• 7x24 hours service hot line: +86 755 86725911
NAC-200I Series Wireless AC
Product Features

1. All-in-one Design--Integrated Firewall, Authentication Server, Certification Center, RF Management;

2. Support diversified authentication ways, such as SMS/QR Code/Portal/Web, etc.

3, Support users management, protocol optimization, flow control, applications recognition, internet access management/monitoring/controlling;

4. Support DIY advertising page push, advertising pages adjust to terminals' screen size automatically

 
Application Scenarios
Applied in enterprise, shopping mall, hotel, school, hospital, scenic spots, etc.
  • Product Details
  • Order Infomation
  • Data Downloads
 
Specifications of gigabit wireless controller series products
Hardware specifications
Item Description
Model NAC-210I NAC-220I NAC-230I NAC-238I NAC-260I
 
Port number
 
3 x Gigabit Ethernet port
 
 
1
x RJ 45 Cosole port
 
 
2
x USB 2.0 ports
6 GE Ethernet ports
 
1 RJ 45 Console port
 
2 USB 2.0 ports
6 GE Ethernet ports
 
1 RJ 45 Console port
 
2 USB 2.0 ports
6 GE Ethernet ports
 
2
x10 GE SFP+ optical ports
 
1 RJ 45 Console port
 
2 USB 2.0 ports
6 GE Ethernet ports
 
4 GE SFP optical ports
 
1 RJ 45 Console port
 
2 USB 2.0 ports
External dimensions length x width x height, unit: mm 275*175*44.5 43/0*300*44.5 430*375*44.5 430*375*44.5 430*500*89
Weight 1.6kg 3.85kg 6.65kg 6.75kg 15.3kg
Power consumption <20w <25w <180w <190w <212w
 
Power
Single power input Dual power redundancy by default
Input voltage Rated voltage range: 100V~240V AC;50/60Hz
Maximum voltage range: 90V~264V AC; 47/63Hz
Operating storage temperature:  -10℃~55℃/-40℃~70℃
Operating storage humidity: 5% ~ 95% (non-condensation)
Hard disk 32G SSD 500G HDD 500G HDD 500G HDD 500G HDD
  Software specifications
 
Item
Support features NAC-210I NAC-220I NAC-230I NAC-238I NAC-260I
Basic performances The default management AP number 8 16 32 32 32
Maximum number of management AP
 (centralized forward/local forward)
72/600 144/900 288/1200 480/1300 560/1600
License step size 1
The maximum number of online concurrent users ≥4000 ≥8000 ≥15000 ≥18000 ≥35000
The maximum number of concurrent connections 50000 71000 200000 250000 550000
The number of new connections per second 1500 2200 7000 9000 15000
Built-in local certification account number 65000 65000 65000 65000 65000
 
VLAN quantity
4094 4094 4094 4094 4094
ESSID quantity 32 32 32 32 32
Wireless foundation 802.11 protocol stack  
Support 802.11a/b/g/n/ac
 
Virtual AP
 
Supported
Chinese SSID  
Supported
 
Hidden SSID
 
Supported
 
Code deployment of various countries
 
Supported
 
Isolation of wireless user
 
A second segregation and isolation function based on SSID
 
On line detection
 
AP and online detection function of user
 
Forced disconnection of wireless user
Supported
 
No flow automatic aging of user
Supported
 
802.11 ac 80 MHZ information channel binding
 
Supported
20 MHZ / 40 MHZ automatic switching of 40 MHZ model  
Supported
 
Data forward
 
Local forward
 
Supported
 
Centralized forward
 
Supported
 
Part of centralized forward and part of local forward
 
Support local forwarding and centralized forwarding in the same AP under different SSID
 
Roaming
 
the second and third layer of roaming within the same AC under different AP.
 
Supported
the second and third layer of roaming between different AC under different AP.  
Supported
 
Access authentication
 
Authentication type
Support WPA-PSK, WPA2-PSK, and WPA-PSK/WPA2-PSK mixed encryption, open + web authentication, WPA-PSK/WPA2-PSK+web authentication, WPA (enterprise), WPA2 (enterprise), WPA/WPA2 (enterprise)
 
802.1 x authentication
Support 802.1 x one-key automatic configuration deployment and support 802.1 x non-awareness certification, which only needs to download one-key automatic configuration tool when accessing for the first time, to quickly complete the wireless network configuration, greatly reducing the network deployment work.
 
