The UK's largest independent broadband news and information site
SectionsWhat you get for your money
Basic Router Setup
Using a Wireless Connection with a SpeedTouch 580
SpeedTouch Wireless Network Cards
Configuring Port Forwarding
Other configuration options in the SpeedTouch 580
The Thomson SpeedTouch 580 is currently (February 2005) Thomsons top of the range device for home users. It has a built in ADSL modem, NAT router, four port Ethernet switch, 802.11g wireless access point and a USB port. It also should be fairly future proof, since it is also software upgradeable to support ADSL2.
The SpeedTouch 580 should appeal to both the first time router market, as well as the more hardened users, since it offers features that appeal to all ranges of the market. The configuration is identical for single IP address static and dynamic accounts. For people with a block of static IPs from their ISP, you can choose either a Multi-NAT setup, or bypass NAT totally and use a NON-NAT configuration. As with earlier SpeedTouch routers, there are two transparent modes available to single IP users. DHCP Spoofing and a PPTP Relay mode, both of these pass through the single ISP assigned IP address to another computer. The PPTP Relay mode is useful because a number of hardware firewall/VPN units do support PPTP relay modes for obtaining their Internet facing IP address.
The other main features of the router are:
- UPnP with NAT traversal
- port forwarding support
- wireless user registration button
- WPA wireless encryption
- Wireless Distribution System (WDS)
- SNMP support
- event logging
The documentation for the router is heavily MS Windows based, but OS independent configuration is perfectly possible. The router can be configured using the software wizards supplied, or using the built in web interface. For a totally retro feel, people can use its telnet interface.
The router comes with a veritable box of goodies. The router itself is in a matt black plastic case, that would appear to have very few air vents at first glance. In actual fact the vents are on its underside, and do seem to stop it overheating. In normal use it will get warm but not uncomfortably so.
The list of contents from a retail box are:
- The router, with its single attached wireless antenna
- Two SpeedTouch ADSL microfilters, which have an interesting design to allow them to be used as either dangling filters, or full plug in filters.
- 15V AC power supply unit
- Screws and wall plugs for those who want to wall mount the unit.
- Yellow RJ45 Ethernet patch cable.
- Grey RJ11 cable for linking router to a micro-filter
- USB type A to type B plug cable for optionally connecting router to a PC
- Home Networking Wizard CD and short guide
- SpeedTouch 580 Install Wizard CD and multi-language quick install guide. The inside back cover of this guide has the default WEP and WPA PSK keys in them. This CD also holds the full manual for the unit.
There is an optional stand for the router, to allow you to stand it vertically. People familiar with the older SpeedTouch 510v4 will see the button in the centre of the front and think this is the power switch. On the 580 this is not the case. This centre button activates the automatic wireless client registration system; the power switch is now at the rear of the router. The front of the router boasts six LEDs, most are fairly self explanatory, but the WLAN LED is a multi-colour affair.
- Power, green router is power up, red while the router is starting up
- Ethernet, on when an Ethernet lead is plugged in, flashes to show activity
- USB, green when connected to a PC, and flashes to show activity
- WLAN, flashes to indicate activity, the colours are defined as,
- Green, security level 2 running, i.e. WPA-PSK mode
- Amber, security level 1 modem, i.e. 64bit WEP encryption
- Red, default state, level 0 security, i.e. no encryption
- DSL, flashes when syncing to the DSLAM at the exchange, solid green when connected.
- Internet, solid green if you have an Internet connection, and flashes to show activity
The back of the router, is nicely colour coded, to match the current PC cable colour standards. Moving from left to right:
Wireless antenna, permanently attached
Power input socket
Recessed reset button
Four 10/100Mbps MDI/MDIX auto-sensing Ethernet ports, with activity indicator.
USB port for connecting to a PC
RJ11 socket for connecting to the ADSL line.
The underside of the router shows the pleothora of air vents, and again the default WEP and WPA keys for the level 1 and level 2 security. The wall mounting holes are a welcome addition, since wireless routers often work better located above head height, away from desk clutter.
The SpeedTouch 580 has a number of ways it can be setup, either by using the supplied CD, or by simply connecting yourself to the router and using the built in web interface. Our review will avoid the supplied CD-ROMs and use the web interface. In its default state the router can be setup via Ethernet or wireless. You can configure the router via the USB port and cable if you wish, but this will need you to install the USB drivers for the router, documented on page 15 of the routers manual. The USB port will only connect a single Windows PC to the router.
