branch - Westcon

Transcrição

branch - Westcon

Rapid Ramp
Roteadores, VPN e WLAN
Rafael Rocha
Sales Engineer
[email protected]
http://br.convergencepoint.westcon.com/
Parte 1: Roteadores e VPN
Parte 2: Rede sem Fio
The Markets We Serve
Ethernet
Switching
Wireless
Networking
Unified
Branch
Access
Control
Unified
Management
Branch
& Remote
Enterprise
Campus
Data Center
Continuing aggressive investment in the Portfolio
4
Consolidating the Branch
 Delivers the survivable SIP Voice
platform for the Branch
 Consolidates Branch networking
functions into fewer, tightly-integrated
devices
IP Phones / Analogue Phones / PCs / Wireless APs / Legacy PBX
– Reduces network complexity &
streamlines capital & operational
costs
 Gives workers a high quality of
experience
PBX / Call Server
LAN Switch
High-performance
traditional Routing
Consolidated
functionality
Firewall
VPN
– Regardless of which
applications or services are
enabled across the network
Wide Area Network
Secure Router
Data Centre
5
Resilient Voice & Data for Remote Sites
 Converge data, voice and security in
a single cost-effective device
Nortel
Telset
Nortel
Softphone
SIP
Telset
Application
Plug-Ins
– Integrated IP Routing, PSTN
gateway, VPN & Firewall
services
Branch
 Deliver resilient & ―open‖ voice
services
SR 2330 / 4134
– Voice ―fail-over‖ to Secure
Router PSTN gateway when SIP
Server connection is lost
– Compatible with Nortel & 3rd-
party SIP call servers & Phones
PSTN
Wide Area Network
Secure Router
 Ensure quality of service for both
Central Site
voice & data
– Advanced QoS, VRRP, dial
SIP Call Server
back-up
6
Avaya AuraTM “Novo” Modelo para Filiais
System Manager
CM
MM
CM
CM
VP
MX
App
Aplicação
Filial
Avaya SR4134
PSTN
Avaya AG2330
7
Unified Networking for Branch & Offices
 Consolidate UC, Voice, Gateway &
networking functions
– In a single, reliable high-
performance integrated platform
Take the award-winning SIP-based
Software Communications System…
 Deliver a complete SMB or Branch
communications solution
– At a competitive price-point
 Improve Employee collaboration /
…and add it to the
SR 4134 with the
SCS Server Module
productivity
– Support up to 250 Users with full
UC services
 Streamline operational costs
– 4-5X the reliability of multiple,
Delivers on the promise of UC, in a complete,
unified Voice & Data solution
discrete devices
– Reduced power & facilities costs
8
Branch Appliance for Microsoft OCS
 Consolidate OCS Mediation
Services, Voice Gateway & Routing
OCS
Communicator
Nortel
Telset
Analogue
Telset
– Single platform solution for
Microsoft OCS environments
 Provide PSTN Gateway for OCS
Branch
Branch Clients & Devices
SR 4134
– Mediation Services Module
performs SIP-TDM translation
– Avoids PSTN backhaul to
PSTN
Wide Area Network
Central Site
 Deliver superior quality of experience
OCS Server
– High-performance ensures
reliable application delivery
Central Site
– Collaboration with Microsoft for
next phase OCS integration
CS 1000
9
Mobilizing the Workforce
 Enhanced Business Continuity &
Secure Portable Office
increased productivity for mobile
workers
User Access via SPO Token
Fast, simple, secure,
network access
– Customized remote access
 Simplified access to corporate
applications with pre-loaded Client
Software
Access from any
PC & location
Home
Internet
 Increased security with Desktop lock-
down & wiping technology – no data
left behind
Integrates with
acceleration technologies
iCafe
Transit
VPN
 Secure portable flash memory with
no risk for confidential information
– Simple-to-use two-factor
authentication
Decouples location
from productivity
Leverages existing
VPN & NAC infrastructure
Data Centre
Enterprise
Network
Campus
Simplifies provision
of Application access
11
Parte 1: Roteadores e VPN
Roteadores
Unified Branch Portfolio
Benefits, features & characteristics, and
positioning
1
Secure Router: Designed for Convergence
Wire-Speed Performance
> SR‘s wire-speed forwarding architecture
delivers line rate throughput regardless of
packet size or process or load
Wire-Speed
Performance
Intelligent
QoS/Multicast
Framework
Intelligent QoS Framework
> SR‘s Intelligent QoS Framework allows you
to build an unlimited set of QoS classes that
can be processed and forwarded at line rate
Security Services
> SR‘s security services provide sophisticated
perimeter security capabilities that
outperform purpose-built security appliances
Secure Services
Unified Branch
Highlights
WAN Core
SR 8012
SR 8008
 Up to 5X reliability & 2X
High-end Enterprise Core
Routers for Core WAN
applications in the Data
Center & large Branch
SR 8004
performance advantage over market
leader
 Tighter integration between all
Branch devices
 3rd-party compatibility with SIP Call
Servers & IP Phones
Branch
SR 8002
 Delivers the survivable SIP Voice
SR 4134
High-end converged
Branch Router
SR 3120
Targeted Branch Offices,
Enterprises & Service
Providers
SR 2330
Mid-tier converged
Branch Router
SR 1000
Targeted at Branch
Offices & SMEs
platform for the Branch
16
Secure Router Portfolio
Price/Performance
Complete Portfolio of Enterprise Routers
Converged Branch Platforms
SR4134
SR2330
SR3120
Mid Branch to Campus
SR1001/S SR1002
SR1004
Small - Mid Branch Access
Capacity / Density
18
Secure Router Portfolio
The Right Solution for Different Requirements
Secure Router
SIP-VoIP
Chassis and IO
• 7 Slot chassis
• DS3/CT3/HSSI, Serial,
BRI/PRI, T1/E1, ADSL
• Up to 76 ports 10/100POE
58 ports 10/100/1000
SR 4134
• 2x1000BT, 2xSPF base
• Hosted server module
• 3 Slot chassis
• T1/E1/Sync/PRI/BRI
• 2x1000BT, 4x100BT,
2xSPF base
SR 2330
SR 3120
SR1004
SR 1001
SR1001S
SR 1002
• SIP Gateway
• Survivable SIP
Proxy/user
agent,
Registrar
• FXS/DID/FXO/
CAMA/BRI/
PRI interfaces
• CAS, BRI, PRI
QSIG, E1 R2
signaling
• SIP trunks
Data Features
• IPv4, RIP, OSPF,
BGP, GRE, PBR,
VLAN, Multicast
• PPP, MLPPP, FR,
MLFR, BCP,
HDLC
• IPv6, MPLS L2
VPN (SR4134,
SR2330)
• 8-queue QoS
• Filters, ACL,
Stateful Firewall
• NAT
• 2 Interface modules
• Denial of Service
• DS3/CT3/Serial/T1/E1
• 2x100BT base
• IPSec VPN (sitesite, remote
access)
• Fixed configuration platforms
• VRRP
• Licensed T1/E1 interfaces
• SNMP, CLI, PCAP,
RMON, RADIUS
• T1/E1/Serial/BRI, 2x100BT base
• Cost effective
Unified Branch
Product Roadmap
Q1/10
Q2/10
J F M A M J
Q3/10
Q4/10
