Reviews

Routers

ASUS Blue Cave

Keenetic Giga KN-1010

ASUS RT-AC86U

ASUS RT-AC1200G+

ASUS RT-AC53

ASUS RT-AC5300

ASUS RT-AC88U

D-Link DIR-809

ASUS 4G-N12

netis Beacon AC1200 Gaming Router WF2681

D-Link DIR-890L

D-Link DIR-825AC

ASUS RT-AC3200

ASUS RT-AC51U

D-Link DIR-860L

Wireless router NETGEAR Nighthawk X6 R8000 or even more cosmic space at our homes

Small-sized D-LINK DIR-516 Wireless Router

ASUS 4G-AC55U

D-Link DIR-806A Wireless Router

New ZyXEL Keenetic Ultra II and Giga III Wireless Routers

Budget-priced ASUS RT-N11P Wireless Router

NETGEAR R7500

ASUS RT-AC87U

Buffalo WZR-1750DHP

ASUS RT-N18U

NETGEAR WNDR4700

ASUS RT-N65U

ASUS RT-AC52U

ASUS RT-AC56U

The New Wireless Flagship Device or ASUS RT-AC68U

DIR-868L or the First Router with Support of 802.11ac by D-Link

NETGEAR WNDR3800

ASUS RT-N14U

AC for All or NETGEAR R6300

New Router for New Standard, ASUS RT-AC66U

D-Link DVA-G3672B

D-Link DIR-857 or HD Media Router 3000

NETGEAR JDGN1000

N900 NETGEAR WNDR4500 Wireless Router

ASUS RT-G32 rev. C1 and RT-N10 rev. B1

ASUS DSL-N12U

D-Link DSL-2750U, ADSL2+ wireless router with USB

Soviet coffee-grinder or D-Link DIR-645

ASUS RT-N66U or wireless 900 Mbps

Mobile wireless router for 3G/Wi-Fi networks or ASUS WL-330N3G

NETGEAR WNR1000v2 wireless router for home

ASUS RT-N10U

ASUS RT-N56U or hardware NAT acceleration

ASUS RT-N16

ASUS DSL-G31 – connection to ADSL or Ethernet providers

Wireless router and VoIP gateway ASUS AX-112W

Connection of the whole network to Yota or ASUS WMVN25E2+

All the interfaces faster than Fast Ethernet or ASUS RT-N15

NICs and access points

ASUS USB-AC68

Repeater, wireless bridge and Access Point ASUS RP-AC68U

ASUS RP-AC56: Repeater and Access Point in Two Frequency Ranges

ASUS EA-AC87

ASUS RP-N12

ASUS RP-AC52

ASUS WL-330NUL or NIC and Router All in One

ASUS PCE-AC66 or a client card for 802.11ac network

NETGEAR WNCE3001

ASUS EA-N66 or an alien pyramid

A UFO, or NETGEAR WNAP320

Switches

ASUS XG-U2008

GigaLink GL-SW-F101-08PSG-I

D-Link DGS-3620-28TC

NETGEAR FSM726v3

ADSL2+ Switch with Annex L and Annex M Support or D-Link DAS-3248EC

Access layer switch QTECH QSW-2800

NETGEAR GS108PE, or a smart eight port gigabit ethernet switch with PoE

Network Storages

Powerful five bays NAS QNAP TS-531X

QNAP TAS-168

QNAP TVS-463

Thecus W4000 – the first network storage based on Microsoft Windows

Desktop Thecus N10850 NAS

Thecus N8810U-G

Thecus N16000PRO Advanced Testing

Expansion Unit Thecus D16000

Thecus N16000PRO

Two-bay D-Link DNS-327L NAS

Buffalo TS4400D

Thecus N4520

Buffalo LinkStation 421

Buffalo TeraStation 5600

Modern Six-bay NAS or NETGEAR ReadyNAS 516

Thecus N4800Eco

Small but speedy, or Thecus N2800

D-Link DNS-345

N16000 or Top Model by Thecus

CFI-B8253JDGG or an external RAID

D-Link ShareCenter DNS-325 or a Small NAS for Home and Office

Thecus N8900 or connecting NAS via 10 GE

HuaweiSymantec Oceanspace S2600

NETGEAR ReadyNAS 2100

Thecus N8800+ or a two-unit storage for eight disks

Rackmount network storage Thecus 1U4200XXX

NETGEAR ReadyNAS Ultra 2 Plus or a speedy two-bay storage

Pocket NAS or Thecus N0204

ASUS NAS-M25

Power Line Communications

ASUS PL-X52P

D-Link DHP-500AV and DHP-540

ASUS PL-X32M

IP-cameras

Round-the-clock surveillance, or ACTi TCM-5611 and PLEN-0203

Firewalls

NETGEAR ProSecure UTM50

NETGEAR SRX5308

Other

Wireless mesh-network or Tenda Nova

Zyxel wireless solutions

TLK TWS-156054-M-GY antivandal cabinet

Adder IPEPS Digital

StreamTV Adapter or D-Link DIB-200

AquaInspector Server Ultimate by Smart-Soft

NComputing N400 or a Citrix Thin Client

Dune HD TV-303D

Dune HD TV-301W and Vdali TV

AquaInspector or a Key-ready Solution for Managing, Controlling and Securing the Internet Access

NetProtect E-29 crash-test

Fluke AirCheck, or We Can See the Radiowaves

Antivandal cabinet – a cure-all solution?

Thin client NComputing L300

KASPERSKY INTERNET SECURITY 2011

WinRAR x64 performance test

UPS APC AP9617/9619 management

Introduction

External design and hardware platform

Firmware upgrade

Web-interface

Mobile application

AiMesh

IFTTT

CLI

Testing

Conclusion

Introduction

What is this, a network audio station? Or a blade-less fan with the remote control? When we received the ASUS Blue Cave in our laboratory, the most improbable versions were put forward. In fact, everything turned out to be very simple: we have a wireless router with a hollow center. The unusual shape of the case is not a tribute to fashion, it is an attempt of engineers to improve the wireless characteristics of the device. But everything in order.

External design and hardware platform

ASUS Blue Cave wireless router has a vertical design and is intended for desktop placement. The case, whose dimensions are 160x160x80 mm with a weight of about 800 g, is made of white plastic with a blue insert. Blue Cave requires an external power supply (included in the box) with the following characteristics: 19 V and 1.75 A for its operation.

Front, top and side panels are not remarkable at all.

The ventilation grate occupies most of the rear panel of the model. There are also five Gigabit Ethernet ports (four LAN interfaces and one WAN), a power connector along with the on/off button, a USB 3.0 port, and Reset and WPS buttons.

A sticker with brief reference information, four round rubber feet, and a ventilation grate are placed on the bottom panel.

It's time to finish the intrigue – look inside the case of the device. Such a large body is due to the desire of developers to perform the correct placement of internal antennas in space to reduce their mutual influence, and therefore provide wireless users with maximum performance, without the use of external antennas. The ASUS Blue Cave is equipped with four internal antennas, providing a 4x4 antenna configuration for each of the frequency bands. This configuration allows the router to operate in AC2600 mode, providing a maximum connection speed in the 2.4 GHz band of 800 Mbps (when using TurboQAM and 600 Mbps without using TurboQAM) and 1734 Mbps in the 5 GHz band.

Electronics staff of router ASUS Blue Cave is presented by two textolite boards of marine blue: basic and wireless module.

The tested model is based on the processor Lantiq PXB4395EL (marking S6483N03 (SLLFB)), which has two physical cores operating at a frequency of 800 MHz. Each core supports up to two threads at the same time (an analogue of hyper-threading technology in the x86 world), so the processor provides the system with four virtual cores, which allows the router to perform several tasks in parallel. One of the cores is used exclusively for internal needs, so in the web-interface of the router we can observe the utilization of only three virtual processor cores. The router is also equipped with 128 MBytes of flash memory and 512 MBytes of DDR3 RAM.

The second card responsible for the wireless part, carries S6514L49 chip supporting 2.4 GHz and S6474L42 chip, which is responsible for providing support 5 GHz band. Somewhat unexpected for us was the presence of Atheros AR3012-BL3D chip, providing support for Bluetooth, especially given that the manufacturer does not announce support for this protocol and does not use it (at least in current versions of firmware). We turned to the vendor for clarification. As we were able to find out, this chip is reserved for IoT control, that is, in the future there may be firmware with the support of appropriate technologies.

At this point, we complete a brief review of the hardware platform of the ASUS Blue Cave wireless router and proceed to the consideration of its software capabilities.

Firmware upgrade

Changing the firmware version for the ASUS Blue Cave router is done in the traditional way - using the "Firmware Upgrade" tab of the "Administration" menu of the web-interface. The whole process takes about three minutes and does not require any special skills from the user. The update can be performed in manual and semi-automatic modes.

 

You can verify the success of the upgrade using any page of the web-interface - the firmware version is displayed in the header next to the operating mode of the equipment. For more detailed information about the firmware you are using, see the “Firmware Upgrade” tab in the “Administration” menu. In fairness, it should be noted that this page also allows you to update the anti-virus signatures if the AiProtection option was activated.

If the firmware update is not completed successfully, the router goes into recovery mode, which can be identified by flashing red and blue light indicator. The behavior of Blue Cave in recovery mode is different from what we have seen in other ASUS models. There is no web server built into the bootloader, and the bootloader does not respond to ICMP echo-requests. The IP address of the LAN interface of the device is also different: in the recovery mode, the LAN interface of the Blue Cave router has an IP address of 192.168.1.49.

You can restore the firmware using a specialized Firmware Restoration utility, the recovery procedure is typical for all ASUS wireless equipment.

Another way to restore the firmware manually is to use the TFTP, with which you can upload the file with the new firmware to the router, which is in recovery mode. This method of firmware replacement can only be used in emergency cases, as the normal upgrade is most easily performed using the web-interface as standard.

C:\>tftp -i 192.168.1.49 put c:\BLUECAVE_3.0.0.4_384_32948-g8ec6a66.trx
Transfer successful: 38576128 bytes in 24 second(s), 1607338 bytes/s

At this point, we complete the procedures for updating and restoring the firmware of the ASUS Blue Cave wireless router and proceed to the study of the capabilities of the device's web-interface.

Web-interface

Access to the web-interface of the ASUS Blue Cave wireless router can be obtained using any modern browser, you just need to contact the address 192.168.1.1 or name router.asus.com.

After entering the correct credentials, the user gets to the start page of the device. It is also worth noting that the web-interface of the Blue Cave model is available in 19 languages. We will not consider all the features of the web-interface, but will focus on some of the most interesting in our opinion.

The "System Status" section allows you not only to configure the basic parameters of the wireless network, but also to see the utilization of the processor cores and RAM, the status of wired network interfaces and adjust the brightness of the LED. ASUS Blue Cave wireless router has a CPU with four virtual cores (two physical), three of which are available to the system. I must admit, we have never seen so many cores in home networking equipment before.

The menu item "Network Map" displays the current status of the connection to the Internet, the settings of the wireless module, connected wired and wireless clients, and also allows you to manage the parameters of the AiMesh technology (in router mode).

We will purposely skip the "Guest network" menu item here to get back to it later.

The AiProtection menu item is used to configure the protection system of both the router and the client devices behind it. Also, this menu item provides the ability to configure parental control.

The menu item "Traffic Manager" is quite traditional for ASUS network equipment: you can choose the mode of operation, set priorities, limit the available bandwidth.

The tabs of the menu item "Wireless" are traditional for ASUS wireless equipment. Perhaps it is worth noting - the ability to enable/disable the Smart Connect function in the "General" tab. Unfortunately, we did not find any fine-tuning of Smart Connect in the web-interface of the device.

