Reviews
Reviews
Routers
netis Beacon AC1200 Gaming Router WF2681
Wireless router NETGEAR Nighthawk X6 R8000 or even more cosmic space at our homes
Small-sized D-LINK DIR-516 Wireless Router
D-Link DIR-806A Wireless Router
New ZyXEL Keenetic Ultra II and Giga III Wireless Routers
Budget-priced ASUS RT-N11P Wireless Router
The New Wireless Flagship Device or ASUS RT-AC68U
DIR-868L or the First Router with Support of 802.11ac by D-Link
New Router for New Standard, ASUS RT-AC66U
D-Link DIR-857 or HD Media Router 3000
N900 NETGEAR WNDR4500 Wireless Router
ASUS RT-G32 rev. C1 and RT-N10 rev. B1
D-Link DSL-2750U, ADSL2+ wireless router with USB
Soviet coffee-grinder or D-Link DIR-645
ASUS RT-N66U or wireless 900 Mbps
Mobile wireless router for 3G/Wi-Fi networks or ASUS WL-330N3G
NETGEAR WNR1000v2 wireless router for home
ASUS RT-N56U or hardware NAT acceleration
ASUS DSL-G31 – connection to ADSL or Ethernet providers
Wireless router and VoIP gateway ASUS AX-112W
Connection of the whole network to Yota or ASUS WMVN25E2+
All the interfaces faster than Fast Ethernet or ASUS RT-N15
NICs and access points
Repeater, wireless bridge and Access Point ASUS RP-AC68U
ASUS RP-AC56: Repeater and Access Point in Two Frequency Ranges
ASUS WL-330NUL or NIC and Router All in One
ASUS PCE-AC66 or a client card for 802.11ac network
ASUS EA-N66 or an alien pyramid
Switches
ADSL2+ Switch with Annex L and Annex M Support or D-Link DAS-3248EC
Access layer switch QTECH QSW-2800
NETGEAR GS108PE, or a smart eight port gigabit ethernet switch with PoE
Network Storages
Powerful five bays NAS QNAP TS-531X
Thecus W4000 – the first network storage based on Microsoft Windows
Thecus N16000PRO Advanced Testing
Modern Six-bay NAS or NETGEAR ReadyNAS 516
Small but speedy, or Thecus N2800
CFI-B8253JDGG or an external RAID
D-Link ShareCenter DNS-325 or a Small NAS for Home and Office
Thecus N8900 or connecting NAS via 10 GE
HuaweiSymantec Oceanspace S2600
Thecus N8800+ or a two-unit storage for eight disks
Rackmount network storage Thecus 1U4200XXX
NETGEAR ReadyNAS Ultra 2 Plus or a speedy two-bay storage
Power Line Communications
IP-cameras
Round-the-clock surveillance, or ACTi TCM-5611 and PLEN-0203
Firewalls
Other
Wireless mesh-network or Tenda Nova
TLK TWS-156054-M-GY antivandal cabinet
StreamTV Adapter or D-Link DIB-200
AquaInspector Server Ultimate by Smart-Soft
NComputing N400 or a Citrix Thin Client
AquaInspector or a Key-ready Solution for Managing, Controlling and Securing the Internet Access
Fluke AirCheck, or We Can See the Radiowaves
Antivandal cabinet – a cure-all solution?
External design and hardware platform
Introduction
What is this, a network audio station? Or a blade-less fan with the remote control? When we received the ASUS Blue Cave in our laboratory, the most improbable versions were put forward. In fact, everything turned out to be very simple: we have a wireless router with a hollow center. The unusual shape of the case is not a tribute to fashion, it is an attempt of engineers to improve the wireless characteristics of the device. But everything in order.
External design and hardware platform
ASUS Blue Cave wireless router has a vertical design and is intended for desktop placement. The case, whose dimensions are 160x160x80 mm with a weight of about 800 g, is made of white plastic with a blue insert. Blue Cave requires an external power supply (included in the box) with the following characteristics: 19 V and 1.75 A for its operation.
Front, top and side panels are not remarkable at all.
The ventilation grate occupies most of the rear panel of the model. There are also five Gigabit Ethernet ports (four LAN interfaces and one WAN), a power connector along with the on/off button, a USB 3.0 port, and Reset and WPS buttons.
A sticker with brief reference information, four round rubber feet, and a ventilation grate are placed on the bottom panel.
It's time to finish the intrigue – look inside the case of the device. Such a large body is due to the desire of developers to perform the correct placement of internal antennas in space to reduce their mutual influence, and therefore provide wireless users with maximum performance, without the use of external antennas. The ASUS Blue Cave is equipped with four internal antennas, providing a 4x4 antenna configuration for each of the frequency bands. This configuration allows the router to operate in AC2600 mode, providing a maximum connection speed in the 2.4 GHz band of 800 Mbps (when using TurboQAM and 600 Mbps without using TurboQAM) and 1734 Mbps in the 5 GHz band.
Electronics staff of router ASUS Blue Cave is presented by two textolite boards of marine blue: basic and wireless module.
The tested model is based on the processor Lantiq PXB4395EL (marking S6483N03 (SLLFB)), which has two physical cores operating at a frequency of 800 MHz. Each core supports up to two threads at the same time (an analogue of hyper-threading technology in the x86 world), so the processor provides the system with four virtual cores, which allows the router to perform several tasks in parallel. One of the cores is used exclusively for internal needs, so in the web-interface of the router we can observe the utilization of only three virtual processor cores. The router is also equipped with 128 MBytes of flash memory and 512 MBytes of DDR3 RAM.
The second card responsible for the wireless part, carries S6514L49 chip supporting 2.4 GHz and S6474L42 chip, which is responsible for providing support 5 GHz band. Somewhat unexpected for us was the presence of Atheros AR3012-BL3D chip, providing support for Bluetooth, especially given that the manufacturer does not announce support for this protocol and does not use it (at least in current versions of firmware). We turned to the vendor for clarification. As we were able to find out, this chip is reserved for IoT control, that is, in the future there may be firmware with the support of appropriate technologies.
At this point, we complete a brief review of the hardware platform of the ASUS Blue Cave wireless router and proceed to the consideration of its software capabilities.
Firmware upgrade
Changing the firmware version for the ASUS Blue Cave router is done in the traditional way - using the "Firmware Upgrade" tab of the "Administration" menu of the web-interface. The whole process takes about three minutes and does not require any special skills from the user. The update can be performed in manual and semi-automatic modes.
You can verify the success of the upgrade using any page of the web-interface - the firmware version is displayed in the header next to the operating mode of the equipment. For more detailed information about the firmware you are using, see the “Firmware Upgrade” tab in the “Administration” menu. In fairness, it should be noted that this page also allows you to update the anti-virus signatures if the AiProtection option was activated.
If the firmware update is not completed successfully, the router goes into recovery mode, which can be identified by flashing red and blue light indicator. The behavior of Blue Cave in recovery mode is different from what we have seen in other ASUS models. There is no web server built into the bootloader, and the bootloader does not respond to ICMP echo-requests. The IP address of the LAN interface of the device is also different: in the recovery mode, the LAN interface of the Blue Cave router has an IP address of 192.168.1.49.
You can restore the firmware using a specialized Firmware Restoration utility, the recovery procedure is typical for all ASUS wireless equipment.
Another way to restore the firmware manually is to use the TFTP, with which you can upload the file with the new firmware to the router, which is in recovery mode. This method of firmware replacement can only be used in emergency cases, as the normal upgrade is most easily performed using the web-interface as standard.
C:\>tftp -i 192.168.1.49 put c:\BLUECAVE_3.0.0.4_384_32948-g8ec6a66.trx
Transfer successful: 38576128 bytes in 24 second(s), 1607338 bytes/s
At this point, we complete the procedures for updating and restoring the firmware of the ASUS Blue Cave wireless router and proceed to the study of the capabilities of the device's web-interface.
Web-interface
Access to the web-interface of the ASUS Blue Cave wireless router can be obtained using any modern browser, you just need to contact the address 192.168.1.1 or name router.asus.com.
After entering the correct credentials, the user gets to the start page of the device. It is also worth noting that the web-interface of the Blue Cave model is available in 19 languages. We will not consider all the features of the web-interface, but will focus on some of the most interesting in our opinion.
The "System Status" section allows you not only to configure the basic parameters of the wireless network, but also to see the utilization of the processor cores and RAM, the status of wired network interfaces and adjust the brightness of the LED. ASUS Blue Cave wireless router has a CPU with four virtual cores (two physical), three of which are available to the system. I must admit, we have never seen so many cores in home networking equipment before.
The menu item "Network Map" displays the current status of the connection to the Internet, the settings of the wireless module, connected wired and wireless clients, and also allows you to manage the parameters of the AiMesh technology (in router mode).
We will purposely skip the "Guest network" menu item here to get back to it later.
The AiProtection menu item is used to configure the protection system of both the router and the client devices behind it. Also, this menu item provides the ability to configure parental control.
The menu item "Traffic Manager" is quite traditional for ASUS network equipment: you can choose the mode of operation, set priorities, limit the available bandwidth.
The tabs of the menu item "Wireless" are traditional for ASUS wireless equipment. Perhaps it is worth noting - the ability to enable/disable the Smart Connect function in the "General" tab. Unfortunately, we did not find any fine-tuning of Smart Connect in the web-interface of the device.
Did not go unnoticed and appeared tab "Roaming Block List" of the same menu item, which allows you to specify wireless clients that are not allowed to switch between nodes AiMesh.
The features of the "LAN" and "WAN" menu items have not changed recently. Perhaps we should only stop at the "DDNS" tab of the "WAN" menu: in addition to expanding the list of DDNS "providers", there is support for Let's Encrypt certificates used by the HTTPS.
Absolutely new for us was the item "Alexa & IFTTT". This section contains settings for voice control of the router using Amazon Alexa, as well as a platform for creating applets. We decided to dedicate a small section of the review to these functions.
ASUS Blue Cave wireless router can act as a VPN client for PPTP, L2TP and OpenVPN protocols, as well as being a PPTP and OpenVPN server. The corresponding settings are collected in the "VPN" menu item tabs.
ASUS Blue Cave firewall features are typical for all ASUS network equipment. All settings are collected in the menu item of the same name.
The model under test can work not only in wireless router mode, but also as an access point, repeater, media bridge, and AiMesh node. Mode selection is made on the "Operation Mode" tab of the "Administration" menu item.
In addition to the standard features of the "System" tab of the same menu item, it is worth noting the options "Power Save Mode" and "Enable HDD Hibernation", allowing you to more accurately configure the energy efficiency of the device.
We also found a small innovation on the "Restore/Save/Upload Setting" tab. Now you can use the "Initialize" button not only to reset user settings, but also to delete all saved log information.
Cooperation between ASUS and Trend Micro allowed to enrich the functionality of the Blue Cave model with the capabilities to protect not only the router itself, but also user devices. Some statistical information is collected by Trend Micro to improve its products. You can disable data collection by using the "Privacy" tab of the "Administration" menu item.
At this point we finish a brief examination of the web-interface capabilities of the ASUS Blue Cave wireless router and move on to a glimpse of the capabilities of the ASUS Router mobile application.