Q1/11
Q2/11
J A S O N D J F M A M J
Q3/11
Q4/11
2012
J A S O N D
V10.4
• Aura System Mgr
integration
• IPFix, WCCP, VRF
• Enhanced IPSec
VPN Security &
Performance
SR 4134
SR 2330
AGv11.0
AGv10.3.1
AGv10.2.2
• AG 2330 General
Availability
AG 2330
v9.4
SR 3120
SR 100x
Shipping
• Next-gen AG platform
• Integrated PoE/FXS
V9.4.1
• Re-branding
• Maintenance fixes
Plan of Record (POR)
Avaya Confidential – NDA Required
Plan of Intent (POI)
21
21
Secure Routers for the Converged Branch
SR 2330
SR 4134
Ideal as:
 Converged Access Router for small/ mid-sized Branches or remote
sites
 Environments needing T1/E1, Serial, ADSL or Ethernet WAN
connectivity
 Cost-effective resilient SIP Voice Gateway for remote sites
Ideal as:
 Converged multi-service Router for larger Branches & remote sites
 Environments with either higher-speed or multi-link WAN
connectivity needs
 Higher capacity resilient SIP Voice Gateway for larger sites
 ―Unified networking solution‖ combining UC, Voice, & Data services
in a single device
22
SR 2330 Value Proposition
Entry-level, modular converged Router
• Routing, Voice, Security, WAN
and LAN in a single platform
• Compelling integration – lower
TCO
Extends resilient VoIP to the Branch
Office
• PSTN connectivity
• SIP voice survivability
Flexible deployment options
• UC integrated Branch Router
• CPE device for Metro
Ethernet/Ethernet WAN
• Access Router for Branch
Office connectivity
4 x Fast
Ethernet Ports
3 x Small Module Slots
4 x Gigabit
Ethernet Ports
Interoperable with both
Avaya & 3rd party
Voice/Data equipment
24
SR2330 Front and Rear Views
•
•
Three Small Module Slots
(Compatible with SR4134)
Two Optional Internal Modules (not hotswappable)
•
•
•
•
VPN HW Acceleration (SCIM)
Packetized Voice Module (PVIM)
Four Gigabit Ethernet Ports (two Copper
and two Fiber)
Four Fast Ethernet Ports
3 x Small
Modules
• External CF Slot
• Console Port
• 12VDC Input for optional External
redundant Power Supply
• 1RU High
• LED Indicators
• All IO Interface Modules are Hot
Swappable
• Removable top for field serviceability
Redundant 12VDC
Power Input
Rear View
Front
View
Power
Entry
4 x Fast
Ethernet
Ports
4 x Gigabit Ethernet Ports
(2 1000BaseT and 2 SFP)
Console
Port
Compact
FLASH
26
SR 2330 Product Overview
Platform Details
Software and services
IPv4, IPv6 and Multicast routing
Frame relay (MLFR), PPP (MLPPP),
HDLC
MPLS L2-VPN (Ethernet, PPP, HDLC)
L2/3 Ethernet Switching
Security services (firewall, IPSec VPNs,
NAT, hardware encryption)
SIP Gateway and Survivability
Reliability
WAN
PSTN
2xFXS
4xFXS
2xFXO
4xFXO
1xT1/E1/PRI
2xT1/E1/PRI
ADSL2+
1xSerial
2xSerial
BRI
1xT1/E1/PRI
2xT1/E1/PRI
BRI
Port Resiliency (MLPPP, MLFR,
802.1ad)
Platform Resiliency (VRRP, BGP multihoming)
Platform Redundancy (power, cooling,
hot-swap_
MPLS Fast Reroute
Survivable SIP Gateway
Profitability
Cost effective as survivable SIP
Gateway on existing data networks
Extremely cost effective as converged
branch with VoIP, routing, security, QoS
and WAN
SR2330 / SR 4134 Interface Modules
Small Modules
1xT1/E1
2xT1/E1
1xSerial
2xSerial
2xFXO
4xFXO
2xBRI S/T
2xFXS
4xFXS
2xBRI U
1xADSL2+
(Annex A ou Annex B)
28
SR2330 Internal Modules
Optional Packetized Internal Voice Module (PVIM)
Para habilitar voz, a instalação é necessária !!!
Optional Security Co-processor Internal Module for VPN acceleration
and IPsec (SCIM)
Para habilitar VPN, a instalação é necessária !!!
PVIM
SCIM
PVIM Habilita VOZ !
Sobrevivência SIP
• SSM (SIP survivability module)
Media Gateway
• SIP-PSTN
29
SR 4134 Value Proposition
Multi-service, modular Routing platform
•
•
Integrates Routing, WAN, Voice
Gateway, security and LAN
Switching/ POE
Server module that can host UC or
other applications
3 x Medium Module Slots, or 1 x Large Slot (using 2 Medium)
4 x Small Slots
Compelling Branch/remote site
consolidation - lower TCO
•
•
Cost savings through reduced
operational expense, maintenance
and facilities
Reduced WAN OPEX through
bandwidth efficiency
Voice / Data convergence solution
•
•
•
•
Extend resilient SIP voice services to
the branch
All-in-one site solution for UC
deployments
Nortel SCS
Microsoft OCS Mediation services
4 x Gigabit
Ethernet Ports
2 x PSUs
30
SR 4134 Capacidade
WAN/LAN
31 x T1/ E1s (physical)
3 x Medium Modules
84 x T1 (logical) through CT3
1 x Large Module
(use 2 Medium Modules)
3 x DS3
3 x HSSI
4 x Giga
Ethernet
7 x serial (V.35/X.21)
72 = 3 x 24-port 10/100 with PoE
58 GbE ports =
10-port 10/100/1000 non-blocking
module + 44-port 10/100/1000
Voice
4 x Small
Modules
64 FXO/FXS ports (w/ Voice
Carrier module)
128 DSP channels
31
Platform Details
IPv4, IPv6 and Multicast routing
HDLC
MPLS L2-VPN (Ethernet, PPP, HDLC)
L2/3 Ethernet Switching (incl. POE)
Security services (firewall, IPSec VPNs,
NAT, hardware encryption)
SIP Gateway and Survivability
Reliability
WAN
8xT1/E1
44x10/100/1000
1xDS3
1xCh DS3
1xT1/E1/PRI
2xT1/E1/PRI
ADSL2+
LAN
10x10/100/1000
1xSerial
2xSerial
BRI
24x10/100
24x10/100 POE
PSTN
2xFXS
4xFXS
2xFXO
4xFXO
1xT1/E1/PRI
2xT1/E1/PRI
Port Resiliency (MLPPP, MLFR,
802.1ad)
Platform Resiliency (VRRP, BGP multihoming)
Platform Redundancy (power, cooling,
hot-swap_
MPLS Fast Reroute
Survivable SIP Gateway
Application hosting
SCS for up to 250 users
BRI
SCS server module
Small Modules
33
Small Modules
1xT1/E1
2xT1/E1
1xSerial
2xSerial
2xFXO
4xFXO
2xBRI S/T
2xFXS
4xFXS
2xBRI U
1xADSL2+
(Annex A ou Annex B)
34
SR 4134 – Slot 2 - Atenção
Small Modules
35
SR4134 Interface Modules
Medium Modules
Medium Modules
SCS Module
Mediation Services
Module
Zero ou 50 User license
Mesmo custo usuário
8xT1/E1
1xDS3
1xCT3
10x10/100/Gig
2 portas SFP shared
24x10/100
24x10/100 POE
Carrier Voice Module
Para expansão de portas analógicas
FXS, FXO
SR4134 Voice Modules
Large Modules
EOS: 31/março/2011
Large Modules
44 x10/100/Gig
2 portas SFP shared
EOS: 31/março/2011
SR4134 – Módulos Internos
PVM e VPN Ipsec Module
Módulo PVM – Habilita Voz
Sobrevivência SIP
• SSM (SIP survivability module)
Media Gateway
• SIP-PSTN
Módulo interno de VPN
necessário
• Capacidade de 1000 túneis
• Suporte ao VPN Client (Contivity)
• Versão 10.2
SR4134 – Power Supply
Power supplies are available in the following wattage:
• 250 W AC
• 660 W AC (410 W available for PoE)
• 250 W DC
Alternativas:
• one or two standard AC input modules
