Review of Huawei AirEngine 8760 RX1 and AirEngine 6760R-51 external access points

The events of the last two years, associated with the massive transition of employees to remote work, the accelerating introduction of IoT and AVL, the commercial use of telemetry analysis algorithms by artificial intelligence to prevent emergencies, have shown that wireless Wi-Fi networks play a critical role not only in business processes, but also in the formation of the digital interior of the urban environment. Today, not only commercial, but also state networks exchange large amounts of data - from sensors on the roads to information about employees and visitors, as well as monitoring public facilities.

And if during the years of the development of Wi-Fi of the 4th and 5th generation, outdoor wireless networks were considered mainly as a means of ensuring the comfort of an employee or visitor, today it is already an obligatory part of the infrastructure of large commercial and government facilities, which accounts not only for Internet traffic of users, but also control networks, multicast broadcasting to information panels, video surveillance systems on such mobile objects as elevators, maintenance equipment and attractions. All this imposes mutually exclusive requirements on the wireless infrastructure: on the one hand, it is necessary to increase bandwidth and reduce delays when connecting a large number of users, and on the other hand, it is fast and economical to cover objects where wireless networks have not been deployed before.

Huawei has in its lineup a full range of equipment for the implementation of high-performance public Wi-Fi for places with a high density of devices and harsh operating conditions. Previously, we considered the technological features of AirEngine access points for indoor installation (link to the article), and today we have top-end devices for outdoor installation: the AirEngine 8760R-X1 and AirEngine 6760R-51 models with an extended operating temperature range: -40 to 65 degrees Celsius, a dust- and moisture-proof housing conforming to the IP68 standard and triple radio communication with a selective mode of operation of an additional radio module.

AirEngine 8760R-X1

The Huawei AirEngine 8760R-X1 design implements the concept of three radio modules: one for the 2.4 GHz frequency range and two for 5 GHz. The operating mode of the additional radio module is set by the operator depending on the environmental conditions and can act as a range scanner or a transceiver for customer service. Depending on this, three operating modes of the device are available:

• 2.4 GHz (8х8:8) + 5 GHz (8х8:8) - extended range mode (up to 1024 clients)
• 2.4 GHz (4х4:4) + 5 GHz (12х12:8) - normal access point operation (up to 1024 clients)
• 2.4 GHz (4x4) + 5 GHz (4x4) + 5 GHz (4x4) - mode for an increased number of clients to 1152.

Up to 16 SSIDs can be assigned to each radio module, providing various services with individual networks with their own security parameters.

The maximum throughput of the AirEngine 8760R-X1 is 10.75 Gbit/s "by air", therefore, the design provides for connection to the distribution network via a 10-gigabit interface both through a copper PoE++ interface and through optics, for which there is an SFP+ slot on board, which is especially important when installing the device in large open areas, parks or historic buildings with long spans. In addition, the interface group has a 1GE PoE downlink for connecting one iOS device, which can be a video surveillance camera.

It should be noted that the Air Engine 8760 RX1 model has a very large power consumption: 21 watts in standby mode and up to 53 watts in peak (excluding the connected IoT device via the Downstream port). For PoE power supply, the device is supplied with a voltage of 56 V in accordance with the 802.3af (PoE++) standard. The power source can be a switch or a PoE injector of the maximum, 8th class of power, additional to the access point. In the photo below, you can estimate its size compared to a PoE injector for a conventional ceiling access point.

Returning to the connection interface, I would like to note that according to electrical calculations, sufficiently large currents pass through the PoE cable at peak capacities and significant losses occur - up to 20 watts per 100 meters of Category 6 cable. Therefore, when installing such powerful PoE access points, it is undesirable to use connections in cables, and a Category 7 cable with an AWG23 cross section or higher is used directly from port to port, connecting with RJ45 connectors with a steel housing. For compatibility with such connectors, the RJ45 port on the access point has a reinforced metal housing (in the photo below in the center).

