Author: Tim Higgins
Review Date: 9/1/2001

Model: 2E-H-W11

Pros:
– Fast routing
– Bandwidth control
– Non TCP/IP protocol bridging

Cons
– Expensive
– Slow wireless
– Only 40 bit WEP
– No MAC address association control
– No port filtering

 

The Basics

Indicators
  • Link/Activity for each of eight LAN ports

  • Wireless Activity
  • WAN Activity (Front Panel)
  • WAN Link/Activity (Rear Panel)
  • Power
Connectors
  • One RJ45 10BaseT WAN

  • Eight RJ45 10BaseT LAN (not switched)

  • Power

  • DB9F RS232 Serial console

Comes with
  • System CD with manuals, drivers, software
  • Power Supply (120V)
  • printed “Getting Started” Guide
Other 
  • No Hardware Reset switch

  • NO Uplink or Normal / Crossover switch for LAN Ports

  • Removable PC card radio with removable patch antenna module.

 

Introduction

The Cayman 2E-H-W11 is an 802.11b wireless router with built-in 8 port 10BaseT hub, and a fast, flexible, NAT router paired with a poorly performing wireless side.  Designed primarily to be sold to BSPs (Broadband Service Providers), it has some unique features that may interest experienced networkers… if they want to pay the price.

 

Setup and Administration

I didn’t have problems setting up the W11, since it has both HTTP (browser) and Telnet based admin interfaces (a serial console connection is also provided) and came with its built-in DHCP server enabled.  My trusty test PC was set to be a DHCP client and leased an address without problem so that I could connect to the 192.168.1.254 admin server address.

During my testing, I was surprised to find the default setup of the W11 to be very insecure.  Not only does the unit ship without a default admin password, but it has both the HTTP and Telnet admin interfaces open to the WAN side of the router!  The unit allows multiple users to be logged into the admin server at the same time, with no notification of the additional logins.  There’s also no way to limit WAN side admin access to either an IP address range or specific IP address to enhance admin security.

Note on the screen shot above, that you do get a security warning about the lack of password.  But there’s nothing to warn the user that their router can be controlled by anyone who Telnets in or types their IP address into a web browser!   This should be fixed IMMEDIATELY, since port scans for ports 23 and 80 are a daily, if not hourly occurrence for most users, even those of us on dialup connections!  Cayman also doesn’t let you set the W11 so that it doesn’t respond to pings from the WAN side, although they say this is coming in a future firmware release.

Once you secure your W11, you’ll find pretty much everything you need to set up for most BSPs.  For @Home use, you can set the router name and Domain Name for the DHCP server to hand out to clients.  ATT Broadband and other MAC address authenticated users will need to use the Telnet interface’s CONFIG commands to change the WAN MAC address.  PPPoE is supported, but you can just enter your Username and password — no idle time or auto-reconnect settings are provided.

 

Routing Features

The W11 has an interesting mix of routing capabilities.  You can forward up to 64 ports or port ranges (“pinholes”), but the mappings are static, i.e. triggered maps are not supported.   You currently can’t do any port filtering to control the services that users can access, but Cayman says they’ll be adding this in a future firmware release.  You can also set one “default host” that is effectively placed on the WAN side of the firewall.

If VPN is your interest, you’ll find that the W11 supports pass-thru for multiple PPTP or IPsec client sessions.  There’s no hard limit on the number of sessions or number of sessions per server.  On the downside, “pinholes” won’t work for accessing PPTP and IPsec LAN-side servers from the Internet (WAN), although you can try using the “default host” function for this.

Up to 16 static routes are supported, and you can enable RIP1, RIP2, or RIP2 with MD5 authentication for dynamic routing.

Logging is restricted to configuration “console” type messages, with no Web site or other IP traffic logged, and no security (“hack”) attempts. Cayman says that “a soon to be available product” will provide security event logging, though.  You can clear the log, but can’t save it or send it to a syslog or SNMP trap server.  Other links on the Monitor page let you view a variety of router and network information.

The W11’s routing features include a few that you don’t normally find in a consumer router, but that a BSP would feel right at home with: (These features are available via the Telnet admin interface only.)

  • You can enable bridging of non TCP/IP protocols (such as AppleTalk and NetWare) between all router interfaces (WAN, LAN, and Wireless).  Bridging essentially makes multiple networks look like one network by not paying attention to IP addresses, but using devices’ MAC addresses to send data to the right place. (See this page for more on bridges.)

