For Hong Kong, China

          H3C WX2500H Access Controller

          HomeProducts & TechnologyEnterprise ProductsWirelessH3C WX2500H Access Controller

          The H3C WX2500H wireless Access Controller (AC) is well designed and positioned for enterprise branch network. It features gateway and AC function integration, reducing the number of devices and TCO in network. It adopts the innovative Comware V7 platform (referred to as V7 hereafter). V7 comes with the standard granular user control management, comprehensive RF resource management, 7x24 wireless security control, fast layer-2 and layer-3 roaming, strong QoS and IPv4/IPv6 dual stack. V7 adds in various novel wireless technologies such as multi-core control plane, next generation CUPID wireless positioning technology, Bonjour and Hotspot 2.0. It also supports multiple network configurations such as cloud computing management and layered AC.

          In addition, the WX2500H provides abundant port types including two USB ports (WX2540H), which can be used to connect with other enterprise peripheral devices.

          H3C WX2500H series AC consists of three models: WX2510H, WX2540H and WX2560H. When paired with H3C Fit Access Point (AP), it serves as an ideal access control solution for WLAN access of enterprise branch network.

          802.11ac AP Management

          In addition to 802.11a/b/g AP management, the WX2500H series AC can work together with H3C 802.11ac-based APs to provide wireless access speed several times faster than a traditional 802.11a/b/g network. With 802.11ac large proximity which makes WLAN multimedia applications deployment a reality.

          Brand New Operating System

          WX2500H series AC is developed based on the latest H3C V7 platform. The new system sports significantly improvements in performance and reliability over the previous version, and is able to run the increasingly complicated network applications in the enterprise market. V7 features the following advantages:

          Multi-core control: V7 can adjust the ratio of control cores to the forwarding cores in the CPU to make the most out of CPU computing power and strike the balance between control tasks and forwarding tasks, while providing strong concurrent computing power.

          User mode multi-tasking: V7 adopts a completely new software privilege level system, where most network applications are executed in user mode, and allow each application runs a different task. Each task has its own dedicated resource and when a task fault occurs which will be isolated at its own space avoiding interruption of other tasks. This makes system run more securely and reliably.

          User task monitoring: V7 comes with task monitoring feature, in which all tasks are monitored. When a user task goes wrong, system will reload and application will quickly recover.

          New independent application upgrade: V7 supports independent application upgrade, where a single application module is upgraded instead of the whole operating system. This greatly reduces the number of system reboots compared with the previous version, keeping the upgrade secure and sustaining the network stability.

          Flexible Forwarding Modes

          In a wireless network of centralized forwarding mode, all wireless traffic is sent to an AC for processing which the forwarding capability of the AC may become a bottleneck. Especially on wireless networks where APs are deployed at branches, ACs are deployed at the headquarters, and APs and ACs are connected over a WAN. In this scenario, Distributed forwarding is more suitable. The WX2500H series AC supports both distributed forwarding mode and centralized forwarding mode and it can set SSID based forwarding as needed.

          Carrier-Class Wireless User Access Control and Management

          User-based access control is a key feature of WX2500H series AC. The WX2500H series AC comes with a user profile that serves as a configuration template to save predefined configurations. For different application scenarios, you can configure different items in a user profile, such as Committed Access Rate (CAR) and QoS policies.

          During authentication, an authentication server assigns a user profile to the device. If the user passes authentication, the device uses the configuration contents in the user profile to restrict the accessibility of resources of the user. When the user goes offline, the device disables the user profile. Thus, user profiles are applicable to online users rather than offline users and users that fail to pass authentication.

          The WX2500H series AC also supports MAC-based access control, which allows you to configure and modify the access rights of a user group or a particular user on an AAA server. The refined user rights control method enhances the availability of WLANs and facilitates access right assignment.

          MAC-based VLAN is another strong feature of the WX2500H series AC. The administrator can assign users (or MAC addresses) with the same attributes into the same VLAN and configure a VLAN-based security policy on the AC. This simplifies system configuration and refines user management to the per-user granularity.

          For security or accounting, the administrator may need to control the physical positions of wireless clients. The WX2500H series can satisfy this requirement. During authentication, the AC gets a list of permitted APs from the authentication server and then selects an AP for the requesting wireless client. In this way, the wireless client can only associate with that AP and thus its position is controlled.

          Layered AC Architecture

          Layered AC architecture is the brand new network configuration engineered by H3C to cater for the need of multi-layer network construction in the market. Layered AC employs the centralized management hierarchy similar to the large enterprise, where one core layer management AC associates with multiple local access layer ACs, and access layer ACs directly connects with underlying APs. Access layer ACs' mainly serve real-time applications such as AP access and data forwarding, while core layer ACs' mainly focus on non-realtime tasks such as management control and centralized authentication, and still retain the functions of connecting APs and forwarding data that typical ACs have. Core layer ACs are high performance ACs and are deployed in the convergence layer; access layer ACs can be comprised of standard ACs, all-in-one ACs (with router and DPI features), or wired and wireless ACs, and are deployed in parallel with existing network. Layered AC network construction model puts wired and wireless integration to the next level, and is applicable to large scale wireless network construction. Layered AC model maps naturally to the head quarter and branch deployment scenario, where core link bandwidth and core AC forwarding power no longer become a bottleneck. Core layer AC centralized control, access layer AC and lower level APs can be conveniently upgraded and synchronized automatically, and greatly simplifies version upgrade tasks. Access layer AC will be responsible for AP switching and significantly improves roaming performance.

