vWLC – Virtual Wireless Access Controller
Software analog of WLC series hardware wireless access controllers
New
Description
vWLC is a software-based wireless access controller for building corporate networks in large enterprises. One of the key advantages of the solution is a built-in software router, which allows the implementation of data and management traffic at the L2 and L3 levels, as well as firewalling functions for the corporate network.
It is a software analog of Eltex WLC series hardware wireless access controllers and it provides the same features and comparable performance:
- configuration of Wi-Fi networks (SSID);
- updating access point software;
- monitoring of access points operation and collecting statistics;
- user authentication and authorization;
- managing radio parameters and setting up seamless roaming;
- traffic routing and protection.
Eltex Wi-Fi 4, Wi-Fi 5 and Wi-Fi 6 access points are supported. The controller is preconfigured, requiring minimal time for implementation into the network infrastructure and initial configuration. The number of access points supported by the controller depends on the allocated resources of the virtual environment and the number of purchased licenses.
It runs on a Linux server on Oracle VirtualBox and VMware ESXi hypervisors. It is managed through a convenient web interface or CLI.
Supported devices
Wireless access point WEP-30L
Wireless access point WEP-1L
Wireless access point WOP-30LI
Wireless access point WEP-3L
Wireless access point WEP-2L
Wireless access point WEP-200L
Wireless access point WEP-3ax
Wireless access point WEP-2ac
Wireless access point WOP-2L
Wireless access point WOP-20L
Wireless access point WOP-30LS
Wireless access point WOP-30L
Wireless access point WOP-2ac
Functions
Journal
Access Points
Device Information
The controller is managed through a user-friendly web interface accessible from a browser or CLI. Tools are available for administrators to fine-tune network and Wi-Fi point parameters, monitor their operation and identify problems, manage authentication and configure radio parameters.
Routing
Provides flexible routing of traffic in a wireless network. Static and dynamic IPv4/IPv6 routing is supported: RIP, OSPF (v.2, v.3), BGP, IS-IS, VRF, PBR, MPLS, etc.
Network Security
Comprehensive wireless network protection system as well as modern security protocols WPA2/WPA3 in Personal and Enterprise versions are supported. Built-in firewall provides analysis by L2-L4 fields, trust zones, applications and unwanted traffic blocking.
Redundancy
Can be installed with 1+1 Active-Standby redundancy scheme. VRRP v2/v3 is supported to create fault-tolerant solutions. If the primary controller stops working, the backup controller will automatically take over the management of all AP.
RADIUS Profiles
Supports current WPA2/WPA3 encryption and authentication standards via external/local RADIUS server, as well as LDAP directories. Using vWLC, different access profiles for groups of users can be created.
AirTune Profiles
AirTune Sessions
Built-in AirTune service provides optimization of radio parameters of access points by dynamically adjusting channel selection and transmitter power depending on traffic load. The AirTune service provides seamless roaming in accordance with IEEE 802.11 r/k/v standards.
Access points management
- WPA/WPA2/WPA3 Personal1 authorization
- WPA/WPA2/WPA3 Enterprise1 authorization
- Open network with OWE1 encryption
System parameters
- Number of access points - 15
The number of access points can be extended up to 5000 according to the license.
1WPA3 is supported on WEP-3ax, WEP-3L, WEP-30L, WEP-30L-Z, WOP-30L, WOP-30LI, WOP-30LS.
