Reviews

Routers

Keenetic Giga KN-1010

ASUS RT-AC86U

ASUS RT-AC1200G+

ASUS RT-AC53

ASUS RT-AC5300

ASUS RT-AC88U

D-Link DIR-809

ASUS 4G-N12

netis Beacon AC1200 Gaming Router WF2681

D-Link DIR-890L

D-Link DIR-825AC

ASUS RT-AC3200

ASUS RT-AC51U

D-Link DIR-860L

Wireless router NETGEAR Nighthawk X6 R8000 or even more cosmic space at our homes

Small-sized D-LINK DIR-516 Wireless Router

ASUS 4G-AC55U

D-Link DIR-806A Wireless Router

New ZyXEL Keenetic Ultra II and Giga III Wireless Routers

Budget-priced ASUS RT-N11P Wireless Router

NETGEAR R7500

ASUS RT-AC87U

Buffalo WZR-1750DHP

ASUS RT-N18U

NETGEAR WNDR4700

ASUS RT-N65U

ASUS RT-AC52U

ASUS RT-AC56U

The New Wireless Flagship Device or ASUS RT-AC68U

DIR-868L or the First Router with Support of 802.11ac by D-Link

NETGEAR WNDR3800

ASUS RT-N14U

AC for All or NETGEAR R6300

New Router for New Standard, ASUS RT-AC66U

D-Link DVA-G3672B

D-Link DIR-857 or HD Media Router 3000

NETGEAR JDGN1000

N900 NETGEAR WNDR4500 Wireless Router

ASUS RT-G32 rev. C1 and RT-N10 rev. B1

ASUS DSL-N12U

D-Link DSL-2750U, ADSL2+ wireless router with USB

Soviet coffee-grinder or D-Link DIR-645

ASUS RT-N66U or wireless 900 Mbps

Mobile wireless router for 3G/Wi-Fi networks or ASUS WL-330N3G

NETGEAR WNR1000v2 wireless router for home

ASUS RT-N10U

ASUS RT-N56U or hardware NAT acceleration

ASUS RT-N16

ASUS DSL-G31 – connection to ADSL or Ethernet providers

Wireless router and VoIP gateway ASUS AX-112W

Connection of the whole network to Yota or ASUS WMVN25E2+

All the interfaces faster than Fast Ethernet or ASUS RT-N15

NICs and access points

ASUS USB-AC68

Repeater, wireless bridge and Access Point ASUS RP-AC68U

ASUS RP-AC56: Repeater and Access Point in Two Frequency Ranges

ASUS EA-AC87

ASUS RP-N12

ASUS RP-AC52

ASUS WL-330NUL or NIC and Router All in One

ASUS PCE-AC66 or a client card for 802.11ac network

NETGEAR WNCE3001

ASUS EA-N66 or an alien pyramid

A UFO, or NETGEAR WNAP320

Switches

ASUS XG-U2008

GigaLink GL-SW-F101-08PSG-I

D-Link DGS-3620-28TC

NETGEAR FSM726v3

ADSL2+ Switch with Annex L and Annex M Support or D-Link DAS-3248EC

Access layer switch QTECH QSW-2800

NETGEAR GS108PE, or a smart eight port gigabit ethernet switch with PoE

Network Storages

Powerful five bays NAS QNAP TS-531X

QNAP TAS-168

QNAP TVS-463

Thecus W4000 – the first network storage based on Microsoft Windows

Desktop Thecus N10850 NAS

Thecus N8810U-G

Thecus N16000PRO Advanced Testing

Expansion Unit Thecus D16000

Thecus N16000PRO

Two-bay D-Link DNS-327L NAS

Buffalo TS4400D

Thecus N4520

Buffalo LinkStation 421

Buffalo TeraStation 5600

Modern Six-bay NAS or NETGEAR ReadyNAS 516

Thecus N4800Eco

Small but speedy, or Thecus N2800

D-Link DNS-345

N16000 or Top Model by Thecus

CFI-B8253JDGG or an external RAID

D-Link ShareCenter DNS-325 or a Small NAS for Home and Office

Thecus N8900 or connecting NAS via 10 GE

HuaweiSymantec Oceanspace S2600

NETGEAR ReadyNAS 2100

Thecus N8800+ or a two-unit storage for eight disks

Rackmount network storage Thecus 1U4200XXX

NETGEAR ReadyNAS Ultra 2 Plus or a speedy two-bay storage

Pocket NAS or Thecus N0204

ASUS NAS-M25

Power Line Communications

ASUS PL-X52P

D-Link DHP-500AV and DHP-540

ASUS PL-X32M

IP-cameras

Round-the-clock surveillance, or ACTi TCM-5611 and PLEN-0203

Firewalls

NETGEAR ProSecure UTM50

NETGEAR SRX5308

Other

Wireless mesh-network or Tenda Nova

Zyxel wireless solutions

TLK TWS-156054-M-GY antivandal cabinet

Adder IPEPS Digital

StreamTV Adapter or D-Link DIB-200

AquaInspector Server Ultimate by Smart-Soft

NComputing N400 or a Citrix Thin Client

Dune HD TV-303D

Dune HD TV-301W and Vdali TV

AquaInspector or a Key-ready Solution for Managing, Controlling and Securing the Internet Access

NetProtect E-29 crash-test

Fluke AirCheck, or We Can See the Radiowaves

Antivandal cabinet – a cure-all solution?

Thin client NComputing L300

KASPERSKY INTERNET SECURITY 2011

WinRAR x64 performance test

UPS APC AP9617/9619 management

Wireless mesh-network or Tenda Nova

Introduction

External design and hardware

Mesh-networks

Management

Testing

Conclusion

Introduction

Recently, we were approached by representatives of Tenda with a proposal to describe their new development - a wireless mesh-network built on the basis of the Tenda Nova equipment line. No, of course, the very idea of mesh-networks is not new. Moreover, in the modern world, it is no longer necessary to reinvent the wheel; there are a number of solutions and standards, you just need to create equipment with the support of one of them. As a device for consideration, we were offered the Tenda Nova MW6-2 model, which allows us to build a mesh-network based on the IEEE 802.11s standard. But do not be afraid, users do not need to understand all the details of the standard - the Tenda Nova mesh system works out of the box.

Many of our readers, for sure, have already come across mesh-networks, for example, we mentioned support for such networks by other vendors. Let's try to dig a little deeper and deal with some details of the functioning of mesh networks in the implementation of Tenda.

Modern Wi-Fi routers provide a large coverage area but it can be difficult to cover rooms with thick walls, reinforced concrete structures and other obstacles that prevent the spread of Wi-Fi signal. There are “dead zones”. Traditionally, the problem was solved by installing repeaters (extenders) or additional access points in such places but this approach is not without flaws:

  • repeaters, although they help to enhance the Wi-Fi signal but usually half the bandwidth is lost;
  • access points provide more bandwidth but this requires a wired connection to the rest of the network;
  • a new network is created (with its SSID and password); thus, changing your location, you need to reconnect by entering a password.

Everything is simplified if you use a Wi-Fi mesh system.

External design and hardware

We will consider wireless mesh-networks based on the MW6 kit. Different MW6 kits are available for order, including one, two or three nodes; before purchasing, you must make sure that the exact kit is in order.

Each node of the wireless-mesh network is a plastic cube, similar to a simplified Rubik's cube, which cells are white. Devices with such a body do not need to be hidden, the design is very pleasant. Nova units use internal antennas, making it easy to fit into almost any interior. The block dimensions are 100x100x100 mm with a mass of just 410 g.

On the top panel there is a small LED that displays the status of the device and its connection to the network.

The top panel and all side panels do not carry any connectors; the bottom panel of the unit is used for connection, on which, in addition to the ventilation grate and stickers with brief information, there are two Gigabit Ethernet interfaces and a DC-in port for power supply. There are also four rubber feet and a recessed Reset button. The purpose of each wired network interface is marked on the label; however, the separation between LAN and WAN is relevant only for the “main” node, all other blocks use both Gigabit Ethernet ports as LAN interfaces. These wired interfaces can be used to connect a TV or game console in situations where there is no possibility to carry a dedicated Ethernet cable for them.

Each unit for its work requires an external power source (supplied) with the following characteristics: 12V and 1.5A.

Now let's look inside the case and find out which elemental base the model MW6 is built on. The electronics of the model under consideration is represented by two textolite boards, one of which houses network ports and a power input connector. In fact, this board is an adapter, since there is no significant silicon on it. SoC Realtek RTL8197FS, operating at a frequency of 1 GHz, as well as 128 MBytes RAM and a 16 MBytes flash drive are located on the main board. In addition, the Realtek RTL8363NB switch is located on the main board.

This concludes a cursory review of the hardware platform and proceeds to the brief basics of the functioning of mesh networks.

Mesh-networks

Wireless mesh-networks, that is, networks with a mesh topology, are a promising and constantly evolving area. With the use of mesh networks, the dream of seamless roaming in Wi-Fi networks can become a reality today. Wireless mesh networks can be easily and efficiently, and most importantly without laying additional wires, used to connect entire cities to the global network. Of course, in this review we do not aim at such a scale but the technologies used in the Tenda MW6 are the same.

Consider the classic concepts and protocols used in mesh-networks.

Let's first define the terminology. In conventional wireless networks based on the IEEE 802.11 standards, two types of devices are defined: STA - end stations (subscriber devices) and access points (AP - Access Points). Access points are also connected to networks of other technologies, for example, Ethernet. Client stations can communicate only with access points. For IEEE 802.11s wireless mesh-networks, a special type of device is defined - mesh points (MP - Mesh Points) that interact with each other and support mesh services. Mesh points can be combined with classic access points. Such a hybrid is called MAP - Mesh Access Point. MPP - Mesh Point Portal is responsible for the connection of the mesh-network with the "outside" world.

The mesh points independently choose the most optimal route using a variety of dynamic routing protocols. The dynamic routing protocols in a mesh network differ from those known to us over wired networks (for example, OSPF, RIP or BGP) but the basic principles are very similar.

The main advantage of wireless mesh networks is that they are actually wireless. Ordinary large Wi-Fi networks require a basic wired network for their work, while wireless channels are used for communication between points in mesh networks. Only one point must be connected to the wired network. It’s probably worth noting that the Tenda Nova series devices allow using both wireless and wired channels (if available) to communicate with each other, that is, the mesh topology is formed regardless of the method of communication between nodes at the physical level.

