advertisement
Professional Gigabit-Ethernet-Router bintec RS123
5x Gigabit-Ethernet
SFP Port
5x IPSec tunnels (optional 30 channels), HW acceleration
Web based configuration
IPv6 Support (as of Release 10.1.4)
Flexible mounting: Desktop or 19” Rack
Stateful Inspection Firewall
bintec RS123
The bintec RS123 is a powerful Gigabit Ethernet router predominately used in SMEs and for providing connectivity to branch locations and home offices.
Product description
The RS123 is a powerful Gigabit Ethernet router predominately used in SMEs and for providing connectivity to branch locations and home offices.
The RS123 delivers advanced security, flexibility, and exceptional performance across a wide range of applications. This router boasts a fan-less metal housing, offers long-term reliability for business-critical applications, and makes an ideal access router for small and mid-sized enterprises (SMEs), branch locations, and home offices.
Thanks to the included 19-inch rackmount conversion bracket, customers can easily integrate this model into 19-inch server racks or operate it on the desktop. Rack mounting is further simplified by the device height of exactly one rack unit and the integrated power supply.
The bintec RS123 also provides five Gigabit Ethernet ports which can be independently configured for use in a LAN, WAN, or DMZ. The RS123 also comes with an SFP slot for optical fibre expansion modules, e.g. for connecting to an optical fibre broadband connection.
The included five licenses for hardware-accelerated IPSec tunnels provide comprehensive high-speed VPN functionality and allow for secure connections to branch locations and off-site employees. An LTE(4G) or UMTS(3G) USB modem
(stick) connected to the USB port can be used as a remote configuration access and as a backup interface.
With its wide range of WAN connectivity options, the RS123 raises the bar for flexibility among access routers.
Smart design
The fan-free metal housing is a proven, rugged design that has set bintec devices apart from the competition for years.
The integrated power supply and 19” conversion bracket now also make it easy to install in a 19” rack.
Maximum performance
The bintec RS123 is based on a powerful platform with unrivaled capabilities. High speed interfaces handle heavy local network traffic with ease. You can even establish links between separate company locations over secure, encrypted VPN tunnels.
Airtight security
The bintec RS123 not only delivers outstanding performance, it also provides a comprehensive range of security features.
With five simultaneous IPSec channels available, you can establish secure links between branch locations, subsidiaries, and home offices. Optional the quantity of VPN tunnels can be extended to 30 tunnels. The integrated IPSec implementation in bintec routers allows the use of pre-shared keys as well as digital certificates as recommended by
Germany`s Federal Office for Information Security. This lets you use a public key infrastructure and ensures maximum security. An object-oriented stateful inspection firewall offers packet filtering to provide additional protection against attacks.
Professional management
A graphical user interface is the primary means of configuring the router. This fast, web-based interface makes it easy to set up routers using the integrated configuration wizard. Administrators can also manage the devices locally or remotely using configurable telnet, SSH, ISDN login, or GSM dial-in. The bintec DIME Manager is a free software tool that allows administrators to manage up to 50 devices at once.
Ready for the future
bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland
Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25
E-Mail: [email protected] – www.bintec-elmeg.com
bintec RS123
October 7, 2017
Subject to technical alterations
20171007024045
Businesses can easily integrate the RS123 into existing company networks. This bintec router also allows for a gradual migration to the new IPv6 internet protocol.
The SFP slot for optical fibre expansion modules enables connection to the highspeed optical fibre broadband of the future.
Therfore, the professional-grade bintec RS123 router is a sound investment in your organization`s future.
WLAN Controller, HotSpot and adult content filtering
The router also includes all the functionality of the bintec WLAN Controller. The bintec WLAN controller lets you configure and monitor small- and mid-sized WLAN networks with up to 12 access points. No matter whether you need frequency management with automatic channel selection, loadbalancing across several access points, support for virtual LANs, or virtual wireless network administration (multi-SSID) - you have all these advanced features at your fingertips with the
WLAN Controller. The software continually monitors the entire wireless network, notifying administrators of any malfunctions or security threats.
