ACU2 Access Controller Unit Data Sheet

ACU2 Access Controller Unit Data Sheet

Product appearance

Appearance

Ports

No. Interface Quantity Description
1 RST - The Reset button is used for resetting cards manually. Resetting a card interrupts services. Confirm the action before you press this button.
2 USB interface 1 Connects to a USB flash drive to transfer configuration files
3 Console interface 1 Serial interface. To configure ACU2 locally, log in to the local ACU2 by connecting a cable between the host serial interface and the ACU2 console interface
4 Ethernet interface 1 GE interface. To configure the ACU2, log in to the ACU2 through Telnet
5 GE interfaces 3 Reserved

Indicators

No. Indicator/Button Color

Description

1 USB Off USB indicator remains off
2 ACT Amber
  • Blinking: Data being transmitted or received
  • Off: No data being transmitted or received
3 LINK Green-yellow
  • On: Link connected
  • Off: Link is blocked
4 RUN/ALM Green
  • On: Board is powered on, but software is not running
  • Blinking every 2 seconds (0.5 Hz): System is running properly
  • Blinking every 0.25 seconds (4 Hz): System is starting
Red On: Board is faulty
Orange On: Board is installed and on

Product specifications

Features Specifications
Ethernet Features Ethernet
  • Jumbo frames
  • Link aggregation
  • Load-balancing among links of a trunk
  • Interface isolation and forwarding restriction
  • Broadcast storm suppression
VLAN
  • Access, trunk, and hybrid access modes
  • Default VLAN
  • VLAN pool: solves the problem of insufficient addresses in high-density scenarios
  • Multicast Domain Name Service (mDNS) gateway protocol: supports AirPlay and AirPrint service sharing between users of different VLANs
  • VLAN pool
MAC
  • Automatic learning and aging of MAC addresses
  • Static, dynamic, and blackhole MAC address entries
  • Packet filtering based on source MAC addresses
  • Interface-based MAC learning limiting
ARP
  • Static and dynamic ARP entries
  • ARP in a VLAN
  • Aging of ARP entries
LLDP
  • LLDP
Ethernet Loop Protection MSTP
  • STP
  • RSTP
  • MSTP
  • BPDU, root, and loop protection
  • Partitioned STP
IPv4 Forwarding IPv4 features
  • ARP and RARP
  • ARP proxy
  • Auto-detection
  • NAT
  • Bonjour protocol
Unicast routing features
  • Static route
  • RIP-1 and RIP-2
  • OSPF
  • BGP
  • IS-IS
  • Routing policies and policy-based routing
  • URPF check
  • DHCP client, server and relay
  • DHCP snooping
Multicast routing features
  • IGMPv1, IGMPv2, and IGMPv3
  • PIM-SM
  • Multicast routing policies
  • RPF
IPv6 Forwarding IPv6
  • ND protocol
IPv6 features
  • Static route
  • RIPng
  • OSPFv3
  • BGP4+
  • IS-IS IPv6
  • DHCPv6
  • DHCPv6 snooping
Unicast routing features
  • MLD
Device Reliability BFD
  • BFD
Layer 2 Multicast Features Layer 2 multicast
  • IGMP snooping
  • Prompt leave
  • Multicast traffic control
  • Inter-VLAN multicast replication
Ethernet OAM EFM OAM
  • Neighbor discovery
  • Link monitoring
  • Fault notification
  • Remote loopback
QoS Features Traffic classification
  • Traffic classification based on combination of L2 protocol header, IP 5-tuple, and 802.1p priority
Action
  • Access control after traffic classification
  • Traffic policing based on traffic classification
  • Re-marking packets based on traffic classifiers
  • Class-based packet queuing associating traffic classifiers with traffic behaviors
  • Associating traffic classifiers with traffic behaviors
Queue scheduling
  • PQ scheduling
  • DRR scheduling
  • PQ + DRR scheduling
  • WRR scheduling
  • PQ + WRR scheduling
Congestion avoidance
  • SRED
  • WRED
Application control
  • Smart Application Control (SAC)
Configuration and Maintenance Terminal service
  • Configurations using command lines
  • Error messages and help information in English
  • Configurations using Web Platform
  • Login through console and Telnet terminals
  • Send function and data communications between terminal users
File system
  • File systems
  • Directory and file management
  • File uploading and downloading using FTP and TFTP
Debugging and maintenance
  • Unified management for logs, alarms, and debugging information
  • Electronic labels
  • User operation logs
  • Detailed debugging information for network fault diagnosis
  • Network test tools such as traceroute and ping commands
  • Interface mirroring and flow mirroring
Version upgrade
  • Device software loading and online software loading
  • BIOS online upgrade
  • In-service patching
Security and Management System security
  • Different command user levels to prevent unauthorized access to device
  • SSHv2.0
  • RADIUS and HWTACACS authentication for login users
  • ACL filtering DHCP packet filtering with the Option 82 field
  • Local attack defense function that can protect the CPU and ensure that the CPU can process services
  • Defense against control packet attacks
  • Defense against attacks such as source address spoofing, Land, SYN flood (TCP SYN), Smurf, ping flood (ICMP echo), Teardrop, and Ping-of-Death attacks
  • IPSec
  • Application identification: Use the service awareness technology to identify packets of dynamic protocols such as HTTP and RTP by checking Layer 4 to Layer 7 information in the packets, helping implement fine-grained QoS management.
  • URL filtering: URL filtering regulates online behavior by controlling which URLs users can access.
  • Antivirus: The antivirus function depends on the powerful and constantly updated virus signature database to secure the network and system data.
  • Intrusion prevention: Intrusion prevention detects intrusions, such as buffer overflow attacks, Trojan horses, and worms, by analyzing network traffic and takes actions to quickly terminate the intrusions. In this way, intrusion prevention protects the information system and network architecture of enterprises.
Network management
  • ICMP-based ping and traceroute
  • SNMPv1, SNMPv2c, and SNMPv3
  • Standard MIB
  • RMON
  • NetStream

