bintec RS123

Add to my manuals
11 Pages

advertisement

bintec RS123 | Manualzz

Professional Gigabit-Ethernet-Router bintec RS123

5x Gigabit-Ethernet

SFP Port

5x IPSec tunnels (optional 30 channels), HW acceleration

Web based configuration

IPv6 Support (as of Release 10.1.4)

Flexible mounting: Desktop or 19” Rack

Stateful Inspection Firewall

bintec RS123

The bintec RS123 is a powerful Gigabit Ethernet router predominately used in SMEs and for providing connectivity to branch locations and home offices.

Product description

The RS123 is a powerful Gigabit Ethernet router predominately used in SMEs and for providing connectivity to branch locations and home offices.

The RS123 delivers advanced security, flexibility, and exceptional performance across a wide range of applications. This router boasts a fan-less metal housing, offers long-term reliability for business-critical applications, and makes an ideal access router for small and mid-sized enterprises (SMEs), branch locations, and home offices.

Thanks to the included 19-inch rackmount conversion bracket, customers can easily integrate this model into 19-inch server racks or operate it on the desktop. Rack mounting is further simplified by the device height of exactly one rack unit and the integrated power supply.

The bintec RS123 also provides five Gigabit Ethernet ports which can be independently configured for use in a LAN, WAN, or DMZ. The RS123 also comes with an SFP slot for optical fibre expansion modules, e.g. for connecting to an optical fibre broadband connection.

The included five licenses for hardware-accelerated IPSec tunnels provide comprehensive high-speed VPN functionality and allow for secure connections to branch locations and off-site employees. An LTE(4G) or UMTS(3G) USB modem

(stick) connected to the USB port can be used as a remote configuration access and as a backup interface.

With its wide range of WAN connectivity options, the RS123 raises the bar for flexibility among access routers.

Smart design

The fan-free metal housing is a proven, rugged design that has set bintec devices apart from the competition for years.

The integrated power supply and 19” conversion bracket now also make it easy to install in a 19” rack.

Maximum performance

The bintec RS123 is based on a powerful platform with unrivaled capabilities. High speed interfaces handle heavy local network traffic with ease. You can even establish links between separate company locations over secure, encrypted VPN tunnels.

Airtight security

The bintec RS123 not only delivers outstanding performance, it also provides a comprehensive range of security features.

With five simultaneous IPSec channels available, you can establish secure links between branch locations, subsidiaries, and home offices. Optional the quantity of VPN tunnels can be extended to 30 tunnels. The integrated IPSec implementation in bintec routers allows the use of pre-shared keys as well as digital certificates as recommended by

Germany`s Federal Office for Information Security. This lets you use a public key infrastructure and ensures maximum security. An object-oriented stateful inspection firewall offers packet filtering to provide additional protection against attacks.

Professional management

A graphical user interface is the primary means of configuring the router. This fast, web-based interface makes it easy to set up routers using the integrated configuration wizard. Administrators can also manage the devices locally or remotely using configurable telnet, SSH, ISDN login, or GSM dial-in. The bintec DIME Manager is a free software tool that allows administrators to manage up to 50 devices at once.

Ready for the future

bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland

Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25

E-Mail: [email protected] – www.bintec-elmeg.com

bintec RS123

October 7, 2017

Subject to technical alterations

20171007024045

Businesses can easily integrate the RS123 into existing company networks. This bintec router also allows for a gradual migration to the new IPv6 internet protocol.

The SFP slot for optical fibre expansion modules enables connection to the highspeed optical fibre broadband of the future.

Therfore, the professional-grade bintec RS123 router is a sound investment in your organization`s future.

WLAN Controller, HotSpot and adult content filtering

The router also includes all the functionality of the bintec WLAN Controller. The bintec WLAN controller lets you configure and monitor small- and mid-sized WLAN networks with up to 12 access points. No matter whether you need frequency management with automatic channel selection, loadbalancing across several access points, support for virtual LANs, or virtual wireless network administration (multi-SSID) - you have all these advanced features at your fingertips with the

WLAN Controller. The software continually monitors the entire wireless network, notifying administrators of any malfunctions or security threats.

