Interfaces
- 1000BASE-X/10GBASE-R/25GBASE-R (LAN/WAN) - 12
- OOB - 1
- Console (RJ-45) - 1
- USB 2.0 - 1
-
HDD slot - 1
- microSD card slot - 1
System features
- Access points number1 - 1000
-
Maximum clients number - 30000
-
VPN tunnels - 500
-
Static routes - 11K
-
Concurrent sessions - 512 K
-
VLAN support - up to 4К active VLANs according to 802.1Q
-
BGP routes - 5 M
-
OSPF routes - 500 K
-
RIP routes - 10 K
-
MAC table - 16К entries per bridge
-
FIB size - 1.7 M
-
VRF - 32
Access points management
- WPA/WPA2/WPA32 Personal
-
WPA/WPA2/WPA32 Enterprise
-
OWE1 open network
-
Local collecting of user account information3
-
Collecting user account information to an external RADIUS server
-
IEEE 802.11r/k/v standard seamless roaming
-
Integration with external portals4
-
Automatic management of radio environment resources
-
Access point authorization by certificate
Supported access points
- WEP-1L
-
WEP-2L
-
WEP-200L
-
WEP-2ac
-
WEP-2ac Smart
-
WEP-3ax
-
WEP-30L
-
WEP-30L-Z
-
WOP-2ac
-
WOP-2ac rev.B
-
WOP-2ac rev.C
-
WOP-2L
-
WOP-20L
-
WOP-30L
Switching
- Up to 4094 VLAN (802.1Q)
-
Voice-VLAN
-
Q-in-Q (802.1ad)
-
MAC-based VLAN
-
Bridge domain
-
LAG/LACP (802.3ad)
-
Port-security, protected port
-
Jumbo-frames
MPLS
- LDP
-
L2VPN VPWS
-
L2VPN VPLS Martini Mode, Kompella Mode
-
L3VPN MP-BGP (Option A, B, C)
-
L2VPN/L3VPN over GRE, DMVPN
-
Transparent transfer of service protocols
Routing
BGP:
- Address family: IPv4, IPv6, VPNv4, L2VPN, IPv4 label- unicast, Flow-spec
-
Flexible management of route information by attributes. Support for Conditional Advertisement, Route Aggregation and Local-AS mechanisms
-
High scalability and configuration flexibility: support for peer-group, dynamic neighbor, as-range and
-
Route-reflector
-
Fall over based on BFD and Fast Error Peer Detection
-
Graceful restart
-
Authentication
-
Flexible redistribution from/to BGP process of other protocol routes
-
Ability to run up to 64 processes simultaneously
-
ECMP
-
Support for policy-based routing
OSFP(v3):
- Different types of zones: Normal, Stub, Totally stub, NSSA, Totally NSS
-
Operation in different types of networks: Broadcast, NBMA, Point-to-point, Point-to-multipoint, Point-to- multipoint non-broadcast
-
Summarization and filtering of route information
-
Authentication
-
ECMP
-
Passive interface
-
Flexible redistribution from/to OSPF process of other protocol routes
-
Ability to run up to 64 processes simultaneously
-
Support for BFD
-
Auto cost calculation mechanism
-
Support for policy-based routing
IS-IS:
- Operation in different types of networks: Broadcast, Point-to-point
-
Setting the neighbourhood of L1/L2 layers
-
Мetric style: narrow, wide, transition
-
Authentication
-
Filtering of route information
-
Flexible redistribution from/to IS-IS process of other protocol routes
-
Ability to run up to 64 processes simultaneously
-
Support for policy-based routing
RIP(ng):
- Operation modes (RIP only): Broadcast, Multicast, Unicast
-
Summarization and filtering of route information
-
Managing route metrics
-
Authentication
-
Passive interface
-
Flexible redistribution from/to RIP process of other protocol routes
-
Support for policy-based routing
Static:
- Support for BFD
-
Recursive search
-
Managing route metrics
-
Ability to select the option of notifying the sender when traffic is blocked
Quality of Service (QoS)
- Up to 8 priority or weighted queues per port
-
L2 and L3 traffic prioritization (802.1p (CoS), DSCP, IP Precedence (ToS))
-
Hierarchical QоS
-
Queue management: RED, GRED, SFQ, CBQ, WFQ, WRR
-
Session labeling
-
