New ZyXEL Keenetic Ultra II and Giga III Wireless Routers

Introduction

External design and hardware

Firmware upgrade

Web-interface

Command line

Testing

Conclusion

Introduction

We were invited to the presentation of new ZyXEL Keenetic Ultra II and Giga III wireless routers about two months ago. Both devices have Gigabit Ethernet ports, support AC1200 wireless standard, and are meant to be used at home or in small offices. Our test lab still hasn't published reviews of network equipment by ZyXEL company. But there's the first time in everything, isn't there? That's why we decided to write a review and test these two models. Since Ultra II and Giga III are quite similar (both when it comes to performance and capabilities), we decided to offer our readers one article that reviews both devices. Let's get started!

External design and hardware

Both devices come in black plastic cases with dimensions of 187x122x37 mm (not considering the antennae). The external antennae of 5 dBi are non-detachable and are located on the side panels. Ultra II router weighs 310 grams and Giga III weighs 290 grams. Both models require an external power unit (included in the box) with the following characteristics for correct operation: 12 V and 2.5 А.

The biggest part of the upper panel of both devices is a ribbed pattern. Here one can find a sticker with the brief description of the model capabilities and WPS button.

The front panel has LEDs indicating the device status as well as the status of its wireless modules and USB ports. A configurable indicator and an indicator that shows the availability of access to the Internet are located here, too.

Both side panels are perforated. On one of them there are two USB ports (USB 2.0 and USB 3.0) and two software  buttons.

The bottom panel is perforated too and has a sticker with the brief information about the device. Also, two rubber legs and two mounting holes are located here. ZyXEL Keenetic Giga III and Ultra II wireless routers are meant both for desk and wall mounting.

Rear panels of the models under review are a bit different though. Giga III model has four LAN ports and one WAN Gigabit Ethernet port, Reset button, and a slot for connection of the external power unit together with ON/OFF button. Ultra II wireless router has seven LAN ports.

Now let's have a look at the insides of the devices. Unfortunately, all primary electronic elements are covered with protective metal screens and are inaccessible for review. The only element accessible for inspection in both models was the Spansion S34ML01G200TFI00 flash memory module with the size of 128 Mbytes. The official sources claim that both of the devices are fitted with DDR3 256 Mbyte RAM. Giga III model is powered by single-core MediaTek MT7621S SoC CPU that operates at 880 MHz frequency, whilst Ultra II model is fitted with a dual-core MT7621A SoC CPU that operates at the same frequency.

We decided to provide our readers with photos of the electronic stuffing of ZyXEL Keenetic Giga III wireless router.

Also, we just could not help it but publish photos of the main card of Ultra II model.

Now let's pass on to reviewing the software capabilities of the devices.

Firmware upgrade

Firmware update may be carried out via the web-interface both in manual and semi-automatic mode. Naturally, in order to update the firmware in the automatic mode one needs to be connected to the Internet. Upon detecting a newer firmware version on the vendor servers, one will see the corresponding notification in Dashboard tab, Device dashboard menu.

Manual firmware update is done using Files tab, System menu.

An administrator can make sure that the firmware update has been executed successfully in System tab, Device dashboard menu. Automatic update of all installed components is performed upon firmware update. After the initial firmware update has been successfully carried out, the user will be able to select the necessary components using Update tab, System menu.

It's worth noticing that the administrator can choose the applicable components that should be installed in the device using Update tab, System menu.

The administrator can review the installed firmware version and update it using command line, too. Show version command displays the data about the current firmware version.

(config)> show version
 release: v2.06(AAUW.1)A4
 arch: mips
 ndm:
 exact: 0-fe174cf
 cdate: 1 Oct 2015
 bsp:
 exact: 0-58f6634
 cdate: 1 Oct 2015
 manufacturer: ZyXEL
 vendor: ZyXEL
 series: Keenetic series
 model: Keenetic
 hw_version: 80280000-D
 hw_id: kng_re
 device: Keenetic Giga III
 class: Internet Center

Components sync command is used to check the availability of the updated firmware and components.

(config)> components sync
Components::Manager error[268369922]: updates are available for this system.
 А       2.06.A.5
 А                   А                    А          А                    А                      А
 А                              А                        TVport
А                             А           А   IPTV
 А                   DLNA-     А     А
 А                А                                              -         А

Components commit command is used for execution of firmware update (the command output is partially omitted).

(config)> components commit
Components::Manager: Update of components started.
 progress, name = Components::Manager: 0
 progress, name = flash:firmware: 0
 progress, name = Components::Manager: 2
 progress, name = flash:firmware: 0
 progress, name = Components::Manager: 4
 progress, name = flash:firmware: 0
 progress, name = Components::Manager: 98
 progress, name = flash:firmware: 0
 progress, name = Components::Manager: 100
 progress, name = flash:firmware: 0
 file_size: 8257596
(config)>
Connection to host lost.

The administrator can make sure that the firmware update has been executed successfully using show version command, too.

(config)> sho ver
 release: v2.06(AAUW.2)A5
 arch: mips
 ndm:
 exact: 0-5db8bde
 cdate: 29 Oct 2015
 bsp:
 exact: 0-b270fe8
 cdate: 29 Oct 2015
 ndw:
 version: 4.1.0.137
 features: wifi_button,wifi5ghz,usb_3,flexible_menu,
 emulate_firmware_progress
 components: cloud,dot1x,fat,hfsplus,json,kabinet,
 miniupnpd,nathelper-ftp,nathelper-pptp,nathelper-sip,
 ntfs,ppe,usblte,usbserial,base,cifs,cloudcontrol,
 components,config-ap,config-repeater,config-client,
 corewireless,easyconfig,ftp,dhcpd,igmp,madwimax,l2tp,ppp,
 pptp,pppoe,skydns,storage,usb,usbnet,usbmodem,ydns,base-
 l10n,printers,sysmode,theme-ZyXEL-Intl,base-theme,
 easyconfig-3.2,modems,base-ZyXEL-Intl,ispdb
 manufacturer: ZyXEL
 vendor: ZyXEL
 series: Keenetic series
 model: Keenetic
 hw_version: 80280000-D
 hw_id: kng_re
 device: Keenetic Giga III
 class: Internet Center

Another firmware update method that we haven't pointed out is copying the firmware update file using FTP .

One can access the FTP server built-in in the router using any modern FTP  client that supports connections in the passive mode. After the user has connected successfully, s/he will need to change firmware file to the new one that contains the newer firmware version. Once the file has been successfully copied, the device will need to be rebooted.

That is where we bring the review of the firmware update process to a conclusion and pass on to examining capabilities of the device web-interface.

Web-interface

Before reviewing the web-interface capabilities of ZyXEL Keenetic Ultra II and Giga III wireless routers, we installed all available add-ons so that our review would be more complete.

The main menu is located at the bottom of the page. We decided to start reviewing the web-interface capabilities from Device dashboard menu that lets the administrator obtain information about the status of the whole device as well its interfaces, review the routing table and find out the utilization of the main hardware resources, and review the list of connected clients and external devices.

Management of the access to the WAN is done using tabs in Broadband menu. A wide variety of parameters in tabs in Broadband menu may puzzle a newby . That's exactly why a special wizard, which helps the user perform simple step-by-step configuration of the router, will be launched upon the first connection to the device. One can access this wizard using NetFriend button in Summary tab.

To tell you the truth, we were pleasantly surprised at the choice of possible connection methods. Apart from traditional connection variants, IPoE, VPN (PPTP/L2TP/PPTP), 802.1X, and 3G/4G, Keenetic Ultra II and Giga III wireless routers let the user get connected to wireless networks in 2.4 GHz and 5 GHz frequency ranges. ZyXEL company decided not to divide their Internet centres into ADSL and Ethernet routers. Instead of it, all devices in Keenetic series are equipped with an Ethernet WAN port. Connection to ADSL or VDSL service providers is carried out using a special-purpose USB modem that should be connected to the router. Management of the access to the WAN is done using sub-groups of Internet group. It's worth mentioning apart that the administrator can configure the wired connection in a flexible mode. For example, by using a certain virtual network in the trunk towards the service provider or getting connected an IP phone or a set-top box to any port of the device.

The Keenetic series devices let the user get connected not only to traditional IPv4 networks but also to the new generation networks that use IPv6. The corresponding settings are available in the same-named tab in Broadband menu. The connection is performed using 6in4 tunnels. In case if the service provider offers support of IPv6 with the automatic configuration of IP parameters by themselves, for example using SLAAC (Stateless address autoconfiguration), the configuration of the router will be performed automatically without any involvement of the user.

The owner of Keenetic routers can get connected to several service providers. Several connections can be used for reserving of the main access channel to the Internet. Configuration of parameters of the channel operability check is done in Ping Check tab in the same menu.

Extra tab is used to specify static routes and addresses of DNS servers.

Hosts tab in Home menu is used to obtain the list of devices located in the local network and the list of applications launched on them as well as rate-limit one of the devices.

Segments tab is meant for management of the local network segments. This tab is used to merge various local network interfaces and manage the DHCP server operation.

Enabling or disabling IntelliQoS features, which analyzes the application traffic and reserves the bandwidth for transfer of certain data, is used in the same-named tab.

Some cases may require that the clients receive IP addresses from a certain external DHCP server, which is located in the other network segment, for example, from the DHCP server of the service provider. ZyXEL Ultra II and Giga III wireless routers let the administrator relay broadcast DHCP messages to a certain host. These settings are available in DHCP Relay tab.

In order to provide access to the Internet for local users the router must perform NAT/PAT translations. Enabling and disabling of translations is performed using NAT tab. Routing between user segments in the local network is performed without translations.

IGMP Proxy and udpxy server are meant for management of multicast receipt by the user. This feature is predominantly used for delivery of IPTV service.

Wireless menu item lets the administrator configure the wireless module of the routers operating as an access point. Also, here one can perform filtration of clients that were permitted connection based on their MAC addresses.

Configuration of the network address translation parameters as well as management of the firewall and protection via DNS is performed using Security menu.

Tabs in System menu are meant for management of the key operation parameters of the whole router, firmware update, reviewing the log data, launching diagnostics procedures, capturing network packets, changing the device operation mode, managing users, and obtaining access to the main system files.

Auxiliary protocols and services are configured using tabs in Applications menu. Here the user can manage SMB/CIFS, FTP, IPSec, DLNA, and BitTorrent protocols as well as grant an access to catalogs and cloud clients.

In the latest firmware versions, which we were provided by the vendor, an extra tab called Opkg was added in Applications menu. It lets the administrator install third-party software add-ons. Earlier this feature was unavailable in NDMS v.2 OS. We hope that in the near future this capability will become available in the official versions of firmware, accessible by common users, too.

 

One can connect various devices to the USB port of the routers under review. For example, 3G/4G modems, printers, flash cards and external HDDs, and ADSL/VDSL modems. Apart from it, various special-purpose devices like Keenetic Plus DECT—a USB module of the wireless telephone base operating in DECT mode—can be connected to the routers too.

 

Management of a basic DECT base, if the user owns it, is done using tabs in DECT menu. Connection of DECT handsets is possible only to SIP operators. Connection to PSTN/POTS is not supported.

