• 7x24 hours service hot line: +86 755 86725911
NAC-300I Series Wireless AC
Product Features
1. All-in-one Design--Integrated Firewall, Authentication Server, Certification Center, RF Management;

2. Support diversified authentication ways, such as SMS/QR Code/Portal/Web, etc.

3, Support users management, protocol optimization, flow control, applications recognition, internet access management/monitoring/controlling;

4. Support DIY advertising page push, advertising pages adjust to terminals' screen size automatically

 
Application Scenarios
Applied in enterprise, shopping mall, hotel, school, hospital, scenic spots, etc.
  • Product Details
  • Order Infomation
  • Data Downloads
10 gigabit wireless controllers series products
Hardware specifications
Item Description
Model NAC-310I NAC-320I NAC-330I NAC-360I
Port 6 Gigabit Ethernet ports;
4 Gigabit SFP optical ports;;
1 RJ 45 Console port;
2 USB 2.0 ports;
2 10Gigabit SFP+ optical ports;
8 Gigabit Ethernet ports;
1 RJ 45 Console port;
1 RJ45 MANAGE port;
2 USB 2.0 ports;
(1 extra expansion slot )
2 10Gigabit SFP+ optical ports;
1 RJ 45 Console port;
1 RJ45 MANAGE port;
2 USB 2.0 ports;
(3 extra expansion slots, customized for 5 extra expansion slots )
2 10Gigabit SFP+ optical ports;
1 RJ 45 Console port;
1 RJ45 MANAGE port;
2 USB 2.0 ports;
(3 extra expansion slots, customized for 5 extra expansion slots )
External dimensions length x width x height, unit: mm 430*500*89 440*600*89 440*600*89 440*600*89
Weight 15.3kg 16.25kg 18kg 18kg
Power consumption <212w <224w <310w <320w
Power supply  default--double redundant power supply, pluggable
Input voltage Rated voltage range: 100V~240V AC;50/60Hz
Maximum voltage range: 90V~264V AC; 47/63Hz
Operating /storage temperature:  -10℃~55℃/-40℃~70℃
Operating /storage humidity: 5%~95%(non-condensation)
Hard disk 500G HDD 500G HDD 500G HDD 500G HDD
Software specifications
Item Support features NAC-310I NAC-320I NAC-330I NAC-360I
Basic performances The default managing AP quantity 64 64 128 128
Maximum managing quantity of AP
 (centralized forwarding/local forwarding)
1280/3840 1560/4680 2560/7680 4096/12288
License step size 1
maximum quantity of online concurrent users ≥75000 ≥95000 ≥150000 ≥250000
maximum quantity of concurrent connections 700000 2000000 3200000 7500000
The quantity of new connections per second 20000 75000 80000 180000
Built-in local certification account number 65000 65000 65000 65000
VLAN quantity 4094 4094 4094 4094
ESSID quantity 32 32 32 32
Wireless foundation 802.11 protocol stack 802.11a/b/g/n/ac
Virtual AP supported
Chinese SSID supported
Hidden SSID supported
Code deployment of various countries supported
Isolation of wireless user A second segregation and isolation function based on SSID
On line detection AP and user online detection function
Forced disconnection of wireless user Supported
No flow automatic aging of user supported
802.11 ac 80 MHZ information channel binding supported
20 MHZ / 40 MHZ automatic switching of 40 MHZ model supported
Data forward Local forward supported
Centralized forward supported
Part of centralized forward and part of local forward Support local forwarding and centralized forwarding in the same AP under different SSID
Roaming the second and third layer of roaming within the same AC under different AP. Supported
the second and third layer of roaming within the same AC under different AP. Supported
Access authentication Authentication type Support WPA-PSK, WPA2-PSK, and WPA-PSK/WPA2-PSK mixed encryption, open + web authentication, WPA-PSK/WPA2-PSK+web authentication, WPA (enterprise), WPA2 (enterprise), WPA/WPA2 (enterprise)
802.1 x authentication Support 802.1 x one-key automatic configuration deployment and support 802.1 x non-awareness certification, which only needs to download one-key automatic configuration tool when accessing for the first time, to quickly complete the wireless network configuration, greatly reducing the network deployment work.
Portal authentication Support intelligent identification terminal type, provide matching page with suitable size for different terminals, support custom page logo, display information, etc., and support setting verification, certification interval and time threshold for off-line re-connection and re-certification.
QR code audit certification Once visitor terminal is accessed to the wireless network, the terminal will automatically pop up QR code page, and the reviewer scans the QR code of visitor terminal by mobile phone to surf the Internet. And record the visitor user by the reviewer+ note + visitor terminal MAC three dimension, which can be traced and guarantee the network security.
WeChat certification After accessing wi-fi, the user can scan the QR code of shopping mall or corporate public ID to log in. The one-key log in function can complete deployment without any code development. In addition, We Chat certification supports clicking on text messages Internet link, clicking on the menu bar to view ads online, and We Chat aouth authorized log in.
Text message certification Support certification effective permanently. That is, it needs certification by text message for the first access, and the subsequent access needs no certification. This saves cost of text message and improves the user’s online experience.
