WL-500b Wireless LAN Router &
Spacelink WL-100 PCMCI card

Recently we got the following products from ASUS:

• WL-500b - wireless LAN router, 802.11b;
• Spacelink WL-100 - PCMCIA wireless card of the same standard.

Spacelink WL-100

 

The Spacelink WL-100 is a wireless card of the 802.11b standard. It has two LEDs:

• "Link" goes on when a connection with another wireless device is established and blinks when searching for a LAN;
• "Air" blinks during data transfer in the wireless segment.

The card has two antennas. One is internal (horizontal), and the other is external and rotates by 90 degrees (i.e. it can get into the vertical position). But it's not removable, and another external antenna can't be hooked up.

The card comes with an installation manual and a quick installation guide (in English), plus a CD with drivers, documentation and a lot of useful programs.

Specification

• 802.11b standard, 2.4 GHz;
• 2 antennas - an internal antenna with horizontal polarization and an external one with a vertical polarization, no more antennas can be connected;
• Output power in the normal temperature range - 12 ~ 15 dBm
• Wireless segment - data rate manual adjustment supported; 1/2, 5.5, 11Mbit/s;
• Security - WEP 64/128, 4 keys can be assigned, autorotation supported;
• Drivers for Windows 98, ME, 2000, XP, CE 3.0, Pocket PC 2002 and Linux.

Setup

The card can be used managed by Windows' means or with its own software. Let's take a look at the latter.

 

In the Status tab you can look at the parameters of the connection established, scan the frequency range for possible radiowave networks and connect to them by indicating a respective SSID. In the Connection tab you can indicate signal's quality and power and look at the diagram of these parameters. But you can just admire it as the diagram changes every second, and the axis X displays only a couple of minutes. However, the Site Monitor utility supplied can draw various diagrams for a much longer period of time.

 

Also, you can look through current IP settings of the wireless LAN and update them from the DHCP server. The program doesn't let you set these parameters manually.

In the next section you set WLAN parameters. By the way, there is a power saving function which can help you prolong the rundown time of batteries in your notebook PC.

 

The encryption settings are standard. You can set 4 encryption keys and indicate the one to be used or set the automatic rotation of the keys for better security.

There is one more useful utility on the CD named Mobile Manager. It lets you create an unlimited number of profiles with unique network settings, i.e. PC IP address, gateway, DNS and WINS of servers, proxy servers addresses and printers sharing. Settings can be made for each network adapter in the system (not only a wireless one, and not only one from ASUS). The Mobile Manager is an ideal program for mobile users who work on their notebook PCs under different LANs which have no DHCP addressing, for example, in office and at home. Just select a profile needed and you get into the network.

WL-500b

The ASUS WK-500b is a wireless LAN router of the 802.11b standard. This device has an impressive suite of functions.

 

The router packed into a dark gray case can be placed both horizontally and vertically.

The legs that fix the router in the vertical position look unusual but beautiful. When I saw them for the first time I thought that there must be something inside. The same idea struck some other people who saw it for the first time... 

In front you can see 7 one-color LEDs.

• PWR goes on when power is supplied and blinks when the device gets loaded or firmware is upgraded;
• AIR indicates that there are wireless clients nearby and blinks when data are transferred;
• WAN goes on in case of a physical link in the WAN segment and blinks during data transfer;
• PWR - 4 LEDs of the LAN segment work identically to the WAN LED.

On the back you can find a power connector, a settings restore button, a parallel port for printer (the router serves also as a printer server), a USB port (for flash drive or web camera), 5 ethernet connectors (4 LAN and 1 WAN), and an antenna-in. The antenna is removable so you can use a more powerful model with an amplifier. You can't check the USB printer status in the current firmware version. To connect it you should use the Printer Setup Wizard supplied with the device.

Underneath there are holes for wall mounting. And the sticker indicates a login/password used for the default access to the configuration interface (which is definitely convenient).

