Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 

Introduction

External design and hardware platform

Firmware upgrade

Web-interface

Mobile application

AiMesh

IFTTT

CLI

Testing

Conclusion

Introduction

What is this, a network audio station? Or a blade-less fan with the remote control? When we received the ASUS Blue Cave in our laboratory, the most improbable versions were put forward. In fact, everything turned out to be very simple: we have a wireless router with a hollow center. The unusual shape of the case is not a tribute to fashion, it is an attempt of engineers to improve the wireless characteristics of the device. But everything in order.

External design and hardware platform

ASUS Blue Cave wireless router has a vertical design and is intended for desktop placement. The case, whose dimensions are 160x160x80 mm with a weight of about 800 g, is made of white plastic with a blue insert. Blue Cave requires an external power supply (included in the box) with the following characteristics: 19 V and 1.75 A for its operation.

Front, top and side panels are not remarkable at all.

The ventilation grate occupies most of the rear panel of the model. There are also five Gigabit Ethernet ports (four LAN interfaces and one WAN), a power connector along with the on/off button, a USB 3.0 port, and Reset and WPS buttons.

A sticker with brief reference information, four round rubber feet, and a ventilation grate are placed on the bottom panel.

It's time to finish the intrigue – look inside the case of the device. Such a large body is due to the desire of developers to perform the correct placement of internal antennas in space to reduce their mutual influence, and therefore provide wireless users with maximum performance, without the use of external antennas. The ASUS Blue Cave is equipped with four internal antennas, providing a 4x4 antenna configuration for each of the frequency bands. This configuration allows the router to operate in AC2600 mode, providing a maximum connection speed in the 2.4 GHz band of 800 Mbps (when using TurboQAM and 600 Mbps without using TurboQAM) and 1734 Mbps in the 5 GHz band.

Electronics staff of router ASUS Blue Cave is presented by two textolite boards of marine blue: basic and wireless module.

The tested model is based on the processor Lantiq PXB4395EL (marking S6483N03 (SLLFB)), which has two physical cores operating at a frequency of 800 MHz. Each core supports up to two threads at the same time (an analogue of hyper-threading technology in the x86 world), so the processor provides the system with four virtual cores, which allows the router to perform several tasks in parallel. One of the cores is used exclusively for internal needs, so in the web-interface of the router we can observe the utilization of only three virtual processor cores. The router is also equipped with 128 MBytes of flash memory and 512 MBytes of DDR3 RAM.

The second card responsible for the wireless part, carries S6514L49 chip supporting 2.4 GHz and S6474L42 chip, which is responsible for providing support 5 GHz band. Somewhat unexpected for us was the presence of Atheros AR3012-BL3D chip, providing support for Bluetooth, especially given that the manufacturer does not announce support for this protocol and does not use it (at least in current versions of firmware). We turned to the vendor for clarification. As we were able to find out, this chip is reserved for IoT control, that is, in the future there may be firmware with the support of appropriate technologies.

At this point, we complete a brief review of the hardware platform of the ASUS Blue Cave wireless router and proceed to the consideration of its software capabilities.

Firmware upgrade

Changing the firmware version for the ASUS Blue Cave router is done in the traditional way - using the "Firmware Upgrade" tab of the "Administration" menu of the web-interface. The whole process takes about three minutes and does not require any special skills from the user. The update can be performed in manual and semi-automatic modes.

 

You can verify the success of the upgrade using any page of the web-interface - the firmware version is displayed in the header next to the operating mode of the equipment. For more detailed information about the firmware you are using, see the “Firmware Upgrade” tab in the “Administration” menu. In fairness, it should be noted that this page also allows you to update the anti-virus signatures if the AiProtection option was activated.

If the firmware update is not completed successfully, the router goes into recovery mode, which can be identified by flashing red and blue light indicator. The behavior of Blue Cave in recovery mode is different from what we have seen in other ASUS models. There is no web server built into the bootloader, and the bootloader does not respond to ICMP echo-requests. The IP address of the LAN interface of the device is also different: in the recovery mode, the LAN interface of the Blue Cave router has an IP address of 192.168.1.49.

You can restore the firmware using a specialized Firmware Restoration utility, the recovery procedure is typical for all ASUS wireless equipment.

