View PDF

The Airespace 4000 WLAN Switch is the cornerstone of Airespace’s award-winning Wireless Enterprise Platform, coordinating security, RF management, intrusion detection, Quality of Service (QoS) and mobility functions across an entire wireless network. It works in conjunction with Airespace Control System (ACS) Software, Airespace Access Points (APs) and third-party APs to provide network managers with a robust Wireless LAN (WLAN) solution that enables business-critical wireless applications. From voice and data services to location tracking, the Airespace 4000 provides the control, scalability, and reliability needed to build enterprise-scale wireless networks.

The Airespace 4000 comes in two models – the Airespace 4012, which provides 12 auto-sensing 10/100 Ethernet interfaces and the Airespace 4024, which provides 24 auto-sensing 10/100 Ethernet interfaces. The Airespace 4000 delivers wire-speed switching and optional industry-standard Power over Ethernet (PoE) on each 10/100 interface. PoE functionality can be used to power Airespace Access Points or any third-party 802.3af compliant device.

Application I – Direct Connect Access Points
Both Airespace and third-party APs can be directly connected to the 10/100 Ethernet interfaces on the Airespace 4000. The Airespace system provides seamless intra-subnet and inter-subnet roaming across these APs. The Gigabit Ethernet interfaces or Fast Ethernet ports on the Airespace 4000 can be used to connect the Airespace system to existing wire-line infrastructure for seamless network integration.

Application II – Appliance Mode Deployment
Access points can be directly connected to an existing LAN infrastructure, such as a Layer 2/3 switch or behind a router. These access points automatically connect to an Airespace 4000 using the Lightweight Access Point Protocol (LWAPP), an emerging Internet Engineering Task Force (IETF) standard. All traffic from the access points is subsequently tunneled to the appropriate Airespace 4000, which provides mobility, security, and RF management across an entire enterprise.

Application III – Hybrid Connectivity
The Airespace 4000 can simultaneously work in both appliance and direct connect mode, enabling IT managers to leverage the PoE benefits of the Airespace equipment where necessary. When used in hybrid mode, the Airespace 4000 provides the same wireless functionality to all access points throughout an enterprise, whether directly or indirectly connected to Airespace hardware.

Intelligent RF Management
AireWave Director Software, the industry’s only solution for intelligent RF management, comes embedded on all Airespace hardware, including the Airespace 4000 WLAN Switch and Airespace 4100 WLAN Appliance. AireWave Director Software uses patent-pending algorithms that detect and adapt to changes in the air space in real-time. These adjustments create the optimal topology for wireless networking in much the same way that routing protocols compute the best possible topology for IP networks.

Specific intelligent RF capabilities within the Airespace 4000 include:

• Dynamic channel assignment – 802.11 channels are adjusted to optimize network coverage and performance based on changing RF conditions.
• Interference detection and avoidance – The Airespace 4000 detects interference and recalibrates the network to avoid performance problems.
• Load balancing – The Airespace system provides automatic load balancing of users across multiple APs for optimum network performance, even under heavy load.
• Coverage hole detection and correction – AireWave Director Software detects coverage holes and attempts to correct them by adjusting the power output of APs.
• Dynamic power control – The Airespace 4000 dynamically adjusts the power output of individual APs to accommodate changing network conditions. This ensures predictable wireless performance and availability.

Air-tight Security
As wireless security is a chief concern of IT managers, Airespace designed the Airespace 4000 to adhere to the strictest level of security standards, including HIPAA and FIPS. The Airespace 4000 is the first product of its kind to receive FIPS 140-2 level 2 certification, making it the ideal platform for government and military installations.

The Airespace 4000 supports a wide variety of industry security standards, including IPsec VPNs with DES, 3DES and AES CBC, L2TP tunneling, 802.1X with multiple EAP types (PEAP, TLS, TTLS), WEP, WPA, and 802.11i (WPA2). The Airespace WLAN system was designed to provide complete protection from all RF-related security issues. As a result, it provides the industry’s best WLAN security, including rogue detection/location/containment, mobile VPNs, interference avoidance, IDS attack signature detection, user exclusion listing, protection from RF eavesdropping, and coverage area optimization.

