Product Overview
The RG-WS6008 high-performance wireless access controller (AC), developed by Ruijie Networks, is targeted for high-speed wireless networks. It can be deployed on a Layer 2 or Layer 3 network without any architecture or hardware device changes, delivering seamless and secure control over wireless networks.
The RG-WS6008 can manage up to 32 wireless access points (APs) by default. With licenses for capacity expansion, it can manage a maximum of 224 generic APs or 448 wall-mounted APs.
Through powerful centralized and visualized management and control over wireless networks, the RG-WS6008 can significantly simplify construction and deployment of wireless networks.
The RG-WS6008, adopting enhanced security and clustering technologies, offers identity-based networking services. Multiple ACs in a cluster can share a user database, allowing clients to seamlessly roam in different areas of a network. The cluster design guarantees the security and session integrity during roaming and smooth interaction of data and voice over Wi-Fi applications.
Product Features
Smart Wireless Experience
Intelligent Client Identification
The built-in Portal server of the RG-WS6008 can intelligently identify clients based on characteristics of the clients, and adaptively respond with a portal authentication page of the matching size and layout. Intelligent client identification eliminates the need to drag and resize a window, delivering users with a better intelligent wireless experience. This technology supports mainstream intelligent client operating systems including Apple iOS, Android, and Windows.
Fair Client Access
The RG-WS6008, together with Ruijie Networks' APs, provides the same access time for clients in compliance with IEEE 802.11g, 802.11n, 802.11ac, 802.11ax, and other standards. This resolves issues such as the long latency, slow speed, and low performance of APs caused by outdated NIC in clients or long distance between clients and APs. This also effectively improves the performance of low-speed clients, and ensures consistent and good wireless experience at the same location regardless of the client type.
Client Access Optimization
It can be used with Ruijie Cloud to monitor network-wide client behaviors and operating status, and obtain information such as the client signal strength and channel utilization through APs. With Wi-Fi client identification and access planning, it solves problems such as roaming stickiness and remote association, and achieves load balancing and improved network-wide wireless performance.
Intelligent Load Balancing
In a high-density environment, the RG-WS6008 can intelligently distribute clients connected to APs in real time based on the number of clients and traffic on each associated AP. This balances the traffic load, increases the average client bandwidth and QoS, and improves the availability of network connections. In addition to client-based and traffic-based intelligent load balancing, the RG-WS6008 also supports load balancing based on the frequency band. Most Wi-Fi devices use the 2.4 GHz band by default, but can achieve increased throughput in the 5 GHz band (IEEE 802.11a/n/ac/ax-compliant). Load balancing based on the frequency band enables dual-radio-capable clients to preferentially use the 5 GHz frequency band and guarantees a high-speed wireless experience for clients.
High Performance and Reliability
High Performance for Small- and Medium-sized Networks
The RG-WS6008 runs the RGOS system and can manage up to 7,168 clients and 448 APs simultaneously. It has a high-performance 4-core CPU. It can be used for small- and medium-sized networks, to set up a secure, efficient, and easy-to-manage wireless network.
Centralized/Distributed, Integrated, and Intelligent Forwarding
The RG-WS6008 can be deployed on a Layer 2 or Layer 3 network without changing the original network architecture. It constitutes an overall switching architecture with APs to facilitate control and processing of traffic on all APs. The intelligent local forwarding technology eliminates the traffic bottleneck of an AC.
With local forwarding technology, the RG-WS6008 can flexibly configure data forwarding modes for connected APs. That is, the RG-WS6008 can determine whether data needs to be forwarded through itself, or directly enters the wired network for local forwarding based on the network SSID and VLAN planning.
The local forwarding technology enables the RG-WS6008 to forward data that is sensitive to the delay and requires real-time high-performance transmission through a wired network. Facing high throughput of 802.11ac- and 802.11ax-compliant clients, this technology can greatly reduce the traffic forwarding pressure of the RG-WS6008 to better adapt to future wireless networks such as high definition (HD) Video on Demand (VoD) and Voice over Wireless Local Area Network (VoWLAN) transmission.
Intelligent RF Management
The RG-WS6008 enables an AP to perform on-demand RF scanning on a wireless network. The RG-WS6008 can scan wireless frequency bands and channels, identify unauthorized APs and wireless networks, and notifies network administrators of alarms, providing all-round protection in a security-sensitive environment.
Moreover, the RG-WS6008 can control the RF scanning function of APs in real time, and measure the signal strength and interference. It can dynamically regulate the traffic load, transmit power, RF coverage area, and channel allocation using software tools to maximize the AP coverage and capacity.
Network-wide Seamless Roaming
The RG-WS6008 supports the best-in-class AC cluster technology. Multiple RG-WS6008 controllers in a cluster can synchronize online connection information and roaming records of all clients in real time. When a client roams, the client can roam freely on the entire network based on shared client information and authorization information in the cluster. Furthermore, the client can roam seamlessly and securely, and keep the IP address and authentication status unchanged, so as to achieve fast roaming and voice support.