The router`s integrated HotSpot Gateway together is an ideal complement to the WLAN Controller in combination with a bintec HotSpot license, allowing operators to set up a wireless guest network that requires authentication. This secure separation between the guest network and company network is configured through the WLAN Controller and implemented using virtual wireless networks. An additional highlight is the optional bintec elmeg webfilter which can be used to prevent children and youth from accessing inappropriate content.
Variants
bintec RS123-UK (5510000372)
bintec RS123 (5510000340)
IP Access Router; Desktop device with 19" Rackmounting; incl. 5 IPSec tunnel (opt.30), certificates, HW-encryption;
4+1 Gigabit Eth. switch; USB (Typ B); USB Port; SFP
Modul Slot; UK Version
IP Access Router; Desktop device with 19" Rackmounting; incl. 5 IPSec tunnel (opt.30)), certificates, HW-encryption;
4+1 Gigabit Eth. switch; USB (Typ B), USB Port; SFP
Modul Slot; dt. and intern. Version
Features
Quality of Service (QoS)
Layer2/3 tagging
TCP Download Rate Control
DiffServ
Policy based Traffic Shapping
Bandwidth reservation
Warranty
Software Update bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland
Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25
E-Mail: [email protected] – www.bintec-elmeg.com
Conversion of 802.1p layer 2 priorisation information to layer
3 diffserv attributes
For reservation of bandwidth for VoIP connections
Priority Queuing of packets on the basis of the
DiffServ/TOS field
Dynamic bandwidth management via IP traffic shaping
Dynamic reservation of bandwidth, allocation of guaranteed and maximum bandwidths
2 year manufacturer warranty inclusive advanced replacement
Free-of-charge software updates for system software
(BOSS) and management software (DIME Manager) bintec RS123
October 7, 2017
Subject to technical alterations
20171007024045
Redundancy / Loadbalancing
Load Balancing
BRRP
BoD
VPN backup
Content of Delivery
Power cable
Safety Instructions
Installation Poster
19" brackets and screws
Ethernet cable
Layer 2 Functionality
VLAN
Proxy ARP
Bridging
Logging / Monitoring / Reporting
Internal system logging
External system logging
E-Mail alert
SNMP traps
IPSec monitoring bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland
Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25
E-Mail: [email protected] – www.bintec-elmeg.com
Static and dynamic load balancing to several WAN connections on IP layer
Optional: Bintec Router Redundancy Protocol for backup of several passive or active devices with free selectable priority
Bandwidth on Demand: dynamic bandwidth to suit data traffic load
Simple VPN backup via different media. Additional enables the bintec elmeg interface based VPN concept the application of routing protocols for VPN connections.
Power Plug 100-240V / 1,5 A
Safety Instructions
Guide for the Installation
Two 19" brackets for the switch panel mounting
1 Ethernet cable, 2m
Support of up to 256 VLAN (Virtual LAN) for segmentation of the network in independent virtual segments (workgroups)
Enables the router to answer ARP requests for hosts, which are accessible via the router. That enables the remote clients to use an IP address from the local net.
Support of layer 2 bridging with the possibility of separation of network segment via the configuration of bridge groups
Syslog storage in RAM, display via web-based configuration user interface (http/https), filter for subsystem, level, message
Syslog, several syslog server with different syslog level configurable
Automatic E-Mail alert by definable events
SNMP traps (v1, v2, v3) configurable
Display of IPSec tunnel and IPSec statistic; output via webbased configuration user interface (http/https) bintec RS123
October 7, 2017
Subject to technical alterations
20171007024045
Interfaces monitoring
IP accounting
RADIUS accounting
Keep Alive Monitoring
Tracing
Administration / Management
RADIUS
RADIUS dialout
TACACS+
Time synchronization
Automatic Time Settings
Supported management systems
Configurable scheduler
Configuration Interface (FCI)
Software update
Remote maintenance
GSM remote maintenance
Device discovery function
On The Fly configuration
SNMP bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland
Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25
E-Mail: [email protected] – www.bintec-elmeg.com
Statistic information of all pysical and logical interfaces
(ETH0, ETH1, SSIDx, ...), output via web-based configuration user interface (http/https)
Detailed IP accounting, source, destination, port, interface and packet/bytes counter, transmission also via syslog protocol to syslog server
RADIUS accounting for PPP, PPTP, PPPoE and ISDN dialup connections
Control of hosts/connections via ICMP polling
Traces can be stored in PCAP format, so that import to different open source trace tools (e.g. wireshark) is possible.