The router comes with an external power supply unit, documentation and quick start manual (in English), a 1.5m ethernet cable for a wired network and a CD with documentation and utilities to ease device searching in the LAN and for the firmware upgrade.

Specification

• 802.11b, 2.4 GHz;
• Two antennas - one external, removable, replacable; the other is built-in and combined with the heatsink;
• Output power in the normal temperature range - 12 ~ 15 dBm
• Plastic case, horizontal, vertical installation, wall mounting;
• Wireless segment - data rate manual adjustment supported; 1, 2, 5.5, 11Mbit/s;
• Wired segment - 1 WAN FastEthernet 10/100Mbit/s interface, cable type auto detection (MDI-X);

4 LAN FastEthernet 10/100Mbit/s interfaces with MDI-X; 
• Configuring via WEB interface;
• Wireless segment security - WEP 64/128 with key rotation supported, as well as separate firewalls between LAN, WAN and Wireless segments;
• Authentication in wireless segment - by MAC address or via 802.1x protocol;
• 16 MB SDRAM RAM,

4MB Flash with local firmware upgrade supported via WEB interface or with a special utility;
• NAT & PAT with port redirecting & DMZ host,
• Linux operating system;
• DHCP server with MAC to IP binding;
• built-in multifunctional firewalls between segments; 
• integrated URL filtering
• servicing of up to 253 PCs in the LAN;
• configuration backup and booting
• one USB 1.1 port for WEB camera or flash disc drive;
• printer server functions (1 parallel port provided);
• ftp server functions (flash drive used as a storage unit);
• movement monitoring with webcamera (photos can be sent to a given address or the camera can be hooked up directly to the device), movement detection included;
• firmware upgrade supported;
• dynamic DNS service supported (two fixed);
• dimensions: 185 x 205 x 36 mm (without external antenna);
• weight: 500 g (without power supply unit);

Inside

The WL-500b is based on the BCM4702 AirForce(tm) Wireless Network Processor.

Inside it has a 125MHz MIPS320 core with two 10/100 Mbit medium access controllers, PCI 2.2 and PCMCIA hosts, as well as a USB 1.1 host. Besides, the core contains additional instructions for optimization of communication, audio and video applications. In other words, this is an all-in-one processor which can turn into a communication device you need.

The LF8731 chip located near the bracket with ethernet connectors executes Auto MDI-X functions. Two AMIC A43L2616V-6 chips are 64Mbit memory chips from AMIC Technology. The default clock speed is 166MHz (6ns), but in this case it's 125 MHz. AM29LV320DT is a flash memory chip of an unknown size (probably, 32Mbit). One more chip is hidden under the heatsink which I couldn't remove. This is a 5-port 10/100Mbit Ethernet switch Broadcom BCM5325. The BCM5325 integrates a medium access controller and polarity auto detection for each port.

The wireless part of the WL-500b is in a separate module. The BCM4301KPF chip includes 802.11b MAC/baseband controllers, WEP encryption support and interfaces for other controllers. The other filling of the wireless module is hidden under the screen.

Configuring

The wireless router can be configured via the WEB interface. It's password protected but you can save it so the browser can write it automatically every time you enter.

After authorization you get to the interface itself. The first page gives links to the main settings sectors. Also, you can choose the quick setup manager.

All the settings are grouped into directories. In the Wireless Interface section are you find standard wireless interface settings such as SSID, channel number and speed, authentication type (including 802.1x with Radius support), and encryption types and keys. One of the interesting features is automatic rotation of 4 keys in a given time period.

One of the downsides is that the interface supports the screen resolution starting from 1024. The Wireless Interface screenshot above was taken at 1024x768, and as you can see, not all interface elements are displayed. The entry confirmation button is out of the visible area. In most other cases these buttons also disappear and sometimes the interface stretches out on several screens. Screen scrolling isn't tiring because you don't need to make settings often, but I don't understand why wouldn't they group the elements differently, for example, in two rows or use a completely different interface conception.