The routers web interface is located at http://10.0.0.138/, which is generally the default IP address for all Thomson routers. To access this you can use an Ethernet, wireless or USB connection. Your computer's network card needs to be set to get its TCP/IP network information automatically. The routers manual covers how to connect to it. If you have an existing dial-up Internet connection on your computer, then you do need to remember to set the 'never dial a connection' in Internet Explorer, under the Internet Options menu.
When you first access the router's web interface, you will see a screen like below. In this example the ADSL line had only just been connected, so the line status was initializing. Once the router syncs to the DSLAM at the exchange, this will be indicated. To actually set-up the router, click on the Advanced mode in the menu on the left of the screen, and select Easy Setup. The setup method we are showing is termed the 'Operating System Independent SpeedTouch Configuration Setup'.
Once Easy Setup has been selected the SpeedTouch Setup wizard will appear. The wizard will guide you through the basic settings, and should get you online very quickly.
The first stage is to select a service profile. For UK sourced SpeedTouch 580s two profiles are included. The difference between the Default and Custom settings, is that Custom allows you to select things like the IP address for the router.
We actually selected the Custom Settings option, for the following set of screenshots, since it illustrates more of the options. Next you need to enter the username and password given to you by your ISP for the ADSL service. If your provider has not given you a password, (e.g. BT Broadband users) then you will still need to enter a password for the wizard to continue, in which case enter anything.
The next step is about controlling access to the router's configuration pages at a later date. If you are happy that your local network will be secure, then you can select the No Username and No Password option for the router. We do recommend at least using one of the password protected options, particularly as until you setup the wireless security the router is visible to everyone.
The subsequent step, brings more questions for you to answer. The firewall has three options, On, allow ping/tracert and Off. Even if you select the firewall off option, any computers are still protected from most attacks by the basic NAT functionality of the router. The Remote Support option only really needs to be enabled if you are likely to want someone to be able to remotely access the router, for example as part of an ISP support package. For people who know they will have no need for UPnP, this can be disabled.
The vast majority of users will have no need to alter anything on this next screen. Those who have a block of static IP addresses from their service provider, and want to use the router in a NON-NAT mode can select this in the LAN addressing scheme drop down. For those who want to run the router on a different local LAN IP range, that is also possible by specifying a different IP address for the SpeedTouch e.g. 192.168.0.1.
The next step governs the DHCP server built into the router. You can if you feel the need disable the DHCP server totally, but this will require you to manually set-up the IP address, gateway, subnet mask and DNS fields for every computer attached to the router. Our example reflects the fact that earlier we elected to use the IP range 192.168.0.x for the router.
The final step is simply a summary screen, so you can double check what options you have set, before telling the router to alter its configuration to these parameters.
Once everything is finished, the router kindly tells you, and you should be ready now to actually use the Internet connection, assuming your ADSL line is working, and the login details were correct.
The router's web interface, once the configuration process has finished, should look like the example below. This shows an enabled ADSL line with a 1Mbps connection that has been running for 4 minutes and 29 seconds.
This set-up may seem somewhat long winded, but remember we chose the custom path, which gives more flexibility. The default path has a lot less options.
The SpeedTouch 580 has the usual list of options for its wireless network, but some thought has been given to making it easy to use for the novice user. Most of the work with a wireless router is to ensure your wireless network is secure. To this extent the router has a simple wireless station association system, and pre-configured three stage security system. The three levels of security are:
Level 0: No encryption of wireless data is carried out, and the Access Control List (ACL) is turned off.
Level 1: WEP encryption enabled, a 64-bit key is the default, and is printed on the underside of the router.
Level 2: WPA encryption enabled, the default key is located on the sticker under the router.
If your computer's wireless network card is already installed, then it should actually automatically see the router in its default state, and depending on the cards set-up it may well connect automatically. If it does connect you will see a pop-up something like below:
At which point you should then be able to access the router's web interface to configure the router further, or simply use an already configured connection. We would recommend that people do enable some form of encryption security, i.e. level 1 or 2. Level 2 is the best to use if your wireless network card supports it. The coloured wireless LED on the router makes it easy to tell which level of security is set if you ever do forget.
Level 0 security options
Level 0 has no encryption options and no access restrictions enabled by default. If you want to run an open network, but control to some extent who can and cannot access the network, there is the Access Control (ACL) option. Several modes for the ACL exist, turned off and no-one connect, anyone can connect (the routers default) and people can only connect if registered.
If you enable registration, there are several ways to actually register a wireless station. The registration is actually carried out by registering a number referred to as the MAC address, which is a unique number that every network card has. The router allows you to manually enter lists of these numbers, or you can let the router add all the wireless network cards in range at that time by clicking a Register button in the web interface, or pressing the black button on the front of the router. The registration system remains open for one minute from when you press the registration button.