Another way to restore the firmware manually is to use the TFTP, with which you can upload the file with the new firmware to the router, which is in recovery mode. This method of firmware replacement can only be used in emergency cases, as the normal upgrade is most easily performed using the web-interface as standard.

C:\>tftp -i 192.168.1.49 put c:\BLUECAVE_3.0.0.4_384_32948-g8ec6a66.trx
Transfer successful: 38576128 bytes in 24 second(s), 1607338 bytes/s

At this point, we complete the procedures for updating and restoring the firmware of the ASUS Blue Cave wireless router and proceed to the study of the capabilities of the device's web-interface.

Web-interface

Access to the web-interface of the ASUS Blue Cave wireless router can be obtained using any modern browser, you just need to contact the address 192.168.1.1 or name router.asus.com.

After entering the correct credentials, the user gets to the start page of the device. It is also worth noting that the web-interface of the Blue Cave model is available in 19 languages. We will not consider all the features of the web-interface, but will focus on some of the most interesting in our opinion.

The "System Status" section allows you not only to configure the basic parameters of the wireless network, but also to see the utilization of the processor cores and RAM, the status of wired network interfaces and adjust the brightness of the LED. ASUS Blue Cave wireless router has a CPU with four virtual cores (two physical), three of which are available to the system. I must admit, we have never seen so many cores in home networking equipment before.

The menu item "Network Map" displays the current status of the connection to the Internet, the settings of the wireless module, connected wired and wireless clients, and also allows you to manage the parameters of the AiMesh technology (in router mode).

We will purposely skip the "Guest network" menu item here to get back to it later.

The AiProtection menu item is used to configure the protection system of both the router and the client devices behind it. Also, this menu item provides the ability to configure parental control.

The menu item "Traffic Manager" is quite traditional for ASUS network equipment: you can choose the mode of operation, set priorities, limit the available bandwidth.

The tabs of the menu item "Wireless" are traditional for ASUS wireless equipment. Perhaps it is worth noting - the ability to enable/disable the Smart Connect function in the "General" tab. Unfortunately, we did not find any fine-tuning of Smart Connect in the web-interface of the device.

Did not go unnoticed and appeared tab "Roaming Block List" of the same menu item, which allows you to specify wireless clients that are not allowed to switch between nodes AiMesh.

The features of the "LAN" and "WAN" menu items have not changed recently. Perhaps we should only stop at the "DDNS" tab of the "WAN" menu: in addition to expanding the list of DDNS "providers", there is support for Let's Encrypt certificates used by the HTTPS.

Absolutely new for us was the item "Alexa & IFTTT". This section contains settings for voice control of the router using Amazon Alexa, as well as a platform for creating applets. We decided to dedicate a small section of the review to these functions.

ASUS Blue Cave wireless router can act as a VPN client for PPTP, L2TP and OpenVPN protocols, as well as being a PPTP and OpenVPN server. The corresponding settings are collected in the "VPN" menu item tabs.

ASUS Blue Cave firewall features are typical for all ASUS network equipment. All settings are collected in the menu item of the same name.

The model under test can work not only in wireless router mode, but also as an access point, repeater, media bridge, and AiMesh node. Mode selection is made on the "Operation Mode" tab of the "Administration" menu item.

In addition to the standard features of the "System" tab of the same menu item, it is worth noting the options "Power Save Mode" and "Enable HDD Hibernation", allowing you to more accurately configure the energy efficiency of the device.

We also found a small innovation on the "Restore/Save/Upload Setting" tab. Now you can use the "Initialize" button not only to reset user settings, but also to delete all saved log information.

Cooperation between ASUS and Trend Micro allowed to enrich the functionality of the Blue Cave model with the capabilities to protect not only the router itself, but also user devices. Some statistical information is collected by Trend Micro to improve its products. You can disable data collection by using the "Privacy" tab of the "Administration" menu item.

At this point we finish a brief examination of the web-interface capabilities of the ASUS Blue Cave wireless router and move on to a glimpse of the capabilities of the ASUS Router mobile application.

Mobile application

ASUS Blue Cave wireless router can be controlled not only with two standard interfaces, but also with the use of a mobile application developed for smartphones based on iOS and Android.