Central check of access authorization at one or several
RADIUS server, RADIUS (PPP, IPSec inclusive X-Auth and login authentication)
On a RADIUS server configured PPP und IPSec connection can be loaded into the gateway (RADIUS dialout).
Support of TACACS+ server for login authentication and for shell comando authorization
The device system time can be obtained via ISDN and from a SNTP server (up to 3 time server configurable). The obtained time can also be transmitted per SNTP to SNTP clients.
Time zone profiles are configurable. That enables an automatic change from summer to winter time.
DIME Manager, XAdmin
Configuring of time and event controlled tasks, e.g. reboot device, activate/deactivate interface, activate/deactivate
WLAN, trigger SW update and configuration backup
Integrated web server for web-based configuration via HTTP or HTTPS (supporting self created certificates). This user interface is by most of bintec elmeg GmbH products identical.
Software updates are free of charge; update via local files,
HTTP, TFTP or via direct access to the bintec elmeg web server
Remote maintenance via telnet, SSL, SSH, HTTP, HTTPS and SNMP (V1,V2,V3)
Remote maintenance via GSM login (external USB UMTS
(3G) modem required)
Device discovery via SNMP multicast.
No reboot after reconfiguration required
SNMP (v1, v2, v3), USM model, VACM views, SNMP traps
(v1, v2, v3) configurable, SNMP IP access list configurable bintec RS123
October 7, 2017
Subject to technical alterations
20171007024045
SNMP configuration
Configuration export and import
SSH login
HP OpenView
XAdmin
Configuration via USB
Interfaces
SFP slot
Ethernet
USB 2.0 host
USB-Console
Hardware
Status LEDs
Realtime clock
Wall mounting
Desktop operation
Environment
Protection Class
Power supply
Power consumption (idling)
Housing
Dimension
Fan
Reset button
Function Button bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland
Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25
E-Mail: [email protected] – www.bintec-elmeg.com
Complete management with MIB-II, MIB 802.11, Enterprise
MIB
Load and save configurations, optional encrypted; optional automatic control via scheduler
Supports SSH V1.5 and SSH V2.0 for secure connections of terminal applications
Integration into Network Node Manager
Support of XAdmin roll out and configuration managemant tool for larger router installations (IP+ISDN+GSM)
Configuration interface is available
SFP slot for conventional optical 10/100/1000 Mbps
Ethernet SFP module
5 x 10/100/1000 Mbps Ethernet Twisted Pair, autosensing,
Auto MDI/MDI-X, up to 4 ports can be switches as additional WAN ports incl. load balancing, all Ethernet ports can be configured as LAN or WAN.
USB 2.0 full speed host port for connecting LTE(4G) or
UMTS(3G) USB sticks (supported sticks: see www.bintecelmeg.com)
Service-Interface USB 2.0 plug B (driver: see www.bintecelmeg.com)
Power, Status, 10 * Ethernet, USB, SFP
System time persists even at power failure for some hours.