AP management

Features Specifications
AP Access Control
  • Displays MAC addresses or AP serial numbers in the whitelist.
  • Adds single or multiple APs by specifying a range of MAC addresses or serial numbers to the whitelist.
  • Automatically discovers and manually confirms APs
  • Automatically discovers APs without manual confirmation 
AP Region Management
  • Supports three AP region deployment modes:
    • Distributed deployment: APs are deployed independently. An AP is equivalent to a region and does not interfere with other APs. APs work at maximum power and do not do radio frequency calibration
    • Common deployment: APs are loosely deployed. Transmit power of each radio frequency is less than 50% of maximum transmit power
    • Centralized deployment: APs are densely deployed. Transmit power of each radio frequency is less than 25% of maximum transmit power
  • Specifies the default region to which automatically discovered APs are added
  • Supports AP group management
AP Profile Management
  • Specifies the default AP profile applied to automatically discovered APs
AP Type Management
  • Manages AP attributes including:
    • Number of interfaces
    • AP types
    • Number of radio frequencies and radio types
    • Maximum number of Virtual Access Points (VAPs)
    • Maximum number of associated users
    • Radio gain for APs deployed indoors
  • Provides default AP types
Network Topology Management
  • Supports LLDP topology detection.
AP working mode management
  • Supports AP working mode switchover. The AP working mode can be switched to the Fat or cloud mode on the AC.

Radio Frequency management

Feature Specifications
Radio Profile Management
  • The following parameters can be configured in a radio profile:
    • Radio working mode and rate
    • Automatic or manual channel and power adjustment mode
    • Radio calibration interval
  • Radio type set to 802.11b, 802.11b/g, 802.11b/g/n, 802.11g, 802.11n, 802.11g/n, 802.11a, 802.11a/n, or 802.11ac
  • Binding a radio frequency to a specified radio profile
  • Supports MU-MIMO.
Unified Static Configuration of Parameters
  • Radio parameters such as the channel and power of each radio frequency are configured on the AC and delivered to APs
Dynamic Management
  • APs automatically select working channels and power when they go online
  • In an AP region, APs automatically adjust working channels and power in the event of signal interference:
    • Partial calibration: Adjusts the optimal working channel and power of a specified AP
    • Global calibration: Adjusts the optimal working channels and power of all the APs in a specified region
  • When an AP is removed or goes offline, the AC increases the power of neighboring APs to compensate for gap in coverage
  • Automatic selection and calibration of radio parameters in AP regions
Enhanced Service Capabilities
  • Band steering: Enables terminals to preferentially access the 5G frequency band, achieving load balancing between the 2.4G and 5G frequency bands.
  • Smart roaming: Enables sticky terminals to roam to APs with better signals.