Temporary visitor authentication It is internally installed with a temporary user information management system, by which a temporary user can log in during the effective period; It is internally installed with secondary authority system for temporary account management, which can only be used for creation and management of temporary account; Support to print QR code of temporary visitors, and temporary visitors can scan QR code to get to the Internet; Support grouping of temporary visitors;
 no authentication Support to only show portal pages, just click the log in button to get to the Internet with no need to input ID and password and without certification;
CA certificate authentication It is internally installed with CA certificate issuing center, can realize safe authentication certificate with no need to set up certificate server (at the same time support external certificate server for import certification)
Local account authentication Support 802.1 x, Portal authentication
The external authentication database Support related external RADIUS, LDAP, Active Directory, achieve authentication of 802.1 x, Portal, etc.
The user name and MAC binding Support automatic binding of terminal access for the first time
Data encryption Support TKIP and AES (CCMP)
EAP Protocol categories Support EAP-TLS, EAP-PEAP, EAP - MD5, EAP - MSCHAPv2, etc.
MAC static black and white list supported
The dynamic blacklist supported
(ACL)Access Control Policy (ACL) Identification application and control It is internally installed with over 1,800 kinds of largest application recognition libraries in China, which can accurately identify the application type, and update once every two weeks, to ensure accuracy of application identification.
URL identification and control It is internally installed with more than 30 million URL addresses library, supporting URL control based on URL category.
Intelligent terminal identification Intelligent identification access terminal type and operation system can accurately identify the android, ios, windows phone, and laptop or desktop devices.
Multidimensional user access and role assignment Support user access and role assignment based on access location;
Support access and role assignment based on terminal types such as android, ios, windows, etc.;
Support access and role assignment based on terminal MAC address;
Support permission assignment based on user, and set different access permission for each specific user; Support permission assignment based on time bucket, and provide different access permission in different time bucket, which can flexibly control the access permission of the staff on and off duty; Support different access permissions based on user groups and temporary visitor groups; Support different access permissions based on visitors types such as authentication-free user, message visitors, WeChat visitors, WeChat + message authentication visitors;
Support access control based on the Class Tunnel Private Group ID returned at user’s Radius authentication; Support access control based on organizational unit, security group, and user name of LDAP;
Access control based on intranet applications Support access control for intranet applications
QoS Bandwidth management Support to ensure or limit flow on different lines, according to different applications, users and user groups;
Support to set channel bandwidth according to the percentage or numerical value and support to set the priority of each channel.
Intelligent channel management Support flow father and son channel technology, and support three-level father and son channel;
Support channel limit and ensure the channel technology, dynamically adjust the channel bandwidth;
Flexible and rational allocation of bandwidth resource Support flow channel division and priority setting based on application, user, and user group;
Up and down flow control based on single user, with flow control granularity of 1 KBPS;
Support flow control based on time, which distributes different flow strategy in different time, flexibly allocating bandwidth resources;
Support intelligent average distribution of the user bandwidth in flow channels;
Support flow control based on terminal access position, distributing different flow strategies at different access position;
Support flow control based on terminal types such as android, ios, windows, etc.;
Resource management based on wireless hollow; Fine management of resource pipe-lining based on the application wireless hollow, ensure rational distribution of wireless bandwidth resource and prior transmission of important application;
Support the average allocation of bandwidth among users and fair scheduling of terminal (time fairness algorithm);
Support intelligent dynamic bandwidth allocation based on the SSID, guarantee the priority of important SSID flow;
802.11e/WMM Support priority scheduling based on business application type (voice, video and data)
The end-to-end QoS service supported
Radio frequency management Channel automatic and manual adjustment Supported  
Power automatic adjustment  
Supported
 