Considering the design of the antenna group, I would like to draw attention to the fact that to form a radio beam in a vertical plane, a cascade of printed emitters is used on two common boards, behind which a metal reflector of a wavelike shape is installed. Between the reflector and the aluminum cover covering the electronics unit, metal radiators are located in a horizontal plane. The role of feeders is assigned to shielded coaxial cables with SMA connectors, which once again confirms that we have a product of the highest quality.

Such a rather complex high-frequency part creates a wave with a poorly developed reverse lobe in horizontal polarization and a pronounced main lobe in vertical polarization. The optimal installation location, judging by the diagram, will be the corners of the squares or 1/3 of the length of the rectangle in the center, on the mast. The gain is comparable to models with external antennas: 10 dB in the 2.4GHz band and 11 dBi in the 5 GHz band. The AirEngine 8760 RX1 also has a built-in Bluetooth 5.0 module with low power consumption, making location services possible.

I would like to add that the problem of mutual influence of radio signals between devices is solved at the software level in the form of Smart Radio technology. Its essence lies in the possibility of coordination between access points of operation in the 2.4 GHz band up to the complete shutdown of the radio module or switching it to the 5 GHz band (depending on the model, the algorithm is different). Also, using the Huawei nce-Campus mobile application, you can find and identify extraneous sources of radio interference interfering with Wi-Fi. These can be baby monitors operating in the 2.4 GHz band, and microwave ovens and wireless peripherals. After identifying the interference, you can set up switching the Wi-Fi channel according to a schedule to another channel or replace the interfering equipment.

As for the physical parameters, the Air Engine 8760 RX1 model is assembled in a large cylindrical body with a diameter of 165 mm, a length of 387 mm and a weight of 4 Kg. The case is closed from above with a semicircular hood, and from below with a cylindrical skirt, under which not only the connection connectors are hidden, but also the slot for the Kensington lock, which is important when installing the device in a public place. The LED display is placed on the side panel, and a hardware reset button is hidden above it behind a hermetically screwed screw.

AirEngine 6760R-51

The devices of the AirEngine 6760R-51 series are designed for the most common scenarios, for example, sports fields or parking lots of shopping malls, that is, with a lower load, but with the preservation of the flagship technology stack, which we have already discussed above.

The access point has a 4x4:4 antenna formula for each of the bands, achieving a maximum bandwidth of 5.95 Gbit/s (1.15 Gbit/s in the 2.4GHz band and 4.8 Gbit/s in the 5 GHz band). A third radio module is also implemented here, operating either in the mode of continuous scanning of the radio frequency range or for customer service.

To connect to the distribution network, a 5-gigabit RJ45 PoE++ twisted pair port, an SFP+ slot for 10-gigabit optics and a 1-gigabit downstream PoE channel are installed, into which an IP camera can be connected.

The antenna group here is implemented by two boards on which the radiators are located, behind which a reflector of complex shape is installed. I would like to draw attention to the fact that the vibrators are etched on both sides of the fiberglass board, and part of them faces the metal side to the reflector, which looks extremely unusual. The antenna for the built-in Bluetooth module has not changed, and shielded coaxial cables with SMA connectors are also used to connect to RF units. Huawei managed to keep the antenna gain characteristics at the same flagship level: 10 dBi for the 2.4GHz band and 11 dBi for 5 GHz, but the radiation pattern became slightly more convex in horizontal polarization, and almost lost the reverse lobes in both types of polarization.

For this reason, the Air Engine 6760 R51 model can be installed on the walls of a building without fear of the influence of the access point on the radio environment inside the structures.

The total power consumption, excluding the daughter PoE device, is up to 35 watts, and heat is removed from the access point motherboard to a massive radiator on the inside and the walls of the cast housing, the inner surface of which resembles that of the "death star" from Star Wars :).