The router`s integrated HotSpot Gateway together is an ideal complement to the WLAN Controller in combination with a bintec HotSpot license, allowing operators to set up a wireless guest network that requires authentication. This secure separation between the guest network and company network is configured through the WLAN Controller and implemented using virtual wireless networks. An additional highlight is the optional bintec elmeg webfilter which can be used to prevent children and youth from accessing inappropriate content.

Variants

bintec RS123-UK (5510000372)

bintec RS123 (5510000340)

IP Access Router; Desktop device with 19" Rackmounting; incl. 5 IPSec tunnel (opt.30), certificates, HW-encryption;

4+1 Gigabit Eth. switch; USB (Typ B); USB Port; SFP

Modul Slot; UK Version

IP Access Router; Desktop device with 19" Rackmounting; incl. 5 IPSec tunnel (opt.30)), certificates, HW-encryption;

4+1 Gigabit Eth. switch; USB (Typ B), USB Port; SFP

Modul Slot; dt. and intern. Version

Features

Quality of Service (QoS)

Layer2/3 tagging

TCP Download Rate Control

DiffServ

Policy based Traffic Shapping

Bandwidth reservation

Warranty

Software Update bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland

Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25

E-Mail: [email protected] – www.bintec-elmeg.com

Conversion of 802.1p layer 2 priorisation information to layer

3 diffserv attributes

For reservation of bandwidth for VoIP connections

Priority Queuing of packets on the basis of the

DiffServ/TOS field

Dynamic bandwidth management via IP traffic shaping

Dynamic reservation of bandwidth, allocation of guaranteed and maximum bandwidths

2 year manufacturer warranty inclusive advanced replacement

Free-of-charge software updates for system software

(BOSS) and management software (DIME Manager) bintec RS123

October 7, 2017

Subject to technical alterations

20171007024045

Redundancy / Loadbalancing

Load Balancing

BRRP

BoD

VPN backup

Content of Delivery

Power cable

Safety Instructions

Installation Poster

19" brackets and screws

Ethernet cable

Layer 2 Functionality

VLAN

Proxy ARP

Bridging

Logging / Monitoring / Reporting

Internal system logging

External system logging

E-Mail alert

SNMP traps

IPSec monitoring bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland

Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25

E-Mail: [email protected] – www.bintec-elmeg.com

Static and dynamic load balancing to several WAN connections on IP layer

Optional: Bintec Router Redundancy Protocol for backup of several passive or active devices with free selectable priority

Bandwidth on Demand: dynamic bandwidth to suit data traffic load

Simple VPN backup via different media. Additional enables the bintec elmeg interface based VPN concept the application of routing protocols for VPN connections.

Power Plug 100-240V / 1,5 A

Safety Instructions

Guide for the Installation

Two 19" brackets for the switch panel mounting

1 Ethernet cable, 2m

Support of up to 256 VLAN (Virtual LAN) for segmentation of the network in independent virtual segments (workgroups)

Enables the router to answer ARP requests for hosts, which are accessible via the router. That enables the remote clients to use an IP address from the local net.

Support of layer 2 bridging with the possibility of separation of network segment via the configuration of bridge groups

Syslog storage in RAM, display via web-based configuration user interface (http/https), filter for subsystem, level, message

Syslog, several syslog server with different syslog level configurable

Automatic E-Mail alert by definable events

SNMP traps (v1, v2, v3) configurable

Display of IPSec tunnel and IPSec statistic; output via webbased configuration user interface (http/https) bintec RS123

October 7, 2017

Subject to technical alterations

20171007024045

Interfaces monitoring

IP accounting

RADIUS accounting

Keep Alive Monitoring

Tracing

Administration / Management

RADIUS

RADIUS dialout

TACACS+

Time synchronization

Automatic Time Settings

Supported management systems

Configurable scheduler

Configuration Interface (FCI)