We still consider web-interface as the most popular way for configuration of SOHO network equipment that’s why we won’t describe in detail all options of the mobile application but speak of them in general. Of course it must be admitted that network device management via smartphone is used more and more frequently.

Since mesh networks are the trend of 2018, the vendor decided to make access to the appropriate settings as simple as possible.

The “Devices” menu item displays a list of all devices ever connected to the router.

With the help of the «Insight» menu item one can manage other ASUS routers if they are found in the local network. More over this item is responsible for AiProtection configuration.

All options that are familiar to users of the web-interface are collected in the menu item "More".

A quick introduction to the mobile utility designed to manage ASUS wireless routers, we conclude on this. To sum up, we were pleasantly surprised by the functionality of this application. In the next section, we will take a closer look at one of the functions of ASUS wireless routers – AiMesh technology.

AiMesh

The list of devices that support wireless mesh networks based on AiMesh is constantly increasing. AiMesh technology is a proprietary development of ASUS, which allows to combine up to five devices into a single network: one AiMesh router and four AiMesh nodes. The network can be hierarchical, currently supports up to two levels of hierarchy, that is, up to three devices in the chain: one router and two nodes. Here it is worth noting that in the current implementation all devices included in the same mesh-network, broadcast using a single wireless channel (for each frequency range). We think this is somewhat wrong, so we hope that the manufacturer will correct this issue in the near future.

Continuing the discussion of the technical details of the technology, we would like to note the support of wireless standard IEEE 802.11v – BSS transition management. With this standard, the network infrastructure can influence the roaming decision made by the client device. This effect may be done through the provision of utilization information in the surrounding nodes AiMesh. Support for the IEEE 802.11k standard is in development and is expected by the new 2019.

Setting up AiMesh technology is extremely simple: you only need to add devices with its support to the existing network, the rest of the work routers will perform automatically.

Although AiMesh is a technology for building a wireless mesh network, devices can also be combined with each other using Ethernet channels.

Regardless of the method of connection, users can make additional settings to AiMesh nodes, so, for example, you can specify the primary connection method or specify the location of the device.

After the devices are connected to the mesh network, all control is centralized: even the firmware of the nodes is replaced with the AiMesh router.

Attempts to connect to Airmesh nodes directly lead to redirecting HTTP requests to the AiMesh address of the router.

The innovation was the possibility to prohibit roaming for certain client devices. The corresponding setting is available on the “Roaming Block List tab of the "Wireless network" menu item.

If necessary, users can also easily remove any mesh network node.

Of course we couldn't leave our readers without some of the technical details of the functioning of the AiMesh.

The procedure for finding nearby mesh nodes is performed by the router using LLDP. With the help of this protocol, it is the discovery of nodes, standard transport protocols TCP and UDP are used for subsequent configuration. And if the wireless connection is more or less clear: it is only necessary that the devices are in the coverage area of each other; the wired connection is more complicated. The Protocol used for host discovery is not transmitted by all switches by default. If the switch is managed, then it will handle the LLDP messages that will make detection of the nodes of the mesh network impossible.

fox_switch#sho lldp ne
Capability codes:
 (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
 (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
GT-AC5300 Gi1/0/1 20 B,R 2c4d.5420.5ec0
BLUECAVE Gi1/0/2 20 B,W,R 2cfd.a100.5130
Total entries displayed: 2

Some managed switches allow you to prevent the LLDP from being processed by the device itself by transparently redirecting the appropriate frames within a specific virtual network. An example of an appropriate interface configuration for a Cisco Catalyst 3560CX-8XPD-S switch with IOS version 15.2.6E2 is presented below.

interface GigabitEthernet1/0/1
 switchport mode access
 l2protocol-tunnel lldp
 no lldp transmit
 no lldp receive
end

In conclusion, we would like to offer our readers a complete traffic dump (http://foxnetwork.ru/files/2018/asus_blue_cave/asus_aimesh.pcapng), which is exchanged by wireless routers ASUS Blue Cave and GT-AC5300 at the time of node detection and mesh network creation.