Mobile application
ASUS Blue Cave wireless router can be controlled not only with two standard interfaces, but also with the use of a mobile application developed for smartphones based on iOS and Android.
We still consider web-interface as the most popular way for configuration of SOHO network equipment that’s why we won’t describe in detail all options of the mobile application but speak of them in general. Of course it must be admitted that network device management via smartphone is used more and more frequently.
Since mesh networks are the trend of 2018, the vendor decided to make access to the appropriate settings as simple as possible.
The “Devices” menu item displays a list of all devices ever connected to the router.
With the help of the «Insight» menu item one can manage other ASUS routers if they are found in the local network. More over this item is responsible for AiProtection configuration.
All options that are familiar to users of the web-interface are collected in the menu item "More".
A quick introduction to the mobile utility designed to manage ASUS wireless routers, we conclude on this. To sum up, we were pleasantly surprised by the functionality of this application. In the next section, we will take a closer look at one of the functions of ASUS wireless routers – AiMesh technology.
AiMesh
The list of devices that support wireless mesh networks based on AiMesh is constantly increasing. AiMesh technology is a proprietary development of ASUS, which allows to combine up to five devices into a single network: one AiMesh router and four AiMesh nodes. The network can be hierarchical, currently supports up to two levels of hierarchy, that is, up to three devices in the chain: one router and two nodes. Here it is worth noting that in the current implementation all devices included in the same mesh-network, broadcast using a single wireless channel (for each frequency range). We think this is somewhat wrong, so we hope that the manufacturer will correct this issue in the near future.
Continuing the discussion of the technical details of the technology, we would like to note the support of wireless standard IEEE 802.11v – BSS transition management. With this standard, the network infrastructure can influence the roaming decision made by the client device. This effect may be done through the provision of utilization information in the surrounding nodes AiMesh. Support for the IEEE 802.11k standard is in development and is expected by the new 2019.
Setting up AiMesh technology is extremely simple: you only need to add devices with its support to the existing network, the rest of the work routers will perform automatically.
Although AiMesh is a technology for building a wireless mesh network, devices can also be combined with each other using Ethernet channels.
Regardless of the method of connection, users can make additional settings to AiMesh nodes, so, for example, you can specify the primary connection method or specify the location of the device.
After the devices are connected to the mesh network, all control is centralized: even the firmware of the nodes is replaced with the AiMesh router.
Attempts to connect to Airmesh nodes directly lead to redirecting HTTP requests to the AiMesh address of the router.
The innovation was the possibility to prohibit roaming for certain client devices. The corresponding setting is available on the “Roaming Block List tab of the "Wireless network" menu item.
If necessary, users can also easily remove any mesh network node.
Of course we couldn't leave our readers without some of the technical details of the functioning of the AiMesh.
The procedure for finding nearby mesh nodes is performed by the router using LLDP. With the help of this protocol, it is the discovery of nodes, standard transport protocols TCP and UDP are used for subsequent configuration. And if the wireless connection is more or less clear: it is only necessary that the devices are in the coverage area of each other; the wired connection is more complicated. The Protocol used for host discovery is not transmitted by all switches by default. If the switch is managed, then it will handle the LLDP messages that will make detection of the nodes of the mesh network impossible.
fox_switch#sho lldp ne
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
GT-AC5300 Gi1/0/1 20 B,R 2c4d.5420.5ec0
BLUECAVE Gi1/0/2 20 B,W,R 2cfd.a100.5130
Total entries displayed: 2
Some managed switches allow you to prevent the LLDP from being processed by the device itself by transparently redirecting the appropriate frames within a specific virtual network. An example of an appropriate interface configuration for a Cisco Catalyst 3560CX-8XPD-S switch with IOS version 15.2.6E2 is presented below.
interface GigabitEthernet1/0/1
switchport mode access
l2protocol-tunnel lldp
no lldp transmit
no lldp receive
end
In conclusion, we would like to offer our readers a complete traffic dump (http://foxnetwork.ru/files/2018/asus_blue_cave/asus_aimesh.pcapng), which is exchanged by wireless routers ASUS Blue Cave and GT-AC5300 at the time of node detection and mesh network creation.
IFTTT
We also decided to tell about the possibilities of one more menu item separately. We are talking about the service IFTTT-If This Then That, allows you to automate some routine operations. The essence of such automation is to perform a certain action or a set of them (applet) when a particular event occurs. The IFTTT service itself provides access to an ecosystem that includes more than 600 applications, devices and companies, thousands of active developers and millions of users. Naturally, no automation is possible without the support of network equipment. The firmware of most ASUS wireless routers already contains support for the IFTTT service.
The first thing to start with is to register on the service portal.
The second step will be the transition to a special channel dedicated to ASUS routers. All available applets are published there.
Now you need to bind a specific ASUS router to the service. Binding is carried out by entering the activation code generated by the router on the IFTTT page.
It is impossible not to mention the presence of the requirements that must be fulfilled for the successful binding of the router to the service. The WAN interface of the router must have a globally routable (white/valid/real) IP address. The presence of such an address is necessary in order that the IFTTT server can connect to the router, as the connection is established from the service to the router. The remaining two conditions are usually easier to fulfill: you need to connect the router to the DDNS service and provide HTTPS access to manage from the outside.
If the binding is successful, IFTTT displays the new device in the list of connected routers.
Once the router has been bound successfully, you can select the appropriate applets to use.
If there is no suitable one in the list, you can create it yourself by combining the trigger by which the applet will be launched and the desired action.
If this is not enough, you can suggest the idea of a new applet to developers describing in detail the principles of its operation.
Naturally, we decided to check the operation of the described mechanism, for which we used an applet that sends an e-mail message when a certain client device is connected to a wireless network.
After connecting the specified wireless client to the network, we received the following e-mail.
Galaxy-A8-2018 connected to Asus router on October 6, 2018 at 02:21AM
Of course, triggering and running the applet can be controlled using the web-interface of the IFTTT service.
This concludes our consideration of the work of the service IFTTT and pass on to examining the command line of the router.
CLI
To enable/disable access to the command line, use the “System” tab of the “Administration” menu. The specified access can be granted using Telnet and SSH protocols. Of course, for security reasons, we recommend using the latter.
To access the command line, use the same credentials as to access the router web-interface. Firmware tested model is built on the Linux operating system 3.10.104 using BusyBox 1.17.4. Frankly speaking, not the latest version of the kernel and BusyBox.
BLUE_CAVE login: admin
Password:
admin@BLUE_CAVE:/tmp/home/root# cd /
admin@BLUE_CAVE:/# uname -a
Linux BLUE_CAVE 3.10.104 #1 SMP Thu Jul 5 22:05:22 CST 2018 mips GNU/Linux
admin@BLUE_CAVE:/# busybox
BusyBox v1.17.4 (2018-07-05 22:02:06 CST) multi-call binary.
Copyright (C) 1998-2009 Erik Andersen, Rob Landley, Denys Vlasenko
and others. Licensed under GPLv2.
See source distribution for full notice.
Usage: busybox [function] [arguments]...
or: function [arguments]...
BusyBox is a multi-call binary that combines many common Unix
utilities into a single executable. Most people will create a
link to busybox for each function they wish to use and BusyBox
will act like whatever it was invoked as.
Currently defined functions:
[, [[, arp, arping, ash, awk, basename, blkid, cat, chmod, chown, chpasswd, clear, cmp, cp,
crond, cut, date, dd, devmem, df, dirname, dmesg, du, e2fsck, echo, egrep, env, ether-wake,
expr, fdisk, fgrep, find, flock, free, fsck, fsck.ext2, fsck.ext3, fsck.minix, fsync, grep,
gunzip, gzip, head, ifconfig, insmod, ionice, kill, killall, klogd, less, ln, logger,
login, ls, lsmod, lspci, lsusb, md5sum, mdev, mkdir, mke2fs, mkfs.ext2, mkfs.ext3, mknod,
mkswap, modprobe, more, mount, mv, netstat, nice, nohup, nslookup, pidof, ping, ping6,
printf, ps, pwd, readlink, renice, rm, rmdir, rmmod, route, sed, setconsole, sh, sleep,
sort, strings, swapoff, swapon, sync, syslogd, tail, tar, telnetd, test, tftp, top, touch,
tr, traceroute, traceroute6, true, tune2fs, udhcpc, umount, uname, unzip, uptime, usleep,
vconfig, vi, watch, wc, which, xargs, zcat, zcip
admin@BLUE_CAVE:/#
With the help of the command ps let's see what processes are running on the device at the moment. The top utility displays data on the current operation of the launched processes. We have placed the results of these utilities in a separate file.
We present the contents of /bin, /sbin, /usr/bin, and /usr/sbin in a separate file, along with the output of the sysinfo utility. For example, the /sbin directory contains a tcpcheck utility that allows you to check whether a particular TCP port is open on a particular host.
admin@BLUE_CAVE:/# tcpcheck
usage: tcpcheck [host:port]
admin@BLUE_CAVE:/# tcpcheck 192.168.1.1:22
usage: tcpcheck [host:port]
admin@BLUE_CAVE:/# tcpcheck 5 192.168.1.1:22
192.168.1.1:22 is alive
admin@BLUE_CAVE:/# tcpcheck 5 192.168.1.1:23
192.168.1.1:23 is alive
admin@BLUE_CAVE:/# tcpcheck 5 192.168.1.1:25
192.168.1.1:25 failed
Now let's go to the /proc directory and see what files are placed there, as well as find out the operating system and its average utilization, get information about the installed processor and the amount of RAM. In principle, the operating time and average system utilization can also be obtained by using the uptime system call.
admin@BLUE_CAVE:/# cd /proc
admin@BLUE_CAVE:/proc# ls
1 1388 308 7 device-tree mtd
10 14 3366 703 devices net
1003 15 3378 704 diskstats nvram
1004 1505 3395 709 dma pagetypeinfo
1007 1533 3396 716 dp partitions
1008 17 3397 8 driver ppa
1020 18 3402 859 execdomains proc_entry
1032 1863 347 866 fb sched_debug
1051 2 348 867 filesystems scsi
1067 225 349 889 fs segments
11 228 415 890 interrupts self
1103 229 447 894 iomem slabinfo
1105 231 462 9 ioports softirqs
115 242 5 914 irq stat
12 247 527 923 kallsyms swaps
1226 248 537 977 kcore swmcastsnoop
1228 249 5381 978 kmsg sys
1233 250 5383 984 kpagecount sysrq-trigger
1236 281 5387 bootcore kpageflags sysrst
1248 2868 5393 buddyinfo loadavg sysvipc
1250 2875 5415 bus locks timer_list
1251 2878 5433 cbm mcast_helper tmu
1254 297 5498 cgroups mcast_helper6 tty
1255 3 5820 cmdline meminfo uptime
1291 302 590 config.gz mips version
13 303 595 consoles mirror vmallocinfo
1326 304 6 cpuinfo misc vmb
1345 306 6064 crypto modules vmstat
1349 307 6295 dc_dp mounts zoneinfo
admin@BLUE_CAVE:/proc# cat uptime
2482.86 7175.38
admin@BLUE_CAVE:/proc# cat loadavg
3.01 3.14 2.98 1/114 6297
admin@BLUE_CAVE:/proc# cat cpuinfo
system type : GRX500 rev 1.2
machine : EASY350 ANYWAN (GRX350) Router model
processor : 0
cpu model : MIPS interAptiv V2.0
cpu MHz : 800.000
BogoMIPS : 513.63
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : dsp mt eva
shadow register sets : 1
kscratch registers : 0
core : 0
VPE : 0
VCED exceptions : not available
VCEI exceptions : not available
processor : 1
cpu model : MIPS interAptiv V2.0
cpu MHz : 800.000
BogoMIPS : 516.09
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : dsp mt eva
shadow register sets : 1
kscratch registers : 0
core : 0
VPE : 1
VCED exceptions : not available
VCEI exceptions : not available
processor : 2
cpu model : MIPS interAptiv V2.0
cpu MHz : 800.000
BogoMIPS : 516.09
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : dsp mt eva
shadow register sets : 1
kscratch registers : 0
core : 1
VPE : 0
VCED exceptions : not available
VCEI exceptions : not available
admin@BLUE_CAVE:/proc# uptime
08:46:29 up 41 min, load average: 3.01, 3.13, 2.97
admin@BLUE_CAVE:/proc#
Not to mention the utility nvram, which allows you to change important parameters of the device.