Software update

Remote maintenance

GSM remote maintenance

Device discovery function

On The Fly configuration

SNMP bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland

Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25

E-Mail: [email protected] – www.bintec-elmeg.com

Statistic information of all pysical and logical interfaces

(ETH0, ETH1, SSIDx, ...), output via web-based configuration user interface (http/https)

Detailed IP accounting, source, destination, port, interface and packet/bytes counter, transmission also via syslog protocol to syslog server

RADIUS accounting for PPP, PPTP, PPPoE and ISDN dialup connections

Control of hosts/connections via ICMP polling

Traces can be stored in PCAP format, so that import to different open source trace tools (e.g. wireshark) is possible.

Central check of access authorization at one or several

RADIUS server, RADIUS (PPP, IPSec inclusive X-Auth and login authentication)

On a RADIUS server configured PPP und IPSec connection can be loaded into the gateway (RADIUS dialout).

Support of TACACS+ server for login authentication and for shell comando authorization

The device system time can be obtained via ISDN and from a SNTP server (up to 3 time server configurable). The obtained time can also be transmitted per SNTP to SNTP clients.

Time zone profiles are configurable. That enables an automatic change from summer to winter time.

DIME Manager, XAdmin

Configuring of time and event controlled tasks, e.g. reboot device, activate/deactivate interface, activate/deactivate

WLAN, trigger SW update and configuration backup

Integrated web server for web-based configuration via HTTP or HTTPS (supporting self created certificates). This user interface is by most of bintec elmeg GmbH products identical.

Software updates are free of charge; update via local files,

HTTP, TFTP or via direct access to the bintec elmeg web server

Remote maintenance via telnet, SSL, SSH, HTTP, HTTPS and SNMP (V1,V2,V3)

Remote maintenance via GSM login (external USB UMTS

(3G) modem required)

Device discovery via SNMP multicast.

No reboot after reconfiguration required

SNMP (v1, v2, v3), USM model, VACM views, SNMP traps

(v1, v2, v3) configurable, SNMP IP access list configurable bintec RS123

October 7, 2017

Subject to technical alterations

20171007024045

SNMP configuration

Configuration export and import

SSH login

HP OpenView

XAdmin

Configuration via USB

Interfaces

SFP slot

Ethernet

USB 2.0 host

USB-Console

Hardware

Status LEDs

Realtime clock

Wall mounting

Desktop operation

Environment

Protection Class

Power supply

Power consumption (idling)

Housing

Dimension

Fan

Reset button

Function Button bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland

Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25

E-Mail: [email protected] – www.bintec-elmeg.com

Complete management with MIB-II, MIB 802.11, Enterprise

MIB

Load and save configurations, optional encrypted; optional automatic control via scheduler

Supports SSH V1.5 and SSH V2.0 for secure connections of terminal applications

Integration into Network Node Manager

Support of XAdmin roll out and configuration managemant tool for larger router installations (IP+ISDN+GSM)

Configuration interface is available

SFP slot for conventional optical 10/100/1000 Mbps

Ethernet SFP module

5 x 10/100/1000 Mbps Ethernet Twisted Pair, autosensing,

Auto MDI/MDI-X, up to 4 ports can be switches as additional WAN ports incl. load balancing, all Ethernet ports can be configured as LAN or WAN.

USB 2.0 full speed host port for connecting LTE(4G) or

UMTS(3G) USB sticks (supported sticks: see www.bintecelmeg.com)

Service-Interface USB 2.0 plug B (driver: see www.bintecelmeg.com)

Power, Status, 10 * Ethernet, USB, SFP

System time persists even at power failure for some hours.