However, let's go back to the routing protocols used in wireless self-organizing networks. One of such protocols is AODV - Ad Hoc On-Demand Distance Vector, that is, the distance-vector protocol with the establishment of communication on demand. The essence of his work is that the calculation of the path is made at the request of the sender, that is, when there is user traffic for transmission over the network. The figure below shows the distribution directions for RREQ requests (red arrows) and RREP responses (green). The calculated routes are saved as long as they are necessary for the sender. AODV is suitable for both unicast and multicast traffic. A more detailed description of the protocol can be found in RFC 3561.

DSR - Dynamic Source Routing, in many respects similar to AODV, however DSR performs source routing. In its work, DSR relies on two mechanisms: Route Discovery and Route Maintenance. The first is responsible for finding the optimal path, the second ensures its maintenance in the event of changing network parameters. Source routing relieves intermediate mesh points from maintaining the routing table, since the entire route is defined by the point sending the data to the network. The DSR protocol is described in RFC 4728.

DSDV - Destination-Sequenced Distance-Vector Routing is based on the Bellman-Ford algorithm. Each entry in the routing table has a sequence number, which marks the accessible (even sequence number) and inaccessible (odd number) networks. For its work, it requires periodic distribution of route updates, which is attributed to its shortcomings, since even during network downtime, service information continues to be transmitted. The advantage in this case will be a faster readiness of the route before use.

TORA - Temporally Ordered Routing Algorithm uses a Directed Acyclic Graph (DAG) with a root at the destination. In this graph, there are no directed cycles, although the existence of parallel paths is allowed. In essence, a DAG is an association of trees (forest).

What is implemented in a series of devices Tenda Nova? Wi-Fi mesh-system consists of several network components - blocks. Directly to the modem or provider connects the main unit, and the rest (satellites) are located throughout the house or apartment. The satellites themselves (automatically) communicate with the main unit and with each other, forming a single wireless network that has one common SSID and password. Thanks to mesh technology, a system delivers a powerful signal to a user device in a lossless fashion. Like ordinary dual-band routers, wireless mesh systems operate on standard 2.4 GHz and 5 GHz frequencies.

Inside the wireless transport network, Mesh Points use their own routing protocol, which incorporates the best of the standard protocols listed above. The implementation of the routing and forwarding of traffic over the network directly affects the efficiency of the mesh networks and the loading of transmission channels, that is, the performance of the entire network as a whole. The routing protocol uses more complex metrics when choosing the best path, and not just the number of poins along the traffic path. Thus, mesh networks are resistant to failures of wireless channels, quickly select the data transfer alternate path to avoid long service interruptions, support traffic management services and load balancing.

The number of points used in such a mesh network will depend on the number and activity of wireless clients, as well as on the areas where it is necessary to ensure stable operation of the wireless network. The most common scenarios are:

  • spacious city apartment - 2 blocks;
  • medium or large country house, or a small office - from 3 blocks;
  • large suburban area or office - up to 9 devices located in different rooms.

This concludes a brief study of the fundamentals of the functioning of mesh networks and proceeds to consider the management interface of the Tenda MW6 model.

Management

Although the Tenda Nova range of devices is ready to work with the minimum settings, you still have to change some configuration parameters. There is neither the usual web interface, nor the command line; all management is performed using a specialized utility Tenda WiFi, installed on the smartphone. We have to admit, we were somewhat discouraged. Yes, in our opinion, the ability to control devices using the utility is an excellent option but as an addition to the web interface. Consider the possibilities for setting up a home network provided by the Tenda WiFi utility.

When you first start the application Tenda WiFi determines the wireless network to which the smartphone is connected. For further work, it is necessary that the connection be made to a wireless network organized by MW6.

In order to proceed with the initial setup, you need to connect Tenda Nova to WAN/Internet. Immediately it should be noted that all the devices in the kit are the same, that is, you can connect the provider to any of the units.

Several types of connection to providers are supported: static and dynamic (DHCP) IP address, PPPoE, as well as tunnel connections that are so popular in the post-Soviet space using PPTP and L2TP protocols.

Immediately it is worth noting that the list of supported connection types depends on the interface language of the smartphone. The TendaWiFi application determines the interface language and it displays connection options.

The next step is to set up the SSID and password. The network name and password are the same for all nodes and both ranges. Also, it should be noted that the Tenda Nova always uses strictly fixed wireless channels: No. 6 in the 2.4 GHz band and No. 40 in the 5 GHz band which was done to improve the stability of the wireless network. But, we must admit, we are somewhat surprised by this decision. Also, you can not change the encryption type - only WPA2 PSK. True, in this case we have no objections.

It is time to add the rest of the Nova devices to the newly created mesh network. Tenda Nova mesh network nodes can be connected to each other using wire or wireless channels. If there are several available links, the following preference scheme is used (in descending order): Ethernet -> Wi-Fi 5 GHz -> Wi-Fi 2.4 GHz.

After the material was already written, we discovered the appearance of an updated version of the mobile application which made it possible to add a satellite block, simply by scanning its label or typing the serial number manually.

After all the necessary devices have been added, you must specify the credentials that will be used to access the router and the mesh network.

Looking ahead, we would like to note that management can be done not only with a single smartphone, that is, it is possible to add several administrative accounts.

That’s it, initial setup of the device is complete. No additional configuration of the mesh network was required. The main screen of the Tenda WiFi application now displays all the nodes included in the mesh network and the connections between them.

For each node of the mesh network, you can view additional information, as well as specify its location.

It should be added that it is possible to combine not only equipment of the MW6 model into one mesh-network but also another, for example, MW3. That is, in fact, users can build a single network using different Tenda wireless devices. The only thing to remember is the existing limit on the maximum number of nodes in such a mesh network. Up to ten wireless devices on the network are currently supported (up to six are recommended). One MW6 device can serve 30-35 wireless clients, so a set of three cubes can serve up to 100 wireless clients. In addition to the number of simultaneously served wireless clients, the coverage area provided by the mesh network must also be considered. For example, a network with two nodes provides reliable coverage on areas up to 300 m2. While a network with three nodes already allows you to expand this area to 500 m2. But, perhaps, the main advantage will be the possibility of placing the nodes of the mesh network in the most convenient place, which will ensure the best network performance and the client devices connected to it by selecting the unit for connection that allows wireless clients to work at maximum speed.

If necessary, the network administrator can view detailed information about all connected wireless clients, as well as add devices to groups.

We decided not to stop there and consider all the other settings available to users.

There is no desire to show the password from your Wi-Fi network? No problem - create a temporary guest network.

If there is a child in the house, the Tenda NW6 wireless equipment will allow you to introduce additional rules for controlling access to the global network for devices used by the child.

Mesh network allows you to significantly expand the coverage of a wireless network. However, in the process of use, negative emotions may still appear associated with the process of reconnecting the client device between the nodes of the mesh network. Standard roaming can lead to noticeable loss of traffic, which is particularly acute during audio and video calls. To avoid these problems will help the inclusion of support for fast roaming. It is also worth noting the presence of technology MU-MIMO which allows parallel data transfer for several wireless users connected to one unit. Naturally, users connected to different Tenda Nova units could even perform parallel transmission without this option, since different units use different wireless channels, which does not lead to collisions.

Like any regular SOHO router, the Tenda MW6 allows port forwarding, providing remote users with an opportunity to connect to resources within the local network.

With appropriate support from the application, the ports of the transport protocols can be opened automatically using the UPnP.

Naturally, the address of the LAN interface can be changed. Perhaps, it is worth noting that we are talking about the address of the control device, since all other network elements receive IP addresses dynamically.

The manufacturer includes support of quality of service (QoS). However, there are no fine settings here. They may appear in the next firmware versions.

By the way, you can also update the firmware using a mobile utility. Of course, this requires a connection to the global network.

After updating the firmware, a number of new features become available to users. These include, for example, the option of intelligent assistant and high performance.

If necessary, the administrator can configure an automatic reboot of devices that provide the mesh network. The reboot is performed on certain days of the week and at the specified time.

This concludes consideration of the capabilities of the mobile application Tenda WiFi.

Testing

Since the manufacturer asked us to review mesh networks based on the Nova device line and not to do the traditional testing for us, you will not find our usual tests in this section. But we couldn’t, of course, be able to completely leave the reader without the results of measuring performance. The table below presents the main parameters of our test bench.

Component PC Laptop
MB ASUS Maximus IX Extreme ASUS GL753VD
CPU Intel Core i7 7700K 4 GHz Intel Core i7 7700HQ 2.8 GHz
RAM DDR4-2133 Samsung 64 GByte DDR4-2400 Kingston 32 GByte
NIC Intel X550T2
ASUS PCE-AC88
Realtek PCIe GBE
ZyXEL NWD6605
OS Windows 7 x64 SP1 Windows 10 x64

JPerf utility version 2.0.2 was used to generate traffic. Measurements were made for 1, 5 and 15 simultaneous TCP connections.

We decided to start by finding out the data transfer rates that will be available to wireless clients connected to both frequency bands. Measurements were made at relatively close locations of the MW6 and wireless clients (in line of sight), so the transmission speeds in real conditions can differ significantly from those measured by us.

Since the Tenda MW6 is a wireless mesh system, we decided to find out which users can count on the maximum performance of the wireless channel between the nodes of the mesh network. The measurements were performed using two wired clients connected to two neighboring nodes (primary and secondary) of the mesh network.

In conclusion, we decided to measure the time of network convergence, that is, we figured out how long the mesh network could detect changes and adapt to them. We had a Tenda MW6 kit of two devices at our disposal, so obviously, we were very limited in our testing methods. We placed both blocks in close proximity to each other and connected them with a patch cord. Since the cable connection of the blocks takes precedence over the wireless connection, the traffic between the nodes was transmitted over twisted pair. Then we physically disconnected the cable and measured the time after which the flow of traffic between the nodes would be restored, that is, it would switch to a wireless link. Mesh-system Tenda Nova adapted in about 54 seconds. In our opinion, this is a rather long convergence time, however, as it seems to us, it will be quite acceptable for most home users.

Now let's summarize.

Conclusion

A set of nodes for building a wireless mesh network Tenda MW6 allows you to build a stable wireless network in a country house or a large city apartment. A distinctive feature of the implementation is the readiness of the equipment to work almost out of the box, that is, with minimal settings. The nodes of the mesh network will automatically build the most optimal topology themselves, over which user data will be transmitted. The scalability of the solution, which goes far beyond the capabilities of one devices set, allows providing a wireless connection to rooms with a very large area, providing wireless clients with the possibility of smooth reconnection to another node when moving within the coverage area.

