Professional Documents
Culture Documents
Router Catalog
Standard Features 15
Advanced Features 17
Allied Telesis Routers 19
AR400 Series....................................................................................................20
AT-AR415S........................................................................................................20
AT-AR440S/AR441S..........................................................................................20
AT-AR442S........................................................................................................20
AT-AR700 Series................................................................................................21
AT-AR750S.........................................................................................................21
AT-AR750S-DP...................................................................................................21
AT-AR770S.........................................................................................................21
Specifications 22
alliedtelesis.com
Router
Router
Branch office
Headquarters
Internet
Default VPN
client
Remote
devices
Inter-site VPN
Mobile access VPN
Local government
Bankers
Tradesmen
Realtors
Headquarters
Data is securely
stored here
Router
Internet
Default VPN
client
Remote
device
Data is viewed
not stored
Internet access
Mobile access VPN
alliedtelesis.com
National/Regional
medical databases
Hospital
Router
Internet
iPhone / iPad
Router
Medical
consulting rooms
Patients home
Secure Teleworker
VPN Access From a Hotel or Home
This scenario illustrates secure VPN access for two different types of
teleworkersthe home and the professional.
Home teleworker
A home-based data-only teleworker uses an Allied Telesis ADSL router to
connect to corporate headquarters over a broadband Internet connection.
The teleworkers business PC is running software VPN, which is terminated by
an Allied Telesis secure modular VPN router.
The teleworker may also share the broadband Internet connection with other
family PCs linked via wired or wireless LAN connections. Because the VPN
is software-based and only enabled on the business PC, any other network
users are prohibited from accessing the corporate VPN.
Professional teleworker
The professional teleworker requires both data and a low-cost digital voice
connection or Voice over IP (VoIP). The Allied Telesis router is acting as a
secure VoIP gateway. QoS capabilities within the router prioritize the delivery
of high-quality digital voice.
What is
NAT-Traversal?
For many routers, address
translation interferes with
the VPN connection. NATTraversal in Allied Telesis
routers encapsulates the VPN
packets in User Datagram
Protocol (UDP). The address
translation is applied to the
outer UDP layer, so the VPN
packets inside are transmitted
unaltered.
Office
IPsec VPN connection
Router
Internet
Wi-Fi
Default VPN
client
Default VPN
client
NAT
Traversal
Home or Hotel
Mobile network
3G
alliedtelesis.com
Allied Telesis routers support Dynamic DNS, which reduces the running cost
for Internet access lines. If a user hosts an online service in their small/medium
business, they will need this service to be constantly accessible. In addition, they
will need the service to be addressed by a human-readable domain name.
ISPs often charge a premium for a connection that has a fixed IP address
associated with a domain name. However, Dynamic DNS allows the use of a
normal ISP connection with a changing IP addressallowing a hosted service to
be constantly accessible via a domain name.
Allied Telesis routers feature built-in capability to interoperate with low-cost or
free Dynamic DNS services, saving the user significant ISP costs.
Office
Can use
dynamic IP
access line
service
Se
Router
3
Default VPN client
r
rve
Dynamic
DNS server
Internet
2
Customer
premises
equipment
DNS server
Home
What is RADIUS?
Remote Authentication Dial-In
User Service is a networking
protocol that provides
centralized authentication,
authorization, and accounting
management for computers
to connect and use a network
service.
te
va
Prirver
e
S
Office
S
DIU
RA rver
Se
Router
Internet
Client
te
va
Prirver
e
S
te
va
Prirver
e
S
te
va
Prirver
e
S
Client
Client
Private-to-Private connections,
tunneled through IP Sec VPN
alliedtelesis.com
In this example, Allied Telesis routers connect multiple users in two small branch
offices to the corporate headquarters, via a secure VPN connection. VPN
encryption is provided in hardware by the routers.
The Internet connection is provided by a resilient pair of ADSL or fiber
connections via different ISPs. Internet data is shared across the connections
using WAN load balancing. If either connection fails, all data will be carried
by the remaining connection. This provides a resilient connection with higher
bandwidth, at a reasonable cost.
IPS1
Branch Office
S
AD
Internet
SBx908
SL
AD
IPS2
Leased line
Frame Relay
AR
5S
L
S
41
AR
L
S
Corporate Headquarters
5S
SL
AD
S
AD
S
750
41
AR
x510-PoE
SL
AD
SL
AD
Branch Office
1 Gigabit link
10/100 link
Link aggregation
Many large branch offices send large volumes of data to their corporate
headquarters. As ADSL does not provide adequate upstream bandwidth,
Allied Telesis routers offer an SHDSL option, which provides high-speed
bandwidth both upstream and downstream. This symmetrical service allows
branch VoIP phones to connect to a soft switch at their corporate headquarters,
thus reducing the need for additional VoIP services in the local office.
