A UFO or NETGEAR WNAP320

Introduction

External design

Hardware

Firmware upgrade

Web-interface review

Command line interface

SNMP access

Testing

Conclusion

Introduction

Owing to IT security requirements, as well as for evident aesthetic reasons, all access points, equally as any other kind of network equipment, are usually to be buried in the most hard-to-get places beyond the reach of onlookers. If you just can’t help but go along with the first one, the latter, due to the NETGEAR designers’ pains, can be partially solved. NETGEAR WNAP320 is an access point that looks more like an upside-down b&b plate or a UFO that was stuck down the wall. By all means, you won’t be ashamed of leaving it in the plain view.

External design

A NETGEAR WNAP320 access point is performed in a plastic case with dimensions 254 x 254 x 55 mm and has two parts.

The upper part, made of white dished plastic, has a brand name tag and four LEDs: power, activity and speed of the wired network, and activity of the wireless segment. We gather that the software based function of switching those off would do only good.

The lower part is made of grey plastic and is dotted around with small air holes. Also, it has a sticker with brief technical specifications of the device on it.

On one side of the device there is a hollowed out spot with an external antennae plug, Kensington lock, recessed Reset button to reset the user configuration, power cable connector, Gigabit Ethernet port, and DB9 (male one) connector for connecting your console terminal.

Wall mounting is made using a single-purpose mounting plate that partly covers pigtails with an adjustable dummy cover.

A NETGEAR WNAP320 supports power supply function via PoE, therefore upon conventional placing of the device there is only one cable, a twisted pair wire, which will considerably simplify the wire routing and won’t interfere with your aesthetic consideration.

Let’s now have a look at the insides of this access point device.

Hardware

Inside of a WNAP320 there are a green textolite card, which acts as the brain of the device, and a flat reflector antenna which functions as a transceiver of a user’s data.

All primary elements are placed on one side of the card.

A NETGEAR WNAP320 is Atheros chipset based AR7161-BC1A. Its block diagram is shown below.

An Atheros AR8021 chip is responsible for correct operation of the wired segment of the net. You can see its block diagram below.

Functions of its RAM are performed by two modules Hynix H5DU5162ETR-E3C; each of them has 64 MByte of memory capacity. This way, the overall memory capacity of the device is 128 MByte. Flash memory module, MX25L6406E, is produced by Macronix company and has 8 MByte of memory capacity.

Now let’s look into the software capabilities of this access point. To do that, we should make a firmware update at first and only after this have a look at the web interface of the device.

Firmware upgrade

To upgrade the firmware you should either use NMS200 web interface, NMS200 or use command prompt both via Telnet and SSH protocols or direct console connection to WNAP320.

Firmware must be updated through Firmware Upgrade or Firmware Upgrade TFTP menu items located in Upgrade section, Maintenance tab. In case of the former, firmware image transfer is made using HTTP/HTTPS protocols, while in case of the latter it is made by TFTP protocol. TFTP protocol support enables a system administrator updating firmware of several access points remotely, even if the channel they use is a low-speed one. To do this you only need to upload a firmware image file onto an enterprise server in advance. This or that way, it won’t be difficult to update the firmware, you either need to choose the file you have downloaded upon updating the firmware via HTTP/HTTPS protocols, or specify its name and the server address using TFTP protocol.

Also, you can update the firmware using command prompt by typing firmware-upgrade or firmware-upgrade-tftp commands in.

foxnetworktest#firmware-upgrade
Usage:firmware-upgrade [URL]
foxnetworktest#firmware-upgrade-tftp
Usage:firmware-upgrade-tftp [ip-address filename]

Using firmware-upgrade-tftp command is a common method of updating devices of such kind since you only have to specify the file name and a TFTP server address. However, let’s make a little pause here and talk about firmware-upgrade command a bit more. Using this command you can download the firmware through the device from a HTTP server. We were to send a link of the firmware located on one of the manufacturer’s servers to the access point being tested and the updating procedure went on successfully. Note that the firmware download directly from the NETGEAR web-site can be carried out only in case if your WNAP320 is connected to the Internet.

foxnetworktest#firmware-upgrade http://www.downloads.netgear.com/files/WNAP320_V2.0.3_firmware.tar
Connecting to www.downloads.netgear.com (213.244.185.41:80)
WNAP320_V2.0.3_firmw 100% |***********************************************************************| 5300k 00:00:00 ETA
Connection to host lost.

