Huawei Access Controller Unit 2 is a value-added service unit used on a chassis switch and provides access control capabilities on WLAN networks of large enterprises. A chassis switch with an ACU2 provides both wireless and wired service capabilities, reducing space occupied and cables in equipment rooms and lowering network construction cost.
• 40 Gbit/s forwarding capability
• 2048 access points
• 32K users
• 1+1 hot backup
|1||USB interface||1||Connects to a USB flash drive to transfer configuration files.|
|2||Console interface||1||Provides a serial interface. To configure the ACU2 locally, you can log in to the local ACU2 by connecting a cable between the serial interface on the host and the console interface on the ACU2.|
|3||Console interface||1||Provides a GE interface. To configure the ACU2, you can log in to the ACU2 through Telnet.|
|4||GE interface||3||Reserved interface|
High access capacity and processing capability
An ACU2 can manage a maximum of 2048 APs (packet forwarding over 2048 tunnels) and supports a maximum of 32K STAs.
The ACU2 provides nearly 40 Gbit/s line-speed forwarding capacity.
Independent service unit, facilitating centralized deployment and capacity expansion
The ACU2 provides access control capabilities on an enterprise wireless network. An aggregation switch with ACU2s provides both wireless and wired service capabilities, reducing space occupied and cables in equipment rooms and lowering network construction cost.
You can install multiple ACU2s on a switch to manage Nx2048 APs. (N is the number of ACU2s.)
Flexible user policy management and authority control capabilities
The ACU2 implements per-user access control based on ACLs, VLAN IDs, and bandwidth limits sent from the RADIUS server.
You can define user groups for users of different rules and apply access control policies to the user groups. Access of users in a user group is controlled based on the ACL, user isolation policy, and bandwidth limit applied to the user group. You can configure inter-group user isolation or intra-group user isolation as required to implement access control.
Visualized WLAN network management and maintenance
The ACU2 and APs establish a fit AP+AC networking for centralized AP management, facilitating network management and maintenance. Huawei AC and AP products support standard Link Layer Discovery Protocol (LLDP), which helps display topology of wired and wireless networks for visualized management and maintenance.
|Board dimensions||35.56 mm x 380.00 mm x 378.45 mm (height x width x depth|
|Maximum power consumption||168 W|
|Board weight||3.2 kg|
|Processor||Two multi-core CPUs. Each CPU is configured with 16 cores. The dominant frequency is 600 MHz.
|DDR2 DRAM||16 GB (8 bit, 2 x 4 GB). Each CPU is connected to a 8-GB memory.|
|NAND FLASH||512 MB|
|Forwarding capability||40 Gbit/s|
Protocol and Management Capabilities
|Number of managed APs||2K|
|Number of access users||Entire device: 32K
Single AP: a maximum of 256 (depending on the AP model)
|Number of MAC address entries||32K|
|Number of VLANs||4K|
|Number of routing entries||16K|
|Number of ARP entries||32K|
|Number of multicast forwarding entries||2K|
|Number of DHCP IP address pools||256 IP address pools, each of which contains a maximum of 16K IP addresses
|Number of local users||1000|
|Number of ACLs||32K|
|Number of ESSIDs||8K|
|User group management||128 user groups
Each user group can reference a maximum of eight ACLs.
Each user group can associate with a maximum of 128 ACL rules.
Wireless Networking Capabilities
|Networking between APs and ACs||APs and ACs can be connected through a Layer 2 or Layer 3 network.
APs can be directly connected to an AC.
APs are deployed on a private network, while ACs are deployed on the public network to implement NAT traversal.
ACs can be used for Layer 2 bridge forwarding or Layer 3 routing.
|Forwarding mode||Direct forwarding (distributed forwarding or local forwarding)
Tunnel forwarding (centralized forwarding)
Centralized authentication and distributed forwarding
Before users are authenticated, tunnel forwarding is used. After users are authenticated, local forwarding is used.
|Wireless networking mode||WDS bridging:
Point-to-point (P2P) wireless bridging
Point-to-multipoint (P2MP) wireless bridging
Automatic topology detection and loop prevention (STP)
Wireless mesh network
Access authentication for mesh devices
Mesh routing algorithm
Go-online without configuration
|AC discovery||An AP can obtain the device's IP address in any of the following ways:
The AC uses DHCP or DHCPv6 to allocate IP addresses to APs.
DHCP or DHCPv6 relay is supported.
On a Layer 2 network, APs can discover the AC by sending broadcast CAPWAP packets.
|CAPWAP tunnel||Centralized CAPWAP
CAPWAP control tunnel and data tunnel (optional)
CAPWAP tunnel forwarding and direct forwarding in an extended service set (ESS)
Datagram Transport Layer Security (DTLS) encryption, which is enabled by default for the CAPWAP control tunnel
Heartbeat detection and tunnel reconnection
|Active and standby ACs||Enables and disables the switchback function.
Supports load balancing.
Supports 1+1 hot backup.
Supports N+1 backup.
The ACU2 is connected to an aggregation switch in chain or branched mode.
The ACU2 processes both control flows and data flows. Management flows must be transmitted over Control And Provisioning of Wireless Access Points (CAPWAP) tunnels. Data flows can be transmitted over CAPWAP tunnels or not, as required.
The CAPWAP protocol defines how APs communicate with ACs and provides a general encapsulation and transmission mechanism for communication between APs and ACs. CAPWAP defines data tunnels and control tunnels.
Data tunnels encapsulate 802.11 data packets to be sent to the AC.
Control tunnels transmit control flows for remote AP configuration and WLAN management.
Two forwarding modes are available according to whether data flows are transmitted on CAPWAP tunnels:
Direct forwarding: is also called local or distributed forwarding.
Tunnel forwarding: is also called centralized forwarding. It is usually used to control wireless user traffic in a centralized manner.
Typical Networking of the ACU2
Deployment of the ACU2 in a WLAN (AC + fit AP) networking:
Different from an individual case-shaped AC, the ACU2 is installed on a switch. The ACU2 supports two deployment modes:
Layer 2 chain deployment mode: as shown above in the left part of Figure
The ACU2 is installed on an aggregation switch to manage APs connected to the aggregation switch directly or through an access switch.
In this deployment mode, the network between aggregation switches (ACs) and APs is a Layer 2 network.
Layer 3 branched deployment mode, as shown above in the right part of Figure
The ACU2 is installed on an aggregation switch other than the aggregation switch connected to APs. APs communicate with the ACU2 through the local aggregation switch. In this deployment mode, the network between ACs and APs is a Layer 3 network.
In direct forwarding mode, wireless user service data is translated from 802.3 packets into 802.11 packets, which are then forwarded by an uplink aggregation switch.
The branched networking mode is often used on enterprise networks. Wireless user service data does not need to be processed by an AC, eliminating the bandwidth bottleneck and facilitating the usage of existing security policies. Therefore, this networking mode is recommended.
In tunnel forwarding mode, wireless user service data is transmitted between APs and ACs over CAPWAP tunnels.
Both control flows and service data flows are transmitted in CAPWAP tunnels. APs send data packets to the switch where the ACU2 is installed, and the ACU2 decapsulates the packets and forwards the packets.
Traffic from wireless users under all APs is aggregated to the AC through CAPWAP tunnels to implement centralized traffic control.