New ZyXEL Keenetic Ultra II and Giga III Wireless Routers

Introduction

External design and hardware

Firmware upgrade

Web-interface

Command line

Testing

Conclusion

Introduction

We were invited to the presentation of new ZyXEL Keenetic Ultra II and Giga III wireless routers about two months ago. Both devices have Gigabit Ethernet ports, support AC1200 wireless standard, and are meant to be used at home or in small offices. Our test lab still hasn't published reviews of network equipment by ZyXEL company. But there's the first time in everything, isn't there? That's why we decided to write a review and test these two models. Since Ultra II and Giga III are quite similar (both when it comes to performance and capabilities), we decided to offer our readers one article that reviews both devices. Let's get started!

External design and hardware

Both devices come in black plastic cases with dimensions of 187x122x37 mm (not considering the antennae). The external antennae of 5 dBi are non-detachable and are located on the side panels. Ultra II router weighs 310 grams and Giga III weighs 290 grams. Both models require an external power unit (included in the box) with the following characteristics for correct operation: 12 V and 2.5 А.

The biggest part of the upper panel of both devices is a ribbed pattern. Here one can find a sticker with the brief description of the model capabilities and WPS button.

The front panel has LEDs indicating the device status as well as the status of its wireless modules and USB ports. A configurable indicator and an indicator that shows the availability of access to the Internet are located here, too.

Both side panels are perforated. On one of them there are two USB ports (USB 2.0 and USB 3.0) and two software  buttons.

The bottom panel is perforated too and has a sticker with the brief information about the device. Also, two rubber legs and two mounting holes are located here. ZyXEL Keenetic Giga III and Ultra II wireless routers are meant both for desk and wall mounting.

Rear panels of the models under review are a bit different though. Giga III model has four LAN ports and one WAN Gigabit Ethernet port, Reset button, and a slot for connection of the external power unit together with ON/OFF button. Ultra II wireless router has seven LAN ports.

Now let's have a look at the insides of the devices. Unfortunately, all primary electronic elements are covered with protective metal screens and are inaccessible for review. The only element accessible for inspection in both models was the Spansion S34ML01G200TFI00 flash memory module with the size of 128 Mbytes. The official sources claim that both of the devices are fitted with DDR3 256 Mbyte RAM. Giga III model is powered by single-core MediaTek MT7621S SoC CPU that operates at 880 MHz frequency, whilst Ultra II model is fitted with a dual-core MT7621A SoC CPU that operates at the same frequency.

We decided to provide our readers with photos of the electronic stuffing of ZyXEL Keenetic Giga III wireless router.

Also, we just could not help it but publish photos of the main card of Ultra II model.

Now let's pass on to reviewing the software capabilities of the devices.

Firmware upgrade

Firmware update may be carried out via the web-interface both in manual and semi-automatic mode. Naturally, in order to update the firmware in the automatic mode one needs to be connected to the Internet. Upon detecting a newer firmware version on the vendor servers, one will see the corresponding notification in Dashboard tab, Device dashboard menu.

Manual firmware update is done using Files tab, System menu.

An administrator can make sure that the firmware update has been executed successfully in System tab, Device dashboard menu. Automatic update of all installed components is performed upon firmware update. After the initial firmware update has been successfully carried out, the user will be able to select the necessary components using Update tab, System menu.

It's worth noticing that the administrator can choose the applicable components that should be installed in the device using Update tab, System menu.

The administrator can review the installed firmware version and update it using command line, too. Show version command displays the data about the current firmware version.

(config)> show version
 release: v2.06(AAUW.1)A4
 arch: mips
 ndm:
 exact: 0-fe174cf
 cdate: 1 Oct 2015
 bsp:
 exact: 0-58f6634
 cdate: 1 Oct 2015
 manufacturer: ZyXEL
 vendor: ZyXEL
 series: Keenetic series
 model: Keenetic
 hw_version: 80280000-D
 hw_id: kng_re
 device: Keenetic Giga III
 class: Internet Center

Components sync command is used to check the availability of the updated firmware and components.

(config)> components sync
Components::Manager error[268369922]: updates are available for this system.
 А       2.06.A.5
 А                   А                    А          А                    А                      А
 А                              А                        TVport
А                             А           А   IPTV
 А                   DLNA-     А     А
 А                А                                              -         А

Components commit command is used for execution of firmware update (the command output is partially omitted).

(config)> components commit
Components::Manager: Update of components started.
 progress, name = Components::Manager: 0
 progress, name = flash:firmware: 0
 progress, name = Components::Manager: 2
 progress, name = flash:firmware: 0
 progress, name = Components::Manager: 4
 progress, name = flash:firmware: 0
 progress, name = Components::Manager: 98
 progress, name = flash:firmware: 0
 progress, name = Components::Manager: 100
 progress, name = flash:firmware: 0
 file_size: 8257596
(config)>
Connection to host lost.