WLAN service management

Features Specifications
ESS Management
  • Enable SSID broadcast, set maximum number of users, and set association aging time in an ESS
  • Isolates APs at Layer 2 in an ESS
  • Maps an ESS to a service VLAN
  • Associates an ESS with a security or QoS profile
  • Enables IGMP for APs in an ESS
VAP-based Service Management
  • Adds multiple VAPs at the same time by binding radio frequencies to ESSs
  • Displays information about a single VAP, VAPs with a specified ESS, or all VAPs
  • Supports configuration of offline APs
  • Creates VAPs according to batch-delivered service provisioning rules in automatic AP discovery mode
Service Provisioning Management
  • Supports service provisioning rules configured for a specified radio frequency in a specified AP type
  • Adds automatically discovered APs to the default AP region. The default AP region is configurable
  • Applies a service provisioning rule to a region to enable APs in the region to go online
Multicast Service Management
  • Supports IGMP snooping
  • Supports IGMP proxy
Load Balancing
  • Performs load-balancing among radio frequencies in a load-balancing group
  • Supports two load-balancing modes:
    • Based on the number of STAs connected to each radio frequency
    • Based on the traffic volume over each radio frequency
Bring Your Own Device (BYOD)
  • Identifies device types according to the OUI in the MAC address
  • Identifies device types according to the User Agent (UA) field in an HTTP packet
  • Identifies device types according to DHCP option information
  • Carries device type information in RADIUS authentication and accounting packets
  • Supports Microsoft Lync
Positioning Services
  • Locates AeroScout and Ekahau tags
  • Locates Wi-Fi terminals
  • Locates Bluetooth terminals.
  • Locates Bluetooth tags.
Spectrum Analysis
  • Identifies interference sources:
    • Bluetooth
    • Microwave ovens
    • Cordless phones
    • ZigBees
    • Game controllers
    • 2.4 GHz/5 GHz wireless audio and video devices
    • Baby monitors
  • Works with the eSight to locate the interference sources and display spectrum
Hotspot2.0
  • Supports a Hotspot2.0 network.
Internet of Things (IoT)
  • Supports IoT cards on the AP to converge the WLAN and IoT.

QoS

Features Specifications
WMM Profile Management
  • Enables or disables Wi-Fi Multimedia (WMM)
  • Allows a WMM profile to apply to radio frequencies in multiple APs
Traffic Profile Management
  • Manages traffic from APs, then maps packet priorities according to traffic profiles
  • Applies a QoS policy to each ESS by binding a traffic profile to each ESS
AC Traffic Control
  • Manages QoS profiles
  • Controls smart applications
  • Uses ACLs for traffic classification
  • Limits incoming and outgoing traffic rates for each user based on inbound and outbound CAR parameters
  • Limits the traffic rate based on ESSs or VAPs
AP Traffic Control
  • Controls traffic of multiple users and allows them to share bandwidth
  • Limits the rate of a specified VAP
Packet Priority Configuration
  • Sets the QoS priority (IP precedence or DSCP priority) for CAPWAP control channels
  • Sets the QoS priority for CAPWAP data channels:
    • Allows you to specify the CAPWAP header priority
    • Maps 802.1p priorities of user packets to ToS priorities of tunnel packets
Airtime Scheduling
  • Allocates equal time to users for occupying the channel to improve Internet access experience

