Introduction
ZyXEL ZyAIR Wireless LAN Hot Spot Gateway (B-4000) | |
---|---|
Summary | 802.11b ‘Hotspot’ router aimed at the wireless-with-your-latte Mom ‘n Pop store-owner. Includes receipt printer. |
Update | 10/20/2003 – New firmware available that fixes a few VPN passthrough bugs, adds the ability to email logs and new accounting features. |
Pros | • Easy-to-use solution for small-biz hotspot owners • Keeps wireless and wired traffic separated • Easy-to-use ticket-based authentication system • Top-of-the-line routing and wireless performance |
Cons | • Can’t enable wireless and wired LAN communication • Can’t control account username and password assignment • No firewall controls |
Although the market for pay-for Wi-Fi “hotspots” may be peaking, ZyXEL’s Hot Spot in a Box Wireless Service Gateway is aimed at the small business owner who wants to get into the game. It’s a simple, all-in-one box that makes it easy for non-technical folks to sell wireless Internet access by the hour. But if you have other uses in mind, you may find it lacking…
Basic Features
The B-4000 actually started out in life as the ZSG-100W and remnants of its former identity can be found scattered around the product documentation. The product that I received for review actually was marked as a ZSG-100W, so it still had the older packaging that has a dark green trim piece vs. the more translucent light blue one on the B-4000. The package is about the size of a small hardcover novel with a rounded top surface and two wall-mounting slots on the bottom.
All indicator lights are on the front of the box and are somewhat dim through the dark green trim described above The indicators include Link/Activity for the LAN and WAN ports, Wireless activity for the wireless LAN connection, Power, and Status general indicators.
Four 10/100 LAN ports, one 10/100 WAN port, power jack, two RP-SMA antenna and one DB25-M printer connectors are on the rear panel and a hardware Reset switch is located on the left side panel.
The printer connector connects to “Mini Account Generator Printer” that comes bundled with the B-4000. The printer uses thermal roll-type paper and is used to print the customer receipts that are part of the customer authentication system.
Internal details
The B-4000 is also known as the WSG-5000 and is available from a number of other vendors, but I hit a dead end tracking down who the actual OEM is for the product. What I do know is that it uses Global Sun GL242202-0TA PC card radio (Figure 1) that’s based on TI’s ACX100 chipset. This means that it actually can support 22Mbps “802.11b+” operation, although ZyXEL doesn’t seem to be making that a selling point in their product literature.
Figure 1: The B-4000’s radio
(click on the image for a full-sized view)
The B-4000’s design is current-generation since it’s powered by the Conexant CX82100 single-chip ARM940T-based processor that’s at the heart of many current inexpensive routers. It uses a Kendin KS8721 for the 10/100 WAN Ethernet and KS8995 for the four switched LAN 10/100 ports. Flash, RAM, an SMsC I/O controller and Cirrus Logic PLD make up the rest of the main board.
Setup and Administration
Setup was a little confusing, but once I got the hang of the user account generation system I had little trouble navigating the interface. The B-4000 comes set up to be a DHCP client on its WAN side and has its built-in DHCP server enabled, so if your wired or wireless client is set to obtain its IP address info automatically, you’ll be accessing the Internet with little trouble. But ZyXEL doesn’t supply a printed “quick start” sheet with the basic login info, so you’ll need to load the User Manual CD and browse to Chapter 3 to find that the B-4000’s admin interface is located at 10.59.1.1.
Once you log in, you’re directed to the Wizard Setup portion of the interface. The Wizard steps you through setting up the WAN connection and basic wireless settings, but then gets into some questions that you’ll probably need to read the User Manual in order to correctly answer them. One of these head-scratchers is the Account Generator wizard shown in Figure 3, which I’ll get to later.
Figure 3: Setup screen
(click on the image for a full-sized view)
I did like, however, that the last wizard step presents you with the opportunity – but doesn’t force you – to change the admin interface password. I’d prefer to see it as one of the first steps, however, because some users might switch out of the wizard before hitting it.
If “wizards” aren’t your thing, don’t worry. A link bar at the bottom of each wizard screen gives you the opportunity to switch to the Advanced Setup mode. Figure 4 shows the WAN/LAN page of this mode, so you can get a flavor for that mode.
Figure 4: Advanced Setup – WAN/LAN screen
(click on the image for a full-sized view)
The B-4000 can handle pretty much any WAN connection type with the exception of the BigPond mode offered by some other products. But on the positive side, it lets you control both MTU and MSS settings for PPPoE and PPTP connections, and has both Connect on Demand and Keep Alive time controls.