The administrator can make sure that the firmware update has been executed successfully using show version command, too.

(config)> sho ver
 release: v2.06(AAUW.2)A5
 arch: mips
 ndm:
 exact: 0-5db8bde
 cdate: 29 Oct 2015
 bsp:
 exact: 0-b270fe8
 cdate: 29 Oct 2015
 ndw:
 version: 4.1.0.137
 features: wifi_button,wifi5ghz,usb_3,flexible_menu,
 emulate_firmware_progress
 components: cloud,dot1x,fat,hfsplus,json,kabinet,
 miniupnpd,nathelper-ftp,nathelper-pptp,nathelper-sip,
 ntfs,ppe,usblte,usbserial,base,cifs,cloudcontrol,
 components,config-ap,config-repeater,config-client,
 corewireless,easyconfig,ftp,dhcpd,igmp,madwimax,l2tp,ppp,
 pptp,pppoe,skydns,storage,usb,usbnet,usbmodem,ydns,base-
 l10n,printers,sysmode,theme-ZyXEL-Intl,base-theme,
 easyconfig-3.2,modems,base-ZyXEL-Intl,ispdb
 manufacturer: ZyXEL
 vendor: ZyXEL
 series: Keenetic series
 model: Keenetic
 hw_version: 80280000-D
 hw_id: kng_re
 device: Keenetic Giga III
 class: Internet Center

Another firmware update method that we haven't pointed out is copying the firmware update file using FTP .

One can access the FTP server built-in in the router using any modern FTP  client that supports connections in the passive mode. After the user has connected successfully, s/he will need to change firmware file to the new one that contains the newer firmware version. Once the file has been successfully copied, the device will need to be rebooted.

That is where we bring the review of the firmware update process to a conclusion and pass on to examining capabilities of the device web-interface.

Web-interface

Before reviewing the web-interface capabilities of ZyXEL Keenetic Ultra II and Giga III wireless routers, we installed all available add-ons so that our review would be more complete.

The main menu is located at the bottom of the page. We decided to start reviewing the web-interface capabilities from Device dashboard menu that lets the administrator obtain information about the status of the whole device as well its interfaces, review the routing table and find out the utilization of the main hardware resources, and review the list of connected clients and external devices.

Management of the access to the WAN is done using tabs in Broadband menu. A wide variety of parameters in tabs in Broadband menu may puzzle a newby . That's exactly why a special wizard, which helps the user perform simple step-by-step configuration of the router, will be launched upon the first connection to the device. One can access this wizard using NetFriend button in Summary tab.

To tell you the truth, we were pleasantly surprised at the choice of possible connection methods. Apart from traditional connection variants, IPoE, VPN (PPTP/L2TP/PPTP), 802.1X, and 3G/4G, Keenetic Ultra II and Giga III wireless routers let the user get connected to wireless networks in 2.4 GHz and 5 GHz frequency ranges. ZyXEL company decided not to divide their Internet centres into ADSL and Ethernet routers. Instead of it, all devices in Keenetic series are equipped with an Ethernet WAN port. Connection to ADSL or VDSL service providers is carried out using a special-purpose USB modem that should be connected to the router. Management of the access to the WAN is done using sub-groups of Internet group. It's worth mentioning apart that the administrator can configure the wired connection in a flexible mode. For example, by using a certain virtual network in the trunk towards the service provider or getting connected an IP phone or a set-top box to any port of the device.

The Keenetic series devices let the user get connected not only to traditional IPv4 networks but also to the new generation networks that use IPv6. The corresponding settings are available in the same-named tab in Broadband menu. The connection is performed using 6in4 tunnels. In case if the service provider offers support of IPv6 with the automatic configuration of IP parameters by themselves, for example using SLAAC (Stateless address autoconfiguration), the configuration of the router will be performed automatically without any involvement of the user.

The owner of Keenetic routers can get connected to several service providers. Several connections can be used for reserving of the main access channel to the Internet. Configuration of parameters of the channel operability check is done in Ping Check tab in the same menu.

Extra tab is used to specify static routes and addresses of DNS servers.

Hosts tab in Home menu is used to obtain the list of devices located in the local network and the list of applications launched on them as well as rate-limit one of the devices.

Segments tab is meant for management of the local network segments. This tab is used to merge various local network interfaces and manage the DHCP server operation.

Enabling or disabling IntelliQoS features, which analyzes the application traffic and reserves the bandwidth for transfer of certain data, is used in the same-named tab.