The following requirements allow vWLC installation and initial startup with basic configuration:
- Processor: x86-64 architecture, clock speed at least 1.8 GHz Support for MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2 (Intel Nehalem or AMD Barcelona CPU generation or higher)
- RAM: At least 3 GB
- Disk space: At least 375 MB
- Hypervisors: VirtualBox version not lower than 6.0, WMWare Workstation/ESXi not lower than 6.7.0
- Supported I/O:
- Emulation: Intel E1000, Intel E1000E, VMXNET2, VMXNET3
- Paravirtualization: VirtIO
- PCI Pass-through: Intel XL710 Ethernet Controller (2x40/1x40/4x10/2x20/2x10/1x10), Intel X722 Ethernet Controller (2x10/4x10)
Documents and files
vwlc-1.30.6-build20 (Issue date: 14-11-2025)
ZIP, 118 Mb
mibs_1.30.6 (Issue date: 12-11-2025)
ZIP, 478 Kb
Firmware updates
Version 1.30.6
Revisions:
- Monitoring and management:
- CLI:
- snmp-server enable traps wlc-wids command to enable sending SNMP traps for WIDS events
- Functionality of converting 43 DHCP options from ASCII to hex has been implemented (format dhcp option-43 in the debug section)
- WEB:
- UI interface has been improved
- Monitoring
- WIDS log
- Sorting of configuration files by date has been improved
- Displaying the hostname on AP monitoring pages
- Date format in filters in the “Event Log” section has been changed
- Displaying the utilization and interference parameters in AP radio interfaces monitoring
- Configuration
- RADIUS server settings section
- VLAN settings section
- The configuration for portal authorization on AP has been implemented
- ARP suppression configuration in the radio profile (not supported for WEP/WOP-2ac, WEP-3ax, WEP-550K)
- WLC:
- Support for WEP-550K, WEP-30L-NB, WOP-3L-EX AP
- Synchronization of WLC logs during redundancy
- Support for portal authorization with Eltex-NAICE (for WEP-30L/WEP-30L-NB/30L-Z and WOP-30L/30LI/30LS)
- Support for redirecting CoA requests to radius-server local for portal authorization
- Monitoring
- Displaying the utilization and interference parameters in extended AP monitoring
- Unified format for displaying AP firmware in the show wlc ap firmware command
- show wlc journal info command for viewing summary information about WLC logs
- Units of measurement for speed in the show wlc ap interfaces <mac> output
- Configuration
- disconnect-on-reject command in portal-profile to disconnect the user upon Reject from RADIUS during MAB authentication (supported for WEP-30L/WEP-30L-NB/30L-Z and WOP-30L/30LI/30LS)
- http-auth-disable command in portal-profile to disable portal interaction with the AP via HTTP/HTTPS during user authorization
- neighbor-scan command in ap-profile to configure passive scanning has been extended for WEP-200L, WOP-20L, and WEP-3ax
- captive-adaptive command in ap-profile to enable portal authorization compatibility mode for iOS devices
- redirect-url-format command in portal-profile to specify the format of the user's MAC address and the format of the NAS ID in the redirect address when configuring portal authorization
- description command for user in radius-server local
- Configuring url-acl-profile and ipv4-acl in ap-profile and portal-profile to configure domain and IP address lists on the AP. The lists are used for unauthorized portal users
- Block of commands in ap-profile for configuring DAS parameters on the AP
- Block of commands in radius-server local for configuring DAS parameters used when redirecting CoA requests
- Ability to add a location name (location=<AP_LOCATION>) to redirect-url-custom in portal-profile
- Ability to redirect AAA RADIUS requests for different SSID to different servers
- The default value for the load-balance command in airtune-profile has been changed from “enabled” to “disabled”
- SNMP:
- OID eltWlcApInfoByMacTable (1.3.6.1.4.1.35265.1.224.1.3.2.7) is added to ELTEX-WLC-MIB which contains information about the AP indexed by MAC address
- OID eltWlcRadioRxUtilization (OID .1.3.6.1.4.1.35265.1.224.1.3.2.4.1.14) is added to ELTEX-WLC-MIB to view the RX disposal on the AP
- OID eltWlcRadioTxUtilization (OID .1.3.6.1.4.1.35265.1.224.1.3.2.4.1.15) is added to ELTEX-WLC-MIB to view the disposal TXT on the AP
- OID eltWlcRadioApInterferenceRatio (OID .1.3.6.1.4.1.35265.1.224.1.3.2.4.1.17) is added to ELTEX-WLC-MIB to view interference between Wi-Fi devices that operate on close but not completely independent channels