The strengths of the system include the following:

  • support fast roaming (IEEE 802.11r / v);
  • the ability to create a guest network;
  • nice design;
  • the possibility of combining a mesh-network devices of different models;
  • mobile application;
  • the possibility of independent operation of each of the nodes;
  • easy setup;
  • parental control function;
  • the possibility of both wired and wireless nodes peering.

The lack of a web interface we can not call a problem or a flaw. Of course, we understand that many users have long been more comfortable with setting up equipment using a mobile application installed on a smartphone. However, in our opinion, the good old web interface would also be a popular way to manage the network. We would also like to see support for the IPv6 protocol in such devices; we very much hope that the manufacturer will soon add it.

At the time of writing this review, the best price for a set of two Tenda MW6 devices in German-speaking Europe countries, according to website Geizhals Preisvergleich, was about 164 euro, while a set of three nodes would cost approximately 166 euro. Before buying, be sure to specify how many devices will be included in the purchased kit.

Answers to emerging questions about the functioning of the Tenda mesh systems can be found on the official website of the manufacturer. Information about all new updates will also be available here.

Introduction

External design and hardware

Firmware update

Web-interface

Command line

Testing

Summary

Introduction

It’s been more than two years since we tested Zyxel Keenetic Ultra II and Giga III wireless routers. Yes, time spins away. Today in our laboratory we have Keenetic Giga KN-1010 wireless router. Let’s review which new capabilities were added and how the performance of wireless routers has changed after Keenetic department became a separate company.

External design and hardware

Keenetic Giga KN-1010 wireless router comes in gray and white plastic case with the dimensions 214x154x33 mm (not considering external antennae). The device weighs 488 g. To operate properly KN-1010 needs an external power adapter (included to the box) with the following characteristics: 12V and 2,5 A.

There are a 3D vendor name, LEDs indicating state of the whole device and its wired and wireless interfaces on the front panel. In addition, button for managing wireless network is located here.

Keenetic KN-1010 wireless router has four external turning non-detachable antennae placed on the rare panel of the case and its sides.

The remarkable part of the sides is covered with the ventilation grate. Except for it, two USB ports (one USB 2.0 and one USB 3.0) are placed on one side and two additional configuring buttons for managing additional device parameters are located here, too.

Except for two antennae, five Gigabit Ethernet ports (one WAN and four LAN) with LEDs indicating their state, slot for power connection and sunken Reset button are placed on the rare panel. It’s worth noting that WAN-interface of the testing wireless router is a combo one: the user can connect to the Internet both with the help of twisted pair and optical fibers by using special transivers.

The bottom panel is rather traditional: the ventilation grate, four big rubber legs, two technological holes for mounting the router to the wall and sticker with brief information about the device are located here.

Now let’s take a look at the insides of KN-1010 case.

The hardware of Keenetic KN-1010 wireless router consists of the only green textolite plate which main elements are placed on its both sides. MediaTek MT7621AT dual-core processor working on 880 MHz and MT7615D wireless module of the same vendor are covered with protecting screens are not available for review, whereas DDR Nanya NT5CC128M16IP-DI RAM chip of 256 Mbytes is available.

On the bottom side of the plate Spansion S34ML01G200TFI000 flash-memory module of 128 Mbytes and Realtek RTL8211FS switch chip with five Gigabit Ethernet ports are placed. The given switch is responsible for working with WAN-port (select of SFP or RJ-45), whereas switching of data transmitting via LAN-ports is performed by gigabit switch built into the processor.

That’s where we complete Keenetic KN-1010 wireless router hardware review and go to reviewing its firmware capabilities.

Firmware update

Firmware update can be carried out in General settings menu item, Administration group of the web-interface. The users can prefer automatic or semi-automatic firmware update mode. One should be connected to the Internet to update firmware using any of this ways.

The whole firmware update process takes about 1,5 minutes and doesn’t require any special knowledge from the user.

Ability of manual Keenetic Giga firmware update is also available to the users, to use it one should click Replace the file button in firmware section of System files group of General settings menu item and select file with the new firmware version.

Firmware used for Keenetic wireless routers has module structure that allows the administrator to install only components that are really needed. One can select components for installation on General Settings page. Amount of available components is really surprising.

By default, only two firmware lines are available to the administrator: stable (release) and more dynamically developing beta-version. However, in addition, firmware of other lines can be available to the administrator. One can perform update to developing firmware versions either with the help of a special firmware file which can be retrieved from vendor technical support or by downloading it from the forum or by entering two hidden commands: components list draft and components commit (Internet connection is necessary).

One can turn on/off automatic firmware update and change list of installed components using command line interface.

(config)> components
 list - show an available component list
 install - install or remove a component
 remove - remove the component from this system
 preset - select a predefined set of components
 preview - show firmware info
 commit - apply selected component set
 validity-period - set a validity period of a local component list
 auto-update - manage firmware components auto-update settings
(config)> components install opkg
Components::Manager: Component "opkg" is queued for installation.
(config)> com
 components - manage firmware components
 (config)> components comm
 commit - apply selected component set
 (config)> components commit
Components::Manager: Update task started.

If necessary, the administrator can update device firmware using files located on the external USB drive. We copied file with new firmware version to our small flash-card and connected it to the router. After flash-card connection a new drive from which we are going to perform copying of firmware was detected by the system.

(config)> ls
 Usage template:
 ls [{directory}]
 Choose:
 ndm:/
 flash:/
 temp:/
 proc:/
 sys:/
 storage:/
 usb:/
 9A8ABCA98ABC8375:/
 STORAGE:/
 (config)> ls 9A8ABCA98ABC8375:/
 rel: 9A8ABCA98ABC8375:/
 entry, type = R:
 name: firmware
 size: 13893692
 (config)> copy
 Usage template:
 copy {source} ({destination} | {destination})
 Choose:
 ndm:/
 flash:/
 temp:/
 proc:/
 sys:/
 storage:/
 usb:/
 9A8ABCA98ABC8375:/
 STORAGE:/
 log
 running-config
 startup-config
 default-config
 (config)> copy 9A8ABCA98ABC8375:/f
 Usage template:
 copy {source} ({destination} | {destination})
(config)> copy 9A8ABCA98ABC8375:/firmware
 Usage template:
 copy {source} ({destination} | {destination})
 Choose:
 9A8ABCA98ABC8375:/firmware ndm:/
 9A8ABCA98ABC8375:/firmware flash:/
 9A8ABCA98ABC8375:/firmware temp:/
 9A8ABCA98ABC8375:/firmware proc:/
 9A8ABCA98ABC8375:/firmware sys:/
 9A8ABCA98ABC8375:/firmware storage:/
 9A8ABCA98ABC8375:/firmware usb:/
 9A8ABCA98ABC8375:/firmware 9A8ABCA98ABC8375:/
 9A8ABCA98ABC8375:/firmware STORAGE:/
 9A8ABCA98ABC8375:/firmware log
 9A8ABCA98ABC8375:/firmware running-config
 9A8ABCA98ABC8375:/firmware startup-config
 9A8ABCA98ABC8375:/firmware default-config
 (config)> copy 9A8ABCA98ABC8375:/firmware flash:/firmware
FileSystem::Repository: Firmware update started.

One can check success of firmware update process using show version command.

(config)> show version
 release: 2.11.C.1.0-3
 arch: mips
 ndm:
 exact: 0-fbd6e4f
 cdate: 11 Apr 2018
 bsp:
 exact: 0-e2dc116
 cdate: 11 Apr 2018
 ndw:
 version: 4.2.3.114
 features: wifi_button,wifi5ghz,usb_3,usb_3_first,
 led_control,vht2ghz,mimo5ghz,dual_image,nopack,
 flexible_menu,emulate_firmware_progress
 components: angular-ndw,ddns,dot1x,fat,hfsplus,interface-
 extras,kabinet,miniupnpd,nathelper-ftp,nathelper-h323,
 nathelper-pptp,nathelper-rtsp,nathelper-sip,ntfs,ppe,
 trafficcontrol,usblte,usbserial,cloud,cifs,base,
 cloudcontrol,components,config-ap,config-client,config-
 repeater,corewireless,dhcpd,dlna,easyconfig,ftp,igmp,
 l2tp,madwimax,pingcheck,ppp,pppoe,pptp,skydns,storage,
 transmission,usb,usbdsl,opkg,usbmodem,usbnet,ydns,
 printers,theme-Keenetic,base-theme,sysmode,base-l10n,
 easyconfig-3.2,modems,ispdb,base-Intl
 manufacturer: Keenetic Ltd.
 vendor: Keenetic
 series: KN
 model: Giga (KN-1010)
 hw_version: 10108000
 hw_id: KN-1010
 device: Giga
 class: Internet Center

That’s where we proceed to completion of description of different ways for Keenetic wireless routers firmware update and go directly to exploring its web-interface capabilities.

Web-interface

One can get access the router web-interface using any modern browser. In addition, managing the device can be performed with the help of mobile apps available for the systems based on Android and iOS. The web-interface of KN-1010 model is available in three languages: Russian, English, and Ukrainian.

The vendor decided to display a prompt message about the way of password reset (and, certainly, all user settings as well) directly on control panel login form.

Upon successful authentication the user is navigated to the router web-interface start page where the information about the use of Internet channel and wired interfaces statuses, connected devices, wired and wireless clients is presented. Except for it, with the help of this page the administrator can control running apps, among which are various VPN servers and file access protocols, torrent clients and proxies for IPTV watching. The brief information about the system is also presented on the start page.

It’s worth noting that in the given review we will describe the new web-interface that just recently became available on Keenetic wireless routers. During some time traditional version of the web-interface will be also available to the users, to navigate to it one should use «Go back to the previous design» link. However, we didn’t find a way to go back to the new web-interface version so to do this one should reconnect to the device.

With the help of Wired menu item of Internet group the administrator can perform setting of wired network operator connection parameters and select main connection in case Keenetic Giga has connections to different Internet providers simultaneously. Among available ways of connection there are all standard and widely used ones: static and dynamic IP addresses (it is IPoE term so adorable by marketers) and PPPoE/L2TP/PPTP tunnels. We cannot help but mention the support of authentication using IEEE 802.1X.