That is where we bring review of the web-interface of ZyXEL Keenetic Ultra II and Giga III wireless routers to a conclusion and pass on to examining capabilities of their command line.

Command line

Command line interface of ZyXEL Keenetic Ultra II and Giga III wireless routers is different from the one we saw in other SOHO devices. NDMS OS, though built on *nix OS base, doesn't provide the administrator access to shell. That is why we will review the capabilities of the built-in command interpreter. Obviously, examining all capabilities of the command line is not our aim and if the user wants to do this, s/he is welcome to get acquainted with the user's manual. However, we will still get you familiar with the most interesting commands. The command line interface under review is similar to CLI in devices by Cisco System, but there are a lot of differences too. In order to access the command line one needs to use the same login and password as for the connection to the device web-interface.

Login: admin
Password: ********
(config)>
 system - maintenance functions
 ntp - configure NTP
 schedule - schedule configuration
 known - manage lists of known network objects
 access-list - configure network access lists
 isolate-private - configure if traffic may pass between "private" interfaces
 dyndns - configure DynDns profiles
 yandexdns - configure Yandex.DNS profiles
 skydns - configure SkyDns profiles
 ndns - configure NDNS
 ping-check - configure ping-check profiles
 interface - network interface configuration
 ip - configure IP parameters
 telnet - manage Telnet server service
 pppoe - configure PPPoE parameters
 kabinet - configure kabinet authenticator
 ppe - configure Packet Processing Engine
 upnp - configure UPnP parameters
 torrent - configure torrent service parameters
 udpxy - configure udpxy
 crypto - configure IPsec
 igmp-proxy - configure IGMP
 user - configure user account
 vpn-server - configure VPN server
 service - manage services
 ftp - manage FTP server service
 cifs - manage CIFS service
 dlna - manage DLNA service
 dns-proxy - manage DNS proxy service
 whoami - display info about the current management session
 printer - printer configuration
 more - view text file
 ls - list directory contents
 copy - copy files
 erase - erase file or empty directory
 monitor - manage monitor services
 show - display various diagnostic information
 tools - tools for testing the environment
 opkg - Open Package configuration
 easyconfig - configure Easyconfig services
 components - manage firmware components
 cloud - manage cloud services

Several configuration sub-modes are supported. For example, in order to change parameters of a certain interface, one will need to switch to the applicable operation mode.

(config)> int
 interface - network interface configuration
(config)> interface
 Usage template:
 interface {name}
 Choose:
 Pvc
 Vlan
 CdcEthernet
 UsbModem
 UsbDsl
 AsixEthernet
 Davicom
 UsbLte
 YotaOne
 Bridge
 PPPoE
 PPTP
 L2TP
 L2TPoverIPsec
 TunnelGre
 GigabitEthernet0
 GigabitEthernet0/0
 1
 GigabitEthernet0/1
 2
 GigabitEthernet0/2
 3
 GigabitEthernet0/3
 4
 GigabitEthernet1
 ISP
 GigabitEthernet1/0
 0
 WifiMaster0
 WifiMaster0/AccessPoint0
 AccessPoint
 WifiMaster0/AccessPoint1
 GuestWiFi
 WifiMaster0/AccessPoint2
 WifiMaster0/AccessPoint3
 WifiMaster0/WifiStation0
 WifiMaster1
 WifiMaster1/AccessPoint0
 AccessPoint_5G
 WifiMaster1/WifiStation0
 GigabitEthernet0/Vlan1
 Bridge0
 Home
(config)> interface Bri
 Usage template:
 interface {name}
 Choose:
 Bridge
 Bridge0
(config)> interface Bridge0
(config-if)>
 name - change interface name
 description - set interface description
 role - interface role configuration
 traffic-shape - set traffic rate limit
 dyndns - DynDns updates
 inherit - add Ethernet interface to a Bridge (with inheritance)
 include - add Ethernet interface to a Bridge
 tx-queue - set TX queue length
 mac - configure MAC parameters
 security-level - assign security level
 debug - enable connection debugging
 authentication - configure authentication
 ip - configure IP parameters
 igmp - configure IGMP parameters
 ping-check - ping-check configuration
 vdsl - configure VDSL parameters
 up - enable interface
 down - disable interface
 schedule - interface up/down schedule

Management of the transmitter power, wireless channel, and compatibility modes is allowed for the wireless interfaces. Also, the administrator may specify the country code where the device is used. By using traffic-shape command the administrator can rate-limit the user data transfer for any interface including wireless ones.

(config)> interface WifiMaster0
(config-if)>
 name - change interface name
 description - set interface description
 role - interface role configuration
 traffic-shape - set traffic rate limit
 dyndns - DynDns updates
 tx-queue - set TX queue length
 mac - configure MAC parameters
 debug - enable connection debugging
 rf - change RF settings
 ip - configure IP parameters
 country-code - set country code
 compatibility - set 802.11 compatibility (use parameters like BG or ABGN)
 channel - set radio channel
 power - set transmission power level
 preamble-short - enable short preambles
 vdsl - configure VDSL parameters
 up - enable interface
 down - disable interface
 schedule - interface up/down schedule
(config-if)> tra
 traffic-shape - set traffic rate limit
(config-if)> traffic-shape
 Usage template:
 traffic-shape rate {rate}
(config-if)> rol
 role - interface role configuration
(config-if)> role
 Usage template:
 role {role} [for {ifor}]
 Choose:
 inet
 iptv
 voip
(config-if)> coun
 country-code - set country code
(config-if)> country-code
 Usage template:
 country-code {code}
(config-if)> chan
 channel - set radio channel
(config-if)> channel
 Usage template:
 channel {channel} | width ...
 width - set radio channel width
(config-if)> powe
 power - set transmission power level
(config-if)> power
 Usage template:
 power {power}
(config-if)>exit
(config)> interface AccessPoint
(config-if)>
 name - change interface name
 description - set interface description
 role - interface role configuration
 traffic-shape - set traffic rate limit
 dyndns - DynDns updates
 tx-queue - set TX queue length
 mac - configure MAC parameters
 security-level - assign security level
 debug - enable connection debugging
 wps - enable WPS functionality
 authentication - configure authentication
 encryption - configure encryption parameters
 ip - configure IP parameters
 igmp - configure IGMP parameters
 ping-check - ping-check configuration
 ssid - set wireless ESSID
 hide-ssid - disable SSID broadcasting on the access point
 wmm - enable Wireless Multimedia Extensions on this interface
 vdsl - configure VDSL parameters
 up - enable interface
 down - disable interface
 schedule - interface up/down schedule
(config-if)> en
 encryption - configure encryption parameters
(config-if)> encryption
 key - set wireless encryption key
 enable - enable wireless encryption (WEP by default)
 disable - disable wireless encryption
 wpa - enable WPA version 1 (TKIP) encryption
 wpa2 - enable WPA version 2 (AES) encryption

Management of access lists is carried out using access-list command.

(config)> acce
 access-list - configure network access lists
(config)> access-list
 Usage template:
 access-list {acl}
(config)> access-list test
 deny - add prohibitive rule
 permit - add permissive rule
(config)> access-list test pe
 permit - add permissive rule
(config)> access-list test permit
 Usage template:
 permit ((tcp | udp) {source} {source-mask} [port (lt | gt | eq)
 {source-port}] {destination} {destination-mask} [port (lt | gt
 | eq) {destination-port}]) | (icmp {source} {source-mask}
 {destination} {destination-mask}) | (ip {source} {source-mask}
 {destination} {destination-mask})
 Choose:
 tcp
 udp
 icmp
 ip

One can install an access list to the interface using ip access-group interface command.

(config-if)> ip access-group
 Usage template:
 access-group {acl} {direction}

Management of NAT/PAT translations is done using ip nat and ip static commands.

(config)> ip nat
 Usage template:
 nat (({address} {mask}) | {interface}) | vpn ...
 vpn - add NAT rule
 Choose:
 GigabitEthernet1
 ISP
 WifiMaster0/AccessPoint0
 AccessPoint
 WifiMaster0/AccessPoint1
 GuestWiFi
 WifiMaster0/AccessPoint2
 WifiMaster0/AccessPoint3
 WifiMaster0/WifiStation0
 WifiMaster1/AccessPoint0
 AccessPoint_5G
 WifiMaster1/WifiStation0
 GigabitEthernet0/Vlan1
 Bridge0
 Home
(config)> ip static
 Usage template:
 static [tcp | udp] ({interface} | ({address} {mask})) (({port}
 through {end-port} {to-address}) | ({port} {to-address} [{to-
 port}]) | {to-address})
 Choose:
 GigabitEthernet1
 ISP
 WifiMaster0/AccessPoint0
 AccessPoint
 WifiMaster0/AccessPoint1
 GuestWiFi
 WifiMaster0/AccessPoint2
 WifiMaster0/AccessPoint3
 WifiMaster0/WifiStation0
 WifiMaster1/AccessPoint0
 AccessPoint_5G
 WifiMaster1/WifiStation0
 GigabitEthernet0/Vlan1
 Bridge0
 Home

As a matter of course, the routers under review support static entries in the routing table. Their management is done using ip route command.

(config)> ip route
 Usage template:
 route (({network} {mask}) | {host} | default) (({gateway}
 [{interface}]) | {interface}) [auto] [{metric}]

The user can review the contents of a certain catalog using ls command, whilst more command displays the contents of a certain file (we have intentionally omitted the command output in our listing).

(config)> ls
 Usage template:
 ls [{directory}]
 Choose:
 ndm:
 flash:
 temp:
 proc:
 sys:
 storage:
 usb:
(config)> ls fla
 Usage template:
 ls [{directory}]
(config)> ls flash:
 rel: flash:
 entry, type = R:
 name: default-config
 size: 3315
 entry, type = R:
 name: firmware
 size: 11403324
 entry, type = R:
 name: startup-config
 size: 6064
(config)> more flash:default-config
! $$$ Model: ZyXEL Keenetic Giga III
! $$$ Version: 2.0
! $$$ Agent: default
system
 set net.ipv4.ip_forward 1
 set net.ipv4.tcp_fin_timeout 30
 set net.ipv4.tcp_keepalive_time 120
 set net.ipv4.netfilter.ip_conntrack_tcp_timeout_established 1200
 set net.ipv4.netfilter.ip_conntrack_max 16384
 set vm.swappiness 100
 set dev.usb.force_usb2 0
 hostname Keenetic_Giga
 clock timezone Moscow
 domainname WORKGROUP
!
ntp server 0.pool.ntp.org
ntp server 1.pool.ntp.org
ntp server 2.pool.ntp.org
ntp server 3.pool.ntp.org

Management of various auxiliary services is done using service command.

(config)> service
 dhcp - start DHCP service
 dns-proxy - enable DNS proxy
 igmp-proxy - enable IGMP proxy
 dhcp-relay - start DHCP relay service
 ftp - enable FTP server
 cifs - enable CIFS server
 dlna - enable DLNA server
 http - start Web interface
 telnet - start telnet service
 ntp-client - start NTP client
 upnp - start UPnP service
 torrent - start torrent service
 udpxy - enable udpxy
 kabinet - start Kabinet authenticator
 vpn-server - enable VPN server
 ipsec - enable IPsec
 cloud-control - enable cloud control service

Changing system operation parameters is done using system command.