Integrated in housing
Possible, rubber pad included the package
Temperature range: Operational 0°C to 40°C; storage -
25°C to 70°C; Max. rel. humidity 10 - 95% (non condensing)
IP20
Internal power supply 110-240V 1.5 A, with energy efficient switching controler; complies with EuP directive 2008/28/EC
Less than 5 Watt
Metal case, opening for Kensington lock, prepared for wall mounting
Ca. 265 mm x 40 mm x 170 mm (W x H x D)
Fanless design therefor high MTBF
Restart or reset to factory state possible
Supported from Release 9.1.10
bintec RS123
October 7, 2017
Subject to technical alterations
20171007024045
Standards and certifications
IPv6
IPv4/ IPv6 Dual Stack
DHCPv6
NDP
ULA
IPv6 Adressing
ICMPv6 (router & host)
Routing Protocols
Multicast
Firewall
IPSec
VPN
IPSec Algorithms
IPSec Deffie-Hellman Groups
Number of VPN tunnels
PPTP (PAC/PNS)
GRE v.0
L2TP
IPSec
IPSec hardware acceleration bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland
Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25
E-Mail: [email protected] – www.bintec-elmeg.com
R&TTE directive 1999/5/EG; EN 55022; EN 55024 + EN
55024/A1; EN61000-3-2; EN 61000-3-3; EN 61000-4-4; EN
60950-1; EN 300 328; EN 301 489-17; EN 301 489-1; EN
301 893
Parallel mode IPv4/ IPv6 supported
DHCP Server and Client
Neighbor Discovery Protocol: Router Discovery, Prefix
Discovery, Parameter Discovery, Address Resolution,
Static configuration of neighbors, IPv6 Router
AAdvertisment Option for DNS Configuration (trough ND)
Unique Local IPv6 Unicast Addresses
IPv6 Stateless address auto-configuration (SLAAC), Manual address configuration, General-prefix support for address configuraion (user and prefix delegation DHCPv6), Duplicate
Address Detection
Destination Unreachable, Packet too big, Time exceeded,
Echo Request
Static Routes
Multicast for IPv6
Firewall via IPv6
IPSec for IPv6
DES (64 Bit), 3DES (192 Bit), AES (128,192,256 Bit), CAST
(128 Bit), Blowfish (128-448 Bit), Twofish (256 Bit); MD-5,
SHA-1,SHA-2 (256,384,512), RipeMD160, Tiger192 Hashes
1 (768 Bit), 2 (1024 Bit), 5 (1536 Bit), 14 (2048 Bit), 15
(3072 Bit), 16 (4096 Bit)
Inclusive 5 active VPN tunnels with the protocols IPSec,
PPTP, L2TP and GRE v.0 (also in combination possible).
Optional router extension up to 30 simultaneous utilisable
VPN tunnel via license.
Point to Point Tunneling Protocol for establishing fo Virtual
Privat Networks, inclusive strong encryption methods with
128 Bit (MPPE) up to 168 Bit (DES/3DES, Blowfish)
Generic Routing Encapsulation V.0 according RFC 2784 for common encapsulation
Layer 2 tunnelling protocol inclusive PPP user authentication
Internet Protocol Security establishing of VPN connections
Integrated hardware acceleration for IPSec encryption algorithms DES, 3DES, AES bintec RS123
October 7, 2017
Subject to technical alterations
20171007024045
IPSec IKE
IPSec IKE Config Mode
IPSec IKE XAUTH (Client/Server)
IPSec IKE XAUTH (Client/Server)
IPSec NAT-T
IPSec IPComp
IPSec certificates (PKI)
IPSec SCEP
IPSec Certificate Revocation Lists (CRL)
IPSec Dead Peer Detection (DPD)
IPSec dynamic IP via ISDN
IPSec dynamic DNS
IPSec RADIUS
IPSec Multi User
IPSec QoS
IPSec NAT
Number of IPSec tunnels
Security bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland
Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25
E-Mail: [email protected] – www.bintec-elmeg.com
IPSec key exchange via preshared keys or certificates.
Support of IKEv1, IKEv2 Initiator Mode, IKEv2 Responder
Mode
IKE Config Mode server enables dynamic assignment of IP addresses from the address pool of the company. IKE
Config Mode client enables the router, to get assigned dynamically an IP address.
Internet Key Exchange protocol Extended Authenticaion client for login to XAUTH server and XAUTH server for loging of XAUTH clients
Inclusive the forwarding to a RADIUS-OTP (One Time
Password) server (supported OTP solutions see www.bintec-elmeg.com).
