Contact
closeContact
RMAShippingTests of the products Terms and conditions

Contact us:

alternate_emailsales@cdr.pl

call+48 32 750 5000

mon - fri 9:00 - 17:00

Contact

Log in
closeLog in
Log in

New customer?

Register
Cart
closeCart
Your cart is empty favoriteWishlist
Huawei AC650-128AP Wireless Access Controller, up to 128 AP
Brand: Huawei
Product Code: HUA-AC650-128AP
Catalog number: 9867
Warranty (months):
Price
304,15 $
374,10 $ incl. tax
Qty.
-
+
favoriteAdd to wishlist
Description

The Huawei AC650-128AP is a device that combines an access point controller (WAC) and a switch. It can simultaneously manage up to 128 APs, making it suitable for various types of networks. It is equipped with 10 gigabit Ethernet ports (10/100/1000 Mbps) and 2 SFP+ slots (10 Gbps). It is capable of handling 10 Gbps traffic, which is significant for large networks. The AC650-128AP has a built-in AAA/Portal server and provides authentication via portal or 802.1X. You can configure it in in-path, off-path, bridge, or mesh mode with Layer 2 or Layer 3 connections. It supports backup connections of multiple WACs - 1+1 HSB and N+1 backup. The system offers administrators rich tools for error detection and diagnostics, significantly simplifying and speeding up centralized network management, such as the quick configuration of connected access points.

Controller for 128 access points

The device is designed to function as a controller in Huawei wireless systems and can support a maximum of 128 access points. It supports load balancing using smart roaming, the DFA algorithm for automatic detection of overlapping channels, as well as EDCA and airtime scheduling.

The controller has a built-in portal/AAA server, providing user authentication based on portal or 802.1X. Both wired and wireless users are subject to authentication.

High performance, 2 SFP+ slots, 10 gigabit Ethernet ports

The AC650-128AP is equipped with 2 SFP+ slots with a bandwidth of 10 Gbps and 10 gigabit Ethernet ports (10/100/1000 Mbps). It has an integrated switch function, which is useful when using the in-path configuration.

The device features a powerful quad-core ARM processor clocked at 1.2 GHz and 2 GB of DDR4 RAM. Depending on the authentication method, it can handle up to 1024 simultaneously connected users.

Advanced monitoring and diagnostics, numerous configuration options

The web interface provides extensive network monitoring capabilities, allowing you to check the status of users, access points, and each radio. In the event of a performance drop, you can quickly identify which segment of the network is malfunctioning. Configuration is simplified by the ability to create profiles and groups of access points. When connecting a new AP, the configuration can be copied from another device. With a single click, you can access advanced network diagnostics with suggested solutions for any problems that arise.

The controller can operate in various network modes: in-path, off-path, bridge, or mesh. Access points can be connected at Layer 2 or Layer 3, depending on the needs of the location. The AC650-256AP also supports multiple backup functions to ensure operational stability. You can use WAC 1+1 HSB and N+1 backup, as well as port backup through LACP (Link Aggregation Control Protocol) or MSP (Multiple Spanning Tree Protocol).

Usage

The offered product is designed for use in large networks where advanced management and convenient monitoring of operational status are necessary. This allows for the quick configuration and connection of new devices, as well as the rapid detection of various errors. Using an external controller also increases the overall network stability. When employing three devices (controller, router, and switch), the load is distributed evenly across them. If a single gateway is used, it can become a bottleneck for the entire system.

Specifications

Huawei AC650-128AP
Performance
Number of managed APs 128
Number of access users

1024

(The maximum number of access users varies depending on the authentication mode)

Number of MAC address entries 8192
Forwarding capability 10 Gb/s
Number of VLANs 4096
Number of routing entries

IPv4 4096

IPv6: 2048

Number of ARP entries 4096
Number of multicast forwarding entries 2048
Number of DHCP IP address pools 64 IP address pools, each of which contains a maximum of 8192 IP
addresses
Number of local accounts 1024
Number of ACLs 4096
Physical features
Dimensions (H x W x D) 43.6 mm x 210 mm x 250 mm
Interface type 2 x 10GE optical ports +10 x GE electrical ports
1 x Console (RJ45), 1 x USB
Maximum power consumption 21 W
Weight 1,47 kg
Operating temperature and altitude -60 m to +1800 m: 0°C to 45°C
1800 m to 5000 m: Temperature decreases by 1°C every time the altitude
increases 220 m.
Relative humidity 5% RH to 95% RH, noncondensing
Power modules AC/DC adapter
Switching and forwarding features
Ethernet features

Ethernet

Operating modes of full duplex, half duplex, and auto-negotiation
Rates of an Ethernet interface: 10 Mbps, 100 Mbps, 1000 Mbps, and
auto-negotiation

