DATA SHEET www.brocade.com BROCADE MOBILITY RFS4000 WLAN CONTROLLER

CAMPUS Integrated Wireless Services for NETWORK Remote Offices and Small-to- Medium Deployments

HIGHLIGHTS Supporting today’s remote office hotspot services for guests. A real-time • Integrated data, voice, and video provides requirements calls for tight integration locationing system for Wi-Fi and RFID a cost-effective Wireless LAN (WLAN) of wired, wireless, and network security provides centralized asset tracking and ® platform for remote offices and small features. The Brocade Mobility RFS4000 monitoring. USB storage ensures seamless enterprises Controller integrates all three of these software image distribution. critical networking features into a compact • Advanced networking services enable and easy-to-use form factor, enabling FASTER ROI higher productivity and Return on organizations to create resilient remote This best-in-class Wireless LAN (WLAN) Investment (ROI) office networks using a single platform. solution accelerates ROI by delivering • Always-on secure networking helps numerous advanced features without The Brocade Mobility RFS4000 cost- ensure remote services reliability requiring additional licenses. Redundant effectively extends 802.11n capabilities wireless controllers share AP licenses, • Built-in Smart RF intelligence eliminates to remote offices and smaller enterprises which increases capacity without adding the need for local IT support by supporting up to 36 Brocade Mobility incremental costs. Brocade dual-purpose • Integrated control optimizes advanced Access Points (APs). The Brocade Mobility APs provide wireless traffic and dedicated voice and video services RFS4000 also provides multiple value- dual-band sensing, which eliminates the added and productivity applications. An • Wireless WAN (WWAN) ExpressCard slot need to purchase and manage a dedicated integrated customizable secure guest provides backup for Internet connections sensing infrastructure—and provides a access application with distributed or greener and more cost-effective approach • Virtual LANs (VLANs) accelerate device centralized authentication allows small to 24×7 security. and network performance enterprises and remote offices to provide • Unified wired/wireless network management reduces complexity NON-BLOCKING, HIGH-PERFORMANCE or Active/Standby configurations. In the BROCADE HYPEREDGE 802.11n ARCHITECTURE event of a WAN outage, a redundant ARCHITECTURE An adaptive architecture enables two 3G ExpressCard helps ensure access The Brocade HyperEdge™ Architecture modes of operation without changing to Internet services by providing WWAN brings campus networks into the modern the firmware—as a standalone AP or backhaul options. era to better support mobility, security, as a wireless controller-adopted AP for and application agility. This evolutionary centralized management. Standalone SECURE NETWORKING IS ALWAYS ON architecture integrates innovative or controller-adopted APs forward traffic In addition, the Brocade Mobility RFS4000 wired and wireless technologies to directly to the next AP via the best-quality secures both wireless and wired networks with: streamline application deployment, path with full Quality of Service (QoS) simplify network management, and and security, minimizing wired traffic • Smart RF management of the network reduce operating costs. to eliminate controller bottlenecks and and location management The HyperEdge Architecture enables single points of failure, while accelerating • Extensive authentication and encryption organizations to build networks that are: application performance. Each element of support the network is aware of other elements and • Security (IPSec) Virtual • Agile: By eliminating Spanning Tree their status, and they all work together to Private Network (VPN) gateway Protocol (STP) between HyperEdge find the best routes through the network for Domain switches through a flatter Layer maximum performance. While controllers • Secure guest access with captive 2 design, the HyperEdge Architecture are still used to manage, direct, and scale Web portal increases link utilization and reduces the network, individual transmissions • Hyper-fast secure roaming application deployment complexity. The can take place via the shortest path. By • Integrated stateful Layer 2-7 wired/ Distributed AP Forwarding functionality harnessing the power