WLAN security

Features Specifications
WLAN Security Profile Management
  • Manages authentication and encryption modes using WLAN security profiles
  • Binds security profiles to ESS profiles
Authentication Modes
  • Open system authentication with no encryption
  • WEP authentication/encryption
  • WPA/WPA2 authentication and encryption:
    • WPA/WPA2-PSK + TKIP
    • WPA/WPA2-PSK + CCMP
    • WPA/WPA2-802.1x + TKIP
    • WPA/WPA2-802.1x + CCMP
    • WPA/WPA2-PSK + TKIP-CCMP
    • WPA/WPA2-802.1x + TKIP-CCMP
  • WAPI authentication and encryption:
    • Supports centralized WAPI authentication
    • Supports three-certificate WAPI authentication that is compatible with traditional two-certificate authentication
    • Issues a certificate file and private key
  • Allows users to use MAC addresses as accounts for authentication by the RADIUS server.
  • Portal authentication:
    • Allows an AC to function as a portal gateway
    • Prohibits an AC from functioning as a portal gateway.
    • Supports only Layer 2 portal
    • Supports WeChat- and QR code-based authentication
Combined Authentication
  • Combined MAC authentication:
    • PSK + MAC authentication
  • MAC + portal authentication:
    • MAC authentication used first. When MAC authentication fails, portal authentication is used
    • This type of authentication applies only to centralized forwarding
AAA
  • Local authentication/local accounts (MAC addresses and accounts)
  • RADIUS authentication
  • Multiple authentication servers:
    • Supports backup authentication servers
    • Specifies and configures authentication servers based on account
    • Configures authentication servers based on the account.
    • Binds user accounts to SSIDs.
Security Isolation
  • Port-based
  • User group-based
WIDS
  • Rogue device scan, identification, defense, and countermeasures, including dynamic blacklist configuration and detection of rogue APs, STAs, and network attacks
Authority Control
  • ACL limit based on the following:
    • Port
    • User group
    • User
Other Security Features
  • SSID hiding
  • IP source guard:
    • Configures IP and MAC binding entries statically
    • Generates IP and MAC binding entries dynamically

WLAN user management

Features Specifications
Address allocation of wireless users
  • Functions as a DHCP server to assign IP addresses to wireless users
WLAN User Management
  • Supports user blacklist and whitelist.
  • Controls the number of access users:
    • Based on APs
    • Based onSSIDs
  • Logs out users using:
    • RADIUS DM messages
    • Commands
  • Supports several methods to view information:
    • View user status by specifying the user MAC address, AP ID, radio ID, or WLAN ID
    • Display the number of online users on an ESS, AP, or radio frequency
    • Collect packet statistics on air interface based on user
WLAN User Roaming
  • Supports 802.11k and 802.11v smart roaming
  • Supports intra-AC Layer 2 roaming

Note: Users can roam between APs connected to different physical ports on an AC

  • Supports inter-VLAN Layer 3 roaming on an AC
  • Supports fast key negotiation in 802.1x authentication
  • Authenticates users who request to re-associate with the AC and rejects the requests of unauthorized users
  • Delays clearing user information after a user goes offline so the user can rapidly go online again
  • Supports smart roaming
User Group Management
  • Supports ACLs
  • Supports user isolation:
    • Inter-group
    • Intra-group

Physical specifications

Item Specifications
Board Dimensions (H x W x D)  1.4 in. x 14.9 in. x 14.8 in. (35.56 mm x 380 mm x 378.45 mm)
Maximum Power Consumption 168W
Board Weight 7 lb. (3.2 kg)

System configuration

Items Specifications
Processor Two multi-core CPUs, each configured with 16 cores, with dominant frequency of 600 MHz
DDR2 DRAM 16 GB (8 bit, 2 x 4 GB). Each CPU is connected to a 8-GB memory
Flash 64 MB
NAND FLASH 2 GB
Forwarding Capability 40 Gbit/s

Protocol and management

Parameters Specifications
Number of Managed APs Central AP: 256
Common AP and RU: 2K

Number of Access Users

  • Entire device: 32K
  • Single AP: Maximum of 256 depending on the AP model
Number of MAC Address Entries 32K
Number of VLAN 4K
Number of Routing Entries 16K
Number of ARP Entries 32K
Number of Multicast Forwarding Entries 2K
Number of DHCP IP Address Pools 256 IP address pools containing a maximum of 16K IP addresses each
Number of Local Users 1,000
Number of ACLs 32K
Number of ESSIDs 16K
User Group Management
  • 128 user groups
  • Each user group can reference a maximum of eight ACLs
  • Each user group can associate with a maximum of 512 ACL rules

