Recently we got the following products from ASUS:
The Spacelink WL-100 is a wireless card of the 802.11b standard. It has two LEDs:
The card has two antennas. One is internal (horizontal), and the other is external and rotates by 90 degrees (i.e. it can get into the vertical position). But it's not removable, and another external antenna can't be hooked up.
The card comes with an installation manual and a quick installation guide (in English), plus a CD with drivers, documentation and a lot of useful programs.
The card can be used managed by Windows' means or with its own software. Let's take a look at the latter.
In the Status tab you can look at the parameters of the connection established, scan the frequency range for possible radiowave networks and connect to them by indicating a respective SSID. In the Connection tab you can indicate signal's quality and power and look at the diagram of these parameters. But you can just admire it as the diagram changes every second, and the axis X displays only a couple of minutes. However, the Site Monitor utility supplied can draw various diagrams for a much longer period of time.
Also, you can look through current IP settings of the wireless LAN and update them from the DHCP server. The program doesn't let you set these parameters manually.
In the next section you set WLAN parameters. By the way, there is a power saving function which can help you prolong the rundown time of batteries in your notebook PC.
The encryption settings are standard. You can set 4 encryption keys and indicate the one to be used or set the automatic rotation of the keys for better security.
There is one more useful utility on the CD named Mobile Manager. It lets you create an unlimited number of profiles with unique network settings, i.e. PC IP address, gateway, DNS and WINS of servers, proxy servers addresses and printers sharing. Settings can be made for each network adapter in the system (not only a wireless one, and not only one from ASUS). The Mobile Manager is an ideal program for mobile users who work on their notebook PCs under different LANs which have no DHCP addressing, for example, in office and at home. Just select a profile needed and you get into the network.
The ASUS WK-500b is a wireless LAN router of the 802.11b standard. This device has an impressive suite of functions.
The router packed into a dark gray case can be placed both horizontally and vertically.
The legs that fix the router in the vertical position look unusual but beautiful. When I saw them for the first time I thought that there must be something inside. The same idea struck some other people who saw it for the first time...
In front you can see 7 one-color LEDs.
On the back you can find a power connector, a settings restore button, a parallel port for printer (the router serves also as a printer server), a USB port (for flash drive or web camera), 5 ethernet connectors (4 LAN and 1 WAN), and an antenna-in. The antenna is removable so you can use a more powerful model with an amplifier. You can't check the USB printer status in the current firmware version. To connect it you should use the Printer Setup Wizard supplied with the device.
Underneath there are holes for wall mounting. And the sticker indicates a login/password used for the default access to the configuration interface (which is definitely convenient).
The router comes with an external power supply unit, documentation and quick start manual (in English), a 1.5m ethernet cable for a wired network and a CD with documentation and utilities to ease device searching in the LAN and for the firmware upgrade.
4 LAN FastEthernet 10/100Mbit/s interfaces with MDI-X;
4MB Flash with local firmware upgrade supported via WEB interface or with a special utility;
The WL-500b is based on the BCM4702 AirForce(tm) Wireless Network Processor.
Inside it has a 125MHz MIPS320 core with two 10/100 Mbit medium access controllers, PCI 2.2 and PCMCIA hosts, as well as a USB 1.1 host. Besides, the core contains additional instructions for optimization of communication, audio and video applications. In other words, this is an all-in-one processor which can turn into a communication device you need.
The LF8731 chip located near the bracket with ethernet connectors executes Auto MDI-X functions. Two AMIC A43L2616V-6 chips are 64Mbit memory chips from AMIC Technology. The default clock speed is 166MHz (6ns), but in this case it's 125 MHz. AM29LV320DT is a flash memory chip of an unknown size (probably, 32Mbit). One more chip is hidden under the heatsink which I couldn't remove. This is a 5-port 10/100Mbit Ethernet switch Broadcom BCM5325. The BCM5325 integrates a medium access controller and polarity auto detection for each port.