Software

Today, the problem of security and security of commercial and government networks comes to the fore. Every new application, personal device or integration into the business processes of the Internet of Things (IoT) increases the area for a potential cyber attack. Now the security paradigm itself is changing: models with network perimeter protection are being replaced by networks with built-in Wi-Fi protection, and Huawei AirEngine access points have an impressive list of technologies in their arsenal that ensure network isolation.

Initially, Huawei AirEngine access points work in gateway mode, which is highly recommended by the manufacturer. Connected clients are behind NAT and for each wireless network, you can specify your own range of IP addresses with your own DHCP server, as well as your own packet filtering policies and your own routing tables! To limit iOS devices and guest connections, isolation is implemented at the second level. The interface has the ability to set Flood, Weak-IV and Spoof protection individually on each radio module, and monitoring network activity will help maximize the available bandwidth, giving priority to operational applications for personnel.

Ensuring fair access to the band is implemented through traffic classification mechanisms built into the TD using L7. The device itself can distinguish whether a VOIP client is using an application, whether it is viewing video streams, and depending on their significance, sets priority for more important tasks.

The above is true for Fat operation mode, in which each access point is configured via a Web interface and can itself act as a controller for other TD operating in Fit mode. For large-scale projects with thousands of TD, it makes sense to delegate management rights to the Campus Network Solution cloud controller, and for medium-sized projects up to 256 hotspots, Huawei has an interesting hardware controller.

Huawei AC6508 controller

The Huawei AC6508 access controller is designed to manage 256 access points in cases where it is important to implement a unified wireless network management system. Its use simplifies the operation of a wireless network as a self-healing organism, in which a failed TD can be replaced with minimal loss of coverage area or none at all.

Access control for clients, operating devices, and personnel is based on policies for setting access criteria and automatically connecting devices.

Huawei AC6508 has 10 Gigabit Uplink slots in SFP+ format and 1 Gigabit downlink ports in the amount of 10 pieces with channel aggregation function and a total bandwidth of 6 Gbit/s. The built-in application identification of L4 - L7 levels gives administrators the opportunity to identify costly P2P traffic and prioritize based on application control, and even before unwanted traffic passes from the radio channel to the wire.

To reduce the area of attack from the global network, the Huawei AC6508 controller connects access points behind NAT, assigning them private IP addresses. At the same time, the possibility of building peer-to-peer Mesh networks is not lost. Due to the controller, the technology of "real seamless roaming" is implemented, in which the client first connects to the new TD, and only then disconnects from the old one.

But unfortunately, proactive network protection methods capable of predicting up to 75% of probable network failures using machine learning algorithms have found their implementation in a separate CampusInsight software, and are not included in the controller.

Testing

In conditions of urban infrastructure with dense multi-storey buildings, access points were installed at a height of 50 meters, after which the distance at which Wi-Fi catches was measured on the smartphone. For comparison, Huawei AirEngine 8760 Pro access points with Smart Antenna technology and Zyxel WAC6553D-E with non-directional antennas have been added to the table.

The outdoor access points of the Air Engine 8760 are out of competition in terms of range, and there is nothing surprising in principle, given the design of the antenna unit.

Conclusions

The Huawei AirEngine series provides enterprise-grade features along with low cost of ownership (TCO) and operational efficiency. The global coverage of various application scenarios here is adjacent to the local focus for point tasks implemented both as an extension of existing networks and as separate projects.

Speaking of the fact that quite expensive flagship access points reduce the cost of the entire project, it is worth bearing in mind that local configuration of NAT, QoS, routing and access policies on TD allows you to save on L3 switches and security gateways in some scenarios, and in particular cases of deployment in Edge projects, simply connect the hotspot to the provider's network without using a separate firewall. In small projects, you can use FAT mode, which turns the main TD to control child access points, and scale your network without restrictions, in accordance with the tasks set by business and society.

Michael Degtjarev (aka LIKE OFF)
30/12.2021