IFTTT

We also decided to tell about the possibilities of one more menu item separately. We are talking about the service IFTTT-If This Then That, allows you to automate some routine operations. The essence of such automation is to perform a certain action or a set of them (applet) when a particular event occurs. The IFTTT service itself provides access to an ecosystem that includes more than 600 applications, devices and companies, thousands of active developers and millions of users. Naturally, no automation is possible without the support of network equipment. The firmware of most ASUS wireless routers already contains support for the IFTTT service.

The first thing to start with is to register on the service portal.

The second step will be the transition to a special channel dedicated to ASUS routers. All available applets are published there.

Now you need to bind a specific ASUS router to the service. Binding is carried out by entering the activation code generated by the router on the IFTTT page.

It is impossible not to mention the presence of the requirements that must be fulfilled for the successful binding of the router to the service. The WAN interface of the router must have a globally routable (white/valid/real) IP address. The presence of such an address is necessary in order that the IFTTT server can connect to the router, as the connection is established from the service to the router. The remaining two conditions are usually easier to fulfill: you need to connect the router to the DDNS service and provide HTTPS access to manage from the outside.

If the binding is successful, IFTTT displays the new device in the list of connected routers.

Once the router has been bound successfully, you can select the appropriate applets to use.

If there is no suitable one in the list, you can create it yourself by combining the trigger by which the applet will be launched and the desired action.

If this is not enough, you can suggest the idea of a new applet to developers describing in detail the principles of its operation.

Naturally, we decided to check the operation of the described mechanism, for which we used an applet that sends an e-mail message when a certain client device is connected to a wireless network.

After connecting the specified wireless client to the network, we received the following e-mail.

Galaxy-A8-2018 connected to Asus router on October 6, 2018 at 02:21AM

Of course, triggering and running the applet can be controlled using the web-interface of the IFTTT service.

This concludes our consideration of the work of the service IFTTT and pass on to examining the command line of the router.

CLI

To enable/disable access to the command line, use the “System” tab of the “Administration” menu. The specified access can be granted using Telnet and SSH protocols. Of course, for security reasons, we recommend using the latter.

To access the command line, use the same credentials as to access the router web-interface. Firmware tested model is built on the Linux operating system 3.10.104 using BusyBox 1.17.4. Frankly speaking, not the latest version of the kernel and BusyBox.

BLUE_CAVE login: admin
Password:
admin@BLUE_CAVE:/tmp/home/root# cd /
admin@BLUE_CAVE:/# uname -a
Linux BLUE_CAVE 3.10.104 #1 SMP Thu Jul 5 22:05:22 CST 2018 mips GNU/Linux
admin@BLUE_CAVE:/# busybox
BusyBox v1.17.4 (2018-07-05 22:02:06 CST) multi-call binary.
Copyright (C) 1998-2009 Erik Andersen, Rob Landley, Denys Vlasenko
and others. Licensed under GPLv2.
See source distribution for full notice.
Usage: busybox [function] [arguments]...
 or: function [arguments]...
 BusyBox is a multi-call binary that combines many common Unix
 utilities into a single executable. Most people will create a
 link to busybox for each function they wish to use and BusyBox
 will act like whatever it was invoked as.
Currently defined functions:
 [, [[, arp, arping, ash, awk, basename, blkid, cat, chmod, chown, chpasswd, clear, cmp, cp,
 crond, cut, date, dd, devmem, df, dirname, dmesg, du, e2fsck, echo, egrep, env, ether-wake,
 expr, fdisk, fgrep, find, flock, free, fsck, fsck.ext2, fsck.ext3, fsck.minix, fsync, grep,
 gunzip, gzip, head, ifconfig, insmod, ionice, kill, killall, klogd, less, ln, logger,
 login, ls, lsmod, lspci, lsusb, md5sum, mdev, mkdir, mke2fs, mkfs.ext2, mkfs.ext3, mknod,
 mkswap, modprobe, more, mount, mv, netstat, nice, nohup, nslookup, pidof, ping, ping6,
 printf, ps, pwd, readlink, renice, rm, rmdir, rmmod, route, sed, setconsole, sh, sleep,
 sort, strings, swapoff, swapon, sync, syslogd, tail, tar, telnetd, test, tftp, top, touch,
 tr, traceroute, traceroute6, true, tune2fs, udhcpc, umount, uname, unzip, uptime, usleep,
 vconfig, vi, watch, wc, which, xargs, zcat, zcip
admin@BLUE_CAVE:/#

With the help of the command ps let's see what processes are running on the device at the moment. The top utility displays data on the current operation of the launched processes. We have placed the results of these utilities in a separate file.