(config)> sys
 system - maintenance functions
(config)> system
 reboot - restart the system
 set - adjust system settings
 button - setup system button functions
 hostname - set the host name
 clock - change system clock settings
 domainname - set the domain name
 configuration - manage system configuration
 log - manage system logging
 mount - mount USB disk partition
 drivers - manage kernel drivers
 swap - set swap area
 debug - enable system debug
 mode - select system operating mode
(config)> system con
 configuration - manage system configuration
(config)> system configuration
 save - save the system configuration asynchronously
 factory-reset - reset the system configuration to factory defaults

In order to get acquainted with the current device operation parameters one must use show command. For example, show interface command is used for displaying the information about all network interfaces.

(config)> show
 version - display firmware version
 system - display system status information
 drivers - view list of loaded kernel drivers
 processes - view list of running processes
 interface - display interface status
 dot1x - 802.1x supplicant status
 skydns - display SkyDns parameters
 log - display system log
 running-config - view running configuration
 ip - display IP parameters
 ppe - show "binded" PPE entries
 upnp - display UPnP rules
 ipsec - display internal IPsec status
 ftp - display FTP server status
 cifs - display cifs server status
 dlna - display DLNA server status
 torrent - display torrent service information
 vpn-server - show VPN server status
 cloud - display status of the cloud service
 ndns - show NDNS status
 easyconfig - display EasyConfig information
 dyndns - show DynDns profile status
 ping-check - show ping-check profile status
 site-survey - display available wireless networks
 associations - shows a list of associated wireless stations
 button - display system button information
 clock - display system clock information
 ntp - display NTP parameters
 schedule - display system environment
 crypto - display IPsec information
 usb - display USB device list
 printers - display attached printer list
 tags - show available authentication tags
 kabinet - display Kabinet authenticator parameters
 monitor - show monitor status
(config)> show ver
 release: v2.06(AAUW.6)A6
 arch: mips
 ndm:
 exact: 0-845e4dd
 cdate: 19 Nov 2015
 bsp:
 exact: 0-64572cb
 cdate: 19 Nov 2015
 ndw:
 version: 4.1.0.156
 features: wifi_button,wifi5ghz,usb_3,flexible_menu,
 emulate_firmware_progress
 components: cloud,ddns,dot1x,factory,fat,hfsplus,json,
 kabinet,miniupnpd,monitor,nathelper-ftp,nathelper-pptp,
 nathelper-sip,ntfs,ppe,ssl,trafficcontrol,usblte,
 usbserial,base,cifs,cloudcontrol,components,config-ap,
 config-client,config-repeater,corewireless,dhcpd,dlna,
 easyconfig,ftp,igmp,ipsec,l2tp,opkg,pingcheck,ppp,pppoe,
 pptp,skydns,storage,udpxy,usb,transmission,usbdsl,usbnet,
 usbmodem,ydns,vpnserver,base-l10n,printers,theme-ZyXEL-
 Intl,base-theme,sysmode,easyconfig-3.2,modems,base-ZyXEL-
 Intl,ispdb
 manufacturer: ZyXEL
 vendor: ZyXEL
 series: Keenetic series
 model: Keenetic
 hw_version: 80280000-D
 hw_id: kng_re
 device: Keenetic Giga III
 class: Internet Center
(config)> show sys
 hostname: Keenetic_Giga
 domainname: WORKGROUP
 cpuload: 0
 memory: 43000/262144
 swap: 0/0
 memtotal: 262144
 memfree: 195384
 membuffers: 5864
 memcache: 17896
 swaptotal: 0
 swapfree: 0
 uptime: 5822

The administrator can switch to the special show mode for facilitated operation with commands in show group.

(config)> show
(show)>
 version - display firmware version
 system - display system status information
 drivers - view list of loaded kernel drivers
 processes - view list of running processes
 interface - display interface status
 dot1x - 802.1x supplicant status
 skydns - display SkyDns parameters
 log - display system log
 running-config - view running configuration
 ip - display IP parameters
 ppe - show "binded" PPE entries
 upnp - display UPnP rules
 ipsec - display internal IPsec status
 ftp - display FTP server status
 cifs - display cifs server status
 dlna - display DLNA server status
 torrent - display torrent service information
 vpn-server - show VPN server status
 cloud - display status of the cloud service
 ndns - show NDNS status
 easyconfig - display EasyConfig information
 dyndns - show DynDns profile status
 ping-check - show ping-check profile status
 site-survey - display available wireless networks
 associations - shows a list of associated wireless stations
 button - display system button information
 clock - display system clock information
 ntp - display NTP parameters
 schedule - display system environment
 crypto - display IPsec information
 usb - display USB device list
 printers - display attached printer list
 tags - show available authentication tags
 kabinet - display Kabinet authenticator parameters
 monitor - show monitor status
(show)> button
 buttons:
 button, name = RESET:
 is_switch: no
 position: 2
 position_count: 2
 clicks: 0
 elapsed: 0
 hold_delay: 10000
 button, name = WLAN:
 is_switch: no
 position: 2
 position_count: 2
 clicks: 0
 elapsed: 0
 hold_delay: 3000
 button, name = FN1:
 is_switch: no
 position: 2
 position_count: 2
 clicks: 0
 elapsed: 0
 hold_delay: 3000
 button, name = FN2:
 is_switch: no
 position: 2
 position_count: 2
 clicks: 0
 elapsed: 0
 hold_delay: 3000

As a finishing touch we would like to add that the command line interface of ZyXEL equipment provides the administrators more capabilities than the web-interface. This way, for example, we could not configure static IPv6 addresses on LAN and WAN interfaces of the router, whilst it was really easy to do using the command line.

system
 set net.ipv6.conf.all.forwarding 1
interface GigabitEthernet1
 ipv6 address 2001:db8:1::1
 ipv6 prefix 2001:db8:1::/64
interface Bridge0
 ipv6 address 2001:db8:2::1
ipv6 route 2001:db8:1::/64 ISP
ipv6 route default 2001:db8:1::2

That's where we proceed to completion of the brief review of the command line capabilities of Keenetic series routers and pass on to testing the devices.

Testing

The first testing procedure we usually begin our testing section with is measuring the booting time of the device, which is a time interval starting with the moment when the power is on until the first echo reply is received through ICMP. ZyXEL Keenetic Giga III wireless router boots in 97 seconds, whilst Ultra II needs 119 seconds. We believe that these results are decent.

The second traditional test was a security scanning procedure, which has been carried out using Positive Technologies XSpider 7.8 (build 8.25.5.23382) network security scanner. At first we performed this measurement from the LAN interface and then from the WAN interface of the router. The most interesting data are presented below.

Before getting down to reviewing the performance test results of both routers we would like to mention the key specification of the test stand we used.

Component PC Notebook
Motherboard ASUS Maximus VI Extreme ASUS M60J
CPU Intel Core i7 4790K 4 GHz Intel Core i7 720QM 1.6 GHz
RAM DDR3 PC3-10700 SEC 32 Gbytes DDR3 PC3-10700 SEC 16 Gbytes
NIC Intel PRO/1000 PT
ASUS PCE-AC68
Atheros AR8131
OS Windows 7 x64 SP1 Rus Windows 7 x64 SP1 Rus

We decided to start the performance tests with measuring the user data transmission speed upon performing translation of network addresses (NAT/PAT) by the router. Results of the measurements for both models are presented on the diagrams below. The tests were carried out with 1, 5, and 15 concurrent TCP sessions. In order to test the devices we used JPERF utility, 2.0.2 version.

ZyXEL Keenetic Giga III and Ultra II support operation not only with the current IP version, IPv4, but also with the new one, IPv6. Routing speeds for IPv6 are presented on the diagrams below.

Probably one of the most interesting tests for Internet users from the post-Soviet bloc countries is measuring the data transfer speeds upon using VPN. Tunnel connections are still popular among the Russian service providers so far.  Fortunately, recently some companies tend to use IPoE, which means refusal to use PPPoE/PPTP/L2TP tunnels for providing  of access to the Internet, but there's still a lot left to do. On the diagrams below one can see user data transfer speeds upon using a common and encrypted PPTP connection. We were pleasantly surprised with the obtained speeds upon using PPTP without encryption.

ZyXEL Keenetic Giga III and Ultra II wireless routers possess a built-in PPTP server; its performance is presented on the diagrams below. It turned out that the performance of this service is limited at 100 Mbps.

PPTP is not the only tunnel protocol supported by the routers under review. It's quite unusual to discover support of IPSec in SOHO devices. We connected Giga III to Ultra II, created an IPSec tunnel and made the measurements in two modes: upon usage of the less cryptosecure and more cryptosecure algorithms (DES and AES).

The vendor informed us that currently IPSec tunnels have neither software nor hardware acceleration, but the work on optimizing the cryptographic module goes at full tilt. When this article was almost finished, we received a new beta firmware version that supports acceleration of IPSec tunnels. The diagram presented below shows the performance results of the new cryptomodule version. The device performance increased by four times. We hope that the updated cryptomodule will become available for common users of ZyXEL equipment in the nearest future.

We reviewed the CPU utilization on both of the devices upon performing this test. In this case the IPSec tunnel performance is limited only by the capabilities of the less powerful device of the two, Giga III. That's why we tend to believe that the received speeds may be quite higher upon establishing an IPSec connection between two Ultra II routers.

One of the most anticipated tests was measuring the wireless module performance upon operation of the devices in the access point mode. These measurements were carried out for both wireless frequency ranges. Upon designing these models ZyXEL company didn't strive after the highest theoretically possible wireless network speeds rather than after the stable operation of the router wireless module.

Apart from operating as the access point, these devices can perform functions of a wireless client. However, this way the transfer speeds will become much lower, which is probably associated with the absence of 802.11AC support in this mode.

Both models under review have USB ports. Naturally, we just couldn't help but connect our external 256 GByte Transcend TS256GESD400K SSD to the routers. We used Intel NASPT utility, version 1.7.1, in order to test the access speeds to the data located on the external data carrier.

Another interesting capability that wireless routers by ZyXEL company are fitted with is rate-limiting of the user traffic, called shaper . Giga III and Ultra II models let one rate-limit a certain host in the local network. And it's not important at all what connection, wired or wireless, this host has. On the diagram below one can see a comparison between the configured and received speeds. Looking at the diagram we can see that the highest possible speed that can be limited is about 200 Mbps. We believe that a need to limit the speed of this or that user at high values is not the most necessary thing for the administrator.

It should be mentioned separately that we haven't noticed any significant influence of this feature on  the data transfer speeds by other hosts in the local network.

Apart from the limitations that may be applied to certain hosts, the administrator can rate-limit all devices located in the guest wireless network. As a matter of course, we couldn't help but test this capability. We used ten simultaneous TCP connections in this and previous tests.

We measured the device case temperature of both models using our ADA TempPro-2200 laboratory pyrometer upon performing the performance test. The highest temperature of Giga III case was 41.1°С, whilst Ultra II device warmed up to 44.1°С. We consider the received temperature values quite decent.