admin@BLUE_CAVE:/proc# nvram
usage: nvram [get name] [set name=value] [unset name] [erase] [show] [save file] [restore file] [fb_save file]
usage: nvram [save_ap file] [save_rp_2g file] [save_rp_5g file]
admin@BLUE_CAVE:/proc# nvram show | grep admin
size: 34394 bytes (92582 left)
http_username=admin
acc_list=admin>adminpassword
acc_webdavproxy=admin>1
admin@BLUE_CAVE:/proc#
For example, with the help of the nvram utility, you can disable STP on LAN ports of router ASUS Blue Cave.
admin@BLUE_CAVE:/proc# nvram show | grep stp
size: 34394 bytes (92582 left)
lan_stp=1
lan1_stp=1
admin@BLUE_CAVE:/proc#
admin@BLUE_CAVE:/proc#
admin@BLUE_CAVE:/proc#
admin@BLUE_CAVE:/proc# nvram set lan_stp=0
admin@BLUE_CAVE:/proc# nvram commit
admin@BLUE_CAVE:/proc# nvram show | grep stp
size: 34394 bytes (92582 left)
lan_stp=0
lan1_stp=1
admin@BLUE_CAVE:/proc# reboot
Unfortunately, not all supported network protocols can be managed by nvram. For example, we found that the ASUS Blue Cave wireless router uses LLDP.
fox_switch#sho lldp ne
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
GT-AC5300 Gi1/0/1 20 B,R 2c4d.5420.5ec0
BLUECAVE Gi1/0/2 20 B,W,R 2cfd.a100.5130
Total entries displayed: 2
fox_switch#sho lldp en BLUECAVE
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
------------------------------------------------
Local Intf: Gi1/0/2
Chassis id: 2cfd.a100.5130
Port id: 2cfd.a100.5130
Port Description: eth0_2
System Name: BLUECAVE
System Description:
Linux 3.10.104 #1 SMP Thu Jul 5 22:05:22 CST 2018 mips
Time remaining: 14 seconds
System Capabilities: B,W,R,S
Enabled Capabilities: B,W,R
Management Addresses:
IP: 192.168.1.1
Auto Negotiation - supported, enabled
Physical media capabilities:
1000baseT(FD)
1000baseT(HD)
100base-TX(FD)
100base-TX(HD)
10base-T(FD)
10base-T(HD)
Media Attachment Unit type: 30
Vlan ID: - not advertised
Total entries displayed: 1
As a result of check on the router it appeared that the lldpd daemon is actually started.
admin@BLUE_CAVE:/usr/sbin# ps | grep lldp
1512 admin 1856 S lldpd -L /usr/sbin/lldpcli -I eth0_1,eth0_2,eth0_3,eth0_4,wlan0,wlan2,eth1,
1518 nobody 1884 S lldpd -L /usr/sbin/lldpcli -I eth0_1,eth0_2,eth0_3,eth0_4,wlan0,wlan2,eth1,
10277 admin 1864 S grep lldp
To manage the LLDP, the lldpcli utility is located in the /usr/sbin directory.
admin@BLUE_CAVE:/usr/sbin# lldpcli -?
lldpcli: invalid option -- ?
Usage: lldpcli [OPTIONS ...] [COMMAND ...]
Version: lldpd 0.9.8
-d Enable more debugging information.
-u socket Specify the Unix-domain socket used for communication with lldpd(8).
-f format Choose output format (plain, keyvalue, json, xml).
-c conf Read the provided configuration file.
see manual page lldpcli(8) for more information
admin@BLUE_CAVE:/usr/sbin# lldpcli
[lldpcli] #
-- Help
show Show running system information
watch Monitor neighbor changes
update Update information and send LLDPU on all ports
configure Change system settings
unconfigure Unconfigure system settings
help Get help on a possible command
pause Pause lldpd operations
resume Resume lldpd operations
exit Exit interpreter
We decided to see what settings the protocol daemon works with and what network devices our router is connected to.
[lldpcli] # show
2018-05-05T12:46:22 [WARN/lldpctl] incomplete command
[lldpcli] # show ru
-------------------------------------------------------------------------------
Global configuration:
-------------------------------------------------------------------------------
Configuration:
Transmit delay: 10
Transmit hold: 2
Receive mode: no
Pattern for management addresses: (none)
Interface pattern: eth0_1,eth0_2,eth0_3,eth0_4,wlan0,wlan2,eth1,
Interface pattern for chassis ID: (none)
Override description with: (none)
Override platform with: Linux
Override system name with: BLUECAVE
Advertise version: yes
Update interface descriptions: no
Promiscuous mode on managed interfaces: no
Disable LLDP-MED inventory: yes
LLDP-MED fast start mechanism: yes
LLDP-MED fast start interval: 1
Source MAC for LLDP frames on bond slaves: local
Port ID TLV subtype for LLDP frames: unknown
Agent type: unknown
-------------------------------------------------------------------------------
[lldpcli] # show nei
-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface: eth0_2, via: LLDP, RID: 7, Time: 0 day, 01:35:06
Chassis:
ChassisID: mac 9c:57:ad:b0:34:80
SysName: fox_switch.foxnetwork.ru
SysDescr: Cisco IOS Software, C3560CX Software (C3560CX-UNIVERSALK9-M), Version 15.2(6)E2, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Thu 13-Sep-18 04:00 by prod_rel_team
MgmtIP: 192.168.1.100
Capability: Bridge, on
Capability: Router, on
Port:
PortID: ifname Gi1/0/2
PortDescr: GigabitEthernet1/0/2
TTL: 120
-------------------------------------------------------------------------------
You can use the show chassis command to find out the information that is sent about the local system.
[lldpcli] # sho cha
-------------------------------------------------------------------------------
Local chassis:
-------------------------------------------------------------------------------
Chassis:
ChassisID: mac 2c:fd:a1:00:51:30
SysName: BLUECAVE
SysDescr: Linux 3.10.104 #1 SMP Thu Jul 5 22:05:22 CST 2018 mips
MgmtIP: 192.168.1.1
Capability: Bridge, on
Capability: Router, on
Capability: Wlan, on
Capability: Station, off
-------------------------------------------------------------------------------
To change the LLDP settings, one should use the configure command.
[lldpcli] # conf
-- Change system settings
ports Restrict configuration to some ports
system System configuration
lldp LLDP configuration
med MED configuration
dot3 Dot3 configuration
[lldpcli] # conf por
-- Restrict configuration to some ports
WORD Restrict configuration to the specified ports (comma-separated list)
[lldpcli] # conf por s
[lldpcli] # conf ps system
-- System configuration
interface Interface related items
description Override chassis description
platform Override platform description
hostname Override system name
ip IP related options
bond-slave-src-mac-type Set LLDP bond slave source MAC type
[lldpcli] # conf system conf lldp
-- LLDP configuration
tx-interval Set LLDP transmit delay
tx-hold Set LLDP transmit hold
status Set administrative status
agent-type LLDP agent type
portidsubtype LLDP PortID TLV Subtype
capabilities-advertisements Enable chassis capabilities advertisement
management-addresses-advertisements Enable management addresses advertisement
custom-tlv Add custom TLV(s) to be broadcast on ports
Temporarily disable the Protocol, you can use the pause command, however, after restarting the daemon lldpd still runs with the standard settings.
At this point, the consideration of the command line interface capabilities is completed, let's move on to testing the device.
Testing
Traditionally, we start this section by measuring the boot time of the device, which we mean the time interval elapsed from the moment of power supply to the equipment to receive the first echo response via ICMP. ASUS Blue Cave wireless router boots up in 47 seconds. We think this is a good result.
The next no less traditional test was the security check of the device, carried out with the help of the network security scanner Positive Technologies XSpider 7.8 from the LAN-interface. In total, 15 open ports were discovered. The most interesting data obtained from the scan are presented below.
In the process of writing a section on the work of AiMesh technology, we analyzed the traffic that AiMesh nodes exchange with the router. In order to capture such a dump, we connected the Blue Cave and GT-AC5300 with a patch cord, in the gap of which a switch of another vendor was installed. This switch was organized mirroring of the passing traffic (SPAN-session). As a result, we found LLDP messages sent by both routers in the collected dump. We could not find standard ways to disable LLDP on ASUS equipment, so we consider it a vulnerability, as the use of LLDP potentially leads to unwanted disclosure. Although LLDP is a standard LAN Protocol (IEEE 802.1AB), which is often used in local networks, we believe that users should be able to easily and safely enable or disable it. For more information about how you can still disable LLDP, we have described in the section on the command line. We also decided to provide a dump containing the LLDP message sent by the ASUS Blue Cave router.
fox_switch#sho lldp ne
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
GT-AC5300 Gi1/0/1 20 B,R 2c4d.5420.5ec0
BLUECAVE Gi1/0/2 20 B,W,R 2cfd.a100.5130
Total entries displayed: 2
Before going directly to testing the performance of the device, we would like to acquaint readers with the main parameters of the used test stand. All measurements were made using JPERF utility version 2.0.2 for one, five and fifteen simultaneous TCP connections.
Component | PC | Laptop |
MB | ASUS Maximus IX Extreme | ASUS GL753VD |
CPU | Intel Core i7 7700K 4 GHz | Intel Core i7 7700HQ 2.8 GHz |
RAM | DDR4-2133 Samsung 64 Gbyte | DDR4-2400 Kingston 32 Gbyte |
NIC | Intel X550T2 ASUS PCE-AC88 |
Realtek PCIe GBE |
OS | Windows 7 x64 SP1 | Windows 10 x64 |
The performance of ASUS Blue Cave model when routing and transmitting traffic is predictably high and practically coincides with the wire speed.
If the translation is not performed, the obtained speeds are slightly lower. Here, however, it is worth noting that this is an extremely rare way to use such devices.
IPv6 routing bandwidth is comparable to that for the IPv4.