Pop-up prompts provided for almost all configuration elements is a plus. When you change certain settings (for example, the access point mode) you can see user-friendly animation above.

The next screen allows changing the wireless bridge mode. There are three modes possible:

• AP Only - only wireless clients can be connected;
• WDS Only - only wireless bridges are supported (like WL-500b);
• Hybrid - first and second modes combined;

You can also indicate a list of MAC addresses of remote bridges (MAC addresses filtering).

Then you will be offered to set a list of clients' MAC addresses and enable MAC address filtering for them.

In the Advanced section you can set additional parameters for the wireless channel and assign an RADIUS server IP address. Remember that the client authentication via the 802.1x protocol doesn't affect the wireless channel security (regarding encryption reliability). In this case it's used for checking up client's validity. But the fact that manufacturers provide today the basic support for the 802.1x in their equipment is good news.

In the LAN and WAN interface settings you can choose one of three WAN interface types:

• Static IP address;
• Dynamic IP address;
• Settings via PPPoE.

Here you can also change the MAC address and Hostname of the WAN interface.

The settings for the integrated DHCP server and the static routing table assignment are standard. The dynamic routing can be activated only in the Router mode in the Operation Mode section. This mode turns off the NAT support and alows only for the static IP address in the WAN interface.

The Miscellaneous section contains such options as WEB interface and Internet logs access permission, assignment of the log server's IP address, time zone and NTP server address and activation of MS new standard UPnP (on-the-fly device configuring by the WinXP means).

In the same section you can configure the DDNS service (support of the permanent dns name at the dynamic IP address). In other words, you can always address the device from the Internet by its dns name. Unfortunately, there are only two DDNS clients you can use - www.dyndns.org and www.dzo.com.

Then goes NAT settings section. It's not clear what are the Port Mapping settings for. They may control efficiency of dynamic protocols (such as NetMeeting), but the description doesn't clearly says it.

The next two tabs define virtual servers (redirect of TCP/UDP ports inside the LAN) and DMZ host.

In the LAN & WAN Firewall tab you can make settings for the firewall between LAN and WAN interfaces. The section is divided into two equal parts - LAN to WAN filter and WAN to LAN one.

The time of rules operation can be set for each section but only for all the rules at once. Some global actions (accept/drop) are possible over the packets that do not obey to the manually set rules. For each rule you can use masks and a range when indicating IP addresses. And in case of a TCP protocol you can use one of certain types of TCP packet headers.

In other words, the firewall is flexible except the rules operation time and record editing (you can just delete records or create new ones).

In the same section you can filter out undesirable URLs (you can also indicate time of their operation, for all at once).

In the router you can enable independent firewalls between WLAN-WAN and WLAN-LAN interfaces.

If the WLAN interface has its firewall activated, there'll be two different subnetworks (for LAN and WAN), possibility of a separate DHCP server for WLAN, and two different sets of rules for WLAN-WAN and WLAN-LAN interfaces.

Rules can be set the same way here (for LAN and WAN); the only thing that differs is that you can't set the rules operation time.

Now let's have a look at the advanced features. The WL-500b can be connected to a USB 1.1 drive and access it via FTP, i.e. the router can work as a FTP server. You can make a list of users and set different rules for them. Also, you can make a list of banned IP addresses which can't access the FTP server.

But the FTP server mechanism is not debugged yet - if there are several users registered with r/w/e rules, they are allowed to delete others' files as well. An "anonymous" user can also do it.

In regard to this, some time later I received a letter from Philippe Jounin who shared with me a new method of anonymous user problem solution. You will need to do the following:

• Disable anonymous access
• Create a new anonymous user (any password) and grant him Read Only rights

Another interesting feature (though not everyone needs it) is the WEB camera support. In this case, if you connect to a given port from your browser, you can see what happens to the router in the room. Besides, the WL-500b can monitor the room and send photos to a certain email address if any movement is detected. Also, you can remotely monitor up to 6 WEB cameras in the LAN.