  • Flow control on interfaces
  • Jumbo frames
  • Link aggregation
  • Load balancing among links of a trunk
  • Interface isolation and forwarding restriction
  • Broadcast storm suppression

 

VLAN

Access modes of access, trunk, and hybrid
Default VLAN
VLAN pool

 

MAC

Automatic learning and aging of MAC addresses
Static, dynamic, and blackhole MAC address entries
Packet filtering based on source MAC addresses
Interface-based MAC learning limiting

 

ARP

Static and dynamic ARP entries
ARP in a VLAN
Aging of ARP entries

 

LLDP

Ethernet loop protection

MSTP

STP
RSTP
MSTP
BPDU protection, root protection, and loop protection
Partitioned STP

IPv4 forwarding

IPv4

ARP and RARP
Proxy ARP
Auto-detection
NAT
Bonjour protocol

 

Unicast routing

Static route
RIP-1 and RIP-2
OSPF
BGP
IS-IS
Routing policies and policy-based routing
URPF check
DHCP server and relay
DHCP snooping

 

Multicast routing

IGMPv1, IGMPv2, and IGMPv3
PIM-SM
Multicast routing policies
RPF

IPv6 forwarding

IPv6

ND protocol

 

Unicast routing

Static route
RIPng
OSPFv3
BGP4+
IS-IS IPv6
DHCPv6
DHCPv6 snooping

 

Multicast routing

MLD

MLD snooping

Device reliability BFD
Layer 2 multicast IGMP snooping
Prompt leave
Multicast traffic control
Inter-VLAN multicast replication
Ethernet OAM Neighbor discovery
Link monitoring
Fault notification
Remote loopback
QoS

Traffic classification

Traffic classification based on the combination of the L2 protocol header,
IP 5-tuple, and 802.1p priority

 

Action

Access control after traffic classification
Traffic policing based on traffic classification
Re-marking packets based on traffic classifiers
Class-based packet queuing
Associating traffic classifiers with traffic behaviors

 

Queue scheduling

PQ

DRR

PQ+DRR

WRR

PQ+WRR

 

Congestion avoidance

SRED

WRED

 

Application control

Smart Application Control (SAC)

Configuration and
maintenance

Terminal service

Configurations using command lines
Error message and help information in English
Login through console and Telnet terminals
Send function and data communications between terminal users

 

File system

File systems
Directory and file management
File uploading and downloading using FTP and TFTP

 

Debugging and maintenance

Unified management of logs, alarms, and debugging information
Electronic labels
User operation logs
Detailed debugging information for network fault diagnosis
Network test tools such as traceroute and ping commands
Intelligent diagnosis
Interface mirroring and flow mirroring

 

Version upgrade

Device software loading and online software loading
BIOS online upgrade
In-service patching

