Review of Huawei's enterprise WLAN solution-AC6005 controller and access points
When building a wireless network at large facilities, such as stadiums, airports, or just large organizations with branches in different cities, you will have to solve a whole range of tasks. Starting from combining multiple WLANs into a single network infrastructure with segment isolation via VLANs and ending with setting up seamless roaming, which will allow you to serve a customer traveling by fast Elevator, Bicycle or car.
Your network must be designed for a high density of client devices. As a rule, to ensure the operation of Wi-Fi in a large number of user connections, installers have access points in close proximity to each other - at a distance of up to 10 meters, which in turn causes signal interference. Every manufacturer fights interference in any way, because winning allows you to place more hot spots in a limited space. Starting with the fact that Huawei has special narrowly focused 18-degree antennas and ending with software control of the power of transmitters, as will be discussed below.
At the same time, when moving a crowd of users (for example, in stadiums or concert halls), you need to maintain load balancing between access points and the ability to seamlessly roam. Add to this the different locations of access points: on the ceiling, on the walls, and even under the floor, and think about how you can create and maintain such a network.
Large companies such as Cisco, Ubiquiti, Aruba, and Huawei have ready-made solutions designed to work with a large number of users. For orchestration, as a rule, a software or hardware Wi-Fi controller is used, whose tasks include not only managing the fleet of radio devices, but also providing some basic security functions, including user authorization, directing traffic through a VPN, and, of course, monitoring hundreds of parameters in a single interface. By delegating these tasks to the controller, you offload the access point processors, which in turn is the key to high-speed customer service.
Central location: controller
For those who can't imagine using virtual applications for the AP controller or distributing it across access points, the Huawei AC6005 model is available in versions with and without PoE. Here are just some numbers for a single device:
- Control up to 256 access points
- Support for 2,000 user accounts, of which 100 can transfer data via one hotspot at a time.
- 16,000 SSIDs
- 4,000 VLANs
- 4,000 ARP entries
- 8,000 routes
- 2 000 entries forwarding the multicast broadcast.
The controller has a 20 Gbit/s switching matrix and 4 Gbit/s performance in network broadcast mode. For a stadium or concert hall, of course, there are not enough opportunities, but for some state institution, hotel or sanatorium - quite.
The topology of using AC6005 is different: you can install IT in the same network segment where hotspots are located, or in a completely different city in the Central office, connecting it to access points via VPN. Support for 802.11 kr (seamless roaming) is at such a level that Huawei allows you to use your controller to organize Wi-Fi in the subway or on the railway, where access points are installed on poles, past which the train rushes.
I would like to say right away that Huawei AC6005 is a fully hardware (not pseudo - hardware) solution that can work in conjunction with its counterpart for a fault-tolerant configuration. The number of access points is licensed, and by default you can connect 8 hotspots. In principle, integrators have learned to save on licenses by using hotspots with separate antennas: you install an access point in one room, and on neighboring floors or in neighboring halls lay a high-frequency cable and hang the antenna. Of course, you reduce the number of spatial streams for each client, but you save on licenses without the client noticing. Many system administrators who appreciate the "hardware" of such controllers are happy to learn that the Huawei AC6005 is updated only via the RS232 interface, as they say, there is nowhere more hardware, although there is a web panel for configuration.
Considering such a controller, I want to divide its interface into 2 parts: a group "dashboard" that combines information from access points in one window and individual parameters of hotspots.
The first class of group parameters includes information about CPU and memory usage, IP addresses and VLANs, as well as groups that access points are combined into. To be honest, there is not much information, and I, for example, lack the temperature of their electronics.
In real time, you can monitor the distribution of users by access points and their groups. To create a General picture of the wireless network, statistics on the following parameters of all access points are available as graphs:
- Noise level
- Using channels
- Loading access points
- Percentage of packet loss
- Network connection speed
- Signal-to-noise ratio
This way, you can track any change in the airwaves where your equipment operates and take appropriate measures.
If a wireless communication channel (WDS or MESH) is used between access points, you can get full statistics about the operation of each hotspot.
The Huawei AC6005 Controller supports traffic tunneling, and the device can operate in both server and client mode. AES-256 can be used for encryption, and SHA2-512 can be used for authentication. The gateway also has the ability to broadcast all traffic to a third-party server for collecting information and early detection of network intrusions.
Huawei AC6005 has a built-in security controller that allows you to determine the type of application that generates traffic. In high-load networks, this allows you to optimize the traffic of individual applications, such as VoIP, Skype, or other messengers. Detection requires constant signature updates, which are automatic and do not require the purchase of licenses.
Perhaps one of the most popular functions of the controller is load balancing between access points, because even in the same room, there may be a situation when only one access point is loaded, and the other is free.
One of the methods to reduce interference between neighboring hotspots is batch adjustment of the transmitter power. For example, if clients in the immediate vicinity are connected to one access point and they have a good signal, the hotspot reduces the data transmission power for them, but increases it for those clients that are located at a significant distance from the transmitter.
Among the features typical of traditional network switches, we note support for Multicast (IGMP Snooping / MLD Snooping) for the operation of broadcast sources in your wireless network.
Perhaps not a single review is enough to tell you about all the functions of the Huawei AC6005 controller. Taking over access control, tunneling, traffic prioritization, and basic security functions is not just a commander, but the entire command center of your wireless network. Let's look at the cavalry.
AP6050DN access point - 4 spatial streams
For high-density areas such as waiting rooms, schools, and mobile offices, Huawei has a high-performance 802.11 ac access point with a maximum speed of up to 2.53 Gbit / s. Equipped with two 1-Gigabit network ports (channel aggregation mode is supported to increase point-to-point speed up to 2 Gbit / s), this model implements the 4x4 MIMO antenna formula and 4 spatial streams for both transmission and reception.