The updating procedure takes no longer than two minutes not considering the time to be spent on downloading the file with the new firmware.

You can check the current firmware version in System section of the web interface, Monitoring tab.

Also, you can receive these data either using command prompt of WNAP3200 or the built-in OS (some lines are omitted).

foxnetworktest#show system
ap information
apnamefoxnetworktest
ProductId WNAP320
serialNo 2NL1145U00199
firmware-version WNAP320_V2.0.3
foxnetworktest#sh
/home/cli/menu # cat /proc/version
Linux version 2.6.23-WNAP320_V2.0.3 (root@build) (gcc version 4.2.4) #1 Thu Jun 23 16:06:18 IST 2011

The process of firmware upgrade can be performed centrally by using NMS200 system. You can find out about adding a new device below, in a chapter dedicated to the SNMP-interface review. Once the access point has been added, you will have to upload an image file with a newer firmware version. You can do this in OS Images menu, section Config Mgmt, which is in Resources tab.

Once the file with the firmware update image is downloaded and added to NMS200, it can be used to update several WNAP320 access points simultaneously, you only need to enter Resources tab, Summary section, choose File Management-Deploy item in the pop-down menu, specify the devices to be updated, choose the applicable firmware version and, finally, start the updating procedure.

Now let’s go into functionality of the web interface of the wireless device tested.

Web-interface review

By default, the IP-address of a NETGEAR WNAP320 is 192.168.0.100/24. To get connected to the device you should use either HTTP or HTTPS protocols in your browser that is supposed to be located in the same network node (192.168.0.0/24). You will be asked to type in your password and login. They are admin and password, correspondingly.

Once the correct logon information is typed in, you’ll be redirected onto the home page of the web interface. All in all, the web interface has four main tabs, and they’re as follows: Configuration, Monitoring, Maintenance and Support. We are not going to examine all the functional capabilities of the WNAP320 web-interface, but only pick up the most interesting ones. Let’s examine those options we are offered in Configuration tab. Using System menu items you can specify a name of the device and its range of use, configure the time synchronization with the NTP server, enable or disable STP or 802.1Q protocols, adjust the user redirection onto the local web-server upon setting up of the hot spots, or make the access point monitor the happenings data and send them to Syslog server. Unfortunately, Cyrillic layout is not supported for NTP servers, so that a system administrator cannot synchronize the time with a server specified as время.провайдер.рф.

There is built-in Help Page where a user can get information on any menu item, which, as we think, is a very practical feature.

To change your IP parameters you need to enter IP section. We would like to point out that a WNAP320 has functions of both receiving the IP address from a DHCP server and acting as the abovementioned server having a number of the virtual network indicated where these IP addresses will be distributed from. Also, the device has a function called Network Integrity Check that blocks establishing new wireless connections if your device is not connected to the net.

Menu items in Wireless section enable a system administrator changing some settings of the wireless module of the device, and they are as follows: direct or scheduled switching on/off of the wireless module, quality of service of the wireless clients, antenna type to be used (external or internal), disabling the remote data exchange between clients and so on.

NETGEAR WNAP320 supports eight wireless profiles (SSID) and any of them can be used in its own virtual network. To adjust profile settings you need to enter Profile Settings menu item in Security section.

Function Rogue AP that is located in Advanced menu item is quite a nice feature that allows scanning for alien access points within the reach of the WNAP320 coverage.

Sections of Monitoring tab provide a system administrator information about the access point, wireless clients connected, all alien access points, statistics and logs, as well as they allow them capturing information transmitted.