Network management Different user levels for commands, preventing unauthorized users from
accessing device
SSHv2.0
RADIUS and HWTACACS authentication for login users
ACL filtering
DHCP packet filtering (with the Option 82 field)
Local attack defense function that can protect the CPU and ensure that
the CPU can process services
Defense against control packet attacks
Defenses against attacks such as source address spoofing, Land, SYN
flood (TCP SYN), Smurf, ping flood (ICMP echo), Teardrop, broadcast flood, and Ping of Death attacks
IPsec
URL filtering
Antivirus
Intrusion prevention
ICMP-based ping and traceroute
SNMPv1, SNMPv2c, and SNMPv3
Standard MIB
RMON
NetStream
Wireless networking
Networking between APs and WACs APs and WACs can be connected through a Layer 2 or Layer 3 network.
APs can be directly connected to a WAC.
APs are deployed on a private network, while WACs are deployed on the public network to implement NAT traversal.
WACs can be used for Layer 2 bridge forwarding or Layer 3 routing.
WAN authentication escape is supported between APs and WACs. In local forwarding mode, this feature retains the online state of existing STAs and allows access of new STAs when APs are disconnected from WACs, ensuring service continuity.
Forwarding mode Direct forwarding (distributed forwarding or local forwarding)
Tunnel forwarding (centralized forwarding)
Centralized authentication and distributed forwarding
In direct forwarding mode, user authentication packets support tunnel  forwarding.
Soft GRE forwarding
Tunnel forwarding + EoGRE tunnel
Wireless networking mode WDS bridging:
Point-to-point (P2P) wireless bridging
Point-to-multipoint (P2MP) wireless bridging
Automatic topology detection and loop prevention (STP)
Wireless mesh network:
Access authentication for mesh devices
Mesh routing algorithm
Zero-configuration provisioning (ZTP)
Mesh network with multiple MPPs
Vehicle-ground fast link handover
Mesh client mode
WAC discovery An AP can obtain the WAC's IP address in any of the following ways:
Static configuration
DHCP
DNS
The WAC uses DHCP or DHCPv6 to allocate IP addresses to APs.
DHCP or DHCPv6 relay is supported.
On a Layer 2 network, APs can discover a WAC by sending broadcast CAPWAP packets.
CAPWAP tunnel Centralized CAPWAP
CAPWAP control tunnel and (optional) data tunnel
CAPWAP tunnel forwarding and direct forwarding in an extended service set (ESS)
Datagram Transport Layer Security (DTLS) encryption, which is enabled by default for the CAPWAP control tunnel
Heartbeat detection and tunnel reconnection
Active and standby WACs Enables and disables the switchback function.
Supports load balancing.
Supports 1+1 HSB.
Supports N+1 backup.
Supports wireless configuration synchronization between WACs.
Supports license sharing between WACs
AP management
AP access control Displays MAC addresses or SNs of APs in the whitelist.
Adds a single AP or multiple APs (by specifying a range of MAC addresses or SNs) to the whitelist.
Automatically discovers and manually confirms APs.
Automatically discovers APs without manually confirming them.
AP region management Supports three AP region deployment modes:
  • Distributed deployment: APs are deployed independently. An AP is equivalent to a region and does not interfere with other APs. APs work at the maximum power and do not perform radio calibration.
  • Common deployment: APs are loosely deployed. The transmit power of each radio is less than 50% of the maximum transmit power.
  • Centralized deployment: APs are densely deployed. The transmit power of each radio is less than 25% of the maximum transmit power.
Specifies the default region to which automatically discovered APs are to be added.
AP profile management Specifies the default AP profile that is applied to automatically discovered APs
AP type management Manages AP attributes including the number of interfaces, AP types, number of radios, radio types, maximum number of virtual access points (VAPs),  maximum number of associated users, and radio gain (for some APs deployed indoors).
Provides built-in default AP types.
Network topology management Supports LLDP topology detection.
AP working mode management Supports AP working mode switchover. The AP working mode can be switched to the Fat or cloud mode on the WAC
Radio management
Radio profile management Supports the following parameter settings in a radio profile:
  • Radio working mode and rate
  • Automatic or manual channel and power adjustment mode
  • Radio calibration interval
  • Radio type, which can be set to 802.11b, 802.11b/g, 802.11b/g/n, 802.11g, 802.11n, 802.11g/n, 802.11a, 802.11a/n, 802.11ac, or 802.11ax
Allows you to bind a radio to a specified radio profile.
Supports MU-MIMO.
Unified static configuration of parameters Configures radio parameters such as the channel and power of each radio on the WAC and delivers the configurations to APs.
Dynamic management APs can automatically select working channels and power when they go online.
In an AP region, APs automatically adjust working channels and power in the event of signal
interference:
  • Partial calibration: The optimal working channel and power of a specified AP can be adjusted.
  • Global calibration: The optimal working channels and power of all the APs in a specified region can be adjusted.
  • The DFA function automatically identifies, switches, or disables redundant radios, reducing 2.4 GHz co-channel interference and increasing system capacity.
When an AP is removed or goes offline, the WAC increases the power of neighboring APs to
compensate for the coverage hole.
Automatic selection and calibration of radio parameters in AP regions are supported.
Enhanced service capabilities Band steering: enables terminals to preferentially access the 5 GHz frequency band, achieving load
balancing between the 2.4 GHz and 5 GHz frequency bands.
Smart roaming: enables sticky terminals to roam to APs with better signals.
  • 802.11k and 802.11v smart roaming
  • 802.11r fast roaming (≤ 50 ms)
WLAN service management
ESS management Allows you to enable SSID broadcast, set the maximum number of access users, and set the association aging time in an ESS.
Isolates APs at Layer 2 in an ESS.
Maps an ESS to a service VLAN.
Associates an ESS with a security profile or a QoS profile.
Enables IGMP for APs in an ESS.
Supports Chinese SSIDs.
VAP-based service
management
Adds multiple VAPs at a time by binding radios to ESSs.
Displays information about a single VAP, VAPs with a specified ESS, or all VAPs.
Supports configuration of offline APs.
Creates VAPs according to batch delivered service provisioning rules in automatic AP discovery mode
Automatic service provisioning management Supports service provisioning rules configured for a specified radio of a specified AP type.
Adds automatically discovered APs to the default AP region. The default AP region can be preconfigured.
Applies a service provisioning rule to a region to enable APs in the region to go online.
Multicast service management