If the connection to the provider is made by means of tunnels, the users of ASUS Blue Cave will have to forget about Gigabit service plans, but in our country such speeds are still extremely rare. At speeds under connect Fast Ethernet model ASUS Blue Cave goes well.
We could not ignore the performance of the router when working in VPN server mode. The diagrams below show the speeds available to users on PPTP and OpenVPN connections.
Of course, we decided to find out how fast wireless clients can send and receive data. Measurements were made for both frequency bands.
To the USB port we connected our test SSD-drive Transcend TS256GESD400K of 256 GByte and measured the speed of access to the data placed on it. Measurements were made for five file systems: EXT2/3, FAT32, NTFS, and HFS. The results of the measurements are presented in the charts below.
This concludes our testing section and we move on to summing it all up.
Conclusion
In general, we are satisfied with ASUS Blue Cave, the new wireless router with an unusual design. Once again, we remind our readers that this form of housing is dictated by the desire to get rid of external antennas, and not to be limited by the internal antennas. Model Blue Cave is already on the list for ASUS wireless routers with support for wireless technology AiMesh to provide roaming to wireless clients. Also, the vendor began to add support for the IFTTT service to its routers; model Blue Cave was one of the first in which such support appeared. IFTTT service allows you to automate some routine operations and can be extremely useful for those who want to use all the features of a smart home without having to pay for a ready solution.
The strengths of the ASUS Blue Cave wireless router are listed below:
- high network performance in both wireless bands;
- IPv6 support;
- mobile application availability;
- high-speed access to data stored on an external USB drive;
- IFTTT service support;
- unusual design;
- AiMesh technology support;
- availability of built-in VPN client and server;
- MU-MIMO technology support;
- user network security functions;
- easy to setup.
Unfortunately, we cannot but point out the only discovered drawback of the device:
- the web-interface is not fully translated.
Naturally, we reported this to the manufacturer and received a notification that this cosmetic defect will be fixed in the nearest official firmware.
As of this writing, the best price for ASUS Blue Cave in German-speaking Europe countries, according to website Geizhals Preisvergleich, was about 200 euro. Despite the fact that the price seems relatively high, it fully corresponds to the capabilities of the device.
Wireless mesh-network or Tenda Nova
Introduction
Recently, we were approached by representatives of Tenda with a proposal to describe their new development - a wireless mesh-network built on the basis of the Tenda Nova equipment line. No, of course, the very idea of mesh-networks is not new. Moreover, in the modern world, it is no longer necessary to reinvent the wheel; there are a number of solutions and standards, you just need to create equipment with the support of one of them. As a device for consideration, we were offered the Tenda Nova MW6-2 model, which allows us to build a mesh-network based on the IEEE 802.11s standard. But do not be afraid, users do not need to understand all the details of the standard - the Tenda Nova mesh system works out of the box.
Many of our readers, for sure, have already come across mesh-networks, for example, we mentioned support for such networks by other vendors. Let's try to dig a little deeper and deal with some details of the functioning of mesh networks in the implementation of Tenda.
Modern Wi-Fi routers provide a large coverage area but it can be difficult to cover rooms with thick walls, reinforced concrete structures and other obstacles that prevent the spread of Wi-Fi signal. There are “dead zones”. Traditionally, the problem was solved by installing repeaters (extenders) or additional access points in such places but this approach is not without flaws:
- repeaters, although they help to enhance the Wi-Fi signal but usually half the bandwidth is lost;
- access points provide more bandwidth but this requires a wired connection to the rest of the network;
- a new network is created (with its SSID and password); thus, changing your location, you need to reconnect by entering a password.
Everything is simplified if you use a Wi-Fi mesh system.
External design and hardware
We will consider wireless mesh-networks based on the MW6 kit. Different MW6 kits are available for order, including one, two or three nodes; before purchasing, you must make sure that the exact kit is in order.
Each node of the wireless-mesh network is a plastic cube, similar to a simplified Rubik's cube, which cells are white. Devices with such a body do not need to be hidden, the design is very pleasant. Nova units use internal antennas, making it easy to fit into almost any interior. The block dimensions are 100x100x100 mm with a mass of just 410 g.
On the top panel there is a small LED that displays the status of the device and its connection to the network.
The top panel and all side panels do not carry any connectors; the bottom panel of the unit is used for connection, on which, in addition to the ventilation grate and stickers with brief information, there are two Gigabit Ethernet interfaces and a DC-in port for power supply. There are also four rubber feet and a recessed Reset button. The purpose of each wired network interface is marked on the label; however, the separation between LAN and WAN is relevant only for the “main” node, all other blocks use both Gigabit Ethernet ports as LAN interfaces. These wired interfaces can be used to connect a TV or game console in situations where there is no possibility to carry a dedicated Ethernet cable for them.
Each unit for its work requires an external power source (supplied) with the following characteristics: 12V and 1.5A.
Now let's look inside the case and find out which elemental base the model MW6 is built on. The electronics of the model under consideration is represented by two textolite boards, one of which houses network ports and a power input connector. In fact, this board is an adapter, since there is no significant silicon on it. SoC Realtek RTL8197FS, operating at a frequency of 1 GHz, as well as 128 MBytes RAM and a 16 MBytes flash drive are located on the main board. In addition, the Realtek RTL8363NB switch is located on the main board.
This concludes a cursory review of the hardware platform and proceeds to the brief basics of the functioning of mesh networks.
Mesh-networks
Wireless mesh-networks, that is, networks with a mesh topology, are a promising and constantly evolving area. With the use of mesh networks, the dream of seamless roaming in Wi-Fi networks can become a reality today. Wireless mesh networks can be easily and efficiently, and most importantly without laying additional wires, used to connect entire cities to the global network. Of course, in this review we do not aim at such a scale but the technologies used in the Tenda MW6 are the same.
Consider the classic concepts and protocols used in mesh-networks.
Let's first define the terminology. In conventional wireless networks based on the IEEE 802.11 standards, two types of devices are defined: STA - end stations (subscriber devices) and access points (AP - Access Points). Access points are also connected to networks of other technologies, for example, Ethernet. Client stations can communicate only with access points. For IEEE 802.11s wireless mesh-networks, a special type of device is defined - mesh points (MP - Mesh Points) that interact with each other and support mesh services. Mesh points can be combined with classic access points. Such a hybrid is called MAP - Mesh Access Point. MPP - Mesh Point Portal is responsible for the connection of the mesh-network with the "outside" world.
The mesh points independently choose the most optimal route using a variety of dynamic routing protocols. The dynamic routing protocols in a mesh network differ from those known to us over wired networks (for example, OSPF, RIP or BGP) but the basic principles are very similar.
The main advantage of wireless mesh networks is that they are actually wireless. Ordinary large Wi-Fi networks require a basic wired network for their work, while wireless channels are used for communication between points in mesh networks. Only one point must be connected to the wired network. It’s probably worth noting that the Tenda Nova series devices allow using both wireless and wired channels (if available) to communicate with each other, that is, the mesh topology is formed regardless of the method of communication between nodes at the physical level.
However, let's go back to the routing protocols used in wireless self-organizing networks. One of such protocols is AODV - Ad Hoc On-Demand Distance Vector, that is, the distance-vector protocol with the establishment of communication on demand. The essence of his work is that the calculation of the path is made at the request of the sender, that is, when there is user traffic for transmission over the network. The figure below shows the distribution directions for RREQ requests (red arrows) and RREP responses (green). The calculated routes are saved as long as they are necessary for the sender. AODV is suitable for both unicast and multicast traffic. A more detailed description of the protocol can be found in RFC 3561.
DSR - Dynamic Source Routing, in many respects similar to AODV, however DSR performs source routing. In its work, DSR relies on two mechanisms: Route Discovery and Route Maintenance. The first is responsible for finding the optimal path, the second ensures its maintenance in the event of changing network parameters. Source routing relieves intermediate mesh points from maintaining the routing table, since the entire route is defined by the point sending the data to the network. The DSR protocol is described in RFC 4728.
DSDV - Destination-Sequenced Distance-Vector Routing is based on the Bellman-Ford algorithm. Each entry in the routing table has a sequence number, which marks the accessible (even sequence number) and inaccessible (odd number) networks. For its work, it requires periodic distribution of route updates, which is attributed to its shortcomings, since even during network downtime, service information continues to be transmitted. The advantage in this case will be a faster readiness of the route before use.
TORA - Temporally Ordered Routing Algorithm uses a Directed Acyclic Graph (DAG) with a root at the destination. In this graph, there are no directed cycles, although the existence of parallel paths is allowed. In essence, a DAG is an association of trees (forest).
What is implemented in a series of devices Tenda Nova? Wi-Fi mesh-system consists of several network components - blocks. Directly to the modem or provider connects the main unit, and the rest (satellites) are located throughout the house or apartment. The satellites themselves (automatically) communicate with the main unit and with each other, forming a single wireless network that has one common SSID and password. Thanks to mesh technology, a system delivers a powerful signal to a user device in a lossless fashion. Like ordinary dual-band routers, wireless mesh systems operate on standard 2.4 GHz and 5 GHz frequencies.
Inside the wireless transport network, Mesh Points use their own routing protocol, which incorporates the best of the standard protocols listed above. The implementation of the routing and forwarding of traffic over the network directly affects the efficiency of the mesh networks and the loading of transmission channels, that is, the performance of the entire network as a whole. The routing protocol uses more complex metrics when choosing the best path, and not just the number of poins along the traffic path. Thus, mesh networks are resistant to failures of wireless channels, quickly select the data transfer alternate path to avoid long service interruptions, support traffic management services and load balancing.
The number of points used in such a mesh network will depend on the number and activity of wireless clients, as well as on the areas where it is necessary to ensure stable operation of the wireless network. The most common scenarios are:
- spacious city apartment - 2 blocks;
- medium or large country house, or a small office - from 3 blocks;
- large suburban area or office - up to 9 devices located in different rooms.
This concludes a brief study of the fundamentals of the functioning of mesh networks and proceeds to consider the management interface of the Tenda MW6 model.
Management
Although the Tenda Nova range of devices is ready to work with the minimum settings, you still have to change some configuration parameters. There is neither the usual web interface, nor the command line; all management is performed using a specialized utility Tenda WiFi, installed on the smartphone. We have to admit, we were somewhat discouraged. Yes, in our opinion, the ability to control devices using the utility is an excellent option but as an addition to the web interface. Consider the possibilities for setting up a home network provided by the Tenda WiFi utility.
When you first start the application Tenda WiFi determines the wireless network to which the smartphone is connected. For further work, it is necessary that the connection be made to a wireless network organized by MW6.
In order to proceed with the initial setup, you need to connect Tenda Nova to WAN/Internet. Immediately it should be noted that all the devices in the kit are the same, that is, you can connect the provider to any of the units.
Several types of connection to providers are supported: static and dynamic (DHCP) IP address, PPPoE, as well as tunnel connections that are so popular in the post-Soviet space using PPTP and L2TP protocols.
Immediately it is worth noting that the list of supported connection types depends on the interface language of the smartphone. The TendaWiFi application determines the interface language and it displays connection options.