ZyXEL wireless routers can capture packets that they forward. This functionality may become necessary for, say, troubleshooting the connection to the service provider or when certain applications in the network may be functioning incorrectly. Naturally, the applications are not limited by these two examples we provided above. We decided to find out how this feature works. By using Packets capture feature one can save traffic locally on the router without using any kind of a dedicated host. Obviously, if it's necessary to save a large number of network packets, an external drive will need to be connected to the router. Management of the traffic capturing is done using Packets capture tab, System menu. One will need to create a corresponding rule to launch the packet capture.

Once the rule has been created, the administrator will need to launch the packet capture process.

Files containing the captured packets may be saved on the administrator's computer for further analysis using, for example, Wireshark.

Unfortunately, we haven't found the capability that lets one launch capturing according to the schedule or event. We believe that a feature like this would be quite sought-after.

That's where we draw the testing chapter to a close and move on to summing it all up.

Conclusion

ZyXEL company prefers calling their devices Internet centres, but our test lab is somewhat conservative and still tends to consider devices like these as wireless routers. We are quite glad about the models we tested, ZyXEL Keenetic Giga III and Ultra II, that have stable operation and high user data transfer speeds. Flexibility in network interface configuration is a really remarkable point of these devices. All of this makes us believe that our first meeting and getting acquainted with the wireless equipment by ZyXEL turned out to be successful. We cannot recommend ZyXEL Keenetic Giga III and Ultra II to hardware geeks and IT enthusiasts who would like to receive the highest possible wireless speeds, but these devices will be great at dealing with the tasks of the majority of common users.

Among the strength areas of ZyXEL Keenetic Giga III and Ultra II wireless routers are the following.

  • A high data transmission speed via PPTP/L2TP/PPPoE tunnels
  • Support of IPv6
  • Very flexible configuration of network interfaces
  • Possibility of connection to the existing wireless networks
  • Support of IPSec tunnels
  • Ability to rate-limit the user traffic

Unfortunately, we cannot help but mention certain drawbacks we have discovered.

  • Currently the performance of the built-in PPTP server is capped at 100 Mbps
  • Not really high device operation speeds in the wireless client mode

As of when this article was being written, the average price for a ZyXEL Keenetic Giga III wireless router in Moscow online shops was 7170 roubles, whilst Ultra II model cost 9090 roubles.

Budget-priced ASUS RT-N11P Wireless Router

Introduction

External design and hardware

Firmware update

Web-interface

Command line interface

Testing

Conclusion

Introduction

Lately ASUS company has been providing our test lab with all its flagship devices, top-class wireless routers, and it really became some kind of a tradition. Obviously, we are glad about this opportunity to test every fastest and newest device by this vendor meant for use by experts or maximalists who want to have only the best of the best. Unfortunately, not all users can afford to buy equipment like this and there are even cases when it's not necessary at all. Actually, ASUS produces budget-priced router models for common users of the Internet and one of them, RT-N11P, will be tested by our lab today. This model will not show record-high data transmission speeds but it will still be able to meet the needs of the majority of common users without effort. Well, let's not linger any more and pass directly to reviewing it!

External design and hardware

RT-N11P wireless router comes in a black plastic case, which became really typical for ASUS telecommunications equipment. The device case has dimensions of 146х111х24 mm (not including the antennae) and weights 180 grams. To work properly it needs an external power unit with the following characteristics: 12V and 0.5А.

There are four LEDs located on the device upper panel: Power, Wi-Fi, WAN, and LAN. It's worth mentioning that RT-N11P doesn't have a separate LED for every LAN port. Instead of it, LAN LED shows the presence of at least one wireless connection to the device from the user local network. Also, the upper panel of the device has a brand tag, model name, and device characteristics.

Front and side panels are not remarkable at all and there is only a ventilation grate located on their sides. We should probably point out that the device barely heats up upon functioning and that's why it wasn't necessary to place larger ventilation grates since the maximum dissipated power of the device doesn't exceed 6W.

The bottom side has four rubber legs used for table mounting of the device. Apart from it, RT-N11P can also be fastened onto the wall and therefore it has two mounting holes located on its bottom side. A sticker with the brief information about the model and a ventilation grate are located here, too.

The rear panel has five Fast Ethernet ports with two contact pairs, socket used for connection of an external power source, ON/OFF button, WPS and Reset buttons, and two nondetachable external antennae. We believe that ON/OFF button was placed in a wrong place, between the antennae and PSU plug, since it is really difficult to reach it with standard men fingers.

Now let's have a look at the insides of the case. The electronic stuffing of ASUS RT-N11P budget-priced wireless router is one green textolite card which has all essential elements located on one of its sides. The system is powered by MediaTek MT7620N SoC CPU. ESMT M12L2561616A module with the size of 32 Mbytes performs function of the RAM.

Now let's pass on to examining of the software capabilities of the router.

Firmware upgrade

Firmware upgrade process may be carried out both in manual and semi-automatic mode. One must enter Firmware Upgrade tab, Administration menu item, in order to upgrade the firmware. The whole upgrade procedure takes about three minutes not considering the firmware download time from the vendor's website.

The vendor recommends resetting the user settings to default and adjust all of them manually once again after every firmware upgrade.

In case of a failure during the firmware upgrade process of RT-N11P, the router changes for the rescue mode during which the power indicators on the device upper panel will start slowly flashing. It'd be fair to mention that the administrator can manually switch the router over to the rescue mode. To do that s/he only needs to hold WPS/Reset button while the device is booting.

To restore the firmware one must use a single-purpose utility called Firmware Restoration, which is included in the utility kit for this router. Firmware Restoration will automatically detect the failing router and upload the firmware. The whole restoration process takes about three minutes.

The administrator can restore the firmware in the manual mode using TFTP too. We connected our test PC to one of the router LAN ports and assigned it address from the network 192.168.1.0/24, whilst the RT-N11P LAN port used 192.168.1.1 address. We tried to upload the firmware to the device using TFTP client built in Windows OS. Transmission of the firmware file failed, but Wireshark network traffic analyzer displayed several ARP requests sent by the router about 192.168.1.75 address.

We changed the IP address of the test PC to 192.168.1.75 and then made a successful transfer of the firmware using TFTP.

C:\>tftp -i 192.168.1.1 put c:\FW_RT_N11P_30043763754.trx
Transfer successful: 5862200 bytes in 4 second(s), 1465550 bytes/s

It's worth mentioning that ASUS RT-N11P wireless router is also supported by third-party developers who make alternative firmware versions. An example of such support is a project by Padavan developer. Obviously, we just couldn't help but review this alternative firmware that one can install using standard firmware upgrade mechanisms explained above.

Unfortunately, the system resources of the router under review are humble and that's why the developers could not simply add new features, they had to delete something. Among the deleted features of the original firmware there are: AiCloud and DualWAN support and adjustment of QoS using the web-interface. Instead of this, the users were granted with the following capabilities: support of OpenVPN and L2TP, advanced adjustment of the wired ports and wireless interface, possibility of writing proprietary scripts that are launched upon booting or when certain events are to happen.

One can change back to the original firmware version using Firmware Upgrade tab, Administration menu item, Advanced Settings menu.

That is where we bring the review of the methods of firmware upgrade and restoration process of ASUS RT-N11P to a conclusion and pass on to examining its web-interface capabilities.

Web-interface

This time we will not review the device web-interface capabilities in detail. Instead of it, we will focus on the new, updated, or simply interesting features. The device web-interface is available in 22 languages.

Since the wireless module used in RT-N11P model supports only one frequency range, 2.4 GHz, therefore the device under review allows the users to create up to three guest wireless networks in this range via Guest network menu item.

Connection menu item, WAN menu, contains a new feature called Extend the TTL value that allows for connection of ASUS wireless routers to networks of the providers that prohibit the usage of routers and try to get rid of them by decreasing TTL field value in the packets that are transmitted to the client's equipment. We will expound more on that feature in the testing section of this review.

ASUS RT-N11P can also act as a VPN server or VPN client. Unfortunately, due to the device limited resources only PPTP is supported. These settings are available in VPN menu item.

Also, we just can't help but mention the availability of IPv6 traffic filtration using IPv6 Firewall tab, Firewall menu.

Another feature that drew our attention to it was Enable WAN down browser redirect notice located in System tab, Administration menu. Using this feature the administrator can manage the router in case of a WAN interface failure. Upon its enabling RT-N11P shows the users a page that informs them about the channel failure instead of a common browser message about the unavailability of the resource.

When this article had already been finished, we received a newer firmware version from the vendor that included support of Yandex.DNS. What's the point of this kind of support? The wireless router administrator selects the security mode for every particular device (using the MAC address) in the network as well as the common rule for all the other devices that are not included in the list. Every client device is assigned a certain level of security/access. This way all DNS queries from children-friendly devices about malware or adult website are blocked. Also, any DNS queries to external servers using standard ports are blocked in order to be able to deny access to DNS servers without such protection. The applicable settings are located in Yandex.DNS tab, Parental Control menu item.

We'll test and describe this feature in more detail after it will be officially added to the firmwares.

That is where we bring a brief review of new and interesting capabilities of the device web-interface to a conclusion and pass on to examining capabilities of its command line.

Command line interface

Managing the access to the command line is performed using System tab, Administration menu item in the web-interface.

In order to access the command line one must use the same log-on information as for the connection to the device web-interface. BusyBox 1.17.4 library is installed in Linux 2.6.36 on ASUS RT-N11P router.

RT-N11P login: admin
Password:
ASUSWRT RT-N11P_3.0.0.4 Sat Jan 10 19:28:34 UTC 2015
admin@RT-N11P:/tmp/home/root# cd /
admin@RT-N11P:/# uname -a
Linux RT-N11P 2.6.36 #1 Sun Jan 11 03:31:42 CST 2015 mips GNU/Linux
admin@RT-N11P:/# busybox
BusyBox v1.17.4 (2015-01-11 03:28:33 CST) multi-call binary.
Copyright (C) 1998-2009 Erik Andersen, Rob Landley, Denys Vlasenko
and others. Licensed under GPLv2.
See source distribution for full notice.
Usage: busybox [function] [arguments]...
or: function [arguments]...
BusyBox is a multi-call binary that combines many common Unix
utilities into a single executable. Most people will create a
link to busybox for each function they wish to use and BusyBox
will act like whatever it was invoked as.
Currently defined functions:
[, [[, arp, ash, cat, chmod, chown, chpasswd, cmp, cp, date, dd, df, dirname, dmesg, echo, egrep, env,
ether-wake, expr, fgrep, find, free, grep, gunzip, ifconfig, insmod, ionice, kill, killall, klogd, ln, logger,
login, ls, lsmod, mdev, mkdir, mknod, modprobe, more, mount, mv, netstat, nice, nohup, nslookup, pidof, ping,
ping6, printf, ps, pwd, readlink, renice, rm, rmdir, rmmod, route, sed, sh, sleep, sort, strings, sync,
syslogd, tar, telnetd, test, top, touch, tr, traceroute, traceroute6, udhcpc, umount, uname, uptime, usleep,
vconfig, vi, watch, wget, which, zcat, zcip

Let's see what processes are currently running on the device using ps command. By using top utility one can obtain information on the current activity of the launched processes.

