PRODUCT SPEC SHEET
NX 4500/6500 INTEGRATED SERVICES PLATFORM FOR THE BRANCH OFFICE

NX 4500/6500 INTEGRATED SERVICES PLATFORM FOR THE BRANCH OFFICE

BRANCH OFFICE NETWORKING — LESS HARDWARE, LESS COST, MORE SERVICES

SIMPLIFY AND REDUCE THE COST OF WIRED AND WIRELESS NETWORKING IN YOUR BRANCH OFFICES
To best serve your customers, your workers need mobile access to voice and data. Until today, delivering those services required multiple networking appliances in each branch office — each with its unique management interface. Now, with the NX 4500/6500 Integrated Services Platform, you can extend not only wired and wireless networking, but also telephony services, support for Bring Your Own Device (BYOD) initiatives, plus the most advanced mobile applications — all with a single appliance and one management interface. The result? Connecting your branch office workers is easier and costs less. Workers have more services to better serve your customers. Network management is easier than ever before. And your network can easily support next generation capabilities as they are introduced, improving the lifecycle and return on investment for your network infrastructure.

SERVICE CONVERGENCE — EVERYTHING YOU NEED IN A SINGLE APPLIANCE

The NX 4500/6500 is a single flexible appliance that delivers rich, secure and high-performance voice and data services to branch locations. The set of standard services includes a router, firewall, Virtual Private Network (VPN), AAA Radius server to authenticate users, as well as a DHCP/DNS server delivering wireless services with trusted always-on wired network reliability. Unified Retail Communications services enable cost effective telephony services on wired SIP desksets and wireless voice-enabled devices. You can also seamlessly integrate additional optional Zebra services into your existing mobility solution for extraordinary workforce collaboration, regardless of whether workers are inside or outside the facility. Services include enterprise push-to-talk (PTT) and texting between Zebra mobile computers, business Voice over WLAN smartphones, two-way radios and third-party smartphones — including the Apple® iPhone®. And these services can be delivered over Wi-Fi or cellular networks. The result? One appliance. More capabilities.

GAP-FREE SECURITY

The NX 4500/6500 provides the gap-free security needed to secure all your wireless transmissions and provide compliance for government and industry regulations — such as HIPAA in healthcare and PCI in retail. A tiered approach protects and secures data at every point in the network, wired or wireless. Our comprehensive integrated network security services include: a wired/wireless firewall, a built-in wireless intrusion protection system (IPS), an integrated IPSec VPN gateway, AAA Radius Server and secure guest access with a captive web portal. Additional security features include MAC-based authentication, 802.11w to secure management frames, NAC support, anomaly analysis and advanced security services, such as role-based firewall, geofencing and rogue termination. You get less infrastructure, less cost, and comprehensive inside-the-wall and perimeter security at every remote site.

SUPERIOR WLAN SCALABILITY, MANAGEABILITY AND PERFORMANCE WITH WING 5

The integrated WiNG 5 WLAN controller in the NX 4500/6500 delivers unmatched WLAN performance, scalability and flexibility, providing your users with a new level of wireless service quality, reliability and security. In this third-generation WLAN architecture, all access points and controllers are network aware, able to work together to collectively determine the most efficient route for wireless traffic, as well as enforce Quality of Service (QoS) and security policies.
The NX 4500/6500 provides the tools you need to simplify and minimize the costs associated with real-time management of the wireless LAN in the branch office. The WiNG 5 architecture offers a single management interface for all network hardware, software configurations and network policies, as well as built-in process monitors and troubleshooting tools for all the adopted access points.
In addition, your WLAN can easily scale as you grow to accommodate new users and applications. Each NX 4500 supports up to 72 802.11a/b/g/n WiNG 5 access points. And the NX 6500 supports up to 264 802.11a/b/g/n WiNG 5 access points — ideal for larger deployments. You can choose from Zebra's WiNG 5 independent and dependent single, dual or tri-radio access points — and all WiNG 5 access points have the intelligence to directly manage traffic, as well as enforce QoS and security policies at the edge.