Some cases may require that the clients receive IP addresses from a certain external DHCP server, which is located in the other network segment, for example, from the DHCP server of the service provider. ZyXEL Ultra II and Giga III wireless routers let the administrator relay broadcast DHCP messages to a certain host. These settings are available in DHCP Relay tab.

In order to provide access to the Internet for local users the router must perform NAT/PAT translations. Enabling and disabling of translations is performed using NAT tab. Routing between user segments in the local network is performed without translations.

IGMP Proxy and udpxy server are meant for management of multicast receipt by the user. This feature is predominantly used for delivery of IPTV service.

Wireless menu item lets the administrator configure the wireless module of the routers operating as an access point. Also, here one can perform filtration of clients that were permitted connection based on their MAC addresses.

Configuration of the network address translation parameters as well as management of the firewall and protection via DNS is performed using Security menu.

Tabs in System menu are meant for management of the key operation parameters of the whole router, firmware update, reviewing the log data, launching diagnostics procedures, capturing network packets, changing the device operation mode, managing users, and obtaining access to the main system files.

Auxiliary protocols and services are configured using tabs in Applications menu. Here the user can manage SMB/CIFS, FTP, IPSec, DLNA, and BitTorrent protocols as well as grant an access to catalogs and cloud clients.

In the latest firmware versions, which we were provided by the vendor, an extra tab called Opkg was added in Applications menu. It lets the administrator install third-party software add-ons. Earlier this feature was unavailable in NDMS v.2 OS. We hope that in the near future this capability will become available in the official versions of firmware, accessible by common users, too.

 

One can connect various devices to the USB port of the routers under review. For example, 3G/4G modems, printers, flash cards and external HDDs, and ADSL/VDSL modems. Apart from it, various special-purpose devices like Keenetic Plus DECT—a USB module of the wireless telephone base operating in DECT mode—can be connected to the routers too.

 

Management of a basic DECT base, if the user owns it, is done using tabs in DECT menu. Connection of DECT handsets is possible only to SIP operators. Connection to PSTN/POTS is not supported.

That is where we bring review of the web-interface of ZyXEL Keenetic Ultra II and Giga III wireless routers to a conclusion and pass on to examining capabilities of their command line.

Command line

Command line interface of ZyXEL Keenetic Ultra II and Giga III wireless routers is different from the one we saw in other SOHO devices. NDMS OS, though built on *nix OS base, doesn't provide the administrator access to shell. That is why we will review the capabilities of the built-in command interpreter. Obviously, examining all capabilities of the command line is not our aim and if the user wants to do this, s/he is welcome to get acquainted with the user's manual. However, we will still get you familiar with the most interesting commands. The command line interface under review is similar to CLI in devices by Cisco System, but there are a lot of differences too. In order to access the command line one needs to use the same login and password as for the connection to the device web-interface.

Login: admin
Password: ********
(config)>
 system - maintenance functions
 ntp - configure NTP
 schedule - schedule configuration
 known - manage lists of known network objects
 access-list - configure network access lists
 isolate-private - configure if traffic may pass between "private" interfaces
 dyndns - configure DynDns profiles
 yandexdns - configure Yandex.DNS profiles
 skydns - configure SkyDns profiles
 ndns - configure NDNS
 ping-check - configure ping-check profiles
 interface - network interface configuration
 ip - configure IP parameters
 telnet - manage Telnet server service
 pppoe - configure PPPoE parameters
 kabinet - configure kabinet authenticator
 ppe - configure Packet Processing Engine
 upnp - configure UPnP parameters
 torrent - configure torrent service parameters
 udpxy - configure udpxy
 crypto - configure IPsec
 igmp-proxy - configure IGMP
 user - configure user account
 vpn-server - configure VPN server
 service - manage services
 ftp - manage FTP server service
 cifs - manage CIFS service
 dlna - manage DLNA service
 dns-proxy - manage DNS proxy service
 whoami - display info about the current management session
 printer - printer configuration
 more - view text file
 ls - list directory contents
 copy - copy files
 erase - erase file or empty directory
 monitor - manage monitor services
 show - display various diagnostic information
 tools - tools for testing the environment
 opkg - Open Package configuration
 easyconfig - configure Easyconfig services
 components - manage firmware components
 cloud - manage cloud services

Several configuration sub-modes are supported. For example, in order to change parameters of a certain interface, one will need to switch to the applicable operation mode.

