Operation modes (RIP only): Broadcast, Multicast, Unicast
• Summarization and filtering of route information
• Managing route metrics
• Authentication
• Passive interface
• Flexible redistribution from/to RIP process of other protocol routes
• Support for policy-based routing

Static:

• Support for BFD
• Recursive search
• Managing route metrics
• Ability to select the option of notifying the sender when traffic is blocked

Quality of Service (QoS)

• Up to 8 priority or weighted queues per port
• L2 and L3 traffic prioritization (802.1p (CoS), DSCP, IP Precedence (ToS))
• Hierarchical QоS
• Queue management: RED, GRED, SFQ, CBQ, WFQ, WRR
• Session labeling
• Bandwidth management (policing, shaping)

IPsec

• Policy-based and route-based modes
• Incapsulation modes: tunnel and transport
• Authentication pre-shared key, public key, xauth (ikev1 only), eap (ikev2)
• Support for mobike (ikev2 only)
• Support for ike ikering

Remote Access

• PPTP, L2TP over IPsec, OpenVPN, WireGuard
• PPPoE-/PPTP-/L2TP client
• User authentication
• Connection encryption

Security

• Access Control Lists (ACL) based on L2-/L3-/L4 fields
• Zone-based Firewall in two modes: stateful и stateless.Rule triggering logging, counters
• Filtering by applications
• Protection against DoS-/DDoS-/Spoof attacks and their logging
• Intrusion Detection/Prevention system (IPS/IDS) and their logging5
• Signature analysis via IPS in two modes: transit and mirrored traffic analysis5
• Interaction with Eltex Distribution Manager to obtain licensed content: rule sets provided by Kaspersky SafeStream II6

Monitoring and management

• Support for standard and extended SNMP MIB, RMONv1
• Zabbix agent/proxy
• Authentication methods: RADIUS, TACACS+, LDAP
• Protection against configuration errors, automatic configuration recovery
• CLI, Syslog
• System resource usage monitoring
• Ping, monitor, traceroute (IPv4/IPv6), packet information in the console output
• Firmware upgrade, configuration upload and download via TFTP, SCP, FTP, SFTP, HTTP(S)
• Support for NTP
• Netflow v5/v9/v10 (exporting of URL statistics for HTTP, host for HTTPS)
• Local control via RS-232 (RJ-45) and OOB