- OID eltWlcRadioCoChannelInterference (OID .1.3.6.1.4.1.35265.1.224.1.3.2.4.1.18) is added to ELTEX-WLC-MIB to view interference between Wi-Fi devices that operate on the same channel
- OID eltWlcRadioNoiseLevel (OID .1.3.6.1.4.1.35265.1.224.1.3.2.4.1.19) is added to ELTEX-WLC-MIB to view the noise level on the radio channel
- OID eltWlcRadioPacketErrorRate (OID .1.3.6.1.4.1.35265.1.224.1.3.2.4.1.20) is added to ELTEX-WLC-MIB to view the percentage of packets corrupted due to interference, weak signal, or collisions
- WIDS ladders are added to ELTEX-WLC-MIB
- OID eltexEnvMemoryAvailable (OID .1.3.6.1.4.1.35265.38.40.40.11) is added to ELTEX-GENERIC-MIB to view available memory
- Syslog:
- match process-name web command to filter WEB server events
- CLI:
- Security:
- Licensing:
- Increased license lifetime when ELM is unavailable
- Licensing:
Fixed:
- Erroneous termination of the lic-mgr service
- Bootloaders are not updated when updating firmware via the WEB
- After deleting radio-5g-profile, APs switch to Cfg failed status
- In ldap-profile, it is not possible to set ldap-server via a domain name
- Not all AirTune sessions are displayed
Previous versions
Version 1.30.4
Revisions:
- Implemented synchronization of AP firmware in the backup scheme
- Monitoring and management:
- Addedcritlog directory to show tech-support command output
- WEB:
- Full audit of administrator actions in the WEB interface via TACACS+ / RADIUS
- Optimized operation of WEB server when operating with clients and AP
- Improved adaptation of the WEB interface to different screen resolution
- Monitoring
- Filtering on the "Access points" and "Clients" pages
- Pagination when displaying data on the "Access points", "Clients", "Event log" pages
- CPU load graph
- Client IP address on client monitoring pages
- "VLAN number" column in the virtual access points table
- "Range" column in the clients table
- Monitoring of the 802.11v parameter on the "Roaming data" page
- Client IP address changed check-box in the client log
- Unified pop-up windows and snack bars when operating with tables
- Configuration
- Portal authorization settings
- Ability to limit the traffic speed (clients, VAP, broadcast, multicast)
- Configuring the 82 DHCP option on AP in radio profile
- Configuring the 802.11v in the AirTune profile
- Configuring the "Country code" in the AP profile to comply with local restrictions on channels and transmitter power corresponding to the selected country
- Changed order of settings in the SSID profile
- Configuring the IEEE 802.11 n/ac, a/n/ac modes for 5 GHz radio interface in the individual AP settings
- WLC:
- wlc-journal storage command to transfer WLC logs to HDD
- Optimized AP connection speed
- Optimized AP connection stability
- Monitoring
- Display the "VLAN" in the show wlc ap vap command output
- Display the range in which the client operates in the show wlc clients command output
- Display the ap-location in the AP log(show wlc journal ap)
- Display the band in the AP log (show wlc journal client)
- Configuration
- country-code command in the ap-profile to comply with local restrictions on channels and transmitter power corresponding to the selected country
- The maximum size of WLC logs is limited to 90 days. When updating to 1.30.4 firmware version, the size of existing logs will be automatically reduced
- Configuring the MQTT positioning for WEP-1L, WEP-2L, WOP-2L, WEP-3L
- Configuring the WIDS/WIPS for WEP-200L and WOP-20L
- neighbour-scan command in the ap-profile for configuring passive scanning on WOP/WEP-30L, WEP-30L-Z, WOP-30LS, WOP-30LI
- show wlc statistics command block for displaying statistics on clients and AP events
- arp suppression command for configuring ARP conversion
- lldp-server command block in ap-profile/services for configuring LLDP
- lldp command block in ap-profile/trace for configuring LLDP logging
- Ability to add NAS IP to the redirect address when configuring portal authorization via RADIUS
- Processing of deauth-attack in WIDS
- load-balance roaming clients max/min commands in airtune-profile for configuring the maximum/minimum number of users during balancing
- 802.11r cross-location-roaming command in AirTune settings to enable 802.11r roaming between locations