(config)> int
 interface - network interface configuration
(config)> interface
 Usage template:
 interface {name}
 Choose:
 Pvc
 Vlan
 CdcEthernet
 UsbModem
 UsbDsl
 AsixEthernet
 Davicom
 UsbLte
 YotaOne
 Bridge
 PPPoE
 PPTP
 L2TP
 L2TPoverIPsec
 TunnelGre
 GigabitEthernet0
 GigabitEthernet0/0
 1
 GigabitEthernet0/1
 2
 GigabitEthernet0/2
 3
 GigabitEthernet0/3
 4
 GigabitEthernet1
 ISP
 GigabitEthernet1/0
 0
 WifiMaster0
 WifiMaster0/AccessPoint0
 AccessPoint
 WifiMaster0/AccessPoint1
 GuestWiFi
 WifiMaster0/AccessPoint2
 WifiMaster0/AccessPoint3
 WifiMaster0/WifiStation0
 WifiMaster1
 WifiMaster1/AccessPoint0
 AccessPoint_5G
 WifiMaster1/WifiStation0
 GigabitEthernet0/Vlan1
 Bridge0
 Home
(config)> interface Bri
 Usage template:
 interface {name}
 Choose:
 Bridge
 Bridge0
(config)> interface Bridge0
(config-if)>
 name - change interface name
 description - set interface description
 role - interface role configuration
 traffic-shape - set traffic rate limit
 dyndns - DynDns updates
 inherit - add Ethernet interface to a Bridge (with inheritance)
 include - add Ethernet interface to a Bridge
 tx-queue - set TX queue length
 mac - configure MAC parameters
 security-level - assign security level
 debug - enable connection debugging
 authentication - configure authentication
 ip - configure IP parameters
 igmp - configure IGMP parameters
 ping-check - ping-check configuration
 vdsl - configure VDSL parameters
 up - enable interface
 down - disable interface
 schedule - interface up/down schedule

Management of the transmitter power, wireless channel, and compatibility modes is allowed for the wireless interfaces. Also, the administrator may specify the country code where the device is used. By using traffic-shape command the administrator can rate-limit the user data transfer for any interface including wireless ones.

(config)> interface WifiMaster0
(config-if)>
 name - change interface name
 description - set interface description
 role - interface role configuration
 traffic-shape - set traffic rate limit
 dyndns - DynDns updates
 tx-queue - set TX queue length
 mac - configure MAC parameters
 debug - enable connection debugging
 rf - change RF settings
 ip - configure IP parameters
 country-code - set country code
 compatibility - set 802.11 compatibility (use parameters like BG or ABGN)
 channel - set radio channel
 power - set transmission power level
 preamble-short - enable short preambles
 vdsl - configure VDSL parameters
 up - enable interface
 down - disable interface
 schedule - interface up/down schedule
(config-if)> tra
 traffic-shape - set traffic rate limit
(config-if)> traffic-shape
 Usage template:
 traffic-shape rate {rate}
(config-if)> rol
 role - interface role configuration
(config-if)> role
 Usage template:
 role {role} [for {ifor}]
 Choose:
 inet
 iptv
 voip
(config-if)> coun
 country-code - set country code
(config-if)> country-code
 Usage template:
 country-code {code}
(config-if)> chan
 channel - set radio channel
(config-if)> channel
 Usage template:
 channel {channel} | width ...
 width - set radio channel width
(config-if)> powe
 power - set transmission power level
(config-if)> power
 Usage template:
 power {power}
(config-if)>exit
(config)> interface AccessPoint
(config-if)>
 name - change interface name
 description - set interface description
 role - interface role configuration
 traffic-shape - set traffic rate limit
 dyndns - DynDns updates
 tx-queue - set TX queue length
 mac - configure MAC parameters
 security-level - assign security level
 debug - enable connection debugging
 wps - enable WPS functionality
 authentication - configure authentication
 encryption - configure encryption parameters
 ip - configure IP parameters
 igmp - configure IGMP parameters
 ping-check - ping-check configuration
 ssid - set wireless ESSID
 hide-ssid - disable SSID broadcasting on the access point
 wmm - enable Wireless Multimedia Extensions on this interface
 vdsl - configure VDSL parameters
 up - enable interface
 down - disable interface
 schedule - interface up/down schedule
(config-if)> en
 encryption - configure encryption parameters
(config-if)> encryption
 key - set wireless encryption key
 enable - enable wireless encryption (WEP by default)
 disable - disable wireless encryption
 wpa - enable WPA version 1 (TKIP) encryption
 wpa2 - enable WPA version 2 (AES) encryption

Management of access lists is carried out using access-list command.

(config)> acce
 access-list - configure network access lists
(config)> access-list
 Usage template:
 access-list {acl}
(config)> access-list test
 deny - add prohibitive rule
 permit - add permissive rule
(config)> access-list test pe
 permit - add permissive rule
(config)> access-list test permit
 Usage template:
 permit ((tcp | udp) {source} {source-mask} [port (lt | gt | eq)
 {source-port}] {destination} {destination-mask} [port (lt | gt
 | eq) {destination-port}]) | (icmp {source} {source-mask}
 {destination} {destination-mask}) | (ip {source} {source-mask}
 {destination} {destination-mask})
 Choose:
 tcp
 udp
 icmp
 ip

One can install an access list to the interface using ip access-group interface command.