In Maintenance tab you can change your current password, manually reboot the device, reset/save/restore the user configuration, update the current firmware or manage remote access.

The only tab that we didn’t look into is Support tab that consists of just one link to the documentation on the web-site of the vendor.

That’s where our web-interface review comes to an end. The next point in succession is command prompt review.

Command line interface

User access via Telnet and SSH protocols can be enabled or disabled in Remote Console menu item, Remote Management sections, Maintenance tab.

Also, the same can be done via typing in config remote ssh or config remote telnet in the CLI.

foxnetworktest#config remote telnet enable
foxnetworktest#config remote ssh enable

The complete list of commands is obtained by typing in help or ? in the command line. Due to the size of that list we decided not to post it here. Moreover, the majority of the entries in the command line are virtually the same that the elements of the web interface. The only thing we would like to pinpoint attention upon are show system and show configuration commands, by typing in which, the system displays brief or complete user configuration, respectively. Command end is used to switch back to the previous mode.

foxnetworktest#show system
ap information
apnamefoxnetworktest
ProductId WNAP320
serialNo 2NL1145U00199
macaddress A0:21:B7:BD:1B:C8
firmware-version WNAP320_V2.0.3
country/regionrussia
http-redirect-status disable
http-redirect-url http://www.netgear.com
spanning-tree enable
Wireless interface macaddress for 2.4GHz band a0:21:b7:bd:1b:c0
time-zonerussia-moscow
ntp-server time-b.netgear.com
ntp-client enabled
custom-ntp-server disabled
Thu Aug 18 22:25:15 MSD 2011
remote
ssh enable
telnet enable
syslog information
server-ip 0.0.0.0
server-port 514
syslog-status disable
ip
address 172.17.35.39
netmask 255.255.255.0
default-gateway 172.17.35.1
dns-server-primary 172.16.253.6
dns-server-secondary 172.17.32.3
dhcp-client disable
network-integrity-check disable
current wireless settings for 802.11ng
access-point-mode access point(ap)
rogue-ap-detection enable
rogue-ap-detection-policy modrate
foxnetworktest#config
foxnetworktest(conf)#dhcp
foxnetworktest(conf-dhcp)#end
foxnetworktest(conf)#

In reliance on our background experience of working with command lines of ASUS network equipment, we decided to use command sh in order to switch to the command line of the OS, but not NETGEAR shell. And, surprisingly, it worked out. It is fair to say that sh is not the only command of the OS that can be typed in. All of those commands function successfully.

foxnetworktest#cat /proc/uptime
84528.59 84376.64
foxnetworktest#sh
/home/cli/menu # who
USER TTY IDLE TIME HOST
adminpts/0 00:00 Aug 18 22:04:30
adminpts/1 ? Aug 18 21:46:09
/home/cli/menu # whoami
root
/home/cli/menu # ls
backup-configuration firmware-upgrade reboot restore-factory-default
config firmware-upgrade-tftp restore-configuration show
exit password restore-default-password

Using BusyBox is a customary way of handling this kind of devices. Firmware 2.0.3 is based upon BusyBox 1.11.0.

