Datasheet | Routers
AT-AR750S-DP
SecureVPN Router
maintained in congested networks. Advanced
QoS allows voice, video, and data traffic to have
QoS applied within individual IPSec tunnels,
over GRE, as well as IPv6 to IPv4 tunnels.
AT-AR750S-DP
Key Features
2 x WAN 10/100Base-T ports
5 x LAN 10/100Base-T ports
2 x PICs
Hardware
• 2 x 10/100Base-T WAN interfaces
• 2 x Port Interface Cards (PICs)
• 5 x 10/100Base-T switched LAN ports
• 1 x Asynchronous port / Modem Port
• DMZ port: configurable on any of theWAN/LAN ports
• Dual hot-swappableAC or DC redundant power supplies
• RoHS compliant
1 x Asynchronous console / Modem port
Dual hot-swappable AC or DC redundant
power supplies
Performance
The AT-AR750S-DP provides superior
performance over other secureVPN routers in
this market space.While most secure routers
have Stateful Firewalls with NAT, QoS, and IPsec
VPN termination capability, very few can
perform all three functions and still provide
excellent performance with the mixed packed
sizes seen in real networks. The AT-AR750S-DP
has been designed to meet real network needs.
Secure Modular Routing Solution
Designed with the needs of medium
enterprises andTelco customers in mind, the
AT-AR750S-DP offers significant advances in
processing performance, Quality of Service,
routing, remote connectivity and security.
Security
• IP Filtering
• Stateful Inspection Firewall
• 802.1x
• Authentication: RADIUS,TACACS, MD5, PAP, CHAP
VPN/Encryption
• NAT-T
• AES, DES, 3DES encryption
• 5,000 configured IPsecVPN tunnels (250 active tunnels)
• HW accelerated IPsecVPN >35Mbps@72byte
packets (with AES 256 bit encryption)
• Up to 195 Mbps IPsec throughput with large packets
ExtensiveVPN Cabability
The AT-AR750S-DP provides extensive IPSec-
basedVPN capability, allowing the interconnection
of offices, remote tele-workers, and other users
who require secure access to a corporate
network.The AT-AR750S-DP comes complete
with integrated hardware acceleration, which
maximises encryption throughput and removes
the need to purchase a hardware upgrade
package.The AT-AR750S-DP is compatible with
industry standard IPSecVPN clients.
Stateful Firewall inspection, NAT and QoS:
>50Mbps @ 64 byte packets
Stateful Firewall inspection, NAT, QoS, IPsec
VPN (with AES 256 bit encryption):
>35Mbps @ 72 byte packets
Manageability
• Web based GUI
• CLI management
• SNMPv3
The AT-AR750S-DP can achieve up to 195
Mbps IPsec throughput with bidirectional traffic.
This level of performance enables secure site-
to-siteVPNs over multiple WAN interfaces
while still firewalling the local network across
multiple LAN ports.
• IP QoS
Extensive routing support, including:
• RIPv1 and v2
• OSPFv1 and v2
• GRE, L2TP
• IPX
• VRRP
• BGP-4 – optional
• IPv6 – optional
• RIPng – optional
Security
In addition to hardware-based encryption, the
AT-AR750S-DP comes with other advanced
security features such as traffic filtering with
event logging.Traffic filtering uses the source
and destination address, port, protocol andTCP
packet type to provide control over traffic that
passes through the AT-AR750S-DP. A Stateful
Inspection firewall provides an increased level of
security and complements the packet filtering
function. HTTP and SMTP proxies on the AT-
AR750S-DP provide improved control over
web and mail communications.
Reliability
Dual hot-swappable AC or -48V DC redundant
power supplies packaged in the 1RU rack
mount chassis, provide the ultimate in space saving,
reliability and resiliency. The AR750-DP can operate
on just one PSU if required. These features,
combined with front-to-back cooling, make the
AT-AR750S-DP perfect for the high-density rack
environment where space is at a premium.