Support of NAT-Traversal (Nat-T) for the application at VPN lines with NAT
IPSec IPComp data compression for higher data throughput via LZS
Support of X.509 multi-level certificates compatible to
Micrososft and Open SSL CA server; upload of
PKCS#7/8/10/12 files via TFTP, HTTP, HTTP, LDAP, file upload and manual via FCI
Certificates management via SCEP (Simple Certificate
Enrollment Protocol)
Support of remote CRLs on a server via LDAP or local
CRLs
Continuous control of IPSec connection
Transmission of dynamic IP address in ISDN D or B channel; free-of-charge licence necessary
Enables the registering of dynamic IP addresses by a dynamic DNS provider for establishing a IPSec connection.
Authentication of IPSec connections at a RADIUS server.
Additionally the IPSec peers, which were configured on a
RADIUS server, can be loaded into the gateway (RADIUS dialout).
Enables the Dial-in of several IPSec clients via a single
IPSec peer configuration entry
The possibility to operate Quality of Service (traffic shaping) inside of an IPSec tunnel
By activating of NAT on an IPSec connection it is possible, to implement several remote locations with identical local IP addess networks in different IP nets for the VPN connection
Inclusive 5 active IPSec tunnels (expandable to 30 tunnels) bintec RS123
October 7, 2017
Subject to technical alterations
20171007024045
NAT/PAT
Policy based NAT/PAT
Policy based NAT/PAT
Stateful Inspection Firewall
Packet Filter
Routing
Multicast IGMP
Multicast inside IPSec tunnel
Multicast IGMP Proxy
RIP
Extended RIP
Policy based Routing
Protocols / Encapsulations
PPPoE (Server/Client)
DNS Forwarding
DYN DNS
DNS bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland
Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25
E-Mail: [email protected] – www.bintec-elmeg.com
Symmetric Network and Port Address Translation
(NAT/PAT) with randomly generated ports inclusive Multi
NAT (1:1 translation of whole networks)
Network and Port Address Translation via different criteria like IP protocols, source/destination IP Address, source/destination port
For incoming and outgoing connections and for each interface variable configurable
Packet filtering depending on the direction with controling and interpretation of each single connection status
Filtering of IP packets according to different criteria like IP protocols, source/destination IP address, source/destination port, TOS/DSCP, layer 2 priority for each interface variable configurable
Support of Internet Group Management Protocol (IGMP v1, v2, v3) for the simultaneous distribution of IP packets to several stations
Enables the transmission of multicast packets via an IPSec tunnel
For easy forwarding of multicast packets via dedicated interfaces
Support of RIPv1 and RIPv2, separated configurable for each interface
Triggerd RIP updates according RFC 2091 and 2453,
Poisened Rerverse for a better distribution of the routes; furthermore the possibility to define RIP filters for each interface.
Extended routing (Policy Based Routing) depending of diffent criteria like IP protocols (Layer4), source/destination
IP address, source/destination port, TOS/DSCP, source/destination interface and destination interface status
Point-to-Point Protocol over Ethernet (Client and Server) for establisching of PPP connections via Ethernet/DSL (RFC
2516)
Enables the forwarding of DNS requests of free configurable domains to assigned DNS server.