We present the contents of /bin, /sbin, /usr/bin, and /usr/sbin in a separate file, along with the output of the sysinfo utility. For example, the /sbin directory contains a tcpcheck utility that allows you to check whether a particular TCP port is open on a particular host.

admin@BLUE_CAVE:/# tcpcheck
usage: tcpcheck [host:port]
admin@BLUE_CAVE:/# tcpcheck 192.168.1.1:22
usage: tcpcheck [host:port]
admin@BLUE_CAVE:/# tcpcheck 5 192.168.1.1:22
192.168.1.1:22 is alive
admin@BLUE_CAVE:/# tcpcheck 5 192.168.1.1:23
192.168.1.1:23 is alive
admin@BLUE_CAVE:/# tcpcheck 5 192.168.1.1:25
192.168.1.1:25 failed

Now let's go to the /proc directory and see what files are placed there, as well as find out the operating system and its average utilization, get information about the installed processor and the amount of RAM. In principle, the operating time and average system utilization can also be obtained by using the uptime system call.

admin@BLUE_CAVE:/# cd /proc
admin@BLUE_CAVE:/proc# ls
1 1388 308 7 device-tree mtd
10 14 3366 703 devices net
1003 15 3378 704 diskstats nvram
1004 1505 3395 709 dma pagetypeinfo
1007 1533 3396 716 dp partitions
1008 17 3397 8 driver ppa
1020 18 3402 859 execdomains proc_entry
1032 1863 347 866 fb sched_debug
1051 2 348 867 filesystems scsi
1067 225 349 889 fs segments
11 228 415 890 interrupts self
1103 229 447 894 iomem slabinfo
1105 231 462 9 ioports softirqs
115 242 5 914 irq stat
12 247 527 923 kallsyms swaps
1226 248 537 977 kcore swmcastsnoop
1228 249 5381 978 kmsg sys
1233 250 5383 984 kpagecount sysrq-trigger
1236 281 5387 bootcore kpageflags sysrst
1248 2868 5393 buddyinfo loadavg sysvipc
1250 2875 5415 bus locks timer_list
1251 2878 5433 cbm mcast_helper tmu
1254 297 5498 cgroups mcast_helper6 tty
1255 3 5820 cmdline meminfo uptime
1291 302 590 config.gz mips version
13 303 595 consoles mirror vmallocinfo
1326 304 6 cpuinfo misc vmb
1345 306 6064 crypto modules vmstat
1349 307 6295 dc_dp mounts zoneinfo
admin@BLUE_CAVE:/proc# cat uptime
2482.86 7175.38
admin@BLUE_CAVE:/proc# cat loadavg
3.01 3.14 2.98 1/114 6297
admin@BLUE_CAVE:/proc# cat cpuinfo
system type : GRX500 rev 1.2
machine : EASY350 ANYWAN (GRX350) Router model
processor : 0
cpu model : MIPS interAptiv V2.0
cpu MHz : 800.000
BogoMIPS : 513.63
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : dsp mt eva
shadow register sets : 1
kscratch registers : 0
core : 0
VPE : 0
VCED exceptions : not available
VCEI exceptions : not available
processor : 1
cpu model : MIPS interAptiv V2.0
cpu MHz : 800.000
BogoMIPS : 516.09
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : dsp mt eva
shadow register sets : 1
kscratch registers : 0
core : 0
VPE : 1
VCED exceptions : not available
VCEI exceptions : not available
processor : 2
cpu model : MIPS interAptiv V2.0
cpu MHz : 800.000
BogoMIPS : 516.09
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : dsp mt eva
shadow register sets : 1
kscratch registers : 0
core : 1
VPE : 0
VCED exceptions : not available
VCEI exceptions : not available
admin@BLUE_CAVE:/proc# uptime
 08:46:29 up 41 min, load average: 3.01, 3.13, 2.97
admin@BLUE_CAVE:/proc#

Not to mention the utility nvram, which allows you to change important parameters of the device.