Multicast routing protocols, including:
• PIM-DM, PIM-SM
• DVMRP
• IGMPv2
• IGMP Snooping
• PIM6
• MLD
Comphrehensive Management and
Configuration
The AT-AR750S-DP comes with a comprehensive
suite of management features and is also
compatible with SNMP-based management
packages. AlliedTelesis’ SNMP support extends
Quality of Service
• IPv6 Multicast – optional
AlliedTelesis’ QoS implementation enables the
AT-AR750S-DP to dynamically identify high
priority voice, video and application traffic, so
that appropriate service levels can be
Support for traditional network protocols,
including:
• X.25
• Frame Relay
Allied Telesis
AT-AR750S-DP | SecureVPN Router
RFC 1662 PPP in HDLC-like Framing
RFC 2405 IPsec Encryption - DES
RFC 2406 ESP - IPsec encryption
RFC 2407 IPsec DOI
Standards and Protocols
Software Release 2.9.1
RFC 1701 GRE
RFC 1702 GRE over IPv4
RFC 1812 Router Requirements
RFC 1877 PPP Internet Protocol Control Protocol
Extensions for Name Server Addresses
RFC 1918 IP Addressing
BGP-4
RFC 1771 Border Gateway Protocol 4
RFC 1966 BGP Route Reflection
RFC 1997 BGP Communities Attribute
RFC 1998 Multi-home Routing
RFC 2385 Protection of BGP Sessions via the TCP MD5
Signature Option
RFC 2439 BGP Route Flap Damping
RFC 2858 Multiprotocol Extensions for BGP-4
RFC 2918 Route Refresh Capability for BGP-4
RFC 3065 Autonomous System Confederations for BGP
RFC 3392 Capabilities Advertisement with BGP-4
RFC 2408 ISAKMP
RFC 2409 IKE
RFC 2410 IPsec encryption - NULL
RFC 2411 IP Security Document Roadmap
RFC 2412 OAKLEY
RFC 1962 The PPP Compression Control Protocol (CCP)
RFC 1968 The PPP Encryption Control Protocol (ECP)
RFC 1974 PPP Stac LZS Compression Protocol
RFC 1978 PPP Predictor Compression Protocol
RFC 1989 PPP Link Quality Monitoring
RFC 1990 The PPP Multilink Protocol (MP)
RFC 1994 PPP Challenge Handshake Authentication
Protocol (CHAP)
RFC 3173 IPComp - IPsec compression
IPv6
RFC 1981 Path MTU Discovery for IPv6
RFC 2080 RIPng for IPv6
RFC 2365 Administratively Scoped IP Multicast
RFC 2375 IPv6 Multicast Address Assignments
RFC 2460 IPv6
RFC 2461 Neighbour Discovery for IPv6
RFC 2462 IPv6 Stateless Address Autoconfiguration
RFC 2463 ICMPv6
RFC 2131 DHCP
RFC 2125 The PPP Bandwidth Allocation Protocol (BAP)
/ The PPP Bandwidth Allocation Control Protocol
(BACP)
Encryption
RFC 1321 MD5
RFC 2104 HMAC
RFC 2390 Inverse Address Resolution Protocol
RFC 2516 A Method for Transmitting PPP Over Ethernet
(PPPoE)
RFC 2451 The ESP CBC-Mode Cipher Algorithms
FIPS 46-3 DES
RFC 2464 Transmission of IPv6 Packets over Ethernet
Networks
FIPS 46-3 3DES
RFC 2465 Allocation Guidelines for Ipv6 Multicast
Addresses Management Information Base for IP Version
6: Textual Conventions and General Group
RFC 2466 Management Information Base for IP Version
6: ICMPv6 Group
RFC 2661 L2TP
FIPS 180 SHA-1
RFC 2822 Internet Message Format
RFC 2878 PPP Bridging Control Protocol (BCP)
RFC 3046 DHCP Relay Agent Information Option
RFC 3232 Assigned Numbers
FIPS 186 RSA
FIPS 197 AES
RFC 2472 IPv6 over PPP
Ethernet
RFC 3993 Subscriber-ID Suboption for DHCP Relay Agent
Option
"IPX Router Specification", v1.2, Novell, Inc., Part
Number 107-000029-001
ISO 10589, ISO 10589 Technical Corrigendums 1, 2, 3,