The wireless part of the WL-500b is in a separate module. The BCM4301KPF chip includes 802.11b MAC/baseband controllers, WEP encryption support and interfaces for other controllers. The other filling of the wireless module is hidden under the screen.
The wireless router can be configured via the WEB interface. It's password protected but you can save it so the browser can write it automatically every time you enter.
After authorization you get to the interface itself. The first page gives links to the main settings sectors. Also, you can choose the quick setup manager.
All the settings are grouped into directories. In the Wireless Interface section are you find standard wireless interface settings such as SSID, channel number and speed, authentication type (including 802.1x with Radius support), and encryption types and keys. One of the interesting features is automatic rotation of 4 keys in a given time period.
One of the downsides is that the interface supports the screen resolution starting from 1024. The Wireless Interface screenshot above was taken at 1024x768, and as you can see, not all interface elements are displayed. The entry confirmation button is out of the visible area. In most other cases these buttons also disappear and sometimes the interface stretches out on several screens. Screen scrolling isn't tiring because you don't need to make settings often, but I don't understand why wouldn't they group the elements differently, for example, in two rows or use a completely different interface conception.
Pop-up prompts provided for almost all configuration elements is a plus. When you change certain settings (for example, the access point mode) you can see user-friendly animation above.
The next screen allows changing the wireless bridge mode. There are three modes possible:
You can also indicate a list of MAC addresses of remote bridges (MAC addresses filtering).
Then you will be offered to set a list of clients' MAC addresses and enable MAC address filtering for them.
In the Advanced section you can set additional parameters for the wireless channel and assign an RADIUS server IP address. Remember that the client authentication via the 802.1x protocol doesn't affect the wireless channel security (regarding encryption reliability). In this case it's used for checking up client's validity. But the fact that manufacturers provide today the basic support for the 802.1x in their equipment is good news.
In the LAN and WAN interface settings you can choose one of three WAN interface types:
Here you can also change the MAC address and Hostname of the WAN interface.
The settings for the integrated DHCP server and the static routing table assignment
are standard. The dynamic routing can be activated only in the Router mode in
the Operation Mode section. This mode turns off the NAT support and alows only
for the static IP address in the WAN interface.
The Miscellaneous section contains such options as WEB interface and Internet logs access permission, assignment of the log server's IP address, time zone and NTP server address and activation of MS new standard UPnP (on-the-fly device configuring by the WinXP means).
In the same section you can configure the DDNS service (support of the permanent dns name at the dynamic IP address). In other words, you can always address the device from the Internet by its dns name. Unfortunately, there are only two DDNS clients you can use - www.dyndns.org and www.dzo.com.
Then goes NAT settings section. It's not clear what are the Port Mapping settings for. They may control efficiency of dynamic protocols (such as NetMeeting), but the description doesn't clearly says it.
The next two tabs define virtual servers (redirect of TCP/UDP ports inside the LAN) and DMZ host.
In the LAN & WAN Firewall tab you can make settings for the firewall between LAN and WAN interfaces. The section is divided into two equal parts - LAN to WAN filter and WAN to LAN one.
The time of rules operation can be set for each section but only for all the rules at once. Some global actions (accept/drop) are possible over the packets that do not obey to the manually set rules. For each rule you can use masks and a range when indicating IP addresses. And in case of a TCP protocol you can use one of certain types of TCP packet headers.
In other words, the firewall is flexible except the rules operation time and record editing (you can just delete records or create new ones).
In the same section you can filter out undesirable URLs (you can also indicate time of their operation, for all at once).
In the router you can enable independent firewalls between WLAN-WAN and WLAN-LAN interfaces.
If the WLAN interface has its firewall activated, there'll be two different subnetworks (for LAN and WAN), possibility of a separate DHCP server for WLAN, and two different sets of rules for WLAN-WAN and WLAN-LAN interfaces.
Rules can be set the same way here (for LAN and WAN); the only thing that differs is that you can't set the rules operation time.
