is a BANDIT?
The BANDIT™ stands for Broadband
Access Network Device for Intelligent
Termination. "Broadband" is
defined as agnostic to different broadband
access methods, such as xDSL, cable, T1,
and wireless network link. "Intelligent," in
this context, refers to multi-function
customer premises equipment (CPE) that
supports IP routing, Virtual Private
Network (VPN) gateways, IPsec security,
legacy data protocols (ALC, bisync, X.25,
SDLC, etc.), and dial backup.
2. What does the
The BANDIT™ is a single,
multi-function CPE that replaces the
need for multiple single-function units.
Its capabilities and features include
IP routing (static, RIP V1/V2), FRAD,
IPsec VPN gateway, built-in firewall,
NAT, DHCP, support for legacy data protocols
(SDLC, X.25, ALC, polled async, and bisync),
and dial backup.
3. What is the BANDIT's
The BANDIT™ is the ideal
solution for enterprise customers, carriers,
and vertical markets. Enterprise customers
are attracted to its robust feature set
and strong price/performance/functionality
ratio. Carriers benefit when migrating
their Frame Relay networks to support
other value-added services, such as broadband
and IP-based VPNs. Vertical markets,
such as the transportation and banking
industries, can quickly and easily migrate
their legacy systems and specialized
protocols to standards-based IP networks.
4. What are the key applications the
Given its flexible
architecture and the rich feature set,
the BANDIT™ supports a wide range of
applications that fit the requirements
of different categories of customers
(e.g., enterprise and carrier). The key
- Broadband connectivity
for remote/branch office over public
IP and Frame Relay networks
for IP VPNs and built-in firewall functionality
- Migration of legacy data networks
to IP based infrastructure
- Dial backup capability
for load sharing and disaster recovery
- Managed router services that can
be configured and managed remotely
from a carrier's centralized network
operation center (NOC)
5. How many simultaneous tunnels
does the BANDIT™ support?
terminates up to 30 separately encrypted
tunnels at one time. A hardware accelerator
for encryption ensures that there is
no reduction in throughput, even when
all tunnels are active.
6. Do I need
to have a BANDIT™ at both ends of a network
to support IP encryption?
No. the BANDIT™ supports standards-based
IPsec encryption using Data Encryption
Standard (DES) and triple-DES (3DES).
The BANDIT™ interoperates with
other standards-compatible IPsec
software clients, as well as other
vendors' VPN gateways. This flexibility
allows carriers and enterprise customers
to deploy a wide variety of network technologies
and topologies to meet every need for secure
communication over the Internet.
does the BANDIT™ protect a site from
The BANDIT™ provides several
security features that work together
to protect customer networks and IT assets.
IP-based, encrypted tunnels leave hackers
little opportunity to break into the
Intranet. Also, authentication, access
control lists (ACLs), and IP address
filtering ensure access from and to only
authorized and trusted locations. In
addition, dynamic network address translation
(NAT) and DHCP not only provide a different
kind of protection, but are also used
in tandem to enhance the security of
8. Does the BANDIT™
The BANDIT™ supports
several authentication protocols such
as PAP, CHAP, and HMAC MD-5 /HMAC SHA-1.
In addition, the BANDIT™ supports both
IKE and ISAKMP key exchange protocols
that are based on RSA certificates (public
9. How does the BANDIT™ support
A wide range of legacy
data protocols perfected in Encore Networks'
earlier line of Frame Relay Access Devices
(FRADs) is the basis of the BANDIT™ product.
Terminals and hosts using Airline Link
Control (ALC); asynchronous and synchronous
polled protocols such as IBM's SDLC and
bisync; and X.25 packet switching can
communicate over the Internet through
the same encrypted tunnels used by IP
or over Frame Relay networks.
does dial backup work?
The BANDIT™ contains
an integral V.90 modem that can dial
out or accept calls on a standard voice-grade
phone line. Typically, the BANDIT™ recognizes
the loss of the DSL service, cable modem,
or other primary line, and calls a Remote
Access Server (RAS) in much the same
way a PC calls into an Internet Service
Provider (ISP). In fact, the call may
be placed to an ISP, or to a RAS owned
by the user's organization.
The routing function in the BANDIT™ identifies
the new path, DHCP obtains an IP address
for the duration of the backup connection,
and traffic resumes automatically within
a short period of time. If the RAS supports
compression, the internal modem negotiates
to turn it on for the session, potentially
doubling the throughput of a connection.
11. How do I configure and manage a
The BANDIT™ includes
a comprehensive set of network management
capabilities, diagnostics features, and
plug-and-play configuration functions
that simplify deployment and keep overall
operating expenses low.
menu-driven craft interface makes configuration
a snap and reduces the need for training.
The operator picks the next step with
one key stroke. Only those few parameters
that are unique to each device, such
as its name, require typing. There are
no commands to learn. The same interface
is accessible from a terminal on the
dedicated serial port, via Telnet, or
through the integral modem port.
levels of passwords restrict a user to
read-only privileges or limited control,
or allow full control, regardless of
the access method. Full SNMP support
eases integration with existing Office
System Solution (OSS) systems. Also,
guaranteed delivery of critical SNMP
trap messages ensures that important
event reports are preserved during network
Remote diagnostics include traffic
monitoring on any port, extensive statistics,
data-scope analysis of protocols, and
test configurations, such as loop-backs.
All management functions are controllable
from the NOC.
12. Are there limitations
on topologies or configurations of the
None. In fact, the BANDIT's
architecture is fully symmetrical. That
is, any port may be configured for any
purpose. For example, the serial port
can emulate a terminal controller with
a polled async protocol, or it can operate
at 2 Mbps on an IP/PPP link to the Internet.
It is possible to configure the modem
port as the primary network link. This
flexibility allows a user with a BANDIT™
in a regional office to set up encrypted
tunnels to dozens of smaller office branches,
or home offices. Users at the remote sites
can communicate not only with the regional
office, but also with any other location
that has an encrypted tunnel established.
The BANDIT™ switches or routes traffic
amongst the tunnels it terminates.
What are the BANDIT's different configuration
The BANDIT™ comes standard with
two Ethernet LAN ports, and a V.90 modem
port for dial backup. Two optional serial
ports, available separately, provide
support for legacy data support, as well
as T1 and fractional T1 termination via
built-in CSU capability.
14. What is the BANDIT's
The BANDIT's pricing depends
on the configuration and on the customer's
application. Please contact your Encore
Networks sales representative for more
15. How do I order a BANDIT?
To discuss BANDIT™ pricing options and
details about placing an order, call
Encore Networks at 703- 318-7750, or
send an email to email@example.com