Power manual adjustment Support adjustment with the granularity of 1 dBm, and the adjusting range is 1 dBm to the scope of power prescribed by the state;  
Radio frequency time opening or closing Support radio frequency time opening or closing based on period of time;  
 
 Load balanced between AP
Support load balancing based on users, flow rate and frequency band, realize 2.4 G and 5 G dual-band loads in the case of dual-band;  
Wireless coverage black hole detection and compensation Supported  
 
Security defense
WIDS/WIPS  
Supported
 
 
Illegal AP detection, inhibition
 
Supported
 
 
Anti phishing
 
Supported
 
Attack defense Support the defense against the DoS attack, spoofing attack, and flooding attack  
The loiter network preventing strategy Online time control Support online time control (to minutes)based on users, access position, and terminal type, can set time of taking effect (only calculating planned time specified, not calculating the online time out of the validity time, and the time of taking effect can be recycled or one-time).When the accumulative value reaches the threshold, it can refuse to use online service again in the control period or continue to use online service after blocking for a period of time  
Flow quota Support flow quota (to MB) based on users, access position, and type of terminal, and you can set the daily quota and monthly quota, and can also set the start date of a month. When the accumulative value exceeds the quota, it can refuse to use online service again in the control period or continue to use online service after blocking for a period of time.  
Wireless optimization Acceleration of application layer Support acceleration of application layer and choose acceleration service application, which can promote the transmission speed by 1.5 to 4 times  
Electronic schoolbag scene optimization To speed up multicast packets, and comprehensively improve scene effect of electronic schoolbag;  
 
Intelligent broadcasting speeding up
According to the practical environment, improve the transmitting speed of broadcast packets automatically, and speed up the transmission efficiency of broadcast packets;  
Prevent terminal dragging Prevent low-speed terminal to lower overall speed of network based on time fairness algorithm;  
Prevent terminal viscocity APPerceive the STA connected to AP, and intelligently guide STA to access to the best AP;  
Low rate of terminal access is prohibited; Set a threshold for velocity of access terminal, to prohibit weak signal terminal access below a certain speed and improve overall speed of network  
High density access scene optimization High-density optimization of dense area of wireless users (more than 40 terminals in the coverage of a single access point) can save a certain wireless air resources and improve overall performance of the AP;  
ARP turned to unicast Turn ARP broadcast message into unicast, which can reduce broadcast packets and improve transmission speed.  
 
DHCP request to the wireless terminal is prohibited.

After start using this option, the broadcast message required by DHCP will be only forwarded to wired network, and won't be forwarded to the other wireless network, which can improve the throughput of the overall wireless network and improve the performance of wireless network.
 
 
automatic VLAN segmentation
Support automatic VLAN division based on the users/user groups, AP access position/AP group, terminal type /MAC, RADIUS Class attribute value/Group ID, AD attribute value, and certificate attribute value, automatically distributing to the corresponding VLAN pool at terminal access;  
Authentication page push authentication Webpage WEB authentication page can self-define LOGO, background color, page word and disclaimer, and supports the switch between Chinese and English; before the WEB authentication (including several authentication methods such as Portal, we-chat, short message and two dimension code), full-screen advertisement illustration is supported to play; the countdown method is supported; after being forced to watch the advertisement display for certain time, the user is allowed to access to internet;  
 
Terminal self-adaptation
Intelligently identify terminal type, and push the authentication page matching the terminal with the right the size;  
 
Authentication page push
Push different certification pages according to different SSID, access position, terminal types, and time.  
 
Skip to push after certification
 
Support skipping pages or skipping to the original page before certification after setting different certifications based on access position, terminal type users/user groups, and type of certification. Support to transmit information of user name, terminal MAC, IP, and access AP/AP group, used for secondary development or website statistical analysis.
 