/ # busybox
BusyBoxv1.11.0 (2011-06-23 15:54:48 IST) multi-callbinary
Copyright (C) 1998-2008 Erik Andersen, Rob Landley, Denys Vlasenko
and others. Licensed under GPLv2.
See source distribution for full notice.
Usage: busybox [function] [arguments]...
or: function [arguments]...
BusyBox is a multi-call binary that combines many common Unix
utilities into a single executable. Most people will create a
link to busybox for each function they wish to use and BusyBox
will act like whatever it was invoked as!
Currently defined functions:
[, [[, addgroup, adduser, ar, arp, arping, ash, awk, basename, bunzip2, bzcat, bzip2, cat, catv,
chgrp, chmod, chown, chroot, cksum, clear, cmp, cp, crond, crontab, cut, date, dd, delgroup, df,
diff, dirname, dmesg, dos2unix, du, dumpleases, echo, egrep, env, expr, false, fgrep, find, fold,
free, freeramdisk, ftpget, ftpput, fuser, getopt, getty, grep, gunzip, gzip, halt, head, hexdump,
hostname, id, ifconfig, ifdown, ifup, inetd, init, insmod, ip, ipcrm, ipcs, kill, killall, killall5,
klogd, last, length, less, linuxrc, ln, logger, login, logname, logread, losetup, ls, lsmod, md5sum,
mesg, mkdir, mkfifo, mknod, mktemp, modprobe, more, mount, mountpoint, mv, nice, nmeter, nohup,
od, passwd, pgrep, pidof, ping, pipe_progress, pivot_root, poweroff, printenv, printf, ps, pwd,
readlink, readprofile, reboot, renice, reset, resize, rm, rmdir, rmmod, route, runlevel, sed, seq,
setsid, sh, sha1sum, sleep, sort, start-stop-daemon, stat, strings, su, sulogin, switch_root, sync,
sysctl, syslogd, tail, tar, tee, telnet, telnetd, test, tftp, time, top, touch, true, tty, udhcpc,
udhcpd, umount, uname, uniq, unix2dos, uptime, usleep, vconfig, vi, watch, wc, wget, which, who,
whoami, xargs, yes, zcat

Let’s see which processes are launched at the moment.

/ # ps
PID USER TIME COMMAND
1 root 0:00 init
2 root 0:00 [kthreadd]
3 root 0:00 [ksoftirqd/0]
4 root 0:00 [events/0]
5 root 0:00 [khelper]
6 root 0:00 [kblockd/0]
7 root 0:00 [pdflush]
8 root 0:00 [pdflush]
9 root 0:00 [kswapd0]
10 root 0:00 [aio/0]
11 root 0:01 [mtdblockd]
57 root 0:00 [jffs2_gcd_mtd4]
78 root 0:00 /usr/bin/watchdog
81 root 0:00 /usr/bin/reset_detect
173 root 0:10 /usr/sbin/configd
184 root 0:04 /sbin/lighttpd -f /etc/lighttpd.conf
197 root 0:00 /sbin/syslogd -S -D -O /var/log/messages -s 64 -b 2
236 root 0:17 /usr/local/sbin/snmpd -c /etc/snmpd.conf -Ln
249 root 0:00 /usr/sbin/telnetd
327 root 0:00 /usr/local/sbin/snmpd -c /etc/snmpd.conf -Ln
328 root 0:00 /usr/local/sbin/snmpd -c /etc/snmpd.conf -Ln
329 root 0:00 /usr/local/sbin/snmpd -c /etc/snmpd.conf -Ln
370 root 0:00 /usr/local/bin/hostapd /etc/hostapd.conf.wifi0
378 root 0:04 /usr/sbin/nmbd -s /etc/smb.conf -D
482 root 0:00 /sbin/getty -L ttyS0 9600 vt100
2299 root 0:00 -cli
2315 root 0:00 /usr/sbin/dropbear
2691 root 0:00 sh -c sh
2692 root 0:00 sh
2710 root 0:00 ps

And learn which commands are available in /bin, /sbin, usr/bin and usr/sbin directories.

