IP addressing management (IPv4/IPv6)
- Static IP addresses
- DHCP client
- DHCP Relay Option 82
- Embedded DHCP server options: 43, 60, 61, 150
- DNS resolver
- IP unnumbered
Quality of Service (QoS)
- Up to 8 priority queues per port
- L2 and L3 traffic prioritization (802.1p, DSCP, IP Precedence)
- RED, GRED congestion avoidance algorithms
- Precedence re-marking mechanisms
- Applying policies (policy-map)
- Bandwidth management (shaping)
- Hierarchical QоS
- Session marking
Network reliability assurance means
- VRRP v2,v3
- Route tracking based on VRRP state
- WAN interfaces load balancing, data stream redirection, channel switching during QoS control
- Firewall sessions backup
Management and monitoring
- Support for standard and extended SNMP MIB, RMONv1
- Built-in Zabbix agent
- User authentication through a local database via RADIUS, TACACS+, LDAP
- Protection from configuration errors, automatic configuration recovery. Ability to reset configuration to factory settings
- CLI
- Syslog support
- System resources usage monitoring
- Ping, traceroute (IPv4/IPv6), displaying information on packets in the console
- Firmware update, configuration upload and download via TFTP, SCP, FTP, SFTP, HTTP(S)
- NTP support
- Netflow v5/v9/v10 (exporting of URL statistics for HTTP, host for HTTPS)
- Local control via RS-232 (RJ-45)
- Remote control via Telnet, SSH (IPv4/IPv6)
- Displaying information on services/processes
- Local/remote router configuration storage
Physical specifications and ambient parameters
- Maximum power consumption – 125 W
- Power supply:
- 220 V AC +-20%, 50 Hz
- -36..-72V DC
- Up to two hot-swappable power units
- Operating temperature – from -10 to +45 °С
- Storage temperature – from -40 to +70 °С
- Operating humidity – no more than 80%
- Storage humidity – from 10% to 95%
- Dimensions (mm) – 430х425х44
- Weight – 7 kg
- Average service life – 10 years
Specifications
Packet processor – Broadcom XLP516
Interfaces
- 4xCombo 10/100/1000BASE-T/ 1000BASE-X SFP (LAN/WAN)
- 4×10/100/1000BASE-T (LAN/WAN)
- 4x10GBASE-R SFP+/1000BASE-X (LAN/WAN)
- 1xConsole (RJ-45)
- 2хUSB 2.0
Performance
- Firewall/NAT/routing (1518B frames) – 13.1 Gbps, 1077 kpps
- IPsec VPN (1456B frames) – 4.2 Gbps, 364 kpps
- IPS/IDS 10k rules – 590 Mbps, 104 kpps
System features
- VPN tunnels – 500
- Static routes – 11k
- Concurrent sessions – 512k
- VLAN support – up to 4k VLANs in accordance with 802.1Q
- BGP routes – 2.8M
- OSPF routes – 500k
- RIP routes – 10k
- MAC address table – 128k
- FIB size – 1.7M
- VRF Lite – 32
Plug-in interfaces
Remote Access VPN clients
- PPTP/PPPoE/L2TP/OpenVPN/IPsec XAUTH
Remote Access VPN server
- L2TP/PPTP/OpenVPN/IPsec XAUTH
Site-to-site VPN
- IPsec: «policy-based» and «route-based» modes
- DMVPN
- DES, 3DES, AES, Blowfish, Camellia encryption algorithms
- IKE MD5, SHA-1, SHA-2 message authentication
Tunneling
- IPoGRE, EoGRE
- IPIP
- L2TPv3
- LT (inter VRF-lite routing)
L2 functions
- Packet switching (bridging)
- LAG/LACP (802.3ad)
- VLAN (802.1Q)
- Logical interfaces
- LLDP, LLDP MED
- VLAN-based MAC
L3 functions (IPv4/IPv6)
- NAT, Static NAT, ALG
- Static routes
- Dynamic routing protocols RIPv2, OSPFv2/v3, BGP
- Route filtering (prefix list)
- VRF Lite
- Policy Based Routing (PBR)
- BFD for BGP, OSPF, static routes
Network security functions
- Intrusion Detection/Prevention system (IPS/IDS)1
- Web filtering by URL, by content (cookies, ActiveX, JavaScript)
- Zone-based Firewall
- Firewall filtering based on L2/L3/L4 fields and applications
- Support for access control lists on the base of L2/L3/L4 fields
- Protection from DoS/DDoS attacks and notification on them
- Logging of attack and rule triggering events
SLA control functions
- Eltex SLA
- Channel parameters evaluation:
- Delay (one-way/two-way)
- Jitter (one-way/two-way)
- Packet loss (one-way/two-way)
- Packet Error Rate
- Out-of-order delivery
- Wellink SLA (wiSLA)1
BRAS (IPoE)1
- User termination
- White/black URL lists
- Quotas for traffic volume, session time, network applications
- HTTP/HTTPS Proxy
- HTTP/HTTPS Redirect
- Session accounting via Netflow protocol
- Interaction with ААА, PCRF
- Bandwidth management by offices, SSID and user sessions
- User authentication by MAC or IP address
