ASUS DSL-G31 – connection to ADSL or Ethernet providers
Written by Maxim Klimanov
Introduction
After moving to a new place users often have to change their provider, and this change may also mean a change in the connection technology, which will inevitably drive previously purchased network equipment out of use. For instance, if one provider used the ADSL technology, then after switching to Ethernet the subscriber will have to change his router as the one he owns hasn’t got the necessary Ethernet WAN-port. Fortunately, switch chips used in modern network equipment are managed, which makes it possible to assign one or more LAN-ports to special needs. One of such needs may be the necessity to connect to Ethernet providers. The idea of this scheme is to exclude a certain LAN-port from the switching engine and use it specifically to connect to the operator. This scheme used to be available to those select few enthusiasts who were guru of BusyBox and Linux. However, these days it’s available to any user whose knowledge of network technologies is quite superficial. This facility appeared owing to the releases of new official firmware which allows choosing a WAN-port for connecting to a provider. An example of a device which has such peculiar firmware is ASUS DSL-G31, and in our review we will not only look at traditional ADSL-modem/router features but also at its ability to connect to Ethernet providers.
External Design
The Wireless ADSL2+ modem is performed in a square white plastic case with rounded corners. The device is powered by an external power adapter which provides 1A of direct current at 12V voltage, thus the maximum electricity consumption of the gadget shouldn’t exceed 12 Watts. The weight of DSL-G31 itself without the antenna and the power adapter is 300 grams. The dimensions are 173*129*33 mm.
The upper panel has a ventilating grate and an embossed vendor name. Four soft rubber stands are glued to the bottom to put the device on the table. It’s also possible to mount the device on the wall for which there are two T-shaped holes. On the bottom there are also vent holes and a sticker with the brief information about the device.
The side panels of the wireless ADSL2+ router are quite featureless; there’s only an outer antenna connector on one of them.
Now let’s turn to the back panel where there’re four Fast Ethernet ports. When using DSL-G31 with old original firmware these ports could only be used to connect up to four wire devices to the user’s local net. In the section devoted to the web-interface we will speak about the features of the new firmware in more detail. Also on the back panel is a port for connecting to ADSL-providers with the help of the RJ-11. Here you will also find a power slot and an on/off button. The recessed Reset button allows resetting DSL-G31 to factory defaults.
Now let’s look at the front panel. Here, besides the name of the device, are 8 indicator lights (Wireless, LAN1-LAN4, Internet, DSL and Power), showing the state of the device itself and its ports.
Having studied the outside of the device, let’s look inside.
Hardware platform
All the ADSL-modem inside parts are put on one green textolite board. Its elements are placed on both sides.
The RAM memory is provided by two ESMT M12L64164A chips working at 143 MHz. Each of these memory modules is of 8 Mbyte, consequently the device can work with 16 Mbyte of RAM altogether.
The diagram of the chips under consideration is shown below.
The processing of ADSL2+ is performed by a BCM6348SKFBG Broadcom chip, with an imbedded MIP32 processor. The following annexes are supported: A, B, C, J, I, L, and M. The scheme of the installed Broadcom BCM5325EKQMG switch with five Fast Ethernet ports is presented below. Two HST-2027DR GROUP-TEK chips are responsible for wire physics.
The wireless part of DSL-G31 is represented by a BCM4318KFBG Broadcom module working on 802.11b/g standards. By the way, the pigtail for the outer antenna is simply soldered to the board, which makes the whole construction undismountable. Flash memory is presented by a 4 Mb KH29LV320DBTC chip.
Here we’re through with the brief review of the DSL-G31 hardware.
Firmware upgrade
There’re three ways to change the version of the modem firmware: via HTTP web-interface, with the help of file transfer protocols FTP/TFTP or using the firmware recovery utility. First we decided to take the way traditional for SOHO equipment – to use the HTTP protocol. To get additional functionality (using one LAN-port as WAN) it is necessary to have modern firmware with a “dual” index. At hand we had a 3.0.1.9.A_dual4 version to which we’ll be upgrading.
To upgrade via web-interface you have to open the Firmware upgrade tab in the Administration menu. There you choose the necessary image file and click Upload.
The whole upgrade process takes around two minutes, of which the pop-up window informs. To verify the fact that the firmware has been really upgraded, one has to read the heading of the web-page which says the uptime of the device, the name of the wireless network and the firmware version.
Now let’s try to upgrade the firmware with the help of TFTP. For this in the telnet session we’ll turn to the Update Software tab of the Management menu. TFTPD32 version 3.35 was used as a TFTP server.