QUICK DEPLOYMENT OF ADVANCED APPLICATIONS

Now, you no longer need to add new hardware to support every application — you can simply host your third-party applications on the NX 4500/6500. The integrated virtual machine (VM) framework provides the collaboration and visibility required between network infrastructure and application services to optimize application performance and the end user experience. Since this platform addresses latency and jitter, you can enable real-time applications, including voice and video. Onboarding, quarantine and proxy/relay mobile device management capabilities combine to enable a Bring Your Own Device (BYOD) program throughout your distributed enterprise. You can even host streaming video, either as a store-and-forward unit or a messaging server.

REMOTELY MANAGE ALL OF YOUR BRANCH SERVICES THROUGH A SINGLE CENTRAL LOCATION

With the Zebra NX 9500, you can manage all your NX 4500/6500 Integrated Service Platforms and the services they provide from a single graphical interface, either through your Network Operations Center (NOC) or a private cloud. The management system makes it easy to manage your entire distributed network — up to 10,000 network elements. As a result, overall network management is dramatically simplified, minimizing the required number of IT resources — and cost.

DRIVE BRANCH NETWORKING COSTS TO A NEW LOW — AND FUNCTIONALITY TO A NEW HIGH

With the NX 4500/6500, the average branch needs 75 percent fewer appliances, reducing the average capital expenditure for a branch network by 50 percent. Operational expenses are also slashed. There is less infrastructure to manage and a single simple management interface instead of many, reducing staff, space and power requirements. And with our layered approach, no forklift upgrade is required — you can add to your existing network, preserving and improving the return on investment for your existing technology.

END-TO-END SUPPORT

As a leader in enterprise mobility, Zebra brings experience gained from working all over the globe with some of the world’s leading companies. We leverage this expertise to offer solutions to our branch office customers that meet the peak performance needs of their business. Our comprehensive portfolio of services offers assistance at every phase of network lifecycle — from planning and implementation to post-deployment everyday support. Our services help you reduce risk, lower your capital investment and operational costs, improve service delivery and tailor your network to meet your specific needs.

Give your branch office employees more tools to maximize efficiency and customer service quality with the branch office network that costs less.

For more information, please visit www.zebra.com/unifiedaccessplatforms

COMPREHENSIVE BRANCH SERVICES


The powerful NX 4500/6500 allows you to deploy and control virtually any service your branch or small to mid-size business could require — from the applications your workers use every day to all the technologies required to build and secure your network.

SIMPLIFY NETWORK AND SERVICE MANAGEMENT IN THE DISTRIBUTED NETWORK


Whether you have an individual small or mid-size business or a multitude of branch offices spread throughout an area, a country or the world, the NX 4500/6500 Integrated Services Platform for the Branch Office makes it easy to provide workers in all locations with all the services needed to maximize efficiency and deliver stellar customer service. And flexible management options allow you to simply deploy an NX 9500 Integrated Services Platform for the Private Cloud or Network Operations Center (NOC) to manage all your NX 4500/6500 platforms or outsource management to a third-party provider.

TECHNICAL SPECIFICATIONS

POWER-OVER-ETHERNET
(NX-4524/NX-6524 Only) Supports 3af (15.4W) on all 24-Ports simultaneously; Supports up to 30W per Port, up to a maximum of 375W.
SYSTEM EXTENSIBILITY
NX Expansion Interface for modular WAN and Telephony Gateway options. Requires NX Expansion Cardcage (KT-NXMODC-01).
PHYSICAL CHARACTERISTICS
Form Factor 2U rack-mount
Dimensions 3.50 in. H x 17.32 in. W x 17.48 in. D/
88.90 mm H x 440 mm W x 444mm D
Weight NX-4500/NX-6500: 19 lbs
NX-4524/NX-6524: 23 lbs (estimated)
Physical Interfaces NX-4500/NX-6500
2x uplink port – 10/100/1000 Mbps
4x USB 2.0 host
1x NX expansion interface
1x serial port (RJ-45 style)