Now let's have a look at the advanced features. The WL-500b can be connected to a USB 1.1 drive and access it via FTP, i.e. the router can work as a FTP server. You can make a list of users and set different rules for them. Also, you can make a list of banned IP addresses which can't access the FTP server.
But the FTP server mechanism is not debugged yet - if there are several users registered with r/w/e rules, they are allowed to delete others' files as well. An "anonymous" user can also do it.
In regard to this, some time later I received a letter from Philippe Jounin who shared with me a new method of anonymous user problem solution. You will need to do the following:
Another interesting feature (though not everyone needs it) is the WEB camera support. In this case, if you connect to a given port from your browser, you can see what happens to the router in the room. Besides, the WL-500b can monitor the room and send photos to a certain email address if any movement is detected. Also, you can remotely monitor up to 6 WEB cameras in the LAN.
In the System Setup menu you can select one of three standard router operation modes: NAT supported (standard mode), Router (no NAT, dynamic routing supported) and Access Point (no NAT, all 5 ports work in the bridge mode).
Here you can also change the access password, upgrade the firmware and save or restore the configuration. It can be saved in the text format but not in the readable one (no line feeds).
The last sector is called Status & Logs. It shows the current addressing
for LAN and WAN interfaces, uptime system, printer's status (if it's connected),
WLAN interface's and DHCP server's status, a list of redirected ports, a routing
table and a system log of the device. The latter is not very informative.
The wireless and wired segments (LAN-WAN) were tested separately.
Wireless segment performance
In the first case we measured speed between the wireless adapter installed in the notebook and the router's wireless segment (access point, AP), or rather a PC located in the wired segment behind the AP.
The speed was measured by the TCP traffic generation utility Iperf v.1.7, with the one-way or both-way traffic generated. Each test (30 sec long) was run 20 times in a cycle and then we chose the best score out of 20 and calculated the average result. During the tests the distance between the access point (wireless router) and the notebook didn't exceed 5 m. The measurements were carried out in three modes:
Performance of the wireless segment is close to the maximum in the halfduplex and fullduplex modes, both for the maximum and average data rates.
LAN-WAN segment performance (router's performance)
The tests were carried out according to this technique.
The speed is quite high in case of the one-way data transfer, though it falls down twice in the duplex mode. Nevertheless, the speed is still high.
Unfortunately, the router isn't stable enough at the maximum load - it hang twice (out of 15 times), and we had to resupply power.
The maximum fixed data rate is 26.55 Mbit/s.
The results do not contradict to Iperf, the data routing speed is high.
Additional wireless segment test: range of operation
As I mentioned last time, the results much depend on the environment and materials the walls are made of, and the scores can be completely different in other conditions.
In this case we tested it in the building with ferroconcrete walls. A one-way traffic was generated with the Iperf utility.
1. Distance of ~10 m, one ferroconcrete and two gypsum cardboard walls. The signal level is 95%, the maximum data rate is 5.33 Mbit/s (the average one is 5.23).
2. The distance is ~16 m, 4 ferroconcrete walls. The signal level is 15-20%, the maximum data rate is 5.15 Mbit/s (the average one is 4.78).
In the second case even at such a low signal level the data rate was close
to the maximum. Well, I'm really glad that the connection is so stable and speedy.
The tests were carried out according to this technique.
During the tests the device didn't reboot or hang. Nessus reports:
I have found two vulnerable places with the minimal degree of risk. Such vulnerability can be often seen in various types of equipment and isn't dangerious. On the minus side is that no information on scanning and attacks were brought into the logs. In all other respects, the ASUS WL-500b can be considered well protected.
ASUS launched a multifunctional device that combines a router and a wireless access point with good protection and a decent suite of additional functions (printer server, ftp server, web camera). The segment separation with firewalls increases the security level of the internal networks, and the high routing speed lets using it on high-speed Internet channels.
Evgeniy Zaitsev (email@example.com)
Write a comment below. No registration needed!
Copyright © Byrds Research & Publishing, Ltd., 1997–2011. All rights reserved.