Portal authentication
Support intelligent identification terminal type, provide matching page with suitable size for different terminals, support custom page logo, display information, etc., and support setting verification, certification interval and time threshold for off-line re-connection and re-certification.
 
QR code audit certification
Once visitor terminal is accessed to the wireless network, the terminal will automatically pop up QR code page, and the reviewer scans the QR code of visitor terminal by mobile phone to surf the Internet. And record the visitor user by the reviewer+ note + visitor terminal MAC three dimension, which can be traced and guarantee the network security.
 
WeChat certification
After accessing wi-fi, the user can scan the QR code of shopping mall or corporate public ID to log in. The one-key log in function can complete deployment without any code development. In addition, We Chat certification supports clicking on text messages Internet link, clicking on the menu bar to view ads online, and We Chat aouth authorized log in.
Text message certification Support certification effective permanently. That is, it needs certification by text message for the first access, and the subsequent access needs no certification. This saves cost of text message and improves the user’s online experience.
Temporary visitor authentication It is internally installed with a temporary user information management system, by which a temporary user can log in during the effective period; It is internally installed with secondary authority system for temporary account management, which can only be used for creation and management of temporary account; Support to print QR code of temporary visitors, and temporary visitors can scan QR code to get to the Internet; Support grouping of temporary visitors;
 
Free user authentication
Support to only show portal pages, just click the log in button to get to the Internet with no need to input ID and password and without certification;
CA certificate authentication It is internally installed with CA certificate issuing center, can realize safe authentication certificate with no need to set up certificate server (at the same time support external certificate server for import certification)
Local account authentication Support 802.1 x, Portal authentication
The external authentication database Support related external RADIUS, LDAP, Active Directory, achieve authentication of 802.1 x, Portal, etc.
The user name and MAC binding Support automatic binding of terminal access for the first time
Data encryption  
Support TKIP and AES (CCMP)
EAP Protocol categories Support EAP TLS, EAP PEAP, EAP - MD5, EAP - MSCHAPv2, etc.
MAC static black and white list Supported
The dynamic blacklist  
Supported
(ACL)Access Control Policy (ACL)  
Identification application and control
 
It is internally installed with over 1,800 kinds of largest application recognition libraries in China, which can accurately identify the application type, and update once every two weeks, to ensure accuracy of application identification.
URL identification and control 制It is internally installed with more than 30 million URL addresses library, supporting URL control based on URL category.
Intelligent terminal identification Intelligent identification access terminal type and operation system can accurately identify the android, ios, windows phone, and laptop or desktop devices.
Multidimensional user access and role assignment Support user access and role assignment based on access location;
Support access and role assignment based on terminal types such as android, ios, windows, etc.;
Support access and role assignment based on terminal MAC address;
Support permission assignment based on user, and set different access permission for each specific user; Support permission assignment based on time bucket, and provide different access permission in different time bucket, which can flexibly control the access permission of the staff on and off duty; Support different access permissions based on user groups and temporary visitor groups; Support different access permissions based on visitors types such as authentication-free user, message visitors, WeChat visitors, WeChat + message authentication visitors;
Support access control based on the Class Tunnel Private Group ID returned at user’s Radius authentication; Support access control based on organizational unit, security group, and user name of LDAP;
Access control based on intranet applications  
Support access control for intranet applications
QoS  
Bandwidth management
Support to ensure or limit flow on different lines, according to different applications, users and user groups;
Support to set channel bandwidth according to the percentage or numerical value and support to set the priority of each channel.
Intelligent channel management  
Support flow father and son channel technology, and support three-level father and son channel;
Support channel limit and ensure the channel technology, dynamically adjust the channel bandwidth;
Flexible and rational allocation of bandwidth resource  
Support flow channel division and priority setting based on application, user, and user group;
Up and down flow control based on single user, with flow control granularity of 1 KBPS;
Support flow control based on time, which distributes different flow strategy in different time, flexibly allocating bandwidth resources;
Support intelligent average distribution of the user bandwidth in flow channels;
Support flow control based on terminal access position, distributing different flow strategies at different access position;
Support flow control based on terminal types such as android, ios, windows, etc.;
 