Did not go unnoticed and appeared tab "Roaming Block List" of the same menu item, which allows you to specify wireless clients that are not allowed to switch between nodes AiMesh.

The features of the "LAN" and "WAN" menu items have not changed recently. Perhaps we should only stop at the "DDNS" tab of the "WAN" menu: in addition to expanding the list of DDNS "providers", there is support for Let's Encrypt certificates used by the HTTPS.

Absolutely new for us was the item "Alexa & IFTTT". This section contains settings for voice control of the router using Amazon Alexa, as well as a platform for creating applets. We decided to dedicate a small section of the review to these functions.

ASUS Blue Cave wireless router can act as a VPN client for PPTP, L2TP and OpenVPN protocols, as well as being a PPTP and OpenVPN server. The corresponding settings are collected in the "VPN" menu item tabs.

ASUS Blue Cave firewall features are typical for all ASUS network equipment. All settings are collected in the menu item of the same name.

The model under test can work not only in wireless router mode, but also as an access point, repeater, media bridge, and AiMesh node. Mode selection is made on the "Operation Mode" tab of the "Administration" menu item.

In addition to the standard features of the "System" tab of the same menu item, it is worth noting the options "Power Save Mode" and "Enable HDD Hibernation", allowing you to more accurately configure the energy efficiency of the device.

We also found a small innovation on the "Restore/Save/Upload Setting" tab. Now you can use the "Initialize" button not only to reset user settings, but also to delete all saved log information.

Cooperation between ASUS and Trend Micro allowed to enrich the functionality of the Blue Cave model with the capabilities to protect not only the router itself, but also user devices. Some statistical information is collected by Trend Micro to improve its products. You can disable data collection by using the "Privacy" tab of the "Administration" menu item.

At this point we finish a brief examination of the web-interface capabilities of the ASUS Blue Cave wireless router and move on to a glimpse of the capabilities of the ASUS Router mobile application.

Mobile application

ASUS Blue Cave wireless router can be controlled not only with two standard interfaces, but also with the use of a mobile application developed for smartphones based on iOS and Android.

We still consider web-interface as the most popular way for configuration of SOHO network equipment that’s why we won’t describe in detail all options of the mobile application but speak of them in general. Of course it must be admitted that network device management via smartphone is used more and more frequently.

Since mesh networks are the trend of 2018, the vendor decided to make access to the appropriate settings as simple as possible.

The “Devices” menu item displays a list of all devices ever connected to the router.

With the help of the «Insight» menu item one can manage other ASUS routers if they are found in the local network. More over this item is responsible for AiProtection configuration.

All options that are familiar to users of the web-interface are collected in the menu item "More".

A quick introduction to the mobile utility designed to manage ASUS wireless routers, we conclude on this. To sum up, we were pleasantly surprised by the functionality of this application. In the next section, we will take a closer look at one of the functions of ASUS wireless routers – AiMesh technology.

AiMesh

The list of devices that support wireless mesh networks based on AiMesh is constantly increasing. AiMesh technology is a proprietary development of ASUS, which allows to combine up to five devices into a single network: one AiMesh router and four AiMesh nodes. The network can be hierarchical, currently supports up to two levels of hierarchy, that is, up to three devices in the chain: one router and two nodes. Here it is worth noting that in the current implementation all devices included in the same mesh-network, broadcast using a single wireless channel (for each frequency range). We think this is somewhat wrong, so we hope that the manufacturer will correct this issue in the near future.

Continuing the discussion of the technical details of the technology, we would like to note the support of wireless standard IEEE 802.11v – BSS transition management. With this standard, the network infrastructure can influence the roaming decision made by the client device. This effect may be done through the provision of utilization information in the surrounding nodes AiMesh. Support for the IEEE 802.11k standard is in development and is expected by the new 2019.

Setting up AiMesh technology is extremely simple: you only need to add devices with its support to the existing network, the rest of the work routers will perform automatically.

Although AiMesh is a technology for building a wireless mesh network, devices can also be combined with each other using Ethernet channels.

Regardless of the method of connection, users can make additional settings to AiMesh nodes, so, for example, you can specify the primary connection method or specify the location of the device.

After the devices are connected to the mesh network, all control is centralized: even the firmware of the nodes is replaced with the AiMesh router.

Attempts to connect to Airmesh nodes directly lead to redirecting HTTP requests to the AiMesh address of the router.

The innovation was the possibility to prohibit roaming for certain client devices. The corresponding setting is available on the “Roaming Block List tab of the "Wireless network" menu item.

If necessary, users can also easily remove any mesh network node.

Of course we couldn't leave our readers without some of the technical details of the functioning of the AiMesh.

The procedure for finding nearby mesh nodes is performed by the router using LLDP. With the help of this protocol, it is the discovery of nodes, standard transport protocols TCP and UDP are used for subsequent configuration. And if the wireless connection is more or less clear: it is only necessary that the devices are in the coverage area of each other; the wired connection is more complicated. The Protocol used for host discovery is not transmitted by all switches by default. If the switch is managed, then it will handle the LLDP messages that will make detection of the nodes of the mesh network impossible.

fox_switch#sho lldp ne
Capability codes:
 (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
 (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
GT-AC5300 Gi1/0/1 20 B,R 2c4d.5420.5ec0
BLUECAVE Gi1/0/2 20 B,W,R 2cfd.a100.5130
Total entries displayed: 2

Some managed switches allow you to prevent the LLDP from being processed by the device itself by transparently redirecting the appropriate frames within a specific virtual network. An example of an appropriate interface configuration for a Cisco Catalyst 3560CX-8XPD-S switch with IOS version 15.2.6E2 is presented below.

interface GigabitEthernet1/0/1
 switchport mode access
 l2protocol-tunnel lldp
 no lldp transmit
 no lldp receive
end

In conclusion, we would like to offer our readers a complete traffic dump (http://foxnetwork.ru/files/2018/asus_blue_cave/asus_aimesh.pcapng), which is exchanged by wireless routers ASUS Blue Cave and GT-AC5300 at the time of node detection and mesh network creation.

IFTTT

We also decided to tell about the possibilities of one more menu item separately. We are talking about the service IFTTT-If This Then That, allows you to automate some routine operations. The essence of such automation is to perform a certain action or a set of them (applet) when a particular event occurs. The IFTTT service itself provides access to an ecosystem that includes more than 600 applications, devices and companies, thousands of active developers and millions of users. Naturally, no automation is possible without the support of network equipment. The firmware of most ASUS wireless routers already contains support for the IFTTT service.

The first thing to start with is to register on the service portal.

The second step will be the transition to a special channel dedicated to ASUS routers. All available applets are published there.

Now you need to bind a specific ASUS router to the service. Binding is carried out by entering the activation code generated by the router on the IFTTT page.

It is impossible not to mention the presence of the requirements that must be fulfilled for the successful binding of the router to the service. The WAN interface of the router must have a globally routable (white/valid/real) IP address. The presence of such an address is necessary in order that the IFTTT server can connect to the router, as the connection is established from the service to the router. The remaining two conditions are usually easier to fulfill: you need to connect the router to the DDNS service and provide HTTPS access to manage from the outside.

If the binding is successful, IFTTT displays the new device in the list of connected routers.

Once the router has been bound successfully, you can select the appropriate applets to use.

If there is no suitable one in the list, you can create it yourself by combining the trigger by which the applet will be launched and the desired action.

If this is not enough, you can suggest the idea of a new applet to developers describing in detail the principles of its operation.

Naturally, we decided to check the operation of the described mechanism, for which we used an applet that sends an e-mail message when a certain client device is connected to a wireless network.

After connecting the specified wireless client to the network, we received the following e-mail.

Galaxy-A8-2018 connected to Asus router on October 6, 2018 at 02:21AM

Of course, triggering and running the applet can be controlled using the web-interface of the IFTTT service.

This concludes our consideration of the work of the service IFTTT and pass on to examining the command line of the router.

CLI

To enable/disable access to the command line, use the “System” tab of the “Administration” menu. The specified access can be granted using Telnet and SSH protocols. Of course, for security reasons, we recommend using the latter.

To access the command line, use the same credentials as to access the router web-interface. Firmware tested model is built on the Linux operating system 3.10.104 using BusyBox 1.17.4. Frankly speaking, not the latest version of the kernel and BusyBox.

BLUE_CAVE login: admin
Password:
admin@BLUE_CAVE:/tmp/home/root# cd /
admin@BLUE_CAVE:/# uname -a
Linux BLUE_CAVE 3.10.104 #1 SMP Thu Jul 5 22:05:22 CST 2018 mips GNU/Linux
admin@BLUE_CAVE:/# busybox
BusyBox v1.17.4 (2018-07-05 22:02:06 CST) multi-call binary.
Copyright (C) 1998-2009 Erik Andersen, Rob Landley, Denys Vlasenko
and others. Licensed under GPLv2.
See source distribution for full notice.
Usage: busybox [function] [arguments]...
 or: function [arguments]...
 BusyBox is a multi-call binary that combines many common Unix
 utilities into a single executable. Most people will create a
 link to busybox for each function they wish to use and BusyBox
 will act like whatever it was invoked as.
Currently defined functions:
 [, [[, arp, arping, ash, awk, basename, blkid, cat, chmod, chown, chpasswd, clear, cmp, cp,
 crond, cut, date, dd, devmem, df, dirname, dmesg, du, e2fsck, echo, egrep, env, ether-wake,
 expr, fdisk, fgrep, find, flock, free, fsck, fsck.ext2, fsck.ext3, fsck.minix, fsync, grep,
 gunzip, gzip, head, ifconfig, insmod, ionice, kill, killall, klogd, less, ln, logger,
 login, ls, lsmod, lspci, lsusb, md5sum, mdev, mkdir, mke2fs, mkfs.ext2, mkfs.ext3, mknod,
 mkswap, modprobe, more, mount, mv, netstat, nice, nohup, nslookup, pidof, ping, ping6,
 printf, ps, pwd, readlink, renice, rm, rmdir, rmmod, route, sed, setconsole, sh, sleep,
 sort, strings, swapoff, swapon, sync, syslogd, tail, tar, telnetd, test, tftp, top, touch,
 tr, traceroute, traceroute6, true, tune2fs, udhcpc, umount, uname, unzip, uptime, usleep,
 vconfig, vi, watch, wc, which, xargs, zcat, zcip
admin@BLUE_CAVE:/#

With the help of the command ps let's see what processes are running on the device at the moment. The top utility displays data on the current operation of the launched processes. We have placed the results of these utilities in a separate file.