• one or two Power over Ethernet (PoE) AC input modules
• one standard AC and one PoE AC input module
• one or two DC modules
• one AC (standard or PoE) and one DC module
SR4134 PVM – SR2330 PVIM
SR 4134 – PVM
SR 2330 – PVIM
Adiciona funcionalidades:
sobrevivência SIP e media
gateway
Adiciona funcionalidades:
sobrevivência SIP e media
gateway
Default
Default
•Instala 8 licenças DSP (channellicense)
•Instala 25 licenças SSM
(sobrevivência SIP)
•Instala 8 licenças DSP (channellicense)
(sobrevivência SIP)
SR 4134 – PVM
SR 2330 – PVIM
Sobrevivência SIP - SSM
Sobrevivência SIP – SSM
Default
Default
Capacidade Máxima
Capacidade Máxima
•300 licenças SSM
•100 licenças SSM
Alternativas
Alternativas
•SSM: 0, 25, 300
•Não existe soma de licenças
•Capacidade total é da última
licença
•SSM: 0, 25, 100
licença
SR 4134 – PVM
SR 2330 – PVIM
Media Gateway
Media Gateway
Default
Default
•Instala 8 licenças DSP
•Instala 8 licenças DSP
Capacidade Máxima
Capacidade Máxima
•128 licenças DSP
•64 licenças DSP
Alternativas
Alternativas
•DSP: 8, 16, 32, 64, 128
licença
•DSP: 8, 16, 32, 64
licença
SR 4134 with integrated SCS
Challenge: Multiple discrete
devices required to deploy a
complete communications
solution
UC + Data + Voice +
Security solution in a single
cost effective platform
Solution: All-in-one UC, Voice &
Data for SMB or Enterprise
Branches in a single device
Business Value:
• Complete SMB or Enterprise
Branch solution for up to 250
users
• Reduced operational expenses
 Fewer devices, less configuration,
less maintenance, increased
reliability
 Reduced facilities costs, reduced
power & cooling requirements
47
What is Software Communication System?
A Full Featured SIP Soft PBX + UC System..
Mobility /
FMC
VoIP, Video, Conf,
Web & email
Conference
Server
Call
Center
SCS
SIP Unified
Communications
Core
SCS
Directory
Fully Featured IP sets
Collaboration, VoIP, Presence, etc.
Server
email
Corporate app w/ VoIP
& presence
Server
Media Server
(Voicemail, IVR)
SIP Unified
Communications
Core
Fixed Mobile Convergence
Web page w/ VoIP
& presence
IM / Chat
Speech
Recognition
Multimedia Desktop Applications
Calendar
Runs on off-the-shelf computing platforms
48
Resilient Integrated Voice Gateway
Integrated PSTN Gateway with Routing,
WAN & Security services
Data Center
PSTN connectivity
•
•
T1/E1 PRI, BRI, FXS & FXO
Up to 64 DSP channels for SR 2330
& up to 128 DSP channels for SR
4134
PSTN
Avaya Communications
Server 1000 or
3rd party SIP call
servers
Optional Office
Communications
Server 2007
Mobile
SIP Survivability
•
•
•
•
•
Phone & call routing services
maintained when SIP Call Server
connectivity is lost
Inbound & outbound calls through
PSTN
Intra-site calls with local services
(e.g. conferencing, transfer)
Supports Nortel & 3rd-party SIP
Phones
Avaya/Nortel 1120E/1140E, LG
Nortel 6800/8800, Polycom 320
IP
WAN
Secure Router
2330 / 4134
PSTN
Branch
51
SIP Survivability
Normal Mode – WAN UP
Call Server
Head Office
WAN Link
Remote
Branch
Office
SSM
SIP-PSTN
Gateway
PSTN
Trunks
PSTN
SR4134/SR2330
10.2.0
Analog
Phone C
SIP
Phone A
SIP
Phone B
52
SIP Survivability
Survivable/Backup Mode – WAN DOWN
Call Server
Head Office
WAN Link
Remote
Branch
Office
SSM
SIP-PSTN
Gateway
PSTN
Trunks
PSTN
SR4134/SR2330
10.2.0
Analog
Phone C
SIP
Phone A
SIP
Phone B
53
Advanced Gateway 2330
Key Features and Positioning
Cost-effective resilient voice for branch sites
•
•
Provides local PSTN/voice services if connectivity lost to the
central SIP server
Price competitive to Cisco voice router upgrade
Key Features
– Voice media gateway with FXO, PRI and FXS interface options
– SIP Survivable voice for up to 100 users
– Certified with Avaya Aura™, CS1K and other SIP servers
– Compatible with Avaya 9600 IP Deskphones and other Avaya and 3rd-party SIP
devices
– Software upgrade option to full-function WAN router
Positioning
– Cost-effective ―basic‖ survivable gateway solution for small to mid-size branches
– Best for enterprises who may want to later upgrade to a full-featured WAN router
Cost-effective branch gateway for centralized Avaya Aura™
deployments
Advanced Gateway 2330 for Aura and other
Call Servers
Aura, CS1K, CS2K/A2E, CS2100,
SCS, OCS R2, 3rd party
Highlights
> Survivable SIP with
modular PSTN interfaces
Certified with
Aura CM/SM
5.2.1
Data Center
SIP-based
UC/VoIP server
> Certified with Avaya Aura
& 9600 phones
> SIP ―thin client‖ branch
option for central Aura
deployments
> Also certified with CS
1000 R6.0, CS 2100,
SCS, Microsoft OCS R2
and others
WAN
AG 2330
PSTN
AG 2330
> Single vendor central UC
and branch solution
> Can also address branch
router need
55
Survivable SIP Gateway Solution Overview
With Avaya Aura™ Communication Manager / Session Manager
HQ
PSTN
CM
100’s of
branches
SM
UC Apps
Mobility
Messaging
Application
Conferencing
Advanced
Gateway
2330
MPLS
WAN
 In normal conditions phones get all features
from the HQ
 Branch SIP gateway provides PSTN (analog
trunk) connectivity and intra-branch calling
during WAN outages
 SIP gateway functions as a proxy/registrar
during WAN outages, enabling the phones to
register to them
Normal Signaling path
WAN outage path
Low cost solution
enabling branches
to stay connected
Advanced Gateway 2330
Multiple packages
Bundled options based on the Avaya Secure
Router 2330 hardware
•
•
Bundle includes chassis, voice gateway
hardware and associated software licenses
Separate bundles for FXO and PRI options
Voice components include:
•
•
•
Integrated packet voice module DSP module
(factory-installed)
25-user SIP user survivability license
(upgradeable to 100)
PSTN interface modules
• AG2330-2FXO: 2xFXO and 2xFXS
• AG2330-4FXO: 4xFXO and 4xFXS
• AG2330-PRI: 1xPRI and 4xFXS
•
AG2330- 2FXO
AG2330- 4FXO
2x FXS
4xFXS
2xFXO
4xFXO
AG2330-PRI
32 channel DSP license (for AG2330-PRI)
Um slot livre para expansão
4xFXS
Software upgrade converts the Advanced Gateway into
Avaya’s Secure Router 2330
1xT1/E1 PRI
Secure Routers for WAN Access
SR 1000 Series
(SR 1001/S, 1002, 1004)
SR 3120
Ideal as:
 General WAN access router for enterprise branches and remote
sites
 Environments with up to 4xT1 / E1 or Serial WAN links
 Where cost with wire-speed performance is important
Ideal as:
 Mid-range WAN access router for enterprise branch and regional
sites