The next step is to set up the SSID and password. The network name and password are the same for all nodes and both ranges. Also, it should be noted that the Tenda Nova always uses strictly fixed wireless channels: No. 6 in the 2.4 GHz band and No. 40 in the 5 GHz band which was done to improve the stability of the wireless network. But, we must admit, we are somewhat surprised by this decision. Also, you can not change the encryption type - only WPA2 PSK. True, in this case we have no objections.
It is time to add the rest of the Nova devices to the newly created mesh network. Tenda Nova mesh network nodes can be connected to each other using wire or wireless channels. If there are several available links, the following preference scheme is used (in descending order): Ethernet -> Wi-Fi 5 GHz -> Wi-Fi 2.4 GHz.
After the material was already written, we discovered the appearance of an updated version of the mobile application which made it possible to add a satellite block, simply by scanning its label or typing the serial number manually.
After all the necessary devices have been added, you must specify the credentials that will be used to access the router and the mesh network.
Looking ahead, we would like to note that management can be done not only with a single smartphone, that is, it is possible to add several administrative accounts.
That’s it, initial setup of the device is complete. No additional configuration of the mesh network was required. The main screen of the Tenda WiFi application now displays all the nodes included in the mesh network and the connections between them.
For each node of the mesh network, you can view additional information, as well as specify its location.
It should be added that it is possible to combine not only equipment of the MW6 model into one mesh-network but also another, for example, MW3. That is, in fact, users can build a single network using different Tenda wireless devices. The only thing to remember is the existing limit on the maximum number of nodes in such a mesh network. Up to ten wireless devices on the network are currently supported (up to six are recommended). One MW6 device can serve 30-35 wireless clients, so a set of three cubes can serve up to 100 wireless clients. In addition to the number of simultaneously served wireless clients, the coverage area provided by the mesh network must also be considered. For example, a network with two nodes provides reliable coverage on areas up to 300 m2. While a network with three nodes already allows you to expand this area to 500 m2. But, perhaps, the main advantage will be the possibility of placing the nodes of the mesh network in the most convenient place, which will ensure the best network performance and the client devices connected to it by selecting the unit for connection that allows wireless clients to work at maximum speed.
If necessary, the network administrator can view detailed information about all connected wireless clients, as well as add devices to groups.
We decided not to stop there and consider all the other settings available to users.
There is no desire to show the password from your Wi-Fi network? No problem - create a temporary guest network.
If there is a child in the house, the Tenda NW6 wireless equipment will allow you to introduce additional rules for controlling access to the global network for devices used by the child.
Mesh network allows you to significantly expand the coverage of a wireless network. However, in the process of use, negative emotions may still appear associated with the process of reconnecting the client device between the nodes of the mesh network. Standard roaming can lead to noticeable loss of traffic, which is particularly acute during audio and video calls. To avoid these problems will help the inclusion of support for fast roaming. It is also worth noting the presence of technology MU-MIMO which allows parallel data transfer for several wireless users connected to one unit. Naturally, users connected to different Tenda Nova units could even perform parallel transmission without this option, since different units use different wireless channels, which does not lead to collisions.
Like any regular SOHO router, the Tenda MW6 allows port forwarding, providing remote users with an opportunity to connect to resources within the local network.
With appropriate support from the application, the ports of the transport protocols can be opened automatically using the UPnP.
Naturally, the address of the LAN interface can be changed. Perhaps, it is worth noting that we are talking about the address of the control device, since all other network elements receive IP addresses dynamically.
The manufacturer includes support of quality of service (QoS). However, there are no fine settings here. They may appear in the next firmware versions.
By the way, you can also update the firmware using a mobile utility. Of course, this requires a connection to the global network.
After updating the firmware, a number of new features become available to users. These include, for example, the option of intelligent assistant and high performance.
If necessary, the administrator can configure an automatic reboot of devices that provide the mesh network. The reboot is performed on certain days of the week and at the specified time.
This concludes consideration of the capabilities of the mobile application Tenda WiFi.
Testing
Since the manufacturer asked us to review mesh networks based on the Nova device line and not to do the traditional testing for us, you will not find our usual tests in this section. But we couldn’t, of course, be able to completely leave the reader without the results of measuring performance. The table below presents the main parameters of our test bench.
Component | PC | Laptop |
MB | ASUS Maximus IX Extreme | ASUS GL753VD |
CPU | Intel Core i7 7700K 4 GHz | Intel Core i7 7700HQ 2.8 GHz |
RAM | DDR4-2133 Samsung 64 GByte | DDR4-2400 Kingston 32 GByte |
NIC | Intel X550T2 ASUS PCE-AC88 |
Realtek PCIe GBE ZyXEL NWD6605 |
OS | Windows 7 x64 SP1 | Windows 10 x64 |
JPerf utility version 2.0.2 was used to generate traffic. Measurements were made for 1, 5 and 15 simultaneous TCP connections.
We decided to start by finding out the data transfer rates that will be available to wireless clients connected to both frequency bands. Measurements were made at relatively close locations of the MW6 and wireless clients (in line of sight), so the transmission speeds in real conditions can differ significantly from those measured by us.
Since the Tenda MW6 is a wireless mesh system, we decided to find out which users can count on the maximum performance of the wireless channel between the nodes of the mesh network. The measurements were performed using two wired clients connected to two neighboring nodes (primary and secondary) of the mesh network.
In conclusion, we decided to measure the time of network convergence, that is, we figured out how long the mesh network could detect changes and adapt to them. We had a Tenda MW6 kit of two devices at our disposal, so obviously, we were very limited in our testing methods. We placed both blocks in close proximity to each other and connected them with a patch cord. Since the cable connection of the blocks takes precedence over the wireless connection, the traffic between the nodes was transmitted over twisted pair. Then we physically disconnected the cable and measured the time after which the flow of traffic between the nodes would be restored, that is, it would switch to a wireless link. Mesh-system Tenda Nova adapted in about 54 seconds. In our opinion, this is a rather long convergence time, however, as it seems to us, it will be quite acceptable for most home users.
Now let's summarize.
Conclusion
A set of nodes for building a wireless mesh network Tenda MW6 allows you to build a stable wireless network in a country house or a large city apartment. A distinctive feature of the implementation is the readiness of the equipment to work almost out of the box, that is, with minimal settings. The nodes of the mesh network will automatically build the most optimal topology themselves, over which user data will be transmitted. The scalability of the solution, which goes far beyond the capabilities of one devices set, allows providing a wireless connection to rooms with a very large area, providing wireless clients with the possibility of smooth reconnection to another node when moving within the coverage area.
The strengths of the system include the following:
- support fast roaming (IEEE 802.11r / v);
- the ability to create a guest network;
- nice design;
- the possibility of combining a mesh-network devices of different models;
- mobile application;
- the possibility of independent operation of each of the nodes;
- easy setup;
- parental control function;
- the possibility of both wired and wireless nodes peering.
The lack of a web interface we can not call a problem or a flaw. Of course, we understand that many users have long been more comfortable with setting up equipment using a mobile application installed on a smartphone. However, in our opinion, the good old web interface would also be a popular way to manage the network. We would also like to see support for the IPv6 protocol in such devices; we very much hope that the manufacturer will soon add it.
At the time of writing this review, the best price for a set of two Tenda MW6 devices in German-speaking Europe countries, according to website Geizhals Preisvergleich, was about 164 euro, while a set of three nodes would cost approximately 166 euro. Before buying, be sure to specify how many devices will be included in the purchased kit.
Answers to emerging questions about the functioning of the Tenda mesh systems can be found on the official website of the manufacturer. Information about all new updates will also be available here.
Introduction
It’s been more than two years since we tested Zyxel Keenetic Ultra II and Giga III wireless routers. Yes, time spins away. Today in our laboratory we have Keenetic Giga KN-1010 wireless router. Let’s review which new capabilities were added and how the performance of wireless routers has changed after Keenetic department became a separate company.
External design and hardware
Keenetic Giga KN-1010 wireless router comes in gray and white plastic case with the dimensions 214x154x33 mm (not considering external antennae). The device weighs 488 g. To operate properly KN-1010 needs an external power adapter (included to the box) with the following characteristics: 12V and 2,5 A.
There are a 3D vendor name, LEDs indicating state of the whole device and its wired and wireless interfaces on the front panel. In addition, button for managing wireless network is located here.
Keenetic KN-1010 wireless router has four external turning non-detachable antennae placed on the rare panel of the case and its sides.
The remarkable part of the sides is covered with the ventilation grate. Except for it, two USB ports (one USB 2.0 and one USB 3.0) are placed on one side and two additional configuring buttons for managing additional device parameters are located here, too.
Except for two antennae, five Gigabit Ethernet ports (one WAN and four LAN) with LEDs indicating their state, slot for power connection and sunken Reset button are placed on the rare panel. It’s worth noting that WAN-interface of the testing wireless router is a combo one: the user can connect to the Internet both with the help of twisted pair and optical fibers by using special transivers.
The bottom panel is rather traditional: the ventilation grate, four big rubber legs, two technological holes for mounting the router to the wall and sticker with brief information about the device are located here.
Now let’s take a look at the insides of KN-1010 case.
The hardware of Keenetic KN-1010 wireless router consists of the only green textolite plate which main elements are placed on its both sides. MediaTek MT7621AT dual-core processor working on 880 MHz and MT7615D wireless module of the same vendor are covered with protecting screens are not available for review, whereas DDR Nanya NT5CC128M16IP-DI RAM chip of 256 Mbytes is available.
On the bottom side of the plate Spansion S34ML01G200TFI000 flash-memory module of 128 Mbytes and Realtek RTL8211FS switch chip with five Gigabit Ethernet ports are placed. The given switch is responsible for working with WAN-port (select of SFP or RJ-45), whereas switching of data transmitting via LAN-ports is performed by gigabit switch built into the processor.
That’s where we complete Keenetic KN-1010 wireless router hardware review and go to reviewing its firmware capabilities.
Firmware update
Firmware update can be carried out in General settings menu item, Administration group of the web-interface. The users can prefer automatic or semi-automatic firmware update mode. One should be connected to the Internet to update firmware using any of this ways.
The whole firmware update process takes about 1,5 minutes and doesn’t require any special knowledge from the user.
Ability of manual Keenetic Giga firmware update is also available to the users, to use it one should click Replace the file button in firmware section of System files group of General settings menu item and select file with the new firmware version.
Firmware used for Keenetic wireless routers has module structure that allows the administrator to install only components that are really needed. One can select components for installation on General Settings page. Amount of available components is really surprising.
By default, only two firmware lines are available to the administrator: stable (release) and more dynamically developing beta-version. However, in addition, firmware of other lines can be available to the administrator. One can perform update to developing firmware versions either with the help of a special firmware file which can be retrieved from vendor technical support or by downloading it from the forum or by entering two hidden commands: components list draft and components commit (Internet connection is necessary).
One can turn on/off automatic firmware update and change list of installed components using command line interface.
(config)> components
list - show an available component list
install - install or remove a component
remove - remove the component from this system
preset - select a predefined set of components
preview - show firmware info
commit - apply selected component set
validity-period - set a validity period of a local component list
auto-update - manage firmware components auto-update settings
(config)> components install opkg
Components::Manager: Component "opkg" is queued for installation.
(config)> com
components - manage firmware components
(config)> components comm
commit - apply selected component set
(config)> components commit
Components::Manager: Update task started.