We present the contents of /bin, /sbin, /usr/bin, and /usr/sbin in a separate file, along with the output of the sysinfo utility. For example, the /sbin directory contains a tcpcheck utility that allows you to check whether a particular TCP port is open on a particular host.

admin@BLUE_CAVE:/# tcpcheck
usage: tcpcheck [host:port]
admin@BLUE_CAVE:/# tcpcheck 192.168.1.1:22
usage: tcpcheck [host:port]
admin@BLUE_CAVE:/# tcpcheck 5 192.168.1.1:22
192.168.1.1:22 is alive
admin@BLUE_CAVE:/# tcpcheck 5 192.168.1.1:23
192.168.1.1:23 is alive
admin@BLUE_CAVE:/# tcpcheck 5 192.168.1.1:25
192.168.1.1:25 failed

Now let's go to the /proc directory and see what files are placed there, as well as find out the operating system and its average utilization, get information about the installed processor and the amount of RAM. In principle, the operating time and average system utilization can also be obtained by using the uptime system call.

admin@BLUE_CAVE:/# cd /proc
admin@BLUE_CAVE:/proc# ls
1 1388 308 7 device-tree mtd
10 14 3366 703 devices net
1003 15 3378 704 diskstats nvram
1004 1505 3395 709 dma pagetypeinfo
1007 1533 3396 716 dp partitions
1008 17 3397 8 driver ppa
1020 18 3402 859 execdomains proc_entry
1032 1863 347 866 fb sched_debug
1051 2 348 867 filesystems scsi
1067 225 349 889 fs segments
11 228 415 890 interrupts self
1103 229 447 894 iomem slabinfo
1105 231 462 9 ioports softirqs
115 242 5 914 irq stat
12 247 527 923 kallsyms swaps
1226 248 537 977 kcore swmcastsnoop
1228 249 5381 978 kmsg sys
1233 250 5383 984 kpagecount sysrq-trigger
1236 281 5387 bootcore kpageflags sysrst
1248 2868 5393 buddyinfo loadavg sysvipc
1250 2875 5415 bus locks timer_list
1251 2878 5433 cbm mcast_helper tmu
1254 297 5498 cgroups mcast_helper6 tty
1255 3 5820 cmdline meminfo uptime
1291 302 590 config.gz mips version
13 303 595 consoles mirror vmallocinfo
1326 304 6 cpuinfo misc vmb
1345 306 6064 crypto modules vmstat
1349 307 6295 dc_dp mounts zoneinfo
admin@BLUE_CAVE:/proc# cat uptime
2482.86 7175.38
admin@BLUE_CAVE:/proc# cat loadavg
3.01 3.14 2.98 1/114 6297
admin@BLUE_CAVE:/proc# cat cpuinfo
system type : GRX500 rev 1.2
machine : EASY350 ANYWAN (GRX350) Router model
processor : 0
cpu model : MIPS interAptiv V2.0
cpu MHz : 800.000
BogoMIPS : 513.63
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : dsp mt eva
shadow register sets : 1
kscratch registers : 0
core : 0
VPE : 0
VCED exceptions : not available
VCEI exceptions : not available
processor : 1
cpu model : MIPS interAptiv V2.0
cpu MHz : 800.000
BogoMIPS : 516.09
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : dsp mt eva
shadow register sets : 1
kscratch registers : 0
core : 0
VPE : 1
VCED exceptions : not available
VCEI exceptions : not available
processor : 2
cpu model : MIPS interAptiv V2.0
cpu MHz : 800.000
BogoMIPS : 516.09
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : dsp mt eva
shadow register sets : 1
kscratch registers : 0
core : 1
VPE : 0
VCED exceptions : not available
VCEI exceptions : not available
admin@BLUE_CAVE:/proc# uptime
 08:46:29 up 41 min, load average: 3.01, 3.13, 2.97
admin@BLUE_CAVE:/proc#

Not to mention the utility nvram, which allows you to change important parameters of the device.

admin@BLUE_CAVE:/proc# nvram
usage: nvram [get name] [set name=value] [unset name] [erase] [show] [save file] [restore file] [fb_save file]
usage: nvram [save_ap file] [save_rp_2g file] [save_rp_5g file]
admin@BLUE_CAVE:/proc# nvram show | grep admin
size: 34394 bytes (92582 left)
http_username=admin
acc_list=admin>adminpassword
acc_webdavproxy=admin>1
admin@BLUE_CAVE:/proc#

For example, with the help of the nvram utility, you can disable STP on LAN ports of router ASUS Blue Cave.

admin@BLUE_CAVE:/proc# nvram show | grep stp
size: 34394 bytes (92582 left)
lan_stp=1
lan1_stp=1
admin@BLUE_CAVE:/proc#
admin@BLUE_CAVE:/proc#
admin@BLUE_CAVE:/proc#
admin@BLUE_CAVE:/proc# nvram set lan_stp=0
admin@BLUE_CAVE:/proc# nvram commit
admin@BLUE_CAVE:/proc# nvram show | grep stp
size: 34394 bytes (92582 left)
lan_stp=0
lan1_stp=1
admin@BLUE_CAVE:/proc# reboot

Unfortunately, not all supported network protocols can be managed by nvram. For example, we found that the ASUS Blue Cave wireless router uses LLDP.

fox_switch#sho lldp ne
Capability codes:
 (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
 (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
GT-AC5300 Gi1/0/1 20 B,R 2c4d.5420.5ec0
BLUECAVE Gi1/0/2 20 B,W,R 2cfd.a100.5130
Total entries displayed: 2
fox_switch#sho lldp en BLUECAVE
Capability codes:
 (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
 (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
------------------------------------------------
Local Intf: Gi1/0/2
Chassis id: 2cfd.a100.5130
Port id: 2cfd.a100.5130
Port Description: eth0_2
System Name: BLUECAVE
System Description:
 Linux 3.10.104 #1 SMP Thu Jul 5 22:05:22 CST 2018 mips
Time remaining: 14 seconds
System Capabilities: B,W,R,S
Enabled Capabilities: B,W,R
Management Addresses:
 IP: 192.168.1.1
Auto Negotiation - supported, enabled
Physical media capabilities:
 1000baseT(FD)
 1000baseT(HD)
 100base-TX(FD)
 100base-TX(HD)
 10base-T(FD)
 10base-T(HD)
Media Attachment Unit type: 30
Vlan ID: - not advertised
Total entries displayed: 1

As a result of check on the router it appeared that the lldpd daemon is actually started.

admin@BLUE_CAVE:/usr/sbin# ps | grep lldp
 1512 admin 1856 S lldpd -L /usr/sbin/lldpcli -I eth0_1,eth0_2,eth0_3,eth0_4,wlan0,wlan2,eth1,
 1518 nobody 1884 S lldpd -L /usr/sbin/lldpcli -I eth0_1,eth0_2,eth0_3,eth0_4,wlan0,wlan2,eth1,
10277 admin 1864 S grep lldp

To manage the LLDP, the lldpcli utility is located in the /usr/sbin directory.

admin@BLUE_CAVE:/usr/sbin# lldpcli -?
lldpcli: invalid option -- ?
Usage: lldpcli [OPTIONS ...] [COMMAND ...]
Version: lldpd 0.9.8
-d Enable more debugging information.
-u socket Specify the Unix-domain socket used for communication with lldpd(8).
-f format Choose output format (plain, keyvalue, json, xml).
-c conf Read the provided configuration file.
see manual page lldpcli(8) for more information
admin@BLUE_CAVE:/usr/sbin# lldpcli
[lldpcli] #
-- Help
 show Show running system information
 watch Monitor neighbor changes
 update Update information and send LLDPU on all ports
 configure Change system settings
unconfigure Unconfigure system settings
 help Get help on a possible command
 pause Pause lldpd operations
 resume Resume lldpd operations
 exit Exit interpreter

We decided to see what settings the protocol daemon works with and what network devices our router is connected to.

[lldpcli] # show
2018-05-05T12:46:22 [WARN/lldpctl] incomplete command
[lldpcli] # show ru
-------------------------------------------------------------------------------
Global configuration:
-------------------------------------------------------------------------------
Configuration:
 Transmit delay: 10
 Transmit hold: 2
 Receive mode: no
 Pattern for management addresses: (none)
 Interface pattern: eth0_1,eth0_2,eth0_3,eth0_4,wlan0,wlan2,eth1,
 Interface pattern for chassis ID: (none)
 Override description with: (none)
 Override platform with: Linux
 Override system name with: BLUECAVE
 Advertise version: yes
 Update interface descriptions: no
 Promiscuous mode on managed interfaces: no
 Disable LLDP-MED inventory: yes
 LLDP-MED fast start mechanism: yes
 LLDP-MED fast start interval: 1
 Source MAC for LLDP frames on bond slaves: local
 Port ID TLV subtype for LLDP frames: unknown
 Agent type: unknown
-------------------------------------------------------------------------------
[lldpcli] # show nei
-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface: eth0_2, via: LLDP, RID: 7, Time: 0 day, 01:35:06
 Chassis:
 ChassisID: mac 9c:57:ad:b0:34:80
 SysName: fox_switch.foxnetwork.ru
 SysDescr: Cisco IOS Software, C3560CX Software (C3560CX-UNIVERSALK9-M), Version 15.2(6)E2, RELEASE SOFTWARE (fc4)
 Technical Support: http://www.cisco.com/techsupport
 Copyright (c) 1986-2018 by Cisco Systems, Inc.
 Compiled Thu 13-Sep-18 04:00 by prod_rel_team
 MgmtIP: 192.168.1.100
 Capability: Bridge, on
 Capability: Router, on
 Port:
 PortID: ifname Gi1/0/2
 PortDescr: GigabitEthernet1/0/2
 TTL: 120
-------------------------------------------------------------------------------

You can use the show chassis command to find out the information that is sent about the local system.

[lldpcli] # sho cha
-------------------------------------------------------------------------------
Local chassis:
-------------------------------------------------------------------------------
Chassis:
 ChassisID: mac 2c:fd:a1:00:51:30
 SysName: BLUECAVE
 SysDescr: Linux 3.10.104 #1 SMP Thu Jul 5 22:05:22 CST 2018 mips
 MgmtIP: 192.168.1.1
 Capability: Bridge, on
 Capability: Router, on
 Capability: Wlan, on
 Capability: Station, off
-------------------------------------------------------------------------------

To change the LLDP settings, one should use the configure command.

[lldpcli] # conf
-- Change system settings
 ports Restrict configuration to some ports
 system System configuration
 lldp LLDP configuration
 med MED configuration
 dot3 Dot3 configuration
[lldpcli] # conf por
-- Restrict configuration to some ports
 WORD Restrict configuration to the specified ports (comma-separated list)
[lldpcli] # conf por s
[lldpcli] # conf ps system
-- System configuration
 interface Interface related items
 description Override chassis description
 platform Override platform description
 hostname Override system name
 ip IP related options
bond-slave-src-mac-type Set LLDP bond slave source MAC type
[lldpcli] # conf system conf lldp
-- LLDP configuration
 tx-interval Set LLDP transmit delay
 tx-hold Set LLDP transmit hold
 status Set administrative status
 agent-type LLDP agent type
 portidsubtype LLDP PortID TLV Subtype
 capabilities-advertisements Enable chassis capabilities advertisement
management-addresses-advertisements Enable management addresses advertisement
 custom-tlv Add custom TLV(s) to be broadcast on ports

Temporarily disable the Protocol, you can use the pause command, however, after restarting the daemon lldpd still runs with the standard settings.

At this point, the consideration of the command line interface capabilities is completed, let's move on to testing the device.

Testing

Traditionally, we start this section by measuring the boot time of the device, which we mean the time interval elapsed from the moment of power supply to the equipment to receive the first echo response via ICMP. ASUS Blue Cave wireless router boots up in 47 seconds. We think this is a good result.

The next no less traditional test was the security check of the device, carried out with the help of the network security scanner Positive Technologies XSpider 7.8 from the LAN-interface. In total, 15 open ports were discovered. The most interesting data obtained from the scan are presented below.

In the process of writing a section on the work of AiMesh technology, we analyzed the traffic that AiMesh nodes exchange with the router. In order to capture such a dump, we connected the Blue Cave and GT-AC5300 with a patch cord, in the gap of which a switch of another vendor was installed. This switch was organized mirroring of the passing traffic (SPAN-session). As a result, we found LLDP messages sent by both routers in the collected dump. We could not find standard ways to disable LLDP on ASUS equipment, so we consider it a vulnerability, as the use of LLDP potentially leads to unwanted disclosure. Although LLDP is a standard LAN Protocol (IEEE 802.1AB), which is often used in local networks, we believe that users should be able to easily and safely enable or disable it. For more information about how you can still disable LLDP, we have described in the section on the command line. We also decided to provide a dump containing the LLDP message sent by the ASUS Blue Cave router.