 Environments with up to 16 x T1 / E1, 8 x Serial or 2 x DS3 WAN
links
 Economical WAN aggregation over channelized DS3
 Where higher-performance with multiple WAN links are needed
67
Secure Router 1000 Series & 3120
SR 3120
SR 1004
SR 1002
Mid to High-End
 Smallest, fastest Router
with Channelized T3
 Up to 56 T1s with CT3 &
16 xT1/E1, Serial
Mid-Range
 Highly scalable mid-range edge
router
 Ideal for corporate CPE
 Supports as many as 200 users
Entry-Level
 Value-priced entry-level Edge
Router
 Cheapest, fastest, feature-rich
T1 Router
 Ideal for Branch Offices /
remote locations
SR 1001/1001S
68
SR 1000 Series Overview
 1,2 and 4-port T1/E1 models
SR 1004
– 1001 is T1/E1 software selectable with ISDN BRI
option
– 1001S with Serial interface V.35/X.21 DCE/DTE
– 1002 & 1004 are fixed configuration T1 ou E1
 2 Fast Ethernet ports
SR 1002
 AC or DC (US & Canada only) power supplies
 Hardware encryption acceleration (1002/1004)
SR 1001/1001S
IP Router
WAN Features
Firewall &
Security
QoS
IPsec Branch
VPN
Convergenceready
69
Única Power Supply Externa
SR 1001/1001S
SR 1002
SR 1004
SR 1001
 1 x T1/E1 models
– 1001 is T1/E1 software selectable
– ISDN BRI option
SR 1001/1001S
– 1001S with Serial interface V.35/X.21 DCE/DTE
 NO Hardware encryption acceleration
ISDN
 Opção para backup / contingência
 Disponível nas versões de interface BRI S/T e BRI U
 Disponível para os modelos 1001 e 1001S (quatro modelos)
 Disponível sem o cabo de força associado – solicitar em separado
VPN
 Software, sem aceleração em HW
 Necessário bundle com VPN license
 VPN license pode ser adiciona a uma configuração básica
Cabos e Alimentação Elétrica
 Solicitar em separado cabo WAN
 Sempre acompanha fonte AC
71
SR 1002
 2 x T1 ou E1 models
– Selecionar HW com E1
– Opção com 1 x E1 ou 2 x E1
SR 1002
– Licença upgrade de 1 x E1 para 2 x E1
 Hardware encryption acceleration
E1
 Bundle <E> com cabo de força North America (2P + 1) possui T1
 Opção 1: solicitar bundle E1 com outro cabo de força
 Opção 2: solicitar bundle E1 sem cabo de força e o solicitar em separado (preferencial)
VPN
 Aceleração em HW
 VPN license pode ser adicionada a uma configuração básica
72
SR 1004
 4 x T1 ou E1 models
– Selecionar HW com E1
– Opção com 1 x E1, 2 x E1 , 3 x E1 , 4 x E1
SR 1004
– Licença upgrade de E1 adicionais
 Hardware encryption acceleration
E1
 Bundle <E> com cabo de força North America (2P + 1) possui T1
 Opção 1: solicitar bundle E1 com outro cabo de força
 Opção 2: solicitar bundle E1 sem cabo de força e o solicitar em separado
VPN
73
 2 slot 1 RU rack-mountable Chassis
SR 3120
 2 RJ-45 ports (Console/AUX)
 AC or DC Power Supplies
 Compact Flash & USB Memory
 Interfaces Modules:
– 8-port and 4-port E1/T1
Interface
Modules
– 4-port and 2-port serial
– 1 port DS3c/ DS3
IP Router
WAN Features
Firewall &
Security
QoS
IPsec Branch
VPN
Convergenceready
74
SR 3120 – Power Supply
SR 3120
• Secure Router 3120 chassis with:
• one AC power supply
• dual AC power supplies
• one DC power supply
• one AC and one DC power
• dual DC power supplies
• Purchase orders must reflect the
correct chassis version.
• Secure Router 320 power supplies
are not separately orderable.
E1
 T1 / E1 é o mesmo HW
 E1 selecionada via software
VPN
 Fontes não são posteriormente adicionadas, devem ser adicionadas na aquisição inicial
Platform Details
IPv4 and Multicast routing
BGP, OSPF, RIP
HDLC
Security services (firewall, IPSec
VPNs, NAT, hardware encryption)
QoS
HW encryption accelerator included
WAN
4xT1/E1
8xT1/E1
1xDS3
1xCh DS3
2xSync/Serial
4xSync/Serial3
Reliability
Port Resiliency (MLPPP, MLFR)
Platform Resiliency (VRRP, BGP
multi-homing)
Profitability
Cost effective for nxT1/E1 and
DS3/chDS3 branch deployments
needing traditional routing
SR - Resumo
1001
1001S
1002
1004
2330
3120
4134
Interface Slots
0
0
0
0
3
2
7
Interface
Serial
0
1
0
0
6
8
7
Max T1/E1
Ports
1
0
2
4
6
16
31
FE Ports
2
2
2
2
4
2
72
GbE Ports
0
0
0
0
4
0
58
Sobrevivência
SIP
Não
Não
Não
Não
Sim
Não
Sim
Gateway SIPPSTN
Não
Não
Não
Não
Sim
Não
Sim
Fonte
Redundante
Não
Não
Não
Não
Externa
Interna
Interna
80
VPN
VPN Gateway Portfolio
positioning
VPN Gateway Benefits
Extends secure remote access to both employee and non-employees
Delivers application services to home based and mobile users
Ensures always on business continuity in case of natural or man-made
disasters
Mix of End User and Security Requirements
Information Security Mandates
Multiple User
Communities
Avaya VPN Gateway
Avaya Solution
• Client based and Clientless access
Mobile Users
Sales
Finance
HR
Teleworkers
Multiple
Device Types
Partners
• Malware protection
• Information loss prevention
CRM
Sharepoint
Thin Client
Unified Comm
Contractors
• Role based information isolation
Application Complexity
• Strong 2-factor authentication
• Corporate, regulatory compliance
• Multiple device support – PC, Mac,
Mobile, Linux
• Secure Portable Office – USB flash
• Extended, secure Unified
Communications
Mergers
84
VPN Portfolio
VMware Optimized Virtual Appliance formfactor
10 - 250 concurrent
IPsec/SSL Sessions
Virtual Appliance
3050
VPN Gateways
10 - 500 concurrent
IPsec/SSL Sessions
Virtual Appliance
3070
Loadable to any VMware ESX or ESXi
compliant hardware
No charge for Virtual Appliance – simply
download the virtual appliance software
•
Note: by default the Virtual Appliance
contains no licensing so product must be
licensed to enable functionality.
Simply purchase the desired licenses (SSL &
Ipsec, SPO, etc) & enable the
functionality/capacity just like the
hardware variants
Customer can deploy as many Virtual
Appliances as needed & use Clustering to
obtain desired capacity
85
Secure Portable Office
Uses USB Drive for portable Client
environment to efficiently deliver
personalized suite of corporate applications
on any PC
Corporate
Applications
Voice,
Collaboration,
Multimedia
Intranet
Web-mail
Protects temporary work environment
Leaves no trace or presence
SPO is built around new functions of the VPN
Gateway
Remote PC
USB Secure access, Session Control
VPN Gateway
92
―VPN-on-a-Stick‖
VPN
Gateway
SPO Session
USB Flash
Memory Client
SPO Session
Local Apps
& Storage
(HA Cluster)
SMO
Session
cycle
SPO Session
Application &
File Servers
PKI
Radius Server
Active Directory / LDAP
SPO Client offers User Experience