If necessary, the administrator can update device firmware using files located on the external USB drive. We copied file with new firmware version to our small flash-card and connected it to the router. After flash-card connection a new drive from which we are going to perform copying of firmware was detected by the system.
(config)> ls
Usage template:
ls [{directory}]
Choose:
ndm:/
flash:/
temp:/
proc:/
sys:/
storage:/
usb:/
9A8ABCA98ABC8375:/
STORAGE:/
(config)> ls 9A8ABCA98ABC8375:/
rel: 9A8ABCA98ABC8375:/
entry, type = R:
name: firmware
size: 13893692
(config)> copy
Usage template:
copy {source} ({destination} | {destination})
Choose:
ndm:/
flash:/
temp:/
proc:/
sys:/
storage:/
usb:/
9A8ABCA98ABC8375:/
STORAGE:/
log
running-config
startup-config
default-config
(config)> copy 9A8ABCA98ABC8375:/f
Usage template:
copy {source} ({destination} | {destination})
(config)> copy 9A8ABCA98ABC8375:/firmware
Usage template:
copy {source} ({destination} | {destination})
Choose:
9A8ABCA98ABC8375:/firmware ndm:/
9A8ABCA98ABC8375:/firmware flash:/
9A8ABCA98ABC8375:/firmware temp:/
9A8ABCA98ABC8375:/firmware proc:/
9A8ABCA98ABC8375:/firmware sys:/
9A8ABCA98ABC8375:/firmware storage:/
9A8ABCA98ABC8375:/firmware usb:/
9A8ABCA98ABC8375:/firmware 9A8ABCA98ABC8375:/
9A8ABCA98ABC8375:/firmware STORAGE:/
9A8ABCA98ABC8375:/firmware log
9A8ABCA98ABC8375:/firmware running-config
9A8ABCA98ABC8375:/firmware startup-config
9A8ABCA98ABC8375:/firmware default-config
(config)> copy 9A8ABCA98ABC8375:/firmware flash:/firmware
FileSystem::Repository: Firmware update started.
One can check success of firmware update process using show version command.
(config)> show version
release: 2.11.C.1.0-3
arch: mips
ndm:
exact: 0-fbd6e4f
cdate: 11 Apr 2018
bsp:
exact: 0-e2dc116
cdate: 11 Apr 2018
ndw:
version: 4.2.3.114
features: wifi_button,wifi5ghz,usb_3,usb_3_first,
led_control,vht2ghz,mimo5ghz,dual_image,nopack,
flexible_menu,emulate_firmware_progress
components: angular-ndw,ddns,dot1x,fat,hfsplus,interface-
extras,kabinet,miniupnpd,nathelper-ftp,nathelper-h323,
nathelper-pptp,nathelper-rtsp,nathelper-sip,ntfs,ppe,
trafficcontrol,usblte,usbserial,cloud,cifs,base,
cloudcontrol,components,config-ap,config-client,config-
repeater,corewireless,dhcpd,dlna,easyconfig,ftp,igmp,
l2tp,madwimax,pingcheck,ppp,pppoe,pptp,skydns,storage,
transmission,usb,usbdsl,opkg,usbmodem,usbnet,ydns,
printers,theme-Keenetic,base-theme,sysmode,base-l10n,
easyconfig-3.2,modems,ispdb,base-Intl
manufacturer: Keenetic Ltd.
vendor: Keenetic
series: KN
model: Giga (KN-1010)
hw_version: 10108000
hw_id: KN-1010
device: Giga
class: Internet Center
That’s where we proceed to completion of description of different ways for Keenetic wireless routers firmware update and go directly to exploring its web-interface capabilities.
Web-interface
One can get access the router web-interface using any modern browser. In addition, managing the device can be performed with the help of mobile apps available for the systems based on Android and iOS. The web-interface of KN-1010 model is available in three languages: Russian, English, and Ukrainian.
The vendor decided to display a prompt message about the way of password reset (and, certainly, all user settings as well) directly on control panel login form.
Upon successful authentication the user is navigated to the router web-interface start page where the information about the use of Internet channel and wired interfaces statuses, connected devices, wired and wireless clients is presented. Except for it, with the help of this page the administrator can control running apps, among which are various VPN servers and file access protocols, torrent clients and proxies for IPTV watching. The brief information about the system is also presented on the start page.
It’s worth noting that in the given review we will describe the new web-interface that just recently became available on Keenetic wireless routers. During some time traditional version of the web-interface will be also available to the users, to navigate to it one should use «Go back to the previous design» link. However, we didn’t find a way to go back to the new web-interface version so to do this one should reconnect to the device.
With the help of Wired menu item of Internet group the administrator can perform setting of wired network operator connection parameters and select main connection in case Keenetic Giga has connections to different Internet providers simultaneously. Among available ways of connection there are all standard and widely used ones: static and dynamic IP addresses (it is IPoE term so adorable by marketers) and PPPoE/L2TP/PPTP tunnels. We cannot help but mention the support of authentication using IEEE 802.1X.
Have you obtained Keenetic Giga wireless router with wired Gigabit Ethernet ports, however for Internet access connection via ADSL/VDSL is needed or only wireless operators are available in the given area? - It’s not a big deal! One can connect wired xDSL modem or wireless modem with the support of 3G/4G networks to USB ports of the testing model. Corresponding settings are provided in 3G/4G modem and ADSL/VDSL modem menu items of the same group.
Except for the option of connection to mobile operators wireless networks Keenetic Giga provides the users with the ability of connection to wireless networks of Wi-Fi providers, the corresponding setting is available in Wireless ISP menu item.
In Internet group the only item is left for our review: Other connections. Here the administrator can configure parameters of VPN connections working in which KN-1010 router plays role of a client or peer. The following types of tunnels are supported: PPPoE, PPTP, L2TP, L2TP/IPsec, OpenVPN and 6in4. Connections via IPsec are performed in site-to-site mode. SSTP support will be available in the firmware versions since 2.12.
Device list menu item of My networks and Wi-Fi group allows the administrator to view the list of currently connected devices and parameters of their connection. A pleasant peculiarity is an ability to block Internet access for unregistered devices or set speed limit for them. To be reasonable, it’s worth noting that speed limit can be set for registered devices as well, in addition to it, the administrator can configure schedule in accordance to which Internet access will be provided to this or that client.
Now let’s have a look at Home network menu item of the same group. With the help of this item the administrator can not only set SSID for each Wi-Fi frequency range and main parameters of their work (including schedule) but also set IP address for LAN interface, configure DHCP server parameters, perform configuration of virtual networks and activate IGMP Proxy option that provides access to IPTV service of the local network operator. We cannot help but mention the support of Band Steering option with the help of which the router can dynamically distribute wireless clients, which support operating in both frequency ranges, between wireless networks.
One can prohibit access to the wireless router web-interface or limit Internet access speed for clients connecting to guest wireless network. If it is necessary to organise public Internet access with user authorization, one can user Captive portal option. It’s also worth noting that Captive portal function supports remarkable amount of third-party services for user authorization, however if due to some reason there is no needed provider in the list, one can configure parameters of connection to it manually. We also consider interesting an ability to connect to guest network not only wireless clients but also wired devices connected with particular LAN ports of the router. So, for example, one can create selected segment for friends of his/her child or for IoT (Internet of Things). All listed configurations are presented in Guest segment menu item.
Each parent would like to protect his/her child from inappropriate content and protect his/her devices from viruses and network attacks. Internet safety menu item of Network rules group can help with it. Filtration is performed with the use of third-party DNS servers that perform rating of Internet resources.
To use an ability of manual creation of filtration rules, one should go to Firewall menu item of the same group.
In the local network behind Keenetic Giga wireless router a service to which one should provide access from the Internet can be placed. In this case the administrator should go to Forwarding menu item with the help of which configuration of forwarding rules for incoming packets for TCP and UDP ports is performed.
One can manage static routes using Routing item of the same menu group.
Often operators provide users with dynamic IP addresses that make more difficult sharing resources located in the local network behind the router. DDNS service that allows dynamic updating binding of domain name and IP address can help in this case. Corresponding setting is available in Domain name menu item. It’s worth noting that except for widely known operators providing dynamic DNS service, KeenDNS service with a bit wider functionality is supported. So, for example, with the help of this service the users can have an ability of remote managing the router via HTTPS even if the device is located behind NAT/PAT provider. Except for managing, remote setting of SSTP tunnel (at the moment when this review was being written the given option was available in beta firmware versions) for connection to the devices of the home network is available. Some users can prefer ability to connect to different devices of home network using fourth level domains.
Choice of options necessary to the user can be performed with the help of User-defined options menu item of Management group. Here one can turn on/off torrent client and file services, VPN services and UDP proxy. In addition, setting of the services is performed with the help of this page.
One can manage users and their access rules with the help of Users item of the same menu group.
The number of options available for update to the administrator in System settings item is really significant. So, for example, here one can select operation mode of the device and parameters of system updates (including ability of changing set of installed components), view and replace system files, activate support of cloud service, manage working of buttons placed on the router case, configure speeds of network interfaces and USB ports.
With the help of Diagnostics menu item of Management group the administrator can perform checking of particular network hosts availability, view router system log, view the list of active connections, enable the debug mode, and perform packet capture.
Installation of additional extension packages is performed with the help of OPKG item of the same menu group.
In case of Zyxel Keenetic Plus DECT availability DECT base station managing its operation parameters is performed with the help of menu items of Telephony group.
That’s where we could complete the web-interface review, but…
There are several firmware versions for Keenetic wireless routers, the most famous among them are the following: stable (release), preliminary (beta) and debugging. It’s also worth noting that technical support of the vendor provides consultancy only for release and beta versions, we also don’t recommend installing debugging versions without really need. All new functions become available firstly in the debugging firmware versions and are available to enthusiasts for testing. Obviously, we decided to perform update to the latest available debugging and beta versions and check which changes will be available to the users in the short term.
New firmware versions will add new item Connection priorities to Internet group of the web-interface menu. With the help of Internet connection policies tab the administrator can create access profiles managing the order of using connections to providers.
More interesting, from our point of view, is Policy bindings that is the second tab of the same menu item. Using it one can perform binding of particular registered devices to access profiles that allows different wired and wireless clients to use different Internet connections. That’s the first step to realization of PBR - Policy Based Routing function.
User defined options item of Management group is extended with additional option SSTP VPN server.
A pleasant peculiarity of VPN server SSTP is an ability of users connection to it even in case of absence of globally routed (white/valid/real) IPv4 address. Connection is performed via the cloud supported by the vendor. The connection via the cloud can also be used for remote managing the device in case of real address absence.
It’s also worth noting that Keenetic Giga can play role of a client for connection via SSTP, corresponding setting is available in Other connections item of Internet menu.
When this review was being prepared for publication, Keenetic representatives notified us that firmware of 2.12 version is moved from debugging to beta version without any additional manipulations. But the most important point here is that official support is provided for beta versions so users can apply to the vendor technical support in case of any difficulties on using any of described new functions.
Now let’s turn to reviewing the command line capabilities of the device.