 

fox_switch#sho lldp ne
Capability codes:
 (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
 (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
GT-AC5300 Gi1/0/1 20 B,R 2c4d.5420.5ec0
BLUECAVE Gi1/0/2 20 B,W,R 2cfd.a100.5130
Total entries displayed: 2

Before going directly to testing the performance of the device, we would like to acquaint readers with the main parameters of the used test stand. All measurements were made using JPERF utility version 2.0.2 for one, five and fifteen simultaneous TCP connections.

Component PC Laptop
MB ASUS Maximus IX Extreme ASUS GL753VD
CPU Intel Core i7 7700K 4 GHz Intel Core i7 7700HQ 2.8 GHz
RAM DDR4-2133 Samsung 64 Gbyte DDR4-2400 Kingston 32 Gbyte
NIC Intel X550T2
ASUS PCE-AC88
Realtek PCIe GBE
OS Windows 7 x64 SP1 Windows 10 x64

The performance of ASUS Blue Cave model when routing and transmitting traffic is predictably high and practically coincides with the wire speed.

If the translation is not performed, the obtained speeds are slightly lower. Here, however, it is worth noting that this is an extremely rare way to use such devices.

IPv6 routing bandwidth is comparable to that for the IPv4.

If the connection to the provider is made by means of tunnels, the users of ASUS Blue Cave will have to forget about Gigabit service plans, but in our country such speeds are still extremely rare. At speeds under connect Fast Ethernet model ASUS Blue Cave goes well.

We could not ignore the performance of the router when working in VPN server mode. The diagrams below show the speeds available to users on PPTP and OpenVPN connections.

Of course, we decided to find out how fast wireless clients can send and receive data. Measurements were made for both frequency bands.

To the USB port we connected our test SSD-drive Transcend TS256GESD400K of 256 GByte and measured the speed of access to the data placed on it. Measurements were made for five file systems: EXT2/3, FAT32, NTFS, and HFS. The results of the measurements are presented in the charts below.

This concludes our testing section and we move on to summing it all up.

Conclusion

In general, we are satisfied with ASUS Blue Cave, the new wireless router with an unusual design. Once again, we remind our readers that this form of housing is dictated by the desire to get rid of external antennas, and not to be limited by the internal antennas. Model Blue Cave is already on the list for ASUS wireless routers with support for wireless technology AiMesh to provide roaming to wireless clients. Also, the vendor began to add support for the IFTTT service to its routers; model Blue Cave was one of the first in which such support appeared. IFTTT service allows you to automate some routine operations and can be extremely useful for those who want to use all the features of a smart home without having to pay for a ready solution.

The strengths of the ASUS Blue Cave wireless router are listed below:

  • high network performance in both wireless bands;
  • IPv6 support;
  • mobile application availability;
  • high-speed access to data stored on an external USB drive;
  • IFTTT service support;
  • unusual design;
  • AiMesh technology support;
  • availability of built-in VPN client and server;
  • MU-MIMO technology support;
  • user network security functions;
  • easy to setup.

Unfortunately, we cannot but point out the only discovered drawback of the device:

  • the web-interface is not fully translated.

Naturally, we reported this to the manufacturer and received a notification that this cosmetic defect will be fixed in the nearest official firmware.

As of this writing, the best price for ASUS Blue Cave in German-speaking Europe countries, according to website Geizhals Preisvergleich, was about 200 euro. Despite the fact that the price seems relatively high, it fully corresponds to the capabilities of the device.

Wireless mesh-network or Tenda Nova

Introduction

External design and hardware

Mesh-networks

Management

Testing

Conclusion

Introduction

Recently, we were approached by representatives of Tenda with a proposal to describe their new development - a wireless mesh-network built on the basis of the Tenda Nova equipment line. No, of course, the very idea of mesh-networks is not new. Moreover, in the modern world, it is no longer necessary to reinvent the wheel; there are a number of solutions and standards, you just need to create equipment with the support of one of them. As a device for consideration, we were offered the Tenda Nova MW6-2 model, which allows us to build a mesh-network based on the IEEE 802.11s standard. But do not be afraid, users do not need to understand all the details of the standard - the Tenda Nova mesh system works out of the box.

Many of our readers, for sure, have already come across mesh-networks, for example, we mentioned support for such networks by other vendors. Let's try to dig a little deeper and deal with some details of the functioning of mesh networks in the implementation of Tenda.

Modern Wi-Fi routers provide a large coverage area but it can be difficult to cover rooms with thick walls, reinforced concrete structures and other obstacles that prevent the spread of Wi-Fi signal. There are “dead zones”. Traditionally, the problem was solved by installing repeaters (extenders) or additional access points in such places but this approach is not without flaws:

  • repeaters, although they help to enhance the Wi-Fi signal but usually half the bandwidth is lost;
  • access points provide more bandwidth but this requires a wired connection to the rest of the network;
  • a new network is created (with its SSID and password); thus, changing your location, you need to reconnect by entering a password.

Everything is simplified if you use a Wi-Fi mesh system.

External design and hardware

We will consider wireless mesh-networks based on the MW6 kit. Different MW6 kits are available for order, including one, two or three nodes; before purchasing, you must make sure that the exact kit is in order.

Each node of the wireless-mesh network is a plastic cube, similar to a simplified Rubik's cube, which cells are white. Devices with such a body do not need to be hidden, the design is very pleasant. Nova units use internal antennas, making it easy to fit into almost any interior. The block dimensions are 100x100x100 mm with a mass of just 410 g.

On the top panel there is a small LED that displays the status of the device and its connection to the network.

The top panel and all side panels do not carry any connectors; the bottom panel of the unit is used for connection, on which, in addition to the ventilation grate and stickers with brief information, there are two Gigabit Ethernet interfaces and a DC-in port for power supply. There are also four rubber feet and a recessed Reset button. The purpose of each wired network interface is marked on the label; however, the separation between LAN and WAN is relevant only for the “main” node, all other blocks use both Gigabit Ethernet ports as LAN interfaces. These wired interfaces can be used to connect a TV or game console in situations where there is no possibility to carry a dedicated Ethernet cable for them.

Each unit for its work requires an external power source (supplied) with the following characteristics: 12V and 1.5A.

Now let's look inside the case and find out which elemental base the model MW6 is built on. The electronics of the model under consideration is represented by two textolite boards, one of which houses network ports and a power input connector. In fact, this board is an adapter, since there is no significant silicon on it. SoC Realtek RTL8197FS, operating at a frequency of 1 GHz, as well as 128 MBytes RAM and a 16 MBytes flash drive are located on the main board. In addition, the Realtek RTL8363NB switch is located on the main board.

This concludes a cursory review of the hardware platform and proceeds to the brief basics of the functioning of mesh networks.

Mesh-networks

Wireless mesh-networks, that is, networks with a mesh topology, are a promising and constantly evolving area. With the use of mesh networks, the dream of seamless roaming in Wi-Fi networks can become a reality today. Wireless mesh networks can be easily and efficiently, and most importantly without laying additional wires, used to connect entire cities to the global network. Of course, in this review we do not aim at such a scale but the technologies used in the Tenda MW6 are the same.

Consider the classic concepts and protocols used in mesh-networks.

Let's first define the terminology. In conventional wireless networks based on the IEEE 802.11 standards, two types of devices are defined: STA - end stations (subscriber devices) and access points (AP - Access Points). Access points are also connected to networks of other technologies, for example, Ethernet. Client stations can communicate only with access points. For IEEE 802.11s wireless mesh-networks, a special type of device is defined - mesh points (MP - Mesh Points) that interact with each other and support mesh services. Mesh points can be combined with classic access points. Such a hybrid is called MAP - Mesh Access Point. MPP - Mesh Point Portal is responsible for the connection of the mesh-network with the "outside" world.

The mesh points independently choose the most optimal route using a variety of dynamic routing protocols. The dynamic routing protocols in a mesh network differ from those known to us over wired networks (for example, OSPF, RIP or BGP) but the basic principles are very similar.

The main advantage of wireless mesh networks is that they are actually wireless. Ordinary large Wi-Fi networks require a basic wired network for their work, while wireless channels are used for communication between points in mesh networks. Only one point must be connected to the wired network. It’s probably worth noting that the Tenda Nova series devices allow using both wireless and wired channels (if available) to communicate with each other, that is, the mesh topology is formed regardless of the method of communication between nodes at the physical level.

However, let's go back to the routing protocols used in wireless self-organizing networks. One of such protocols is AODV - Ad Hoc On-Demand Distance Vector, that is, the distance-vector protocol with the establishment of communication on demand. The essence of his work is that the calculation of the path is made at the request of the sender, that is, when there is user traffic for transmission over the network. The figure below shows the distribution directions for RREQ requests (red arrows) and RREP responses (green). The calculated routes are saved as long as they are necessary for the sender. AODV is suitable for both unicast and multicast traffic. A more detailed description of the protocol can be found in RFC 3561.

DSR - Dynamic Source Routing, in many respects similar to AODV, however DSR performs source routing. In its work, DSR relies on two mechanisms: Route Discovery and Route Maintenance. The first is responsible for finding the optimal path, the second ensures its maintenance in the event of changing network parameters. Source routing relieves intermediate mesh points from maintaining the routing table, since the entire route is defined by the point sending the data to the network. The DSR protocol is described in RFC 4728.

DSDV - Destination-Sequenced Distance-Vector Routing is based on the Bellman-Ford algorithm. Each entry in the routing table has a sequence number, which marks the accessible (even sequence number) and inaccessible (odd number) networks. For its work, it requires periodic distribution of route updates, which is attributed to its shortcomings, since even during network downtime, service information continues to be transmitted. The advantage in this case will be a faster readiness of the route before use.

TORA - Temporally Ordered Routing Algorithm uses a Directed Acyclic Graph (DAG) with a root at the destination. In this graph, there are no directed cycles, although the existence of parallel paths is allowed. In essence, a DAG is an association of trees (forest).

What is implemented in a series of devices Tenda Nova? Wi-Fi mesh-system consists of several network components - blocks. Directly to the modem or provider connects the main unit, and the rest (satellites) are located throughout the house or apartment. The satellites themselves (automatically) communicate with the main unit and with each other, forming a single wireless network that has one common SSID and password. Thanks to mesh technology, a system delivers a powerful signal to a user device in a lossless fashion. Like ordinary dual-band routers, wireless mesh systems operate on standard 2.4 GHz and 5 GHz frequencies.

Inside the wireless transport network, Mesh Points use their own routing protocol, which incorporates the best of the standard protocols listed above. The implementation of the routing and forwarding of traffic over the network directly affects the efficiency of the mesh networks and the loading of transmission channels, that is, the performance of the entire network as a whole. The routing protocol uses more complex metrics when choosing the best path, and not just the number of poins along the traffic path. Thus, mesh networks are resistant to failures of wireless channels, quickly select the data transfer alternate path to avoid long service interruptions, support traffic management services and load balancing.

The number of points used in such a mesh network will depend on the number and activity of wireless clients, as well as on the areas where it is necessary to ensure stable operation of the wireless network. The most common scenarios are:

  • spacious city apartment - 2 blocks;
  • medium or large country house, or a small office - from 3 blocks;
  • large suburban area or office - up to 9 devices located in different rooms.

This concludes a brief study of the fundamentals of the functioning of mesh networks and proceeds to consider the management interface of the Tenda MW6 model.

Management

Although the Tenda Nova range of devices is ready to work with the minimum settings, you still have to change some configuration parameters. There is neither the usual web interface, nor the command line; all management is performed using a specialized utility Tenda WiFi, installed on the smartphone. We have to admit, we were somewhat discouraged. Yes, in our opinion, the ability to control devices using the utility is an excellent option but as an addition to the web interface. Consider the possibilities for setting up a home network provided by the Tenda WiFi utility.