ISO Intermediate System-to-Intermediate System
ISO 8473, relevant parts of ISO 8348(X.213), ISO 8343/
Add2, ISO 8648, ISO 8648, ISO TR 9577 Open System
Interconnection
ISO 9542 End System to Intermediate System Protocol
Encapsulation of IPsec Packets
RFC 2526 Reserved IPv6 Subnet Anycast Addresses
RFC 2529 Transmission of IPv6 over IPv4 Domains
without Explicit Tunnels
RFC 894 Ethernet II Encapsulation
IEEE 802.1D MAC Bridges
IEEE 802.1G Remote MAC Bridging
IEEE 802.1Q Virtual LANs
IEEE 802.2 Logical Link Control
IEEE 802.3ac VLAN TAG
RFC 2710 Multicast Listener Discovery (MLD) for IPv6
RFC 2711 IPv6 Router Alert Option
RFC 2851 Textual Conventions for Internet Network
Addresses
RFC 2893 Transition Mechanisms for IPv6 Hosts and
Routers
IEEE 802.3u 100BASE-T
IEEE 802.3x Full Duplex Operation
RFC 3056 Connection of IPv6 Domains via IPv4 Clouds
RFC 3307 Allocation Guidelines for IPv6 Multicast
Addresses
General Routing
RFC 768 UDP
BootP and DHCP parameters
RFC 791 IP
RFC 3315 DHCPv6
RFC 792 ICMP
RFC 3484 Default Address Selection for IPv6
RFC 3513 IPv6 Addressing Architecture
RFC 3587 IPv6 Global Unicast Address Format
RFC 3596 DNS Extensions to support IPv6
RFC 3810 Multicast Listener Discovery Version 2
(MLDv2) for IPv6
RFC 793 TCP
General Routing and Firewall
RFC 3022 Traditional NAT
draft-ietf-ipsec-nat-t-ike-08.txt Negotiation of NAT-
Traversal in the IKE
draft-ietf-ipsec-udp-encaps-08.txt UDP Encapsulation of
IPsec Packets
RFC 826 ARP
RFC 903 Reverse ARP
RFC 925 Multi-LAN ARP
RFC 950 Subnetting, ICMP
RFC 1027 Proxy ARP
RFC 1035 DNS
RFC 1055 SLIP
RFC 1122 Internet Host Requirements
RFC 1144 Van Jacobson's Compression
RFC 1256 ICMP Router Discovery Messages
RFC 1288 Finger
Management
IP Multicasting
RFC 1075 DVMRP
RFC 1112 Host Extensions
RFC 2236 IGMPv2
RFC 2362 PIM-SM
RFC 2715 Interoperability Rules for Multicast Routing
Protocols
RFC 3973 PIM-DM
draft-ietf-idmr-dvmrp-v3-9 DVMRP
RFC 1155 MIB
RFC 1157 SNMP
RFC 1212 Concise MIB definitions
RFC 1213 MIB-II
RFC 1493 Bridge MIB
RFC 1643 Ethernet MIB
RFC 1657 Definitions of Managed Objects for BGP-4
using SMIv2
RFC 2011 SNMPv2 MIB for IP using SMIv2
RFC 2012 SNMPv2 MIB for TCP using SMIv2
RFC 2096 IP Forwarding Table MIB
RFC 2576 Coexistence between V1,V2, and V3 of the
Internet-standard Network Management Framework
RFC 2578 Structure of Management Information Version
2 (SMIv2)
RFC 2579 Textual Conventions for SMIv2
RFC 2580 Conformance Statements for SMIv2
RFC 2665 Definitions of Managed Objects for the
RFC 1332 The PPP Internet Protocol Control Protocol (IPCP)
RFC 1334 PPP Authentication Protocols
RFC 1377 The PPP OSI Network Layer Control Protocol
(OSINLCP)
RFC 1518 CIDR
RFC 1519 CIDR
RFC 1542 BootP
IPsec
RFC 1552 The PPP Internetworking Packet Exchange
Control Protocol (IPXCP)
RFC 1570 PPP LCP Extensions
RFC 1582 RIP on Demand Circuits
RFC 1598 PPP in X.25
RFC 1828 IP Authentication using Keyed MD5
RFC 1829 IPsec algorithm
RFC 2395 IPsec Compression - LZS
RFC 2401 Security Architecture for IP
RFC 2402 AH - IP Authentication Header
RFC 2403 IPsec Authentication - MD5
RFC 2404 IPsec Authentication - SHA-1
RFC 1618 PPP over ISDN
RFC 1661 The Point-to-Point Protocol (PPP)
Allied Telesis