Integrated in housing

Possible, rubber pad included the package

Temperature range: Operational 0°C to 40°C; storage -

25°C to 70°C; Max. rel. humidity 10 - 95% (non condensing)

IP20

Internal power supply 110-240V 1.5 A, with energy efficient switching controler; complies with EuP directive 2008/28/EC

Less than 5 Watt

Metal case, opening for Kensington lock, prepared for wall mounting

Ca. 265 mm x 40 mm x 170 mm (W x H x D)

Fanless design therefor high MTBF

Restart or reset to factory state possible

Supported from Release 9.1.10

bintec RS123

October 7, 2017

Subject to technical alterations

20171007024045

Standards and certifications

IPv6

IPv4/ IPv6 Dual Stack

DHCPv6

NDP

ULA

IPv6 Adressing

ICMPv6 (router & host)

Routing Protocols

Multicast

Firewall

IPSec

VPN

IPSec Algorithms

IPSec Deffie-Hellman Groups

Number of VPN tunnels

PPTP (PAC/PNS)

GRE v.0

L2TP

IPSec

IPSec hardware acceleration bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland

Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25

E-Mail: [email protected] – www.bintec-elmeg.com

R&TTE directive 1999/5/EG; EN 55022; EN 55024 + EN

55024/A1; EN61000-3-2; EN 61000-3-3; EN 61000-4-4; EN

60950-1; EN 300 328; EN 301 489-17; EN 301 489-1; EN

301 893

Parallel mode IPv4/ IPv6 supported

DHCP Server and Client

Neighbor Discovery Protocol: Router Discovery, Prefix

Discovery, Parameter Discovery, Address Resolution,

Static configuration of neighbors, IPv6 Router

AAdvertisment Option for DNS Configuration (trough ND)

Unique Local IPv6 Unicast Addresses

IPv6 Stateless address auto-configuration (SLAAC), Manual address configuration, General-prefix support for address configuraion (user and prefix delegation DHCPv6), Duplicate

Address Detection

Destination Unreachable, Packet too big, Time exceeded,

Echo Request

Static Routes

Multicast for IPv6

Firewall via IPv6

IPSec for IPv6

DES (64 Bit), 3DES (192 Bit), AES (128,192,256 Bit), CAST

(128 Bit), Blowfish (128-448 Bit), Twofish (256 Bit); MD-5,

SHA-1,SHA-2 (256,384,512), RipeMD160, Tiger192 Hashes

1 (768 Bit), 2 (1024 Bit), 5 (1536 Bit), 14 (2048 Bit), 15

(3072 Bit), 16 (4096 Bit)

Inclusive 5 active VPN tunnels with the protocols IPSec,

PPTP, L2TP and GRE v.0 (also in combination possible).

Optional router extension up to 30 simultaneous utilisable

VPN tunnel via license.

Point to Point Tunneling Protocol for establishing fo Virtual

Privat Networks, inclusive strong encryption methods with

128 Bit (MPPE) up to 168 Bit (DES/3DES, Blowfish)

Generic Routing Encapsulation V.0 according RFC 2784 for common encapsulation

Layer 2 tunnelling protocol inclusive PPP user authentication

Internet Protocol Security establishing of VPN connections

Integrated hardware acceleration for IPSec encryption algorithms DES, 3DES, AES bintec RS123

October 7, 2017

Subject to technical alterations

20171007024045

IPSec IKE

IPSec IKE Config Mode

IPSec IKE XAUTH (Client/Server)

IPSec IKE XAUTH (Client/Server)

IPSec NAT-T

IPSec IPComp

IPSec certificates (PKI)

IPSec SCEP

IPSec Certificate Revocation Lists (CRL)

IPSec Dead Peer Detection (DPD)

IPSec dynamic IP via ISDN

IPSec dynamic DNS

IPSec RADIUS

IPSec Multi User

IPSec QoS

IPSec NAT

Number of IPSec tunnels

Security bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland

Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25

E-Mail: [email protected] – www.bintec-elmeg.com

IPSec key exchange via preshared keys or certificates.

Support of IKEv1, IKEv2 Initiator Mode, IKEv2 Responder

Mode

IKE Config Mode server enables dynamic assignment of IP addresses from the address pool of the company. IKE

Config Mode client enables the router, to get assigned dynamically an IP address.