/ # ls /bin
addgroup cp fgrep login nice sed umount
adduser date getopt ls pidof sh uname
ash dd grep mkdir ping sleep usleep
busybox delgroup gunzip mknod pipe_progress stat vi
cat df gzip mktemp printenv su watch
catv dmesg hostname more ps sync zcat
chgrp echo ip mount pwd tar
chmod egrep kill mountpoint rm touch
chown false ln mv rmdir true
/ # ls /sbin
arp ifrename iwlist lsmod route syslogd
freeramdisk ifup iwpriv modprobe runlevel udhcpc
getty init klogd pivot_root start-stop-daemon vconfig
halt insmod lighttpd poweroff sulogin
ifconfig iwconfig logread reboot switch_root
ifdown iwevent losetup rmmod sysctl
/ # ls /usr/bin
[ crontab flash_erase killall5 passwd sort uptime
[[ cut flashcp last pgrep ssh watchdog
ar dbclient fold length printf strings wc
arping diff free less printmd tail wget
awk dirname ftpget logger readlink tee which
basename dos2unix ftpput logname renice telnet who
bddatard dropbearconvert fuser md5sum reset test whoami
bunzip2 dropbearkey head mesg reset_detect tftp wifidog
bzcat du hexdump mkfifo resize time wr_mfg_data
bzip2 dumpleases id nmeter scp top xargs
cksum env ipcrm nohup seq tty yes
clear expr ipcs od setsid uniq
cmp find killall panel_led sha1sum unix2dos
/ # ls /usr/sbin
brctl conf_save dropbear iptables-save readprofile
chroot conf_set inetd iptables-xml telnetd
cli configd iptables mii-tool udhcpd
conf_get crond iptables-restore nmbd vconfig

To learn how busy the WNAP320 is we have to view the content of /proc/uptime and /proc/loadavg files. In the output of cat /proc/uptime there are two figures which show the access point uptime and how long it was idle, respectively. First three figures in the output of cat /proc/loadavg show the average load of the device during the last 1, 5 and 15 minutes, respectively. As we can see, now our access point is not busy at all. The uptime can also be learned by typing in uptime command which output data will probably be much easy to comprehend.

/ # cat /proc/uptime
88280.54 88127.39
/ # cat /proc/loadavg
0.00 0.00 0.00 1/30 2720
/ # uptime
23:46:36 up 1 day, 43 min, load average: 0.00, 0.00, 0.00

Hardware platform information is specified in /proc/cpuinfo file. Data on memory are contained in /proc/meminfo file.

/ # cat /proc/cpuinfo
system type : Atheros AR7100 (hydra)
processor : 0
cpu model : MIPS 24K V7.4
BogoMIPS : 450.56
wait instruction : yes
microsecond timers : yes
tlb_entries : 16
extra interrupt vector : yes
hardwarewatchpoint : yes
ASEs implemented : mips16
VCED exceptions : not available
VCEI exceptions : not available
/ # cat /proc/meminfo
MemTotal: 127888 kB
MemFree: 90284 kB
Buffers: 3696 kB
Cached: 17700 kB
SwapCached: 0 kB
Active: 11868 kB
Inactive: 12260 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 0 kB
Writeback: 0 kB
AnonPages: 2744 kB
Mapped: 3956 kB
Slab: 11000 kB
SReclaimable: 2160 kB
SUnreclaim: 8840 kB
PageTables: 204 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
CommitLimit: 63944 kB
Committed_AS: 6564 kB
VmallocTotal: 1048404 kB
VmallocUsed: 1992 kB
VmallocChunk: 1046344 kB

Directory /usr/bin contains an interesting program called panel_led which allows operating the performance light indicator of the device. If the device is used conventionally, the practicability of this utility becomes highly questionable, although we have decided to share this with our readers.

/usr/bin # panel_led
This Program needs one argument.
Enter 1 for Amber.
Enter 2 for Amber Blink.
Enter 3 for Green.
Enter 4 for Green Blink.
Enter 5 foroff.

Another interesting command is poweroff which allows you to simply turn off the device. But it is not quite the same shutdown the users of notebooks or PCs are used to. In this particular case only the OS is being turned off, while all light indicators keep on flashing, that is to say that the WNAP320 stop functioning as an access point. It is impossible to put the device back on without using any special-purpose hardware, but only to directly plug it off and then plug back on.

/ # poweroff --help
BusyBox v1.11.0 (2011-06-23 15:54:48 IST) multi-call binary
Usage: poweroff [-d delay] [-n] [-f]
Halt and shut off power
Options:
-d Delay interval for halting
-n No call to sync()
-f Force power off (don't go through init)

Access to command line of a WNAP 320 can also be gained by using console port. To connect to a PC one needs to have a null-modem cable. The connection speed is 9600 baud, 8 data bits, with no parity bits and one stop bit. While connected, a user will be asked to enter his/her login and password.