AT-AR750S-DP | SecureVPN Router
Ethernet-like Interface Types
RFC 2559 PKI X.509 LDAPv2
and test principles
RFC 2674 Definitions of Managed Objects for Bridges
with Traffic Classes, Multicast Filtering and Virtual LAN
Extensions (VLAN)
RFC 2585 PKI X.509 Operational Protocols
RFC 2587 PKI X.509 LDAPv2 Schema
RFC 2865 RADIUS
ETS 300 102-1:1990 Integrated Services Digital Network
(ISDN);User-network interface layer 3;Specifications for
basic call control
RFC 2790 Host MIB
RFC 2866 RADIUS Accounting
ETS 300 102-2:1990 Integrated Services Digital Network
(ISDN); User-network interface layer 3; Specifications for
basic call control; Specification Description Language
(SDL) diagrams
ETS 300 125:1991 Integrated Services Digital Network
(ISDN); User-network interface data link layer
specification; Application of CCITT Recommendations
Q.920/I.440 and Q.921/I.441
ETS 300 153:1992 Integrated Services Digital Network
(ISDN);Attachment requirements for terminal equipment
to connect to an ISDN using ISDN basic access
(Candidate NET 3 Part 1)
ETS 300 156:1992 Integrated Services Digital Network
(ISDN); Attachment requirements for terminal equipment
to connect to an ISDN using ISDN primary rate access
(Candidate NET 5)
ETS 300 011:1992 Integrated Services Digital Network
(ISDN); Primary rate user-network interface; Layer 1
specification and test principles
G.706 (1988) Frame Alignment and CRC Procedures
Relating to Basic Frame Structures Defined in G.704
G.794 (1988) Characteristics of 24-channel
transmultiplexing equipments
German Monopol (BAPT 221) Type Approval Specification
for Radio Equipment for Tagging and Identification
I.120 (1988) Integrated services digital networks (ISDNs)
I.121 (1988) Broadband aspects of ISDN
I.411 (1988) ISDN user-network interface reference
configurations
I.430 (1988) Basic user-network interface - Layer 1
specification
I.431 (1988) Primary rate user-network interface -
Physical layer specification
ITU-T G.703 Physical/electrical characteristics of
hierarchical digital interfaces
ITU-T G.704 Synchronous frame structures used at
1544, 6312, 2048, 8488 and 44736 kbit/s hierarchical
levels
ITU-T G.706 Frame Alignment and CRC Procedures
Relating to Basic Frame Structures Defined in G.704
ITU-T Q.922 ISDN data link layer specification for frame
mode bearer services
ITU-T G.703 (1972) Physical/electrical characteristics of
hierarchical digital interfaces
Japan NTT I.430-a Leased Line Basic Rate User-Network
Interface Layer 1-Specification
New Zealand Telecom TNA 134 Telecom ISDN User-
Network Interface: Layer 3: PART B Basic Call Control
Procedures
RFC 2819 RMON (groups 1,2,3 and 9)
RFC 2856 Textual Conventions for Additional High
Capacity Data Types
RFC 3280 X.509 Certificate and CRL profile
draft-grant-tacacs-02.txt TACACS+
Draft-IETF-PKIX-CMP-Transport-Protocols-01 Transport
Protocols for CMP
RFC 2863 The Interfaces Group MIB
RFC 3164 Syslog Protocol
RFC 3289 Management Information Base for the
Differentiated Services Architecture
CDP
RFC 3410 Introduction and Applicability Statements for
Internet-Standard Management Framework
RFC 3411 An Architecture for Describing SNMP
Management Frameworks
RFC 3412 Message Processing and Dispatching for the SNMP