Plug the SPO USB Drive into any PC with Internet connectivity
Authenticates User and secures the PC
User accesses applications from a menu
Pulling the SPO USB Drives exits sessions, & wipes web cache and encrypted file system
Simple, Secure, Portable
Proven Back-Office
Integration
93
Licenciamento
Licenças de acesso são compartilhadas entre um cluster redundante
Licenças são contabilizadas por acessos simultâneos
• SSL / IPSEC
• Emergency Remote Access (ERA)
Licenças de funcionalidade necessitam ser instaladas em cada
equipamentos
• Secure Portable Office
• Necessário licença para habilitar a função
• Consome 1 licença SSL (IPSEC apenas não serve)
• Licenças por ―seat‖, não por acesso simultâneo
• Uma licença por pen-drive
• Licença de Application Virtualization (Ceedo).
94
New with Rel. 8.0
Starter Kits
The new virtual appliance model
enables the creation of very cost
effective ‗Starter Kits‘ to allow
customers to efficiently and cost
effectively enable advanced VPN
services.
Includes everything you need to
enable remote access with support
for SSL, SSLVPN, IPSec and
Secure Portable Office.
Starter kits are discountable using
WPP and VID just like other parts.
First appearing on the December
2009 price book but orderable now
are two new Starter Kits.
EB0016025
EB0016026
Description
10 User Starter Kit
50 User Starter Kit
MSRP USD
$4,995
$8,995
Appliance
Virtual Appliance
(NVG-3050-VM or
NVG-3070-VM)
Virtual Appliance
(NVG-3050-VM or
NVG-3070-VM)
SSL Users
10
50
IPSec Users
10
50
Secure Portable
Office Users
10
50
Emergency Remote Access
Solução de baixo custo para capacidade adicional de licenças de acesso VPN
para casos de emergência / calamidade
Uma vez instalada, está pronta para uso, sem intervenção manual
Quando a capacidade licenciada for excedida, as licenças ERA são acionadas
Uma vez ativadas, permanecem válidas por 60 dias
Necessário contato com Avaya para poder reinstalar as licenças para a proxima
emergência
Note 1: Must include a maintenance agreement in order to use the return authorization process for the
ERA license.
VPN Gateway Summary
Feature/Capabilities
VPN 3050 Virtual Appliance
VPN 3070 Virtual Appliance
Entry-level Virtual
Appliance for VM Systems
Expanded Virtual Appliance
for VM Systems
Supports 1-4 interfaces
Supports 1-4 interfaces
250
500
SSL VPN Users
10 - 250
10 - 500
IPsec VPN Tunnels
10 - 250
10 - 500
Depends on Server
Depends on Server
Deployment
Copper Interfaces
Fiber Interfaces
Maximum concurrent VPN
Tunnels
SSL acceleration (tps)
98
VPN Router
2700/2750
5 - 2,000 IPsec Tunnels
VPN Router
1700
50 - 50,000 concurrent
IPsec/SSL Sessions
50 - 2,000 concurrent
IPsec/SSL Sessions
VPN Gateway
3070
VPN Gateway
3050
VPN Gateways
VPN Routers
VPN Portfolio - EoS
5 - 500 IPsec Tunnels
VPN Router = Contivity
VPN Router entra em EoS em 1/abril/2011
VPN Gateway HW
EoS em 1/dezembro/2010
Único modelo na lista é VPN Router 2750 com
2000 túneis
99
VPN Router – MD - EOS
Migration Strategy and Discontinued Order Codes
Migration Strategy
Avaya offers the following alternative solution(s).
The VPN Router supports two principal VPN applications: 1) secure branch-to-branch (branch office
tunneling) and 2) VPN remote access (or secure access) for VPN clients. Avaya recommends
that VPN Router customers consider the Avaya Secure Router for future secure branch-tobranch deployments and the Avaya VPN Gateway for future VPN remote access
requirements.
For secure branch-to-branch deployments, the Secure Router 2330 and 4134 are the
recommended replacement options. The Secure Router 2330/4134 v10.2 feature set includes
interoperability with the VPN Router over routed branch-to-branch VPN connections, which can
simplify migration from an existing VPN Router deployment. The Secure Router 2330 and 4134 also
can terminate the Avaya (previously Contivity/Nortel) VPN Client – even though neither of these
platforms is recommended for large scale remote access applications. The Secure Router 2330
supports up to 100 IPSec VPN tunnels and the Secure Router 4134 supports up to 1000 IPSec VPN
tunnels. The Secure Router 2330 and 4134 VPN option ships with VPN Client v8.01 (XP) and v10.01
(Vista). VPN Client v10.04 (XP, Vista, Windows 7) can be downloaded from the support portal.
The Avaya VPN Gateway 3000 Series is the recommended replacement option for VPN
Router secure access deployments. The VPN Gateway portfolio can act as a secure remote
access concentrator for IPSec VPN clients using the Avaya VPN Client software, as well as provide
support for browser-based SSL connections. The VPN Gateway also supports Avaya Health Agent (or
Tunnel Guard).
100
VPN Summary
VPN 3050
Virtual
Appliance
VPN 3070
Virtual
Appliance
SR 1K
SR 2K
SR 3K
SR 4K
250
500
100
100
1.000
1.000
SSL VPN
Users
10 - 250
10 - 500
0
0
0
0
IPsec VPN
Tunnels
10 - 250
10 - 500
100
100
1.000
1.000
Site-Site
VPN
Sim
Sim
Sim
Sim
Sim
Sim
RAS VPN
Sim
Sim
Básico
Básico
Básico
Básico
Suporte a
VPN Client
(exContivity)
Sim
Sim
Não
Sim
Não
Sim
Gratuito (*)
Gratuito (*)
Licença
Módulo
Licença
Módulo
Feature/Cap
abilities
Maximum
concurrent
VPN Tunnels
Modo
* Licenças de acesso IPSec/SSL são pagas. Virtual Appliance não possui nenhuma.
101
Introducing VPN Client 10.04
Version 10.04 is the industry‘s first unified VPN Client that supports both
IPSec and SSL, has the ability to connect to many termination devices
and provides support for 32 and 64 bit Windows operating systems
(XP, Vista, Seven).
Atenção: SR 1k e 3k não suportam
General Availability Feb-8th, 2010
VPN Client
VPN Gateway
IPSec/SSL
VPN Router
IPSec
IPSec
SR 4134
IPSec
SR 2330
IPSec
BCM
103
VPN Client 10.04 Features
 Windows XP through Windows 7 support
 32-bit and 64-bit platform support
 Single Installer
 Automatic Proxy Detection
 Windows XP – Tunnel and Authentication Seperation
 Wireless Mobile Broadband Adapter support
32bit
64bit
32bit
64bit
32bit
64bit
NVC 7.x/8.x
Yes
No
No
No
No
No
NVC 10.01
No
No
Yes
Yes
Limited
Limited
NVC 10.04
1
Combined IPSec and SSL
Create connection profiles for
both IPSec and SSL VPN
services.
Failover tunnel within protocol or
across protocol (ex IPSec to
SSL).
Client binaries include
necessary drivers to support
IPSec and SSL.
106
VPN Client Pricing
The VPN Client is not a chargeable item. An unlimited license
to use on Windows clients is provided with all VPN Routers, VPN