WelcometoSDK.
Havealotoffun...
netgearBD1BC8 login: admin
Password:
netgearBD1BC8#

We decided to monitor the reboot process of the device tested. Log file of the process has been written to the file.

When turning the device on, an administrator can enter the loader configuration mode, and use any of those commands specified below.

ar7100> ?
? - alias for 'help'
autoscr - run script from memory
base - print or set address offset
bdinfo - print Board Info structure
boot - boot default, i.e., run 'bootcmd'
bootd - boot default, i.e., run 'bootcmd'
bootelf - Boot from an ELF image in memory
bootm - boot application image from memory
bootp - boot image via network using BootP/TFTP protocol
bootvx - Boot vxWorks from an ELF image
burn - burn data into flash
cmp - memory compare
coninfo - print console devices and information
cp - memory copy
crc32 - checksum calculation
delay - delay
echo - echo args to console
erase - erase FLASH memory
exit - exit script
flinfo - print FLASH memory information
gigamode - switch the giga port in different mode
go - start application at address 'addr'
gpio -gpio testing command
help - print online help
iminfo - print header information for application image
imls - list all images found in flash
itest - return true/false on integer compare
loadb - load binary file over serial line (kermit mode)
loads - load S-Record file over serial line
loady - load binary file over serial line (ymodem mode)
loop - infinite loop on address range
macset - set netinterfacemacaddress
macshow - display mac address of eth0,eth1,wlana
md - memory display
memtest - memory testing command
mii - MII utility commands
mm - memory modify (auto-incrementing)
mtest - simple RAM test
mw - memory write (fill)
nfs - boot image via network using NFS protocol
nm - memory modify (constant address)
pci - list and access PCI Configuration Space
ping - send ICMP ECHO_REQUEST to network host
porttest - port testing command
printenv- print environment variables
progmac - Set ethernet MAC addresses
protect - enable or disable FLASH write protection
rarpboot- boot image via network using RARP/TFTP protocol
reset - Perform RESET of the CPU
run - run commands in an environment variable
saveenv - save environment variables to persistent storage
savemd - save manufacturing data info flash
setenv - set environment variables
setmd - set manufacturing data
showmd - Display manufacturing data
sleep - delay execution for some time
test - minimal test like /bin/sh
tftpboot- boot image via network using TFTP protocol
version - print monitor version
wpspinset - set wpspin number

Let’s analyze some of them. Entering bdinfo command you receive brief information about the platform. Similar data are available in the output of showmd command.

ar7100>bdinfo
boot_params = 0x87F73FA4
memstart = 0x80000000
memsize = 0x08000000
flashstart = 0xBF000000
flashsize = 0x00800000
flashoffset = 0x0002F734
ethaddr = 00:00:00:00:00:00
ip_addr = 192.168.1.2
baudrate = 9600 bps
ar7100>showmd
ProductID = WNAP320
HWVer = 1.0
reginfo = 0
numofimages = -1
currimage = -1
basemac = A021B7BD1BC0
maccnt0 = -1
maccnt1 = -1
maccnt2 = -1
maccnt3 = -1
serno = 2NL1145U00199
boot_params = 0x87F73FA4
memstart = 0x80000000
memsize = 0x08000000
flashstart = 0xBF000000
flashsize = 0x00800000
flashoffset = 0x0002F734
ethaddr = 00:00:00:00:00:00
ip_addr = 192.168.1.2
baudrate = 9600 bps

The list of those firmware image files uploaded to the flash memory is shown in the output of imls.

ar7100>imls
Image at BF050000:
Image Name: Linux Kernel
Created: 2011-06-23 10:45:30 UTC
Image Type: MIPS Linux Kernel Image (gzip compressed)
Data Size: 983040 Bytes = 960 kB
Load Address: 80020000
Entry Point: 801f2000
Verifying Checksum ... OK