Abundant QoS Policies
The RG-WS6008 supports abundant QoS policies such as bandwidth limiting in multiple modes and preferential bandwidth guarantee for key data applications.
The RG-WS6008 supports bandwidth limiting based on the WLAN, AP, and STA, and provides Wi-Fi Multimedia (WMM) that defines priorities for different service data. Therefore, it implements immediate and quantitative transmission of audio and video data, and guarantees smooth application of multimedia services.
The multicast-to-unicast technology supported by the RG-WS6008 solves the video freezing problem caused by packet loss or long latency in Video on Demand (VoD) and other multicast applications on a wireless network. It enhances the experience in the use of multicast video services on a wireless network.
Wireless IPv6 Access
The RG-WS6008 fully supports IPv6 features, ensuring IPv6 forwarding on wireless networks. IPv4 and IPv6 clients can automatically connect to the RG-WS6008 through tunnels to provide IPv6 services on wireless networks.
Advanced AC Virtualization
The RG-WS6008 supports the cutting-edge AC virtualization technology. The technology can virtualize up to four ACs into one logical AC, realizing high reliability and capacity expansion without additional hardware devices.
- Simplified topology: All member ACs of the logical AC use the same IP address. Regardless of whether the logical AC connects to an AP or an authentication server, there is no need to assign an IP address to each member AC.
- Simplified configuration: Multiple member ACs can be managed as one AC. Any configuration of the master AC can be automatically synchronized to all member ACs.
- High reliability: N+M hot standby is supported. The breakdown of any AC will not affect the overall system.
- Smooth capacity expansion: The AP and client capacity can be expanded by adding a physical AC.
- Licensesharing: A license installed on any member AC of the logical AC can be shared by other member ACs.
Advanced Application Recognition and Policy Control
To simplify network management and protect wired and wireless network access, the RG-WS6008 supports advanced application identification and policy control technologies. The RG-WS6008 can be configured with different user objects, network objects, and VLANs for flexible policy control. In this case, there is no need to configure separate network policies for SSIDs, VLANs, and other objects.
Wired and wireless traffic is transmitted to the RG-WS6008 through the centralized/distributed, integrated, and intelligent forwarding technology, and then is managed by using application identification and control policies.
The RG-WS6008 supports application recognition and application-level QoS mapping technology for wireless clients. The RG-WS6008 in centralized forwarding mode applies Deep Packet Inspection (DPI) to packet characteristics to support over 2,500 applications. It can identify applications, collects statistics on applications, and employs QoS mapping, helping you understand the application usage on the network. Then QoS can be performed for application traffic.
For mainstream web BBS sites and search engines, the RG-WS6008 can audit and filter user posts and search contents, and allow or block data flows based on policies.
Flexible and Comprehensive Security Policies
Local Authentication
The RG-WS6008, with a built-in local user database and a built-in Portal server, authenticates wireless clients locally through web authentication. Local authentication eliminates the need to deploy an authentication server such as the external Portal server or RADIUS server. Moreover, this authentication mode simplifies the entire network architecture and greatly reduces the network construction cost, meeting requirements for secure access to small- and medium-sized wireless networks.
Client Data Encryption and Security
The RG-WS6008 supports a full range of data security protection mechanisms, including Wired Equivalent Privacy (WEP), and Temporal Key Integrity Protocol (TKIP), to ensure data transmission security on wireless networks.
Standard Communication Protocols
The RG-WS6008 communicates with APs over Control and Provisioning of Wireless Access Points (CAPWAP) tunnels and employs Datagram Transport Layer Security Version 1.0 (DTLS 1.0) for encrypted communication. This achieves isolation from a wired network and ensures confidentiality of real-time communication between the RG-WS6008 and APs. Additionally, the RG-WS6008 can use CAPWAP to control third-party APs in the future, facilitating network expansion as well as protecting existing investment.
Virtual AP Technology
With the virtual AP technology, the RG-WS6008 can allocate multiple SSIDs on a network. Network administrators can separately isolate and encrypt subnets or VLANs using the same SSID, and can configure the separate authentication method and encryption mechanism for each SSID.
AP Virtualization Technology
This technology enables one physical AP to be virtualized into multiple virtual APs, which can be managed by different wireless access controllers. Paired with Ruijie Networks' APs that has multiple uplink physical ports, the RG-WS6008 can isolate wireless data of different virtual APs on the same physical AP, realizing exclusive use of the private network and ensuring high security of critical services. For a physical AP with a single uplink port, AP virtualization technology allows the WLAN to be shared by multiple ISPs in public places such as airports and shopping malls. This fully utilizes AP, significantly reduces the cabling cost, and eliminates interference caused by excessive APs.
RF Security
The RG-WS6008 can be flexibly configured with the RF probe scanning mechanism to discover unauthorized APs or other RF interference sources in real time. It pushes corresponding alarms to the network management system (NMS) in real time, so a network administrator can monitor potential network threats and usage in each wireless environment at any time.