In the System Setup menu you can select one of three standard router operation modes: NAT supported (standard mode), Router (no NAT, dynamic routing supported) and Access Point (no NAT, all 5 ports work in the bridge mode).

Here you can also change the access password, upgrade the firmware and save or restore the configuration. It can be saved in the text format but not in the readable one (no line feeds).

The last sector is called Status & Logs. It shows the current addressing for LAN and WAN interfaces, uptime system, printer's status (if it's connected), WLAN interface's and DHCP server's status, a list of redirected ports, a routing table and a system log of the device. The latter is not very informative.
 

Performance

The wireless and wired segments (LAN-WAN) were tested separately.

Wireless segment performance

In the first case we measured speed between the wireless adapter installed in the notebook and the router's wireless segment (access point, AP), or rather a PC located in the wired segment behind the AP.

The speed was measured by the TCP traffic generation utility Iperf v.1.7, with the one-way or both-way traffic generated. Each test (30 sec long) was run 20 times in a cycle and then we chose the best score out of 20 and calculated the average result. During the tests the distance between the access point (wireless router) and the notebook didn't exceed 5 m. The measurements were carried out in three modes:

• Card2AP - the traffic was generated from the wireless adapter to the access point;
• AP2Card - the traffic was generated from the access point to the wireless adapter;
• fdx AP and Card - simultaneous traffic generation in both directions;

Performance of the wireless segment is close to the maximum in the halfduplex and fullduplex modes, both for the maximum and average data rates.

LAN-WAN segment performance (router's performance)

The tests were carried out according to this technique.

Iperf

The speed is quite high in case of the one-way data transfer, though it falls down twice in the duplex mode. Nevertheless, the speed is still high.

Unfortunately, the router isn't stable enough at the maximum load - it hang twice (out of 15 times), and we had to resupply power.

Netpipe

The maximum fixed data rate is 26.55 Mbit/s.

The results do not contradict to Iperf, the data routing speed is high.
 

Additional wireless segment test: range of operation

As I mentioned last time, the results much depend on the environment and materials the walls are made of, and the scores can be completely different in other conditions.

In this case we tested it in the building with ferroconcrete walls. A one-way traffic was generated with the Iperf utility.

1. Distance of ~10 m, one ferroconcrete and two gypsum cardboard walls. The signal level is 95%, the maximum data rate is 5.33 Mbit/s (the average one is 5.23).

2. The distance is ~16 m, 4 ferroconcrete walls. The signal level is 15-20%, the maximum data rate is 5.15 Mbit/s (the average one is 4.78).

In the second case even at such a low signal level the data rate was close to the maximum. Well, I'm really glad that the connection is so stable and speedy.
 

Security

The tests were carried out according to this technique.

During the tests the device didn't reboot or hang. Nessus reports:

• brief;
• full;

I have found two vulnerable places with the minimal degree of risk. Such vulnerability can be often seen in various types of equipment and isn't dangerious. On the minus side is that no information on scanning and attacks were brought into the logs. In all other respects, the ASUS WL-500b can be considered well protected.

Conclusion

ASUS launched a multifunctional device that combines a router and a wireless access point with good protection and a decent suite of additional functions (printer server, ftp server, web camera). The segment separation with firewalls increases the security level of the internal networks, and the high routing speed lets using it on high-speed Internet channels.

Highs:

• High routing performance in the wireless segment;
• Segment separation with firewalls and a high protection level;
• Flexible rules for firewalls;
• Wireless user authentication via 802.1x;
• Internal URL filtering;
• Built-in print server;
• Room monitoring supported via web camera;
• FTP server functions via USB drive.

Lows:

• Possible unstable operation at the maximum channel load;
• Time of firewall rules operation doesn't change flexibly;
• No support for pass-through vpn sessions;
• USB printers unsupported (LPT only);