Bandwidth management (policing, shaping)
IPsec
- Policy-based and route-based modes
-
Incapsulation modes: tunnel and transport
-
Authentication pre-shared key, public key, xauth (ikev1 only), eap (ikev2)
-
Support for mobike (ikev2 only)
-
Support for ike ikering
Remote Access
- PPTP, L2TP over IPsec, OpenVPN, WireGuard
-
PPPoE-/PPTP-/L2TP client
-
User authentication
-
Connection encryption
Security
- Access Control Lists (ACL) based on L2-/L3-/L4 fields
-
Zone-based Firewall in two modes: stateful и stateless.Rule triggering logging, counters
-
Filtering by applications
-
Protection against DoS-/DDoS-/Spoof attacks and their logging
-
Intrusion Detection/Prevention system (IPS/IDS) and their logging5
-
Signature analysis via IPS in two modes: transit and mirrored traffic analysis5
-
Interaction with Eltex Distribution Manager to obtain licensed content: rule sets provided by Kaspersky SafeStream II6
Monitoring and management
- Support for standard and extended SNMP MIB, RMONv1
-
Zabbix agent/proxy
-
Authentication methods: RADIUS, TACACS+, LDAP
-
Protection against configuration errors, automatic configuration recovery
-
CLI, Syslog
-
System resource usage monitoring
-
Ping, monitor, traceroute (IPv4/IPv6), packet information in the console output
-
Firmware upgrade, configuration upload and download via TFTP, SCP, FTP, SFTP, HTTP(S)
-
Support for NTP
-
Netflow v5/v9/v10 (exporting of URL statistics for HTTP, host for HTTPS)
- Local control via RS-232 (RJ-45) and OOB
- Remote control via WEB, Telnet and SSH (IPv4/IPv6)
-
LLDP, LLDP MED
-
Local/remote router configuration storage
SLA
- SLA-responder for Cisco-SLA-agent
-
Eltex SLA:
-
Delay (one-way/two-way)
-
Jitter (one-way/two-way)
-
Packet loss (one-way/backward/two-way)
-
Packet Error Rate
-
Out-of-order delivery (one-way/backward/two-way)
Redundancy
- VRRP v2, v3
-
Tracking based on VRRP or SLA test
-
Managing VRRP parameters
-
Managing PBR parameters
-
Managing the administrative status of the interface
-
Activating and deactivating a static route
-
Managing AS-PATH and preference attributes in a route-map
-
DHCP failover to reserve the IP address database issued by the DCHP server
-
Failover Firewall to reserve Firewall and NAT sessions
-
MultiWAN
-
Dual-Homing
Services
- DHCP client, DHCP server
-
DHCP Relay Option 82
-
DNS resolver
-
NTP
-
TFTP server
-
E1/multilink, modems
BRAS (IPoE)5
- Subscriber termination
-
White/black URL lists
-
Quotas for traffic volume, session time, network applications
-
HTTP/HTTPS Proxy
-
HTTP/HTTPS Redirect
-
Session accounting via Netflow protocol
-
Interaction with AAA, PCRF servers
-
Bandwidth management by offices, SSIDs and user sessions
-
User authentication by MAC or IP address
Physical specifications and environmental parameters
- RAM - 24 GB DDR4
-
Flash memory - 8 GB eMMC
-
Maximum power consumption - 118 W
-
Power supply:
- 100–240 V AC, 50–60 Hz
- 36–72 V DC
- up to 2 hot-swappable power modules
-
Operating temperature - from -10 to +45 °C
-
Storage temperature - from -40 to +70 °C
-
Operating humidity - no more than 80%
-
Storage humidity - from 10 % to 95%1
-
Dimensions (W × H × D) - 430 × 44 × 330 mm
-
Weight - 6.1 kg
-
Lifetime - no less than 15 years
1Expansion of access points number is available under license: up to 100 APs for WLC-15
2 Supported for WEP-3ax, WEP-30L, WEP-30L-Z, WOP-30L, WOP-30LS APs.
3 The features will be available in future firmware versions.
4 Operation with WNAM Netams, Cisco ISE is tested.
5 Activated by the license
6 Rule sets are available by subscription. The minimum subscription period is 1 year.