RFC 3413 SNMP Applications
RFC 3414 User-based Security Model (USM) for SNMPv3
RFC 3415 View-based Access Control Model (VACM) for
the SNMP
RFC 3416 Version 2 of the Protocol Operations for SNMP
RFC 3417 Transport Mappings for the SNMP
RFC 3418 MIB for SNMP
RFC 3636 Definitions of Managed Objects for IEEE
802.3 MAUs
RFC 3768 VRRP
draft-ylonen-ssh-protocol-00.txt SSH Remote Login
Protocol
IEEE 802.1x Port Based Network Access Control
PKCS #10 Certificate Request Syntax Standard
Diffie-Hellman
Services
RFC 854 Telnet Protocol Specification
RFC 855 Telnet Option Specifications
RFC 856 Telnet Binary Transmission
RFC 857 Telnet Echo Option
RFC 858 Telnet Suppress Go Ahead Option
RFC 932 Subnetwork addressing scheme
RFC 951 BootP
RFC 1091 Telnet terminal-type option
RFC 1179 Line printer daemon protocol
RFC 1305 NTPv3
RFC 1350 TFTP
RFC 1510 Network Authentication
RFC 1542 Clarifications and Extensions for the
Bootstrap Protocol
draft-ietf-bridge-8021x-00.txt Port Access Control MIB
IEEE 802.1AB LLDP
RFC 1945 HTTP/1.0
RFC 1985 SMTP Service Extension
RFC 2049 MIME
RFC 2068 HTTP/1.1
RFC 2156 MIXER
RFC 2217 Telnet Com Port Control Option
RFC 2821 SMTP
OSPF
RFC 1245 OSPF protocol analysis
RFC 1246 Experience with the OSPF protocol
RFC 1586 OSPF over Frame Relay
RFC 1793 Extending OSPF to Support Demand Circuits
RFC 2328 OSPFv2
RFC 3101 The OSPF Not-So-Stubby Area (NSSA) Option
SSL
QoS
RFC 2246 The TLS Protocol Version 1.0
Draft-freier-ssl-version3-02.txt SSLv3
RFC 2205 Reservation Protocol
RFC 2211 Controlled-Load
RFC 2474 DCSP in the IPv4 and IPv6 Headers
RFC 2475 An Architecture for Differentiated Services
RFC 2597 Assured Forwarding PHB Group
RFC 2697 A Single Rate Three Color Marker
RFC 2698 A Two Rate Three Color Marker
RFC 3246 An Expedited Forwarding PHB (Per-Hop
Behavior)
X.25
RFC 1356 Multiprotocol Interconnect on X.25 and ISDN
in the Packet Mode
ITU-T Recommendations X.25 (1988), X.121 (1988). X.25
ISDN
ANSI T1.231-1997 Digital Hierarchy - Layer 1 In-Service
Digital Transmission Performance Monitoring
Standardization
IEEE 802.1p Priority Tagging
RIP
RFC 1058 RIPv1
RFC 2082 RIP-2 MD5 Authentication
RFC 2453 RIPv2
ANSI T1.403-1995 Telecommunications - Network-to-
Customer Installation - DS1 Metallic Interface
ANSI T1.408-1990 ISDN Primary Rate - Customer
Installation Metallic Interfaces, Layer 1 Specification
AT&T TR 54016-1989 Requirements for Interfacing
Digital Terminal Equipment to Services Employing the
Extended Superframe Format
Austel TS 013.1:1990 General Requirements for
Customer Equipment Connected to ISDN Basic Rate
Access - Vol. I: Customer Equipment Access Interface
Specifications
Q.920 (1988) Digital subscriber Signalling System No.1
(DSS1) - ISDN user-network interface data link layer -
General aspects
Q.921 (1988) ISDN user-network interface - Data link
layer specification
Q.930 (1988) Digital subscriber Signalling System No. 1
(DSS 1) - ISDN user-network interface layer 3 - General
aspects
Q.931 (1988) Digital subscriber Signalling System No. 1
(DSS 1) - ISDN user-network interface layer 3
specification for basic call control
Security
RFC 959 FTP
RFC 1413 IDP
RFC 1492 TACACS
RFC 1779 X.500 String Representation of Distinguished
Names.
