Product Hierarchy
Product Hierarchy

BAT Controller Virtual - Virtual WLAN Controller and VPN Concentrator, runs on ESXi or HyperV

Hirschmann BAT Controller Virtual is a software-based solution to monitor and control BAT Access Points as well as serve as a VPN Concentrator for OWL and EAGLE Products. It is based on our stable and reliable HiLCOS operating system that also powers our WLAN devices from small AGV projects to large Metro CBTC communication. You can deploy it on VMWares ESXi platform or on Microsoft HyperV. The BAT Controller Virtual includes High Availability Clustering and rapid failover enhancements to serve even the most critical applications.

Product description

Name: BAT Controller Virtual
Availability: Available for Order
Radio protocol: IEEE 802.11d support (regulatory domain broadcast); 802.11u (HotSpot 2.0) to transition seamlessly from cellular to WLAN. Authentication methods using SIM card information, certificates or username and password, enable an automatic, encrypted login to WLAN hotspots of roaming partners - without the need to manually enter login credentials
Processor: VMWare ESXi 6 (or newer) or Microsoft Hyper-V; Intel Xeon with AES-NI and VT-x; Recommendation: License 100, 200: 1x x86 vCPU; License 1000: 2-3x vCPU with very high CPU Rate (MHz);
Hard disk space: Recommendation: 512MB SSD
RAM: Recommendation: 1GB for License 100; 2GB for License 200; 6GB for License 1000;

More Interfaces

Ethernet: 1-5 virtual Ethernet ports based on VMXnet3 (ESXi) or Synthetic NIC (HyperV); Each port can be freely configured (LAN, DMZ, WAN, monitor port)

Radio technology

Roaming: Seamless handover between radio cells; IAPP support with optional restriction to an ARF context; IEEE 802.11r allows Fast Roaming procedures between access points. This is possible when using IEEE 802.1X authentication or pre-shared keys;

Security features

Stateful inspection firewall: Stateful IPv4/IPv6 firewall functionality: Packet filtering, extended port forwarding, N:N IP address mapping


Other services: IPv4/IPv6: DHCP (Server and Client), DNS (Server, Relay, Proxy and Client), VPN, Radius; Internal Syslog; LLDP; ARP; Proxy ARP; BOOTP


Opportunistic Key Caching: OKC allows fast roaming processes between access points. WLAN installations utilizing a WLAN controller and IEEE 802.1X authentication cache the access keys of the clients and are transmitted by the WLAN controller to all mananged access points
Time Control: time-based activation and deactivation of WLAN networks
Radiius Server: Radius/EAP Server: User administration MAC-based, rate limiting, passphrases, VLAN user based, authentication of IEEE 802.1X clients via EAP-TLS, EAP-TTLS, EAP-MD5, EAP-GTC, PEAP, MSCHAP or MSCHAPv2
Scripting: Script distribution enables the complete configuration of non-WLAN specific functions such as Redirects, Protocol Filter, ARF etc. Internal storage of up to three script files (max. 64 kByte) for provisioning access points without a separate HTTP server.
Software features: Central Firmware deployment (requires external webserver) and management of the Access Points. The Controller checks every day, depending on the defined policy, for the latest Firmware and compares it with the versions in the devices. The Controller downloads the matching Firmware from the server and updates the corresponding Access Points.
Switching: VLAN IEEE 802.1q, Q-in-Q tagging, Multicast Snooping (IGMP and MLD), The WLAN controller can switch user data per AP Radio or per SSID in the following ways: Direct injection into the network at the Access Point (or into VLAN) or central tunneling to the Controller (Layer 3 tunneling between different IP Subnets)
Redundancy: Includes High Availability Clustering function to synchronize and load-share between multiple BAT Controllers., Access Points are able to operate (permanently or based on a configurable time out) in Stand-Alone mode; VMWare High Availability is not supported; HiLCOS High Availability Clustering is included (up to 3 BAT Controllers can be combined to increase capacity or redundancy, each Controller needs to have its own license)
Management: IPv4/IPv6: HTML5 webinterface (HTTP, HTTPs), Command Line, LANConfig
Configuration: Access Points automatically discover the WLAN controller by means of DNS name or IP addresses. Access Points can be authenticated manually or automatically. Signaling of new access points by LED, e-mail message, SYSLOG or SNMP traps. Manual authentication via LANmonitor or WEBconfig GUI tools. Semi-automatic authentication based on access-point lists in the Controller ('bulk mode'). Fully automatic authentication with default configuration assignment (can be activated/deactivated separately, e.g. during the rollout phase). Authenticated access points can be identified by means of digital certificates, Certificate generation by integrated CA (Certificate Authority), Certificate distribution by SCEP (Simple Certificate Enrollment Protocol). Access Points can be blocked by CRL (Certificate Revocation List). Management of APs over CAPWAP (Control and Provisioning Protocol for Wireless Access Points)
Routing: IPv4/IPv6, Traffic shaping, Bandwidth reservation, DiffServ/TOS, PPP, Advanced Routing and Forwarding - ARF (separate routing contexts), Layer-3 Tunneling in conformity with the CAPWAP standard allows the bridging of WLANs per SSID to a separate IP subnet. Layer-2 packets are encapsulated in Layer-3 tunnels and transported to a LANCOM WLAN controller. By doing this the access point is independent of the present infrastructure of the network. Possible applications are roaming without changing the IP address and compounding SSIDs without using VLANs, A fixed VLAN can be set for each SSID. The WLAN controller can independently provide up to 64 separate IP networks, and each of these can be individually mapped to VLANs and, consequently, to SSIDs (Advanced Routing and Forwarding, ARF). The Controller can provide, among others, individual DHCP, DNS, routing, firewall and VPN functions for these networks.
Dynamic routing: VRRP v2, BGP, OSPF
Management Software: IPv4/IPv6: HTML5 webinterface (HTTP, HTTPs), Command Line, LANConfig

WLAN Access Point

Access Point Functionality: Configures and monitors BAT Access Points in Managed Mode: BAT-F, BAT-R, BAT867-R, BAT867-F, BAT450-F; Public Spot including PMS accounting plus; 802.11u (Hotspot 2.0); 802.11d (Country information in beacon frames); Opportunistic Key Caching (OKC); 802.11r fast roaming; WPA2-Enterprise with 802.1X or WPA2-PSK;

Scope of delivery and accessories

Scope of delivery: License Key will be delivered. The License Key is used with the Hardware-ID to request a License File. This License File is used to activate the product.

Further Instructions

Product Documentation:
Item #
Update and Revision: Revision Number: 0.45 Revision Date: 04-08-2022
Anwender-Handbuch Installation BAT-Controller Virtual (Deutsch)
Description: The document “User Manual Installation” contains the following information for the BAT-Controller Virtual: Installation, Initial setup, Registration and activation, Reset.
Version: 01
User Manual Installation BAT-Controller Virtual (English)
Description: The document “User Manual Installation” contains the following information for the BAT-Controller Virtual: Installation, Initial setup, Registration and activation, Reset.
Version: 01
Reference Manual Command Line Interface (CLI) HiLCOS (English)
Description: The “Command Line Interface” reference manual contains detailed information on using the Command Line Interface to operate the individual functions of the device.
Version: 10.32
User Manual Configuration Guide HiLCOS (English)
Description: The “Configuration Guide” user manual contains detailed information on configuring, administrating, operating and maintaining the device.
Version: 10.32
No accessories are available for this product