Real-time Application Support
The Airespace WLAN system provides best-in-class performance to support real-time applications, such as voice. The 4000 enables rapid handoff between APs and between multiples switches, providing seamless mobility with no interruption in service to the client. Intelligent queuing and contention management schemes provide effective resource management of the air space. In addition, the Airespace 4000 supports Proactive Key Caching for real-time performance and seamless mobility when using 802.11i. Airespace also supports QoS capabilities that are WMM compliant and closely mirror the emerging IEEE 802.11e standard. Full compliance with the finished standard will be achieved via a software upgrade when the final standard is ratified.

Some additional highlights of the security features contained within the Airespace 4000 WLAN Switch include:

• VPN termination – An optional on-board security module supports IPsec encryption at rates up to two million packets per second.
• Identity-based security policies – IT managers have granular control over how users can use the wireless network and where they can roam.
• Rogue AP detection, location and suppression – The Airespace system detects rogue access points and allows IT managers to locate them and prevent users from associating with them.
• Airespace Intrusion Protection – It combines real-time RF monitoring along with advanced signature analysis to deliver comprehensive 24/7 wireless protection.
• Network Access Control (NAC) – The Airespace system has built-in client integrity checking and applications to ensure updated anti-virus software, OS patch updates and VPN software before WLAN access is granted.
• Secure mobility – The Airespace WLAN system enables security policies to follow users as they roam throughout an enterprise.
• Secure out of the box – As with all Airespace solutions, the Airespace 4000 WLAN Switch series ships with built-in X.509 certificates. This ensures that the system is completely secure from the moment it is turned on.

Seamless Mobility
The Airespace 4000 allows users to seamlessly roam between access points, across switches, and even across routed subnets. Security and QoS context information follows users wherever they roam, ensuring that mobility does not compromise performance, reliability, or privacy. The Airespace 4000 does not require any modifications to existing infrastructures or client devices to enable mobility (e.g., Mobile IP). As a result, the Airespace wireless system is easy to deploy, and cost-effective to own and operate.

Enterprise Reliability
In the event of an access point failure, the Airespace 4000 automatically adjusts power on adjacent access points to cover the area where the failed access point provided service. In the event of an individual switch failure, access points deployed in appliance mode automatically find a backup switch to ensure that wireless service remains available. Airespace 4000 WLAN switches can be deployed in an N+1 redundant topology, allowing enterprises to scale their wireless networks with peace of mind that they are protected from both hardware and software disruptions. Only the Airespace WLAN system allows users to control wireless deployment costs without sacrificing reliability.

The Standard for Wireless LANs
Airespace has revolutionized the wireless space by bringing simplicity to day-to-day wireless network operations. This includes automated tools for RF deployment and optimization, fault tolerance, comprehensive policy management for seamless network mobility, and an end-to-end framework for enterprise-wide security.

The Airespace 4000 provides a secure and reliable platform for building business critical wireless networks. By combining award-winning wireless functionality with PoE and other necessary wireline functions, the Airespace 4000 has set the standard for cost-effective enterprise wireless networking.

Specifications

Protocols and Standards

Wireless
802.11a, 802.11b, 802.11g

Wireline/Switching
IEEE 802.3 10Base-T, IEEE 802.3u 100Base-TX, IEEE 802.3z 1000Base-X, IEEE 802.3ab 1000Base-T, IEEE 802.3x flow control, IEEE 802.1Q VLAN Tagging, IEEE 802.1D spanning tree protocol, IEEE 802.3af

Data RFCs
RFC 768 UDP, RFC 791 IP, RFC 792 ICMP, RFC 793 TCP, RFC 826 ARP, RFC 1122 Requirements for Internet Hosts, RFC 1519 CIDR, RFC 1542 BOOTP, RFC 2131 DHCP

Security Standards
Wi-Fi Alliance WPA, IEEE 802.11i (WPA2, RSN), RFC 1321 MD5 Message-Digest Algorithm, RFC 2104 HMAC: Keyed Hashing for Message Authentication, RFC 2246 TLS Protocol Version 1.0, RFC 2401 Security Architecture for the Internet Protocol, RFC 2403 HMAC-MD5-96 within ESP and AH, RFC 2404 HMAC-SHA-1-96 within ESP and AH, RFC 2405 ESP DES-CBC Cipher Algorithm With Explicit IV, RFC 2406 IPSEC, RFC 2407 Interpretation for ISAKMP, RFC 2408 ISAKMP, RFC 2409 IKE, RFC 2451 ESP CBC-Mode Cipher Algorithms, RFC 2510 X.509 PKI Certificate Management Protocols, RFC 2511 X.509 Certificate Request Message Format, RFC 2560X.509 Internet PKI Online Certificate Status Protocol, RFC 2661 L2TP, RFC 3280 X.509 PKI Certificate and CRL Profile