admin@BLUE_CAVE:/proc# nvram
usage: nvram [get name] [set name=value] [unset name] [erase] [show] [save file] [restore file] [fb_save file]
usage: nvram [save_ap file] [save_rp_2g file] [save_rp_5g file]
admin@BLUE_CAVE:/proc# nvram show | grep admin
size: 34394 bytes (92582 left)
http_username=admin
acc_list=admin>adminpassword
acc_webdavproxy=admin>1
admin@BLUE_CAVE:/proc#

For example, with the help of the nvram utility, you can disable STP on LAN ports of router ASUS Blue Cave.

admin@BLUE_CAVE:/proc# nvram show | grep stp
size: 34394 bytes (92582 left)
lan_stp=1
lan1_stp=1
admin@BLUE_CAVE:/proc#
admin@BLUE_CAVE:/proc#
admin@BLUE_CAVE:/proc#
admin@BLUE_CAVE:/proc# nvram set lan_stp=0
admin@BLUE_CAVE:/proc# nvram commit
admin@BLUE_CAVE:/proc# nvram show | grep stp
size: 34394 bytes (92582 left)
lan_stp=0
lan1_stp=1
admin@BLUE_CAVE:/proc# reboot

Unfortunately, not all supported network protocols can be managed by nvram. For example, we found that the ASUS Blue Cave wireless router uses LLDP.

fox_switch#sho lldp ne
Capability codes:
 (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
 (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
GT-AC5300 Gi1/0/1 20 B,R 2c4d.5420.5ec0
BLUECAVE Gi1/0/2 20 B,W,R 2cfd.a100.5130
Total entries displayed: 2
fox_switch#sho lldp en BLUECAVE
Capability codes:
 (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
 (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
------------------------------------------------
Local Intf: Gi1/0/2
Chassis id: 2cfd.a100.5130
Port id: 2cfd.a100.5130
Port Description: eth0_2
System Name: BLUECAVE
System Description:
 Linux 3.10.104 #1 SMP Thu Jul 5 22:05:22 CST 2018 mips
Time remaining: 14 seconds
System Capabilities: B,W,R,S
Enabled Capabilities: B,W,R
Management Addresses:
 IP: 192.168.1.1
Auto Negotiation - supported, enabled
Physical media capabilities:
 1000baseT(FD)
 1000baseT(HD)
 100base-TX(FD)
 100base-TX(HD)
 10base-T(FD)
 10base-T(HD)
Media Attachment Unit type: 30
Vlan ID: - not advertised
Total entries displayed: 1

As a result of check on the router it appeared that the lldpd daemon is actually started.

admin@BLUE_CAVE:/usr/sbin# ps | grep lldp
 1512 admin 1856 S lldpd -L /usr/sbin/lldpcli -I eth0_1,eth0_2,eth0_3,eth0_4,wlan0,wlan2,eth1,
 1518 nobody 1884 S lldpd -L /usr/sbin/lldpcli -I eth0_1,eth0_2,eth0_3,eth0_4,wlan0,wlan2,eth1,
10277 admin 1864 S grep lldp

To manage the LLDP, the lldpcli utility is located in the /usr/sbin directory.

admin@BLUE_CAVE:/usr/sbin# lldpcli -?
lldpcli: invalid option -- ?
Usage: lldpcli [OPTIONS ...] [COMMAND ...]
Version: lldpd 0.9.8
-d Enable more debugging information.
-u socket Specify the Unix-domain socket used for communication with lldpd(8).
-f format Choose output format (plain, keyvalue, json, xml).
-c conf Read the provided configuration file.
see manual page lldpcli(8) for more information
admin@BLUE_CAVE:/usr/sbin# lldpcli
[lldpcli] #
-- Help
 show Show running system information
 watch Monitor neighbor changes
 update Update information and send LLDPU on all ports
 configure Change system settings
unconfigure Unconfigure system settings
 help Get help on a possible command
 pause Pause lldpd operations
 resume Resume lldpd operations
 exit Exit interpreter

We decided to see what settings the protocol daemon works with and what network devices our router is connected to.