(config-if)> ip access-group
 Usage template:
 access-group {acl} {direction}

Management of NAT/PAT translations is done using ip nat and ip static commands.

(config)> ip nat
 Usage template:
 nat (({address} {mask}) | {interface}) | vpn ...
 vpn - add NAT rule
 Choose:
 GigabitEthernet1
 ISP
 WifiMaster0/AccessPoint0
 AccessPoint
 WifiMaster0/AccessPoint1
 GuestWiFi
 WifiMaster0/AccessPoint2
 WifiMaster0/AccessPoint3
 WifiMaster0/WifiStation0
 WifiMaster1/AccessPoint0
 AccessPoint_5G
 WifiMaster1/WifiStation0
 GigabitEthernet0/Vlan1
 Bridge0
 Home
(config)> ip static
 Usage template:
 static [tcp | udp] ({interface} | ({address} {mask})) (({port}
 through {end-port} {to-address}) | ({port} {to-address} [{to-
 port}]) | {to-address})
 Choose:
 GigabitEthernet1
 ISP
 WifiMaster0/AccessPoint0
 AccessPoint
 WifiMaster0/AccessPoint1
 GuestWiFi
 WifiMaster0/AccessPoint2
 WifiMaster0/AccessPoint3
 WifiMaster0/WifiStation0
 WifiMaster1/AccessPoint0
 AccessPoint_5G
 WifiMaster1/WifiStation0
 GigabitEthernet0/Vlan1
 Bridge0
 Home

As a matter of course, the routers under review support static entries in the routing table. Their management is done using ip route command.

(config)> ip route
 Usage template:
 route (({network} {mask}) | {host} | default) (({gateway}
 [{interface}]) | {interface}) [auto] [{metric}]

The user can review the contents of a certain catalog using ls command, whilst more command displays the contents of a certain file (we have intentionally omitted the command output in our listing).

(config)> ls
 Usage template:
 ls [{directory}]
 Choose:
 ndm:
 flash:
 temp:
 proc:
 sys:
 storage:
 usb:
(config)> ls fla
 Usage template:
 ls [{directory}]
(config)> ls flash:
 rel: flash:
 entry, type = R:
 name: default-config
 size: 3315
 entry, type = R:
 name: firmware
 size: 11403324
 entry, type = R:
 name: startup-config
 size: 6064
(config)> more flash:default-config
! $$$ Model: ZyXEL Keenetic Giga III
! $$$ Version: 2.0
! $$$ Agent: default
system
 set net.ipv4.ip_forward 1
 set net.ipv4.tcp_fin_timeout 30
 set net.ipv4.tcp_keepalive_time 120
 set net.ipv4.netfilter.ip_conntrack_tcp_timeout_established 1200
 set net.ipv4.netfilter.ip_conntrack_max 16384
 set vm.swappiness 100
 set dev.usb.force_usb2 0
 hostname Keenetic_Giga
 clock timezone Moscow
 domainname WORKGROUP
!
ntp server 0.pool.ntp.org
ntp server 1.pool.ntp.org
ntp server 2.pool.ntp.org
ntp server 3.pool.ntp.org

Management of various auxiliary services is done using service command.

(config)> service
 dhcp - start DHCP service
 dns-proxy - enable DNS proxy
 igmp-proxy - enable IGMP proxy
 dhcp-relay - start DHCP relay service
 ftp - enable FTP server
 cifs - enable CIFS server
 dlna - enable DLNA server
 http - start Web interface
 telnet - start telnet service
 ntp-client - start NTP client
 upnp - start UPnP service
 torrent - start torrent service
 udpxy - enable udpxy
 kabinet - start Kabinet authenticator
 vpn-server - enable VPN server
 ipsec - enable IPsec
 cloud-control - enable cloud control service

Changing system operation parameters is done using system command.

(config)> sys
 system - maintenance functions
(config)> system
 reboot - restart the system
 set - adjust system settings
 button - setup system button functions
 hostname - set the host name
 clock - change system clock settings
 domainname - set the domain name
 configuration - manage system configuration
 log - manage system logging
 mount - mount USB disk partition
 drivers - manage kernel drivers
 swap - set swap area
 debug - enable system debug
 mode - select system operating mode
(config)> system con
 configuration - manage system configuration
(config)> system configuration
 save - save the system configuration asynchronously
 factory-reset - reset the system configuration to factory defaults

In order to get acquainted with the current device operation parameters one must use show command. For example, show interface command is used for displaying the information about all network interfaces.