RFC 1858 Fragmentation
RFC 2284 EAP
RFC 2510 PKI X.509 Certificate Management Protocols
RFC 2511 X.509 Certificate Request Message Format
Bellcore SR-3887 1997 National ISDN Primary Rate
Interface
ETS 300 012:1992 Integrated Services Digital Network
(ISDN); Basic user-network interface; Layer 1 specification
Rockwell Bt8370 Fully Intergrated T1/E1 Framer and
Line Interface data sheet
Technical Reference of Frame Relay Interface,Ver. 1,
Allied Telesis
AT-AR750S-DP | SecureVPN Router
November 1993, Nippon Telegraph and Telephone
Corporation.Ver. 1, November 1993, Nippon Telegraph
and Telephone Corporation.
ACA TS 013.2:1990 General Requirements for Customer
Equipment Connected to ISDN Basic Rate Access,Vol 2:
Conformance Testing Specifications
ACA TS 014.1:1990 General Requirements for Customer
Equipment Connected to ISDN Primary Rate Access,Vol
1: Customer Access Interface Specifications
ACA TS 014.2:1990 General Requirements for Customer
Equipment Connected to ISDN Primary Rate Access,Vol
2: Conformance Testing Specifications
Ordering Information
About AlliedTelesis
AT-AR750S-DP
AlliedTelesis is part of the AlliedTelesis Group.
Founded in 1987, the company is a global
provider of secure Ethernet/IP access solutions
and an industry leader in the deployment of IP
Triple Play networks over copper and fiber
access infrastructure. Our POTS-to-10G iMAP
integrated Multiservice Access Platform and
iMG intelligent Multiservice Gateways, in
conjunction with advanced switching, routing
and WDM-based transport solutions, enable
public and private network operators and
service providers of all sizes to deploy scalable,
carrier-grade networks for the cost-effective
delivery of packet-based voice, video and data
Order number: 990-001357-00
Router with no PSU modules
AT-PWR03-00 (AC PSU)
Order number: 990-001455-00
Includes power cords for the US, UK, Australia & Europe
AT-PWR03-80 (DC PSU)
Order number: 990-001455-80
Includes DC power cord
Port Interface Card Options
AT-AR020
Single configurable E1/T1 interface supporting channelized
/unchannelized Primary Rate ISDN/Frame Relay
Order Number: 990-001304-00
Frame Relay
ANSI T1S1 Frame relay
RFC 1490, 2427 Multiprotocol Interconnect over Frame
Relay
AT-AR021S (V3)2
Service and Support
AlliedTelesis provides value-added support
services for its customers under its Net.Cover
programs. For more information on Net.Cover
support programs available in your area,
contact your AlliedTelesis sales representative
(AT-AR021S V1 card is not supported on the AT-AR750S-
DP) Single Basic Rate ISDN S/T interface
Order Number: 990-002153-00
AT-AR023
Single Synchronous port up to 2Mbps to an external
CSU/DSU (AT-V.35-DTE-00 or AT-X.21-DTE-00 cable
required)
Order number: 990-001104-00
AT-AR024
Four Asynchronous RS-232 interfaces to 115Kbps
Order number: 990-001105-00
Software Upgrade Options
AT-AR700 - ADVL3UPGRD
AR700 series advanced Layer 3 upgrade:
• IPv6
• BGP-4
• Server Load Balancing
Order Number: 980-10022-00
2
®
AR021S (V3) requires AlliedWare Operating System
version 2.9.1-13 or later
USA Headquarters | 19800 North Creek Parkway | Suite 200 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895
European Headquarters |Via Motta 24 | 6830 Chiasso | Switzerland | T: +41 91 69769.00 | F: +41 91 69769.11
Asia-Pacific Headquarters | 11 Tai Seng Link | Singapore | 534182 | T: +65 6383 3832 | F: +65 6383 3830
© 2007 AlliedTelesis Inc.All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners. 617-000193 Rev.D
|