When you first start the application Tenda WiFi determines the wireless network to which the smartphone is connected. For further work, it is necessary that the connection be made to a wireless network organized by MW6.

In order to proceed with the initial setup, you need to connect Tenda Nova to WAN/Internet. Immediately it should be noted that all the devices in the kit are the same, that is, you can connect the provider to any of the units.

Several types of connection to providers are supported: static and dynamic (DHCP) IP address, PPPoE, as well as tunnel connections that are so popular in the post-Soviet space using PPTP and L2TP protocols.

Immediately it is worth noting that the list of supported connection types depends on the interface language of the smartphone. The TendaWiFi application determines the interface language and it displays connection options.

The next step is to set up the SSID and password. The network name and password are the same for all nodes and both ranges. Also, it should be noted that the Tenda Nova always uses strictly fixed wireless channels: No. 6 in the 2.4 GHz band and No. 40 in the 5 GHz band which was done to improve the stability of the wireless network. But, we must admit, we are somewhat surprised by this decision. Also, you can not change the encryption type - only WPA2 PSK. True, in this case we have no objections.

It is time to add the rest of the Nova devices to the newly created mesh network. Tenda Nova mesh network nodes can be connected to each other using wire or wireless channels. If there are several available links, the following preference scheme is used (in descending order): Ethernet -> Wi-Fi 5 GHz -> Wi-Fi 2.4 GHz.

After the material was already written, we discovered the appearance of an updated version of the mobile application which made it possible to add a satellite block, simply by scanning its label or typing the serial number manually.

After all the necessary devices have been added, you must specify the credentials that will be used to access the router and the mesh network.

Looking ahead, we would like to note that management can be done not only with a single smartphone, that is, it is possible to add several administrative accounts.

That’s it, initial setup of the device is complete. No additional configuration of the mesh network was required. The main screen of the Tenda WiFi application now displays all the nodes included in the mesh network and the connections between them.

For each node of the mesh network, you can view additional information, as well as specify its location.

It should be added that it is possible to combine not only equipment of the MW6 model into one mesh-network but also another, for example, MW3. That is, in fact, users can build a single network using different Tenda wireless devices. The only thing to remember is the existing limit on the maximum number of nodes in such a mesh network. Up to ten wireless devices on the network are currently supported (up to six are recommended). One MW6 device can serve 30-35 wireless clients, so a set of three cubes can serve up to 100 wireless clients. In addition to the number of simultaneously served wireless clients, the coverage area provided by the mesh network must also be considered. For example, a network with two nodes provides reliable coverage on areas up to 300 m2. While a network with three nodes already allows you to expand this area to 500 m2. But, perhaps, the main advantage will be the possibility of placing the nodes of the mesh network in the most convenient place, which will ensure the best network performance and the client devices connected to it by selecting the unit for connection that allows wireless clients to work at maximum speed.

If necessary, the network administrator can view detailed information about all connected wireless clients, as well as add devices to groups.

We decided not to stop there and consider all the other settings available to users.

There is no desire to show the password from your Wi-Fi network? No problem - create a temporary guest network.

If there is a child in the house, the Tenda NW6 wireless equipment will allow you to introduce additional rules for controlling access to the global network for devices used by the child.

Mesh network allows you to significantly expand the coverage of a wireless network. However, in the process of use, negative emotions may still appear associated with the process of reconnecting the client device between the nodes of the mesh network. Standard roaming can lead to noticeable loss of traffic, which is particularly acute during audio and video calls. To avoid these problems will help the inclusion of support for fast roaming. It is also worth noting the presence of technology MU-MIMO which allows parallel data transfer for several wireless users connected to one unit. Naturally, users connected to different Tenda Nova units could even perform parallel transmission without this option, since different units use different wireless channels, which does not lead to collisions.

Like any regular SOHO router, the Tenda MW6 allows port forwarding, providing remote users with an opportunity to connect to resources within the local network.

With appropriate support from the application, the ports of the transport protocols can be opened automatically using the UPnP.

Naturally, the address of the LAN interface can be changed. Perhaps, it is worth noting that we are talking about the address of the control device, since all other network elements receive IP addresses dynamically.

The manufacturer includes support of quality of service (QoS). However, there are no fine settings here. They may appear in the next firmware versions.

By the way, you can also update the firmware using a mobile utility. Of course, this requires a connection to the global network.

After updating the firmware, a number of new features become available to users. These include, for example, the option of intelligent assistant and high performance.

If necessary, the administrator can configure an automatic reboot of devices that provide the mesh network. The reboot is performed on certain days of the week and at the specified time.

This concludes consideration of the capabilities of the mobile application Tenda WiFi.

Testing

Since the manufacturer asked us to review mesh networks based on the Nova device line and not to do the traditional testing for us, you will not find our usual tests in this section. But we couldn’t, of course, be able to completely leave the reader without the results of measuring performance. The table below presents the main parameters of our test bench.

Component PC Laptop
MB ASUS Maximus IX Extreme ASUS GL753VD
CPU Intel Core i7 7700K 4 GHz Intel Core i7 7700HQ 2.8 GHz
RAM DDR4-2133 Samsung 64 GByte DDR4-2400 Kingston 32 GByte
NIC Intel X550T2
ASUS PCE-AC88
Realtek PCIe GBE
ZyXEL NWD6605
OS Windows 7 x64 SP1 Windows 10 x64

JPerf utility version 2.0.2 was used to generate traffic. Measurements were made for 1, 5 and 15 simultaneous TCP connections.

We decided to start by finding out the data transfer rates that will be available to wireless clients connected to both frequency bands. Measurements were made at relatively close locations of the MW6 and wireless clients (in line of sight), so the transmission speeds in real conditions can differ significantly from those measured by us.

Since the Tenda MW6 is a wireless mesh system, we decided to find out which users can count on the maximum performance of the wireless channel between the nodes of the mesh network. The measurements were performed using two wired clients connected to two neighboring nodes (primary and secondary) of the mesh network.

In conclusion, we decided to measure the time of network convergence, that is, we figured out how long the mesh network could detect changes and adapt to them. We had a Tenda MW6 kit of two devices at our disposal, so obviously, we were very limited in our testing methods. We placed both blocks in close proximity to each other and connected them with a patch cord. Since the cable connection of the blocks takes precedence over the wireless connection, the traffic between the nodes was transmitted over twisted pair. Then we physically disconnected the cable and measured the time after which the flow of traffic between the nodes would be restored, that is, it would switch to a wireless link. Mesh-system Tenda Nova adapted in about 54 seconds. In our opinion, this is a rather long convergence time, however, as it seems to us, it will be quite acceptable for most home users.

Now let's summarize.

Conclusion

A set of nodes for building a wireless mesh network Tenda MW6 allows you to build a stable wireless network in a country house or a large city apartment. A distinctive feature of the implementation is the readiness of the equipment to work almost out of the box, that is, with minimal settings. The nodes of the mesh network will automatically build the most optimal topology themselves, over which user data will be transmitted. The scalability of the solution, which goes far beyond the capabilities of one devices set, allows providing a wireless connection to rooms with a very large area, providing wireless clients with the possibility of smooth reconnection to another node when moving within the coverage area.

The strengths of the system include the following:

  • support fast roaming (IEEE 802.11r / v);
  • the ability to create a guest network;
  • nice design;
  • the possibility of combining a mesh-network devices of different models;
  • mobile application;
  • the possibility of independent operation of each of the nodes;
  • easy setup;
  • parental control function;
  • the possibility of both wired and wireless nodes peering.

The lack of a web interface we can not call a problem or a flaw. Of course, we understand that many users have long been more comfortable with setting up equipment using a mobile application installed on a smartphone. However, in our opinion, the good old web interface would also be a popular way to manage the network. We would also like to see support for the IPv6 protocol in such devices; we very much hope that the manufacturer will soon add it.

At the time of writing this review, the best price for a set of two Tenda MW6 devices in German-speaking Europe countries, according to website Geizhals Preisvergleich, was about 164 euro, while a set of three nodes would cost approximately 166 euro. Before buying, be sure to specify how many devices will be included in the purchased kit.

Answers to emerging questions about the functioning of the Tenda mesh systems can be found on the official website of the manufacturer. Information about all new updates will also be available here.

Introduction

External design and hardware

Firmware update

Web-interface

Command line

Testing

Summary

Introduction

It’s been more than two years since we tested Zyxel Keenetic Ultra II and Giga III wireless routers. Yes, time spins away. Today in our laboratory we have Keenetic Giga KN-1010 wireless router. Let’s review which new capabilities were added and how the performance of wireless routers has changed after Keenetic department became a separate company.

External design and hardware

Keenetic Giga KN-1010 wireless router comes in gray and white plastic case with the dimensions 214x154x33 mm (not considering external antennae). The device weighs 488 g. To operate properly KN-1010 needs an external power adapter (included to the box) with the following characteristics: 12V and 2,5 A.

There are a 3D vendor name, LEDs indicating state of the whole device and its wired and wireless interfaces on the front panel. In addition, button for managing wireless network is located here.

Keenetic KN-1010 wireless router has four external turning non-detachable antennae placed on the rare panel of the case and its sides.

The remarkable part of the sides is covered with the ventilation grate. Except for it, two USB ports (one USB 2.0 and one USB 3.0) are placed on one side and two additional configuring buttons for managing additional device parameters are located here, too.

Except for two antennae, five Gigabit Ethernet ports (one WAN and four LAN) with LEDs indicating their state, slot for power connection and sunken Reset button are placed on the rare panel. It’s worth noting that WAN-interface of the testing wireless router is a combo one: the user can connect to the Internet both with the help of twisted pair and optical fibers by using special transivers.

The bottom panel is rather traditional: the ventilation grate, four big rubber legs, two technological holes for mounting the router to the wall and sticker with brief information about the device are located here.

Now let’s take a look at the insides of KN-1010 case.

The hardware of Keenetic KN-1010 wireless router consists of the only green textolite plate which main elements are placed on its both sides. MediaTek MT7621AT dual-core processor working on 880 MHz and MT7615D wireless module of the same vendor are covered with protecting screens are not available for review, whereas DDR Nanya NT5CC128M16IP-DI RAM chip of 256 Mbytes is available.

On the bottom side of the plate Spansion S34ML01G200TFI000 flash-memory module of 128 Mbytes and Realtek RTL8211FS switch chip with five Gigabit Ethernet ports are placed. The given switch is responsible for working with WAN-port (select of SFP or RJ-45), whereas switching of data transmitting via LAN-ports is performed by gigabit switch built into the processor.

That’s where we complete Keenetic KN-1010 wireless router hardware review and go to reviewing its firmware capabilities.

Firmware update

Firmware update can be carried out in General settings menu item, Administration group of the web-interface. The users can prefer automatic or semi-automatic firmware update mode. One should be connected to the Internet to update firmware using any of this ways.

The whole firmware update process takes about 1,5 minutes and doesn’t require any special knowledge from the user.

Ability of manual Keenetic Giga firmware update is also available to the users, to use it one should click Replace the file button in firmware section of System files group of General settings menu item and select file with the new firmware version.

Firmware used for Keenetic wireless routers has module structure that allows the administrator to install only components that are really needed. One can select components for installation on General Settings page. Amount of available components is really surprising.

By default, only two firmware lines are available to the administrator: stable (release) and more dynamically developing beta-version. However, in addition, firmware of other lines can be available to the administrator. One can perform update to developing firmware versions either with the help of a special firmware file which can be retrieved from vendor technical support or by downloading it from the forum or by entering two hidden commands: components list draft and components commit (Internet connection is necessary).

One can turn on/off automatic firmware update and change list of installed components using command line interface.