admin@RT-N11P:/# ps
PID USER VSZ STAT COMMAND
1 admin 3656 S /sbin/init
2 admin 0 SW [kthreadd]
3 admin 0 SW [ksoftirqd/0]
4 admin 0 SW [kworker/0:0]
5 admin 0 SW [kworker/u:0]
6 admin 0 SW< [khelper]
7 admin 0 SW [sync_supers]
8 admin 0 SW [bdi-default]
9 admin 0 SW< [kintegrityd]
10 admin 0 SW< [kblockd]
11 admin 0 SW [kswapd0]
12 admin 0 SW [fsnotify_mark]
13 admin 0 SW< [crypto]
17 admin 0 SW [mtdblock0]
18 admin 0 SW [mtdblock1]
19 admin 0 SW [mtdblock2]
20 admin 0 SW [mtdblock3]
21 admin 0 SW [mtdblock4]
22 admin 0 SW [mtdblock5]
23 admin 0 SW [kworker/u:1]
30 admin 0 SW [kworker/0:1]
41 admin 644 S hotplug2 --persistent --no-coldplug
78 admin 3644 S console
79 admin 1168 S /bin/sh
118 admin 0 SW [RtmpCmdQTask]
119 admin 0 SW [RtmpWscTask]
145 admin 3652 S /sbin/wanduck
152 admin 3652 S wpsaide
156 nobody 964 S dnsmasq --log-async
157 admin 3652 S ntp
166 admin 1048 S /usr/sbin/infosvr br0
167 admin 1140 S networkmap --bootwait
169 admin 3652 S watchdog
173 admin 1256 S rstats
178 admin 3652 S ots
182 admin 1140 S lld2d br0
250 admin 736 S miniupnpd -f /etc/upnp/config
450 admin 1152 S syslogd -m 0 -S -O /tmp/syslog.log -s 256 -l 6
452 admin 1152 S /sbin/klogd
459 admin 3712 S httpd
460 admin 3448 S httpd -s -p 8443
463 admin 1156 S telnetd
497 admin 1176 S -sh
502 admin 1156 R ps
admin@RT-N11P:/#top
Mem: 25020K used, 4636K free, 0K shrd, 2268K buff, 7348K cached
CPU: 0% usr 0% sys 0% nic 100% idle 0% io 0% irq 0% sirq
Load average: 0.03 0.05 0.01 1/44 503
PID PPID USER STAT VSZ %MEM %CPU COMMAND
503 497 admin R 1156 4% 0% top
459 1 admin S 3712 12% 0% httpd
1 0 admin S 3656 12% 0% /sbin/init
169 1 admin S 3652 12% 0% watchdog
178 169 admin S 3652 12% 0% ots
145 1 admin S 3652 12% 0% /sbin/wanduck
152 1 admin S 3652 12% 0% wpsaide
157 1 admin S 3652 12% 0% ntp
78 1 admin S 3644 12% 0% console
460 1 admin S 3448 12% 0% httpd -s -p 8443
173 1 admin S 1256 4% 0% rstats
497 463 admin S 1176 4% 0% -sh
79 78 admin S 1168 4% 0% /bin/sh
463 1 admin S 1156 4% 0% telnetd
452 1 admin S 1152 4% 0% /sbin/klogd
450 1 admin S 1152 4% 0% syslogd -m 0 -S -O /tmp/syslog.log -s 256 -l 6
167 1 admin S 1140 4% 0% networkmap --bootwait
182 1 admin S 1140 4% 0% lld2d br0
166 1 admin S 1048 4% 0% /usr/sbin/infosvr br0
156 1 nobody S 964 3% 0% dnsmasq --log-async
250 1 admin S 736 2% 0% miniupnpd -f /etc/upnp/config
41 1 admin S 644 2% 0% hotplug2 --persistent --no-coldplug
21 2 admin SW 0 0% 0% [mtdblock4]
3 2 admin SW 0 0% 0% [ksoftirqd/0]
23 2 admin SW 0 0% 0% [kworker/u:1]
8 2 admin SW 0 0% 0% [bdi-default]
12 2 admin SW 0 0% 0% [fsnotify_mark]
6 2 admin SW< 0 0% 0% [khelper]
19 2 admin SW 0 0% 0% [mtdblock2]
13 2 admin SW< 0 0% 0% [crypto]
5 2 admin SW 0 0% 0% [kworker/u:0]
22 2 admin SW 0 0% 0% [mtdblock5]
7 2 admin SW 0 0% 0% [sync_supers]
30 2 admin SW 0 0% 0% [kworker/0:1]
9 2 admin SW< 0 0% 0% [kintegrityd]
10 2 admin SW< 0 0% 0% [kblockd]
11 2 admin SW 0 0% 0% [kswapd0]
118 2 admin SW 0 0% 0% [RtmpCmdQTask]
119 2 admin SW 0 0% 0% [RtmpWscTask]
17 2 admin SW 0 0% 0% [mtdblock0]
18 2 admin SW 0 0% 0% [mtdblock1]
2 0 admin SW 0 0% 0% [kthreadd]
20 2 admin SW 0 0% 0% [mtdblock3]
4 2 admin SW 0 0% 0% [kworker/0:0]

Now let's turn to /proc catalogue to view its contents and find out the system uptime, its average utilisation, information on the CPU installed, and the amount of RAM. Actually, system uptime and average system utilisation can also be learnt using uptime command.

admin@RT-N11P:/# cd /proc
admin@RT-N11P:/proc# ls
1 169 3 7 execdomains meminfo sys
10 17 30 78 filesystems misc sysrq-trigger
11 173 4 79 fs modules sysvipc
118 178 41 8 interrupts mounts timer_list
119 18 450 9 iomem mt7620 tty
12 182 452 buddyinfo ioports mtd uptime
13 19 459 bus irq net version
145 2 460 cmdline kcore nvram vmallocinfo
152 20 463 cpuinfo kmsg pagetypeinfo vmstat
156 21 497 crypto kpagecount partitions zoneinfo
157 22 5 devices kpageflags self
166 23 588 diskstats loadavg softirqs
167 250 6 driver locks stat
admin@RT-N11P:/proc# cat uptime
5911.02 5866.06
admin@RT-N11P:/proc# cat loadavg
0.00 0.02 0.00 1/44 590
admin@RT-N11P:/proc# cat cpuinfo
system type : Ralink SoC
processor : 0
cpu model : MIPS 24Kc V5.0
BogoMIPS : 386.04
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
ASEs implemented : mips16 dsp
shadow register sets : 1
core : 0
VCED exceptions : not available
VCEI exceptions : not available
admin@RT-N11P:/proc# cat meminfo
MemTotal: 29656 kB
MemFree: 4252 kB
Buffers: 2376 kB
Cached: 7528 kB
SwapCached: 0 kB
Active: 9020 kB
Inactive: 4324 kB
Active(anon): 3540 kB
Inactive(anon): 168 kB
Active(file): 5480 kB
Inactive(file): 4156 kB
Unevictable: 0 kB
Mlocked: 0 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 0 kB
Writeback: 0 kB
AnonPages: 3448 kB
Mapped: 2272 kB
Shmem: 268 kB
Slab: 7588 kB
SReclaimable: 1808 kB
SUnreclaim: 5780 kB
KernelStack: 352 kB
PageTables: 292 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 14828 kB
Committed_AS: 7992 kB
VmallocTotal: 1048372 kB
VmallocUsed: 3372 kB
VmallocChunk: 1040816 kB
admin@RT-N11P:/proc# uptime
04:38:51 up 1:38, load average: 0.00, 0.01, 0.00

Contents of /bin, /sbin, /usr/bin, and /usr/sbin catalogs, as well as the output of sysinfo utility, are located in a separate file.

We can't help to mention nvram utility that allows changing certain important device operation parameters.

admin@RT-N11P:/# nvram
usage: nvram [get name] [set name=value] [unset name] [show] [save file] [restore file]
admin@RT-N11P:/# nvram show | grep admin
http_username=admin
http_passwd=admin
size: 15965 bytes (45475 left)

That is where we bring a brief review of the router command line to a conclusion and pass directly on to testing it.

Testing

According to our long-standing tradition, we usually begin our testing section with is estimating the booting time of the device, which is a time interval starting with the moment when the power is on until the first echo reply is received through ICMP. ASUS RT-N11P wireless router boots in 26 seconds. We believe that the result is decent.

The second traditional test was a security scanning procedure, which has been carried out using Positive Technologies XSpider 7.7 (Demo build 3100) utility. On the whole, there were six open ports discovered. The most interesting data are presented below.

Before getting down to performance tests, we decided to fulfill the promise we gave in one of the previous sections of this review and test Extend the TTL value feature. The scheme presented below shows an example of typical connection of the user to the service provider. Let's suppose that the client (the client's PC address is 192.168.1.2) addressed one of the public web-servers with 2.16.66.181 address. The client uses RT-N11P with the following addresses on LAN and WAN ports: 192.168.1.1 and 203.0.113.2. The scheme below shows the packets containing the replies of the DNS server. Let's suppose that a packet has TTL=100 on the channel between the service provider and the router. Upon being transmitted through RT-N11P the receiver's address is translated (NAT/PAT) and the value of TTL field is being decremented. The actions explained above are the part of the standard behaviour of the router.

In case the service provider especially decreases the TTL field value to 1 in this or that way upon transmitting the packet, this packet will be discarded by the client's router, or in other words won't be transmitted towards the PC. That's how the protection against the dishonest users that certain providers utilize is realized. Usage of Extend the TTL value feature lets one change the router's behaviour. It's worth mentioning that this feature doesn't influence the transmitted packets that have the value of TTL field of more than 1. If the incoming packet has TTL=1, the router assigns the TTL field value 64 and then performs a set of standard actions: NAT/PAT and TTL decrementing. The above-mentioned set of actions is presented on the scheme below.

Unfortunately, we didn't find this kind of a smart service provider and therefore in order to test Extend the TTL value feature we simply used two PCs connected to the LAN and WAN ports of the router. On one of the test PCs, which has been connected to the WAN port (or server from now on), we decreased the standard TTL value for all sent packets to 1 in the way as it's shown on the picture below.

Packet capturing using Wireshark utility let us make sure that the packets sent from our so-to-say server really had the TTL field value 1, whilst packets that so-to-say client received had TTL=63. An example of such packet is presented below.

Let's now pass on to throughput tests of ASUS RT-N11P wireless router. Primary specifications of the test stand we used are presented below.

Component PC Notebook
Motherboard ASUS Maximus VI Extreme ASUS M60J
CPU Intel Core i7 4790K 4 GHz Intel Core i7 720QM 1.6 GHz
RAM DDR3 PC3-10700 SEC 32 Gbytes DDR3 PC3-10700 SEC 16 Gbytes
NIC Intel PRO/1000 PT
ASUS PCE-AC68
Atheros AR8131
OS Windows 7 x64 SP1 Rus Windows 7 x64 SP1 Rus

The first thing we decided to begin with was measuring user data transmission speeds upon execution of NAT/PAT as well as with and without hardware acceleration.

Also, we decided to measure the device performance upon executing common routing (without translations).