Update Software Menu
1. Update Software
2. Exit
/ Management/Update Software ->
Update Software
Press <enter> to use current value
Press <esc> and <enter> to cancel
Tftp Server IP address (): 192.168.1.2
Update Software File Name (bcm963xx_fs_kernel): DSL-G31_3.0.1.9.A_dual4.trx
kill process [pid: 337] [name: bftpd]...
kill process [pid: 346] [name: tftpd]...
kill process [pid: 330] [name: klogd]...
kill process [pid: 327] [name: syslogd]...
Remaining modules:
ipt_tos 416 0 - Live 0xc0159000
ipt_tcpmss 896 0 - Live 0xc0157000
ipt_length 448 0 - Live 0xc014b000
ipt_layer7 9360 0 - Live 0xc0151000
ipt_helper 768 0 - Live 0xc0149000
ip_conntrack 92496 2 ipt_layer7,ipt_helper, Live 0xc0070000
ip_tables 14144 5 ipt_tos,ipt_tcpmss,ipt_length,ipt_layer7,ipt_helper, Live 0xc0
039000
wl 360064 0 - Live 0xc00e6000
bcm_enet 17776 0 - Live 0xc002b000
bcmprocfs 12512 1 ip_conntrack, Live 0xc000f000
adsldd 114512 0 - Live 0xc0053000
blaadd 5872 0 - Live 0xc000c000
atmapi 48176 2 adsldd,blaadd, Live 0xc001e000
Memory info:
Number of processes: 26
12:16am up 16 min,
load average: 1 min:0.01, 5 min:0.06, 15 min:0.07
total used free shared buffers
Mem: 13316 12156 1160 0 840
Swap: 0 0 0
Total: 13316 12156 1160
Done removing processes
Allocating 3820569 bytes for broadcom image.
Memory allocated
Total image size: 3820561
Firmware image format verified.
Tftp image done.
Flashing root file system and kernel...
After which the telnet session is broken and two minutes later the router is ready to work again.
We have found another interesting way of changing firmware. It also uses the TFTP protocol, but this time you’ll need not a TFTP server but a client. The only thing you have to do is to copy the required firmware file via the TFTP protocol to the “server” running on DSL-G31. And again the router will be ready to work in two minutes.
C:\ASUS\DSL-G31\Firmware>tftp -i 192.168.1.1 put DSL-G31_3.0.1.9.A_dual4.trx
Transfer successful: 3820561 bytes in 6 second, 636760 bytes/s
Getting ahead of ourselves we have to note that testing and studying the features of the command line resulted in finding an open FTP port. Naturally, we tried to copy firmware through it as well. Our attempt was a success.
C:\ASUS\DSL-G31\Firmware>ftp
ftp> open 192.168.1.1
Connected to 192.168.1.1.
220 Ftp firmware update utility
User (192.168.1.1:(none)): admin
331 Password please.
Password:
230 User logged in.
ftp> put C:\ASUS\DSL-G31\Firmware\DSL-G31_3.0.1.9.A_dual4.trx
200 PORT 192.168.1.2:55848 OK
150 BINARY data connection established.
Ftp image done. PLEASE TYPE 'bye' or 'quit' NOW to quit ftp and the Router will
start writing the image to flash.
ftp: 3820561 bytes sent in 4,46Seconds 857,20Kbytes/sec.
ftp> close
221 The Router will reboot upon completion (about 2 minutes)...
ftp> bye
C:\ASUS\DSL-G31\Firmware>
The only way of firmware update/recovery we haven’t described yet is using the firmware recovery utility. Unfortunately this software doesn’t go with the DSL-G31 utility set, so we took it from the ASUS RT-N16 set. The firmware recovery program allows loading the firmware image only to the devices in the local segment and turned into the recovery mode where the boot loader works. ASUS DSL-G31 may get into this mode as a result of some malfunction like after a power switch off while in the standard firmware update process. You can turn the device in this mode manually; for this you have to press the Reset button on the back panel of the ADSL router, switch the power on and wait for the power indicator to start flashing slowly (5-10 seconds). The recovery process is very simple: you specify the file with working firmware and click Upload; the utility will by itself detect the problem device and recover it.
Naturally, we captured the dialogue between the recovery utility and DSL-G31 with the help of a network analyzer Wireshark version 1.4.1. There’s nothing extraordinary in this dialogue: the process of searching for the problem device and transfer of the firmware image file via the TFTP protocol.
It’s also possible to recover firmware manually. For this you should connect to one of the DSL-G31 LAN ports using 192.168.1.2/24 IP-address. To check whether the device is really in the recovery mode use ping. In the regular mode the router ICMP echoing back comes with TTL=64.
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
In the recovery mode, when the answer is sent by the boot loader, the router sets TTL=100. By the way, the boot loader always uses 192.168.1.1 address.
Reply from 192.168.1.1: bytes=32 time<1ms TTL=100
After checking the availability of the boot loader we transfer the firmware image file via the TFTP protocol as described above. Now we only have to wait for DSL-G31 to save the new firmware version (a couple of minutes) and reload the device.