Command line
We will not review all capabilities of Keentetic wireless routers command line but describe the most interesting of them. To be reasonable, it’s worth noting that command line has more consistent functionality comparing with the web-interface. Okay, let’s start.
Command line of Keenetic Giga KN-1010 is provided as command interpreter and the users don’t have access to shell. The interface under review is similar to CLI of Cisco Systems devices, however it has many differences. To access the command line one should enter login and password which are the same as for web-interface authentication.
Login: admin
Password: **********
(config)>
system - maintenance functions
ntp - configure NTP
schedule - schedule configuration
known - manage lists of known network objects
access-list - configure network access lists
isolate-private - configure if traffic may pass between "private" interfaces
user - configure user account
dyndns - configure DynDns profiles
ndns - configure NDNS
yandexdns - configure Yandex.DNS profiles
skydns - configure SkyDns profiles
nortondns - configure Norton ConnectSafe DNS profiles
adguard-dns - configure AdGuard DNS profiles
ping-check - configure ping-check profiles
interface - network interface configuration
ip - configure IP parameters
pppoe - configure PPPoE parameters
ipv6 - configure IPv6 parameters
kabinet - configure kabinet authenticator
ppe - Packet Processing Engine configuration
upnp - configure UPnP parameters
torrent - configure torrent service parameters
udpxy - configure udpxy
crypto - configure IPsec
igmp-proxy - configure IGMP
dect - configure DECT parameters
snmp - configure SNMP service
sstp-server - configure SSTP VPN server
vpn-server - configure PPTP VPN server
service - manage services
cifs - manage CIFS service
dlna - manage DLNA service
dns-proxy - manage DNS proxy service
afp - manage AFP server service
whoami - display info about the current management session
printer - printer configuration
more - view text file
ls - list directory contents
copy - copy files
erase - erase file or empty directory
access - set user access for directory
monitor - manage monitor services
show - display various diagnostic information
tools - tools for testing the environment
opkg - Open Package configuration
ntce - NTCE settings
easyconfig - configure Easyconfig services
bwmeter - bandwidth meter
components - manage firmware components
cloud - manage cloud services
Several configuration modes are supported for such devices. For example, to update parameters of a particular interface one should go to a corresponding mode.
(config)> int
interface - network interface configuration
(config)> interface
Usage template:
interface {name}
Choose:
Pvc
Vlan
CdcEthernet
WiMax
UsbModem
RealtekEthernet
AsixEthernet
Davicom
UsbLte
Yota
Bridge
PPPoE
SSTP
PPTP
L2TP
OpenVPN
IPIP
TunnelSixInFour
Gre
EoIP
TunnelSixToFour
Chilli
GigabitEthernet0
GigabitEthernet0/0
1
GigabitEthernet0/1
2
GigabitEthernet0/2
3
GigabitEthernet0/3
4
GigabitEthernet0/Vlan1
GigabitEthernet0/Vlan3
GigabitEthernet1
ISP
GigabitEthernet1/0
0
WifiMaster0
WifiMaster0/AccessPoint0
AccessPoint
WifiMaster0/AccessPoint1
GuestWiFi
WifiMaster0/AccessPoint2
WifiMaster0/AccessPoint3
WifiMaster0/WifiStation0
WifiMaster1
WifiMaster1/AccessPoint0
AccessPoint_5G
WifiMaster1/AccessPoint1
WifiMaster1/AccessPoint2
WifiMaster1/AccessPoint3
WifiMaster1/WifiStation0
UsbDsl0
Bridge0
Home
Bridge1
Guest
For wireless interfaces the user can manage transmission power, wireless channel and modes of compatibility. Also the administrator can specify country code where the given device is used. For all interfaces including wireless ones the administrator can restrict maximum user data transmission speed using traffic-shape command.
(config)> interface WifiMaster0
Core::Configurator: Done.
(config-if)>
rename - change interface name
description - set interface description
role - interface role configuration
traffic-shape - set traffic rate limit
dyndns - DynDns updates
tx-queue - set TX queue length
mac - configure MAC parameters
debug - enable connection debugging
rf - change RF settings
ip - configure IP parameters
ipv6 - configure IPv6 parameters
country-code - set country code
compatibility - set 802.11 compatibility (use parameters like BG or ABGN)
channel - set radio channel
power - set transmission power level
preamble-short - enable short preambles
tx-burst - enable Tx Burst
rekey-interval - change WPA/WPA2 rekey interval
band-steering - enable band-steering
vht - enable VHT (QAM256)
up - enable interface
down - disable interface
bandwidth-limit - interface bandwidth limit
schedule - interface up/down schedule
(config-if)> tra
traffic-shape - set traffic rate limit
(config-if)> traffic-shape
Usage template:
traffic-shape rate {rate} [schedule {schedule-name}]
(config-if)> rol
role - interface role configuration
(config-if)> role
Usage template:
role {role} [for {ifor}]
Choose:
inet
iptv
voip
misc
(config-if)> coun
country-code - set country code
(config-if)> chan
channel - set radio channel
(config-if)> channel
Usage template:
channel {channel} | width ... | auto-rescan ...
width - set radio channel width
auto-rescan - set radio channel auto-rescan schedule
(config-if)> powe
power - set transmission power level
(config-if)> power
Usage template:
power {power}
(config-if)> exi
Command::Base error[7405600]: no such command: exi.
(config-if)> exit
Core::Configurator: Done.
(config)> inter
interface - network interface configuration
(config)> interface Acc
Usage template:
interface {name}
Choose:
AccessPoint
AccessPoint_5G
(config)> interface AccessPoint
Core::Configurator: Done.
(config-if)>
rename - change interface name
description - set interface description
role - interface role configuration
traffic-shape - set traffic rate limit
dyndns - DynDns updates
tx-queue - set TX queue length
mac - configure MAC parameters
peer-isolation - enable peer isolation
security-level - assign security level
debug - enable connection debugging
wps - enable WPS functionality
authentication - configure authentication
encryption - configure encryption parameters
ip - configure IP parameters
igmp - configure IGMP parameters
ipv6 - configure IPv6 parameters
ping-check - ping-check configuration
ssid - set wireless ESSID
hide-ssid - disable SSID broadcasting on the access point
wmm - enable Wireless Multimedia Extensions on this interface
pmf - enable Protected Management Frames on this interface
ipsec - configure IPsec parameters
led - configure interface LED binding
lldp - configure LLDP parameters
up - enable interface
down - disable interface
bandwidth-limit - interface bandwidth limit
schedule - interface up/down schedule
(config-if)> en
encryption - configure encryption parameters
(config-if)> encryption
key - set wireless encryption key
enable - enable wireless encryption (WEP by default)
disable - disable wireless encryption
wpa - enable WPA version 1 (TKIP) encryption
wpa2 - enable WPA version 2 (AES) encryption
(config-if)> encryption
One can manage access lists for IPv4 traffic with the help of access-list command.
(config)> acce
access-list - configure network access lists
access - set user access for directory
(config)> access-
access-list - configure network access lists
(config)> access-list
Usage template:
access-list {acl}
(config)> access-list test
Network::Acl: "test" access list created.
(config-acl)>
deny - add prohibitive rule
permit - add permissive rule
rule - set rule operation time
(config-acl)> perm
permit - add permissive rule
(config-acl)> permit
Usage template:
permit ((tcp | udp) {source} {source-mask} [port (((lt | gt |
eq) {source-port}) | (range {source-port} {source-end-port}))]
{destination} {destination-mask} [port (((lt | gt | eq)
{destination-port}) | (range {destination-port} {destination-
end-port}))]) | ((icmp | esp | gre | ipip | ip) {source}
{source-mask} {destination} {destination-mask})
Choose:
tcp
udp
icmp
esp
gre
ipip
ip
Using access-group interface command one can set access list for a particular interface.
(config-if)> ip acc
access-group - bind access-control rules
(config-if)> ip access-group
Usage template:
access-group {acl} {direction}
Choose:
_WEBADMIN_WifiMaster0/WifiStation0
test
Unfortunately, at the moment there is no ability for access rules configuration for IPv6 traffic. However, several improvements became available since our previous review. So, for example, one can restrict list of ports via which this or that local network host is available. As we were assured by vendor representatives more exact configuration of firewall rules is planned but without exact due dates.
(config)> ipv6 st
static - add one-to-one address translation rule
(config)> ipv6 static
Usage template:
static tcp | udp [{interface}] {mac} {port} [through {end-port}]
Certainly, firewall for IPv6 can be totally turned off, however we consider this procedure unsafety.
(config)> ipv6
subnet - subnet configuration
local-prefix - configure local prefix
name-server - add name server IPv6 address
route - configure a static route
firewall - enable firewall
pass - configure IPv6 pass-through mode
static - add one-to-one address translation rule
(config)> ipv6 fi
firewall - enable firewall
Also with the help of command line one can set static IPv6 addresses to the device interfaces whereas this cannot be performed using web-interface.
system
set net.ipv6.conf.all.forwarding 1
interface GigabitEthernet1
ipv6 address 2001:db8:1::1
ipv6 prefix 2001:db8:1::/64
interface Bridge0
ipv6 address 2001:db8:2::1
ipv6 route 2001:db8:1::/64 ISP
ipv6 route default 2001:db8:1::2
One can view content of a particular catalogue with the help of ls command, whereas more command displays content of a particular file (we intentionally cut output of this command in our listing).
(config)> ls
rel:
entry, type = V:
name: ndm:
subsystem: local
entry, type = V:
name: flash:
subsystem: local
entry, type = V:
name: temp:
subsystem: local
entry, type = V:
name: proc:
subsystem: local
entry, type = V:
name: sys:
subsystem: local
entry, type = A:
name: log
subsystem: local
entry, type = A:
name: running-config
subsystem: local
entry, type = A:
name: startup-config
subsystem: local
entry, type = A:
name: default-config
subsystem: local
entry, type = V:
name: storage:
subsystem: local
entry, type = V:
name: usb:
subsystem: local
entry, type = V:
name: dect:
subsystem: local
(config)> more flash:/default-config
! $$$ Model: Keenetic Giga
! $$$ Version: 2.0
! $$$ Agent: default
system
set net.ipv4.ip_forward 1
set net.ipv4.tcp_fin_timeout 30
set net.ipv4.tcp_keepalive_time 120
set net.ipv4.neigh.default.gc_thresh1 256
set net.ipv4.neigh.default.gc_thresh2 1024
set net.ipv4.neigh.default.gc_thresh3 2048
set net.ipv6.neigh.default.gc_thresh1 256
set net.ipv6.neigh.default.gc_thresh2 1024
set net.ipv6.neigh.default.gc_thresh3 2048
set net.netfilter.nf_conntrack_tcp_timeout_established 1200
set net.netfilter.nf_conntrack_max 16384
set vm.swappiness 60
set vm.overcommit_memory 0
set vm.vfs_cache_pressure 1000
set dev.usb.force_usb2 0
hostname Keenetic_Giga
domainname WORKGROUP
One should use service command to manage different auxiliary services.