(config)> components
 list - show an available component list
 install - install or remove a component
 remove - remove the component from this system
 preset - select a predefined set of components
 preview - show firmware info
 commit - apply selected component set
 validity-period - set a validity period of a local component list
 auto-update - manage firmware components auto-update settings
(config)> components install opkg
Components::Manager: Component "opkg" is queued for installation.
(config)> com
 components - manage firmware components
 (config)> components comm
 commit - apply selected component set
 (config)> components commit
Components::Manager: Update task started.

If necessary, the administrator can update device firmware using files located on the external USB drive. We copied file with new firmware version to our small flash-card and connected it to the router. After flash-card connection a new drive from which we are going to perform copying of firmware was detected by the system.

(config)> ls
 Usage template:
 ls [{directory}]
 Choose:
 ndm:/
 flash:/
 temp:/
 proc:/
 sys:/
 storage:/
 usb:/
 9A8ABCA98ABC8375:/
 STORAGE:/
 (config)> ls 9A8ABCA98ABC8375:/
 rel: 9A8ABCA98ABC8375:/
 entry, type = R:
 name: firmware
 size: 13893692
 (config)> copy
 Usage template:
 copy {source} ({destination} | {destination})
 Choose:
 ndm:/
 flash:/
 temp:/
 proc:/
 sys:/
 storage:/
 usb:/
 9A8ABCA98ABC8375:/
 STORAGE:/
 log
 running-config
 startup-config
 default-config
 (config)> copy 9A8ABCA98ABC8375:/f
 Usage template:
 copy {source} ({destination} | {destination})
(config)> copy 9A8ABCA98ABC8375:/firmware
 Usage template:
 copy {source} ({destination} | {destination})
 Choose:
 9A8ABCA98ABC8375:/firmware ndm:/
 9A8ABCA98ABC8375:/firmware flash:/
 9A8ABCA98ABC8375:/firmware temp:/
 9A8ABCA98ABC8375:/firmware proc:/
 9A8ABCA98ABC8375:/firmware sys:/
 9A8ABCA98ABC8375:/firmware storage:/
 9A8ABCA98ABC8375:/firmware usb:/
 9A8ABCA98ABC8375:/firmware 9A8ABCA98ABC8375:/
 9A8ABCA98ABC8375:/firmware STORAGE:/
 9A8ABCA98ABC8375:/firmware log
 9A8ABCA98ABC8375:/firmware running-config
 9A8ABCA98ABC8375:/firmware startup-config
 9A8ABCA98ABC8375:/firmware default-config
 (config)> copy 9A8ABCA98ABC8375:/firmware flash:/firmware
FileSystem::Repository: Firmware update started.

One can check success of firmware update process using show version command.

(config)> show version
 release: 2.11.C.1.0-3
 arch: mips
 ndm:
 exact: 0-fbd6e4f
 cdate: 11 Apr 2018
 bsp:
 exact: 0-e2dc116
 cdate: 11 Apr 2018
 ndw:
 version: 4.2.3.114
 features: wifi_button,wifi5ghz,usb_3,usb_3_first,
 led_control,vht2ghz,mimo5ghz,dual_image,nopack,
 flexible_menu,emulate_firmware_progress
 components: angular-ndw,ddns,dot1x,fat,hfsplus,interface-
 extras,kabinet,miniupnpd,nathelper-ftp,nathelper-h323,
 nathelper-pptp,nathelper-rtsp,nathelper-sip,ntfs,ppe,
 trafficcontrol,usblte,usbserial,cloud,cifs,base,
 cloudcontrol,components,config-ap,config-client,config-
 repeater,corewireless,dhcpd,dlna,easyconfig,ftp,igmp,
 l2tp,madwimax,pingcheck,ppp,pppoe,pptp,skydns,storage,
 transmission,usb,usbdsl,opkg,usbmodem,usbnet,ydns,
 printers,theme-Keenetic,base-theme,sysmode,base-l10n,
 easyconfig-3.2,modems,ispdb,base-Intl
 manufacturer: Keenetic Ltd.
 vendor: Keenetic
 series: KN
 model: Giga (KN-1010)
 hw_version: 10108000
 hw_id: KN-1010
 device: Giga
 class: Internet Center

That’s where we proceed to completion of description of different ways for Keenetic wireless routers firmware update and go directly to exploring its web-interface capabilities.

Web-interface

One can get access the router web-interface using any modern browser. In addition, managing the device can be performed with the help of mobile apps available for the systems based on Android and iOS. The web-interface of KN-1010 model is available in three languages: Russian, English, and Ukrainian.

The vendor decided to display a prompt message about the way of password reset (and, certainly, all user settings as well) directly on control panel login form.

Upon successful authentication the user is navigated to the router web-interface start page where the information about the use of Internet channel and wired interfaces statuses, connected devices, wired and wireless clients is presented. Except for it, with the help of this page the administrator can control running apps, among which are various VPN servers and file access protocols, torrent clients and proxies for IPTV watching. The brief information about the system is also presented on the start page.

It’s worth noting that in the given review we will describe the new web-interface that just recently became available on Keenetic wireless routers. During some time traditional version of the web-interface will be also available to the users, to navigate to it one should use «Go back to the previous design» link. However, we didn’t find a way to go back to the new web-interface version so to do this one should reconnect to the device.

With the help of Wired menu item of Internet group the administrator can perform setting of wired network operator connection parameters and select main connection in case Keenetic Giga has connections to different Internet providers simultaneously. Among available ways of connection there are all standard and widely used ones: static and dynamic IP addresses (it is IPoE term so adorable by marketers) and PPPoE/L2TP/PPTP tunnels. We cannot help but mention the support of authentication using IEEE 802.1X.

Have you obtained Keenetic Giga wireless router with wired Gigabit Ethernet ports, however for Internet access connection via ADSL/VDSL is needed or only wireless operators are available in the given area? - It’s not a big deal! One can connect wired xDSL modem or wireless modem with the support of 3G/4G networks to USB ports of the testing model. Corresponding settings are provided in 3G/4G modem and ADSL/VDSL modem menu items of the same group.

Except for the option of connection to mobile operators wireless networks Keenetic Giga provides the users with the ability of connection to wireless networks of Wi-Fi providers, the corresponding setting is available in Wireless ISP menu item.

In Internet group the only item is left for our review: Other connections. Here the administrator can configure parameters of VPN connections working in which KN-1010 router plays role of a client or peer. The following types of tunnels are supported: PPPoE, PPTP, L2TP, L2TP/IPsec, OpenVPN and 6in4. Connections via IPsec are performed in site-to-site mode. SSTP support will be available in the firmware versions since 2.12.

Device list menu item of My networks and Wi-Fi group allows the administrator to view the list of currently connected devices and parameters of their connection. A pleasant peculiarity is an ability to block Internet access for unregistered devices or set speed limit for them. To be reasonable, it’s worth noting that speed limit can be set for registered devices as well, in addition to it, the administrator can configure schedule in accordance to which Internet access will be provided to this or that client.

Now let’s have a look at Home network menu item of the same group. With the help of this item the administrator can not only set SSID for each Wi-Fi frequency range and main parameters of their work (including schedule) but also set IP address for LAN interface, configure DHCP server parameters, perform configuration of virtual networks and activate IGMP Proxy option that provides access to IPTV service of the local network operator. We cannot help but mention the support of Band Steering option with the help of which the router can dynamically distribute wireless clients, which support operating in both frequency ranges, between wireless networks.

One can prohibit access to the wireless router web-interface or limit Internet access speed for clients connecting to guest wireless network. If it is necessary to organise public Internet access with user authorization, one can user Captive portal option. It’s also worth noting that Captive portal function supports remarkable amount of third-party services for user authorization, however if due to some reason there is no needed provider in the list, one can configure parameters of connection to it manually. We also consider interesting an ability to connect to guest network not only wireless clients but also wired devices connected with particular LAN ports of the router. So, for example, one can create selected segment for friends of his/her child or for IoT (Internet of Things). All listed configurations are presented in Guest segment menu item.

Each parent would like to protect his/her child from inappropriate content and protect his/her devices from viruses and network attacks. Internet safety menu item of Network rules group can help with it. Filtration is performed with the use of third-party DNS servers that perform rating of Internet resources.

To use an ability of manual creation of filtration rules, one should go to Firewall menu item of the same group.

In the local network behind Keenetic Giga wireless router a service to which one should provide access from the Internet can be placed. In this case the administrator should go to Forwarding menu item with the help of which configuration of forwarding rules for incoming packets for TCP and UDP ports is performed.

One can manage static routes using Routing item of the same menu group.

Often operators provide users with dynamic IP addresses that make more difficult sharing resources located in the local network behind the router. DDNS service that allows dynamic updating binding of domain name and IP address can help in this case. Corresponding setting is available in Domain name menu item. It’s worth noting that except for widely known operators providing dynamic DNS service, KeenDNS service with a bit wider functionality is supported. So, for example, with the help of this service the users can have an ability of remote managing the router via HTTPS even if the device is located behind NAT/PAT provider. Except for managing, remote setting of SSTP tunnel (at the moment when this review was being written the given option was available in beta firmware versions) for connection to the devices of the home network is available. Some users can prefer ability to connect to different devices of home network using fourth level domains.

Choice of options necessary to the user can be performed with the help of User-defined options menu item of Management group. Here one can turn on/off torrent client and file services, VPN services and UDP proxy. In addition, setting of the services is performed with the help of this page.

One can manage users and their access rules with the help of Users item of the same menu group.

The number of options available for update to the administrator in System settings item is really significant. So, for example, here one can select operation mode of the device and parameters of system updates (including ability of changing set of installed components), view and replace system files, activate support of cloud service, manage working of buttons placed on the router case, configure speeds of network interfaces and USB ports.

With the help of Diagnostics menu item of Management group the administrator can perform checking of particular network hosts availability, view router system log, view the list of active connections, enable the debug mode, and perform packet capture.

Installation of additional extension packages is performed with the help of OPKG item of the same menu group.

In case of Zyxel Keenetic Plus DECT availability DECT base station managing its operation parameters is performed with the help of menu items of Telephony group.

That’s where we could complete the web-interface review, but…

There are several firmware versions for Keenetic wireless routers, the most famous among them are the following: stable (release), preliminary (beta) and debugging. It’s also worth noting that technical support of the vendor provides consultancy only for release and beta versions, we also don’t recommend installing debugging versions without really need. All new functions become available firstly in the debugging firmware versions and are available to enthusiasts for testing. Obviously, we decided to perform update to the latest available debugging and beta versions and check which changes will be available to the users in the short term.

New firmware versions will add new item Connection priorities to Internet group of the web-interface menu. With the help of Internet connection policies tab the administrator can create access profiles managing the order of using connections to providers.

More interesting, from our point of view, is Policy bindings that is the second tab of the same menu item. Using it one can perform binding of particular registered devices to access profiles that allows different wired and wireless clients to use different Internet connections. That’s the first step to realization of PBR - Policy Based Routing function.

User defined options item of Management group is extended with additional option SSTP VPN server.

A pleasant peculiarity of VPN server SSTP is an ability of users connection to it even in case of absence of globally routed (white/valid/real) IPv4 address. Connection is performed via the cloud supported by the vendor. The connection via the cloud can also be used for remote managing the device in case of real address absence.

It’s also worth noting that Keenetic Giga can play role of a client for connection via SSTP, corresponding setting is available in Other connections item of Internet menu.

When this review was being prepared for publication, Keenetic representatives notified us that firmware of 2.12 version is moved from debugging to beta version without any additional manipulations. But the most important point here is that official support is provided for beta versions so users can apply to the vendor technical support in case of any difficulties on using any of described new functions.

Now let’s turn to reviewing the command line capabilities of the device.