Since ASUS RT-N11P wireless router supports operation not only with IPv4, but with IPv6 too, we decided to find out with what speed the user data would be transmitted upon using IPv6.

Neither have we overlooked the feature of getting connected to the provider using PPTP that this device supports. It's worth noticing that both encrypted and unencrypted tunnels are supported.

ASUS RT-N11P offers the wireless users a capability of connection in 2.4GHz frequency range; it's performance is presented on the diagram below.

That's where we draw the testing chapter to a close and move on to summing it all up.

Conclusion

Generally, we are quite glad about ASUS RT-N11P wireless router, which is considered budget-priced, we have tested. Support of PPTP connection to the service provider at high speeds will be sought-after by many users in Russia and ex-Soviet countries. In Europe and the US the PPTP performance may come in really handy in case if the employee is being connected to the enterprise network remotely. Capabilities and performance of the device are more than enough for the majority of common users, whilst low price makes RT-N11P model really attractive for the end user.

The strength areas of ASUS RT-N11P wireless router are presented below.

  • Good routing speeds
  • Support of up to three guest networks
  • Good device performance upon operation with PPTP connection to the service provider
  • A built-in client and VPN server (only for PPTP)
  • Support of IPv6
  • Small size
  • Availability of Extend the TTL value feature
  • Support of parental control powered by Yandex.DNS
  • Availability of alternative firmware
  • Competitive price

Unfortunately, we cannot help to mention some of its drawbacks.

  • The Russian language web-interface is a bit unstable and runs beyond the screen
  • The web-interface is not completely translated

As of when this article was being written, the average price for ASUS RT-N11P in Moscow online shops was 1620 roubles.

Performance of ASUS RT-N11P wireless router together with its retail price made us title it as the Editor's choice device.

NETGEAR R7500

Introduction

External design and hardware

Firmware upgrade and additional utilities

Web-interface

Testing

Conclusion

Introduction

The devices of NETGEAR company are frequent visitors in our laboratory. Today we have one of the top models of the vendor – R7500, which operates simultaneously under two wireless frequency ranges: 2.4 and 5 GHz. In addition, NETGEAR R7500 supports the draft of IEEE 802.11ac standard. The maximum theoretical wireless transmission rate is 2,33 Gbps. In this review we will try to find out what real throughput rates will be available for users of the device.

External design and hardware

Seemingly massive case of the device, which dimensions are 285x184.5x50 mm, is made of black mat plastic. Best of all, the appearance of R7500 resembles a bonnet of a sports car. For operation the device requires an external power adapter (included in the box) with the following characteristics: 12V and 5A.

At the top surface of the router there are bright multifunctional light-emitting diodes, informing a user about a current state of the device. For the convenience of controlling the ON/OFF Wi-Fi and WPS buttons are also situated here. Apart from that, the name of the vendor is imposed on the upper side as well.

A considerable part of the bottom of the router appears to be a ventilation grating. Four rubber stands and a sticker with brief information about the device are also placed here.

The rear panel of R7500 has an ON/OFF button, a connector for external power adapter (included in the box), four LAN-ports and one WAN port. Connectors for external antennas, recessed Reset button and a switch of LED light are also situated here.

The vendor placed eSATA port at the right side of the device, whereas two USB 3.0 ports – at the left. In addition, there are connectors for antennas at the both sides. It is worth mentioning that we didn’t face any difficulties with connecting USB-drives – disposition of ports is very convenient.

Unfortunately, there are no electronic components available for viewing – all of them are concealed under metal screens. Under the whole upper panel of R7500 there is a metal screen adjoined to screens and used for cooling down.

Now, let’s turn to software of the device.

Firmware upgrade and additional utilities

To upgrade firmware one should refer to «FIRMWARE UPDATE» item of the «ADMINISTRATION» group in «ADVANCED» section. Changing the firmware version is possible in two modes: semiautomatic and manual. In the first case R7500 will check the available updates in the Internet, in the other mode administrator will have to upload the file with firmware sample manually onto the device.

Several additional utilities aimed to simplify the process of network administration are suggested to owners of the device. One of them is NETGEAR genie – an application for mobile devices which helps to execute most frequently used options.

NETGEAR ReadyShare utilities provide a user with additional ways of using home network: connecting USB flash drives and printers, backing up, along with an opportunity to create personal cloud.

Now we will move on to reviewing the features of web-interface.

Web-interface

Web-interface of the devices of NETGEAR company is well-known to our readers, that’s why we won’t take long covering familiar points and will focus our attention on new capabilities of the presented model.

An access to the web-interface can be gained via name routerlogin.net or address 192.168.1.1. To log in a user has to enter login information, after that s/he gets on the start page of the device, which interface is available in 22 languages.

All the settings are located in two sections: «BASIC» and «ADVANCED». The first one contains the information about the state of the device, Internet-connection manager, Wi-Fi networks, etc. Configuring of a guest network or an access to USB storage can be performed in this section as well.

The points «SETUP WIZARD» and «WPS WIZARD», situated in «ADVANCED» section, are intended for automating the process of connection to the global network and for the process of connecting new clients to wireless network correspondingly. It should be noted that in the interface of the device both physical and software WPS buttons are implemented.

The group «SETUP» gives an opportunity of detailed configuring of WAN-port, local network and QoS.

In «READYSHARE» group there are advances access settings to USB-drive. There you can also enable a media server to access multimedia data and set up a network printer. «READYSHARE VAULT» is an interesting option allowing backing up at PCs with Microsoft Windows.

To activate blocking of sites and services one should choose «SECURITY» group.

The group «ADMINISTRATION» offers opportunities of managing the device itself: router status, backup settings and firmware update.

In «ADVANCED SETUP» group a user can turn on DDNS, indicate static routes, enable VPN and many other things. The last option appeared to be of a peculiar interest for us – Facebook Wi-Fi, which allows setting up redirection to the page in a social network of the same name when connected to a guest SSID. However, this option is still in the testing stage and will be unavailable for general users for some time (the point «Facebook Wi-Fi» is absent in the firmware versions relevant at the moment of writing these lines). We will also put off its detailed reviewing for the time being.

Here we come to an end of our short review of possibilities of R7500 web-interface and pass directly on testing.

Testing

Traditionally we begin our testing section with determining the boot time of the device – the time interval between the moment of power connection and the first return of ICMP echo-response. The examined router replied to our echo-request in 50 seconds after being switched on, whereas the power LED changed its colour from red to white only in 2 minutes and 7 seconds.

After that we proceed with security checking. As usual network security scanner Positive Technologies XSpider 7.7 (Demo Build 3100) is used. NETGEAR R7500 showed not bad results: only DNS service appeared to be theoretically vulnerable.

The performance tests are carried out with the stand with the following characteristics:

Component PC Notebook
Motherboard ASUS Maximus VI Extreme ASUS M60J
CPU Intel Core i7 4790K 4 GHz Intel Core i7 720QM 1.6 GHz
RAM DDR3 PC3-10700 SEC 16 Gbyte DDR3 PC3-10700 SEC 8 Gbyte
NIC Intel PRO/1000 PT
ASUS PCE-AC68
Atheros AR8131
Operating system Windows 7 x64 SP1 Rus Windows 7 x64 SP1 Rus

For a start let’s determine the performance of IPv4 routing upon carrying out of NAT/PAT translations and the speed of IPv6 routing for one, five and fifteen simultaneous TCP connections.

Having enabled IPv6 support, we found out that the dynamic routing protocol RIPng was used, which was rather unexpectedly for the devices of such kind.

Connection to the provider can be established via tunnels. One of the variants of connecting is using PPTP tunnel, which performance is shown in the diagram below.

Wireless router NETGEAR R7500 has a built-in VPN-server of OVPN protocol, providing user’s data transmission speed about 40 Mbps. When the tunnel on the basis of OVPN was tested software data compressing was used, therefore the obtained result appears to be quite relative as it depends on the type of transmitted data.

To test the speed of operation of the device as a network storage we connected an external drive Transcend StoreJet 25M3 with the capacity of 750 Gbyte, which formatted into FAT32, NTFS and EXT2/3, to USB3.0 port. The test results are presented below.

By the time this review had been finished, we got a new version of firmware 1.0.0.68, one of the changes in this version was the increase of the access speed to files stored at external hard disk. Naturally, we couldn’t help repeating the examination of the speeds of file access with the new firmware. As it can be seen from the diagram below, in some tests the increase in performance of the device was really detected, however, using other access types the speed, on the contrary, fell slightly.

At last, we tested a wireless segment. As a client’s wireless network interface card ASUS PCE-AC68 was used.

We used ASUS RT-AC87U router as a client’s device for testing NETGEAR R7500 in a «wireless bridge» mode.

We finish the testing section here and pass over to conclusion.

Conclusion

All in all, we are satisfied with the examined wireless router NETGEAR R7500, which has support of IPv6 protocol, the draft of IEEE 802.11ac standard (AC2400). It is worth mentioning the capability of the device to function as a file server in a local network.

The strong points of NETGEAR R7500 router are listed below.

  • Excellent data transmission speeds through a wireless network.
  • IPv6 protocol support.
  • Good access speeds to external drives.
  • Support of two wireless ranges.
  • Availability of two USB3.0 ports.
  • Good data transmission speeds via PPTP tunnel.

Unfortunately, we cannot but point out the disadvantages as well.

  • Relatively high price.
  • Absence of encrypted PPTP tunnels support.

At the moment of writing this review a wireless router NETGEAR R7500 wasn’t in the market in Russia, that’s why it was premature to cover a price question. In the USA the price for this model amounts not less than $300.

ASUS RT-AC87U

Introduction

External design and hardware

Firmware upgrade and setting-up procedures

Web-interface

Command line

Testing

Conclusion

Introduction

We couldn't yet get accustomed to the speeds of wireless routers that support AC1900 when ASUS company surprised us with a new router, RT-AC87U, with support of AC2400, which allows for raising the level of wireless speeds up to staggering 2334 Mbps. In this review we will try to find out what are the real speeds available to the users of this wireless router.

External design and hardware

ASUS RT-AC87U wireless router comes in a black plastic case, which is really typical for this kind of devices. The only nontypical thing in it is its size and weight: 290x168x48 mm and 747 grammes. To work properly the device needs an external power unit (included in the box) with the following characteristics: 19V and 2,37А.

On the upper surface there is a 3D brand tag as well as subscriptions to the device status LEDs located on the edge between the front and upper panels.

Side panels are not remarkable at all and there is only a ventilation grate located on them.

The front panel of the model under review has two buttons located on it: LED and Wi-Fi, which are used for enabling/disabling LEDs and Wi-Fi, respectively. Apart from it there is a USB 3.0 port hidden behind a special plate.

The bottom side has four rubber legs used for desktop mounting of the device. ASUS RT-AC87U can also be hanged onto the wall and therefore it has two mounting holes located on its bottom side. A sticker with the brief information about the model and a ventilation grate are located here, too.

The rear panel has sockets used for connection of four external antennae, power socket with a power ON/OFF button, WPS and Reset buttons, and five Gigabit Ethernet interfaces (four LAN and one WAN ports).

Now let's have a look at the insides of the ASUS RT-AC87U case. The electronic stuffing of ASUS RT-AC87U wireless router is one textolite card which has all essential elements located on both of its sides. Spansion S34ML01G100TFI00 module with the size of 128 Mbytes performs functions of flash memory.