I would like to remind our readers once again that the bandwidth of 2.53 Gbit/s is the total speed of all connected clients that exchange data with different network resources and among themselves. Port aggregation in such access points is rare, and Huawei AP6050DN does not have it, but 4 spatial streams guarantee that users of modern smartphones and laptops will be able to access the Internet at a speed of 1 Gbit/s.
Huawei AP6050DN has a cast aluminum case, which is why its weight is as much as 1.3 Kg, but let the dimensions and weight do not deceive you: this is a hot spot for internal installation, with a moisture protection class IP41 and a temperature range from -10 to +70 degrees Celsius, so the massive case is only for heat removal and shielding, because the power consumption of the device reaches almost 23 watts. One of the interesting features of this model is the search for interference from non-WLAN devices, such as radiotelephones, microwaves, joysticks, and other equipment… When using the Huawei Isight platform, you can set the exact location of such sources of interference to remove them or move them to another place where they do not interfere with high-quality Wi-Fi access.
Huawei AP6050DN supports up to 16 SSIDs per radio channel and up to 512 simultaneously connected users. The access point has a built in planar antenna with 4 dBi gain for both bands: 2.4 GHz and 5GHz. By the way, this model has an analog with external antennas, so there is even less gain in the 2.4 GHz range - 3.5 dBi.
Like the AC6005 controller, the access point has basic security features: authentication via HWTACACS/RADIUS, support for external portals, protection against the appearance of fake access points (Rouge AP) in the network, and such types of attacks as:
- Brute force passwords
- Flood attack
- Weak-IV attack
For IPTV broadcasts, you can enable IGMP snooping with VLANs specified. Huawei AP6050DN can work independently, without using a router: the access point itself has its own DHCP server, routing tables, and even NAT support. Thus, you can share a public Wi-Fi network with Internet access via a 4G/5G PoE modem on some remote sites.
Often other access points from this price range can act as a controller for a fleet of hotspots, but this feature is not provided here, which is a bit strange: the control logic of the Huawei 6050DN and the Huawei AC6005 controller is the same, and perhaps the core of the software controller itself is the same.
In crowded areas, low-speed connections inefficiently consume the bandwidth of the radio channel, reducing the capacity of your access point, so Huawei hotspot constantly monitors the connection speed of clients and disconnects too slow users who are in the area of uncertain reception, so they can reconnect at a higher speed to other APS from your network. This allows you to increase the number of simultaneous connections to your network.
The Band Steering function is also Supported-automatic balancing of clients between the 2.4 GHz and 5 GHz bands with priority connection to the 5 GHz channel. Today, by the way, this feature is supported by all smartphones and many home wireless routers: it allows you to evenly distribute both radio bands between clients, connecting them first to a faster 5 GHz channel, and then to 2.4 GHz.
In general, the Band Steering function is also available for simpler access points, such as the AP4050DN.
This is the most versatile model that you will probably find in most installations of wireless networks on Huawei equipment. This is an 802.11 ac Wave 2 access point with two spatial streams (2 x 2 MU-MIMO), giving a speed of 1.267 Gbit/s. It can work in Fast, Fit, and Cloud modes (i.e. it can be controlled via a controller, from the cloud, or by itself). Support for Wave 2 means that the hotspot can broadcast data to multiple receivers simultaneously, which is simply necessary for conference calls or IPTV broadcasts.
Huawei AP4050DN is assembled on a single Board, the radio modules are shielded with metal caps with perforations for heat removal. The antennas, as you can see in the photo, are already metal, and their shape indicates that the hotspot is installed only on the ceiling.
You have noticed that throughout the review we talk about various functions for preventing and detecting radio signal interference. So, AP4050DN access points when working with the AC6005 controller are able to detect situations when two adjacent radio modules use the same channel. In this case, one of the hotspots switches the channel or disconnects the transmitter.
The access points Discussed above are intended for installation under the ceiling or on floors. At the same time, for rooms with complex wall coverings, Huawei has a model for wall installation.
This device has a 2x2 MIMO antenna formula and supports the 802.11 ac Wave 2 standard with a maximum bandwidth of 1.267 Gbit/s.
The access Point has a built-in 1-Gigabit switch with 5 ports, as well as two end-to-end RJ45 ports for connecting IP phones. This hot spot can not only be mounted on the wall, but also installed on the desktop. The AP2051DN-E version has built-in Bluetooth with eSight support for device location detection.
Despite its size, this model supports all the features we discussed above and can be used in large offices with up to 256 devices connected simultaneously.
From my point of view, the main drawback of professional WLAN equipment discussed in this article is a complex setup. Well, for example, to switch the hotspot mode between FIT and FAT, you need to raise a separate SFTP server in your network, connect to the hotspot via telnet, record the firmware image hidden behind 7 locks on the manufacturer's website, and then edit some parameters with your hands. Again, the logic of the web interface is not always clear and requires constant reference to the instructions. Of course, it is clear that such network equipment is installed and maintained by certified specialists, but why they should complicate life is a mystery to me.
The equipment Considered is intended for relatively small objects, such as schools, hospitals, hotel complexes or office buildings. Larger networks with tens of thousands of simultaneous connections are built on the same principles. With hands-on experience in building stadiums and sports facilities, Huawei uses the same technologies in entry-level equipment, where you can use VPN, fault tolerance, and all the interference prevention technologies that help you achieve high-density access point installations.
At the same time, compared to other network equipment, the Huawei AC6005-8 hardware controller has a fairly low cost, which allows it to compete with software platforms.
Mikhail Degtyarev (aka LIKE OFF)