[lldpcli] # show
2018-05-05T12:46:22 [WARN/lldpctl] incomplete command
[lldpcli] # show ru
-------------------------------------------------------------------------------
Global configuration:
-------------------------------------------------------------------------------
Configuration:
 Transmit delay: 10
 Transmit hold: 2
 Receive mode: no
 Pattern for management addresses: (none)
 Interface pattern: eth0_1,eth0_2,eth0_3,eth0_4,wlan0,wlan2,eth1,
 Interface pattern for chassis ID: (none)
 Override description with: (none)
 Override platform with: Linux
 Override system name with: BLUECAVE
 Advertise version: yes
 Update interface descriptions: no
 Promiscuous mode on managed interfaces: no
 Disable LLDP-MED inventory: yes
 LLDP-MED fast start mechanism: yes
 LLDP-MED fast start interval: 1
 Source MAC for LLDP frames on bond slaves: local
 Port ID TLV subtype for LLDP frames: unknown
 Agent type: unknown
-------------------------------------------------------------------------------
[lldpcli] # show nei
-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface: eth0_2, via: LLDP, RID: 7, Time: 0 day, 01:35:06
 Chassis:
 ChassisID: mac 9c:57:ad:b0:34:80
 SysName: fox_switch.foxnetwork.ru
 SysDescr: Cisco IOS Software, C3560CX Software (C3560CX-UNIVERSALK9-M), Version 15.2(6)E2, RELEASE SOFTWARE (fc4)
 Technical Support: http://www.cisco.com/techsupport
 Copyright (c) 1986-2018 by Cisco Systems, Inc.
 Compiled Thu 13-Sep-18 04:00 by prod_rel_team
 MgmtIP: 192.168.1.100
 Capability: Bridge, on
 Capability: Router, on
 Port:
 PortID: ifname Gi1/0/2
 PortDescr: GigabitEthernet1/0/2
 TTL: 120
-------------------------------------------------------------------------------

You can use the show chassis command to find out the information that is sent about the local system.

[lldpcli] # sho cha
-------------------------------------------------------------------------------
Local chassis:
-------------------------------------------------------------------------------
Chassis:
 ChassisID: mac 2c:fd:a1:00:51:30
 SysName: BLUECAVE
 SysDescr: Linux 3.10.104 #1 SMP Thu Jul 5 22:05:22 CST 2018 mips
 MgmtIP: 192.168.1.1
 Capability: Bridge, on
 Capability: Router, on
 Capability: Wlan, on
 Capability: Station, off
-------------------------------------------------------------------------------

To change the LLDP settings, one should use the configure command.

[lldpcli] # conf
-- Change system settings
 ports Restrict configuration to some ports
 system System configuration
 lldp LLDP configuration
 med MED configuration
 dot3 Dot3 configuration
[lldpcli] # conf por
-- Restrict configuration to some ports
 WORD Restrict configuration to the specified ports (comma-separated list)
[lldpcli] # conf por s
[lldpcli] # conf ps system
-- System configuration
 interface Interface related items
 description Override chassis description
 platform Override platform description
 hostname Override system name
 ip IP related options
bond-slave-src-mac-type Set LLDP bond slave source MAC type
[lldpcli] # conf system conf lldp
-- LLDP configuration
 tx-interval Set LLDP transmit delay
 tx-hold Set LLDP transmit hold
 status Set administrative status
 agent-type LLDP agent type
 portidsubtype LLDP PortID TLV Subtype
 capabilities-advertisements Enable chassis capabilities advertisement
management-addresses-advertisements Enable management addresses advertisement
 custom-tlv Add custom TLV(s) to be broadcast on ports

Temporarily disable the Protocol, you can use the pause command, however, after restarting the daemon lldpd still runs with the standard settings.

At this point, the consideration of the command line interface capabilities is completed, let's move on to testing the device.

Testing

Traditionally, we start this section by measuring the boot time of the device, which we mean the time interval elapsed from the moment of power supply to the equipment to receive the first echo response via ICMP. ASUS Blue Cave wireless router boots up in 47 seconds. We think this is a good result.

The next no less traditional test was the security check of the device, carried out with the help of the network security scanner Positive Technologies XSpider 7.8 from the LAN-interface. In total, 15 open ports were discovered. The most interesting data obtained from the scan are presented below.