The interface is pretty responsive, but many changes require a 30 second reboot cycle (although some reboots are as short as 5 seconds) and the browser doesn’t auto-refresh to let you know that the Gateway is back in business. I also didn’t like that you had to log back in after every reboot and navigate back to the page you were on. The unchangeable idle-time admin logout (5 minutes, I think) wasn’t a positive point either.
The good news is that the admin interface supports connection via SSL, i.e. https, via either a self-generated certificate or one from an authentication authority that can be uploaded into the Gateway.
Firewall Features
At first I thought I was missing something, but a check with ZyXEL confirmed that there are no controls for the B-4000’s firewall. This means no DMZ, no outgoing port/service filters, no virtual servers, no content controls, etc. So if you need anything beyond basic Internet sharing – and the ability to host a controlled-access hotspot, of course – for wired and wireless clients, the B-4000 isn’t the product for you.
The other important thing to know is that the B-4000 takes its gatekeeper duties seriously – maybe too seriously for anything except hotspot use. First, the B-4000 treats wired and wireless connections equally, so it’s not possible to force authentication only on the wireless side while letting the wired clients freely access the Internet.
What’s more, the B-4000 implements a Level 2 V-LAN (virtual LAN) on all traffic, meaning that not only is access blocked between wireless and wired clients, but from wired-to-wired and wireless-to-wireless clients too. To put it simply, each client is on its own private network that connects only to the Internet and nowhere else. This means that each user’s privacy is protected, but forget about file and printer sharing!
VPN
ZyXEL says the Gateway supports VPN pass-through for PPTP, IPsec and L2TP clients. But in keeping with the no-firewall-controls policy, in the unlikely event you need to host any of these flavored VPN gateways behind the B-4000, you won’t be able to do it.
Logging and Other Features
The logging and monitoring features of the Gateway tend to concentrate on the user accounts, as you might expect. You get log pages that show the currently-active accounts, account log (history), current users, DHCP clients, and user sessions (Figure 5).
Figure 5: User Sessions log
(click on the image for a full-sized view)
Most of the log pages have buttons that let you sort the info by data columns and the Current User page has Disconnect buttons for each entry.
For a more permanent record, you can use the syslog feature to send selected info to a syslog daemon on either the LAN or WAN side of the Gateway. The choices again tend toward subscriber and accounting info, although you can also log system information, reboots and admin logins. I didn’t have much luck getting this feature to work, since no matter what I selected I got an “Invalid Syslog Server Checkbox Select !” message.
None of the options include traffic logging and I found a few quirks in the log features, with the biggest being the fact that only authenticated users appear in any of the log pages when you have authentication turned on. Since the B-4000’s “Walled Garden” feature (more on this later) allows limited Internet access for anonymous users, I would prefer to see them listed in the Current Users log. But instead you’ll have to rely on the DHCP Client and Session List pages for evidence of those users.
I also found the Session List page wasn’t really a log, but more a real-time display of open sessions. Once a session port established through the B-4000’s firewall was closed, its listing disappeared from the page.
Routing Performance
The table above shows that the B-4000’s routing performance will be plenty fast to handle most any BSP’s connection – which is what I’d expect from the Conexant processor. Note that the lack of UDP streaming and all WAN-LAN results is due to the B-4000’s inability to let me open the ports in the Gateway’s firewall that Qcheck needs to complete these tests.
Routing Performance Test Results
Test Description | Transfer Rate (Mbps) | Response Time (msec) | UDP stream | |
---|---|---|---|---|
Throughput (kbps) | Lost data (%) | |||
WAN – LAN | (avg) (max) |
|||
LAN – WAN | 18.2 | 1 (avg) 1 (max) |
||
Firmware Version | 1.00.06 |
See details of how we test.
Wireless Basics
Wireless setup features are pretty straightforward as shown in Figure 6.
Figure 6: Wireless settings
(click on the image for a full-sized view)
WEP is supported in 64, 128 and TI’s special 256 bit lengths, but there’s neither WPA nor 802.1x support. You are able to disable SSID broadcast, but MAC address filters aren’t present because the hotspot account control system takes care of access control. Also note that wireless bridging is not supported.
HotSpot Features
Since it really isn’t a general-purpose wireless router, the real reason you’d buy the B-4000 is for its “hotspot” features. Once you enable authentication on the B-4000 (it’s disabled by default), all attempts to access the Internet – by both wireless and wired clients – are forced to an authentication page like the one shown in Figure 7.
Figure 7: Authentication login – customized version
(click on the image for a full-sized view)
You can choose a standard or customized login page, page redirection, or login frame. The customized version lets you control pretty much everything you see in Figure 7, including the background and text color.
You set up accounts by first using the Accounting page (Figure 8) to set the times, access charge and other info needed for the Account generation interface (Figure 9) and Account receipt (Figure 10).