Command line

We will not review all capabilities of Keentetic wireless routers command line but describe the most interesting of them. To be reasonable, it’s worth noting that command line has more consistent functionality comparing with the web-interface. Okay, let’s start.

Command line of Keenetic Giga KN-1010 is provided as command interpreter and the users don’t have access to shell. The interface under review is similar to CLI of Cisco Systems devices, however it has many differences. To access the command line one should enter login and password which are the same as for web-interface authentication.

Login: admin
Password: **********
(config)>
 system - maintenance functions
 ntp - configure NTP
 schedule - schedule configuration
 known - manage lists of known network objects
 access-list - configure network access lists
 isolate-private - configure if traffic may pass between "private" interfaces
 user - configure user account
 dyndns - configure DynDns profiles
 ndns - configure NDNS
 yandexdns - configure Yandex.DNS profiles
 skydns - configure SkyDns profiles
 nortondns - configure Norton ConnectSafe DNS profiles
 adguard-dns - configure AdGuard DNS profiles
 ping-check - configure ping-check profiles
 interface - network interface configuration
 ip - configure IP parameters
 pppoe - configure PPPoE parameters
 ipv6 - configure IPv6 parameters
 kabinet - configure kabinet authenticator
 ppe - Packet Processing Engine configuration
 upnp - configure UPnP parameters
 torrent - configure torrent service parameters
 udpxy - configure udpxy
 crypto - configure IPsec
 igmp-proxy - configure IGMP
 dect - configure DECT parameters
 snmp - configure SNMP service
 sstp-server - configure SSTP VPN server
 vpn-server - configure PPTP VPN server
 service - manage services
 cifs - manage CIFS service
 dlna - manage DLNA service
 dns-proxy - manage DNS proxy service
 afp - manage AFP server service
 whoami - display info about the current management session
 printer - printer configuration
 more - view text file
 ls - list directory contents
 copy - copy files
 erase - erase file or empty directory
 access - set user access for directory
 monitor - manage monitor services
 show - display various diagnostic information
 tools - tools for testing the environment
 opkg - Open Package configuration
 ntce - NTCE settings
 easyconfig - configure Easyconfig services
 bwmeter - bandwidth meter
 components - manage firmware components
 cloud - manage cloud services

Several configuration modes are supported for such devices. For example, to update parameters of a particular interface one should go to a corresponding mode.

(config)> int
 interface - network interface configuration
(config)> interface
 Usage template:
 interface {name}
 Choose:
 Pvc
 Vlan
 CdcEthernet
 WiMax
 UsbModem
 RealtekEthernet
 AsixEthernet
 Davicom
 UsbLte
 Yota
 Bridge
 PPPoE
 SSTP
 PPTP
 L2TP
 OpenVPN
 IPIP
 TunnelSixInFour
 Gre
 EoIP
 TunnelSixToFour
 Chilli
 GigabitEthernet0
 GigabitEthernet0/0
 1
 GigabitEthernet0/1
 2
 GigabitEthernet0/2
 3
 GigabitEthernet0/3
 4
 GigabitEthernet0/Vlan1
 GigabitEthernet0/Vlan3
 GigabitEthernet1
 ISP
 GigabitEthernet1/0
 0
 WifiMaster0
 WifiMaster0/AccessPoint0
 AccessPoint
 WifiMaster0/AccessPoint1
 GuestWiFi
 WifiMaster0/AccessPoint2
 WifiMaster0/AccessPoint3
 WifiMaster0/WifiStation0
 WifiMaster1
 WifiMaster1/AccessPoint0
 AccessPoint_5G
 WifiMaster1/AccessPoint1
 WifiMaster1/AccessPoint2
 WifiMaster1/AccessPoint3
 WifiMaster1/WifiStation0
 UsbDsl0
 Bridge0
 Home
 Bridge1
 Guest

For wireless interfaces the user can manage transmission power, wireless channel and modes of compatibility. Also the administrator can specify country code where the given device is used. For all interfaces including wireless ones the administrator can restrict maximum user data transmission speed using traffic-shape command.

(config)> interface WifiMaster0
Core::Configurator: Done.
(config-if)>
 rename - change interface name
 description - set interface description
 role - interface role configuration
 traffic-shape - set traffic rate limit
 dyndns - DynDns updates
 tx-queue - set TX queue length
 mac - configure MAC parameters
 debug - enable connection debugging
 rf - change RF settings
 ip - configure IP parameters
 ipv6 - configure IPv6 parameters
 country-code - set country code
 compatibility - set 802.11 compatibility (use parameters like BG or ABGN)
 channel - set radio channel
 power - set transmission power level
 preamble-short - enable short preambles
 tx-burst - enable Tx Burst
 rekey-interval - change WPA/WPA2 rekey interval
 band-steering - enable band-steering
 vht - enable VHT (QAM256)
 up - enable interface
 down - disable interface
 bandwidth-limit - interface bandwidth limit
 schedule - interface up/down schedule
(config-if)> tra
 traffic-shape - set traffic rate limit
(config-if)> traffic-shape
 Usage template:
 traffic-shape rate {rate} [schedule {schedule-name}]
(config-if)> rol
 role - interface role configuration
(config-if)> role
 Usage template:
 role {role} [for {ifor}]
 Choose:
 inet
 iptv
 voip
 misc
(config-if)> coun
 country-code - set country code
 (config-if)> chan
 channel - set radio channel
(config-if)> channel
 Usage template:
 channel {channel} | width ... | auto-rescan ...
 width - set radio channel width
 auto-rescan - set radio channel auto-rescan schedule
(config-if)> powe
 power - set transmission power level
(config-if)> power
 Usage template:
 power {power}
(config-if)> exi
Command::Base error[7405600]: no such command: exi.
(config-if)> exit
Core::Configurator: Done.
(config)> inter
 interface - network interface configuration
(config)> interface Acc
 Usage template:
 interface {name}
 Choose:
 AccessPoint
 AccessPoint_5G
(config)> interface AccessPoint
Core::Configurator: Done.
(config-if)>
 rename - change interface name
 description - set interface description
 role - interface role configuration
 traffic-shape - set traffic rate limit
 dyndns - DynDns updates
 tx-queue - set TX queue length
 mac - configure MAC parameters
 peer-isolation - enable peer isolation
 security-level - assign security level
 debug - enable connection debugging
 wps - enable WPS functionality
 authentication - configure authentication
 encryption - configure encryption parameters
 ip - configure IP parameters
 igmp - configure IGMP parameters
 ipv6 - configure IPv6 parameters
 ping-check - ping-check configuration
 ssid - set wireless ESSID
 hide-ssid - disable SSID broadcasting on the access point
 wmm - enable Wireless Multimedia Extensions on this interface
 pmf - enable Protected Management Frames on this interface
 ipsec - configure IPsec parameters
 led - configure interface LED binding
 lldp - configure LLDP parameters
 up - enable interface
 down - disable interface
 bandwidth-limit - interface bandwidth limit
 schedule - interface up/down schedule
(config-if)> en
 encryption - configure encryption parameters
(config-if)> encryption
 key - set wireless encryption key
 enable - enable wireless encryption (WEP by default)
 disable - disable wireless encryption
 wpa - enable WPA version 1 (TKIP) encryption
 wpa2 - enable WPA version 2 (AES) encryption
(config-if)> encryption

One can manage access lists for IPv4 traffic with the help of access-list command.

(config)> acce
 access-list - configure network access lists
 access - set user access for directory
(config)> access-
 access-list - configure network access lists
(config)> access-list
 Usage template:
 access-list {acl}
(config)> access-list test
Network::Acl: "test" access list created.
(config-acl)>
 deny - add prohibitive rule
 permit - add permissive rule
 rule - set rule operation time
(config-acl)> perm
 permit - add permissive rule
(config-acl)> permit
 Usage template:
 permit ((tcp | udp) {source} {source-mask} [port (((lt | gt |
 eq) {source-port}) | (range {source-port} {source-end-port}))]
 {destination} {destination-mask} [port (((lt | gt | eq)
 {destination-port}) | (range {destination-port} {destination-
 end-port}))]) | ((icmp | esp | gre | ipip | ip) {source}
 {source-mask} {destination} {destination-mask})
 Choose:
 tcp
 udp
 icmp
 esp
 gre
 ipip
 ip

Using access-group interface command one can set access list for a particular interface.

(config-if)> ip acc
 access-group - bind access-control rules
(config-if)> ip access-group
 Usage template:
 access-group {acl} {direction}
 Choose:
 _WEBADMIN_WifiMaster0/WifiStation0
 test

Unfortunately, at the moment there is no ability for access rules configuration for IPv6 traffic. However, several improvements became available since our previous review. So, for example, one can restrict list of ports via which this or that local network host is available. As we were assured by vendor representatives more exact configuration of firewall rules is planned but without exact due dates.

(config)> ipv6 st
 static - add one-to-one address translation rule
(config)> ipv6 static
 Usage template:
 static tcp | udp [{interface}] {mac} {port} [through {end-port}]

Certainly, firewall for IPv6 can be totally turned off, however we consider this procedure unsafety.

(config)> ipv6
 subnet - subnet configuration
 local-prefix - configure local prefix
 name-server - add name server IPv6 address
 route - configure a static route
 firewall - enable firewall
 pass - configure IPv6 pass-through mode
 static - add one-to-one address translation rule
(config)> ipv6 fi
 firewall - enable firewall

Also with the help of command line one can set static IPv6 addresses to the device interfaces whereas this cannot be performed using web-interface.

system
 set net.ipv6.conf.all.forwarding 1
interface GigabitEthernet1
 ipv6 address 2001:db8:1::1
 ipv6 prefix 2001:db8:1::/64
interface Bridge0
 ipv6 address 2001:db8:2::1
ipv6 route 2001:db8:1::/64 ISP
ipv6 route default 2001:db8:1::2

One can view content of a particular catalogue with the help of ls command, whereas more command displays content of a particular file (we intentionally cut output of this command in our listing).

(config)> ls
 rel:
 entry, type = V:
 name: ndm:
 subsystem: local
 entry, type = V:
 name: flash:
 subsystem: local
 entry, type = V:
 name: temp:
 subsystem: local
 entry, type = V:
 name: proc:
 subsystem: local
 entry, type = V:
 name: sys:
 subsystem: local
 entry, type = A:
 name: log
 subsystem: local
 entry, type = A:
 name: running-config
 subsystem: local
 entry, type = A:
 name: startup-config
 subsystem: local
 entry, type = A:
 name: default-config
 subsystem: local
 entry, type = V:
 name: storage:
 subsystem: local
 entry, type = V:
 name: usb:
 subsystem: local
 entry, type = V:
 name: dect:
 subsystem: local
 (config)> more flash:/default-config
! $$$ Model: Keenetic Giga
! $$$ Version: 2.0
! $$$ Agent: default
system
 set net.ipv4.ip_forward 1
 set net.ipv4.tcp_fin_timeout 30
 set net.ipv4.tcp_keepalive_time 120
 set net.ipv4.neigh.default.gc_thresh1 256
 set net.ipv4.neigh.default.gc_thresh2 1024
 set net.ipv4.neigh.default.gc_thresh3 2048
 set net.ipv6.neigh.default.gc_thresh1 256
 set net.ipv6.neigh.default.gc_thresh2 1024
 set net.ipv6.neigh.default.gc_thresh3 2048
 set net.netfilter.nf_conntrack_tcp_timeout_established 1200
 set net.netfilter.nf_conntrack_max 16384
 set vm.swappiness 60
 set vm.overcommit_memory 0
 set vm.vfs_cache_pressure 1000
 set dev.usb.force_usb2 0
 hostname Keenetic_Giga
 domainname WORKGROUP

One should use service command to manage different auxiliary services.