Enables the registering of dynamic assigned IP addresses at adynamic DNS provider, e.g. for establishing of VPN connections
DNS client, DNS server, DNS relay and DNS proxy bintec RS123
October 7, 2017
Subject to technical alterations
20171007024045
IPoA
DHCP
Packet size controling
PPPoA
MLPPPoE (Server/Client)
PPP/MLPPP
Pick-up Service / Warranty Extension bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland
Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25
E-Mail: [email protected] – www.bintec-elmeg.com
Enables the easy routing of IP via ATM
DHCP Client, Server, Proxy and Relay for siplified TCP/IP configuration
Adaption of PMTU or automatic packet size controling via fragmentation
Point to Point Protocol over ATM for establishing of PPP connections via ATM/DSL
Multilink extension MLPPPoE for bundeling several PPPoE connections (only if both sides support MLPPPoE)
Support of Point to Point Protocol (PPP) for establishing of standard PPP connections, inclusive the Multilink extension
MLPPP for the bundeling of several connections
Accesories
WLAN Controller
License WLAN Contr. 6AP (5500000943) WLAN Controller license for 6 Access Points (APs) or for the extension with 6 APs for the products: be.IP 4isdn,
RS123x, RS353xx. Rxxx2 and RXL12x00
Software Licenses
RSxx3/Rxx02/RTxx02/RXL-IPSEC25 (5500000781)
BRRP-RS123x/RS35x-Series (5500001630)
Webfilter Lic. small (1 year) (5500002096)
Webfilter Lic. medium (1 year) (5500002097)
Webfilter Lic. small (3 year) (5500002099)
Webfilter Lic. medium (3 year) (5500002100)
Additional 25 IPSec tunnel license for be.IP 4isdn, RSxx3,
Rxx02, RTxx02 and RXL12xxx series
Software License for bintec Router Redundancy Protocol
(BRRP) for RS123x and RS35x-series
1-year-license for bintec elmeg Webfilter for up to 50 clients.
be.IP-Serie, RSxxx-, Rxx02-, RTxx02-Serie, RXL12x00, W-
,WI-,WO-Serie
1-year-license for bintec elmeg Webfilter for up to 100 clients. be.IP-Serie, RSxxx-, Rxx02-, RTxx02-Serie,
RXL12x00, W-,WI-,WO-Serie
3-year-license for bintec elmeg Webfilter for up to 50 clients.
be.IP-Serie, RSxxx-, Rxx02-, RTxx02-Serie, RXL12x00, W-
,WI-,WO-Serie
3-year-license for bintec elmeg Webfilter for up to 100 clients. be.IP-Serie, RSxxx-, Rxx02-, RTxx02-Serie,
RXL12x00, W-,WI-,WO-Serie bintec RS123
October 7, 2017
Subject to technical alterations
20171007024045
Service Package 'small' (5500000810)
Product Services
HotSpot Secure option 1y/1loc (5510000424)
HotSpotHosting 1yr 1 location (5510000198)
HotSpotHosting 2yr 1 location (5500000861)
Additional HotSpot location (5510000199)
Add-ons
bintec SFP-LC-TX/LX/LH (5530000190)
bintec SFP-LC-SX (5530000189)
bintec 4GE-LE (5530000119)
Warranty extension of 3 years to a total of 5 years, including advanced replacement for bintec elmeg products of the category 'small'. Please find a detailed description as well as an overview of the categories on www.bintecelmeg.com/servicepackages.
bintec HotSpot Secure Licence 1 year and 1 location incl.
Assumptiton of liability and content filter
HotSpot solution hosting fee for 1 year and 1 location
HotSpot solution hosting fee for 2 year and 1 location
Additional location for the HotSpot solution (551000198,
5500000861) valid for one year
1000Base-LX SFP-Module for bintec RS123x a. bintec RXL series for connection to fiber optics. Supports 9 µm singlemode fiber (SMF). Wavelength 1310nm. Max.
distance 10km
1000Base-SX SFP-Module for bintec RS123x and bintec
RXL series for connection to fiber optics. Supports 62,5 µm and 50 µm multimode fiber (MMF). Wavelength 850nm.
Max. distance 275m resp. 550m
LTE (4G)/UMTS (3G) extension device for router; 1x Gbit
Eth; Simcard slot; Wallmounting; PoE Injector inclusive bintec elmeg GmbH – Südwestpark 94 – 90449 Nürnberg – Deutschland
Telefon: +49 911 9673 0 – Telefax: +49 911 688 07 25
E-Mail: [email protected] – www.bintec-elmeg.com
bintec RS123
October 7, 2017
Subject to technical alterations
20171007024045
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project