Here the part devoted to firmware change comes to its end.
Command line interface review
It’s possible to manage ASUS DSL-G31 with the help of the command line interface that is organized as a menu. Let’s study the command line features in more detail. After entering correct logon information (the defaults are admin/admin) the user gets into the main menu. It should be noted that several simultaneous telnet sessions are allowed. From now on all unnecessary line feeds are deleted.
C:\>telnet 192.168.1.1
BCM96348 ADSL Router
Login: admin
Password:
Note: If you have problem with Backspace key, please make sure you configure you
r terminal emulator settings. For instance, from HyperTerminal you would need to
use File->Properties->Setting->Back Space key sends.
Main Menu
1. ADSL Link State
2. LAN
3. WAN
4. DNS Server
5. Route Setup
6. NAT
7. Firewall
8. Quality Of Service
9. Management
10. Passwords
11. Reset to Default
12. Save and Reboot
13. Exit
->
The first point of the menu shows the state of the ADSL line.
ADSL Link Info
adsl: ADSL driver and PHY status
Status: Idle
Link Power State: L0
Hit <enter> to continue
The second point (LAN) is responsible for configuring LAN-interfaces. With its help one can configure the IP-address and the subnet mask for the local interface as well as the DHCP-server parameters.
LAN Menu
1. Configure
2. Show
3. Exit
/ LAN -> 1
LAN Configuration Menu
Press <enter> to use current value
Press <esc> and <enter> to cancel
IP address (192.168.1.1) : 192.168.1.1
Subnet mask (255.255.255.0) : 255.255.255.0
DHCP server mode [1-enable,2-disable,3-relay] (1) : 1
Start IP address (192.168.1.2) : 192.168.1.100
End IP address (192.168.1.20) : 192.168.1.200
DHCP leased time in hours (24) : 24
***Reboot is required for configuration to take effect.***
Hit <enter> to continue
/ LAN -> 2
Show LAN Menu
IP Address 192.168.1.1
Netmask 255.255.255.0
DHCP Server Enabled
Start IP 192.168.1.100
End IP 192.168.1.200
Lease Time 24
Hit <enter> to continue
You can create, look through and delete WAN-interface settings via the same-name menu point #3. We’d like to note that the command line interface only allows working with the connections through the ADSL-port. The connection to the provider through the LAN-port is still only possible with the help of the router’s web-interface.
WAN Menu
1. Configure
2. Delete
3. Show
4. Exit
/ WAN -> 3
VCC Con. Catego. Service Interface Proto. IGMP QoS
State Status IP
ID Name Name
address
0.0.32 1 UBR Eth_Wan ppp_0_32_1 PPPoE Disable Disable
Enable ADSL Link Down
Hit <enter> to continue
/ WAN -> 1
Press <enter> to use current value
Press <esc> and <enter> to cancel
VPI [0-255] (0) : 1
VCI [32-65535] (35) : 50
WAN ID [0-8] (0) : 1
Category [1-ubr,2-ubrpcr,3-cbr,4-rtvbr,5-nrtvbr] (1) : 1
Protocol [1-pppoa,2-pppoe,3-mer,4-ipoa,5-bridge] (1) : 2
Encapsulation [1-llc,2-vcmux] (1) : 1
State [1-enable,2-disable] (1) : 1
Service name () : test
User name () : user
Password () :
Idle timeout (minutes) [0-1090] (0) : 10
Authentication method [1-auto,2-pap,3-chap,4-mschap] (1) : 1
IGMP [1-enable,2-disable] (2) : 1
QoS [1-enable,2-disable] (2) : 2
PPP IP address [1-enable,2-disable] (2) : 2
PPPoE service name () :
PVC (1/50) is configured successfully.
***Reboot is required for configuration to take effect.***
Hit <enter> to continue
In the menu point #4 DNS Server you can set what DNS-servers the router should use.
DNS Menu
1. Configure
2. Show
3. Exit
/ DNS Server -> 1
Enable automatic assigned DNS? [1-yes,2-no] ==> 2
Note: Primary DNS must be specified, secondary DNS can be omitted.
Hit return at prompt if parameter is not used.
Press <enter> to use current value
Press <esc> and <enter> to cancel
Primary DNS (192.168.1.1) : 192.168.1.100
Secondary DNS (192.168.1.1) : 192.168.1.101
Hit <enter> to continue
Configuration of static and dynamic routing is made in point #5 Route Setup. In DSL-G31 dynamic routing is represented only by the RIP protocol.