Have you obtained Keenetic Giga wireless router with wired Gigabit Ethernet ports, however for Internet access connection via ADSL/VDSL is needed or only wireless operators are available in the given area? - It’s not a big deal! One can connect wired xDSL modem or wireless modem with the support of 3G/4G networks to USB ports of the testing model. Corresponding settings are provided in 3G/4G modem and ADSL/VDSL modem menu items of the same group.

Except for the option of connection to mobile operators wireless networks Keenetic Giga provides the users with the ability of connection to wireless networks of Wi-Fi providers, the corresponding setting is available in Wireless ISP menu item.

In Internet group the only item is left for our review: Other connections. Here the administrator can configure parameters of VPN connections working in which KN-1010 router plays role of a client or peer. The following types of tunnels are supported: PPPoE, PPTP, L2TP, L2TP/IPsec, OpenVPN and 6in4. Connections via IPsec are performed in site-to-site mode. SSTP support will be available in the firmware versions since 2.12.

Device list menu item of My networks and Wi-Fi group allows the administrator to view the list of currently connected devices and parameters of their connection. A pleasant peculiarity is an ability to block Internet access for unregistered devices or set speed limit for them. To be reasonable, it’s worth noting that speed limit can be set for registered devices as well, in addition to it, the administrator can configure schedule in accordance to which Internet access will be provided to this or that client.

Now let’s have a look at Home network menu item of the same group. With the help of this item the administrator can not only set SSID for each Wi-Fi frequency range and main parameters of their work (including schedule) but also set IP address for LAN interface, configure DHCP server parameters, perform configuration of virtual networks and activate IGMP Proxy option that provides access to IPTV service of the local network operator. We cannot help but mention the support of Band Steering option with the help of which the router can dynamically distribute wireless clients, which support operating in both frequency ranges, between wireless networks.

One can prohibit access to the wireless router web-interface or limit Internet access speed for clients connecting to guest wireless network. If it is necessary to organise public Internet access with user authorization, one can user Captive portal option. It’s also worth noting that Captive portal function supports remarkable amount of third-party services for user authorization, however if due to some reason there is no needed provider in the list, one can configure parameters of connection to it manually. We also consider interesting an ability to connect to guest network not only wireless clients but also wired devices connected with particular LAN ports of the router. So, for example, one can create selected segment for friends of his/her child or for IoT (Internet of Things). All listed configurations are presented in Guest segment menu item.

Each parent would like to protect his/her child from inappropriate content and protect his/her devices from viruses and network attacks. Internet safety menu item of Network rules group can help with it. Filtration is performed with the use of third-party DNS servers that perform rating of Internet resources.

To use an ability of manual creation of filtration rules, one should go to Firewall menu item of the same group.

In the local network behind Keenetic Giga wireless router a service to which one should provide access from the Internet can be placed. In this case the administrator should go to Forwarding menu item with the help of which configuration of forwarding rules for incoming packets for TCP and UDP ports is performed.

One can manage static routes using Routing item of the same menu group.

Often operators provide users with dynamic IP addresses that make more difficult sharing resources located in the local network behind the router. DDNS service that allows dynamic updating binding of domain name and IP address can help in this case. Corresponding setting is available in Domain name menu item. It’s worth noting that except for widely known operators providing dynamic DNS service, KeenDNS service with a bit wider functionality is supported. So, for example, with the help of this service the users can have an ability of remote managing the router via HTTPS even if the device is located behind NAT/PAT provider. Except for managing, remote setting of SSTP tunnel (at the moment when this review was being written the given option was available in beta firmware versions) for connection to the devices of the home network is available. Some users can prefer ability to connect to different devices of home network using fourth level domains.

Choice of options necessary to the user can be performed with the help of User-defined options menu item of Management group. Here one can turn on/off torrent client and file services, VPN services and UDP proxy. In addition, setting of the services is performed with the help of this page.

One can manage users and their access rules with the help of Users item of the same menu group.

The number of options available for update to the administrator in System settings item is really significant. So, for example, here one can select operation mode of the device and parameters of system updates (including ability of changing set of installed components), view and replace system files, activate support of cloud service, manage working of buttons placed on the router case, configure speeds of network interfaces and USB ports.

With the help of Diagnostics menu item of Management group the administrator can perform checking of particular network hosts availability, view router system log, view the list of active connections, enable the debug mode, and perform packet capture.

Installation of additional extension packages is performed with the help of OPKG item of the same menu group.

In case of Zyxel Keenetic Plus DECT availability DECT base station managing its operation parameters is performed with the help of menu items of Telephony group.

That’s where we could complete the web-interface review, but…

There are several firmware versions for Keenetic wireless routers, the most famous among them are the following: stable (release), preliminary (beta) and debugging. It’s also worth noting that technical support of the vendor provides consultancy only for release and beta versions, we also don’t recommend installing debugging versions without really need. All new functions become available firstly in the debugging firmware versions and are available to enthusiasts for testing. Obviously, we decided to perform update to the latest available debugging and beta versions and check which changes will be available to the users in the short term.

New firmware versions will add new item Connection priorities to Internet group of the web-interface menu. With the help of Internet connection policies tab the administrator can create access profiles managing the order of using connections to providers.

More interesting, from our point of view, is Policy bindings that is the second tab of the same menu item. Using it one can perform binding of particular registered devices to access profiles that allows different wired and wireless clients to use different Internet connections. That’s the first step to realization of PBR - Policy Based Routing function.

User defined options item of Management group is extended with additional option SSTP VPN server.

A pleasant peculiarity of VPN server SSTP is an ability of users connection to it even in case of absence of globally routed (white/valid/real) IPv4 address. Connection is performed via the cloud supported by the vendor. The connection via the cloud can also be used for remote managing the device in case of real address absence.

It’s also worth noting that Keenetic Giga can play role of a client for connection via SSTP, corresponding setting is available in Other connections item of Internet menu.

When this review was being prepared for publication, Keenetic representatives notified us that firmware of 2.12 version is moved from debugging to beta version without any additional manipulations. But the most important point here is that official support is provided for beta versions so users can apply to the vendor technical support in case of any difficulties on using any of described new functions.

Now let’s turn to reviewing the command line capabilities of the device.

Command line

We will not review all capabilities of Keentetic wireless routers command line but describe the most interesting of them. To be reasonable, it’s worth noting that command line has more consistent functionality comparing with the web-interface. Okay, let’s start.

Command line of Keenetic Giga KN-1010 is provided as command interpreter and the users don’t have access to shell. The interface under review is similar to CLI of Cisco Systems devices, however it has many differences. To access the command line one should enter login and password which are the same as for web-interface authentication.

Login: admin
Password: **********
(config)>
 system - maintenance functions
 ntp - configure NTP
 schedule - schedule configuration
 known - manage lists of known network objects
 access-list - configure network access lists
 isolate-private - configure if traffic may pass between "private" interfaces
 user - configure user account
 dyndns - configure DynDns profiles
 ndns - configure NDNS
 yandexdns - configure Yandex.DNS profiles
 skydns - configure SkyDns profiles
 nortondns - configure Norton ConnectSafe DNS profiles
 adguard-dns - configure AdGuard DNS profiles
 ping-check - configure ping-check profiles
 interface - network interface configuration
 ip - configure IP parameters
 pppoe - configure PPPoE parameters
 ipv6 - configure IPv6 parameters
 kabinet - configure kabinet authenticator
 ppe - Packet Processing Engine configuration
 upnp - configure UPnP parameters
 torrent - configure torrent service parameters
 udpxy - configure udpxy
 crypto - configure IPsec
 igmp-proxy - configure IGMP
 dect - configure DECT parameters
 snmp - configure SNMP service
 sstp-server - configure SSTP VPN server
 vpn-server - configure PPTP VPN server
 service - manage services
 cifs - manage CIFS service
 dlna - manage DLNA service
 dns-proxy - manage DNS proxy service
 afp - manage AFP server service
 whoami - display info about the current management session
 printer - printer configuration
 more - view text file
 ls - list directory contents
 copy - copy files
 erase - erase file or empty directory
 access - set user access for directory
 monitor - manage monitor services
 show - display various diagnostic information
 tools - tools for testing the environment
 opkg - Open Package configuration
 ntce - NTCE settings
 easyconfig - configure Easyconfig services
 bwmeter - bandwidth meter
 components - manage firmware components
 cloud - manage cloud services

Several configuration modes are supported for such devices. For example, to update parameters of a particular interface one should go to a corresponding mode.

(config)> int
 interface - network interface configuration
(config)> interface
 Usage template:
 interface {name}
 Choose:
 Pvc
 Vlan
 CdcEthernet
 WiMax
 UsbModem
 RealtekEthernet
 AsixEthernet
 Davicom
 UsbLte
 Yota
 Bridge
 PPPoE
 SSTP
 PPTP
 L2TP
 OpenVPN
 IPIP
 TunnelSixInFour
 Gre
 EoIP
 TunnelSixToFour
 Chilli
 GigabitEthernet0
 GigabitEthernet0/0
 1
 GigabitEthernet0/1
 2
 GigabitEthernet0/2
 3
 GigabitEthernet0/3
 4
 GigabitEthernet0/Vlan1
 GigabitEthernet0/Vlan3
 GigabitEthernet1
 ISP
 GigabitEthernet1/0
 0
 WifiMaster0
 WifiMaster0/AccessPoint0
 AccessPoint
 WifiMaster0/AccessPoint1
 GuestWiFi
 WifiMaster0/AccessPoint2
 WifiMaster0/AccessPoint3
 WifiMaster0/WifiStation0
 WifiMaster1
 WifiMaster1/AccessPoint0
 AccessPoint_5G
 WifiMaster1/AccessPoint1
 WifiMaster1/AccessPoint2
 WifiMaster1/AccessPoint3
 WifiMaster1/WifiStation0
 UsbDsl0
 Bridge0
 Home
 Bridge1
 Guest

For wireless interfaces the user can manage transmission power, wireless channel and modes of compatibility. Also the administrator can specify country code where the given device is used. For all interfaces including wireless ones the administrator can restrict maximum user data transmission speed using traffic-shape command.