(config)> show
 version - display firmware version
 system - display system status information
 drivers - view list of loaded kernel drivers
 processes - view list of running processes
 interface - display interface status
 dot1x - 802.1x supplicant status
 skydns - display SkyDns parameters
 log - display system log
 running-config - view running configuration
 ip - display IP parameters
 ppe - show "binded" PPE entries
 upnp - display UPnP rules
 ipsec - display internal IPsec status
 ftp - display FTP server status
 cifs - display cifs server status
 dlna - display DLNA server status
 torrent - display torrent service information
 vpn-server - show VPN server status
 cloud - display status of the cloud service
 ndns - show NDNS status
 easyconfig - display EasyConfig information
 dyndns - show DynDns profile status
 ping-check - show ping-check profile status
 site-survey - display available wireless networks
 associations - shows a list of associated wireless stations
 button - display system button information
 clock - display system clock information
 ntp - display NTP parameters
 schedule - display system environment
 crypto - display IPsec information
 usb - display USB device list
 printers - display attached printer list
 tags - show available authentication tags
 kabinet - display Kabinet authenticator parameters
 monitor - show monitor status
(config)> show ver
 release: v2.06(AAUW.6)A6
 arch: mips
 ndm:
 exact: 0-845e4dd
 cdate: 19 Nov 2015
 bsp:
 exact: 0-64572cb
 cdate: 19 Nov 2015
 ndw:
 version: 4.1.0.156
 features: wifi_button,wifi5ghz,usb_3,flexible_menu,
 emulate_firmware_progress
 components: cloud,ddns,dot1x,factory,fat,hfsplus,json,
 kabinet,miniupnpd,monitor,nathelper-ftp,nathelper-pptp,
 nathelper-sip,ntfs,ppe,ssl,trafficcontrol,usblte,
 usbserial,base,cifs,cloudcontrol,components,config-ap,
 config-client,config-repeater,corewireless,dhcpd,dlna,
 easyconfig,ftp,igmp,ipsec,l2tp,opkg,pingcheck,ppp,pppoe,
 pptp,skydns,storage,udpxy,usb,transmission,usbdsl,usbnet,
 usbmodem,ydns,vpnserver,base-l10n,printers,theme-ZyXEL-
 Intl,base-theme,sysmode,easyconfig-3.2,modems,base-ZyXEL-
 Intl,ispdb
 manufacturer: ZyXEL
 vendor: ZyXEL
 series: Keenetic series
 model: Keenetic
 hw_version: 80280000-D
 hw_id: kng_re
 device: Keenetic Giga III
 class: Internet Center
(config)> show sys
 hostname: Keenetic_Giga
 domainname: WORKGROUP
 cpuload: 0
 memory: 43000/262144
 swap: 0/0
 memtotal: 262144
 memfree: 195384
 membuffers: 5864
 memcache: 17896
 swaptotal: 0
 swapfree: 0
 uptime: 5822

The administrator can switch to the special show mode for facilitated operation with commands in show group.

(config)> show
(show)>
 version - display firmware version
 system - display system status information
 drivers - view list of loaded kernel drivers
 processes - view list of running processes
 interface - display interface status
 dot1x - 802.1x supplicant status
 skydns - display SkyDns parameters
 log - display system log
 running-config - view running configuration
 ip - display IP parameters
 ppe - show "binded" PPE entries
 upnp - display UPnP rules
 ipsec - display internal IPsec status
 ftp - display FTP server status
 cifs - display cifs server status
 dlna - display DLNA server status
 torrent - display torrent service information
 vpn-server - show VPN server status
 cloud - display status of the cloud service
 ndns - show NDNS status
 easyconfig - display EasyConfig information
 dyndns - show DynDns profile status
 ping-check - show ping-check profile status
 site-survey - display available wireless networks
 associations - shows a list of associated wireless stations
 button - display system button information
 clock - display system clock information
 ntp - display NTP parameters
 schedule - display system environment
 crypto - display IPsec information
 usb - display USB device list
 printers - display attached printer list
 tags - show available authentication tags
 kabinet - display Kabinet authenticator parameters
 monitor - show monitor status
(show)> button
 buttons:
 button, name = RESET:
 is_switch: no
 position: 2
 position_count: 2
 clicks: 0
 elapsed: 0
 hold_delay: 10000
 button, name = WLAN:
 is_switch: no
 position: 2
 position_count: 2
 clicks: 0
 elapsed: 0
 hold_delay: 3000
 button, name = FN1:
 is_switch: no
 position: 2
 position_count: 2
 clicks: 0
 elapsed: 0
 hold_delay: 3000
 button, name = FN2:
 is_switch: no
 position: 2
 position_count: 2
 clicks: 0
 elapsed: 0
 hold_delay: 3000