enabled Secure Routers and VPN Gateways.
• Access is limited by the number of concurrent seats licensed on the VPN
Router/Gateway but the VPN client can be installed to any number of endpoints.
• A valid maintenance agreement for VPN Gateway, Secure Router (VPN
enabled) or VPN Router must be in place (on each device terminating a
10.04 VPN client connection) to obtain this client software upgrade.
109
Parte 2: Rede Wireless
Delivering Valuable Differentiation
Progressive evolution of our Wireless
Networking technology
1
Wireless LAN in Transition
Toward all wireless access in the enterprise
Unified
2010+
Overlay
2005+
Value/Market
Standalone
2000+
Wireless Hot Spot
•
•
On-site Mobility
Convenience
I
True 802.11n bandwidth
and performance
•
•
Support for all applications
•
Increased adoption
•
Full Wi-Fi footprint
infrastructure
including management.
•
Primarily data
•Universal
Occasional use
Standalone AP‘s
All Wireless Access
•Unified
•Unwired
Productivity
II
mobility
deployments
TCO/Transformation
III
115
11
5
Today‘s WLAN Architecture
 Disparate Networks
Phone
PDA
Laptop
Phone
– Wired & Wireless
 Centralized Architecture
– Thin Access Points
– Centralized Dual Function
Wireless Controller
• Control Point (control traffic)
• Switching Point (data traffic)
Wireless Controller
 Challenges
– Inefficiencies
– Hardware non-optimized
– Limitations in scalability
116
Unleashing the potential of Wireless
 Performance optimization
– Traffic no longer needs to
terminate on Wireless
Controllers
 Improved resiliency
– Wireless Controllers virtualized
Next Generation
Architecture
‘Split-Plane’
Control plane leverages
high-availability
Data plane leverages
high-performance & highavailability
& availability is protected
Access Switch
Wireless scalability
becomes virtualized
 Seamlessly scalability
– Control & Data Planes scale
independently & at different
rates
Distributed Wireless
Switching software
Data & Control planes
scale independently
Wireless Controller is
virtualized & protected
 Reduces costs
– Wireless Controllers become
virtual applications & not linked
to hardware
Application
Hosts & V-Servers
Virtualized
Wireless Controller
117
Wireless Networking Portfolio
positioning
1
Investment Strategy for Wireless Networking
BEYOND
TOMORROW
TODAY
802.11n adoption
commences
Simple overlay system
802.11n deployments
ramp
Integrated Wireless
products
Introduce WLAN 8100
Unwired Enterprise
deployments ramp
• Wireless optimized
switching
119
119
Wireless Networking – 8100 Series
Discrete
Wireless
Appliances
Integrated
Wireless
Solutions
Highlights
 Next Gen Architecture
– True wired/wireless integration
– Innovative ―split plane‖ design
Campus
• Separate resources to control,
data and management traffic
 Optimized wireless switching
– Improved resiliency
– Improved scalability
– Greater efficiencies
Branch
– Lower TCO
 Partnerships with market leading
vendors
122
Wireless Networking
Product Roadmap
Q2/10
A M J
Q3/10
Q4/10
Q1/11
Q2/11
J A S O N D J F M A M J
v1.0
•WC 8180
•AP 8120
•WMS
WLAN 8100
Shipping
Q3/11
Q4/11
2012
J A S O N D
v1.1
•Plenum-rated AP
•External antenna for AP
•Outdoor AP
v2.0
•Split-plane on 8800/8600
•Low end AP
•Virtual WC
Plan of Record (POR)
Avaya Confidential – NDA Required
Plan of Intent (POI)
125
125
Avaya WLAN Strategy and Evolution
Avaya WLAN 2300 Series
• Overlay WLAN offering
Avaya WLAN 8100 Series
• Next generation architecture
• True unification with virtualized controllers,
wireless enabled switches, unified mgmt
• Always available, efficient & scalable
Access Points
Access Points
Wireless enabled
switches
Seamless
migration
Servers
Wireless Controllers
Servers
Virtualized
Wireless
Controller
129
Introdução ao WLAN 8100
Always On, Efficient, Scalable
1
Introduzindo WLAN 8100 Series
 A next generation wireless LAN solution that combines the latest 802.11n
wireless standard with a new unified wired/wireless architecture
 Meets the needs of the emerging Unwired Enterprise era, by delivering
unparalleled resiliency, efficiency and scalability
 Built by Avaya in house leveraging our rich heritage in voice and wireless
 Going-forward solution for businesses seeking a WLAN solution optimized
for data and real time traffic such as voice, UC and video
131
WLAN 8100 Release 1
WAP 8120
 Complete 802.11n solution
 WLAN Access Point 8120
•802.11n
•Dual radio
WC 8180
WC 8180 -16L
 WLAN Controller 8180
 WLAN Management
Software 8100
•Support for up to 256
APs
•Lower cost option for
small branch deployments
 Unified Management
•Support for 16 APs
 Broad range of wireless
application opportunities
WLAN Management Software 8100
* Delivered via software in future release
 Strong VoWLAN support
132
WLAN 8100 Overview
The WLAN 8100 Solution includes, at a minimum, the following
components:
• WC 8180, WLAN Controller available with 16AP or 64 AP licenses,
upgradeable in increments of 64.
• AP 8120, 2 Radio 802.11n Access Points
• WMS, WLAN Management System
133
Introducing WMS for 8100
Integrated into Avaya‘s UCM
Provides Complete WLAN Management
• Off-box Element Management
• Provides WC Cluster management support
• RF Tools
• Monitoring, Visualization, Location
• Reports, Trending
• Debugging & Troubleshooting
• Basic Event management
• Standalone Mode or Integrated with UCM
UCM Integration Features
• Discovery/Topology for both WLAN 2300 and WLAN 8100
• Alarms for both WLAN 2300 and WLAN 8100
• Single Sign On
• Punch through to WMS 2300 or WMS 8100
• Push WLAN 2300 configuration parameters to WLAN 8100 for simplified nextgen expansion
134
WLAN Controller 8180
Innovative Split Plane architecture
Scalable
•
Facilitates moving Data plane
and/or Control plane to
Core/Edge switches
Capabilities
•
•
•
•
•
•
•
•
•
•
Support for up to 512 802.11n
APs (256 in Release 1); 10
Gbps
Lower cost option (WC 818016L) for smaller branch
deployments (16 licenses)
12F and 12Cu GbE
32 Controllers /Cluster
Dual-Redundant Power
Supply
FIPS 140-2 Ready
10Gbps add-on processor
capable
L2 & L3 secure seamless
roaming
RADIUS/LDAP Integration
WebUI, CLI, SNMPv3
Additional Module
(data or control)
Redundant
Power
Supplies
NPU
Copper/Fiber ports
2 10G ports
135
WLAN Access Point 8120
Dual Radio 802.11n AP
Performance
•
Industry leading VoWLAN performance