(config)> interface WifiMaster0
Core::Configurator: Done.
(config-if)>
 rename - change interface name
 description - set interface description
 role - interface role configuration
 traffic-shape - set traffic rate limit
 dyndns - DynDns updates
 tx-queue - set TX queue length
 mac - configure MAC parameters
 debug - enable connection debugging
 rf - change RF settings
 ip - configure IP parameters
 ipv6 - configure IPv6 parameters
 country-code - set country code
 compatibility - set 802.11 compatibility (use parameters like BG or ABGN)
 channel - set radio channel
 power - set transmission power level
 preamble-short - enable short preambles
 tx-burst - enable Tx Burst
 rekey-interval - change WPA/WPA2 rekey interval
 band-steering - enable band-steering
 vht - enable VHT (QAM256)
 up - enable interface
 down - disable interface
 bandwidth-limit - interface bandwidth limit
 schedule - interface up/down schedule
(config-if)> tra
 traffic-shape - set traffic rate limit
(config-if)> traffic-shape
 Usage template:
 traffic-shape rate {rate} [schedule {schedule-name}]
(config-if)> rol
 role - interface role configuration
(config-if)> role
 Usage template:
 role {role} [for {ifor}]
 Choose:
 inet
 iptv
 voip
 misc
(config-if)> coun
 country-code - set country code
 (config-if)> chan
 channel - set radio channel
(config-if)> channel
 Usage template:
 channel {channel} | width ... | auto-rescan ...
 width - set radio channel width
 auto-rescan - set radio channel auto-rescan schedule
(config-if)> powe
 power - set transmission power level
(config-if)> power
 Usage template:
 power {power}
(config-if)> exi
Command::Base error[7405600]: no such command: exi.
(config-if)> exit
Core::Configurator: Done.
(config)> inter
 interface - network interface configuration
(config)> interface Acc
 Usage template:
 interface {name}
 Choose:
 AccessPoint
 AccessPoint_5G
(config)> interface AccessPoint
Core::Configurator: Done.
(config-if)>
 rename - change interface name
 description - set interface description
 role - interface role configuration
 traffic-shape - set traffic rate limit
 dyndns - DynDns updates
 tx-queue - set TX queue length
 mac - configure MAC parameters
 peer-isolation - enable peer isolation
 security-level - assign security level
 debug - enable connection debugging
 wps - enable WPS functionality
 authentication - configure authentication
 encryption - configure encryption parameters
 ip - configure IP parameters
 igmp - configure IGMP parameters
 ipv6 - configure IPv6 parameters
 ping-check - ping-check configuration
 ssid - set wireless ESSID
 hide-ssid - disable SSID broadcasting on the access point
 wmm - enable Wireless Multimedia Extensions on this interface
 pmf - enable Protected Management Frames on this interface
 ipsec - configure IPsec parameters
 led - configure interface LED binding
 lldp - configure LLDP parameters
 up - enable interface
 down - disable interface
 bandwidth-limit - interface bandwidth limit
 schedule - interface up/down schedule
(config-if)> en
 encryption - configure encryption parameters
(config-if)> encryption
 key - set wireless encryption key
 enable - enable wireless encryption (WEP by default)
 disable - disable wireless encryption
 wpa - enable WPA version 1 (TKIP) encryption
 wpa2 - enable WPA version 2 (AES) encryption
(config-if)> encryption

One can manage access lists for IPv4 traffic with the help of access-list command.

(config)> acce
 access-list - configure network access lists
 access - set user access for directory
(config)> access-
 access-list - configure network access lists
(config)> access-list
 Usage template:
 access-list {acl}
(config)> access-list test
Network::Acl: "test" access list created.
(config-acl)>
 deny - add prohibitive rule
 permit - add permissive rule
 rule - set rule operation time
(config-acl)> perm
 permit - add permissive rule
(config-acl)> permit
 Usage template:
 permit ((tcp | udp) {source} {source-mask} [port (((lt | gt |
 eq) {source-port}) | (range {source-port} {source-end-port}))]
 {destination} {destination-mask} [port (((lt | gt | eq)
 {destination-port}) | (range {destination-port} {destination-
 end-port}))]) | ((icmp | esp | gre | ipip | ip) {source}
 {source-mask} {destination} {destination-mask})
 Choose:
 tcp
 udp
 icmp
 esp
 gre
 ipip
 ip

Using access-group interface command one can set access list for a particular interface.

(config-if)> ip acc
 access-group - bind access-control rules
(config-if)> ip access-group
 Usage template:
 access-group {acl} {direction}
 Choose:
 _WEBADMIN_WifiMaster0/WifiStation0
 test

Unfortunately, at the moment there is no ability for access rules configuration for IPv6 traffic. However, several improvements became available since our previous review. So, for example, one can restrict list of ports via which this or that local network host is available. As we were assured by vendor representatives more exact configuration of firewall rules is planned but without exact due dates.

(config)> ipv6 st
 static - add one-to-one address translation rule
(config)> ipv6 static
 Usage template:
 static tcp | udp [{interface}] {mac} {port} [through {end-port}]

Certainly, firewall for IPv6 can be totally turned off, however we consider this procedure unsafety.

(config)> ipv6
 subnet - subnet configuration
 local-prefix - configure local prefix
 name-server - add name server IPv6 address
 route - configure a static route
 firewall - enable firewall
 pass - configure IPv6 pass-through mode
 static - add one-to-one address translation rule
(config)> ipv6 fi
 firewall - enable firewall

Also with the help of command line one can set static IPv6 addresses to the device interfaces whereas this cannot be performed using web-interface.

system
 set net.ipv6.conf.all.forwarding 1
interface GigabitEthernet1
 ipv6 address 2001:db8:1::1
 ipv6 prefix 2001:db8:1::/64
interface Bridge0
 ipv6 address 2001:db8:2::1
ipv6 route 2001:db8:1::/64 ISP
ipv6 route default 2001:db8:1::2

One can view content of a particular catalogue with the help of ls command, whereas more command displays content of a particular file (we intentionally cut output of this command in our listing).

(config)> ls
 rel:
 entry, type = V:
 name: ndm:
 subsystem: local
 entry, type = V:
 name: flash:
 subsystem: local
 entry, type = V:
 name: temp:
 subsystem: local
 entry, type = V:
 name: proc:
 subsystem: local
 entry, type = V:
 name: sys:
 subsystem: local
 entry, type = A:
 name: log
 subsystem: local
 entry, type = A:
 name: running-config
 subsystem: local
 entry, type = A:
 name: startup-config
 subsystem: local
 entry, type = A:
 name: default-config
 subsystem: local
 entry, type = V:
 name: storage:
 subsystem: local
 entry, type = V:
 name: usb:
 subsystem: local
 entry, type = V:
 name: dect:
 subsystem: local
 (config)> more flash:/default-config
! $$$ Model: Keenetic Giga
! $$$ Version: 2.0
! $$$ Agent: default
system
 set net.ipv4.ip_forward 1
 set net.ipv4.tcp_fin_timeout 30
 set net.ipv4.tcp_keepalive_time 120
 set net.ipv4.neigh.default.gc_thresh1 256
 set net.ipv4.neigh.default.gc_thresh2 1024
 set net.ipv4.neigh.default.gc_thresh3 2048
 set net.ipv6.neigh.default.gc_thresh1 256
 set net.ipv6.neigh.default.gc_thresh2 1024
 set net.ipv6.neigh.default.gc_thresh3 2048
 set net.netfilter.nf_conntrack_tcp_timeout_established 1200
 set net.netfilter.nf_conntrack_max 16384
 set vm.swappiness 60
 set vm.overcommit_memory 0
 set vm.vfs_cache_pressure 1000
 set dev.usb.force_usb2 0
 hostname Keenetic_Giga
 domainname WORKGROUP

One should use service command to manage different auxiliary services.

(config)> ser
 service - manage services
(config)> service
 dhcp - start DHCP service
 dns-proxy - enable DNS proxy
 igmp-proxy - enable IGMP proxy
 dhcp-relay - start DHCP relay service
 http - HTTP service
 afp - enable AFP server
 ftp - enable FTP server
 cifs - enable CIFS server
 dlna - enable DLNA server
 telnet - start telnet service
 ssh - start SSH service
 ntp-client - start NTP client
 upnp - start UPnP service
 torrent - start torrent service
 udpxy - enable udpxy
 kabinet - start Kabinet authenticator
 vpn-server - enable PPTP VPN server
 dect - enable DECT server
 ipsec - enable IPsec
 sstp-server - enable SSTP VPN server
 ntce - enable NTCE
 snmp - SNMP service
 cloud-control - enable cloud control service

Change of system operating parameters is performed with the help of system command.

(config)> sys
 system - maintenance functions
(config)> system
 reboot - restart the system
 set - adjust system settings
 led - setup system LED controls
 button - setup system button functions
 clock - change system clock settings
 domainname - set the domain name
 hostname - set the host name
 configuration - manage system configuration
 log - manage system logging
 mount - mount USB disk partition
 drivers - manage kernel drivers
 swap - set swap area
 zram - set zram swap settings
 debug - enable system debug
 mode - select system operating mode

Command group show is intended for viewing configuration and current working parameters of the device. So, for example, show version command displays information about current firmware version.