NX-4524/NX-6524
24x 10/100/1000 Mbps Ethernet ports with
802.3af/802.3at PoE
2x uplink port – 10/100/1000 Mbps
4x USB 2.0 host
1x NX expansion interface
1x Serial port (RJ-45 style)
MTBF 65,000 hours
WIRELESS NETWORKING
Wireless LAN:
  • Supports 32 WLANs; multi-ESS/BSSID traffic segmentation; VLAN to ESSID mapping; auto assignment of VLANs (on RADIUS authentication); power save protocol polling; pre-emptive roaming; VLAN Pooling and dynamic VLAN adjustment; IGMP Snooping
  • PACKET FORWARDING: 802.1D-1999 Ethernet bridging; 802.11-.802.3 bridging; 802.1Q VLAN tagging and trunking; proxy ARP; IP packet steering-redirection
Bandwidth management
  • Congestion control per WLAN; per user based on user count or bandwidth utilization; bandwidth provisioning via AAA server
  • Layer 2 or Layer 3 deployment of access points
  • Layer 3 Mobility (Inter-subnet roaming)
  • IPv6 client support
  • Thin access ports
  • Supports up to 36 802.11a/b/g/n access points for L2 or L3 deployment per controller
Network security
  • Role-based wired/wireless firewall (L2-L7) with stateful inspection for wired and wireless traffic;
  • Active firewall sessions — 400,000 protects against IP Spoofing and ARP Cache Poisoning
  • Access Control Lists (ACLs)
  • L2/L3/L4 ACLs
  • Wireless IDS/IPS
  • Multi-mode rogue AP detection, Rogue AP Containment, 802.11n Rogue Detection, Ad-Hoc Network Detection, Denial of Service protection against wireless attacks, client blacklisting, excessive authentication/association; excessive probes; excessive disassociation/de-authentication; excessive decryption errors; excessive authentication failures; excessive 802.11 replay; excessive crypto IV failures (TKIP/CCMP replay); Suspicious AP, Authorized device in ad-hoc mode, unauthorized AP using authorized SSID, EAP Flood, Fake AP Flood, ID theft, ad-hoc advertising and Authorized SSID
  • Geofencing
  • Add location of users as a parameter that defines access control to the network
  • WIPS sensor conversion
  • Supported on all dependent and independent/ dependent access points
  • Anomaly Analysis
  • Source Media Access Control (MAC) = Dest MAC; Illegal frame sizes; Source MAC is multicast; TKIP countermeasures; all zero addresses
  • Authentication
  • Access Control Lists (ACLS); pre-shared keys (PSK); 802.1x/ EAP—transport layer security (TLS), tunneled transport layer security (TTLS), protected EAP (PEAP); Kerberos Integrated AAA/ RADIUS Server with native support for EAP-TTLS, EAP-PEAP (includes a built in user name/password database; supports LDAP), and EAP-SIM
  • Transport encryption
  • WEP 40/128 (RC4), KeyGuard, WPA — TKIP, WPA2-CCMP (AES), WPA2-TKIP
  • 802.11w
  • Provides origin authentication, integrity, confidentiality and replay protection of management frames
  • Supports DES, 3DES and AES-128 and AES-256 encryption, with site-to-site and L2TP over IPSec client-to-site
WIRELESS NETWORKING (Continued)
Networking Services
  • Secure guest access (hotspot provisioning)
  • Provides secure guest access for wired and wireless clients with built-in captive portal, customizable login/ welcome pages, URL redirection for user login, usage-based charging, dynamic VLAN assignment of clients, DNS white list, GRE tunneling of traffic to central site, API support for interoperability with custom web portals, support for external authentication and billing systems
  • Wireless RADIUS support (standard and Zebra vendor specific attributes)
  • User-based VLANs (standard)
  • MAC-based Authentication (standard)
  • User-based QoS (Zebra VSA)
  • Location-based Authentication (Zebra VSA)
  • Allowed ESSIDs (Zebra VSA)
  • NAC support with third-party systems from Microsoft, Symantec and Bradford
  • Tags supported: Ekahau, Aeroscout, Gen 2 tags
Quality of Service
  • Wi-Fi Multimedia extensions
  • WMM-power save with TSPEC Admission Control; WMM U-APSD
  • IGMP snooping
  • Optimizes network performance by preventing flooding of the broadcast domain
  • SIP Call Admission Control
  • Controls the number of active SIP sessions initiated by a wireless VoIP phone
  • 802.11k
  • Provides radio resource management to improve client throughput (11k client required)
  • Classification and marking
  • Layer 1-4 packet classification; 802.1p VLAN priority; DiffServ/TOS
System resiliency and redundancy
  • Active:Standby; Active:Active and N+1 redundancy with access port and wireless clients load balancing; critical resource monitoring
  • SMART RF: Network optimization to ensure user quality of experience at all times by dynamic adjustments to channel and power (on detection of RF interference or loss of RF coverage/neighbor recovery). Available for both dependent and independent access points.
  • Dual firmware bank supports Image Failover capability
WIRED NETWORKING
  • 24 Gigabit Ethernet PoE ports for LAN connectivity and 2 Uplink Gigabit Ethernet ports for WAN connections.
  • High-performance line rate switching on the LAN ports
  • IEEE 802.1s Multiple Spanning Tree Protocol, Link Aggregation, 802.1Q VLANs, Broadcast, Multicast and Unicast Storm Control and IGMP Snooping
  • 256 Layer 3 Switch Virtual Interfaces supporting Inter-VLAN routing across them
  • IEEE 802.1x for port-based security
  • Dynamic Routing (OSPF), Policy-based Routing, Static Routing and PPPoE
  • T1/E1 WAN interfaces
  • Powerful packet capture utility for troubleshooting
POWER REQUIREMENTS
AC Input Voltage 90-264VAC, 50-60Hz
Max AC Input Current NX-4500/NX-6500:
4.2A (@ 110VAC), 2.1A (@ 220VAC)