of Brocade Mobility wireless of Brocade wireless Access Points (APs) adaptive APs, the network performs better, efficiently secures and directs mobile needs fewer wireless controllers, and • Integrated Intrusion Detection System traffic at the network edge without increases ROI. (IDS)/Intrusion Prevention System tunneling data back to a central (IPS) engine for rogue detection and controller at the network core. UNMATCHED RELIABILITY— containment • Automated: By grouping premium and HITLESS FAILOVER • Multiple locationing technologies such as entry-level switches with intelligent The Brocade Mobility RFS4000 comes Wi-Fi and RFID wireless APs into a consolidated with multiple features to help ensure • Resiliency via 3G/4G WWAN backhaul management domain, HyperEdge the reliability and survivability of remote Domains eliminate the need to networking services in virtually any The integrated IDS/IPS provides defense provision and manage devices situation. The controller protects against against over-the-air attacks by leveraging individually—simplifying network AP and mesh node failure with Smart RF, a the dual-band Brocade Mobility APs. deployment and management. feature that keeps users connected to the Each AP can be virtualized into four • Cost-effective: The HyperEdge network with automatic Radio Frequency unique BSSIDs, which can be customized Architecture enables the propagation (RF) optimization and self-healing. The to support different combinations of of advanced features and services ability to dynamically adjust the power authentication and encryption. Remote from premium switches to entry-level and channels on any AP automatically Authentication Dial-In User Service (RADIUS) switches, allowing IT organizations eliminates gaps in coverage when a and Dynamic Host Configuration Protocol to purchase only what they need today change in the environment occurs—such (DHCP) server options are supported. and add intelligent services as the as outside RF interference—all without business evolves. Further cost any physical intervention. This feature INTEGRATED CONTROL REDUCES savings is achieved with Brocade protects against under- or over-powering— VOICE COSTS wireless solutions using controller- scenarios that could reduce performance The Brocade Mobility RFS4000 provides less or controller-shared license and network availability. And adjustments granular control over multiple wireless deployment options. are completely transparent—there is no networking functions to deliver high- impact on voice calls and data sessions performance, persistent, and clear in progress—which protects the QoS and connections for virtual desktop integration, ensures an optimal user experience. toll-quality voice, and superior video Controller clustering protects against service. QoS mechanisms for 802.11 traffic wireless switch failure with up to two prioritization and precedence prioritize controllers combined in Active/Active network traffic to minimize latency and provide optimal quality of experience. Wi-Fi SIMPLE TO DEPLOY AND MANAGE— centralizes management of the entire family Multimedia Extensions (WMM-Power Save) NO ONSITE IT SUPPORT REQUIRED of Brocade Mobility wireless products, with Admission Control—including TSPEC, The Brocade Mobility RFS4000 combines including the Brocade Mobility RFS4000. SIP Call Admission Control, and 802.11k multiple features to eliminate the need radio resource management—enhance for onsite IT support for deployment and BROCADE GLOBAL SERVICES multimedia application support and improve day-to-day management. Plug-and-play Brocade Global Services has the expertise battery life and capacity. The Brocade WLAN setup features include built-in intelligence, to help organizations build scalable, solution provides dedicated bandwidth for which allows the network to identify and efficient cloud infrastructures. Leveraging voice calls, as well as better control over automatically address network issues, 15 years of expertise in storage, networking, active voice calls for a variety of Voice over along with zero-touch installation. Plug- and virtualization, Brocade Global Services IP (VoIP) handsets. And to improve device and-play mesh provisioning significantly delivers world-class professional services, performance and battery life up to 25 reduces deployment time and ongoing technical support, network monitoring percent, IT