The largest part of the card surface is covered by massive heatsinks. It stands to mention that passive cooling is used in RT-AC87U. However, unfortunately for us, the heatsinks themselves are used to cool metal screens under which there are all other chips located. Therefore, the only thing accessible for inspection is the flash memory module.

Information about the CPU and RAM can be obtained via several backhand ways: using the web-interface and command line. An ARMv7 CPU with two cores (2000 BogoMIPS each) is used in the system.

That is where we bring the review of hardware components of the device to an end and pass on to examining its software capabilities.

Firmware upgrade and setting-up procedures

Upon first access to the web-interface of ASUS RT-AC87U wireless router the primary setup wizard will get launched. It is used to set the administrator password and specify the main operation parameters of the device: device operation mode, connection type to the service provider, settings of the wireless network.

And though the firmware update is not necessary to be carried out in order to prepare RT-AC87U for fully-fledged operation, we strongly recommend all users to do it.

Firmware upgrade is carried out in Firmware Upgrade tab, Administration menu item. Firmware upgrade may be carried out both in a manual and semi-automatic mode. In order to perform the latter one needs to be connected to the Internet. Actually, the manual firmware upgrade mode is not that difficult as it only requires a firmware image file that was previously downloaded from the vendor's web server. The whole firmware upgrade process takes about three minutes and does not require any technical proficiency from the administrator.

Unfortunately, when this article was being written there were still no utility for firmware restoration (Firmware Restoration) available for ASUS RT-AC87U at the official website. However, this is not a big problem. The owner of this device can either use the same utility available for any other ASUS wireless router or restore the device firmware manually. This utility may come in handy if there is a failure during the firmware upgrade process. In this case the device will automatically switch to the restoration mode.

Upon manual firmware restoration the administrator can upload the firmware file directly to the router using TFTP.

C:\>tftp -i 192.168.1.1 put c:\RT-AC87U_3.0.0.4_376_2061-gdea2a5b.trx
Transfer successful: 37543936 bytes in 107 second(s), 350877 bytes/s

The second method of the manual firmware restoration is uploading the firmware file using the boot-loader web-interface. Also, one can reboot the device or reset user settings here.

Slowly flashing power indicator will show that the router changes for the rescue mode. Another thing that may indicate the transition to the rescue mode are changes in TTL field value in retraced ICMP echo replies: TTL=64 in the normal mode and TTL=100 in the restoration mode.

Now let's review the new capabilities of the router web-interface.

Web-interface

One can access the device web-interface by entering 192.168.1.1 in any modern browser. It's worth noticing that the web-interface is available in 22 languages.

We will not review all capabilities of the RT-AC87U web-interface, since we had already done it before, but only turn our attention to the most interesting features.

Network Map menu item shows brief information about the connected clients and availability of access to the Internet. Apart from it, this tab also contains key settings of the wireless network for both frequency ranges and information about the CPU and RAM usage.

ASUS company has started collaborating with Trend Micro anti-virus software vendor. This collaboration resulted in appearance of AiProtection menu item, which provides the router users with network protection and parental control features. It'd be fair to point out that the parental control feature has been present in the ASUS network equipment earlier too, but nevertheless the other protection features were not available.

Parental control lets one place restrictions on the used applications and visited websites for children's devices as well as grant the access to the Internet on schedule. Network protection features are more interesting and include a security test of the router (checking the correctness of settings in terms of security), blocking of malicious websites, attack control, and detection and blocking of infected devices.

Router Security Scan feature shows settings that are directly associated with security of the router and local network it's connected to. The user can manually activate any security feature that s/he is interested in.

Upon detecting an infected device in the local network, ASUS RT-AC87U wireless router can send the administrator an email notification.

Adaptive QoS menu item underwent some changes, too. Now the router can analyse applications (based on the transferred traffic) that are initialized on the user hosts and show their traffic consumption speed using Bandwidth Monitor tab. Traffic Monitor tab contains info about the interface utilization during various time periods.

QoS tab lets one carry out either manual or adaptive adjustment of QoS. In the manual adjustment mode the user can specify the bandwidth value—or its priority— required for every application by him/herself. The adaptive mode gives one a possibility to specify priorities for groups of similar applications.

The list of websites that the user has visited is located in Web History tab.

Switch Control tab in LAN menu item is meant to be used in order to enable and disable support of Jumbo frames as well as for selection of the method of accelerating of NAT translations.

Also, the new firmware versions now provide the users with a possibility to perform automatic reconnection to the server by the VPN client if the connection has been lost.

That's where we were about to bring this section to an end, but one thing attracted our attention: absence of the repeater mode in Operation Mode tab, Administration menu item. ASUS claims that RT-AC87U model supports three operation modes: wireless router, access point, and Media Bridge, which makes the device perform functions of a wireless client. However, some browsers let the user choose the above-mentioned operation mode. We notified the vendor about this and are expecting it to fix the bug in the next firmware versions.

And now let's pass on to reviewing the device command line capabilities.

Command line

Switching the access to the command line on and off is performed using System tab, Administration menu item in the web-interface.

Firmware of the model under review is built on Linux 2.6.36.4 OS using Busy Box 1.17.4.

RT-AC87U login: admin
Password:
ASUSWRT RT-AC87U_3.0.0.4 Thu Aug 28 08:49:28 UTC 2014
admin@RT-AC87U:/tmp/home/root# cd /
admin@RT-AC87U:/# uname -a
Linux RT-AC87U 2.6.36.4brcmarm #1 SMP PREEMPT Thu Aug 28 16:59:31 CST 2014 armv7l GNU/Linux
admin@RT-AC87U:/# busybox
BusyBox v1.17.4 (2014-08-28 16:49:27 CST) multi-call binary.
Copyright (C) 1998-2009 Erik Andersen, Rob Landley, Denys Vlasenko
and others. Licensed under GPLv2.
See source distribution for full notice.
Usage: busybox [function] [arguments]...
or: function [arguments]...
BusyBox is a multi-call binary that combines many common Unix
utilities into a single executable. Most people will create a
link to busybox for each function they wish to use and BusyBox
will act like whatever it was invoked as.
Currently defined functions:
[, [[, arp, ash, awk, basename, blkid, cat, chmod, chown, chpasswd, clear, cmp, cp, crond,
cut, date, dd, df, dirname, dmesg, du, e2fsck, echo, egrep, env, ether-wake, expr, fdisk,
fgrep, find, flock, free, fsck.ext2, fsck.ext3, fsck.minix, fsync, grep, gunzip, gzip,
head, ifconfig, insmod, ionice, kill, killall, klogd, less, ln, logger, login, ls, lsmod,
lsusb, md5sum, mdev, mkdir, mke2fs, mkfs.ext2, mkfs.ext3, mknod, mkswap, modprobe, more,
mount, mv, netstat, nice, nohup, nslookup, pidof, ping, ping6, printf, ps, pwd, readlink,
renice, rm, rmdir, rmmod, route, sed, setconsole, sh, sleep, sort, strings, swapoff,
swapon, sync, syslogd, tail, tar, telnetd, test, top, touch, tr, traceroute, traceroute6,
true, tune2fs, udhcpc, umount, uname, unzip, uptime, usleep, vconfig, vi, watch, wc, wget,
which, zcat, zcip
admin@RT-AC87U:/#

Let's see what processes are currently running using ps command. By using top utility one can obtain information on the current activity of the launched processes.

admin@RT-AC87U:/# ps
PID USER VSZ STAT COMMAND
1 admin 6084 S /sbin/preinit
2 admin 0 SW [kthreadd]
3 admin 0 SW [ksoftirqd/0]
4 admin 0 SW [kworker/0:0]
5 admin 0 SW [kworker/u:0]
6 admin 0 SW [migration/0]
7 admin 0 SW [migration/1]
8 admin 0 SW [kworker/1:0]
9 admin 0 SW [ksoftirqd/1]
10 admin 0 SW< [khelper]
11 admin 0 SW [kworker/u:1]
51 admin 0 SW [sync_supers]
53 admin 0 SW [bdi-default]
54 admin 0 SW< [kblockd]
105 admin 0 SW [kswapd0]
151 admin 0 SW [fsnotify_mark]
159 admin 0 SW< [crypto]
231 admin 0 SW [mtdblock0]
236 admin 0 SW [mtdblock1]
241 admin 0 SW [mtdblock2]
246 admin 0 SW [mtdblock3]
268 admin 0 SW [kworker/0:1]
269 admin 0 SW [kworker/1:1]
272 admin 0 SW [mtdblock4]
277 admin 0 SW [mtdblock5]
281 admin 664 S hotplug2 --persistent --no-coldplug
318 admin 6068 S console
320 admin 1508 S /bin/sh
326 admin 0 SWN [jffs2_gcd_mtd4]
329 admin 1496 S syslogd -m 0 -S -O /tmp/syslog.log -s 256 -l 6
332 admin 1496 S /sbin/klogd
334 admin 0 SW [khubd]
442 admin 6076 S usbled
532 admin 6076 S /sbin/wanduck
539 admin 652 S tftpd
551 admin 1500 S telnetd
553 admin 1480 S /bin/eapd
557 admin 2088 S /bin/wps_monitor
558 admin 6076 S wpsaide
560 admin 1956 S nas
561 admin 1596 S /usr/sbin/acsd
564 nobody 956 S dnsmasq --log-async
565 admin 6076 S ntp
570 admin 2452 S avahi-daemon: running [RT-AC87U-3E60.local]
571 admin 6500 S httpd
573 admin 1508 S crond
574 admin 1452 S /usr/sbin/infosvr br0
575 admin 1540 S networkmap --bootwait
577 admin 6076 S watchdog
580 admin 1688 S rstats
587 admin 6076 S ots
589 admin 1496 S lld2d br0
591 admin 6076 S disk_monitor
592 admin 6076 S bwdpi_check
668 admin 716 S miniupnpd -f /etc/upnp/config
680 admin 2456 S u2ec
682 admin 1524 S lpd
685 admin 2456 S u2ec
686 admin 2456 S u2ec
843 admin 1520 S -sh
853 admin 1500 R ps
admin@RT-AC87U:/#
Mem: 46584K used, 209184K free, 0K shrd, 304K buff, 12424K cached
CPU: 0.0% usr 4.5% sys 0.0% nic 95.4% idle 0.0% io 0.0% irq 0.0% sirq
Load average: 0.13 0.04 0.05 1/61 854
PID PPID USER STAT VSZ %MEM CPU %CPU COMMAND
854 843 admin R 1504 0.5 0 4.5 top
571 1 admin S 6500 2.5 0 0.0 httpd
1 0 admin S 6084 2.3 1 0.0 /sbin/preinit
577 1 admin S 6076 2.3 1 0.0 watchdog
591 1 admin S 6076 2.3 1 0.0 disk_monitor
532 1 admin S 6076 2.3 0 0.0 /sbin/wanduck
592 1 admin S 6076 2.3 0 0.0 bwdpi_check
565 1 admin S 6076 2.3 0 0.0 ntp
558 1 admin S 6076 2.3 0 0.0 wpsaide
442 1 admin S 6076 2.3 0 0.0 usbled
587 577 admin S 6076 2.3 0 0.0 ots
318 1 admin S 6068 2.3 1 0.0 console
680 1 admin S 2456 0.9 0 0.0 u2ec
685 680 admin S 2456 0.9 1 0.0 u2ec
686 685 admin S 2456 0.9 0 0.0 u2ec
570 1 admin S 2452 0.9 0 0.0 avahi-daemon: running [RT-AC87U-3E60.local]
557 1 admin S 2088 0.8 0 0.0 /bin/wps_monitor
560 1 admin S 1956 0.7 0 0.0 nas
580 1 admin S 1688 0.6 0 0.0 rstats
561 1 admin S 1596 0.6 1 0.0 /usr/sbin/acsd
575 1 admin S 1540 0.6 0 0.0 networkmap --bootwait
682 1 admin S 1524 0.6 0 0.0 lpd
843 551 admin S 1520 0.5 0 0.0 -sh
320 318 admin S 1508 0.5 1 0.0 /bin/sh
573 1 admin S 1508 0.5 1 0.0 crond
551 1 admin S 1500 0.5 0 0.0 telnetd
589 1 admin S 1496 0.5 1 0.0 lld2d br0
332 1 admin S 1496 0.5 0 0.0 /sbin/klogd
329 1 admin S 1496 0.5 0 0.0 syslogd -m 0 -S -O /tmp/syslog.log -s 256 -l 6
553 1 admin S 1480 0.5 0 0.0 /bin/eapd
574 1 admin S 1452 0.5 0 0.0 /usr/sbin/infosvr br0
564 1 nobody S 956 0.3 1 0.0 dnsmasq --log-async
668 1 admin S 716 0.2 0 0.0 miniupnpd -f /etc/upnp/config
281 1 admin S 664 0.2 1 0.0 hotplug2 --persistent --no-coldplug
539 1 admin S 652 0.2 1 0.0 tftpd
246 2 admin SW 0 0.0 1 0.0 [mtdblock3]
269 2 admin SW 0 0.0 1 0.0 [kworker/1:1]
7 2 admin SW 0 0.0 1 0.0 [migration/1]
268 2 admin SW 0 0.0 0 0.0 [kworker/0:1]
326 2 admin SWN 0 0.0 1 0.0 [jffs2_gcd_mtd4]
5 2 admin SW 0 0.0 0 0.0 [kworker/u:0]
admin@RT-AC87U:/#