(config)> show
 version - display firmware version
 signature - display firmware signature state
 system - display system status information
 drivers - view list of loaded kernel drivers
 threads - view list of active threads
 processes - view list of running processes
 configurator - display configurator information
 interface - display interface status
 ssh - show SSH server status
 dot1x - 802.1x supplicant status
 skydns - display SkyDns parameters
 log - display system log
 running-config - view running configuration
 ip - display IP information
 ppe - show "binded" PPE entries
 upnp - display UPnP rules
 ipsec - display internal IPsec status
 dect - show DECT status
 afp - display AFP server status
 acme - display ACME client status
 cifs - display cifs server status
 dlna - display DLNA server status
 torrent - display torrent service information
 vpn-server - show PPTP VPN server status
 cloud - display status of the cloud service
 sstp-server - show SSTP VPN server status
 ndns - show NDNS status
 easyconfig - display EasyConfig information
 internet - display Internet check status
 dyndns - show DynDns profile status
 ping-check - show ping-check profile status
 site-survey - display available wireless networks
 associations - shows a list of associated wireless stations
 led - display system LED information
 button - display system button information
 clock - display system clock information
 ntp - display NTP parameters
 schedule - display system environment
 crypto - display IPsec information
 chilli - show chilli info
 usb - display USB device list
 printers - display attached printer list
 tags - show available authentication tags
 access - display directory acl
 kabinet - display Kabinet authenticator parameters
 monitor - show monitor status
 ipv6 - display IPv6 information
 ntce - show NTCE settings and status
 yandexdns - display YandexDns parameters
 nortondns - display Norton ConnectSafe DNS parameters
 adguard-dns - display AdGuard DNS parameters
(config)> show ver
 version - display firmware version
(config)> show version
 release: 2.12.A.6.0-2
 arch: mips
 ndm:
 exact: 0-4a1e5ca
 cdate: 19 May 2018
 bsp:
 exact: 0-2ca6889
 cdate: 19 May 2018
 ndw:
 version: 0.4.26
 features: wifi_button,wifi5ghz,usb_3,usb_3_first,
 led_control,vht2ghz,mimo5ghz,dual_image
 components: acl,adguard-dns,afp,base,chilli,cifs,
 cloudcontrol,config-ap,config-client,config-repeater,
 corewireless,ddns,dhcpd,dlna,dot1x,dpi,easyconfig,eoip,
 fat,ftp,gre,hfsplus,igmp,ip6,ipip,ipsec,kabinet,l2tp,
 madwimax,miniupnpd,monitor,nathelper-ftp,nathelper-h323,
 nathelper-pptp,nathelper-rtsp,nathelper-sip,netflow,
 nortondns,ntfs,nvox,openvpn,opkg,opkg-kmod-audio,opkg-
 kmod-dvb-tuner,opkg-kmod-fs,opkg-kmod-netfilter,opkg-
 kmod-netfilter-addons,opkg-kmod-tc,opkg-kmod-usbip,opkg-
 kmod-video,pingcheck,ppe,pppoe,pptp,skydns,snmp,ssh,sstp,
 sstp-server,storage,trafficcontrol,transmission,udpxy,
 usb,usbdsl,usblte,usbmodem,usbnet,usbserial,vpnserver,
 vpnserver-l2tp,ydns
 manufacturer: Keenetic Ltd.
 vendor: Keenetic
 series: KN
 model: Giga (KN-1010)
 hw_version: 10108000
 hw_id: KN-1010
 device: Giga
 class: Internet Center
(config)> show sys
 system - display system status information

To simplify working with commands of show group the administrator can go to a special view mode.

(config)> show
Core::Configurator: Done.
(show)> system
 hostname: Keenetic_Giga
 domainname: WORKGROUP
 cpuload: 2
 memory: 51204/262144
 swap: 0/0
 memtotal: 262144
 memfree: 168060
 membuffers: 10564
 memcache: 32316
 swaptotal: 0
 swapfree: 0
 uptime: 7301

Except for viewing commands, a set of diagnostic ones is available to the administrator.

(config)> tools
Core::Configurator: Done.
(tools)>
 arping - send an ARP request to a given host
 ping - send ICMP ECHO_REQUEST to network hosts
 ping6 - send an ICMPv6 echo request to network hosts
 pppoe-discovery - scan available PPPoE servers
 traceroute - do IPv4 network route diagnostics

One can get information about the connection to command line using whoami command.

(config)> whoami
 user: admin
 agent: cli
 host: 192.168.1.200
 mac: 00:15:17:6a:f3:9a
 where: Bridge0

Also we decided to find out with the help of which commands PBR (Policy Based Routing) setting is performed, that is the ability to perform routing based on policies. At the moment reaching a decision about routing can be performed separately for each client device, so the first thing to start configuration is to perform device registration specifying its name and MAC-address.

known host test 00:15:17:6a:f3:9a

The next step is creating a profile in which Internet connections are listed in order of decreasing priority. In our case wireless provider was used at first and then connection to Ethernet-network.

ip policy Policy0
 description second_profile
 permit global WifiMaster0/WifiStation0
 permit global ISP
 permit auto

After that one should list all existing profiles in ip hotspot section and perform binding of client devices to this or that profile.

ip hotspot
 policy Home Policy0
 policy Guest Policy0
 host 00:15:17:6a:f3:9a permit
 host 00:15:17:6a:f3:9a policy Policy0

That's where we proceed to completion of the brief review of the command line interface capabilities and pass directly on to its testing.

Testing

The first test we traditionally begin this section is estimating the booting time of the device, which is a time interval starting with the moment when the power is on until the first echo reply is received via ICMP. Keenetic Giga wireless router boots after 31 seconds. We consider this as a good result.

The second not less than traditional test was a security scanning procedure, which has been carried out using Positive Technologies XSpider 7.8 network security scanner. At first, we performed scanning from LAN-interfaces side using recommended set of components.

On the whole, there were eight open ports discovered. The most interesting data are presented below.

Then we decided to repeat scanning procedure but from WAN-interface side. Scanner didn’t discover any open port, so Keenetic wireless routers are absolutely safe from external attacks with their default settings.

Before start performance tests we would like to get our readers familiar with the key parameters of the test stand we used.

Component PC Laptop
MB ASUS Maximus IX Extreme ASUS GL753VD
CPU Intel Core i7 7700K 4 GHz Intel Core i7 7700HQ 2.8 GHz
RAM DDR4-2133 Samsung 64 Gbyte DDR4-2400 Hyundai 8 Gbyte
NIC Intel X550T2
ASUS PCE-AC88
Realtek PCIeGBE
OS Windows 7 x64 SP1 Windows 10 x64

We decided to start with measuring performance of the device while IPv4 traffic routing with using NAT/PAT translations and without them. Measuring was performed for 1, 5 and 15 simultaneous TCP connections. JPERF utility of 2.0.2 version was used as an instrument for measuring. Both measurements displayed below were performed with hardware routing acceleration enabled by default.

As KN-1010 model is a wireless router, we cannot help but test user data transmission speeds in wireless network segment.

Keenetic Giga supports great number of various tunnel connections so we decided to measure performance of some of them. Data transmission speeds via PPTP and L2TP tunnels are traditionally high. Certainly, using of encryption together with PPTP significantly decreases speeds available to the users. In these tests KN-1010 model was used as a client.

One of the most popular ways of connection to remote networks is OpenVPN tunnel. Another not less than popular way of connection is using of IPSec. Here we used KN-1010 as a server.

It’s worth noting that testing model also supports connections with the help of SSTP protocol. The peculiarity of this connection is ability to set tunnel even if router doesn’t have globally routing address. The results of performance measuring for KN-1010 router working in SSTP-server mode are presented below.

Next version of IP IPv6 is becoming more and more popular. The increase of popularity of this protocol in Russia can be explained by users desire to bypass interlocks set by Roskomnadzor and keep up with the times, implementing new developments the first. Obviously, we cannot help but measure routing speeds for IPv6 packets. On the diagram below obtained speeds while using of hardware accelerator of IPv6 working and without it are displayed.

Different 3G/4G modems, USB printers, flashcards, DECT stations, ADSL/VDSL modems can be connected to USB port of the router. We decided not to miss an opportunity to measure access speeds for data located on our Transcend TS256GESD400K SSD drive of 256 Gbytes connected to USB port of Keenetic Giga router. We consequently formatted drive using the following file systems: EXT2/3/4, NTFS, FAT32 and HFS+. The results of measuring on connection to USB 2.0 and USB 3.0 ports are displayed below.

In addition, we decided to find out which access speeds to data located on USB drive can be obtained by the users connecting to the router with the help of PPTP tunnel without encryption. Measurements were performed for NTFS file system. Obtained data correspond to maximum announced performance of PPTP server (150-200 Mbps) working on Keenetic Giga router. Performance of PPTP client and server built into Keenetic Giga wireless router is significantly different.

In conclusion, we would like to mention about one more test which we performed in parallel with main experiments. With the help of our ADA TempPro-2200 laboratory pirometr we performed measurement of router case temperature under full load. It turned out that maximum temperature of router case was 37 degrees celsius while external temperature was no more than 24 degrees. Obtained temperature value we consider a normal one.

That’s where we complete testing section and move directly to summing it all up.

Summary

On the whole, we are glad with tested Keenetic Giga KN-1010 wireless router, after two years since our previous testing of Zyxel devices a significant work has been performed: hardware performance is increased, web-interface is remarkably revised and updated, device functionality is significantly expanded. The most positive appreciation is reasonably referred to the flexibility of network interfaces settings and new web-interface we consider user-friendly and intuitively understandable even for new users.

Strength areas of Keenetic Giga KN-1010 wireless router are the following:

  • high user data transmission speeds;
  • support of great amount of VPN connection types;
  • flexible configuration of network interfaces;
  • IPv6 support;
  • ability to connect to existing wireless networks;
  • support of two wireless frequency ranges;
  • captive portal option;
  • ability to remotely connect to the router even without global routing address;
  • module firmware structure;
  • ability to set SFP for connection to optical networks;

The only peculiarity that surprised and a bit confused us is inability to manage access to the devices in the local network based on access lists on connection via IPv6. Probably, that’s the only thing that we could refer to the drawbacks in the meantime.

At the moment this review was being written, the average price for Keenetic Giga KN-1010 wireless router in Moscow online shops was 7500 roubles.

ASUS RT-AC86U

Introduction

External design and hardware

Firmware Upgrade

Web-interface

AiMesh

Command line interface

Testing

Summary

Introduction

Today our laboratory hosts ASUS RT-AC86U wireless router that offers a whole set of significant capabilities among which are the support of MU-MIMO, AiMesh and AiProtection, adaptive QoS. All of this became possible thanks to dual-core processor with the support of 64-bits version of instruction set with an operating frequency of 1.8 GHz. But first things first!

External design and hardware

ASUS RT-AC86U wireless router is built to stand up and intended for desk mounting. We’ve already met such form of the case of ASUS network equipment, for example, RT-AC68U and 4G-AC55U models, however, obvious differences exist: the front panel doesn’t have ribby glance cover anymore. Now cover of the front panel is two-colored and mate, common ASUS gaming devices design is discernible. So except for vendor name, LEDs indicating working of the router and its wired and wireless interfaces are located here.

The upper panel has three SMA-connectors for connecting external antennae and the ventilation grate.

The ventilation grate also covers the rare panel of the case. Except for it, sticker with brief information about the device, five Gigabit Ethernet interfaces (four LAN and one WAN), USB 2.0 and USB 3.0 ports, DC-IN port for power connection together with Power button, key button turning off LEDs of the front panel and sunken Reset button are located here.

Two buttons: WPS and button for turning on/off wireless interfaces are placed on one of the sides.

Specialized stand with rubber legs is responsible for positioning the device in vertical mode that allows more convenient placing the router on horizontal surfaces.

Now let’s have a look at the insides of ASUS RT-AC86U wireless router which hardware consists of the only textolite plate of aquamarine color. We don’t consider a small plate of one antenna.

Main elements are placed on both sides of the plate, but before we start describing used electronic components, we would like to take our readers attention to four long antenna cables connecting remote points on the plate. We should admit that we consider such design a bit strange.