In this solution, resiliency could be provided by a backup connection via another
service, such as Primary Rate ISDN.
To eliminate the risk of initial encryption keysknown as pre-shared keys
being leaked, the routers can use digital certificates for authentication. The
VPN network can be fully integrated with a certificate server system to receive
certificate revocation lists.
x510-PoE
Cert.
Server
x210-PoE
x610-PoE
SBx908
Certificate
Authority
Leased
Line
Frame
Relay
5S
Corporate Headquarters
41
AR
PRI
ISDN
0S
5
AR7
SHDSL
Branch Office
Internet
10 Gigabit link
1 Gigabit link
10/100 link
Link aggregation
alliedtelesis.com
Corporate Headquarters
Triple Play, Multi-Site Network Application
In this scenario, an Allied Telesis router in the headquarters office can provide a
high-availability, data-symmetrical connection to the Internet over a leased line
or Ethernet connection. The connection ensures sufficient bandwidth for all
traffic, with the router providing enough concurrent VPN tunnel terminations to
handle all remote users connecting to corporate headquarters.
The corporate VPN network can be used for voice, video, and data services.
Allied Telesis routers act as secure VoIP gateways, and can tunnel multicast or
unicast video.
The Quality of Service (QoS) capability of the Allied Telesis router manages the
prioritization and bandwidth allocation for different types of traffic. Real time
applications like VoIP and video can operate effectively on the same connection
that is carrying bulk data: file transfers, email, web browsing, and the like. QoS
protects voice and video streams from surges in the bulk data load, providing a
smooth user experience.
A wide range of
connectivity options are
available in Allied Telesis
routers: ADSL, SHDSL, E1,
T1, X.21, V.35, Frame Relay,
X.25, PPP, PPPoE, PPPoA,
and 10/100/1000 Ethernet.
A highly distributed
organization can utilize
the best connectivity
options that are available at
different locations.
Mobile Teleworker
x510-PoE
x610-PoE
4
AR
Web
Server
15
SIP
Cert.
Server
50S
AR7
Wide Area
Service / Internet
Inventory &
Shipping
Database
Video
Conference
AR
5S
41
Certificate
Authority
Data Network
VoIP Network
SIP Server
AR
SIP ALG
SIP ALG
0S
75
0S
75
SIP ALG
AR
50S
AR7
10
10
x6
x6
x61
10
10
x2
x2
x21
10
10
x2
x2
x21
alliedtelesis.com
VL
AN
10
AN
VL
VL
AN
30
VL
AN
30
10
TE
RO
VL
VL
AN
20
0
N2
Internet
TE
RO
The tagged VLAN bridging connection can be encapsulated within
IPSec and L2TP, just like a standard bridged connection between Allied
Telesis routers. Moreover, the number of bridged VLANs, and the
VLAN IDs of the bridged VLANs, are entirely under your control
there is no need to request that the service provider change the service
configuration.
VL
VL
0
N3
VL
3
AN
0
VL
AN
20
VL
AN
AN
10
VL
AN
10
20
Note that distributing the PPPoE access concentration in this way does
not complicate the user database management. The user credentials
can still be stored centrally in a RADIUS server, which is accessed by the
Allied Telesis routers. There is no need to distribute the user information
to individual routers.
Apartment
Building
Fiber link
Copper link
CPE
C
P
P
g
IP in
t
u
o
Er
o
P
DIU
RA
Router operating as
PPPoE Access
Concentrator
14 | Allied Telesis Routers
Service Provider
network
alliedtelesis.com
Standard Features
Extensive VPN capability
Encryption: AES 128, AES 192, AES
256, 3DES
IPSec authentication: SHA1, MD5
PKI
NAT-T
Supports industry-standard VPN
clientsWindows, Mac OS X, iOS,
Android, Linux
Allied Telesis routers provide extensive
IPSec-based VPN capability, allowing
the interconnection of branch offices,
remote teleworkers, and other
users who require secure access to
a corporate network. This capability
provides a cost-effective alternative
to long-distance dialing, leased line or
frame-relay connections. Allied Telesis
routers come complete with integrated
hardware acceleration to maximize
encryption and throughput during
secure communication.
