The H3C WX2510X-LI series is a gateway-type wireless controller (AC) independently developed by H3C Technologies Co., Ltd. (hereinafter referred to as H3C). The WX2510X-LI series wireless controllers offer a wide range of services, integrating sophisticated user control and management, comprehensive radio frequency resource management, 24/7 wireless security control, fast Layer 2 and 3 roaming, flexible QoS control, and IPv4 & IPv6 dual-stack functionality.

The H3C WX2510X-LI series wireless controllers are specifically designed for the wireless network needs of branch offices and small campuses. Integrating gateway and AC functions, they work in conjunction with the H3C Fit AP product series, supporting WIPS, firewall, and other features, making them a versatile solution for enterprise networking. They also offer a rich variety of port types, with the WX2510X-PWR-LI network interface supporting PoE functionality, significantly reducing the types and number of devices businesses need to purchase when building a network, thus helping them save on investment.

The H3C WX2510X-LI series wireless controller, in conjunction with the H3C Fit AP product series, can meet typical wireless application scenarios such as WLAN access in small business campuses and hotspot coverage in branch offices.

1. Provides management of 802.11ax APs.

The WX2510X-LI series wireless controller supports the management of traditional 802.11a/b/g/n/ac APs, and can also be used in conjunction with H3C APs based on the 802.11ax protocol to form a network. This breaks through the traditional serial communication mechanism of wireless networks, resulting in a significant increase in the utilization rate of wireless spectrum resources, a substantial increase in the number of effective access users, a reduction in the deployment cost of wireless networks, and a significant improvement in the user experience in high-density user environments.

2. Provides flexible data forwarding methods

Traditional wireless controller deployments typically employ a centralized forwarding model. While the AC (Access Controller) can provide comprehensive control and security over packets, all wireless service traffic requires unified processing at the AC, making core link bandwidth and AC forwarding capabilities bottlenecks. This is particularly problematic when APs and ACs are connected via a wide area network (WAN). With APs deployed as data access devices in branch offices and ACs at headquarters, all user data is sent from the APs to the ACs for centralized forwarding, resulting in low forwarding efficiency. The WX2510X-LI series wireless controllers support centralized forwarding, distributed forwarding, and policy-based forwarding, allowing users to flexibly configure forwarding methods based on business needs and network conditions.

The WX2510X-LI series wireless controllers also support a centralized authentication and local forwarding networking mode, providing centralized authentication and management of 802.1X and Portal when data streams are forwarded locally.

3. Provide reliable gateway functionality

The WX2510X-LI series is positioned for small and medium-sized enterprises, combining a wireless controller with gateway functionality for branch offices. Its dual WAN port design provides a foundation for uplink backup. The WX2510X-LI series supports common gateway functions such as PPPoE, NAT gateway functionality, dynamic IP address, and static IP address settings.

3. Supports Bonjour Gateway

The WX2510X-LI series wireless controllers support Bonjour Gateway functionality, enabling small businesses to easily use Apple devices such as printers, TVs, and tablets.

4. Supports carrier-grade wireless user access control and management

User-based access control is a key feature of the WX2510X-LI series wireless controllers. The User Profile provides a configuration template that can save preset configurations (a collection of configurations). Users can configure different content for their User Profile according to different application scenarios, such as CAR (Committed Access Rate) policies and QoS (Quality of Service) policies.

When a user accesses a device, authentication is required. During authentication, the authentication server sends a User Profile name to the device, and the device immediately activates the specific settings configured in the User Profile. When a user successfully accesses the device, the device uses these settings to restrict the user's access behavior. When a user logs off, the system automatically disables the configuration items under the User Profile, thus removing the restrictions imposed by the User Profile on the user. Therefore, User Profiles are suitable for restricting the access behavior of online users. When no user is online (e.g., no user accesses the device, the user fails authentication, or the user logs off), the User Profile remains in its default configuration and is ineffective.

In addition, the WX2510X-LI series wireless controllers also support MAC-based authentication access control. This method not only allows customers to configure and modify user group permissions on the AAA server, but also supports the configuration of permissions for specific users. This fine-grained user permission control greatly enhances the availability of the wireless network, and network administrators can easily assign access permissions to different levels of people or groups of people through this method.

MAC-based VLANs are also a major feature of the WX2510X-LI wireless controller. In terms of control policies, administrators can group users with the same MAC address into the same VLAN and configure security policies on the controller based on VLANs. This simplifies system configuration and enables fine-grained management at the user level.

For security or billing reasons, system administrators may want to control where wireless users access the network. The WX2510X-LI wireless controller supports AP location-based user access control. When a wireless user accesses the network, the authentication server can send a list of APs that allow user access to the AC, and access control can be performed on the AC to restrict wireless users to accessing only APs in specified locations.