The RG-WS6008 supports advanced spectrum analysis and Wireless Intrusion Detection System (WIDS). It can use WIDS to detect malicious user attacks and intrusions in the early time, helping network administrators to proactively identify potential risks on a network and provide proactive defense and early warning against wireless attackers in the first instance.
Virus and Attack Prevention
The RG-WS6008 has various built-in security mechanisms to effectively protect a network against virus and network traffic attacks, reject unauthorized network access, and allow access from authorized clients. The security mechanisms include binding of IP addresses, MAC addresses, WLANs, and other elements, hardware ACL, and data stream-based rate limiting, so the RG-WS6008 is suitable for campus, hospital, and enterprise networks where access control of guests is strengthened and access of unauthorized clients is restricted.
Secure Client Access
The RG-WS6008 supports web authentication. Clients can complete the authentication process by using a browser.
It supports 802.1X authentication on clients to guarantee network security. Moreover, it ensures host security because the 802.1X authentication client is embedded on a host for access control. Unlike web authentication, 802.1X authentication is applicable to security-sensitive areas. Furthermore, IP addresses, MAC addresses, WLANs, and other elements can be bound after authentication. This ensures that only authorized clients can access the network.
Multiple Easy-to-Use Authentication Modes
The RG-WS6008 supports conventional web authentication and 802.1X authentication for monitoring network access behaviors. It also provides convenient authentication modes for customers based on actual scenarios, such as MAC authentication bypass (MAB), and SMS-based authentication.
When connecting to a network through MAB authentication, a wireless client only needs to enter the username and password upon first login. The username and password are no longer required when the wireless client is restarted and connected to the network.
When a guest accesses a wireless network through SMS-based authentication, an authentication page pops up. On the authentication page, the guest can register an account using the mobile number, and accesses the Internet using the username and password in the SM received.
Anti-ARP Spoofing
The ARP inspection function can effectively prevent increasing ARP gateway and ARP host spoofing attacks on a network, so as to ensure normal network access. Automatic IP-MAC binding can greatly save the labor cost and simplify management in dynamic or static IP allocation mode. An attacker may maliciously use scanning tools to flood ARP packets, which occupy network bandwidth and result in network congestion. To address this issue, the RG-WS6008 uses ARP rate limiting to control the rate of sending ARP packets.
Rogue AP Containment
Rogue AP containment can effectively detect unauthorized APs on a wireless network. The RG-WS6008 can instruct an AP to send a probe packet to surrounding APs and wait for a response. It can detect the unauthorized AP that does not send a response packet, thereby ensuring network-wide security.
DHCP Security
DHCP snooping enables the RG-WS6008 to allow only DHCP Reply messages from trusted interfaces, preventing a private DHCP server without the permission of an administrator. This is because the private DHCP server seriously affects IP address allocation and management, resulting in network access failures. With DHCP snooping configured, the RG-WS6008 can dynamically check source IP addresses of ARP packets to prevent ARP spoofing attacks and source IP address spoofing attacks in the environment in which the DHCP server dynamically allocates IP addresses.
Management Information Security
Through the Secure Shell (SSH) and Simple Network Management Protocol version 3 (SNMPv3), the RG-WS6008 encrypts management information in Telnet and SNMP processes, ensuring information security of management devices and preventing hackers from attacking and controlling devices. Telnet access control based on the source IP address means fine-grained device management and control. With this function, only the devices with IP addresses configured by administrators can connect to the RG-WS6008, enhancing network management security.
Rich Management Policies
Multiple Management Modes and Unified Management Platform
The RG-WS6008 supports the CLI and other management modes to implement centralized, effective, and low-cost planning, deployment, monitoring, and management of network-wide APs. The RG-Cloud, a unified management platform for wired and wireless networks developed by Ruijie Networks, manages APs uniformly. The RG-WS6008 together with Ruijie Cloud implements various wireless network management functions, including topology generation, AP working status monitoring, online client status monitoring, network-wide RF planning, client locating, security alarm, link load and device utilization monitoring, roaming record, and report output. The RG-WS6008 allows an administrator to monitor and manage the running status of the entire network in a data center.
Hierarchical AC Management
The h supports hierarchical AC management. A central AC uniformly manages hundreds of branch ACs, substantially simplifying wireless device management in the scenario with the headquarters and many branches. Hierarchical AC management has the following features:
- Unified management: The central AC uniformly upgrades the software of branch ACs and APs, and monitors the running status of each branch AP.
- High reliability: When a branch AC fails, branch APs can be taken over by the central AC, realizing fast failover and improving the reliability of the branch wireless network.
- License sharing: The branch AC can share the license installed on the central AC as required. A license can be installed on the central AC, and shared by all branch ACs on a network.
Eweb Management
The RG-WS6008 provides the Eweb, on which O&M personnel can complete wireless configuration easily, and manage the wireless network uniformly. On the Eweb, O&M personnel can manage APs and connected clients, limit the client rates, and restrict network access behaviors of the connected clients. With the Eweb, O&M personnel can plan, manage, and maintain wireless networks conveniently.