  • The “Traffic Shaping” option lets you set the maximum transfer rate (throughput) that’s allowed through the router.  This setting applies to all traffic through the router, i.e. you can’t set it on a per-user or application basis.

If you really want to get into the details, download the documentation from the Cayman Support site.

That about covers the Routing Features.

 

Wireless Features

The 11W uses a Proxim Harmony 8430 802.11b PC card  radio that supports 40 bit WEP encryption only. (The FCCID on the Proxim card shows that it’s an XI-300 sourced from Z-Com.) The radio is plugged into a PC card connector mounted inside the chassis enclosure, with the patch type antenna sticking out of a slot in the rear of the box.  The antenna module is removable and connected via two miniature MMCX style connectors, so with the proper “pigtail” cables, it’s possible to attach other antennas.

Wireless settings include the basics.  You can set the Channel number (default is 7) and ESSID.  You can also set four 40 bit WEP keys (using Hexadecimal format only), and choose Open System or Shared Key Authentication (see this page). You also get to choose whether to ignore unencrypted data.

On the minus side, Cayman has not included MAC address based Access/Association Controls, a notable omission.

The W11’s Monitor features will let you see wired and wireless DHCP clients (both MAC and IP addresses), and traffic statistics.

 

Routing Performance

I ran the Qcheck suite to test routing performance, with the following results:

Firmware/Driver Version:

GatorSurf 5.6.2 Build R1 /
Firmware 2.6

Test Description

Qcheck Transfer Rate (Mbps)

[1Mbyte data size]

Qcheck Response Time (msec)
[10 iterations 100byte data size]

Qcheck UDP stream
[10S@500Kbps]

(Actual throughput- kbps)

(Lost data- %)

WAN-LAN

6.6

 3 (avg)
7 (max)

499

 0%

LAN-WAN

6.5

 3 (avg)
6 (max)

499

 0%

(Details of how we tested can be found here.)

Comment: Very speedy, including UDP performance. No problems in this department!

 

Wireless Performance

I used an ORiNOCO Gold PC card as the wireless test partner and ran my usual Qcheck test suite. (More details of how I tested can be found here.)

Test Conditions:

Firmware/Driver Versions:

– WEP encryption: DISABLED
– Tx Rate: 
Automatic
– Power Save: 
disabled
– Channel: 6

AP f/w:
GatorSurf 5.6.2 Build R1 /
Firmware 2.6

Wireless client driver:
Variant 1, V6.44
Wireless client f/w: 

– Primary Functions: Variant 1,  V4.04
– Station Functions: Variant 1, V6.16

Test Description

SNR (dB)

Qcheck Transfer Rate (Mbps)

[1Mbyte data size]

Qcheck Response Time (msec)

[10 iterations 100byte data size]

Qcheck UDP stream
[10S@500Kbps]

(Actual throughput- kbps)

(Lost data- %)

AP to Client – Condition 1

50

4.1[No WEP]
1.5[w/WEP]

5 (avg)
7 (max)

491

0%

AP to Client – Condition 2

40

4.1

5 (avg)
8 (max)

492

0%

AP to Client – Condition 3

20

3.8

5 (avg)
7 (max)

491

0%

AP to Client – Condition 4

9-15

2.4

5 (avg)
10 (max)

393

0%

Comments: The radio portion doesn’t match the performance of the router side.  Signal was marginal during the Condition 4 test, with fluctuating SNR readings.  Throughput (Transfer Rate) takes about a 60% WEP-enabled hit with 40 bit WEP enabled.

The graph below (click for a full-sized view) shows TCP throughput over an approximately two minute period (details of the test are here).

Comments: You can see the Condition 4 performance degradation with WEP disabled.  You can also see significant variation even with the lower WEP enabled speed.

 

Summary

Cayman sells a lot of product to BSPs and “enterprise” customers, but would like to develop more of a presence in the “residential” market.  Unfortunately, I don’t think the 2E-H-W11 is the product that will do it.

Although it’s a fast router with a number of unique features, it lacks some of the basics such as port filtering, security “event” logging, and triggered port maps.  Those shortcomings might not be so bad, but the wireless side of the product simply isn’t up to par with competitive offerings.

For $500 you can do a whole lot better, and so can Cayman.