(config)> ser
service - manage services
(config)> service
dhcp - start DHCP service
dns-proxy - enable DNS proxy
igmp-proxy - enable IGMP proxy
dhcp-relay - start DHCP relay service
http - HTTP service
afp - enable AFP server
ftp - enable FTP server
cifs - enable CIFS server
dlna - enable DLNA server
telnet - start telnet service
ssh - start SSH service
ntp-client - start NTP client
upnp - start UPnP service
torrent - start torrent service
udpxy - enable udpxy
kabinet - start Kabinet authenticator
vpn-server - enable PPTP VPN server
dect - enable DECT server
ipsec - enable IPsec
sstp-server - enable SSTP VPN server
ntce - enable NTCE
snmp - SNMP service
cloud-control - enable cloud control service
Change of system operating parameters is performed with the help of system command.
(config)> sys
system - maintenance functions
(config)> system
reboot - restart the system
set - adjust system settings
led - setup system LED controls
button - setup system button functions
clock - change system clock settings
domainname - set the domain name
hostname - set the host name
configuration - manage system configuration
log - manage system logging
mount - mount USB disk partition
drivers - manage kernel drivers
swap - set swap area
zram - set zram swap settings
debug - enable system debug
mode - select system operating mode
Command group show is intended for viewing configuration and current working parameters of the device. So, for example, show version command displays information about current firmware version.
(config)> show
version - display firmware version
signature - display firmware signature state
system - display system status information
drivers - view list of loaded kernel drivers
threads - view list of active threads
processes - view list of running processes
configurator - display configurator information
interface - display interface status
ssh - show SSH server status
dot1x - 802.1x supplicant status
skydns - display SkyDns parameters
log - display system log
running-config - view running configuration
ip - display IP information
ppe - show "binded" PPE entries
upnp - display UPnP rules
ipsec - display internal IPsec status
dect - show DECT status
afp - display AFP server status
acme - display ACME client status
cifs - display cifs server status
dlna - display DLNA server status
torrent - display torrent service information
vpn-server - show PPTP VPN server status
cloud - display status of the cloud service
sstp-server - show SSTP VPN server status
ndns - show NDNS status
easyconfig - display EasyConfig information
internet - display Internet check status
dyndns - show DynDns profile status
ping-check - show ping-check profile status
site-survey - display available wireless networks
associations - shows a list of associated wireless stations
led - display system LED information
button - display system button information
clock - display system clock information
ntp - display NTP parameters
schedule - display system environment
crypto - display IPsec information
chilli - show chilli info
usb - display USB device list
printers - display attached printer list
tags - show available authentication tags
access - display directory acl
kabinet - display Kabinet authenticator parameters
monitor - show monitor status
ipv6 - display IPv6 information
ntce - show NTCE settings and status
yandexdns - display YandexDns parameters
nortondns - display Norton ConnectSafe DNS parameters
adguard-dns - display AdGuard DNS parameters
(config)> show ver
version - display firmware version
(config)> show version
release: 2.12.A.6.0-2
arch: mips
ndm:
exact: 0-4a1e5ca
cdate: 19 May 2018
bsp:
exact: 0-2ca6889
cdate: 19 May 2018
ndw:
version: 0.4.26
features: wifi_button,wifi5ghz,usb_3,usb_3_first,
led_control,vht2ghz,mimo5ghz,dual_image
components: acl,adguard-dns,afp,base,chilli,cifs,
cloudcontrol,config-ap,config-client,config-repeater,
corewireless,ddns,dhcpd,dlna,dot1x,dpi,easyconfig,eoip,
fat,ftp,gre,hfsplus,igmp,ip6,ipip,ipsec,kabinet,l2tp,
madwimax,miniupnpd,monitor,nathelper-ftp,nathelper-h323,
nathelper-pptp,nathelper-rtsp,nathelper-sip,netflow,
nortondns,ntfs,nvox,openvpn,opkg,opkg-kmod-audio,opkg-
kmod-dvb-tuner,opkg-kmod-fs,opkg-kmod-netfilter,opkg-
kmod-netfilter-addons,opkg-kmod-tc,opkg-kmod-usbip,opkg-
kmod-video,pingcheck,ppe,pppoe,pptp,skydns,snmp,ssh,sstp,
sstp-server,storage,trafficcontrol,transmission,udpxy,
usb,usbdsl,usblte,usbmodem,usbnet,usbserial,vpnserver,
vpnserver-l2tp,ydns
manufacturer: Keenetic Ltd.
vendor: Keenetic
series: KN
model: Giga (KN-1010)
hw_version: 10108000
hw_id: KN-1010
device: Giga
class: Internet Center
(config)> show sys
system - display system status information
To simplify working with commands of show group the administrator can go to a special view mode.
(config)> show
Core::Configurator: Done.
(show)> system
hostname: Keenetic_Giga
domainname: WORKGROUP
cpuload: 2
memory: 51204/262144
swap: 0/0
memtotal: 262144
memfree: 168060
membuffers: 10564
memcache: 32316
swaptotal: 0
swapfree: 0
uptime: 7301
Except for viewing commands, a set of diagnostic ones is available to the administrator.
(config)> tools
Core::Configurator: Done.
(tools)>
arping - send an ARP request to a given host
ping - send ICMP ECHO_REQUEST to network hosts
ping6 - send an ICMPv6 echo request to network hosts
pppoe-discovery - scan available PPPoE servers
traceroute - do IPv4 network route diagnostics
One can get information about the connection to command line using whoami command.
(config)> whoami
user: admin
agent: cli
host: 192.168.1.200
mac: 00:15:17:6a:f3:9a
where: Bridge0
Also we decided to find out with the help of which commands PBR (Policy Based Routing) setting is performed, that is the ability to perform routing based on policies. At the moment reaching a decision about routing can be performed separately for each client device, so the first thing to start configuration is to perform device registration specifying its name and MAC-address.
known host test 00:15:17:6a:f3:9a
The next step is creating a profile in which Internet connections are listed in order of decreasing priority. In our case wireless provider was used at first and then connection to Ethernet-network.
ip policy Policy0
description second_profile
permit global WifiMaster0/WifiStation0
permit global ISP
permit auto
After that one should list all existing profiles in ip hotspot section and perform binding of client devices to this or that profile.
ip hotspot
policy Home Policy0
policy Guest Policy0
host 00:15:17:6a:f3:9a permit
host 00:15:17:6a:f3:9a policy Policy0
That's where we proceed to completion of the brief review of the command line interface capabilities and pass directly on to its testing.
Testing
The first test we traditionally begin this section is estimating the booting time of the device, which is a time interval starting with the moment when the power is on until the first echo reply is received via ICMP. Keenetic Giga wireless router boots after 31 seconds. We consider this as a good result.
The second not less than traditional test was a security scanning procedure, which has been carried out using Positive Technologies XSpider 7.8 network security scanner. At first, we performed scanning from LAN-interfaces side using recommended set of components.
On the whole, there were eight open ports discovered. The most interesting data are presented below.
Then we decided to repeat scanning procedure but from WAN-interface side. Scanner didn’t discover any open port, so Keenetic wireless routers are absolutely safe from external attacks with their default settings.
Before start performance tests we would like to get our readers familiar with the key parameters of the test stand we used.
Component | PC | Laptop |
MB | ASUS Maximus IX Extreme | ASUS GL753VD |
CPU | Intel Core i7 7700K 4 GHz | Intel Core i7 7700HQ 2.8 GHz |
RAM | DDR4-2133 Samsung 64 Gbyte | DDR4-2400 Hyundai 8 Gbyte |
NIC | Intel X550T2 ASUS PCE-AC88 |
Realtek PCIeGBE |
OS | Windows 7 x64 SP1 | Windows 10 x64 |
We decided to start with measuring performance of the device while IPv4 traffic routing with using NAT/PAT translations and without them. Measuring was performed for 1, 5 and 15 simultaneous TCP connections. JPERF utility of 2.0.2 version was used as an instrument for measuring. Both measurements displayed below were performed with hardware routing acceleration enabled by default.
As KN-1010 model is a wireless router, we cannot help but test user data transmission speeds in wireless network segment.
Keenetic Giga supports great number of various tunnel connections so we decided to measure performance of some of them. Data transmission speeds via PPTP and L2TP tunnels are traditionally high. Certainly, using of encryption together with PPTP significantly decreases speeds available to the users. In these tests KN-1010 model was used as a client.
One of the most popular ways of connection to remote networks is OpenVPN tunnel. Another not less than popular way of connection is using of IPSec. Here we used KN-1010 as a server.
It’s worth noting that testing model also supports connections with the help of SSTP protocol. The peculiarity of this connection is ability to set tunnel even if router doesn’t have globally routing address. The results of performance measuring for KN-1010 router working in SSTP-server mode are presented below.
Next version of IP IPv6 is becoming more and more popular. The increase of popularity of this protocol in Russia can be explained by users desire to bypass interlocks set by Roskomnadzor and keep up with the times, implementing new developments the first. Obviously, we cannot help but measure routing speeds for IPv6 packets. On the diagram below obtained speeds while using of hardware accelerator of IPv6 working and without it are displayed.
Different 3G/4G modems, USB printers, flashcards, DECT stations, ADSL/VDSL modems can be connected to USB port of the router. We decided not to miss an opportunity to measure access speeds for data located on our Transcend TS256GESD400K SSD drive of 256 Gbytes connected to USB port of Keenetic Giga router. We consequently formatted drive using the following file systems: EXT2/3/4, NTFS, FAT32 and HFS+. The results of measuring on connection to USB 2.0 and USB 3.0 ports are displayed below.
In addition, we decided to find out which access speeds to data located on USB drive can be obtained by the users connecting to the router with the help of PPTP tunnel without encryption. Measurements were performed for NTFS file system. Obtained data correspond to maximum announced performance of PPTP server (150-200 Mbps) working on Keenetic Giga router. Performance of PPTP client and server built into Keenetic Giga wireless router is significantly different.
In conclusion, we would like to mention about one more test which we performed in parallel with main experiments. With the help of our ADA TempPro-2200 laboratory pirometr we performed measurement of router case temperature under full load. It turned out that maximum temperature of router case was 37 degrees celsius while external temperature was no more than 24 degrees. Obtained temperature value we consider a normal one.
That’s where we complete testing section and move directly to summing it all up.
Summary
On the whole, we are glad with tested Keenetic Giga KN-1010 wireless router, after two years since our previous testing of Zyxel devices a significant work has been performed: hardware performance is increased, web-interface is remarkably revised and updated, device functionality is significantly expanded. The most positive appreciation is reasonably referred to the flexibility of network interfaces settings and new web-interface we consider user-friendly and intuitively understandable even for new users.
Strength areas of Keenetic Giga KN-1010 wireless router are the following:
- high user data transmission speeds;
- support of great amount of VPN connection types;
- flexible configuration of network interfaces;
- IPv6 support;
- ability to connect to existing wireless networks;
- support of two wireless frequency ranges;
- captive portal option;
- ability to remotely connect to the router even without global routing address;
- module firmware structure;
- ability to set SFP for connection to optical networks;
The only peculiarity that surprised and a bit confused us is inability to manage access to the devices in the local network based on access lists on connection via IPv6. Probably, that’s the only thing that we could refer to the drawbacks in the meantime.
At the moment this review was being written, the average price for Keenetic Giga KN-1010 wireless router in Moscow online shops was 7500 roubles.
Page 1 of 31