          Intelligent Channel Switching

          In a WLAN, adjacent wireless APs should work in different channels to avoid channel interference. However, channels are very rare resources for a WLAN. There are a small number of non-overlapping channels for APs. For example, there are only three non-overlapping channels for the 2.4GHz network. Therefore, the key to wireless applications is how to allocate channels for APs intelligently.

          Meanwhile, there are many possible interference sources that can affect the normal operation of APs in a WLAN, such as rogue APs, radars and microwave ovens. The intelligent channel switching technique can ensure the allocation of an optimal channel to each AP, thereby minimizing adjacent channel interference. Besides, the real-time interference detection function can help keep APs away from interference sources such as radars and microwave ovens.

          Intelligent AP Load Sharing

          According to IEEE 802.11, wireless clients control wireless roaming in WLANs. Usually, a wireless client chooses an AP based on the Received Signal Strength Indication (RSSI). Therefore, many clients may choose the same AP with a high RSSI. As these clients share the same wireless medium, the throughput of each client is reduced greatly.

          The intelligent AP load sharing function can analyze the locations of wireless clients in real time, dynamically determine which APs at the current location can share load with one another, and implement load sharing among these APs. In addition to load sharing based on the number of online sessions, the system also supports load sharing based on the traffic of online wireless users.

          Layer 7 Wireless Intrusion Detection and Prevention Systems (WIDS / WIPS)

          The WX2500H series AC supports the blacklist, whitelist, rogue device defense, bad packet detection, illegal user removal, upgradeable Signature MAC layer attack detection (DoS attack, Flood attack or man-in-the-middle attack) and counter measures.

          With the built-in knowledge base in WX2500H, you can perform timely and accurate wireless security decisions. For determined attack sources such as rogue AP or terminals, you can perform visible physical location monitoring and switch physical port removing.

          With H3C firewall/IPS device, network infrastructure can also implement layer 7 security defense in wireless campus, covering wired (802.11) and wireless (802.3) secure connections on an end-to-end basis.

          New Wireless Intelligent Application Aware (WIAA)

          Wireless Intelligent Application Aware Feature (wIAA) provides a user role based application layer security, QoS and forwarding policy for wired and wireless users. With wIAA, administrator can specify websites users’s browsing, application protocols (HTTP, FTP) they use and bandwidth they are allocated. Compared with V5 AC, the V7 AC comes with Deep Packet Inspection (DPI) capability, expanding application detection and detailed statistics. Previous V5 AC detection was based on layer 4 Ethernet protocol (e.g. 80 maps to HTTP, 20/21 maps to FTP, 8000 maps to QQ and so on), which can be easily circumvented by agents while the new V7 AC is based on layer 7 characteristics of Ethernet protocols, as well as the typical packet signature to implement a more precise recognition and complete restriction. With DPI, administrator can instead of prohibiting user visit all e-commerce websites but to set restriction on a per-website basis (such as JD, Taobao, Yihaodian). This simplifies configuration and improves productivity.

          Reliable Gateway Function

          The WX2500H series AC integrates gateway and AC function and is targeted at SME or branch gateways. WX2500H series AC supports PPPoE, NAT, dynamic IP address, and static IP address setting function. It also supports Bonjour Gateway, which helps enterprise to easily manage and control Apple devices, such as AirPrint printers, Apple TVs, iPad and more.

          Hardware Specifications





          Dimensions (WxDxH)



          330 mm *230 mm *43.6 mm





          Wireless throughput





          WAN 1*GE + LAN 4*GE(PoE+) + 1*USB+ 1*SD Card slot

          WAN 1*GE/SFP Combo + LAN 4*GE + 2*USB

          WAN 2*GE + LAN 4*GE/2*GE SFP Combo + 1*USB + 1*SD Card slot

          Power supplies

          100V AC~240V AC;50/60Hz

          Operating and storage



          Operating and storage relative humidity


          Safety Compliance

          UL 60950-1

          CAN/CSA C22.2 No 60950-1

          IEC 60950-1

          EN 60950-1/A11

          AS/NZS 60950

          EN 60825-1

          EN 60825-2


          FDA 21 CFR Subchapter J


          ETSI EN 300 386 V1.3.3:2005

          EN 55024: 1998+ A1: 2001 + A2: 2003

          EN 55022 :2006

          VCCI V-3:2007


          EN 61000-3-2:2000+A1:2001+A2:2005

          EN 61000-3-3:1995+A1:2001+A2:2005

          AS/NZS CISPR 22:2004

          FCC PART 15:2005

          GB 9254:1998

          GB/T 17618:1998


          ≥154 years

          Software Specifications






          Basic functions

          Number of managed APs by default


          Size of license




          Maximum number of managed APs




          Maximum configurable number of APs





          802.11 Protocols

          Multi-SSID (Per RF)