In the process of writing a section on the work of AiMesh technology, we analyzed the traffic that AiMesh nodes exchange with the router. In order to capture such a dump, we connected the Blue Cave and GT-AC5300 with a patch cord, in the gap of which a switch of another vendor was installed. This switch was organized mirroring of the passing traffic (SPAN-session). As a result, we found LLDP messages sent by both routers in the collected dump. We could not find standard ways to disable LLDP on ASUS equipment, so we consider it a vulnerability, as the use of LLDP potentially leads to unwanted disclosure. Although LLDP is a standard LAN Protocol (IEEE 802.1AB), which is often used in local networks, we believe that users should be able to easily and safely enable or disable it. For more information about how you can still disable LLDP, we have described in the section on the command line. We also decided to provide a dump containing the LLDP message sent by the ASUS Blue Cave router.

 

fox_switch#sho lldp ne
Capability codes:
 (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
 (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
GT-AC5300 Gi1/0/1 20 B,R 2c4d.5420.5ec0
BLUECAVE Gi1/0/2 20 B,W,R 2cfd.a100.5130
Total entries displayed: 2

Before going directly to testing the performance of the device, we would like to acquaint readers with the main parameters of the used test stand. All measurements were made using JPERF utility version 2.0.2 for one, five and fifteen simultaneous TCP connections.

Component PC Laptop
MB ASUS Maximus IX Extreme ASUS GL753VD
CPU Intel Core i7 7700K 4 GHz Intel Core i7 7700HQ 2.8 GHz
RAM DDR4-2133 Samsung 64 Gbyte DDR4-2400 Kingston 32 Gbyte
NIC Intel X550T2
ASUS PCE-AC88
Realtek PCIe GBE
OS Windows 7 x64 SP1 Windows 10 x64

The performance of ASUS Blue Cave model when routing and transmitting traffic is predictably high and practically coincides with the wire speed.

If the translation is not performed, the obtained speeds are slightly lower. Here, however, it is worth noting that this is an extremely rare way to use such devices.

IPv6 routing bandwidth is comparable to that for the IPv4.

If the connection to the provider is made by means of tunnels, the users of ASUS Blue Cave will have to forget about Gigabit service plans, but in our country such speeds are still extremely rare. At speeds under connect Fast Ethernet model ASUS Blue Cave goes well.

We could not ignore the performance of the router when working in VPN server mode. The diagrams below show the speeds available to users on PPTP and OpenVPN connections.

Of course, we decided to find out how fast wireless clients can send and receive data. Measurements were made for both frequency bands.

To the USB port we connected our test SSD-drive Transcend TS256GESD400K of 256 GByte and measured the speed of access to the data placed on it. Measurements were made for five file systems: EXT2/3, FAT32, NTFS, and HFS. The results of the measurements are presented in the charts below.

This concludes our testing section and we move on to summing it all up.

Conclusion

In general, we are satisfied with ASUS Blue Cave, the new wireless router with an unusual design. Once again, we remind our readers that this form of housing is dictated by the desire to get rid of external antennas, and not to be limited by the internal antennas. Model Blue Cave is already on the list for ASUS wireless routers with support for wireless technology AiMesh to provide roaming to wireless clients. Also, the vendor began to add support for the IFTTT service to its routers; model Blue Cave was one of the first in which such support appeared. IFTTT service allows you to automate some routine operations and can be extremely useful for those who want to use all the features of a smart home without having to pay for a ready solution.

The strengths of the ASUS Blue Cave wireless router are listed below:

  • high network performance in both wireless bands;
  • IPv6 support;
  • mobile application availability;
  • high-speed access to data stored on an external USB drive;
  • IFTTT service support;
  • unusual design;
  • AiMesh technology support;
  • availability of built-in VPN client and server;
  • MU-MIMO technology support;
  • user network security functions;
  • easy to setup.

Unfortunately, we cannot but point out the only discovered drawback of the device:

  • the web-interface is not fully translated.

Naturally, we reported this to the manufacturer and received a notification that this cosmetic defect will be fixed in the nearest official firmware.

As of this writing, the best price for ASUS Blue Cave in German-speaking Europe countries, according to website Geizhals Preisvergleich, was about 200 euro. Despite the fact that the price seems relatively high, it fully corresponds to the capabilities of the device.

Add comment


Security code
Refresh

Found a typo? Please select it and press Ctrl + Enter.