IGMP snooping

IGMP proxy

Load balancing Performs load balancing among radios in a load balancing group.
Supports two load balancing modes:
  • Based on the number of STAs connected to each radio
  • Based on the traffic volume on each radio
BYOD (Bring Your Own Device) Identifies device types according to the OUI in the MAC address.
Identifies device types according to the user agent (UA) field in an HTTP packet.
Identifies device types according to DHCP Option information.
Carries device type information in RADIUS authentication and accounting packets.
Location services Locates AeroScout and Ekahau tags.
Locates Wi-Fi terminals.
Locates Bluetooth terminals.
Locates Bluetooth tags.
Spectrum analysis Identifies the following interference sources: Bluetooth, microwave ovens, cordless phones, ZigBee, game controller, 2.4 GHz/5 GHz wireless audio and video devices, and baby monitors.
Works with the eSight to display spectrums of interference sources.
Hotspot 2.0 Supports a Hotspot2.0 network.
Internet of Things (IoT) Supports IoT cards on the AP to converge the WLAN and IoT
Navi WAC Supports remote STA access on the Navi WAC.
Centralized license
control
Supports a license server as the centralized AP license control point.
Allows a license server to manage license clients.
Supports license synchronization between a license server and clients
WLAN user management
Address allocation of wireless users Functions as a DHCP server to assign IP addresses to wireless users.
WLAN user management Supports user blacklist and whitelist.
Controls the number of access users:
  • Based on APs
  • Based on SSIDs
Logs out users in any of the following ways:
  • Using RADIUS DM messages
  • Using commands
Supports various methods to view information:
  • Allows you to view the user status based on the user MAC address, AP ID, radio ID, or WLAN ID.
  • Displays the number of online users by ESS, AP, or radio.
  • Collects STA-based packet statistics on the air interface.
WLAN user roaming Supports intra-AC Layer 2 roaming.
Supports inter-VLAN Layer 3 roaming on a WAC.
Supports roaming between WACs.
Supports fast key negotiation in 802.1X authentication.
Authenticates users who request to reassociate with the WAC and rejects the requests of unauthorized users.
Delays clearing user information after a user goes offline so that the user can rapidly go online again.
User group management Supports ACLs.
Supports user isolation:
  • Inter-group isolation
  • Intra-group isolation
WLAN security
WLAN security profile management Manages authentication and encryption modes using WLAN security profiles.
Binds security profiles to ESS profiles.
Authentication modes Open system authentication with no encryption
WEP authentication/encryption
WPA/WPA2 authentication and encryption:
  • WPA/WPA2-PSK+TKIP
  • WPA/WPA2-PSK+CCMP
  • WPA/WPA2-802.1X+TKIP
  • WPA/WPA2-802.1X+CCMP
  • WPA/WPA2-802.1X+ CCMP
  • WPA/WPA2-PSK+TKIP-CCMP
  • WPA/WPA2-802.1X+TKIP-CCMP
WPA/WPA2-PPSK authentication and encryption
WAPI authentication and encryption:
  • Supports centralized WAPI authentication.
  • Supports three-certificate WAPI authentication, which is compatible with traditional two-certificate authentication.
  • Issues a certificate file together with a private key.
Allows users to use MAC addresses as accounts for authentication by the RADIUS server.
Portal authentication:
  • Authentication through an external Portal server
  • Built-in Portal authentication and authentication page customization
802.1X authentication:
  • Authentication through an external 802.1X server.
  • Built-in 802.1X authentication.
Combined authentication Combined MAC authentication: PSK+MAC authentication
MAC+Portal authentication: MAC address-prioritized Portal authentication
AAA Local authentication/local accounts (MAC addresses and accounts)
RADIUS authentication
Multiple authentication servers:
  • Supports backup authentication servers.
  • Specifies authentication servers based on the account.
  • Configures authentication servers based on the account.
  • Binds user accounts to SSIDs
Security isolation Port-based isolation
User group-based isolation
WIDS Rogue device scan, identification, defense, and containment, which includes dynamic blacklist configuration and detection of rogue APs, STAs, and network attacks.
Authority control ACL limit based on the following:
  • Port
  • User group
  • User
Other security features SSID hiding
IP source guard:
Configures IP and MAC binding entries statically.
Generates IP and MAC binding entries dynamically.
WLAN QoS
WMM profile management Enables or disables Wi-Fi Multimedia (WMM).
Allows a WMM profile to be applied to radios of multiple APs.
Traffic profile
management
Manages traffic from APs and maps packet priorities according to traffic profiles.
Applies a QoS policy to each ESS by binding a traffic profile to each ESS.
AC traffic control Manages QoS profiles.
Uses ACLs to perform traffic classification.
Limits incoming and outgoing traffic rates for each user based on inbound and outbound CAR parameters.
Limits the traffic rate based on ESSs or VAPs.
AP traffic control Controls traffic of multiple users and allows users to share bandwidth.
Limits the rate of a specified VAP.
Packet priority
configuration
Sets the QoS priority (IP precedence or DSCP priority) for CAPWAP control channels.
Sets the QoS priority for CAPWAP data channels:
  • Allows you to specify the CAPWAP header priority.
  • Maps 802.1p priorities of user packets to ToS priorities of tunnel packets
Airtime fair scheduling Allocates equal time to users for occupying the channel, which improves users' Internet access experience.