5. Supports intelligent channel switching

In wireless LANs, channels are a very scarce resource. Each access point (AP) can only operate on a very limited number of non-overlapping channels. For example, in a 2.4G network, there are only three non-overlapping channels. Therefore, how to intelligently allocate channels to APs is the key to wireless applications.

The frequency bands in which wireless LANs operate contain numerous potential sources of interference, such as radar and microwave ovens. Their presence in the network can interfere with the normal operation of access points (APs). Intelligent channel switching ensures that each AP is assigned the optimal channel, minimizing and avoiding interference from adjacent channels. Furthermore, real-time channel interference detection allows APs to avoid interference sources such as radar and microwave ovens in real time.

6. Supports intelligent AP load balancing

The 802.11 protocol delegates wireless roaming decisions to the wireless client, which typically selects an access point (AP) based on its signal strength (RSSI). This can easily lead to a large number of clients connecting to the same AP simply because it has a strong signal. Since these clients share the wireless medium, the network throughput for each client is significantly reduced.

The intelligent load balancing method can analyze the location of wireless clients in real time and dynamically determine which access points (APs) can share the load with each other at the current time and location. Load balancing among these APs is achieved by controlling which APs the wireless clients connect to. The system supports load balancing not only based on the number of online user sessions but also based on user traffic load.

7. Supports 7-layer mobile security detection/defense (WIDS/WIPS)

The WX2510X-LI series wireless controllers support mobile security defense modes including: blacklist, whitelist, rogue defense, malformed packet detection, unauthorized user disconnection, and attack detection and countermeasures based on the pre-set and upgradeable Signature MAC layer (e.g., DoS attacks, Flood attacks, man-in-the-middle attacks). Combined with the massive intelligent expert knowledge base built into the wireless application console, it provides flexible basis for wireless security policy judgments, enabling visible physical location tracking and monitoring, and removal of physical ports on switches for clearly identified unauthorized attack sources (APs or terminals, etc.).

By working in conjunction with H3C's professional core layer firewall/IPS equipment, it can achieve a 7-layer three-dimensional security defense for mobile campuses, meeting the true end-to-end security protection needs from wireless (802.11) to wired (802.3).

8. Supports RealTime Spectrum Guard mode

RealTime Spectrum Guard (RTSG) is a professional monitoring solution for the spectrum status of wireless environments, innovatively proposed by H3C. The entire series of wireless controllers can be deeply integrated with Sensor APs that have built-in RF acquisition modules to achieve RF monitoring and real-time spectrum protection.

The RTSG console is integrated into the H3C iMC Intelligent Management Center. Through the CAPWAP management tunnel, it communicates with Sensor APs and collects data, enabling 24/7 wireless environment quality monitoring, wireless network capability trend assessment, and unlicensed interference alarms. Graphically, it proactively detects and identifies all RF interference sources (Wi-Fi or non-Wi-Fi) in the 2.4GHz/5GHz bands, providing real-time FFT plots, spectrum density plots, spectrum plots, duty cycle plots, event spectrum plots, channel power, interference power, etc. It can automatically identify interference sources, pinpoint the location of problematic wireless devices, and ensure optimal wireless network performance. Combined with the H3C iAR intelligent reporting component, it enables the storage, tracing, and playback of historical RF quality data across the entire coverage area, automatically generating customized trend, compliance, and audit reports.

To meet the different levels of user wireless environment monitoring needs, the RTSG solution can be flexibly deployed in either Local mode or Monitor mode. When operating in Local mode, it can maintain normal user access and packet forwarding while achieving effective spectrum protection.

9. Built-in RF Optimization Engine (ROE)

The WX2510X-LI series wireless controllers feature a built-in RF Optimizing Engine for access points (APs). Through feature- and protocol-based RF optimization, it effectively enhances application acceleration and quality assurance in high-density access and streaming media transmission scenarios in wireless deployments. This includes features such as multi-user fair scheduling, fair hybrid access, interference filtering, rate optimization, spectrum navigation, multicast enhancement (IPv4/IPv6), per-packet power control, and intelligent bandwidth assurance.

10. Supports 802.1x authentication, MAC address authentication, Portal authentication, etc.

The WX2510X-LI series wireless controllers support multiple authentication methods:

802.1x Authentication: The WX2510X-LI wireless controller supports multiple 802.1x authentication methods, including TLS, PEAP, TTLS, MD5, and SIM card authentication. It also supports local 802.1x authentication, providing support for mainstream authentication methods such as MD5, TLS, and PEAP, eliminating the need for users to configure an additional AAA server. The WX2510X-LI series wireless controllers also support dynamic VLAN and ACL authorization after 802.1x authentication. User policies can be pre-configured, and the system automatically configures client permissions during authentication.