Route Setup Menu
1. Default Gateway
2. Add Route
3. Delete Route
4. Show Route
5. RIP
6. Exit
/ Route Setup -> 4
Routing Table Show Menu
Flags: U - up, ! - reject, G - gateway, H - host, R - Reinstate
D - dynamic (redirect), M - modified (redirect)
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
Hit <enter> to continue
/ Route Setup -> 5
RIP Menu
1. Global
2. Interface
3. Show
4. Exit
/ Route Setup/RIP -> 1
Global RIP Mode Setup Menu
Press <enter> to use current value
Press <esc> and <enter> to cancel
Mode [1-enable,2-disable] (2): 2
***Reboot is required for configuration to take effect.***
Hit <enter> to continue
/ Route Setup/RIP -> 3
Show RIP Configuration Menu
Global Mode: Disabled
Interface VPI/VCI Mode Version Operation
br0 LAN Disabled 2 Active
ppp_0_32_1 0/32 Disabled 2 Passive
Hit <enter> to continue
The NAT point allows indicating a node in DMZ or configuring port redirection to inner services.
NAT Menu
1. Virtual Server
2. DMZ
3. Exit
/ NAT ->
In point #7 Firewall you can configure filtration by MAC-addresses or by IP-addresses and TCP/UPD ports. We were pleasantly surprised by the possibility to set an access list letting allow and/or prohibit certain outgoing connections. These rules don’t work when addressing DSL-G31 itself. To adjust access to the router you’ll have to turn to point #9 Management.
Firewall Menu
1. IP Filtering
2. MAC Filtering
3. Exit
/ Firewall ->
IP Filtering Menu
1. Outgoing
2. Incoming
3. Exit
/ Firewall/IP Filtering ->
Outgoing IP Filtering Menu
1. Add
2. Remove
3. Show
4. Exit
/ Firewall/IP Filtering/Outgoing -> 3
Outgoing IP Filtering Show
Filter Name Proto. Source Source Source Destination
Destination Destination
IP Address Subnet Mask Port IP Address
Subnet Mask Port
foxnetwork.ru TCP 192.168.0.0 255.255.0.0 192.168.1.1
255.255.255.255 21
Hit <enter> to continue
The quality of service is configured in the QoS point.
QoS Menu
1. Add
2. Remove
3. Show
4. Exit
/ Quality Of Service -> 3
Quality Of Service Class Show
Class Prior. IP Type of 802.1P Proto. Source Source
Source Destination Destination Destination
Name Preced. Service IP Address Subnet Mask
Port IP Address Subnet Mask Port
test Low TCP&UDP 192.168.0.0. 255.255.0.0
10.0.0.0 255.0.0.0
Hit <enter> to continue
Let’s look at point #9 Management which allows making configurations related to the work parameters of the device itself. Sub-point #1 Settings lets you save, show or recover DSL-G31 settings. The parameters of sending log information to the Syslog-server may be set in sub-point #2 System Log. In sub-point #3 SNMP Agent you configure access via the SNMP protocol. One more interesting sub-point here is Access Control where you set access parameters to inner services (FTP, ICMP, HTTP, SNMP, SSH, TELNET, TFTP) of the modem. Unfortunately we failed to connect to the tested router with the help of SSH, no matter that all permissions were created. If you need to let only certain IP-addresses access the DSL-G31 settings, you should turn to sub-point #2 IP Addresses in the Access Control group.
Management Menu
1. Settings
2. System Log
3. SNMP Agent
4. SIP Proxy
5. Access Control
6. Update Software
7. Exit
/ Management ->
Settings Menu
1. Backup
2. Update
3. Dump
4. Exit
/ Management/Settings ->
System Log Menu
1. Configure
2. Show
3. Exit
/ Management/System Log ->
SNMP Agent Menu
1. Configure
2. Show
3. Exit
/ Management/SNMP Agent -> 2
SNMP Agent Information
State : enable
Read only community : public
Read write community : private
System name : test
System location : unknown
System contact : unknown
Trap IP address : 192.168.1.2
Hit <enter> to continue
Access Control Menu
1. Services
2. IP Addresses
3. Exit
/ Management/Update Software/Access Control ->
Services Control Menu
1. Configure
2. Show
3. Exit
/ Management/Update Software/Access Control/Services ->
Services Control List
Service LAN WAN
FTP enable disable
HTTP enable disable
ICMP enable disable
SNMP enable disable
SSH disable disable
TELNET enable disable
TFTP enable disable
Hit <enter> to continue
Addresses Control Menu
1. Change Mode
2. Add
3. Remove
4. Show
5. Exit
/ Management/Update Software/Access Control/IP Addresses -> 4
Address Control List Show
Mode: enable
192.168.0.0
192.168.1.2
Hit <enter> to continue
The only thing left to describe in this section is password management which can be performed in point #10 Passwords. There’re three users in the device: Admin, User and Support whose passwords are admin, user and support, respectively. But unfortunately via telnet it’s only possible to log in as Admin.