Figure 8: Accounting setup
(click on the image for a full-sized view)
After some experimentation, I found that 999 days is the longest account time that can be set. So if you have regular users that you don’t want to charge, at least you won’t have to keep generating new login information for them!
Figure 9: Account generator
The Account Generator has its own login that allows access only to the panel and Account list. All that person needs to do is collect the money from the customer and click the appropriate button on the Account Generator. This will pop up the window shown in Figure 10 with all the required login information that can be printed out and given to the customer.
Figure 10: Account receipt
If the Account Generator Printer that comes bundled with the B-4000 is attached, the cashier doesn’t even need to be running a web browser. The button on the printer will print out a receipt for whatever time and amount is entered in the Accounting page’s Button 1 entries.
This is a simple little system and should be easy to manage for its intended audience. But I’d like to see the option for entering account username and passwords directly vs. just the random assignment method currently supported. I’d also like the ability to control the virtual LAN features so that at least wired users could file and printer share while remaining separated from wireless users.
An important security feature is that there’s no simultaneous account sharing. So if customers think they can buy one ticket and share the wealth, it won’t work. But it they discover the “super” account username and password, they’ll have free access that can be shared by multiple simultaneous users. So be sure to change the default information for that and the admin, account, and supervisor accounts when you first set up the B-4000 if you don’t want to give away the store!
Three other features of note are Walled Garden, Advertisement and SMTP redirection. The first lets you enter up to 10 URLs that appear as links on the login screen. Users will have free access to any pages on those sites as long as the root URL (i.e. www.thesite.com) stays the same. Note that sites like Yahoo that use many different servers and subdomains (news.yahoo.com, etc.) aren’t good Walled Garden candidates.
The Advertisement feature supposedly sends the user to one of ten user-settable URLs either right after authentication or on a user-programmable interval. The after-authentication mode worked fine, but the timed mode didn’t seem to pay attention to the 1 minute interval that I set. It eventually opened another browser window for the “advertisement” site, but on its own schedule, which seemed like at least 10 minutes or so.
SMTP redirection is a handy feature that lets authenticated users send mail through your ISP’s SMTP server without having to change their email client’s SMTP server entry. I didn’t test this feature, but ZyXEL’s manual says that it not only sends the mail, but modifies the email header into so that the recipient “sees the message as if you sent it from your local Internet Service Provider”.
Wireless Performance
NOTES:
• “Signal Quality” readings taken with the ZyXEL client utility
• Testing was done with a ZyXEL B-100 client card in a WinXP Home Dell Inspiron 4100 laptop unless otherwise noted
Even though ZyXEL’s ZyAIR B-100 802.11b card (based on Intersil’s PRISM chipset) can’t take advantage of the B-4000’s 802.11b+ 22Mbps raw data rate, the pair turned in one of the best 802.11b performances that I’ve ever seen!
Figure 11: Four location throughput
(click on the image for a full-sized view)
Figure 11 shows that the results from my four location test were so consistent, that I had to double check to make sure that I didn’t accidently forget to run some of the tests! I also checked performance with 128 bit WEP enabled and saw no throughput change.
I should note that the test results are taken through the router, since the B-4000’s V-LAN feature prevents all communication between LAN-side clients. But since routing throughput is more than 3X the speed of the wireless connection, I can safely say these results truly reflect the actual wireless speed.
802.11b Wireless Performance Test Results
Test Conditions
– WEP encryption: DISABLED |
Firmware/Driver Versions
AP f/w: |
||||
---|---|---|---|---|---|
Test Description | Signal Strength (%) | Transfer Rate (Mbps) | Response Time (msec) | UDP stream | |
Throughput (kbps) | Lost data (%) | ||||
Client to AP – Condition 1 | 100 | 5 [No WEP] 5 [w/ WEP] |
0 (avg) 0 (max) |
0 | 0 |
Client to AP – Condition 2 | 80 | 5.1 | 0 (avg) 0 (max) |
0 | 0 |
Client to AP – Condition 3 | 73 | 5.1 | 0 (avg) 0 (max) |
0 | 0 |
Client to AP – Condition 4 | 60 | 5.1 | 0 (avg) 0 (max) |
0 | 0 |
See details of how we test.
Wrap Up
As I said at the start of this review, the B-4000 isn’t for everyone. It’s really more of a specialized product for folks who want to run their own wireless hotspot than an 802.11b wireless router with built-in per-user authentication. Given its intended audience, I’d like to see ZyXEL improve the documentation with better explanations that don’t just say what each feature is, but that also explain the how and why of them. Getting rid of the errors, references to the ZSG-100W, and improving the language usage would help too.
What doesn’t need improvement, however, is the excellent wireless performance and fast routing speed, which are among the best I’ve seen in any 802.11b product!