Resource management based on wireless hollow;
Fine management of resource pipe-lining based on the application wireless hollow, ensure rational distribution of wireless bandwidth resource and prior transmission of important application;
Support the average allocation of bandwidth among users and fair scheduling of terminal (time fairness algorithm);
Support intelligent dynamic bandwidth allocation based on the SSID, guarantee the priority of important SSID flow;
802.11e/WMM Support priority scheduling based on business application type (voice, video and data)
The end-to-end QoS service Supported
Radio frequency management Channel automatic and manual adjustment Supported
Power automatic adjustment  
Supported
Power manual adjustment Support adjustment with the granularity of 1 dBm, and the adjusting range is 1 dBm to the scope of power prescribed by the state;
Radio frequency time opening or closing Support radio frequency time opening or closing based on period of time;
 
 Load balanced between AP
Support load balancing based on users, flow rate and frequency band, realize 2.4 G and 5 G dual-band loads in the case of dual-band;
Wireless coverage black hole detection and compensation Supported
 
Security defense
WIDS/WIPS  
Supported
 
Illegal AP detection, inhibition
 
Supported
 
Anti phishing
 
Supported
Attack defense Support the defense against the DoS attack, spoofing attack, and flooding attack
The loiter network preventing strategy Online time control Support online time control (to minutes)based on users, access position, and terminal type, can set time of taking effect (only calculating planned time specified, not calculating the online time out of the validity time, and the time of taking effect can be recycled or one-time).When the accumulative value reaches the threshold, it can refuse to use online service again in the control period or continue to use online service after blocking for a period of time
Flow quota Support flow quota (to MB) based on users, access position, and type of terminal, and you can set the daily quota and monthly quota, and can also set the start date of a month. When the accumulative value exceeds the quota, it can refuse to use online service again in the control period or continue to use online service after blocking for a period of time.
Wireless optimization Acceleration of application layer Support acceleration of application layer and choose acceleration service application, which can promote the transmission speed by 1.5 to 4 times
Electronic schoolbag scene optimization To speed up multicast packets, and comprehensively improve scene effect of electronic schoolbag;
 
Intelligent broadcasting speeding up
According to the practical environment, improve the transmitting speed of broadcast packets automatically, and speed up the transmission efficiency of broadcast packets;
Prevent terminal dragging Prevent low-speed terminal to lower overall speed of network based on time fairness algorithm;
Prevent terminal viscocity APPerceive the STA connected to AP, and intelligently guide STA to access to the best AP;
Low rate of terminal access is prohibited; Set a threshold for velocity of access terminal, to prohibit weak signal terminal access below a certain speed and improve overall speed of network
High density access scene optimization High-density optimization of dense area of wireless users (more than 40 terminals in the coverage of a single access point) can save a certain wireless air resources and improve overall performance of the AP;
ARP turned to unicast Turn ARP broadcast message into unicast, which can reduce broadcast packets and improve transmission speed.
 
DHCP request to the wireless terminal is prohibited.

After start using this option, the broadcast message required by DHCP will be only forwarded to wired network, and won't be forwarded to the other wireless network, which can improve the throughput of the overall wireless network and improve the performance of wireless network.
 
automatic VLAN segmentation
Support automatic VLAN division based on the users/user groups, AP access position/AP group, terminal type /MAC, RADIUS Class attribute value/Group ID, AD attribute value, and certificate attribute value, automatically distributing to the corresponding VLAN pool at terminal access;
Authentication page push authentication Webpage WEB authentication page can self-define LOGO, background color, page word and disclaimer, and supports the switch between Chinese and English; before the WEB authentication (including several authentication methods such as Portal, we-chat, short message and two dimension code), full-screen advertisement illustration is supported to play; the countdown method is supported; after being forced to watch the advertisement display for certain time, the user is allowed to access to internet;
 
Terminal self-adaptation
Intelligently identify terminal type, and push the authentication page matching the terminal with the right the size;
 
Authentication page push
Push different certification pages according to different SSID, access position, terminal types, and time.
 
Skip to push after certification
 
Support skipping pages or skipping to the original page before certification after setting different certifications based on access position, terminal type users/user groups, and type of certification. Support to transmit information of user name, terminal MAC, IP, and access AP/AP group, used for secondary development or website statistical analysis.
 