Wireless networking

Features Specifications
Networking Between APs and ACs
  • APs and ACs can connect via a Layer 2 or Layer 3 network
  • APs can directly connect to an AC
  • APs are deployed on a private network
  • ACs are deployed on a public network to implement NAT traversal
  • ACs can be used for Layer 2 bridge forwarding or Layer 3 routing
Forwarding Mode
  • Direct forwarding (Distributed or local forwarding)
  • Tunnel forwarding (Centralized forwarding)
  • Centralized authentication and distributed forwarding
  • In direct forwarding mode, user authentication packets support tunnel forwarding.
  • Soft GRE forwarding
Wireless Networking Mode
  • WDS bridging
    • Point-to-Point (P2P) wireless bridging
    • Point-to-Multipoint (P2MP) wireless bridging
    • Automatic topology detection and loop prevention (STP)
  • Wireless mesh network
    • Access authentication for mesh devices
    • Mesh routing algorithm
    • Go online without configuration
    • Mesh network with multiple MPPs
    • Vehicle-ground fast link handover
    • Mesh client mode
AC Discovery An AP can obtain the device’s IP address in any of the following ways:
    • Static configuration
    • DHCP
    • DNS
  • AC uses DHCP or DHCPv6 to allocate IP addresses to APs
  • Supports DHCP or DHCPv6 relay
  • On a Layer 2 network, APs can discover the AC by sending broadcast CAPWAP packets
CAPWAP Tunnel
  • Centralized CAPWAP
  • CAPWAP control tunnel and data tunnel (optional)
  • CAPWAP tunnel forwarding and direct forwarding in an ESS
  • Datagram Transport Layer Security (DTLS) encryption
  • Heartbeat detection and tunnel reconnection
Active and Standby ACs
  • Enables and disables switchback
  • Supports load balancing
  • Supports 1+1 hot backup
  • Supports N+1 backup
  • Supports wireless configuration synchronization between ACs.
  • Support license sharing

Networking and applications

Application scenarios

The ACU2 is connected to an aggregation switch in chain or branched mode and processes both control and data flows. Management flows must be transmitted over CAPWAP tunnels while data flows can either be transmitted over CAPWAP tunnels or not.

The CAPWAP defines how APs communicate with ACs and provides a general encapsulation and transmission mechanism for communication. CAPWAP defines data tunnels and control tunnels:

  • Data tunnels encapsulate 802.11 data packets to be sent to the AC
  • Control tunnels transmit control flows for remote AP configuration and WLAN management

Two forwarding modes are available according to whether data flows are transmitted on CAPWAP tunnels:

  • Direct forwarding (also called local or distributed forwarding)
  • Tunnel forwarding (also called centralized forwarding). Tunnel forwarding is usually used to control wireless user traffic in a centralized manner

Deployment of the ACU2 in a WLAN (AC + Fit AP) network 

Deployment of the ACU2 in a WLAN (AC + Fit AP) network

The ACU2 is installed on a switch and supports two deployment modes:

  • Layer 2 chain deployment mode: The ACU2 is installed on an aggregation switch to manage APs connected to the aggregation switch directly or through an access switch. In this mode, the network between ACs and APs is a Layer 2 network.
  • Layer 3 branched deployment mode: The ACU2 is installed on an aggregation switch other than the aggregation switch connected to APs. APs communicate with the ACU2 through a local aggregation switch. In this deployment mode, the network between ACs and APs is a Layer 3 network.

ACU2 forwarding mode

ACU2 forwarding mode deployment scenario

Direct forwarding

In direct forwarding mode, wireless user service data is translated from 802.3 packets into 802.11 packets, which are then forwarded by an uplink aggregation switch.

The branched networking mode is often used on enterprise networks. Wireless user service data does not need to be processed by an AC, eliminating the bandwidth bottleneck and facilitating the usage of existing security policies. Therefore, this networking mode is recommended.

Tunnel forwarding

In tunnel forwarding mode, wireless user service data is transmitted between APs and ACs over CAPWAP tunnels.

Both control flows and service data flows are transmitted in CAPWAP tunnels.APs send data packets to the switch where the ACU2 is installed and the ACU2 decapsulates the packets and forwards them.

Traffic from wireless users under all APs is aggregated to the AC through CAPWAP tunnels to implement centralized traffic control.

For more information, visit http://e.huawei.com/en or contact your local Huawei sales office.