Password Menu
1. Admin
2. User
3. Support
4. Exit
/Passwords -> 1
Password Configuration Menu For User admin
Note: Maximum length of password is 16 characters.
Old password :
New password :
Confirm new password:
Password for admin changed successfully.
Hit <enter> to continue
For all the changes to come into effect you’ll have to save the settings and reboot the ADSL-router (point #12 Save and Reboot).
The review of the command line mode wouldn’t be full if we didn’t present the readers the text given by the device in the telnet session right before rebooting.
Save current configuration and reboot? Confirm [1-yes,2-no] ==> 1
PID Uid VmSize Stat Command
1 admin 268 S init
2 admin SWN [ksoftirqd/0]
3 admin SW< [events/0]
4 admin SW< [khelper]
5 admin SW< [kblockd/0]
17 admin SW [pdflush]
18 admin SW [pdflush]
19 admin SW [kswapd0]
20 admin SW< [aio/0]
25 admin SW [mtdblockd]
33 admin 324 S -sh
94 admin 208 S infosvr br0
95 admin 1068 S cfm
221 admin 168 S pvc2684d
420 admin 224 S dhcpd
490 admin 288 S syslogd -C -l 7
494 admin 252 S klogd
497 admin 876 S telnetd
501 admin 176 S bftpd
507 admin 900 S snmp
508 admin 1020 S cfm
509 admin 244 S wanduck
510 admin 268 S networkmap
511 admin 1028 S httpd
516 admin 364 S pppd -c 0.32.1 -i eth0.2 -u -f 0
542 admin 1000 S telnetd
4262 admin 284 S sh -c ps > /var/pslist
4263 admin 276 R ps
Number of processes: 28
12:32am up 32 min,
load average: 1 min:0.01, 5 min:0.08, 15 min:0.04
total used free shared buffers
Mem: 13268 12620 648 0 872
Swap: 0 0 0
Total: 13268 12620 648
kill bftpd process...
kill snmp process...
kill klogd process...
kill syslogd process...
kill pppd process...
kill wanduck process...
kill networkmap process...
Remaining modules:
ipt_tos 416 0 - Live 0xc0153000
ipt_tcpmss 896 0 - Live 0xc0151000
ipt_length 448 0 - Live 0xc0145000
ipt_layer7 9360 0 - Live 0xc014b000
ipt_helper 768 0 - Live 0xc0143000
ip_conntrack 92496 2 ipt_layer7,ipt_helper, Live 0xc0070000
ip_tables 14144 5 ipt_tos,ipt_tcpmss,ipt_length,ipt_layer7,ipt_helper, Live 0xc0
031000
wl 360064 0 - Live 0xc00e6000
bcm_enet 17776 0 - Live 0xc002b000
bcmprocfs 12512 1 ip_conntrack, Live 0xc000f000
adsldd 114512 0 - Live 0xc0053000
blaadd 5872 0 - Live 0xc000c000
atmapi 48176 2 adsldd,blaadd, Live 0xc001e000
Memory info:
Number of processes: 21
12:32am up 32 min,
load average: 1 min:0.17, 5 min:0.12, 15 min:0.05
total used free shared buffers
Mem: 13268 11672 1596 0 876
Swap: 0 0 0
Total: 13268 11672 1596
The system shell is being reset. Please wait...
The data presented give the administrator information on processes ongoing at the moment of rebooting as well as average load of the router within last 1, 5 and 15 minutes.
After we’ve finished with this section we broadened telnet access to ASUS DSL-G31 as we managed to get access to the command line itself. For this you only have to write the sh command instead of specifying the menu point number. Generally, all commands available in the command line may be run from the menu; we still preferred not to display the menu points. As is traditional for this type of devices, the command shell has the ancient 1.00 version of Busybox.
# busybox
BusyBox v1.00 (2010.06.10-09:13+0000) multi-call binary
Usage: busybox [function] [arguments]...
or: [function] [arguments]...
BusyBox is a multi-call binary that combines many common Unix
utilities into a single executable. Most people will create a
link to busybox for each function they wish to use, and BusyBox
will act like whatever it was invoked as.
Currently defined functions:
[, busybox, cat, cp, df, dmesg, echo, egrep, expr, false, fgrep,
grep, ifconfig, init, insmod, install, kill, killall, klogd, linuxrc,
ln, logger, logread, ls, lsmod, mkdir, mknod, mount, msh, mv,
ping, ps, pwd, reboot, rm, rmmod, route, sendarp, sh, sysinfo,
syslogd, test, tftp, tftpd, true, tty, umount, vconfig
With the ps command let’s see what processes are running in the system.