          SSID hiding

          11G protection

          11n only

          Use number limit

          Supported: SSID based, per RF based



          Multi-country code assignment

          Wireless user isolation


          VLAN based wireless users 2-layer isolation

          SSID based wireless user 2-layer isolation

          20MHz/40MHz auto-switch in 40MHz mode

          Local forwarding

          Local forwarding based on SSID+VLAN


          Auto AP serial number entry

          AC discovery (DHCP option43, DNS)

          IPv6 tunnel

          Clock synchronization

          Jumbo frame forwarding

          AP dual uplink tunnel connection

          Assign basic AP network parameter through AC

          Supported: Static IP, VLAN, connected AC address

          L2/L3 connection between AP and AC

          NAT traversal between AP and AC


          Intra-AC, Inter-AP L2 and L3 roaming

          Inter-AC, Inter-AP L2 and L3 roaming

          GW feature




          SSL VPN

          IPSEC VPN



          Access control

          Open system, Shared-Key

          WEP-64/128, dynamic WEP




          √(11n recommended)


          SSH v1.5/v2.0

          Wireless EAD (End-point Access Domination)

          Portal authentication

          Supported: Remote Authentication, external server

          Portal page redirection

          Supported: SSID based, AP Portal page push

          Portal by-pass Proxy

          802.1X authentication


          Local authentication

          802.1X, Portal, MAC authentication

          LDAP authentication

          802.1X and Portal

          EAP-GTC and EAP-TLS supported by 802.1X login

          AP location-based user access control

          Guest Access control

          VIP channel

          ARP attack detection

          Supported: Wireless SAVI

          SSID anti-spoofing

          SSID+user name binding

          AAA server selection based on SSID and domain

          AAA server back up

          Local AAA server for wireless user



          Priority mapping

          L2-L4 packet filtering and traffic classification

          Rate limit

          Supported with granularity of 8Kbps


          Bandwidth limit based on AP

          Access control based on user profile

          Intelligent bandwidth limit (equal bandwidth share


          Intelligent bandwidth limit (user specific)

          Intelligent bandwidth guarantee

          Supported: Free flow for packets coming from every SSID

          When traffic is not congested, and guarantee a minimum

          bandwidth for each SSID when traffic is congested

          QoS Optimization for SVP phone

          CAC(Call Admission Control)

          Supported: based on user number/bandwidth

          End-to-end QoS

          AP upload speed limit

          RF management

          Country code lock

          Static channel and power configuration

          Auto channel and power configuration

          Auto transmission rate adjustment

          Coverage hole detection and correction

          Load balancing

          Supported: based on traffic, user & frequency (dual-frequency supported)

          Intelligent load balancing

          AP load balancing group

          Supported: auto-discovery and flexible setting


          Static blacklist

          Dynamic blacklist

          White list

          Rogue AP detection

          Supported: SSID based, BSSID, device OUI and more

          Rouge AP countermeasure

          Flooding attack detection

          Spoof attack detection

          Weak IV attack detection


          Supported: 7-layer mobile security

          Layer 2 protocol

          ARP (gratuitous ARP)




          Broadcast storm suppression

          IP protocol

          IPv4 protocol

          Native IPv6

          IPv6 SAVI

          IPv6 Portal


          MLD Snooping

          IGMP Snooping

          Multicast group


          Multicast to Unicast (IPv4, IPv6)

          Supported: Set unicast limit based on operating environment

          Management and


          Network management

          WEB, SNMP v1/v2/v3, RMON and more

          Network deployment

          WEB, CLI, Telnet, FTP and more

          Green features

          Scheduled shutdown of AP RF interface

          Scheduled shutdown of wireless service

          Per-packet power adjustment (PPC)

          WLAN application

          RF Ping

          Remote probe analysis

          RealTime Spectrum Guard (RTSG)

          Wireless Intelligent Application Aware (wIAA)

          Supported/ Stateful Inspection Firewall

          Packet forwarding fairness adjustment

          802.11n packet forwarding suppression

          Access based traffic shaping

          Co-AP channel sharing

          Co-AP channel reuse

          RF interface transmission rate adjustment algorithm

          Drop wireless packet with weak signal

          Disable user access with weak signal

          Disable multicast packet caching

          Status blink(limited to some AP)

          New added feature

          Policy forwarding

          VLAN pool

          Bonjour gateway



          Hotspot2.0 (802.11u)



          Are you an H3C partner? Log in to see additional resources.
          You can find excellent H3C partners, or you can become one of them to build a
          partnership with H3C and share success together.