Contents of /bin, /sbin, /usr/bin, and /usr/sbin catalogs, as well as the output of sysinfo utility, are located in a separate file. For example, /sbin catalog contains tcpcheck utility that lets the administrator find out whether a TCP port is open in a certain node.

admin@RT-AC87U:/# tcpcheck
usage: tcpcheck <timeout> <host:port> [host:port]
admin@RT-AC87U:/# tcpcheck 5 192.168.1.1:23
192.168.1.1:23 is alive
admin@RT-AC87U:/# tcpcheck 5 192.168.1.3:80
192.168.1.3:80 failed

It looks like /rom/Beceem_firmware catalog contains files that are somehow associated with Yota service provider.

admin@RT-AC87U:/# ls /rom/Beceem_firmware/
RemoteProxy.cfg macxvi.cfg.freshtel macxvi.cfg.gmc macxvi200.bin.giraffe
Server_CA.pem.yota macxvi.cfg.giraffe macxvi.cfg.yota macxvi200.bin.normal

Now let's turn to /proc catalogue to view its contents and find out the system uptime, its average utilisation, information on the CPU installed, and the amount of RAM. Actually, system uptime and average system utilisation can also be learnt using uptime command.

admin@RT-AC87U:/# cd /proc
admin@RT-AC87U:/proc# ls
1 326 565 8 fs self
10 329 570 843 interrupts slabinfo
105 332 571 9 iomem softirqs
11 334 573 953 ioports stat
151 4 574 bcm947xx irq swaps
159 442 575 buddyinfo kallsyms sys
2 5 577 bus key-users sysrq-trigger
231 51 580 cmdline kmsg sysvipc
236 53 587 cpu loadavg timer_list
241 532 589 cpuinfo locks tty
246 539 591 crypto meminfo uptime
268 54 592 devices misc version
269 551 6 diskstats modules vmallocinfo
272 553 668 dmu mounts vmstat
277 557 680 driver mtd zoneinfo
281 558 682 emf net
3 560 685 execdomains pagetypeinfo
318 561 686 fa partitions
320 564 7 filesystems scsi
admin@RT-AC87U:/proc# cat uptime
4411.45 8728.85
admin@RT-AC87U:/proc# cat loadavg
0.03 0.04 0.05 2/61 955
admin@RT-AC87U:/proc# cat cpuinfo
Processor : ARMv7 Processor rev 0 (v7l)
processor : 0
BogoMIPS : 1998.84
processor : 1
BogoMIPS : 1998.84
Features : swp half thumb fastmult edsp
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x3
CPU part : 0xc09
CPU revision : 0
Hardware : Northstar Prototype
Revision : 0000
Serial : 0000000000000000
admin@RT-AC87U:/proc# cat meminfo
MemTotal: 255768 kB
MemFree: 203308 kB
Buffers: 388 kB
Cached: 12592 kB
SwapCached: 0 kB
Active: 12808 kB
Inactive: 6444 kB
Active(anon): 10880 kB
Inactive(anon): 3908 kB
Active(file): 1928 kB
Inactive(file): 2536 kB
Unevictable: 0 kB
Mlocked: 0 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 0 kB
Writeback: 0 kB
AnonPages: 6280 kB
Mapped: 3608 kB
Shmem: 8508 kB
Slab: 20728 kB
SReclaimable: 7152 kB
SUnreclaim: 13576 kB
KernelStack: 488 kB
PageTables: 568 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 127884 kB
Committed_AS: 23860 kB
VmallocTotal: 516096 kB
VmallocUsed: 18464 kB
VmallocChunk: 445268 kB
admin@RT-AC87U:/proc# uptime
05:13:52 up 1:13, load average: 0.01, 0.04, 0.04
admin@RT-AC87U:/proc#

We can't help to mention nvram utility that allows changing certain important device operation parameters.

admin@RT-AC87U:/# nvram
usage: nvram [get name] [set name=value] [unset name] [show] [commit] [save] [restore] [erase] ...
admin@RT-AC87U:/# nvram show | grep admin
size: 35379 bytes (30157 left)
http_username=admin
http_passwd=admin
acc_list=admin>admin
acc_webdavproxy=admin>1
admin@RT-AC87U:/#

As a matter of course, we couldn't help but check a recently discovered vulnerability, which is called ShellShock, in Bash framework. Fortunately, ASUS RT-AC87U wireless router is not exposed to it due to the absence of the pain point of the device, the interpreter.

admin@RT-AC87U:/# bash
-sh: bash: not found

That's where we proceed to completion of the brief review of the command line interface capabilities and pass directly on to testing the device.

Testing

The first testing procedure we usually begin our testing section with is estimating the booting time of the device, which is a time interval starting with the moment when the power is on until the first echo reply is received through ICMP protocol. ASUS RT-AC87U wireless router boots in 104 seconds. We believe that this result is decent.

The second traditional test was a security scanning procedure, which has been carried out using Positive Technologies XSpider 7.7 (Demo build 3100) utility. On the whole, there were 13 open ports discovered. The most interesting data are presented below.

Before getting down to performance tests we would like to get our readers familiar with the key specifications of the test stand we used.

Component PC Notebook
Motherboard ASUS Maximus VI Extreme ASUS M60J
CPU Intel Core i7 4790K 4 GHz Intel Core i7 720QM 1.6 GHz
RAM DDR3 PC3-10700 SEC 32 Gbytes DDR3 PC3-10700 SEC 16 Gbytes
NIC Intel PRO/1000 PT
ASUS PCE-AC68
Atheros AR8131
OS Windows 7 x64 SP1 Rus Windows 7 x64 SP1 Rus

Performance of ASUS RT-AC87U upon carrying out of NAT/PAT translations is presented on the diagram below. It's worth noticing that by default this kind of traffic is processed using hardware acceleration, which prevents applying any load on the device CPU.

If one enables carrying out of the translation, or in other words when simple routing of packets is performed, the data transmission will not be done using hardware acceleration but the CPU.

Apart from IPv4 traffic forwarding ASUS RT-AC87U also supports the next version of Internet Protocol, IPv6, which is handled by the CPU.

Connection to the provider may be carried using various tunnel types. PPTP, L2TP, and PPPoE. We decided to test PPTP performance. Connection may be established both using MPPE encryption and without it.

ASUS RT-AC87U wireless router possesses a built-in VPN server of OpenVPN protocol. We just couldn't help but measure speeds of access to the server upon using default settings.

One of the most interesting tests is, we dare say, the measurements of performance of the wireless segment. Unfortunately, we didn't have any wireless adapter operating in AC2400 mode in our lab and that's why at first we performed measurements for both of the frequency ranges using ASUS PCE-AC68 network adapter that supports AC1900.

We must say that we were pleasantly surprised at the wireless data transmission speeds for 5 GHz frequency range that we obtained. However, we decided not to stop at this point and asked the vendor to provide us with another ASUS RT-AC87U router in order to use it as a client and thoroughly test AC2400.

This way we'd probably manage to hit the barrier of 1 Gbps in wireless speeds soon!

ASUS RT-AC87U wireless router has a USB 2.0 and a USB 3.0 port, which we used to connect a 750 Gbyte Transcend StoreJet 25M3 hard disk successively formatted into four file systems: NTFS, FAT32, and EXT2/3. The results of measurement of access speeds to the disks using SMB protocol are presented below.

It's also worth mentioning that ASUS RT-AC87U uses passive cooling of its hardware components, or in other words it doesn't have a fan in its case. We decided to measure the temperature of the device case during our performance tests. In order to measure it we used our lab's ADA TempPro-2200 pyrometer. The highest temperature that we managed to measure has been 48,8°С. We believe that the result is decent.

That's where we draw the testing chapter to a close and move on to summing it all up.

Conclusion

Generally, we are glad about ASUS RT-AC87U wireless router we tested. It allows for performing wireless data transfer at never-before-seen speeds. Appearance of user protection features, developed by Trend Micro company, looks like a useful change too. Usage of a powerful CPU will let the users enjoy various network resources to the full.

Strength areas of ASUS RT-AC87U are presented below.

  • High traffic transmission speeds in the wireless segment
  • A powerful CPU
  • Appearance of a feature of network protection of the clients
  • Advanced capabilities of QoS feature
  • Support of IPv6
  • Excellent IPv6 routing speeds
  • Availability of hardware acceleration of traffic upon carrying out of NAT/PAT translations
  • Support of two wireless frequency ranges
  • A built-in client and VPN server

Unfortunately, we cannot help to mention some of its drawbacks.

  • Relatively high price
  • The web-interface is not completely translated
  • The Russian language web-interface is a bit unstable and runs beyond the screen

As of when this article was being written, ASUS RT-AC87U was not officially on sale in Moscow. The sales are to start in December 2014. The device will be priced at 9990 roubles.