The products are compatible with
industry-standard IPSec VPN clients, and
have proven interoperability with a wide
range of IPSec peers. Two GUI wizards
for site-to-site and remote access VPNs
make VPN configuration simple.
Routing
RIP, v1, v2, RIPng
OSPF
BGP
Route filtering
Route maps
RIP, OSPF and BGP are all fully
supported with feature-rich
implementations and the ability to learn
thousands of routes. Full support for
redistribution between routing protocols
is provided. The route map and route
filtering capabilities of Allied Telesis
routers is highly configurableoffering
the same set of constructs, matching
options and actions expected in other
high-end route map implementations.
Multicasting
IGMP
MLD Snooping
PIM v4 and PIM v6
DVMRP
Multicast forwarding in IPv4 and IPv6
layer networks is well supported in the
Allied Telesis router family. In addition to
standard Layer 3 multicast forwarding,
the routers can tunnel multicast across
IPSec tunnels to provide a secure, costeffective transport of multicast to/from
remote locations.
WAN connections
PPP
Frame relay
X.25
E1/T1 TDM
PRI/BRI ISDN
alliedtelesis.com
Advanced Features
802.1Q VLAN
Allied Telesis routers are 802.1Q
compliant, enabling the user to configure
up to 64 VLANs with VLAN Identifiers
(VID) between 1 and 4094.
The routers can firewall between
VLANs, providing protection within
the network from internal attacks.
Additionally, the VLANs can be bridged
across WANs, to extend VLANs to
multiple sites.
Quality of Service (QoS)
Allied Telesis QoS implementation
enables the routers to dynamically
identify high priority voice, video and
application traffic, so that appropriate
service levels can be maintained in
congested networks. Advanced QoS
allows voice, video, and data traffic to
have QoS applied within individual IPSec
tunnels, over GRE, as well as IPv6 to
IPv4 tunnels.
alliedtelesis.com
Allied Telesis WAN and Internet multiservice access routers include solutions for T1/E1, ISDN, xDSL and
leased-line connections.
The comprehensive, high-performance Allied Telesis AR Series features hardware and software functions such as advanced routing,
QoS, IPv6 and advanced security, including Stateful Inspection Firewall and VPN services. AR Series routers are able to deliver the
breadth of functionality that small- and medium-sized businesses require at a price point they can afford, and with a confirmed
reliability that makes Allied Telesis a trusted networking partner.
AR400 Series
AT-AR415S
AT-AR440S/AR441S *
HIGH PERFORMANCE SECURE xDSL
ROUTERS
32MB SDRAM
16MB flash memory enabling
AT-AR442S *
AR441S Annex B)
Async console/modem x 1 port
Port Interface Card (PIC) x 1 slot
Dimensions
Weight
AT-AR415S
Model
AT-AR440S/AR441S
AT-AR442S
* Contact your Allied Telesis sales representative to discuss availability in your region.
alliedtelesis.com
AR700 Series
AT-AR750S
AT-AR750S-DP
AT-AR770S
Async x 1 port
Async x 1 port
Async x 1 port
combo x 2 ports
supplies
64MB SDRAM
16MB flash
Model
Dimensions
Weight
1.92 kg / 4.23 lb
AT-AR750S-DP
5.38 kg / 11.86 lb
AT-AR770S
2.95 kg / 6.5 lb
AT-AR750S
Specifications
SUBCATEGORY
PORTSAND
MEDIA SUPPORT
OPTIONAL
PICCARDS
POWER SUPPLY
ENVIRONMENTAL
MANAGEMENT
NETWORK RESILIENCE
QoS
SECURITY
FEATURE
FORM FACTOR
10/100TX
10/100/1000T
SFP
SHDSL
Async port