Capabilities
•
•
•
•
•
•
•
•
•
•
•
3 Antenna MIMO, 2 Spatial Streams,
up to 300 Mbps bandwidth
802.11n & Legacy 802.11a/bg
Control plane encryption
802.11e, 802.11r, CAC, 802.1p, DSCP
GigE interface with 802.3af POE
WMM, UAPSD, TSPEC (802.11e)
Certified
802.11i/WPA2 Security
Internal & External MIMO Antenna
arrays
2 Radio version
FIPS 140-2 ready
Capable of Distributed Forwarding
WLAN Access Point 8120
136
Rock Solid Resiliency
Auto AP load balancing
AP & Controller clustering
Many to many redundancy
Hitless failover
Wireless Controllers virtualised
Availability is protected
137
Always Secure
WMS Client
AirTight Server
Authentication & Encryption
Supports today‘s strongest
security standards
Wireless Intrusion Detection and
Protection
Secure Network Access
Unauthorized AP protection
Intranet
WLAN AP 8120
Alarms
Analysis
Location
Trending
AirTight Sensor
138
Applications: Voice over WLAN
Enforced QoS over wireless link
Advanced Call Admission Control
Scalable
Low latency & jitter
Seamless Roaming
High resiliency
End to end Solution
Avaya 3641
IP Wireless Phone
Avaya 3645
IP Wireless Phone
139
Applications: Location Services
Application (eg. Locating/Tracking)
―Dr
John
J. Smith
is here‖
X
Find & track assets in real time
• People, Equipment,
Inventory, Wi-Fi devices
Save money
• Reduce loss/theft
Overlay tracking application
• Ekahau client/server
components
communicate over WLAN
8100
• High resolution accuracy
X
Ekahau RTLS
Server
Infusion
pump
WC 8180
WAP 8120
Asset Tag
Laptop
Asset Tag
PDA
141
Applications: Guest Access
Convenient network connectivity
for guests and temporary users
Front-desk personnel generate
unique user ID/password for
each visitor
• Associated security profile
• Time of day
• Restricted locations
Unified wireless and wired guest
access manager
• Simplified operations
142
802.11a,b/g & n Comparison
802.11b
802.11g
802.11a
802.11n (2H08)
Compatibility
802.11b
802.11b,g
802.11a
Number of
Channels
3 nonoverlapping
3 nonoverlapping
Typical
Indoor Range
100 ft - 300 ft
30,48 mt – 91,44 mt
100 ft - 300 ft
30,48 mt – 91,44 mt
Typical
Outdoor
Range
(Line of
Sight)
400 ft - 1500 ft
121,92mt - 457,2 mt
400 ft - 1500 ft
121,92mt - 457,2 mt
100 ft - 1000 ft
30,48 mt – 304,8 mt
Farther than
802.11a,b/g
54, 48, 36, 24,
18, 12, 9, and 6
Mbps
54, 48, 36, 24,
18, 12, 8, and 6
Mbps
Up to 600 Mbps
Data Rates
11, 5.5, 2 and 1
Mbps
Wireless
Medium
DSSS,
2.4 GHz
OFDM, 2.4 GHz
OFDM, 5 GHz
OFDM, MIMO in
2.4 and/or 5 GHz
802.11a,b,g,n
Same as 802.11
a/b/g using 20
Up to 24 nonMHz channels.
overlapping
to 1 in
channels (country Restricted
2.4 GHz and 3 in
specific)
5GHz using 40
MHz channels
Expected to be
40 ft – 300 ft
12,19 mt – 91,44 mt 2X range of
802.11a/b/g
300 Mbps com 2 spatial
stream – modo mais
usado hoje
802.11n delivers better coverage, throughput and range
143
Muito obrigado !!!
Rafael Rocha
Sales Engineer
[email protected]
http://br.convergencepoint.westcon.com/
WLAN 2300
Always On, Efficient, Scalable
Nortel WLAN 2300 Series
A simple and powerful wireless services platform
Flexibility to meet virtually any requirement and
deployment scenario
WLAN Access Point (WAP)
Portfolio of security switches with the right model for
any architecture and any size network
WLAN Security Switches (WSS)
Integrated location server and applications
WLAN Location Engine (WLE)
One feature-rich management system for all
administrator requirements
WLAN Management Software (WMS) System
WLAN 2300 System Model
API
Business Apps
WLAN Management Software (WMS) System
Planning Tool
Configuration
Monitoring/Reporting
Rogue detection
Location Apps
Location
RF Firewall
Asset Tracking
Content Deliver
Mgt Traffic Encrypted
WLAN Security Switch (WSS)
Networking
Roaming
RF Mgt
Load balancing
Security
QoS
Control Traffic
Encrypted
Data Traffic
Encapsulated
WLAN Location
Engine (WLE)
Location/Tracking
Client/RF Data
Encapsulated
WLAN Access Point (AP) 2330/2332
802.11 a/b/g
connectivity
Priority
Queuing
Encryption
/Decryption
RF Scanning
Location
Sensing
WLAN 2300 Centralized WLAN System
Access Points are dependant on WLAN Security Switch for operation
WMS 2300
WLAN Management System (WMS) 2300 for systemwide planning, configuration and management
WSS 23XX
Control
and Provisioning
Protocol (CAPP)
establishes a secure
control plane
between a WSS and
its managed WAPs.
IP Network
2
WSS 23XX
1
PoE Switch
WAP 23XX
1
Distributed architecture
2
Centralized architecture
WLAN Security Switch (WSS) 23XX
controls the access points and can be
deployed either at the edge of the
network (1) to support directly
connected APs, or elsewhere in the
network (2) to support indirectly
connected APs across the LAN.
Wi-Fi Clients
WLAN Access Point
(WAP) 23XX provides the
802.11 a/b/g wireless
interface and can be directly
connected to either a PoE
switch, or a WSS. Each
WAP is dependant on a
WSS for operation.
Multiple Deployment Options
Seamless integration with existing networks
Wiring Closet
WLAN AP
2330A
WMS
WSS 2360
WSS 2360
a
a) Directly connected to WLAN
Security Switch 2300
c
b) Indirectly connected to WLAN
Security Switch 2300 (in wiring
closet) through 470/55xx PoE
switch
WSS 2382
c) Redundant connection using
dual-Ethernet ports
b
d
AAA
Servers
e
Branch Office
WSS 2350
d) Indirectly connected to WLAN
Security Switch 2300 (in data
center) through 470/55xx PoE
switch
e) Branch office deployment
using WLAN Security Switch
2350
WLAN 2300 Series Portfolio
MP 82*
• Low cost
802.11n AP
WAP 2332
WLE 2340
MP 432*
• 802.11n AP
Integrated Location Services
• 802.11 a/b/g
•Improved RF
Performance/Capacity
•Wireless Backhaul
MX-2800*
•Local Traffic Forwarding
WSS 2382
WSS 2360/61
WSS 2350
•3 APs
•2 FE, 1 PoE
Branch Office
•12 APs
•8 FE
•6 PoE
Wiring Closet
•32/64/96/128 APs
•2 GE (SFP)
•No PoE
64 - 512 .11n APs
2x10GE (XFP)
8xGE (SFP, RJ45)
No PoE
Atenção: portas SFP adquirir
transceiver SFP
Data Center
*Optional 802.11n hardware available in
Release 7. Trapeze branded
WAP 2332
802.11a/b/g Access Point
Atenção
 Necessita de 802.3af (PoE)
 Duas portas 10/100 Base TX Ethernet
 Porta Ethernet redundante apenas será
usada na falha da porta principal (1)
 Suporta local forwarding
 Suporta mesh
* Trapeze branded; will not be branded as part of WLAN 2300 portfolio
MP- 432*
802.11n Access Point
Highest Possible
Performance