Encryption
WEP and TKIP-MIC: RC4 40, 104 and 128 bits (both static and shared keys), SSL and TLS: RC4 128-bit and RSA 1024-bit and 2048-bit, AES: CCM, CCMP

Authentication, Authorization, and Accounting
IEEE 802.1X, RFC 2548 Microsoft Vendor-Specific RADIUS Attributes, RFC 2716 PPP EAP TLS Authentication Protocol, RFC 2865 RADIUS Authentication, RFC 2866 RADIUS Accounting, RFC 2867 RADIUS Tunnel Accounting, RFC 2869 RADIUS Extensions, RFC 3576 Dynamic Authorization Extensions to RADIUS, RFC 3579 RADIUS support for EAP, RFC 3580 IEEE 802.1X RADIUS Guidelines, RFC 3748 Extensible Authentication Protocol, Web based authentication

Management
SNMP v1, v2c, v3, RFC 854 TELNET, RFC 1155 Management Information for TCP/IP-based Internets, RFC 1156 MIB, RFC 1157 SNMP, RFC 1213 SNMP MIB II, RFC 1350 TFTP , RFC 1493 Bridge MIB, RFC 1643 Ethernet MIB, RFC 2030 SNTP, RFC 2616 HTTP, RFC 2665 Ethernet-like interface types MIB, RFC 2674 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering and Virtual LAN Extensions, RFC 2819 RMON MIB, RFC 2863 Interfaces Group MIB, RFC 3164 Syslog, RFC 3414 User-based Security Model (USM) for SNMP v3, RFC 3418 MIB for SNMP, RFC 3636 Definitions of Managed Objects for IEEE 802.3 MAUs, Airespace private MIBs

Management Interfaces
Web-based: HTTP/HTTPS
Command Line Interface: Telnet, SSH, serial port

Interfaces and Indicators
Network: 12 (AS4012) or 24 (AS4024) 10/100 Mbps Ethernet (RJ45 – link, activity)
  - optional Power over Ethernet: IEEE 802.3af
Uplink: optional 1000Base-SX or 1000Base-T interface Management Port: 10/100 Mbps Ethernet (RJ45 – link, activity)
Console Port: RS232 (DB-9 male, DTE interface)
Other Indicators: Status, 1000Base-X Activity, Alarm

Physical and Environmental
Dimensions (WxDxH): 17.4 x 12.8 x 1.75 in. (442 x 326 x 44.5 mm)
Weight: 12.5 lbs (5.7 kg)
Temperature:
  - Operating: 32 to 104°F (0 to 40°C)
  - Storage: -13 to 158°F (-25 to 70°C)
Humidity:
  - Operating humidity: 10 – 95%, non-condensing
  - Storage humidity: up to 95%
Input power: 100 – 240 VAC; 50/60 Hz
  - AS4012 with PoE: 2.3 A at 110 VAC, 1.15 A at 220 VAC; 253 W
  - AS4024 with PoE: 3.2 A at 110 VAC, 1.6 A at 220 VAC; 352 W
  - Without PoE: 0.5 A at 110 VAC, 0.2 A at 220 VAC; 50 W

Compliance
Safety
  - UL 60950-1:2003
  - EN 60950:2000
EMI and Susceptibility (Class A)
  - US: FCC Part 15.107 and 15.109
  - Canada: ICES-003
  - Japan: VCCI
  - Europe: EN 55022, EN 55024

Security
  - FIPS 140-2 level 2
  - HIPAA

"Wi-Fi®" and the Wi-Fi logo are the registered trademarks of the Wi-Fi Alliance and "Wi-Fi CERTIFIED," "Wi-Fi ZONE,"
"Wi-Fi Alliance," their respective logos, and "Wi-Fi Protected Access" are the trademarks of the Wi-Fi Alliance.