Enterasys Security Router X-PeditionTM User Manual page 35

• Quality of Service - The XSR provides traffic classification using IP Precedence and DSCP bits,
bandwidth control via metered, policed and prioritized traffic queues, and queue
management utilizing Tail Drop, Random and Weighted Early Detection (RED, WRED). Also,
QoS on Input including classification based on class maps (similar to QoS on Output), marking
per traffic flow (DSCP and IP precedence fields), and policing per traffic class, and QoS over
VPN.
• ADSL - Three PDU encapsulation types are available for ADSL: PPP over ATM (PPPoA), PPP
over Ethernet (PPPoE), and Routed IP over ATM (IPoA). Also supported: POTS and ISDN
circuit support, ATM Frame UNI (FUNI) data framing format, OAM cells: AIS, RDI, CC,
Loopback over F4 and F5 flows, up to 30 ATM Permanent Virtual Circuits (PVCs), ATM UBR
traffic class, ATM Adaption Layers 0, 5, response to inverse ARP requests, and maintenance of
SNMP Interface and Interface Stack tables.
• Virtual Private Network - The XSR supports VPN tunnels using L2TP, PPP or IPSec protected
by DES, 3DES, RC4, MD5, AES or SHA-1 encryption. VPN tunnels are authenticated/
authorized for credentials using pre-shared keys or Public Key Infrastructure (PKI) certificates
(Microsoft and Verisign). Also supported: DF Bit override, OSPF over VPN, GRE over IPSec,
interaction between firewall/NAT/VPN, ToS bit preservation, IP helper on VPN interfaces,
IETF/Microsoft-compatible NAT traversal for L2TP, and QoS over VPN.
• Security - In its firewall feature set, the XSR provides stateful firewall protection against a
variety of Denial of Service attacks, FTP and H.323 ALG support, application command
filtering for FTP, SMTP, NNTP, HTTP, onboard URL filtering, firewall logging and
authentication, and supports standard and extended Access Control Lists to manage network
access. Also supported: AAA for firewall, Console/Telnet and SSHv2 users, and dynamic
reconfiguration of firewall policy without having to restart the code.
• Dialer Interface - Dial Services are a cost-saving alternative to the leased line connection
between two peers and they can be implemented for different types of media for both
inbound and outbound connections. The XSR supports incoming calls on analog modems.
• Dial Backup - The dialed backup feature provides a backup link over a dial line. The backup
link is brought up when a failure occurs in a primary link, and it is brought down when the
primary link is restored. This feature is supported for PPPoE to enable cable backup over
FastEthernet/GigabitEthernet sub-interfaces. Also supported: Dialer Watch, ISDN callback,
and dialer interface spoofing.
• ISDN - The XSR's BRI and PRI switched and leased lines set up and tear down calls, usually
under the control of the Dialer. The XSR's ISDN services BRI and PRI lines with a 1, 2 or 4 port
Channelized NIM card for PRI lines, 1 or 2 port BRI-S/T NIM card, or 1 or 2 port BRI U NIM
card. Also supported: Circuit Mode Data (CMD) channel (DS0s) switching by the CO to the
destination user for the duration of the call, outgoing calls supported for Backup, DoD/BoD,
incoming calls routed to the correct protocol stack based on called number/sub-address and
calling number/sub-address, permanent B-channel support, i.e. 64 or 128 kbps lease line (each
BRI port can be set for CMD or Leased-Line mode of operation), BRI supported switches:
ETSI, TEI auto-negotiated for BRI, automatic configuration of Q.921/Q.931 (Layer 2/Layer 3)
by selection of switch type, PRI supported switches: ETSI, NI, DMS100, NTT, automatic
configuration of PRI restart and maintenance modes, Fixed TEI of 0 for PRI, ISDN switched
and leased line connections, bandwidth optimization through Dial on Demand (DoD),
Bandwidth on Demand (BoD) and Bandwidth Allocation Protocol (BAP), security through
caller ID, call monitoring, ISDN callback, Multilink PPP (MLPPP), per call activation for NTT
switches, and Frame Relay over ISDN. The XSR also provides: asynchronous serial support
through an external modem, synchronous serial, Unnumbered Interface Addressing, PPP
encapsulation, authentication from XSR's database for PAP and CHAP, dialer profile support,
configurable redialer, ISDN callback, dialer watch, and dialer interface spoofing.
XSR User's Guide 1-3