Internet Key Exchange protocol Extended Authenticaion client for login to XAUTH server and XAUTH server for loging of XAUTH clients

Inclusive the forwarding to a RADIUS-OTP (One Time

Password) server (supported OTP solutions see www.bintec-elmeg.com).

Support of NAT-Traversal (Nat-T) for the application at VPN lines with NAT

IPSec IPComp data compression for higher data throughput via LZS

Support of X.509 multi-level certificates compatible to

Micrososft and Open SSL CA server; upload of

PKCS#7/8/10/12 files via TFTP, HTTP, HTTP, LDAP, file upload and manual via FCI

Certificates management via SCEP (Simple Certificate

Enrollment Protocol)

Support of remote CRLs on a server via LDAP or local

CRLs

Continuous control of IPSec connection

Transmission of dynamic IP address in ISDN D or B channel; free-of-charge licence necessary

Enables the registering of dynamic IP addresses by a dynamic DNS provider for establishing a IPSec connection.

Authentication of IPSec connections at a RADIUS server.

Additionally the IPSec peers, which were configured on a

RADIUS server, can be loaded into the gateway (RADIUS dialout).

Enables the Dial-in of several IPSec clients via a single

IPSec peer configuration entry

The possibility to operate Quality of Service (traffic shaping) inside of an IPSec tunnel

By activating of NAT on an IPSec connection it is possible, to implement several remote locations with identical local IP addess networks in different IP nets for the VPN connection

Inclusive 5 active IPSec tunnels (expandable to 30 tunnels) bintec RS123

October 7, 2017

Subject to technical alterations

20171007024045

NAT/PAT

Policy based NAT/PAT

Policy based NAT/PAT

Stateful Inspection Firewall

Packet Filter

Routing

Multicast IGMP

Multicast inside IPSec tunnel

Multicast IGMP Proxy

RIP

Extended RIP

Policy based Routing

Protocols / Encapsulations

PPPoE (Server/Client)

DNS Forwarding

DYN DNS

DNS bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland

Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25

E-Mail: [email protected] – www.bintec-elmeg.com

Symmetric Network and Port Address Translation

(NAT/PAT) with randomly generated ports inclusive Multi

NAT (1:1 translation of whole networks)

Network and Port Address Translation via different criteria like IP protocols, source/destination IP Address, source/destination port

For incoming and outgoing connections and for each interface variable configurable

Packet filtering depending on the direction with controling and interpretation of each single connection status

Filtering of IP packets according to different criteria like IP protocols, source/destination IP address, source/destination port, TOS/DSCP, layer 2 priority for each interface variable configurable

Support of Internet Group Management Protocol (IGMP v1, v2, v3) for the simultaneous distribution of IP packets to several stations

Enables the transmission of multicast packets via an IPSec tunnel

For easy forwarding of multicast packets via dedicated interfaces

Support of RIPv1 and RIPv2, separated configurable for each interface

Triggerd RIP updates according RFC 2091 and 2453,

Poisened Rerverse for a better distribution of the routes; furthermore the possibility to define RIP filters for each interface.

Extended routing (Policy Based Routing) depending of diffent criteria like IP protocols (Layer4), source/destination

IP address, source/destination port, TOS/DSCP, source/destination interface and destination interface status

Point-to-Point Protocol over Ethernet (Client and Server) for establisching of PPP connections via Ethernet/DSL (RFC

2516)

Enables the forwarding of DNS requests of free configurable domains to assigned DNS server.