As a finishing touch we would like to add that the command line interface of ZyXEL equipment provides the administrators more capabilities than the web-interface. This way, for example, we could not configure static IPv6 addresses on LAN and WAN interfaces of the router, whilst it was really easy to do using the command line.

system
 set net.ipv6.conf.all.forwarding 1
interface GigabitEthernet1
 ipv6 address 2001:db8:1::1
 ipv6 prefix 2001:db8:1::/64
interface Bridge0
 ipv6 address 2001:db8:2::1
ipv6 route 2001:db8:1::/64 ISP
ipv6 route default 2001:db8:1::2

That's where we proceed to completion of the brief review of the command line capabilities of Keenetic series routers and pass on to testing the devices.

Testing

The first testing procedure we usually begin our testing section with is measuring the booting time of the device, which is a time interval starting with the moment when the power is on until the first echo reply is received through ICMP. ZyXEL Keenetic Giga III wireless router boots in 97 seconds, whilst Ultra II needs 119 seconds. We believe that these results are decent.

The second traditional test was a security scanning procedure, which has been carried out using Positive Technologies XSpider 7.8 (build 8.25.5.23382) network security scanner. At first we performed this measurement from the LAN interface and then from the WAN interface of the router. The most interesting data are presented below.

Before getting down to reviewing the performance test results of both routers we would like to mention the key specification of the test stand we used.

Component PC Notebook
Motherboard ASUS Maximus VI Extreme ASUS M60J
CPU Intel Core i7 4790K 4 GHz Intel Core i7 720QM 1.6 GHz
RAM DDR3 PC3-10700 SEC 32 Gbytes DDR3 PC3-10700 SEC 16 Gbytes
NIC Intel PRO/1000 PT
ASUS PCE-AC68
Atheros AR8131
OS Windows 7 x64 SP1 Rus Windows 7 x64 SP1 Rus

We decided to start the performance tests with measuring the user data transmission speed upon performing translation of network addresses (NAT/PAT) by the router. Results of the measurements for both models are presented on the diagrams below. The tests were carried out with 1, 5, and 15 concurrent TCP sessions. In order to test the devices we used JPERF utility, 2.0.2 version.

ZyXEL Keenetic Giga III and Ultra II support operation not only with the current IP version, IPv4, but also with the new one, IPv6. Routing speeds for IPv6 are presented on the diagrams below.

Probably one of the most interesting tests for Internet users from the post-Soviet bloc countries is measuring the data transfer speeds upon using VPN. Tunnel connections are still popular among the Russian service providers so far.  Fortunately, recently some companies tend to use IPoE, which means refusal to use PPPoE/PPTP/L2TP tunnels for providing  of access to the Internet, but there's still a lot left to do. On the diagrams below one can see user data transfer speeds upon using a common and encrypted PPTP connection. We were pleasantly surprised with the obtained speeds upon using PPTP without encryption.

ZyXEL Keenetic Giga III and Ultra II wireless routers possess a built-in PPTP server; its performance is presented on the diagrams below. It turned out that the performance of this service is limited at 100 Mbps.

PPTP is not the only tunnel protocol supported by the routers under review. It's quite unusual to discover support of IPSec in SOHO devices. We connected Giga III to Ultra II, created an IPSec tunnel and made the measurements in two modes: upon usage of the less cryptosecure and more cryptosecure algorithms (DES and AES).

The vendor informed us that currently IPSec tunnels have neither software nor hardware acceleration, but the work on optimizing the cryptographic module goes at full tilt. When this article was almost finished, we received a new beta firmware version that supports acceleration of IPSec tunnels. The diagram presented below shows the performance results of the new cryptomodule version. The device performance increased by four times. We hope that the updated cryptomodule will become available for common users of ZyXEL equipment in the nearest future.

We reviewed the CPU utilization on both of the devices upon performing this test. In this case the IPSec tunnel performance is limited only by the capabilities of the less powerful device of the two, Giga III. That's why we tend to believe that the received speeds may be quite higher upon establishing an IPSec connection between two Ultra II routers.

One of the most anticipated tests was measuring the wireless module performance upon operation of the devices in the access point mode. These measurements were carried out for both wireless frequency ranges. Upon designing these models ZyXEL company didn't strive after the highest theoretically possible wireless network speeds rather than after the stable operation of the router wireless module.

Apart from operating as the access point, these devices can perform functions of a wireless client. However, this way the transfer speeds will become much lower, which is probably associated with the absence of 802.11AC support in this mode.

Both models under review have USB ports. Naturally, we just couldn't help but connect our external 256 GByte Transcend TS256GESD400K SSD to the routers. We used Intel NASPT utility, version 1.7.1, in order to test the access speeds to the data located on the external data carrier.