Printenv command displays environment variables.

ar7100>printenv
bootcmd=bootm 0xbf050000
bootdelay=4
baudrate=9600
ipaddr=192.168.1.2
serverip=192.168.1.1
loadUboot=tftpboot 0x80010000 u-boot.bin;erase 0xbf000000 +0x30000;cp.b 0x80010000 0xbf000000 0x30000
loadLinux=tftpboot 0x80010000 vmlinux.gz.uImage;erase 0xbf640000 +0x120000;cp.b 0x80010000 0xbf640000 0x120000
loadFiles=tftpboot 0x80010000 ap94-jffs2;erase 0xbf040000 +0x600000;cp.b 0x80010000 0xbf040000 0x600000
loadAll=run loadUboot;runloadLinux;runloadFiles
ethact=eth0
kimagename=vmlinux.gz.uImage
rimagename=rootfs.squashfs
download=tftp
flash_all=tftp 80800000 vmlinux.gz.uImage;erase bf050000 +100000;cp.b 80800000 bf050000 100000;
tftp 80800000 rootfs.squashfs;erase bf150000 +610000;cp.b 80800000 bf150000 ${filesize};
erase 0xbf760000 +0x80000;
bootargs=console=ttyS0,9600 rootfstype=squashfs root=31:03 init=/sbin/init mtdparts=ar7100-nor0:256k(u-boot),
64k(u-boot-env),1024k(vmlinux.gz.uImage),6208k(rootfs),512k(var),64k(manufacturing-data),64k(ART)
stdin=serial
stdout=serial
stderr=serial
Environmentsize: 998/65532 bytes

Pci command displays information about the same name bus.

ar7100>pci
Scanning PCI devices on bus 0
BusDevFunVendorIdDeviceId Device Class Sub-Class
_____________________________________________________________
00.00.00 0x168c 0x0029 Networkcontroller 0x80

Version of the loader is available in the output of version command.

ar7100>version
U-Boot 1.1.4 dni-1.09 (Jul 1 2010 - 11:39:24)

That’s where we bring the brief review of the command line interface to a close.

SNMP access

Before connecting to an access point using SNMP protocol an administrator must enable it and specify the community names. The above mentioned is to be done using SNMP menu item, Remote Management section, Maintenance tab.

In order to connect to the device we have been using Getif utility, version 2.3.1, which has detected 18 interfaces, and they are a wire GE port, eight wireless ports, one for each wireless profile, four WDS ports and so on.

We will not be thoroughly analyzing all of those parameters accessible in MBrowser tab and examine only those which we think are the most interesting ones. The general information about the device is found in .iso.org.dod.internet.mgmt.mib-2.system branch.

Information on physical and logical interfaces is gathered up in .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry branch. These data are interface lists with descriptions, information on status and speed, time of the last status update, physical address and quantity of the user data transmitted in bytes and an error counter.

Statistical information of IP, ICMP, TCP, UDP and SNMP protocols is found in .iso.org.dod.internet.mgmt.mib-2.ip, .iso.org.dod.internet.mgmt.mib-2.icmp, .iso.org.dod.internet.mgmt.mib-2.tcp, .iso.org.dod.internet.mgmt.mib-2.udp and .iso.org.dod.internet.mgmt.mib-2.snmp branches, respectively.

Also, we decided to get the WNAP320 connected to an enterprise monitoring system based on Cacti in order to observe the load of the access point network interfaces. Graph of the Gigabit Ethernet wire interface utilization upon configuring the device is presented below. The valley value that is shown right-hand on the graph is brought about by reboot of the access point when it was unavailable via SNMP.