Marketing push
 
Data-push method
Support four kinds of data-push, namely WeChat, text messages, web page embedded, and full-screen web page, able to customize images, texts, hyperlinks, etc;
 
Marketing of search behavior
Support marketing push based on the user behavior, the marketing push can match with the key word searched by the user in Baidu, search engine collection, Sougou, Taobao and Jingdong to push the specific advertisement, and support the web page floating window, we-chat and short message.
Marketing based on the online time Support to push to online user messages, WeChat, and web advertising, and support to push only to the users with online time greater than a certain period of time and for a certain number of times;
First access marketing Intelligently identify the first access user, support to automatically push the preset messages and WeChat information to the first access user.
Terminal marketing Automatically calculate the occurrence number of customer terminal, and support to automatically push to the reappearing old customer the preset messages and WeChat information (can set to push to the users with offline time greater than a certain period of time and appearing for a certain number of times);
Marketing based on the user's location Support to set different push information for different AP, realize push based on access position or location change;
Marketing based on the period Support to push different advertising information in different time period, applicable to access rules such as online time, first access, terminal appearing, and access position.
WeChat active marketing It is internally installed with WeChat marketing platform, which supports to actively push directional messages to WeChat user (not mass texting without being limited by the number of times);
SMS active marketing It is internally installed with SMS marketing platform, which supports to actively push directional messages to text message users;
Search analysis Rank the search keywords according to searching times on Baidu, search.com, sougou.com, taobao.com and jingdong.com, to analyze customers’ preference and propensity to consume.
Marketing statistics  
Make statistic of search behavior, first access, terminal appearing, and online time and total time and trend of push;
 
Consumer flow analysis
 
Consumer flow analysis
Support to check statistics and trends of visiting customers(people), new visiting customers(people), new registered users (people), access users (people), visiting customer not for the first time, returning rate, and the average residence time (locally save a maximum of 90 days);
Support to collect the information of terminal MAC, terminal types, occurrence time, and residence time of non-access users;
Support to check statistic of residence time distribution;
Support contrast figure according to time of the above data trend;
Support to check the above information according to the AP group and divided area;
 
The original data export
Support export of original data on visitor flow analysis, including the scanned terminal type, terminal MAC, first appearing time, final appearing time, occurrence times and the terminal type, terminal MAC, first access time, last access time, access number of access terminal.
 
Hot map
 
Real-time display of AP dynamic information
Real-time display of each AP position, AP real-time status, number of access users, real-time flow, online user list, which is convenient for administrator to know real-time online health information.
 
Architectural figure import
Support manual import of building figure, floor area distribution, and free allocation of AP sign location
 
Visitor density
Support to display the regional traffic density and export images through thermodynamic diagram, by which the regional population distribution can be viewed.
 
Internet activity management audit
 
Websites, web page audit
Support to record all or specified category of URL page title or other information;
Can audit and record body content of the web page;
 
Network application audit
Support the audit users, within a specified time period, to use QQ, P2P and streaming media, investing in stocks, network game, etc.
Support total time length and flow consumed by the audit users, within a specified time period, to use P2P and streaming media, investing in stocks, network game, etc.
 
Mail audit
 
Support to audit the E-mail and its attachments sent or received by user by mail client or web mail.
 
Posting audit
Support the audit user's posting content on Web BBS and Weibo;
 
FTP audit
Support to audit file name and content uploaded by FTP and file name downloaded by FTP;
 
TELNET audit
Support to audit command executed by TELNET;
 
Audit-free strategy
 
Support to exclude specific users, make no audit for the user's online behavior;
 
Data center
 
Data center
Support two reserved ways of internal data center and external data center;
 
Log query
Support to search online behaviors such as visiting website/email sending and receiving/ posting on BBS and Weibo /outgoing documents;
Support self-defined search of online flow and online time of designated IP/groups of users/user/application within a specified time period.
Support self-defined search of visiting time of designated IP visiting a specific website within a specified time period;
 
Statistical statement
Support self-defined statistic of online behavior/online flow/online keywords/online time of specified IP/groups of users/users/application within a specified period of time and form a statement;
 
Trend statement
Support self-defined statistic of online behavior/online flow/online keywords/online time of specified IP/groups of users/users/application within a specified period of time and form a statement;
 
Wired management
 
Wired and wireless integration
Support authentication, access control, flow management, behavior audit, etc. for wired users, and provide a unified Web management interface in both Chinese and English.
 
Access authentication
Support Web authentication, temporary visitor authentication, and access authentication without user authentication;
Support IP address-based authentication method;
 
AP wired port side access authentication
The same with wireless side access authentication, WEB WEB, WeChat authentication, and SMS authentication are supported.
 