Under the long radiator on the right side of the plate, if it can be called like this, there are two protecting screens with technologic holes that get access for reviewing three chips located under them. The system is based on Broadcom BCM4906 processor with dual cores operating on 1.8 GHz frequency. Microschemas Broadcom BCM4365E and BCM4366E with antennae configurations of 3x3:3 and 4x4:4 correspondingly are responsible for wireless network functioning. Also we cannot help but mention that ASUS RT-AC86U wireless router has 512 Mbytes of RAM based on Micron MT41K256M16TW chip.

On the left side of the plate Macronix MX30LF2G18AC flash-memory module of 256 Mbytes is available for review. The whole left side is covered by a big detachable screen.

That’s where we complete review of ASUS RT-AC86U wireless router hardware platform and go directly to studying its software capabilities.

Firmware Upgrade

Upgrade of ASUS RT-AC86U wireless router firmware version can be performed in a rather traditional way: using Firmware Upgrade tab of Administration web-interface menu item. The whole process takes about three minutes and doesn’t require any special knowledge from the user. Upgrade can be performed both in manual and semi-automatic mode.

One can check success rate of firmware upgrade with the help of any web-interface page as firmware version is displayed in the header near device Operation Mode. One can get more detailed info about using firmware with the help of Firmware Upgrade tab of Administration menu. To be reasonable, it’s worth noting that the given page also allows performing update of antivirus signatures in case AiProtection option was activated.

If firmware upgrade was not completed successfully, the router moves to recovery mode which can be identified by turned off power LED. Indirectly TTL value returned in ICMP echo-replies also indicates this. In normal mode TTL = 64 and in recovery mode TTL = 100.

C:\>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<1ms TTL=100
Reply from 192.168.1.1: bytes=32 time<1ms TTL=100
Reply from 192.168.1.1: bytes=32 time<1ms TTL=100
Reply from 192.168.1.1: bytes=32 time<1ms TTL=100
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

One can restore firmware version using Firmware Restoration specialized utility which interface a bit differs from all we reviewed before, however the meaning left the same.

If the administrator cannot use the utility due to any reason, ASUS RT-AC86U router provides one more restoration way: web-server built-in the bootloader to which one can connect with the help of any modern browser. One should just select file with the correct firmware and click Update Software button.

That’s where we bring the review of the questions dedicated to firmware upgrade to a close and pass on to studying the web-interface capabilities of the device.

Web-interface

One can access to web-interface of ASUS RT-AC86U wireless router with the help of any modern browser. After entering correct credentials the device start page is open for the administrator. The web-interface is available in 19 languages.

We will not review all web-interface capabilities of the router in detail but describe the most interesting of them.

In Network Map menu item a new option we haven’t met before is added: AiMesh Node that displays state of wireless Mesh network. Using of wireless Mesh networks is a trendy line for development wireless routers and access points of various vendors. Mesh network allows space covering with wireless network without gaps. Previously the same can be achieved by using repeaters or hybrid WDS connections. Mesh network simplifies the process of wireless network expansion.

Managing of guest wireless networks is performed with the help of menu item of the same name. Creation up to three guest networks in each frequency range is available.

Ai Protection menu item provides access to settings of network security mechanisms and parent control. It’s worth noting that the given functionality was significantly rewritten. As for the capabilities provided before they were expanded and deepened.

Not new but not less useful option is QoS support functionality (Adaptive QoS and Game Boost menu items).

Also during analysis of network performance Traffic Analyzer menu item that contains statistic data about links utilization and displays data about real-time load can be helpful.

The wireless module of the device under test can work in two modes: providing independent network functioning in both frequency ranges and with the support of Smart Connect. In the second way the router can use built-in logic for optimization of client distribution to frequency ranges. However it’s worth noting that the distribution rules are presented in Smart Connect Rule tab of Network Tools menu item. All other tabs of Wireless menu item are rather typical for ASUS wireless equipment. Probably, it’s just worth reviewing Professional tab with the help of which the administrator can decrease mutual influence of Wi-Fi, Bluetooth and USB 3.0, select preferable modulation scheme, enable or disable beamforming mechanism and activate MU-MIMO option that allows the router to serve several wireless clients simultaneously.

Tabs of LAN menu item are rather typical, option of turning on/off hardware acceleration is absent as the given acceleration is used automatically.

Capabilities of WAN menu item are not remarkable as well as they are rather standard for ASUS wireless equipment.

Admirers of IPv6 will be glad with the menu item of the same name. Except for statically or dynamically configuring interface addresses, support of three tunnels using as transitional solution is provided: 6to4, 6in4 and 6rd. Also we cannot help but mention support of DHCP-PD (Prefix Delegation) option which we reviewed in detail in our article dedicated to IPv6.

VPN menu item delighted us with the support of IPSec protocol server. ASUS RT-AC86U wireless router can work as a server for the following tunnel connections: PPTP, OpenVPN and IPSec, simultaneously performing client functions for PPTP, L2TP and OpenVPN connections.

Firewall settings for IPv4 and IPv6 traffic are combined in General tab of Firewall menu item. We should admit that we are a bit surprised with the lack of settings for IPv4 traffic filtration.

Among available for selection operating modes of the device a new one is added: AiMesh Node, in this mode ASUS RT-AC86U can connect to existing wireless routers in AiMesh Router mode and expand their coverage area.

That’s where we bring to the completion of the brief review of web-interface capabilities of ASUS RT-AC86U wireless router and go directly to more detailed review of AiMesh technology.

AiMesh

Mesh networks are becoming more and more popular nowadays. One can even say that for wireless networks it is a trend of 2018. Let’s try to study ASUS implementation of Mesh networks. It’s worth noting here that today we will provide our readers with brief review of this implementation but not bothering with details. We hope that in one of our next reviews we’ll manage to provide more detailed review and testing of this wireless solution.

What for Mesh networks and wireless solutions based on them are needed? The answer is simple: for improving wireless coverage. The modern approach to implementation of wireless networks based on IEEE 802.11 technologies involves setting several wireless routers and access points for minimization of so named “blind zones” in which Wi-Fi coverage is absent or unstable. If one implements provided approach with the help of independent devices then the client has to manually or semiautomatically reconnect between wireless networks created by different access points, select SSID to which the connection should be established. With the help of AiMesh the administrator can unify several devices by using wired and wireless links so that from client perspective the system looks like a whole entity allowing to perform automatic roaming during client movement between coverage areas of different access points. The list of models and more detailed description of the technology one can find on vendor website.

Mesh network consists of wireless equipment of two types: router and one or several nodes connecting to wireless router. ASUS RT-AC86U can perform both specified roles.

In our laboratory we had two ASUS wireless routers with the support of AiMesh: RT-AC86U and GT-AC5300. We decided to provide GT-AC5300 with functions of the central device, whereas RT-AC86U was used as an AiMesh node.

At first we moved RT-AC86U to AiMesh Node mode.

The next step is allowing association from the AiMesh router. To be reasonable, it’s worth noting that selecting of operation mode AiMesh Node drops user settings to the defaults so users don’t need to perform preliminary settings of new equipment that will be used as AiMesh node, one should just unpack it, install in a required place and connect power. Discovering of new AiMesh nodes and their settings are performed with the help of AiMesh wireless router.

Association between an AiMesh node and the router is completed. From this moment the AiMesh node becomes unavailable for direct managing.

For each of associated AiMesh nodes one can view brief information and select preferable way of connection between a node and the router. If there is an ability to unify all AiMesh devices with the help of a wire between each other, certainly, we would recommend to do it. At first, transmission speed and safety of the connection can become significantly higher, secondly, additional wireless channel for connection between the router and nodes is not required. Honestly, in this case the whole AiMesh network becomes similar to an ordinary corporate Wi-Fi network with a controller.

As managing of AiMesh nodes is now performed centrally, to upgrade firmware one should go to Firmware Upgrade tab of Administration menu item of AiMesh router.

That’s where we bring to the completion of the first acquaintance with AiMesh technology and move directly to studying capabilities of the device command line.

Command line interface

Access to the command line of the device can be enabled/disabled with the help of System tab of Administration menu item. The given access can be provided using Telnet and SSH protocols. Certainly, we recommend using the second one due to security reasons.

Login and password used for the access to the command line interface are the same as for the router web-interface access. Firmware of the testing model is built on Linux OS with a kernel of version 4.1.27 using BusyBox of version 1.24.1.

RT-AC86U login: admin
Password:
admin@RT-AC86U:/tmp/home/root# cd /
admin@RT-AC86U:/# uname -a
Linux RT-AC86U 4.1.27 #2 SMP PREEMPT Mon Mar 26 11:31:50 CST 2018 aarch64
admin@RT-AC86U:/# busybox
BusyBox v1.24.1 (2018-03-26 10:58:36 CST) multi-call binary.
BusyBox is copyrighted by many authors between 1998-2015.
Licensed under GPLv2. See source distribution for detailed
copyright notices.
Usage: busybox [function [arguments]...]
 or: busybox --list
 or: function [arguments]...
 BusyBox is a multi-call binary that combines many common Unix
 utilities into a single executable. Most people will create a
 link to busybox for each function they wish to use and BusyBox
 will act like whatever it was invoked as.
Currently defined functions:
 [, [[, add-shell, arp, arping, ash, awk, basename, bash, blkid, blockdev, cat, chmod, chown, chpasswd, chrt, clear, cmp, cp, crond, cut, date, dd, depmod, df, dirname, dmesg, du, echo, egrep,
 env, ether-wake, expr, false, fatattr, fdisk, fgrep, find, flock, free, fsck, fsck.minix, fstrim, fsync, ftpget, grep, gunzip, gzip, halt, head, ifconfig, insmod, ionice, kill, killall,
 klogd, less, ln, logger, login, logread, ls, lsmod, lsusb, md5sum, mdev, mkdir, mknod, mkswap, modprobe, more, mount, mv, nc, netstat, nice, nohup, nslookup, pidof, ping, ping6, poweroff,
 printf, ps, pwd, pwdx, readlink, reboot, remove-shell, renice, rm, rmdir, rmmod, route, sed, setconsole, sh, sleep, smemcap, sort, strings, stty, swapoff, swapon, sync, syslogd, tail, tar,
 taskset, telnetd, test, tftp, tftpd, top, touch, tr, traceroute, traceroute6, true, tty, udhcpc, umount, uname, unzip, uptime, usleep, vconfig, vi, watch, wc, which, zcat, zcip
admin@RT-AC86U:/#

With the help of ps command, let’s see which processes are currently running on the device. Top utility shows information on the current activity of the launched processes. We decided to present outputs of the given utilities in an individual file.