Another interesting capability that wireless routers by ZyXEL company are fitted with is rate-limiting of the user traffic, called shaper . Giga III and Ultra II models let one rate-limit a certain host in the local network. And it's not important at all what connection, wired or wireless, this host has. On the diagram below one can see a comparison between the configured and received speeds. Looking at the diagram we can see that the highest possible speed that can be limited is about 200 Mbps. We believe that a need to limit the speed of this or that user at high values is not the most necessary thing for the administrator.

It should be mentioned separately that we haven't noticed any significant influence of this feature on  the data transfer speeds by other hosts in the local network.

Apart from the limitations that may be applied to certain hosts, the administrator can rate-limit all devices located in the guest wireless network. As a matter of course, we couldn't help but test this capability. We used ten simultaneous TCP connections in this and previous tests.

We measured the device case temperature of both models using our ADA TempPro-2200 laboratory pyrometer upon performing the performance test. The highest temperature of Giga III case was 41.1°С, whilst Ultra II device warmed up to 44.1°С. We consider the received temperature values quite decent.

ZyXEL wireless routers can capture packets that they forward. This functionality may become necessary for, say, troubleshooting the connection to the service provider or when certain applications in the network may be functioning incorrectly. Naturally, the applications are not limited by these two examples we provided above. We decided to find out how this feature works. By using Packets capture feature one can save traffic locally on the router without using any kind of a dedicated host. Obviously, if it's necessary to save a large number of network packets, an external drive will need to be connected to the router. Management of the traffic capturing is done using Packets capture tab, System menu. One will need to create a corresponding rule to launch the packet capture.

Once the rule has been created, the administrator will need to launch the packet capture process.

Files containing the captured packets may be saved on the administrator's computer for further analysis using, for example, Wireshark.

Unfortunately, we haven't found the capability that lets one launch capturing according to the schedule or event. We believe that a feature like this would be quite sought-after.

That's where we draw the testing chapter to a close and move on to summing it all up.

Conclusion

ZyXEL company prefers calling their devices Internet centres, but our test lab is somewhat conservative and still tends to consider devices like these as wireless routers. We are quite glad about the models we tested, ZyXEL Keenetic Giga III and Ultra II, that have stable operation and high user data transfer speeds. Flexibility in network interface configuration is a really remarkable point of these devices. All of this makes us believe that our first meeting and getting acquainted with the wireless equipment by ZyXEL turned out to be successful. We cannot recommend ZyXEL Keenetic Giga III and Ultra II to hardware geeks and IT enthusiasts who would like to receive the highest possible wireless speeds, but these devices will be great at dealing with the tasks of the majority of common users.

Among the strength areas of ZyXEL Keenetic Giga III and Ultra II wireless routers are the following.

  • A high data transmission speed via PPTP/L2TP/PPPoE tunnels
  • Support of IPv6
  • Very flexible configuration of network interfaces
  • Possibility of connection to the existing wireless networks
  • Support of IPSec tunnels
  • Ability to rate-limit the user traffic

Unfortunately, we cannot help but mention certain drawbacks we have discovered.

  • Currently the performance of the built-in PPTP server is capped at 100 Mbps
  • Not really high device operation speeds in the wireless client mode

As of when this article was being written, the average price for a ZyXEL Keenetic Giga III wireless router in Moscow online shops was 7170 roubles, whilst Ultra II model cost 9090 roubles.

Add comment


Security code
Refresh

Comments   

0 #4 New ZyXEL Keenetic Ultra II and Giga III Wireless RoutersCarolyn 2017-02-23 22:35
You should be a part of a contest for one of the highest quality blogs online.
I am going to highly recommend this!
Quote | Report to administrator
0 #3 New ZyXEL Keenetic Ultra II and Giga III Wireless Routersleather vests 2017-02-14 16:11
Hello there! Quick question that's entirely off topic. Do you know
how to make your site mobile friendly? My weblog looks weird when viewing from my iphone4.
I'm trying to find a template or plugin that might be able to fix this
problem. If you have any suggestions, please share.
Thanks!
Quote | Report to administrator
0 #2 New ZyXEL Keenetic Ultra II and Giga III Wireless RoutersLeather Shorts 2017-02-01 17:30
It is actually a nice and helpful piece of info.
I am happy that you shared this useful info with us. Please stay us up to date
like this. Thanks for sharing.
Quote | Report to administrator
0 #1 New ZyXEL Keenetic Ultra II and Giga III Wireless Routersharrywallin 2017-01-31 00:33
You have made some decent points there. I checked on the internet for additional information about the issue and found
most individuals will go along with your views on this web site.
Quote | Report to administrator
Found a typo? Please select it and press Ctrl + Enter.