(config)> ser
 service - manage services
(config)> service
 dhcp - start DHCP service
 dns-proxy - enable DNS proxy
 igmp-proxy - enable IGMP proxy
 dhcp-relay - start DHCP relay service
 http - HTTP service
 afp - enable AFP server
 ftp - enable FTP server
 cifs - enable CIFS server
 dlna - enable DLNA server
 telnet - start telnet service
 ssh - start SSH service
 ntp-client - start NTP client
 upnp - start UPnP service
 torrent - start torrent service
 udpxy - enable udpxy
 kabinet - start Kabinet authenticator
 vpn-server - enable PPTP VPN server
 dect - enable DECT server
 ipsec - enable IPsec
 sstp-server - enable SSTP VPN server
 ntce - enable NTCE
 snmp - SNMP service
 cloud-control - enable cloud control service

Change of system operating parameters is performed with the help of system command.

(config)> sys
 system - maintenance functions
(config)> system
 reboot - restart the system
 set - adjust system settings
 led - setup system LED controls
 button - setup system button functions
 clock - change system clock settings
 domainname - set the domain name
 hostname - set the host name
 configuration - manage system configuration
 log - manage system logging
 mount - mount USB disk partition
 drivers - manage kernel drivers
 swap - set swap area
 zram - set zram swap settings
 debug - enable system debug
 mode - select system operating mode

Command group show is intended for viewing configuration and current working parameters of the device. So, for example, show version command displays information about current firmware version.

(config)> show
 version - display firmware version
 signature - display firmware signature state
 system - display system status information
 drivers - view list of loaded kernel drivers
 threads - view list of active threads
 processes - view list of running processes
 configurator - display configurator information
 interface - display interface status
 ssh - show SSH server status
 dot1x - 802.1x supplicant status
 skydns - display SkyDns parameters
 log - display system log
 running-config - view running configuration
 ip - display IP information
 ppe - show "binded" PPE entries
 upnp - display UPnP rules
 ipsec - display internal IPsec status
 dect - show DECT status
 afp - display AFP server status
 acme - display ACME client status
 cifs - display cifs server status
 dlna - display DLNA server status
 torrent - display torrent service information
 vpn-server - show PPTP VPN server status
 cloud - display status of the cloud service
 sstp-server - show SSTP VPN server status
 ndns - show NDNS status
 easyconfig - display EasyConfig information
 internet - display Internet check status
 dyndns - show DynDns profile status
 ping-check - show ping-check profile status
 site-survey - display available wireless networks
 associations - shows a list of associated wireless stations
 led - display system LED information
 button - display system button information
 clock - display system clock information
 ntp - display NTP parameters
 schedule - display system environment
 crypto - display IPsec information
 chilli - show chilli info
 usb - display USB device list
 printers - display attached printer list
 tags - show available authentication tags
 access - display directory acl
 kabinet - display Kabinet authenticator parameters
 monitor - show monitor status
 ipv6 - display IPv6 information
 ntce - show NTCE settings and status
 yandexdns - display YandexDns parameters
 nortondns - display Norton ConnectSafe DNS parameters
 adguard-dns - display AdGuard DNS parameters
(config)> show ver
 version - display firmware version
(config)> show version
 release: 2.12.A.6.0-2
 arch: mips
 ndm:
 exact: 0-4a1e5ca
 cdate: 19 May 2018
 bsp:
 exact: 0-2ca6889
 cdate: 19 May 2018
 ndw:
 version: 0.4.26
 features: wifi_button,wifi5ghz,usb_3,usb_3_first,
 led_control,vht2ghz,mimo5ghz,dual_image
 components: acl,adguard-dns,afp,base,chilli,cifs,
 cloudcontrol,config-ap,config-client,config-repeater,
 corewireless,ddns,dhcpd,dlna,dot1x,dpi,easyconfig,eoip,
 fat,ftp,gre,hfsplus,igmp,ip6,ipip,ipsec,kabinet,l2tp,
 madwimax,miniupnpd,monitor,nathelper-ftp,nathelper-h323,
 nathelper-pptp,nathelper-rtsp,nathelper-sip,netflow,
 nortondns,ntfs,nvox,openvpn,opkg,opkg-kmod-audio,opkg-
 kmod-dvb-tuner,opkg-kmod-fs,opkg-kmod-netfilter,opkg-
 kmod-netfilter-addons,opkg-kmod-tc,opkg-kmod-usbip,opkg-
 kmod-video,pingcheck,ppe,pppoe,pptp,skydns,snmp,ssh,sstp,
 sstp-server,storage,trafficcontrol,transmission,udpxy,
 usb,usbdsl,usblte,usbmodem,usbnet,usbserial,vpnserver,
 vpnserver-l2tp,ydns
 manufacturer: Keenetic Ltd.
 vendor: Keenetic
 series: KN
 model: Giga (KN-1010)
 hw_version: 10108000
 hw_id: KN-1010
 device: Giga
 class: Internet Center
(config)> show sys
 system - display system status information

To simplify working with commands of show group the administrator can go to a special view mode.

(config)> show
Core::Configurator: Done.
(show)> system
 hostname: Keenetic_Giga
 domainname: WORKGROUP
 cpuload: 2
 memory: 51204/262144
 swap: 0/0
 memtotal: 262144
 memfree: 168060
 membuffers: 10564
 memcache: 32316
 swaptotal: 0
 swapfree: 0
 uptime: 7301

Except for viewing commands, a set of diagnostic ones is available to the administrator.

(config)> tools
Core::Configurator: Done.
(tools)>
 arping - send an ARP request to a given host
 ping - send ICMP ECHO_REQUEST to network hosts
 ping6 - send an ICMPv6 echo request to network hosts
 pppoe-discovery - scan available PPPoE servers
 traceroute - do IPv4 network route diagnostics

One can get information about the connection to command line using whoami command.

(config)> whoami
 user: admin
 agent: cli
 host: 192.168.1.200
 mac: 00:15:17:6a:f3:9a
 where: Bridge0

Also we decided to find out with the help of which commands PBR (Policy Based Routing) setting is performed, that is the ability to perform routing based on policies. At the moment reaching a decision about routing can be performed separately for each client device, so the first thing to start configuration is to perform device registration specifying its name and MAC-address.

known host test 00:15:17:6a:f3:9a

The next step is creating a profile in which Internet connections are listed in order of decreasing priority. In our case wireless provider was used at first and then connection to Ethernet-network.

ip policy Policy0
 description second_profile
 permit global WifiMaster0/WifiStation0
 permit global ISP
 permit auto

After that one should list all existing profiles in ip hotspot section and perform binding of client devices to this or that profile.

ip hotspot
 policy Home Policy0
 policy Guest Policy0
 host 00:15:17:6a:f3:9a permit
 host 00:15:17:6a:f3:9a policy Policy0

That's where we proceed to completion of the brief review of the command line interface capabilities and pass directly on to its testing.

Testing

The first test we traditionally begin this section is estimating the booting time of the device, which is a time interval starting with the moment when the power is on until the first echo reply is received via ICMP. Keenetic Giga wireless router boots after 31 seconds. We consider this as a good result.

The second not less than traditional test was a security scanning procedure, which has been carried out using Positive Technologies XSpider 7.8 network security scanner. At first, we performed scanning from LAN-interfaces side using recommended set of components.

On the whole, there were eight open ports discovered. The most interesting data are presented below.

Then we decided to repeat scanning procedure but from WAN-interface side. Scanner didn’t discover any open port, so Keenetic wireless routers are absolutely safe from external attacks with their default settings.

Before start performance tests we would like to get our readers familiar with the key parameters of the test stand we used.

Component PC Laptop
MB ASUS Maximus IX Extreme ASUS GL753VD
CPU Intel Core i7 7700K 4 GHz Intel Core i7 7700HQ 2.8 GHz
RAM DDR4-2133 Samsung 64 Gbyte DDR4-2400 Hyundai 8 Gbyte
NIC Intel X550T2
ASUS PCE-AC88
Realtek PCIeGBE
OS Windows 7 x64 SP1 Windows 10 x64

We decided to start with measuring performance of the device while IPv4 traffic routing with using NAT/PAT translations and without them. Measuring was performed for 1, 5 and 15 simultaneous TCP connections. JPERF utility of 2.0.2 version was used as an instrument for measuring. Both measurements displayed below were performed with hardware routing acceleration enabled by default.

As KN-1010 model is a wireless router, we cannot help but test user data transmission speeds in wireless network segment.

Keenetic Giga supports great number of various tunnel connections so we decided to measure performance of some of them. Data transmission speeds via PPTP and L2TP tunnels are traditionally high. Certainly, using of encryption together with PPTP significantly decreases speeds available to the users. In these tests KN-1010 model was used as a client.

One of the most popular ways of connection to remote networks is OpenVPN tunnel. Another not less than popular way of connection is using of IPSec. Here we used KN-1010 as a server.

It’s worth noting that testing model also supports connections with the help of SSTP protocol. The peculiarity of this connection is ability to set tunnel even if router doesn’t have globally routing address. The results of performance measuring for KN-1010 router working in SSTP-server mode are presented below.

Next version of IP IPv6 is becoming more and more popular. The increase of popularity of this protocol in Russia can be explained by users desire to bypass interlocks set by Roskomnadzor and keep up with the times, implementing new developments the first. Obviously, we cannot help but measure routing speeds for IPv6 packets. On the diagram below obtained speeds while using of hardware accelerator of IPv6 working and without it are displayed.

Different 3G/4G modems, USB printers, flashcards, DECT stations, ADSL/VDSL modems can be connected to USB port of the router. We decided not to miss an opportunity to measure access speeds for data located on our Transcend TS256GESD400K SSD drive of 256 Gbytes connected to USB port of Keenetic Giga router. We consequently formatted drive using the following file systems: EXT2/3/4, NTFS, FAT32 and HFS+. The results of measuring on connection to USB 2.0 and USB 3.0 ports are displayed below.

In addition, we decided to find out which access speeds to data located on USB drive can be obtained by the users connecting to the router with the help of PPTP tunnel without encryption. Measurements were performed for NTFS file system. Obtained data correspond to maximum announced performance of PPTP server (150-200 Mbps) working on Keenetic Giga router. Performance of PPTP client and server built into Keenetic Giga wireless router is significantly different.

In conclusion, we would like to mention about one more test which we performed in parallel with main experiments. With the help of our ADA TempPro-2200 laboratory pirometr we performed measurement of router case temperature under full load. It turned out that maximum temperature of router case was 37 degrees celsius while external temperature was no more than 24 degrees. Obtained temperature value we consider a normal one.

That’s where we complete testing section and move directly to summing it all up.

Summary

On the whole, we are glad with tested Keenetic Giga KN-1010 wireless router, after two years since our previous testing of Zyxel devices a significant work has been performed: hardware performance is increased, web-interface is remarkably revised and updated, device functionality is significantly expanded. The most positive appreciation is reasonably referred to the flexibility of network interfaces settings and new web-interface we consider user-friendly and intuitively understandable even for new users.

Strength areas of Keenetic Giga KN-1010 wireless router are the following:

  • high user data transmission speeds;
  • support of great amount of VPN connection types;
  • flexible configuration of network interfaces;
  • IPv6 support;
  • ability to connect to existing wireless networks;
  • support of two wireless frequency ranges;
  • captive portal option;
  • ability to remotely connect to the router even without global routing address;
  • module firmware structure;
  • ability to set SFP for connection to optical networks;

The only peculiarity that surprised and a bit confused us is inability to manage access to the devices in the local network based on access lists on connection via IPv6. Probably, that’s the only thing that we could refer to the drawbacks in the meantime.

At the moment this review was being written, the average price for Keenetic Giga KN-1010 wireless router in Moscow online shops was 7500 roubles.