# ps
PID Uid VmSize Stat Command
1 admin 268 S init
2 admin SWN [ksoftirqd/0]
3 admin SW< [events/0]
4 admin SW< [khelper]
5 admin SW< [kblockd/0]
17 admin SW [pdflush]
18 admin SW [pdflush]
19 admin SW [kswapd0]
20 admin SW< [aio/0]
25 admin SW [mtdblockd]
33 admin 324 S -sh
94 admin 208 S infosvr br0
95 admin 1064 S cfm
221 admin 212 S pvc2684d
321 admin 288 S syslogd -C -l 7
325 admin 252 S klogd
328 admin 864 S telnetd
332 admin 176 S bftpd
337 admin 200 S tftpd
338 admin 1012 S cfm
339 admin 244 S wanduck
340 admin 292 S networkmap
341 admin 1024 S httpd
346 admin 364 S pppd -c 0.35.1 -i nas_0_35 -u -f 0
2132 admin 960 S telnetd
2171 admin 284 S sh -c sh
2172 admin 304 S sh
3372 admin 276 R ps
3373 admin 284 S sh -c ls /proc/var/fyi/wan > /var/wanlist
3374 admin 8 R ls /proc/var/fyi/wan HOME=/ TERM=vt102 PATH=/sbin:/bi
Let’s see what commands are available in /bin, /sbin, /usr/bin, /usr/sbin and /proc directories.
# ls /bin
adsl dhcpr ippd nstat sendarp
adslctl dmesg iptables nvram setmem
arpstorm dnsprobe kill ots sh
asusctrl dumpmem l2tp-control ping siproxd
asushotplug ebtables l2tpd pppd sntp
atm echo ln pptp ss
atmctl egrep ls ps stopautopvc
bftpd epi_ttcp mini_sendmail pvc2684ctl sysinfo
brctl ethctl mkdir pvc2684d tc
busybox false mknod pwd tftpd
cat fgrep mount rcamdmain true
cfm grep msh reaim udhcpd
cp hotplug mv ripd umount
ddnsd ifstat nas rm upnp
df igmp nas4not rtacct wanduck
dhcpc infosvr netctl rtstat wlctl
dhcpd ip networkmap ru_pppd zebra
# ls /sbin
ethctl ifconfig insmod logread reboot route vconfig
hotplug init klogd lsmod rmmod syslogd
# ls /usr/bin
[ expr install killall logger test tftp tty
# ls /usr/sbin
ls: /usr/sbin: No such file or directory
# ls /proc
1 325 accumem iomem partitions
1224 328 buddyinfo ioports pci
1421 33 bus irq self
1422 332 cmdline kcore slabinfo
1641 337 cpuinfo kmsg stat
17 338 crypto loadavg sys
18 339 devices locks sysvipc
19 340 diskstats meminfo tty
2 341 driver misc uptime
20 346 execdomains modules var
221 4 filesystems mounts version
25 5 free_pagewalk mtd vmstat
3 94 fs net
321 95 interrupts pagewalk
You can check the version of the operating system by viewing the /proc/version file.
# cat /proc/version
Linux version 2.6.8.1 (root@localhost.localdomain) (gcc version 3.4.2) #107 Thu Sep 23 12:11:32 CST 2010
With the help of uptime and loadavg files in the /proc directory one can estimate the load of ASUS DSL-G31. In the cat uptime output there’re two numbers which are the working and idle time of the router, respectively. The first three numbers in the cat loadavg output show average load of the device within last 1, 5 and 15 minutes, respectively. As we see, at the moment our router is not heavily loaded. Similar information may be got from the command sysinfo.
# cat /proc/uptime
864.40 670.64
# cat /proc/loadavg
0.12 0.14 0.10 1/28 2049
# sysinfo
Number of processes: 28
12:15am up 15 min,
load average: 1 min:0.05, 5 min:0.11, 15 min:0.08
total used free shared buffers
Mem: 13268 12412 856 0 804
Swap: 0 0 0
Total: 13268 12412 856
To learn what file systems and types of encryption are supported is possible if you look through the files file-systems and crypto in the /proc directory.
# cat /proc/filesystems
nodev sysfs
nodev rootfs
nodev bdev
nodev proc
nodev sockfs
nodev tmpfs
nodev pipefs
ext3
ext2
squashfs
nodev ramfs
msdos
vfat
nodev devfs
ntfs
# cat cmdline
root=31:0 ro noinitrd
# cat /proc/crypto
name : sha1
module : kernel
type : digest
blocksize : 64
digestsize : 20
name : arc4
module : kernel
type : cipher
blocksize : 1
min keysize : 1
max keysize : 256
Also we decided to get information about the installed CPU.