- Syslog:
- syslog web-commands for logging actions on WEB
- logging wlc-events/logging wlc-journal command for enabling WLC logs to syslog server
- SNMP:
- Optimization of WLC tables
Fixed:
- Duplication of wireless client sessions in the WEB
- Incorrect status when ending a session in the WEB
- Error "RRM:rrm request for start optimization, location '<location name>' failed, reason: 'failure from airtune api'" when starting AirTune optimization for location
- Reason for the "RRM:Cannot backup domains info: 'malformed answer from airtune api'" log
- AP status change to the "Cfg failed" after deleting radio-2g-profile/radio-5g-profile
- AP status change to the "Failed" due to: "CoA timeout expired" when switching to the backup controller
- Service wlc_gre error termination
- Problem with obtaining an IP address via DHCP for clients using Broadcast check-box in the tunneling scheme
- Reason for the "IS_NE check failed: stat_map->entry_sz (170 != 8) !!! on WLC-3200" log
- Error when entering the path of external media for storing IPS rules
- Error "PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1" due to the use of uppercase letters in the OpenVPN server configuration
- Traffic classification by match access-group and DSCP
- show mac address-table command output when WLC is operating in a client traffic tunneling scheme
- Allowed to specify the user name as a MAC address in the access profile
- IPsec tunneling with XAuth authorization
- Speed of SoftGRE tunnel establishment with LLDP enabled
- Error in the show wlc ap detailed command output when using 40 MHz radio channel width
- Error ESRinfo_wlc_service_activator_aps_MAX when requesting VAP
Version 1.30.2
Revisions:
- Monitoring and management:
- CLI:
- Added logging radius command to enable RADIUS server logs
- Added alarm enable journal command block for independent configuration of trap sending and alarm logging
- WEB:
- Configuration
- NAS ID configuration in radius-profile
- MAC authorization configuration in ssid-profile
- Configuration
- Syslog:
- Syslog messages filtering for RADIUS servver (match process-name radius-server)
- SNMP:
- eltWlcApVapTable (OID .1.3.6.1.4.1.35265.1.224.1.3.2.6) table in ELTEX-WLC-MIB, which contains information about enabled VAPs on AP
- OID eltWlcRadioUtilization (OID .1.3.6.1.4.1.35265.1.224.1.3.2.4.1.13) is added to ELTEX-WLC-MIB to get the value of the current radio channel utilization
- CLI:
Fixed:
- NAS IP replacement when proxying RADIUS accouting
- Monitoring of clients running on WOP-30LI AP
- Incorrect displaying of Uptime parameter on clients page in WEB
- Incorrect displaying of band on show wlc clients ap command output
- Ap-location field displaying when AP is in Upgrading FW status
- Work of show wlc ap command output
- Uploading files via FTP if special characters are present in name
Version 1.30.1
Revisions:
- Active-Standby clustering functionality for WLC
- Integration with ECCM
- Monitoring and management:
- Syslog:
- Syslog messages filtering for WLC services (match process-name wlc)
- SNMP:
- eltWlcApSaTable (OID .1.3.6.1.4.1.35265.1.224.1.3.2.5) table in ELTEX-WLC-MIB, which consists information about unregistered AP
- eltWlcClientInfoTable (OID .1.3.6.1.4.1.35265.1.224.1.3.3.4) table in ELTEX-WLC-MIB, which contains information about clients connected to the WLC
- WEB:
- WEB server transfer to VRF
- Syslog:
- Security:
- Download encrypted keys
- WLC:
- Monitoring:
- Displaying the frequency range in thе show wlc clients command output
- Configuration:
- session password auth-password command to use RADIUS key as a password for mach-auth for portal authorization
- session password mac <MAC FORMAT> command to use client MAC address in the selected format as a password for mac-auth for portal authorization
- Time zone setting on AP. Time zone is taken from the device configuration if it is not set in the location
- proxy-https command to enable encrypted exchange between client and AP for portal authorization
- crypto cert and crypto private-key-password commands to select a certificate in portal authorization and to specify the certificate password
- radar command block in ap-profile to configure positioning by MQTT protocol
- Monitoring:
Free
Monday to Friday (GMP +7)
Support
Request
Hit
Monday to Friday
Monday to Friday (GMT +3)
Request