staff can configure separate management. The integration of all wired services, and education, enabling voice and video VLANs to reduce the and wireless networking infrastructure into organizations to maximize their Brocade amount of overall network traffic. a single device is easily managed back in investments, accelerate new technology the Network Operations Center (NOC) via deployments, and optimize the performance SECURE GUEST ACCESS (HOTSPOT) auto-discovery and auto-configuration. of networking infrastructures. Secure guest access provides access for guests, contractors, and other temporary WIRED/WIRELESS NETWORK CLOUD-OPTIMIZED NETWORK wired and wireless users. The built-in MANAGEMENT REDUCES COMPLEXITY ACQUISITION captive portal supports customizable login/ Managing enterprise campus networks Brocade helps organizations easily welcome pages, URL redirection for user continues to become more complex, thanks address their information technology login, usage-based charging, dynamic to the growth in services that rely on wired requirements by offering flexible network VLAN assignment of clients, Domain Name and wireless networks. Services such as acquisition and support alternatives to Server (DNS) white list, Generic Routing Internet, e-mail, video conferencing, meet their financial needs. Organizations Encapsulation (GRE) tunneling of traffic real-time collaboration, and distance can select from purchase, lease, and to a central site, Application Programming learning all have specific configuration Brocade Network Subscription options to Interface (API) support for interoperability and management requirements. At the align network acquisition with their unique with custom Web portals, and external same time, organizations face increasing capital requirements and risk profiles. authentication and billing systems. Guest demand to provide uninterrupted To learn more, visit www.Brocade.com/ traffic can be sufficiently restricted and services for high-quality voice and Unified CapitalSolutions. limited so that enterprise users are Communications (UC), wireless mobility, unaffected by guest usage. and multimedia applications. MAXIMIZING INVESTMENTS To reduce complexity and time spent To help optimize technology investments, REAL-TIME LOCATIONING SYSTEM managing these environments, the easy- Brocade and its partners offer complete The controller’s Real-Time Locationing to-use Brocade Network Advisor discovers, solutions that include professional services, System (RTLS) enables real-time enterprise manages, and deploys configurations to technical support, and education. For asset tracking through support for 802.11, groups of devices. By using the Brocade more information, contact a Brocade sales RFID, and third-party locationing solutions— Network Advisor Device Configuration partner or visit www.brocade.com. including industry leaders AeroScout, Ekahau, Manager tool, organizations can configure and Newbury Networks. RTLS supports a VLANs within the network, manage wireless standards-based EPC Global ALE interface for AP realms, group WLAN switches into processing and filtering data from all active domains for Layer 3 mobility support, or and passive tags, and an EPC Global LLRP execute CLI commands on specific devices or interface for passive RFID tag support. groups of devices. Brocade Network Advisor BROCADE MOBILITY RFS4000 SPECIFICATIONS

Deployment Network security Performance Provides central management of Brocade Mobility Role-based wired/wireless firewall (Layer 2-7) with and supported Access Points (APs) deployed locally or at remote stateful inspection for wired and wireless traffic; configurations locations; plug-and-play deployments over Layer 2 active firewall sessions—50,000 per controller; and Layer 3 networks protects against IP spoofing and ARP cache poisoning; per-user firewall requires Advanced Wireless networking Security License (included) Wireless LAN (WLAN) Supports 24 WLANs; multi-ESSID/BSSID traffic Access Control Lists Layer 2/3/4 ACLs segmentation; VLAN-to-ESSID mapping; auto- (ACLs) assignment of VLANs (on RADIUS authentication); power-save protocol polling; pre-emptive roaming; Wireless IDS/IPS Multimode rogue AP detection, rogue AP fast roaming with opportunistic channel scan; containment, 802.11n rogue detection, ad congestion control with bandwidth management, hoc network detection, Denial of Service (DoS) VLAN pooling, and dynamic VLAN adjustment; IGMP protection against wireless attacks, client snooping; Layer 3 mobility (inter-subnet roaming); blacklisting, excessive authentication/association; radio frequency Automatic Channel Select (ACS); excessive probes; excessive disassociation/ Transmit Power Control (TPC) management; country de-authentication; excessive decryption errors; code-based RF configuration; 802.11b, 802.11g, excessive authentication failures; excessive 802.11a, and 802.11n 802.11 replay; excessive crypto IV failures (TKIP/ CCMP replay); suspicious AP, authorized device in VLAN support 24 VLANs support per AP, 802.1Q VLAN trunking ad hoc mode, unauthorized AP using authorized and tagging, dynamic user-based VLANs using EAP SSID, EAP Flood, Fake AP Flood, ID theft, ad hoc authentication advertising authorized SSID Bandwidth Congestion control per WLAN; per user based on Geofencing Control or limit network or application access management user count or bandwidth utilization; bandwidth based on users and their location provisioning via AAA server Anomaly analysis Source Media Access Control (MAC) = Dest MAC; Access Points (APs) Supports adoption of 36 Brocade Mobility illegal frame sizes; source MAC is multicast; TKIP 802.11a/b/g/n/ac APs per controller; supports countermeasures; all zero addresses radio frequency ACS; TPC management; country code-based RF configuration Authentication Access Control Lists (ACLs); Pre-Shared Keys (PSK); 802.1x/EAP— (TLS), BSSID support Four BSSIDs per radio Tunneled Transport Layer Security (TTLS), Protected Powered clients CAM- and PSP-powered clients supported EAP (PEAP); Kerberos Integrated AAA/RADIUS Server with native support for EAP-TTLS, EAP-PEAP (includes IPv6 clients Supported a built-in user name/password database; supports Clients Up to 500 users per controller (recommended LDAP), and EAP-SIM; local authentication database maximum) Encryption WEP 40/128 (RC4); WPA-TKIP; WPA2-CCMP (AES); Power over Ethernet Integrated; up to a maximum of 90 watts for 802.11i WPA2-TKIP; Multi-Cipher support (PoE) simultaneous operation IPSec VPN gateway Supports DES, 3DES, AES-128, and AES-256 Traffic management and Quality of Service encryption, with site-to-site and client-to-site VPN capabilities; supports 256 concurrent IPSec 802.11e Supported tunnels per controller QoS Voice prioritization; WMM-power save with TSPEC Secure guest access Provides secure guest access for wired and wireless Admission Control; WMM U-APSD; Layer 1-4 packet (hotspot provisioning) clients; built-in captive portal; customizable login/ classification; 802.1p; DiffServ/TOS, SVP, SIP Call welcome pages; URL redirection for user login; Admission Control (CAC) usage-based charging; dynamic VLAN assignment IGMP snooping Optimizes network performance by preventing of clients; DNS white list; GRE tunneling of traffic to flooding of the broadcast domain a central site; API support for interoperability with custom Web portals (for example, Wandering Wi-Fi); 802.11k Provides radio resource management to improve Amigopod; support for external authentication and client throughput (11k client required) billing systems Rate limiting Broadcast/multicast transmit rate control, client Wireless RADIUS User-based VLANs (standard); MAC-based rate limiting, per-radio client limit support authentication (standard); user-based QoS; RF priority 802.11 traffic prioritization and precedence location-based authentication; allowed ESSIDs Classification and Layer 1-4 packet classification; 802.1p VLAN NAC support Integration with third-party systems from Microsoft, marking priority; DiffServ/TOS Symantec, and Bradford BROCADE MOBILITY RFS4000 SPECIFICATIONS (CONTINUED)

Network services System extensibility Layer 2 and Layer 3 802.1D-1999 Ethernet bridging; 802.11-802.3 WWAN connectivity/ Optional WWAN (card not included); WWAN feature bridging; Layer 3 RIP routing, 802.1Q VLAN failover license included trunking and tagging; BOOTP client, Dynamic DNS ExpressCard slot: Driver support for 3G wireless cards for WWAN (DynDNS), PPPoE, NAT, LLDP, IP filtering, content 3G WWAN backhaul backhaul: filtering (files or URL extensions, HTTP, SMTP, and FTP requests) NAT, ARP/Proxy ARP; IP packet • AT&T (NALA): Option GT Ultra Express steering redirection • Verizon (NALA): Verizon Wireless V740 or V770 Express Cards DHCP service/ Supported client/relay • Sprint (NALA) Novatel Merlin C777 Real-Time Locationing System (RTLS) • Vodaphone (EMEA): Novatel Merlin XU870 • Vodaphone (EMEA): Vodaphone E3730 3G RSSI-based triangulation for Wi-Fi assets Express Card Tags supported Ekahau, Aeroscout, Newbury, Gen 2 tags • Telstra (Australia): Telstra Turbo 7 series Express RFID support: Built-in support for the following Motorola RFID Card (Aircard 880E) Compliant with LLRP readers: fixed (XR440, XR450, XR480); mobile • General Use (NALA/APAC): Novatel Merlin XU870 protocol (RD5000) and handheld (MC9090-G RFID) Physical characteristics Management Form factor 1U rack mount (optional rack mount kit Features CLI (serial, telnet, SSH); secure Web-based GUI RFS-4010-MTKT1U-WR sold separately) (SSL) for the wireless controller; Secure Network Dimensions 1.75 in. H × 12.00 in. W × 10.00 in. D Management Protocol (SNMP) v1/v2/v3; SNMP (44.45 mm H × 304.80 mm W × 254.00 mm D) traps—40+ user-configurable options; Syslog; TFTP Client; Secure Network Time Protocol (SNTP); text- Weight 4.75 lb (2.15 kg) based controller configuration files; controller auto- Physical interfaces One uplink port: 10/100/1000 copper/Gigabit configuration and firmware updates with DHCP SFP interface (LEDs: Port Speed, Port Activity) options; multiple user roles (for controller access); Five auto-sensing 10/100/1000 Base-T Ethernet; MIBs (MIB-II, Etherstats, wireless controller-specific 8 0 2 . a f / a t ( L E D s : P o r t S p e e d , P o r t A c t i v i t y ) monitoring, and configuration); e-mail notifications One USB 2.0 slot for critical alarms; MU naming capability; system One ExpressCard slot messages/trace messages logging One RJ-45 console serial port Start-up wizard Web-based configuration wizard MTBF Greater than 65,000 hours Configuration Java-based Web user interface, human-readable Environmental specifications config file import/export, CLI (RS-232 or Telnet), Temperature Operating: 32°F to 104°F (0°C to 40°C) SSH, HTTP/S, MIB, programmable SNMP v1/v2c/ Non-operating: −40°F to 158°F (−40°C to 70°C) v3 trap support Humidity Operating: 5% to 85% (without condensation) Statistics LAN, wireless, and associated stations Non-operating: 5% to 85% (without condensation) (accessible via Web UI) Heat dissipation 409 BTU per hour Software/firmware FTP or TFTP, remote auto available, USB Maximum operating 3 km (10,000 ft) updates altitude System resiliency and redundancy Power specifications High availability Active:Standby; Active:Active and N+1 redundancy AC input voltage 100 to 240 VAC 50/60 Hz with AP and client load balancing for large Operating voltage 44 to 57 VDC deployments; critical resource monitoring; AP licenses are shared between redundant controllers Maximum AC input 2.5A @48 VDC or 2.2A @ 54 VDC current Virtual IP Single virtual IP (per VLAN) for a switch/controller Maximum power 120 W to use as the default gateway by mobile devices consumption or wired infrastructure; seamless failover of associated services (for example, DHCP server) Power over Ethernet Integrated; up to 29.7 watts per Ethernet port, (PoE) up to a maximum of 90 watts for simultaneous Smart RF Network optimization to ensure user quality of operation experience at all times by dynamic adjustments to channel and power (on detection of RF interference Integrated PoE 802.3af, 802.3at or loss of RF coverage/neighbor recovery); Regulatory information available for both thin APs and adaptive APs Safety specifications UL/cUL 60950-1, IEC/EN60950-1, CSA C22.2 Dual-firmware bank Dual-firmware bank supports image failover 60950-1-03, Compliance with RoHS Directive capability 2002/95/EC Mesh Standalone mesh; adaptive mesh; self-healing EMC specifications FCC (USA), Industry Canada, CE (Europe), VCCI mesh failover; Layer 2 wired to mesh failover (Japan), C-Tick (Australia/New Zealand) DATA SHEET www.brocade.com

Corporate Headquarters European Headquarters Asia Pacific Headquarters San Jose, CA USA Geneva, Switzerland Singapore T: +1-408-333-8000 T: +41-22-799-56-40 T: +65-6538-4700 [email protected] [email protected] [email protected]

© 2013 Brocade Communications Systems, Inc. All Rights Reserved. 06/13 GA-DS-1517-02 ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and HyperEdge, The Effortless Network, and The On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of their respective owners. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.