IP address and user name binding
IP address and user name binding are supported;
Support automatic binding of access for the first time
Acess Control Policy (ACL) The same with wireless side, access rights allocation based on user accounts, user groups, time and external server properties are supported;
Traffic management The same with wireless side, traffic management based on application, user accounts, user groups and time are supported;
Internet activity management audit The same with wireless side, audit on website, web page, email, posting, application time and traffic, FTP, TELNET, etc. are supported.
Site investigation management Embedded site investigation figure management software Auto-completing AP point deployment according to import of deployment site scene graph is supported and reduce the project site investigation period and site investigation cost.
Hotspot analysis AP-based access user quantity statistics The number of connected users and change trends of each AP in the recent one day, one week, and one month can be measured.
AP-based network flow analysis The network flow and trendency changes of each AP in the recent one day, one week, and one month can be measured.
 
AP-based signal quality analysis
Statistic analysis for the signal usage, noise, retransmit rate, BER, and BER change trends of each AP is supported.
 
AP access methods
 
Cross-WAN and cross-NAT remote AP deployment
Supported
 
AC discovery methods
L2 and L3 discovery, DHCP option 43 and DNS domain name discovery are supported
webAgent Controller IP addresses can be dynamically discovered by using the webAgent technology. This avoids AP disconnection caused by unfixed controller IP addresses.
 
Tunnel encryption
Supported
 
Wireless relay bridge
 
Relay method
Point-to-point and point-to-multipoint supported
 
Relay frequency band
 
Support GHz 2.4G/5.8G2.4/5.8
 
Disable wireless network on relay frequency band
 
Supported
 
Wireless back-haul service
 
Supported
 
The second floor
Link aggregation  
Up to eight of each group are supported and the maximum of eight groups are supported at the same time
 
 Line status monitoring
 
Supported
 
ARP proxy
 
Supported
 
L3 function
DHCP  
DHCP Client, DHCP server, DHCP relay and DHCP Snooping are supported.
NAT SNAT, DNAT, PAT, two-way NAT and port mapping are supported.
 
Network access mode
 
static IP address, DHCP and PPPoE dial-up
 
DNS proxy
Supported
Static route Supported
 
Strategy route
Supported
L3 physical port link detection  
Supported
High reliability AC redundant hot standby  
Supported
Dual configuration synchronization  
Supported
AP fast switching between AC  
Supported
DHCP server backup  
Supported
Authentication server backup  
Supported
Disaster backup The function of AC and authentication server disaster backup (escape) is supported; when the failure occurs, the normal access of new users and the normal access to the Internet of users can be  guaranteed.
Network management and configuration Management modes WEB, CLI, Telnet, SSH, etc. and Chinese and English interface management are supported.
SNMP SNMP v1/v2/v3,SNMP Traps
Grading administrator Super administrator, administrator and read-only administrator are supported.
 
Status display
Support AC System Status Display AP and AP MESSAGE DISPLAY as well as;Online user information display;
 
Warning mechanism
Port state warning; Network attack real-time warning; Double switch warning, etc.
 
Application traffic display
Real-time and a period of time traffic conditions based on the application can be viewed.
 
Traffic history query
AC and AC historical traffic query are supported.
User quantity trend Supported
AP online and offline remind  
Supported
 
Record user online and offline information
 
Supported
 
Firmware upgrade
AC firmware remote automatic or manual upgrade is supported;支持AP固件自动升级AC firmware automatic upgrade is supported.
 
Backup configuration and backup recovery
 
Supported
System log management  
The function of view and export system log
 
Strategy troubleshooting function
Supported
 
Restart the device and restarting service
Supported
Configuration date and NTP service Supported
 
Model              Specification                                              Remark               
 
Sundray Gigabit series wireless controller
NAC-210I Centralized forwarding mode maximum supports 72 NAP; local forwarding mode maximum supports 600 NAP and manages 8 NAP by default Essential
NAC-220I Centralized forwarding mode maximum supports 144 NAP; local forwarding mode maximum supports 900 NAP and manages 16 NAP by default  
Essential
NAC-230I Centralized forwarding mode maximum supports 288 NAP; local forwarding mode maximum supports 1200 NAP and manages 32 NAP by default  
Essential
NAC-238I Centralized forwarding mode maximum supports 480 NAP; local forwarding mode maximum supports 1300 NAP and manages 32 NAP by default  
Essential
NAC-260I Centralized forwarding mode maximum supports 560 NAP; local forwarding mode maximum supports 1600 NAP and manages 32 NAP by default  
Essential
 
OPTIONAL
NAC-License-1NAP  
NAC is added the authorization of managing a NAP
 
Essential