|SMC Barricade g High-Powered 2.4GHz 54Mbps Wireless Broadband Router with USB Print Server|
|Summary||PRISM-based 802.11g wireless SPI router with USB print server|
|Pros||• Supports WPA
• Supports 802.1x
• Integrated USB print server
|Cons||• Documentation and online help could be more helpful
• Some features hard to configure
The SMC2804WBRP-G is part of SMC’s Barricade g line and has nearly all of the features we’ve come to expect (and demand) from wireless gateway / routers. SMC tries to stand apart from a crowded field by using three things: Their name and reputation for a solid product, a built-in USB port that supports a print server, and a free copy of Zone Alarm Pro.
The SMC shares a broadband Internet connection with multiple computers and provides wireless clients with WPA (Wi-Fi Protected Access)-secured access. WPA improves on WEP and virtually eliminates the security concerns early wireless had with hack-prone WEP connections.
The router also features MAC address filtering, which adds an additional layer of security by restricting wireless access to clients based on their wireless adapter’s hardware address.
Starting with the front of the SMC2804WBRP-G, there are two sets of LEDs, for power, WAN speed and connection and WLAN connection / activity. The LAN LEDs also show LAN connection speed and activity.
At the rear are the four 10/100 LAN ports, USB printer port, WAN port, reset button, and power jack. The unit also comes with two jointed dipole antennas that are connected using two RP-TNC style connectors.
Inside the box, along with the Wireless Barricade g Broadband Router is a power adapter, CAT-5 Ethernet cable, four rubber feet, an installation CD containing an Adobe Acrobat version of the User Guide and SMC’s EZ 3-Click Installation Wizard and a fold-out Quick Installation Guide. There is no mounting hardware, but there are two slots on the underside for sliding in and locking into place two screw heads.
For those of you interested in what’s under the hood, the router’s processor is the ADM5120 Home Gateway controller and it uses Arcadyan’s WN4401A miniPCI Card radio which is based on Conexant’s PRISM 11g chipset.
Setup and Administration
Setup and configuration was fairly straight forward: plug the unit in, power it up, plug in a laptop or computer set to use DHCP and the SMC automatically assigns an IP address. From there users may choose three options: the EZ 3-Click Installation Wizard, an onboard setup wizard, or manual setup.
If you select the EZ 3-Click Installation Wizard, a Windows-based set of three screens walks the user through basic setup and gets the router onto the Internet.
Figure 1: Windows-based Setup Wizard provides WAN connection options
For those that prefer a web-based setup (or happen to be non-Windows users), web-based installation is nearly as easy. Connect to the unit at its default IP address of 192.168.2.1 and provide the default password. (In the interest of security, I wish that vendors would allow users to change the admin account’s name, but consumer products seem to favor a password only approach.)
Once you’ve logged in, you will see a status screen, similar to the one shown in Figure 2.
Figure 2: The Status Screen
From there you may choose to run the “Setup Wizard” or manually configure the settings to your liking. In my case, one of the first things I had to do was upgrade the firmware, since initially there was a glitch in connecting wireless clients.
Figure 3: The Firmware Upgrade screen before upgrading the firmware
TIP: Note that after I updated the firmware, I found that the new revision added an option for upgrading the Boot Loader in addition to the firmware.
Setup and Administration, Continued
After the upgrades, I reset the box and made configuration changes via the web-based interface. As you can see below, the SMC2804WBRP-G supports a number of WAN connection options, including Dynamic IP Address, PPPoE, PPTP, L2TP, static IP addressing, and if you happen to live in Australia you can “put another prawn on the barbie” while you hook up to BigPond.
Figure 4: Manual WAN setup options
I chose PPPoE and put in the account name and password provided to me by my ISP. You will note below that it is also possible to tweak your maximum transmission unit (MTU) size, which can potentially increase (or impact) the performance of your connection to the Internet.
Figure 5: PPPoE provides the ability to change frame size
Configuration settings also make it easy to set a time zone. By default, SMC helps you select a network time protocol (NTP) server to keep your time stamps accurate.
Figure 6: NTP helps to keep your logs synchronized
I was also able to change the IP address of the router, to match the IP address scheme that I use on the rest of my network. This saved me from having to re-IP other devices on the network, such as network attached storage servers. SMC also allows several configurations for DHCP lease time in increments from one-half hour to forever.
Firewall Features – Service Blocking
Assuming that you are going to use the SMC2804WBRP-G as a home router, SMC does a fairly good job providing the kind of features you would need to keep your home network safe and your home users from seeing things you might not want them to see. By default the SMC2804WBRP-G’s firewall comes disabled. I don’t think this is such a stellar decision and believe that firewalls should come enabled by default. Once the firewall is activated, a set of additional options is made available.
To block services, you use the Access Control (port filtering) functions for blocking standard protocols or user defined protocols for a single IP or range of IP addresses (Figure 7 and 8).