# cat /proc/cpuinfo
system type : 96348GW-10
processor : 0
cpu model : BCM6348 V0.7
BogoMIPS : 255.59
wait instruction : no
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : no
VCED exceptions : not available
VCEI exceptions : not available
Naturally we couldn’t help studying the nvram utility which allows looking though and changing important parameters in other Asus devices; however, in DSL-G31 nvram doesn’t show actual data and doesn’t allow changing configuration.
# nvram
usage: nvram [get name] [set name=value] [unset name] [show]
# nvram show | grep username
size: 2063 bytes (30705 left)
http_username=admin
Here we’re done with a rather detailed review of the possibilities of the command line and now we turn to the web-interface.
Web-interface review
We’re not going to describe all the features of the DSL-G31 web-interface in detail; we’ll only mention the most interesting ones. However, first things first. When the user addresses 192.168.1.1 he is asked for his login and password which are by default admin/admin.
Upon successful authentication the user finds himself on the main page of the device. The interface can go in one of seven languages: Czech, German, English, Italian, Polish, Russian or Turkish.
We don’t often use setting wizards, but this time we would like to speak about such a wizard in more detail. The thing is that in its firmware ASUS has implemented a feature which we lacked so much in ZyXEL NetFriend – the device itself supports the list of providers without any utilities that have to be additionally installed and connected… Besides, not all operating systems permit such installation. The quick internet setting wizard allows choosing your provider from a list on the web-page of the modem, set you login and password and… and that’s all – you can start working in the internet straight after rebooting.
The process described above takes place if DSL-G31 isn’t connected to a provider when it’s being configured or it failed to identify him correctly. If the provider is identified by the device’s automatic scanning, the process of connection gets even simpler.
Now let’s move to additional settings that are outside the wizard.
The DSL-G31 wireless network allows wireless clients to connect using 802.11b and 802.11g (tab General in the Wireless group). In the list of available modes there’s 802.11g LRS (Limited Rate Support) for compatibility with older clients.
ASUS DSL-G31 supports operation in the access point mode, wireless bridge mode or hybrid (tab Bridge in the Wireless group).
In the LAN group on the Route tab you can add static routes, but we failed to make them work.
The point IGMP Snooping in the LAN group is responsible for managing processing multicast traffic. The IGMP Snooping mode allows setting how many members the router would announce to the sender; this setting allows decreasing the source load.
Additional DSL parameters are configured on the DSL Settings tab in the WAN group; here you can permit or prohibit annexes. The page under discussion used to be hidden and only available under direct addressing http://192.168.1.1/adslcfg.html.
In the Firewall group (it appears in _dual firmware) there are two tabs: LAN to WAN Filter and Parental Control. It was the latter that captured our attention. Here, parents can configure time intervals in which children’s computers and notebooks will be allowed to connect to DSL-G31 and consequently to the global net. Alas, such protection can be easily come round by changing the MAC-address on the NIC of the controlled computer. However, if the kid doesn’t have administrator’s rights on his computer, the protection may well be effective.
You can control access to the services of DSL-G31 itself on the Services Control tab in the menu point Administration. Here you permit or deny access to the modem via HTTP, ICMP, TFTP, Telnet and FTP protocols. There’s no mention of SSH access in the web-interface.
The Device Info group lets you look through the information on addresses lease with the help of DHCP, wireless network clients, the DSL-G31 routing table and the existing ARP-table.
Log data can be stored either locally or on a remote Syslog server. The respective parameters are configured on the System Log tab in the Log & Statistics menu.
Statistical data on the work of LAN and WAN interfaces as well as on the state of the ADSL line and ATM statistics may be obtained on LAN & WAN, ADSL and ATM tabs.
Here the brief review of the web-interface is over.
SNMP-interface review
We’re not going to give a detailed review of all options of SNMP-access, we’ll only speak of several parameters that can be obtained and installed with the help of the same-name protocol. To get access via the SNMP-protocol, with the help of a telnet session one first has to start the SNMP-agent itself (Management-SNMP agent) and then permit access to the running SNMP-daemon (Management-Access Control). The rules configured above come into effect after rebooting the router (Save and Reboot). Unfortunately, it’s only possible to perform all the described actions via a telnet session as there’re no SNMP settings in the web-interface. For management we chose a rather simple Getif utility the Parameter tab of which is shown below.
Altogether we found seven interfaces.
Now let’s move to the MBrowser tab in which all available parameters situated in the .iso.org.dod.internet.mgmt.mib-2.system and .iso.org.dod.internet.mgmt.mib-2.interfaces branches are gathered. The first group lets you read and change such parameters as the name and the description of the device, its uptime, location, administrator’s contacts, etc.
In the .iso.org.dod.internet.mgmt.mib-2.interfaces branch you’ll find all information regarding the state of the interfaces, there working speed, the number of errors and the volume of normally transmitted data, the maximum transmitted units (MTU), etc.
The calculation of bytes transmitted and received through ADSL is made in the second and third interfaces.