Apart from the third-party utilities, to connect to a WNAP320 an administrator can use a proprietary NETGEAR’s utility called NMS200, which is a monitoring and management system. In this review we won’t be going deep into examining performance capabilities of NMS200, but only describe the procedure of connection of an access point to the system. NMS200 has WNAP320 support function since 2.4.0.15 version which hasn’t been yet released to public when this article was being written. The whole WNAP320 firmware updating process is described in the corresponding section, although as a first step the necessary device must be added to the system using Discovery menu.

When the above mentioned steps are done, the new device is to appear in Resource tab.

Now let’s move onto testing the access point.

Testing

The first thing we always begin our testing procedure with is setting up the booting time of the device. A NETGEAR WNAP320 boots in 65 seconds, which is an adequate result.

The second established part of the testing process is checking security and vulnerability levels of the access point; we were to use a Positive Technologies XSpider 7.7 (Demo build 3100) network security scanner. In total there were five open ports found, and they are TCP-22 (SSH), TCP-23 (Telnet), TCP-80 (HTTP), UDP-137 (NetBIOS Name) and TCP-443 (HTTPS). It stands to mention that TCP ports numbered 22 and 23 are open by the device only in case the access to the corresponding services is granted. Login and password for Telnet protocol were guessed right and it wasn’t really a surprise to us since the two admin/password are way too well-known. The usual advice here is to change the current password to any other, a more difficult one. Unfortunately, the majority of the vulnerabilities have been spotted in PHP embedding in the web-interface of the WNAP320, and we are to share some of them below.

It is likely that the most anticipated test in the WNAP320 review is the data transfer speed test in a wireless network. We have made several tests using various wireless client cards with different numbers of parallel streams. JPerf utility 2.0.2 was used for measuring; you can see the results on the graph presented below. Results of the speed measurements taken are fairly decent for this kind of devices.

Also, we cannot help but mention the technical characteristics of the test stand.

Component PC Notebook
Motherboard ASUS P5K64 WS ASUS M60J
CPU Intel Core 2 Quad Q9500 2.83 GHz Intel Core i7 720QM 1.6 GHz
RAM DDR3 PC3-10700 OCZ 16 Gbyte DDR3 PC3-10700 Kingston 8 Gbyte
NIC MarvellYukon 88E8001/8003/8010
ASUS WL-130N
D-Link DWA-160
Atheros AR8131
Atheros AR9285
Operating system Windows 7 x64 SP1 Rus Windows 7 x64 SP1 Rus

Packet Capture menu item in Monitoring section is meant for capturing the data transmitted wirelessly. Naturally, we couldn’t just skip that feature. All one needs to do is to press Start button to begin with the interception process and then to finish it by pressing Stop button and saving the created file.

All those frames captured were transmitted wirelessly under the WNAP320 coverage. The only thing that should be mentioned is that the transmitted traffic is not so easy to get while in the TCPdump format. In the data specified below it is barely possible to notice the echoing-back of ICMP protocol.

However, it would be a nice feature to use in order to intercept deep traffic.

As the testing section is about to be through with, let’s summarize all of the above-said.

Conclusion

We were really pleased with the tested NETGEAR WNAP320 access point that allows making hotspots in hotels, airports, cafes, or on factory floors. It’s pity that the price of the device would be an obstacle to using it at home. Its strong points are listed above.

  • Really nice appearance.
  • VLAN support.
  • Several wireless profiles support.
  • PoE supported.
  • An option of updating the firmware not only using HTTP/HTTPS protocols, but also TFTP protocol, is supported.
  • High speed of Wi-Fi data transmission.
  • Its own centralized control system.

However, its drawbacks should also be noted.

  • Web-interface is available only in English.
  • Cyrillic names for NTP server are not supported.
  • It is a highly-priced device.

It is worthwhile to say that NETGEAR WNAP320 has the elder brother, WNAP360, which affords its users with an opportunity to work within the 5 GHz range. It may be so that in the foreseeable future that device would find its way to our testing lab.

As of when this article was being written, the average price of a NETGEAR WNAP320 in Moscow’s online shops was 8500 rubles.

Add comment


Security code
Refresh

Found a typo? Please select it and press Ctrl + Enter.