Figure 7: Access Control helps keep users from running unacceptable applications
Figure 8: Common services have been pre-defined
The SMC2804WBRP-G’s firewall also includes Intrusion Detection features that control aspects of its Stateful Packet Inspection (SPI). For example, the Denial of Service (DoS) protection blocks a type of attack – such as pinging the external IP of your router rapidly in succession – that can disable an Internet connection by using all available bandwidth.
While DoS protection prevents offending packets from reaching LAN clients, it cannot prevent your Internet connection’s bandwidth from being eaten up by attacking computers because it works at the receiving end of the attack.
Figure 9: The Barricade g can block common Internet attacks
During testing, I inadvertently got a taste of how the intrusion detection function works. I had hooked a client PC up to the WAN port to test UDP streaming from the WAN to a LAN-based PC. With the intrusion detection feature turned on, the router saw this as a type of UDP flood and immediately suspended communication with the offending PC. Only by checking the Security Log was I able to realize why I had been suddenly cut off from the LAN PC.
I also liked that SMC also provides control of various Connection Policy timings such as TCP SYN and FIN waits and connection idle timeouts as part of the router’s SPI controls.
Firewall Features – URL Blocking
The steps to get URL Blocking to work are not completely intuitive, but not impossibly hard either. You must enter up to 32 URLs or key words and then return to the Access Control screen and add the PC (or range of PCs) that you desire to be affected by the Filters.
I didn’t like that when a user triggers a Content Filter, the browser just hangs while trying to get the page. SMC has no option for adding a custom message (such as “sorry, no viewing that website”), so the user is left to wonder, “did the Internet die, or was it something I did?”.
The URL Blocking feature, however, isn’t very robust in that it can be defeated by using the IP address of the desired website instead of its name. Inexperienced web-surfers may not be savvy enough to know about this trick, but your resident teens probably do.
Once you’ve added a key word or URL, you can configure a time to have the blocking start and stop, but you can configure only one time period per day.
Figure 10: Time options can be applied to rules, but only once a day
I also found you must enter something in the Schedule Rule Comment field, or the rule cannot be saved.
Firewall Features – Port Forwarding
The SMC2804WBRP-G provides the ability to specify up to 20 Virtual Servers for supporting servers or applications that need to allow access from the Internet. Figure 11 shows the configuration options available.
Figure 11: Virtual Servers provide automatic redirection to web or FTP servers
Some applications such as Internet gaming, videoconferencing and Internet telephony use dynamically assigned ports and therefore can’t be handled by using a Virtual Server. Use of these applications is also typically desired by more than one user, which static port mapping also can’t handle.
The Special Applications feature (Figure 12) solves these problems by monitoring outbound data for specific ports called “trigger ports”. When the firewall sees a data packet using this port, it temporarily opens the Public Ports that are also specified in the rule and closes them when the data comes in. SMC provides a half-dozen pre-configured Special Application rules such as Battle.net, Dialpad, MSN Gaming Zone.
Figure 12: Trigger ports can be helpful when playing online first-person shooters
Logging and Alerts
Logging on the SMC2804WBRP-G is OK, but could be better. The Status screen (Figure 13) has a logging window, but it can not be re-sized. A better idea would have been to move the DHCP status window below the logging window and use the entire width of the page.
Figure 13: The Security Log has lots of important information, I wish it had a bigger window
Another negative is that there doesn’t appear to be any way to view stats related to wireless traffic. It is possible, however, to log events to an external syslog server and, if you are under attack, be alerted via email (Figure 14). Now all I need is to get a BlackBerry for when I am away from my desk.
Figure 14: Alerts will be emailed in the event of a hack attack
Dynamic DNS support allows accessing services on your LAN using an Internet-friendly name (such as ftp.scottsbigfileserver.com) even though you have a dynamically changing IP address provided on loan from your phone or cable company. You can select from DynDNS.ORG and TZO.com as service providers.
Universal Plug and Play (UPnP) is also supported, but defaults to being disabled.
Other than having a line item on the SMC’s web-based Status screen showing Printer Status “Not Ready” or “OK”, there is no screen for configuring the built-in single-port USB print server. However, the CD that ships with the router has an SMC Print Server Monitor utility that can be installed on older Windows-based computers that don’t support LPR-based printing.
WinXP users don’t need to install this utility and can instead follow the setup instructions in the User Manual. Linux users will appreciate that they can also take advantage of the Barricade’s print server, by using Gnome’s printconf-gui.
Routing performance was a case of uncovering something both fantastic and terrible. Connecting LAN to WAN, I was able to consistently achieve a truly fantastic transfer rate of 88.5 Mbps! Considering the overhead that a TCP connection naturally has, this is an amazing number.
On the flip side, I was completely unable to get UDP streaming numbers after spending many fruitless hours checking and rechecking configuration settings, including completely disabling the firewall’s SPI features and putting the LAN machine in DMZ.
I was able to send UDP packets from the LAN to the WAN but the streaming test would not complete due to the inability of Qcheck to return its results from the remote endpoint. Going from WAN to LAN was even worse, since no communications would connect inbound when using a static WAN IP.