Here we finish the review of the access options to DSL-G31 via the SNMP-protocol.
EZ Setup Wizard utility review
Another way of managing the tested ADSL-router is using a special utility program EZ Setup Wizard whose main aim is to simplify the process of connecting ASUS DSL-G31 to the internet. By its functionality the utility under consideration reminds of ZyXEL NetFriend, but it only allows you to choose a provider to which you’re connecting. Unfortunately, EZ Setup Wizard has only russian interface. The whole configuration process is presented below.
Naturally, we couldn’t help capturing the whole process of data exchange between the utility and the modem. It turned out that first there’s a broadcast of five UPD-datagrams to which come five responses from the router. Then the router is considered to have been detected and user settings are transmitted to it. All UDP-datagrams are sent from the 9999 port of the PC to the same 9999 port of DSL-G31.
The result of such configuring is the router’s ability to connect to the chosen provider; however, all the device settings get reset, i.e. the login and password become admin/admin regardless of what they used to be before the utility was run. We think this to be a serious insecurity. Of course, we reported this to the vendor.
The ASUS EZ Setup Wizard utility may only be used as a means of initial router configuration; the same results may be got with the help of the DSL-G31web-interface wizard.
Testing
Traditionally we start the testing section with determining the booting time of the equipment in question. By booting time we mean the time interval from switching power on to the arrival of the first echoing back via the ICMP protocol. ASUS DSL-G31 boots in 20 seconds; it seems to us to be a very good result.
The second routine test is the router’s security test that is held from a local net with the help of a network security scanner by Positive Technologies XSpider 7.7 (Demo Build 3100). Altogether we found six open ports: TCP-21 (FTP), TCP-23 (Telnet), UDP-53 (DNS), UDP-69 (TFTP), TCP-80 (HTTP) and TCP-18017 (HTTP). Of course we were surprised to find an open TCP 18017 port with HTTP on it.
We used a browser to address this port. Below is the page displayed when this port is addressed.
Below are the most interesting insecurities we found and information on open ports.
It all could be quite alright, but the presence of a DoS-attack against DNS is quite frustrating.
We also decided to measure the temperature of the router surface while it was in operation. It turned out that the upper panel heats up to 49.8°С.
For many potential users of the device the most important part of the review are the measurements of the router’s performance. We certainly complied. We didn’t check the speed of data transfer via the ADLS-link as in this test all SOHO-routers show nearly the same decent results. We concentrated on the wireless part of DSL-G31 and its work as a regular router in Ethernet networks. In our performance tests we used 3.0.1.9A_dual6 firmware version. As a wireless NIC we used a USB key-type adapter ASUS WL-167g; all other parameters of the computers used in the test are presented below.
During the experiment we came across somewhat strange behavior of the virtual servers configured on the router. For instance, from the LAN-segment of DSL-G31 one could both access the internet through the PPTP provider’s tunnel and the local network computers (not via VPN); however it was only possible to use virtual servers through the tunnel. It means that the provider’s clients don’t get access to the local resources of the router’s users, whereas the internet users can have this access via VPN. On the DSL-G31 WAN-interface we’d also find handy the possibility to choose the connection type not only from the tunnels (PPTP, PPPoE and L2TP), but from the regular Static IP or Dynamic. We hope that these connection types will appear among available WAN connection types in further firmware versions as when the article was being written the functions of connecting to Ethernet providers were in beta-testing.
The transfer speeds obtained in the test are presented in the table and diagram below. It’s worth noting that the speed was practically independent of the number of data streams.
Let’s sum it all up.
Conclusion
We have tested an ADSL-router ASUS DSL-G31 which can be categorized as a low-end model for ordinary users. Firmware for this model is developing dynamically, for instance, DSL-G31 can now be used as a regular wireless router for connecting to Ethernet providers. In this case the LAN1 port of the device is used as a WAN-port.
Let’s list the advantages of the device.
• The possibility to connect to both ADSL and Ethernet providers.
• Various ways of updating and recovering the firmware.
• The presence of a settings wizard with a list of supported providers embedded in the firmware itself.
• The possibility to get access to the device for managing either via HTTP, Telnet and SNMP protocols or with the help of a special utility.
• Support of several languages in the web-interface.
• Quick booting of the device.
• Reasonable price.
However we can’t but point at some minuses.
• Non-availability of Static IP and Dynamic modes for connecting to Ethernet providers.
• Non-availability of the possibility for a user in the provider’s local net to access virtual servers.
• Crudeness of the current firmware version.
• The possibility of an attack on the router’s DNS-server.
• The possibility of an attack from LAN via EZ Setup Wizard.
• Rather low routing speed.
When the article was being written the price for ASUS DSL-G31 in Moscow internet shops was 2000 rubles.