Contents of /bin, /sbin, /usr/bin and /usr/sbin catalogues together with sysinfo utility output we present in a separate file as well. So, for example, there is tcpcheck utility in /sbin catalogue which allows checking if a particular TCP port is open on a particular host.

admin@RT-AC86U:/# tcpcheck
usage: tcpcheck [host:port]
admin@RT-AC86U:/# tcpcheck 10 192.168.1.3:23
192.168.1.3:23 failed
admin@RT-AC86U:/# tcpcheck 10 192.168.1.1:23
192.168.1.1:23 is alive
admin@RT-AC86U:/#

Now let's turn to /proc catalogue to view its contents and find out the system uptime, its average utilization, information on the CPU installed, and the amount of RAM. Actually, system uptime and average utilization can be also obtained using uptime command.

admin@RT-AC86U:/# cd /proc
admin@RT-AC86U:/proc# ls
1 1179 16 22 4 58 736 777 805 bus fcache led scsi tty
10 1199 167 2283 49 588 737 779 838 cmdline filesystems loadavg self uptime
1007 12 17 23 5 59 738 781 879 config.gz fs locks slabinfo version
1015 1200 18 24 52 592 745 789 881 consoles interrupts meminfo socinfo vmallocinfo
1018 13 19 25 53 6 752 791 9 cpuinfo iomem misc softirqs vmstat
1022 1348 2 26 54 656 758 792 990 crypto ioports modules stat wfd
1025 1350 201 27 56 678 761 793 994 device-tree irq mounts swaps zoneinfo
1026 14 205 28 565 679 763 794 997 devices kallsyms mtd sys
11 15 206 282 566 691 765 796 998 diskstats kcore net sysrq-trigger
1131 1511 21 295 57 693 766 797 bcmlog driver kmsg nvram sysvipc
1139 1512 2116 3 571 7 767 8 brcm emf kpagecount pagetypeinfo thread-self
1176 1513 214 317 572 731 768 803 buddyinfo execdomains kpageflags partitions timer_list
admin@RT-AC86U:/proc# cat uptime
4342.18 8641.86
admin@RT-AC86U:/proc# cat loadavg
3.50 3.70 3.65 1/125 2289
admin@RT-AC86U:/proc# cat cpuinfo
processor : 0
BogoMIPS : 100.00
Features : fp asimd evtstrm aes pmull sha1 sha2 crc32
CPU implementer : 0x42
CPU architecture: 8
CPU variant : 0x0
CPU part : 0x100
CPU revision : 0
processor : 1
BogoMIPS : 100.00
Features : fp asimd evtstrm aes pmull sha1 sha2 crc32
CPU implementer : 0x42
CPU architecture: 8
CPU variant : 0x0
CPU part : 0x100
CPU revision : 0
admin@RT-AC86U:/proc# cat socinfo
SoC Name :BCM4906
Revision :A0
admin@RT-AC86U:/proc# uptime
 04:13:03 up 1:13, load average: 3.04, 3.58, 3.60
admin@RT-AC86U:/proc#

We can't help but mention nvram utility that allows changing certain important device operation parameters. To be honest, we should also notice that capabilities of the given command are a bit different from ones we reviewed for other models.

admin@RT-AC86U:/proc# nvram
usage:
nvram [get] :get nvram value
 [set name=value] :set name with value
 [unset name] :remove nvram entry
 [show] :show all nvrams
 [dump] :show all nvrams tuples
 [setflag bit=value] :set bit value
 [getflag bit] :get bit value
 [save] :save nvram to a file
 [restore] :restore nvram from saved file
 [erase] :erase nvram partition
 [commit [restart]] :save nvram [optional] to restart wlan
 [kernelset] :populate nvram from kernel configuration file
 [save_ap] :save ap mode nvram to a file
 [save_rp_2g] :save 2.4GHz repeater mode nvram to a file
 [save_rp_5g] :save 5GHz repeater mode nvram to a file
 [save_rp_5g2] :save 5GHz high band repeater mode nvram to a file [triband]
 [fb_save file] :save the romfile for feedback
admin@RT-AC86U:/proc# nvram show | grep admin
size: 54542 bytes (76530 left)
acc_list=admin>adminpassword
acc_webdavproxy=admin>10
http_username=admin
admin@RT-AC86U:/proc#

So, for example, using nvram utility one can turn off STP on LAN interfaces of RT-AC86U router.

admin@RT-AC86U:/proc# nvram show | grep stp
lan1_stp=1
lan_stp=1
size: 54542 bytes (76530 left)
admin@RT-AC86U:/proc# nvram set lan_stp=0
admin@RT-AC86U:/proc# nvram commit
admin@RT-AC86U:/proc# nvram show | grep stp
lan1_stp=1
lan_stp=0
size: 54542 bytes (76530 left)
admin@RT-AC86U:/proc# reboot

That is where we bring the brief review of the router command line interface capabilities to a close and pass on to testing the device.

Testing

Traditionally we start testing section with estimating the booting time of the device, which is a time interval starting with the moment when the power is on until the first echo reply is received through ICMP. ASUS RT-AC86U wireless router boots in 72 seconds. We consider this result normal.

The second not less than traditional test is a security scanning procedure, performing with the help of a security scanner Positive Technologies XSpider 7.8. On the whole, there were 14 open ports discovered. The most interesting discovered data are presented below. Obviously, we informed vendor about discovered vulnerability straight away. Based on official announce of ASUS representatives, RT-AC86U wireless router uses DNS server that is not exposed to CVE-2004-0789 vulnerability and the given scanner result is false positive.

Before getting down to performance tests we would like to get our readers familiar with the main parameters of the test stand we used.

Component PC Laptop
Motherboard ASUS Maximus IX Extreme ASUS GL753VD
CPU Intel Core i7 7700K 4 GHz Intel Core i7 7700HQ 2.8GHz
RAM DDR4-2133 Samsung 64 GByte DDR4-2400 Hyundai 8 GByte
NIC Intel X550T2
ASUS PCE-AC88
Realtek PCIeGBE
OS Windows 7 x64 SP1 Windows 10 x64

The first performance test was measuring of user data transmission speeds on device performing routing with NAT/PAT. Measurements were performed for 1, 5 and 15 simultaneous TCP sessions with window size increased to 100 Mbytes. As a measuring instrument utility JPERF of 2.0.2 version was used. The results of measurements are shown on the diagram below.

We turned off NAT/PAT translations and checked device performance during ordinary routing of IPv4 traffic.

We cannot help but check router operating with IPv6 traffic.

ASUS RT-AC86U wireless router supports great amount of different tunnel connections part of which are used for connection to provider or remote networks while others can be used for support of remote connections to the device itself. Certainly, we found out which maximum throughputs can be available when this or that tunnel connection is used. We decided to start with PPTP so popular among Windows users. The measurements were performed with enabled encryption and without it.

We should notice that we were surprised with obtained speeds.

The next step was tunnel connection with the help of L2TP. The results of measurements are similar to PPTP connection without encryption.

In recent years connection to remote networks with the help of OpenVPN protocol is becoming more and more popular, obviously, we cannot help but use this protocol in our tests as well.

Our first acquaintance with ASUS network equipment started with wired routers of SL line which differential peculiarity was support of tunnels using IPSec. For a long time we haven’t seen support of this protocol in SOHO devices of top vendors, however, fortunately, it seems that IPSec trend is coming back and support of this tunnel connection occurs among capabilities of network devices of various vendors. We decided not to miss the opportunity to measure ASUS RT-AC86U performance on working with IPSec in remote access mode.

As ASUS RT-AC86U is a wireless router, we performed measuring of available to the users transmission speeds between wired and wireless segments. The measurements were performed in both frequency ranges.

The tested model has USB 2.0 and USB 3.0 ports. We connected our external testing SSD Transcend TS256GESD400K of 256 Gbytes and performed measurements of access speeds to data placed on it. The measurements were performed for five file systems: EXT2/3, FAT32, NTFS, and HFS+.

On pages of different forums we see often questions about access speed to USB drive using connection via tunnel. On the diagram below one can view comparison of access speeds to SSD while using tunnel and without it. NTFS was used as a file system.

Using of encrypted tunnel has a great influence even on rather slow file operations.

Also we decided to find out how much the model under review heats up during testing procedures. We decided to start with using of built-in sensors displaying CPU temperature.

admin@RT-AC86U:/# cat /sys/class/thermal/thermal_zone0/temp
76307

Presented number displays temperature in thousandths of Celsius degree, so internal chip temperature is equal to 76,3 degrees Celsius. Is it much or little? Though on a first glance it seems that this is rather much, in reality one should remember that it is an internal temperature of SoC processor. Also we decided to measure temperature of the case cover with the help of our laboratory pyrometer ADA TemPro-2200. It occurred that case temperature doesn’t exceed 37 degrees Celsius, whereas external temperature in the room in these summer days was 25 degrees Celsius. As measurements were performed using contactless way, external temperature of chips and protecting screen was available for measuring as well. It occurred that external surfaces of the plate can heat up to 48 degrees Celsius, however we should remember that these surfaces are not available for user direct contact.

That's where we draw the testing part to a close and move on to summing it all up.

Summary

On the whole, we are glad with tested ASUS RT-AC86U wireless router that presented stably high speeds both in wired and wireless segment. Among the innovations regarding this model we can mention support of MU-MIMO, mesh networks and built-in VPN server for IPSec.

The strength areas of ASUS RT-AC86U wireless router are the following.

  • High data transmission speeds in both frequency ranges
  • Support of MU-MIMO
  • High speeds of IPv6 traffic routing
  • High performance of VPN servers and clients
  • Support of NitroQAM modulation
  • Smart Connect option
  • High access speeds to data placed on USB drive
  • Support of wireless mesh networks
  • Functions of users network security
  • Support of DHCP-PD option for IPv6 networks

Unfortunately, we cannot help but mention discovered drawbacks of the device.

  • The web-interface is not completely translated
  • Relatively high price

When this review was being written, average price of ASUS RT-AC86U wireless router in Moscow e-shops was 16000 roubles.

As of this writing, the best price for ASUS RT-AC86U in German-speaking Europe countries, according to website Geizhals Preisvergleich, was about 200 euro.