Enables the registering of dynamic assigned IP addresses at adynamic DNS provider, e.g. for establishing of VPN connections

DNS client, DNS server, DNS relay and DNS proxy bintec RS123

October 7, 2017

Subject to technical alterations

20171007024045

IPoA

DHCP

Packet size controling

PPPoA

MLPPPoE (Server/Client)

PPP/MLPPP

Pick-up Service / Warranty Extension bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland

Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25

E-Mail: [email protected] – www.bintec-elmeg.com

Enables the easy routing of IP via ATM

DHCP Client, Server, Proxy and Relay for siplified TCP/IP configuration

Adaption of PMTU or automatic packet size controling via fragmentation

Point to Point Protocol over ATM for establishing of PPP connections via ATM/DSL

Multilink extension MLPPPoE for bundeling several PPPoE connections (only if both sides support MLPPPoE)

Support of Point to Point Protocol (PPP) for establishing of standard PPP connections, inclusive the Multilink extension

MLPPP for the bundeling of several connections

Accesories

WLAN Controller

License WLAN Contr. 6AP (5500000943) WLAN Controller license for 6 Access Points (APs) or for the extension with 6 APs for the products: be.IP 4isdn,

RS123x, RS353xx. Rxxx2 and RXL12x00

Software Licenses

RSxx3/Rxx02/RTxx02/RXL-IPSEC25 (5500000781)

BRRP-RS123x/RS35x-Series (5500001630)

Webfilter Lic. small (1 year) (5500002096)

Webfilter Lic. medium (1 year) (5500002097)

Webfilter Lic. small (3 year) (5500002099)

Webfilter Lic. medium (3 year) (5500002100)

Additional 25 IPSec tunnel license for be.IP 4isdn, RSxx3,

Rxx02, RTxx02 and RXL12xxx series

Software License for bintec Router Redundancy Protocol

(BRRP) for RS123x and RS35x-series

1-year-license for bintec elmeg Webfilter for up to 50 clients.

be.IP-Serie, RSxxx-, Rxx02-, RTxx02-Serie, RXL12x00, W-

,WI-,WO-Serie

1-year-license for bintec elmeg Webfilter for up to 100 clients. be.IP-Serie, RSxxx-, Rxx02-, RTxx02-Serie,

RXL12x00, W-,WI-,WO-Serie

3-year-license for bintec elmeg Webfilter for up to 50 clients.

be.IP-Serie, RSxxx-, Rxx02-, RTxx02-Serie, RXL12x00, W-

,WI-,WO-Serie

3-year-license for bintec elmeg Webfilter for up to 100 clients. be.IP-Serie, RSxxx-, Rxx02-, RTxx02-Serie,

RXL12x00, W-,WI-,WO-Serie bintec RS123

October 7, 2017

Subject to technical alterations

20171007024045

Service Package 'small' (5500000810)

Product Services

HotSpot Secure option 1y/1loc (5510000424)

HotSpotHosting 1yr 1 location (5510000198)

HotSpotHosting 2yr 1 location (5500000861)

Additional HotSpot location (5510000199)

Add-ons

bintec SFP-LC-TX/LX/LH (5530000190)

bintec SFP-LC-SX (5530000189)

bintec 4GE-LE (5530000119)

Warranty extension of 3 years to a total of 5 years, including advanced replacement for bintec elmeg products of the category 'small'. Please find a detailed description as well as an overview of the categories on www.bintecelmeg.com/servicepackages.

bintec HotSpot Secure Licence 1 year and 1 location incl.

Assumptiton of liability and content filter

HotSpot solution hosting fee for 1 year and 1 location

HotSpot solution hosting fee for 2 year and 1 location

Additional location for the HotSpot solution (551000198,

5500000861) valid for one year

1000Base-LX SFP-Module for bintec RS123x a. bintec RXL series for connection to fiber optics. Supports 9 µm singlemode fiber (SMF). Wavelength 1310nm. Max.

distance 10km

1000Base-SX SFP-Module for bintec RS123x and bintec

RXL series for connection to fiber optics. Supports 62,5 µm and 50 µm multimode fiber (MMF). Wavelength 850nm.

Max. distance 275m resp. 550m

LTE (4G)/UMTS (3G) extension device for router; 1x Gbit

Eth; Simcard slot; Wallmounting; PoE Injector inclusive bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland

Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25

E-Mail: [email protected] – www.bintec-elmeg.com

bintec RS123

October 7, 2017

Subject to technical alterations

20171007024045

advertisement

Was this manual useful for you? Yes No
Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Related manuals

Download PDF

advertisement