 
Marketing push
 
Data-push method
Support four kinds of data-push, namely WeChat, text messages, web page embedded, and full-screen web page, able to customize images, texts, hyperlinks, etc;  
 
Marketing of search behavior
Support marketing push based on the user behavior, the marketing push can match with the key word searched by the user in Baidu, search engine collection, Sougou, Taobao and Jingdong to push the specific advertisement, and support the web page floating window, we-chat and short message.  
Marketing based on the online time Support to push to online user messages, WeChat, and web advertising, and support to push only to the users with online time greater than a certain period of time and for a certain number of times;  
First access marketing Intelligently identify the first access user, support to automatically push the preset messages and WeChat information to the first access user.  
Terminal marketing Automatically calculate the occurrence number of customer terminal, and support to automatically push to the reappearing old customer the preset messages and WeChat information (can set to push to the users with offline time greater than a certain period of time and appearing for a certain number of times);  
Marketing based on the user's location Support to set different push information for different AP, realize push based on access position or location change;  
Marketing based on the period Support to push different advertising information in different time period, applicable to access rules such as online time, first access, terminal appearing, and access position.  
WeChat active marketing It is internally installed with WeChat marketing platform, which supports to actively push directional messages to WeChat user (not mass texting without being limited by the number of times);  
SMS active marketing It is internally installed with SMS marketing platform, which supports to actively push directional messages to text message users;  
Search analysis Rank the search keywords according to searching times on Baidu, search.com, sougou.com, taobao.com and jingdong.com, to analyze customers’ preference and propensity to consume.  
Marketing statistics  
Make statistic of search behavior, first access, terminal appearing, and online time and total time and trend of push;
 
 
Consumer flow analysis
 
Consumer flow analysis
Support to check statistics and trends of visiting customers(people), new visiting customers(people), new registered users (people), access users (people), visiting customer not for the first time, returning rate, and the average residence time (locally save a maximum of 90 days);
Support to collect the information of terminal MAC, terminal types, occurrence time, and residence time of non-access users;
Support to check statistic of residence time distribution;
Support contrast figure according to time of the above data trend;
Support to check the above information according to the AP group and divided area;
 
 
The original data export
Support export of original data on visitor flow analysis, including the scanned terminal type, terminal MAC, first appearing time, final appearing time, occurrence times and the terminal type, terminal MAC, first access time, last access time, access number of access terminal.  
 
Hot map
 
Real-time display of AP dynamic information
Real-time display of each AP position, AP real-time status, number of access users, real-time flow, online user list, which is convenient for administrator to know real-time online health information.  
 
Architectural figure import
Support manual import of building figure, floor area distribution, and free allocation of AP sign location  
 
Visitor density
Support to display the regional traffic density and export images through thermodynamic diagram, by which the regional population distribution can be viewed.  
 
Internet activity management audit
 
Websites, web page audit
Support to record all or specified category of URL page title or other information;
Can audit and record body content of the web page;
 
 
Network application audit
Support the audit users, within a specified time period, to use QQ, P2P and streaming media, investing in stocks, network game, etc.
Support total time length and flow consumed by the audit users, within a specified time period, to use P2P and streaming media, investing in stocks, network game, etc.
 
 
Mail audit
 
Support to audit the E-mail and its attachments sent or received by user by mail client or web mail.
 
 
Posting audit
Support the audit user's posting content on Web BBS and Weibo;  
 
FTP audit
Support to audit file name and content uploaded by FTP and file name downloaded by FTP;  
 
TELNET audit
Support to audit command executed by TELNET;  
 
Audit-free strategy
 
Support to exclude specific users, make no audit for the user's online behavior;
 
 
Data center
 
Data center
Support two reserved ways of internal data center and external data center;  
 
Log query
Support to search online behaviors such as visiting website/email sending and receiving/ posting on BBS and Weibo /outgoing documents;
Support self-defined search of online flow and online time of designated IP/groups of users/user/application within a specified time period.
Support self-defined search of visiting time of designated IP visiting a specific website within a specified time period;
 
 
Statistical statement
Support self-defined statistic of online behavior/online flow/online keywords/online time of specified IP/groups of users/users/application within a specified period of time and form a statement;  
 
Trend statement
Support self-defined statistic of online behavior/online flow/online keywords/online time of specified IP/groups of users/users/application within a specified period of time and form a statement;  
 
Wired management
 
Wired and wireless integration
Support authentication, access control, flow management, behavior audit, etc. for wired users, and provide a unified Web management interface in both Chinese and English.  
 
Access authentication
Support Web authentication, temporary visitor authentication, and access authentication without user authentication;
Support IP address-based authentication method;
 
 
AP wired port side access authentication
The same with wireless side access authentication, WEB WEB, WeChat authentication, and SMS authentication are supported.  
 