PIC bays (unpopulated)
T1/E1 WAN
BRI - ISDN (S/T)
2Mbps sync port
4 x async
2 x FXS VoIP
In/outdoor usage
Temperature range
Web
CLI access
SNMP
UPnP
VRRP
IEEE 802.1p priority queues
Queueing mechanisms
Priority mechanisms
IEEE 802.1Q VLANs
RADIUS
SSL
IEEE 802.1x
DoS protection
Encryption (AES/3DES)
DMZ
MAC filter
IP / TCP / UDP filter
URL filter
Peer-to-peer protocols detection
Encryption (DES, 3DES, AES)
VPN concurrent tunnels
ROUTING
AT-AR415S
Desktop / Rack mount
1 (WAN) + 4 (LAN)
AT-AR440S / AT-AR441S*
Desktop / Wall mount / Rack mount
5 (LAN)
ADSL2/2+ (Annex A) AT-AR440S
xDSL (WAN)
Firewall
OTHER
RIPv1 and v2
IPv4
IPv6
OSPF
NAT / NAPT
NATVPNpass-through (sessions)
PPPoE / PPTP / L2TP
DHCPclient / server / relay
WAN load balancing
Server load balancing
BGP-4
1
1
AT-AR020
AT-AR021S
AT-AR023
AT-AR024
AT-AR027
Fixed internal
Indoor
0C to 50C
Async, Telnet
v2 and v3
Async, Telnet
v2 and v3
64
64
AT-3DES
1 - standard
5 - AT-FL19B, 10 - AT-FL19C
100
25 - AT-FL19D, 50 - AT-FL19E
AT-AR400-ADVL3UPGRD
AT-AR400-A3VLDUPGRD
AT-FL15 (option)
AT-AR400-ADVLDUPGRD
AT-AR400-ADVLDUPGRD
30.5 x 19 x 4.5 cm
AT-FL15 (option)
AT-AR400-ADVLDUPGRD
AT-AR400-ADVLDUPGRD
33.5 x 18 x 4.5 cm
12 x 7.48 x 1.77 in
1.75 kg / 3.85 lb
13.18 x 7 x 1.77 in
1.96 kg / 4.32 lb
IDEAL ENVIRONMENT
Medium business
Branch office
CUSTOMERSNEEDS
Remote access
DIMENSIONS
(W x D x H)
Weight
* Contact your Allied Telesis sales representative to discuss availability in your region.
alliedtelesis.com
AT-AR442S*
Desktop / Wall mount / Rack mount
5 (LAN)
AT-AR750S
Desktop / Rack mount
2 (WAN) +5 (LAN)
AT-AR750S-DP
Desktop / Rack mount
2 (WAN) +5 (LAN)
SECURE GIGABIT
MODULAR VPN ROUTER
AT-AR770S
Desktop / Rack mount
2 (WAN) + 4 (LAN)
2 (combo) 100 or 1000Mbps
1
2
AT-AR020
AT-AR021S
AT-AR023
AT-AR024
1
2
AT-AR020
AT-AR021S
AT-AR023
AT-AR024
1
2
AT-AR020
AT-AR021S
AT-AR023
AT-AR024
Fixed internal
Indoor
0 to 40C
Dual Hot-Swappable
Indoor
0 to 40C
Fixed internal
Indoor
0 to 40C
Async, Telnet
v2 and v3
Async, Telnet
v2 and v3
Async, Telnet
v2 and v3
Async, Telnet
v2 and v3
64
64
64
64
AT-FL-17 (SIP-ALG)
AT-AES
AT-FL-17 (SIP-ALG)
AT-AES
AT-FL-17 (SIP-ALG)
AT-AES
AT-3DES
AT-3DES
AT-3DES
100
250
250
1000
AT-AR400-A3VLDUPGRD
AT-AR700-ADVL3UPGRD
AT-AR700-ADVL3UPGRD
AT-AR700-ADVL3UPGRD
AT-FL15 (option)
AT-AR400-ADVLDUPGRD
AT-AR400-ADVLDUPGR
33.5 x 18 x 4.5 cm
Included
AT-AR700-ADVL3UPGRD
AT-AR700-ADVL3UPGRD
30.5 x 19 x 4.4 cm
Included
AT-AR700-ADVL3UPGRD
AT-AR700-ADVL3UPGRD
44 x 35.6 x 4.4 cm
Included
AT-AR700-ADVL3UPGRD
AT-AR700-ADVL3UPGRD
44 x 23.9 x 4.4 cm
13.18 x 7 x 1.77 in
1.96 kg / 4.32 lb
Branch office
12 x 7.48 x 1.73 in
1.92 kg / 4.23 lb
17.3 x 14 x 1.73 in
5.38 kg / 11.86 lb
Medium business
Medium business
Large business
Remote access
Remote access
Remote access
alliedtelesis.com
alliedtelesis.com
alliedtelesis.com
Company Details
North America Headquarters | 19800 North Creek Parkway | Suite 100 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895
Asia-Pacific Headquarters | 11 Tai Seng Link | Singapore | 534182 | T: +65 6383 3832 | F: +65 6383 3830
EMEA & CSA Operations | Incheonweg 7 | 1437 EK Rozenburg | The Netherlands | T: +31 20 7950020 | F: +31 20 7950021
alliedtelesis.com
2013 Allied Telesis, Inc. All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners.
617-000481 Rev B