Protects Existing Wi-Fi
Investments







Wi-Fi Certified Ready



Simultaneous dual band operation (2.4 GHz and
5 GHz)
300 Mbps per band  600 Mbps total
3x3 MIMO in both bands
Adaptive frame aggregation
2 Gigabit Ethernet uplink ports
Runs on existing WLAN 2300 Security Switches
—no performance compromise, zero impact on
WLAN infrastructure
Works with existing or emerging power standards
(802.3af, 802.3at)
Fits existing mounting brackets
Fully compliant with 802.11n Draft 2.0
Wi-Fi certifiable
Ensured interoperability with standards-based
network
MP- 432*
802.11n Access Point
Atenção
 Necessita de 802.3at (PoE+)
 Alternativa duas portas 802.3af (PoE)
 Caso apenas uma porta PoE, pode haver
queda de performance
 Não posui conexão para antena externa
 Duas portas 10/100/1000 Base TX
Ethernet
 Porta Ethernet redundante apenas será
usada na falha da porta principal (1)
 Suporta mesh
MP-82*
Low cost 802.11n AP, Available Nov 2009
Optimized for high-density and high-throughput
environments
•
•
•
Fine control of TX power at lower levels
Allows higher-density deployment than other
solutions (e.g. MP-432)
Use MP-432 (3x3 MIMO) for challenging coverage
situations
Dual radio a/n + b/g/n
•
•
2x3 MIMO
Requires only 802.3af PoE
Single 1000BASE-T RJ-45 port
Not Plenum Rated
Flexible mounting options
•
Ceiling/Desk/Wall
Compact form factor - lower profile than AP-2332
Six internal antennas (3 x 5GHz, 3 x 2.4GHz)
Supported in WLAN 2300 Rls 7.0
MP-82*
Low cost 802.11n AP, Available Nov 2009
Atenção
• Apenas uma porta 10/100/100 Base TX Ethernet
• Não possui conector para antena externa
 Suporta mesh
WLAN Security Switch 2300
Central security, control and intelligence
•Central security
•
•
•
•
•
802.1X offload and acceleration
Key generation and management
Access control filters
Rogue AP containment
Wireless IDS
2350
2360
2361
2382
•Central control & QoS
•
•
•
•
AP Configuration
Auto power/channel
Seamless roaming
QoS w/ 802.1P/DSCP
•Central Intelligence
•
•
RF statistics
Usage statistics
2350
2360
2361
2382
FE
2
8
8
-
PoE
1
6
6
-
GigE
-
-
-
2
Max APs
3
12
12
128
Pwr Supp
1
1
2
2
• 2382 não suporta PoE
• Portas SFP: adquirir transceiver SFP
MX 2800*
High capacity WLAN switch
• 28Gbps Ethernet switching capacity
• 2 * 10-Gbps ports; 8 * 1-Gbps ports
• Line-rate speed and throughput
• Industry‘s only hardware-switched wired and wireless
• 512 active AP‘s
• 12,000 active clients per switch
• Virtual stackable
• Não suporta PoE
• Hot pluggable redundant power supply
WLAN Management Software (WMS)
System-wide management and visibility
•Planning & Deployment
•
•
Predictive planning tool
Creates network plan
•Configuration and verification
•
•
System and service wizards
Pushes configuration to WSS
•Monitoring & Reporting
•
•
•
By user, radio, AP, WSS, VLAN
Current user location, roaming history
Graph, table or export
•Rogue AP protection
•
Access points, Ad-hoc users
•Device location
•
Rogue APs and users
•Wireless IDS
•
Identification and alerts
WLAN Management Software (WMS)
System-wide management and visibility
•Planning & Deployment
•
•
•
•
•
•
•
Predictive planning tool
Creates network plan
Licença adicional
Estimativa da quantidade de APs necessários
Estimativa da localização dos APS
Sugestão de configurações
Recomendado Site Survey no local
• Analisar complexidade caso a caso
• Empresa especializada
• Equipamentos adequados
AP & RF Resiliency
WMS 2300
WSS 23XX
Dynamic response
to RF obstructions
Protection from AP
outage and interference
Converged
IP Network
PoE Switch
1
2
3
4
5
6
WAP 23XX
Laptop
PDA
Mobile Phone
IP Phone
PC / Workstation
Switch-level Failover
1
2
Redundant WSS
configuration in the
core
WSS 23XX
Dual-homing of AP
protects against
switch, port or link
failure
Converged
IP Network
1
PoE Switch
2
WAP 23XX
Laptop
PDA
Mobile Phone
IP Phone
PC / Workstation
Guest Access* - Identity Engines
• Secure, convenient network connectivity
for guests and temporary users
• Streamlined application allows frontdesk personnel to generate a unique
ID/PW for each visitor
• Entries expire and are automatically purged
• Each ID is associated with a templated
security profile
•
•
•
•
VLAN/Subnet restrictions
Access control list
Time-of-day restrictions
Restricted locations
• Usage logging
• Guest user tunneling
• Binds user to internet gateway
• Prevents any intra-VLAN peer communications
Guest Access Provisioning Application
* Starting in Release 7, support for Guest Access
requires Nortel Guest Management solution or Trapeze
Smart Pass software. Please contact WLAN PLM for
additional information / options.
Considerações de projeto
• WMS
• Licença adicional para as funcionalidade de planejamento e site survey
• For rogue location features (displaying on a map the location of a rogue
AP), the planning license is also required for the WMS 2300.
• WMS 2300 is supported on:
•
•
•
•
•
Microsoft Windows Server 2003
Microsoft Windows XP with Service Pack 2
Microsoft Windows 2000 with Service Pack 4
SUSE Linux 9.1
Red Hat WS 3.
• WSS Redundant power supplies
•
•
•
•
Wireless LAN Security Switch 2382 - Supports hot-swappable field upgradable power supplies.
Wireless LAN Security Switch 2361 – Supports two fixed internal power supplies.
Wireless LAN Security Switch 2360 – Supports one fixed internal power supply.
Wireless LAN Security Switch 2350 – Supports one external power supply.
• N+1 – switch cluster configuration
Considerações de projeto
• Entre 20 e 50 clientes ativos
por AP
• 1 servidor WMS para cada
1000 Aps e 64 WSS
• Uplink recomendado de
200 Mbps 2360/1
• Uplink recomendado de
2G bps 2382
• Realizar site survey no local
• Posicionamento AP

branch - Westcon

Transcrição

Documentos relacionados

Soluções de Dados Avaya | Router, VPN e WLAN

Feature table

Sentinela - Zelia Fonseca

Folder PDF - Premier Algarve Rentals

Property Sheet PDF - Signature Properties Solutions

GetData Recover My Files Professional 4.9.4.1296

Patient Interaction Solutions

Folder PDF

lowering

1° ano - Colégio Sete de Setembro

religiões comparadas da ásia

Por favor, não matem a cotovia Realizador

SonicWALL TZ Series

Read in PDF

Overview

Boyd Bros. Transportation Inc.

Cisco IOS SSL VPN

Help for SIP Switch

User`s Guide

DSL-502G ADSL Ethernet/USB Router User`s Guide

DrayTek_UG-Vigor2760..

Denial-of-Service and Unsolicited Communcation Protection in