MAC Address Authentication: The WX2510X-LI series wireless controller supports MAC address authentication. For some handheld terminals (such as Wi-Fi phones, handheld mobile terminals, etc.), it is inconvenient to use computer authentication methods. MAC address authentication can easily solve this problem. By configuring valid MAC addresses on the controller or AAA server, terminals corresponding to these MAC addresses can be allowed to access the network, while unauthorized terminals that have not been configured beforehand cannot access the wireless network. This function greatly facilitates applications such as wireless medical systems. MAC address authentication can ensure that only hospital PDA work terminals can access the wireless network, while denying patients' wireless PDAs the use of the dedicated wireless network.

Portal Authentication: The WX2510X-LI series wireless controllers offer a built-in Portal authentication server. This authentication method requires no client cooperation, directly using a browser's web portal page as the authentication channel. Once the user is successfully authenticated, they can be flexibly redirected to a designated access homepage and the corresponding authorization and billing processes can be initiated. Customized portal pages can also be flexibly pushed according to policy requirements to achieve advertising and information dissemination purposes, making it widely used in wireless campuses, wireless cities, and visitor access applications.

11. Supports IPv4/IPv6 dual protocol stack (Native IPv6)

The WX2510X-LI series wireless controllers support IPv6 access for wireless clients. At the tunnel origin AP, because the device is aware of IPv6, it can perform IPv6 priority mapping to tunnel priority, etc. On the AC side, it can also perform complex control and filtering such as ACL filtering on IPv6 packets.

The WX2510X-LI series wireless controllers can also be deployed in IPv6 networks, with the AC and AP automatically negotiating an IPv6 tunnel. Even when the AC and AP are fully operational in IPv6 mode, the wireless controller can still correctly perceive IPv4 and process IPv4 packets from wireless clients. The WX2510X-LI series wireless controllers' flexible IPv4/6 adaptability can meet the various complex applications customers face during the migration from IPv4 to IPv6 networks. It can provide IPv4 services to customers in IPv6 silos while simultaneously allowing users in IPv4 silos to easily log in to the network via IPv6 protocols.

To address the rampant IPv6 packet spoofing attacks on campus networks, the WX2510X-LI wireless controller supports IPv6 SAVI (Source Address Validation) technology. By monitoring the address allocation protocol to obtain the user's IP address, it ensures that the correct address can be used to access the internet in subsequent applications, and prevents the spoofing of other people's IP addresses, thus guaranteeing the reliability of the source address. Furthermore, the combination of IPv6 SAVI and Portal technology further ensures the authenticity and security of all user packets.

12. Provide end-to-end QoS

The WX2510X-LI series wireless controllers are developed based on the Comware platform, which not only fully supports the Diff-Serv standard, but also adds QoS support for the IPv6 protocol.

The QoS Diff-Serv model mainly includes flow classification, traffic policing, queue management, and queue scheduling. It fully implements the six PHB groups and services defined in the standard, namely EF, AF1 to AF4, and BE, enabling network operators to provide users with service guarantees with different service quality levels, and making the Internet a truly integrated network that simultaneously carries data, voice, and video services.

13. Supports fast 2nd and 3rd layer roaming.

H3C's centralized wireless architecture not only facilitates Layer 2 roaming but also greatly benefits Layer 3 roaming. WLAN networks deployed with Fat APs face significant challenges in implementing Layer 3 roaming due to limited information exchange between APs. The centralized architecture easily solves this problem. The WX2510X-LI wireless controller supports both Layer 2 and Layer 3 roaming, with roaming domains unrestricted by subnets. This excellent roaming feature allows customers to focus on wireless signal coverage rather than extensively planning their existing networks, significantly simplifying initial network planning and reducing costs.

In traditional mode, when wireless user terminals use 802.1x as the means of 802.11 access authentication and key exchange, the number of communication messages between the wireless user terminal and the access point (AP) is very high. When a wireless user terminal roams between two APs, if the wireless user terminal completely follows the full 802.1x interaction process during the access process to a new AP, it will inevitably result in excessively long roaming handover times. For some services that are sensitive to roaming handover time (such as voice services), such long handover times are unacceptable. The WX2510X-LI wireless controller uses key caching technology to enable fast handover for users during roaming. Key caching technology strikes a good balance between secure user access and fast roaming, allowing wireless user terminals to avoid repeating the full 802.1x authentication interaction process when roaming between two APs, while ensuring the continuity of user identification and key usage. Wireless users use fast roaming, with a roaming time of no more than 50ms within a single AC, meeting the stringent requirements of voice services.

Hardware Specifications

Software Specifications