The UDP problems are common when using Qcheck to test routers with SPI + NAT firewalls, since Qcheck isn’t designed to handle this newer, but now common firewall. But the complete inability to run any WAN-LAN tests is a new behavior and I wasn’t able to resolve the cause of it with SMC.
Routing Performance Test Results
|Test Description||Transfer Rate (Mbps)||Response Time (msec)||UDP stream|
|Throughput (kbps)||Lost data (%)|
|WAN – LAN||(avg)
|LAN – WAN||88.5||1 (avg)
|Firmware Version||V 1.956|
See details of how we test.
By default, wireless is enabled, but you can shut off the radio if you don’t need it. Wireless settings include Mode (mixed b and g, long range mixed b and g, b only or g only), Transmit rate, Channel, SSID, and the ability to disable SSID broadcast.
You will also notice at the bottom of Figure 15 the option labled g Nitro, which controls Conexant’s throughput enhancement technology.
Figure 15: Wireless settings
We’ve all heard about WEP’s infamous weakness, most of them addressed by WPA, which is why the Barricade g can be configured to allow only WPA if you opt for more security. Note that the SMC2804WBRP-G is one of the few routers that allows both WEP and WPA clients to connect at the same time.
Figure 16: You can set up your network to have no security, a little, or a lot with WPA
Though this appears to be an advantage, using this mode essentially negates WPA’s enhanced security, since WEP provides a weak point that can be exploited by an attacker who could relatively easily gain access to your network.
The WPA features include support for both the simpler Pre-Shared Key and “enterprise” modes and supports only the mandatory TKIP cipher (some products support both TKIP and stronger optional AES encryption). “Enterprise” mode supports 802.1x authentication (Figure 17) via a RADIUS server on your network.
Figure 17: RADIUS support provides centralized authentication and auditing control
Of course, if you don’t have a RADIUS server on your network and want to rely on MAC address filtering, you can do that too. Filtering can be set for “allow” mode only and you can enter up to 32 MAC addresses.
Wireless testing fared much better than my wired testing, and ran to completion. The Chariot Condition 1 (Figure 18) throughput of 20Mbps is almost 30% higher than the top speed of the ZyAIR G-2000 that I recently tested under identical conditions, a result probably helped by the Nitro-g throughput enhancement.
– WEP encryption: DISABLED
AP f/w: V 1.956
Client to AP –
Client to AP –
Client to AP –
[Test setup details can be found here]
Figure 18: Condition 1 throughput
Condition 2 (Figure 19) speed was also better than the ZyAIR and the Condition 3 (Figure 20) speed was about double that of the ZyAIR. Streaming performance was not as good, however, with the SMC experiencing lower UDP throughput and more lost packets.
Figure 19: Condition 2 throughput
Figure 20: Condition 3 throughput
I should note that I was unable to get a WEP connection to work with my Fujitsu Lifebook that uses an internal Broadcom-based wireless network card.
The SMC Barricade g SMC2804WBRP-G is reasonably priced and has a good feature mix. Wireless throughput vs. range was very good, with speedy performance even at my worst-case test location.My main concern is with my failure to complete any WAN-LAN router performance tests. This problem could just be due to Qcheck’s incompatibility with SPI + NAT firewalls, or it could foretell problems with getting Virtual Servers to work.
With a good feature-set, the SMC2804WBRP-G does itself a minor disservice with its user guide, which runs just over 110 pages, but doesn’t contain much more information than the SMC2804WBRP-G’s internal help pages. I also found the knowledge-base at SMC’s website to be equally unhelpful while trying to diagnose the problem with my UDP streaming tests. Because I am a product reviewer, I can usually get special treatment when trying to diagnose a problem. But this would not be the case for users who must struggle through the problem solving process with poor support tools.
When I used the router for common tasks, such as sharing my PPPoE Internet connection, it performed well and was trouble free. And although wireless performance vs. range was very good, you might experience the same problem I had with getting a WEP connection to work.
The easy things were easy with the SMC2804WBRP-G, but some advanced features (such as Virtual Servers and Special Applications) were harder to get working than they should have been. In the end, I liked the product, but have concerns for those users who stray from the beaten path and head off into more advanced territory with the SMC Barricade g.
Wireless Testing Details
All tests were done using IXIA’s Chariot 4.3, build 1699. Test direction is from AP to client, using TCP/IP protocol and 1,000,000 Byte file size, looped for one minute.
Wireless Client is a Fujitsu Lifebook P-2000 running Windows XP SP1 with 512 MB RAM and Intel Pentium M 900 Mhz
Ethernet Client is a Dell Inspiron 8600 running Windows XP SP1 with 512 MB RAM and Intel Pentium M 1.7 Mhz
Condition 1 : Same room
Distance between G-2000 and wireless client is under 10 feet.
Condition 2: Moderate distance
Wireless client moved approximately 40 feet away, transmitting through two sheet rock walls.
Condition 3: Worst case
Wireless client approximately 100 feet from AP, exterior to the structure containing the AP. The AP is shielded by a brick wall and earth, with the AP below the client.