NX-4524/NX-6524:
11.3A (@ 110VAC), 5.65A (@ 220VAC)
SUPPORTED ACCESS POINTS
AP 7161 / AP 7131 / AP 6532 / AP 6521 / AP 6511 / AP 650 / AP 622 / AP 621
USER ENVIRONMENT
Operating Temp. 32° to 104° F / 0° to 40° C
Storage Temp. -40° to 158° F / -40° to 70° C
Operating Humidity 5% to 85% (w/o condensation)
Storage Humidity 5% to 85% (w/o condensation)
Heat Dissipation 1200 BTU per hour
EXPANSION CARDS
Functions and their Description
1-T1/E1 T1/E1 WAN Networking Module
4-FXS Analog Telephony Module
2-FXO/2-FXS Hybrid PSTN and Analog Telephony Module

THE NX 45XX/65XX FAMILY OF INTEGRATED SERVICES PLATFORMS FOR THE BRANCH

  NX 4500 NX4524 NX6500 NX6524
CPU Dual-Core Dual-Core Quad-Core Quad-Core
Memory 4 GB 4 GB 16 GB 16 GB
Storage 500 GB 500 GB 500 GB 500 GB
Wireless Controller Yes Yes Yes Yes
IP Telephony Yes Yes Yes Yes
Ethernet Switching No Yes No Yes
Telephony Gateway Yes Yes Yes Yes
10/100/1000 Mbps LAN 2 2 2 2
10/100/1000 Mbps PoE - 24 - 24
USB 4 4 4 4
Expansion Slots 4 4 4 4
Console RJ-45 RJ-45 RJ-45 RJ-45
Access Point Capacity 72 72 264 264
Wireless Client Capacity 500 users 500 users 4,000 users 4,000 users
Telephony subscribers 200 200 200 200
Third-party Applications Limited Limited Yes Yes