IP address and user name binding
IP address and user name binding are supported;
Support automatic binding of access for the first time
 
Acess Control Policy (ACL) The same with wireless side, access rights allocation based on user accounts, user groups, time and external server properties are supported;  
Traffic management The same with wireless side, traffic management based on application, user accounts, user groups and time are supported;  
Internet activity management audit The same with wireless side, audit on website, web page, email, posting, application time and traffic, FTP, TELNET, etc. are supported.  
Site investigation management Embedded site investigation figure management software Auto-completing AP point deployment according to import of deployment site scene graph is supported and reduce the project site investigation period and site investigation cost.  
Hotspot analysis AP-based access user quantity statistics The number of connected users and change trends of each AP in the recent one day, one week, and one month can be measured.  
AP-based network flow analysis The network flow and trendency changes of each AP in the recent one day, one week, and one month can be measured.  
 
AP-based signal quality analysis
Statistic analysis for the signal usage, noise, retransmit rate, BER, and BER change trends of each AP is supported.  
 
AP access methods
 
Cross-WAN and cross-NAT remote AP deployment
Supported  
 
AC discovery methods
L2 and L3 discovery, DHCP option 43 and DNS domain name discovery are supported  
webAgent Controller IP addresses can be dynamically discovered by using the webAgent technology. This avoids AP disconnection caused by unfixed controller IP addresses.  
 
Tunnel encryption
Supported  
 
Wireless relay bridge
 
Relay method
Point-to-point and point-to-multipoint supported  
 
Relay frequency band
 
Support GHz 2.4G/5.8G2.4/5.8
 
 
Disable wireless network on relay frequency band
 
Supported
 
 
Wireless back-haul service
 
Supported
 
 
The second floor
Link aggregation  
Up to eight of each group are supported and the maximum of eight groups are supported at the same time
 
 
 Line status monitoring
 
Supported
 
 
ARP proxy
 
Supported
 
 
L3 function
DHCP  
DHCP Client, DHCP server, DHCP relay and DHCP Snooping are supported.
 
NAT SNAT, DNAT, PAT, two-way NAT and port mapping are supported.  
 
Network access mode
 
static IP address, DHCP and PPPoE dial-up
 
 
DNS proxy
Supported  
Static route Supported  
 
Strategy route
Supported  
L3 physical port link detection  
Supported
 
High reliability AC redundant hot standby  
Supported
 
Dual configuration synchronization  
Supported
 
AP fast switching between AC  
Supported
 
DHCP server backup  
Supported
 
Authentication server backup  
Supported
 
Disaster backup The function of AC and authentication server disaster backup (escape) is supported; when the failure occurs, the normal access of new users and the normal access to the Internet of users can be  guaranteed.  
Network management and configuration Management modes WEB, CLI, Telnet, SSH, etc. and Chinese and English interface management are supported.  
SNMP SNMP v1/v2/v3,SNMP Traps  
Grading administrator Super administrator, administrator and read-only administrator are supported.  
 
Status display
Support AC System Status Display AP and AP MESSAGE DISPLAY as well as;Online user information display;  
 
Warning mechanism
Port state warning; Network attack real-time warning; Double switch warning, etc.  
 
Application traffic display
Real-time and a period of time traffic conditions based on the application can be viewed.  
 
Traffic history query
AC and AC historical traffic query are supported.  
User quantity trend Supported  
AP online and offline remind  
Supported
 
 
Record user online and offline information
 
Supported
 
 
Firmware upgrade
AC firmware remote automatic or manual upgrade is supported;支持APAC firmware automatic upgrade is supported.  
 
Backup configuration and backup recovery
 
Supported
 
System log management  
The function of view and export system log
 
 
Strategy troubleshooting function
Supported  
 
Restart the device and restarting service
Supported  
Configuration date and NTP service Supported  
 
Model             Specification                                               Remark              
Sundray 10 Gigabit series wireless controllers
NAC-310I Centralized forwarding mode maximum supports 1280 NAP; local forwarding mode maximum supports 3840 NAP, and manages 64 NAP by default Essential
NAC-320I Centralized forwarding mode maximum supports 1560 NAP; local forwarding mode maximum supports 4680 NAP, and manages 64 NAP by default Essential
NAC-330I Centralized forwarding mode maximum supports 2560 NAP; local forwarding mode maximum supports 7680 NAP, and manages 128 NAP by default  
Essential
NAC-360I Centralized forwarding mode maximum supports 4096 NAP; local forwarding mode maximum supports 12288 NAP, and manages 128 NAP by default Essential
OPTIONAL
NAC-License-1NAP NAC adds the authorization of managing a NAP Optional