Once a station is registered, it will be allowed access. If you manually add a MAC address using the New button in the web interface, you can choose whether to allow or deny a MAC address. It is not immediately obvious from the web interface, but the small arrow next to the station name is clickable and allows you to edit the options for that entry, thus allowing you to turn off a particular network cards access.
Level 1 security options
The level 1 option is where WEP security is enabled. WEP is a system that encrypts your data when sent across the wireless link, and the encryption also ensures only those that know the key can access the network. Two levels of encryption are available, 64-bit and 128-bit, the 64-bit encryption can be broken if someone has the resources, the 128-bit encryption can also be broken, but takes so long to break most hackers will not attempt to crack it.
To alter the security level on the SpeedTouch 580 simply click on the Security tab on the wireless page. Then select the security level you want, as shown below we have selected Level 1, which is highlighted. If you then click the Apply button the WEP key will be applied.
Once the WEP key has been enabled, any wirelessly connected computers will lose their Internet connection until you reconfigure their wireless network cards with the appropriate WEP key. Only the 64-bit hexadecimal key is pre defined, for the others you will need to make up one of your own. Often when learning to set up wireless security it is easier to experiment using very simple keys e.g. 1234567890. Then once you know it all works, switch to a more complex key that people cannot guess.
Level 2 Security Options
Level 2 security revolves around using WPA to encrypt your data and keep unwanted visitors out of your network. The method for configuring it is much the same as with a WEP key, except there is no confusion over whether a key is plain text, or hexadecimal digits. While WPA security is preferable, if your computer or wireless network card do not support WPA encryption, the 128-bit WEP encryption is the advised option.
The SpeedTouch 580 itself is Wi-Fi certified so should work with almost any 802.11b or 802.11g wireless network card, but we will look quickly at the SpeedTouch 110 PC Card, and the SpeedTouch 120g USB network cards.
The SpeedTouch 120g USB network card is actually a USB 2.0 based device, but will work on a PC with just USB 1.1 support. In that case it will only operate at 802.11b type speeds. The 120g comes with a quick install guide which shows how to use the network card with Windows. The odd looking arrangement in the bottom left of the picture is a support bracket with velcro so that the card can be hung above all the usual desk cluster to improve the signal reception.
The PC Card comes with the same installation guide and a driver CD.
Installing the two cards is pretty simple; a case of inserting the CD-ROM and letting the drivers install. Once the drivers are installed you will be prompted to plug in the network card, with a prompt like below:
Once the card has been detected, the drivers will eventually request you to restart the computer and after that you should be ready to use the wireless network card. Both network cards employ an identical software interface in Windows XP. Double clicking the Wireless Client Manager icon which should be in the system tray will open the client manager where you can select what network to connect to. The software by default will connect to the first wireless network it can see, so if your wireless router is the only one in the area setting up the connection is easy.
If you are lucky the wireless network from your wireless router will be the only one detected. Otherwise like in our example you will have to tell the software which wireless network to actually connect to.
The client manager tool has some useful components. The picture above shows the IP information for the network card, and also lets you monitor the through-put of the wireless network card.
In use, we found both the 110g and 120g cards to be reliable, the 120g with its nice long lead should allow you to position it for optimal signal reception. Be warned that the LED on the 120g is quite large and bright, and does flash very rapidly when using the link.
Port Forwarding is one task that most people who use a NAT router will end up doing at some point. The topic is sometimes called virtual server, pin-holing or Network Address Port Translation (NAPT), which are all basically the same thing. When you configure a port for forwarding, you are telling the router to direct data that arrives from the Internet to a specific computer or device that is attached to the router.
The port forwarding on the SpeedTouch 580 is almost identical to the older SpeedTouch 510v4 model, and is located under the Advanced menu, labelled NAPT. The screen shot below shows the default state; the four temp entries are the result of two computers that have MS Messenger running and the Universal Plug and Play (UPnP) system making automatic entries so that audio and video conferencing works.
To create a new NAPT Entry, just click the New button, and the page will expand to show some extra fields where you need to enter data. The example here shows us forwarding TCP port 80 to a machine with the IP address 192.168.0.200. This is needed since that computer runs a webserver that needs to be visible to the outside world. Generally the Inside Port and Outside Port values will be identical. An important note is that you should leave the Outside IP set to 0.0.0.0. This value of 0.0.0.0 means 'use the IP address that the router is assigned by the ISP', thus avoiding the need to keep changing it if your IP address ever changes.
A common problem people have is that they forward a port to a computer, but forget the computer was using DHCP (dynamic IP address assignment) and after a few weeks the computers IP address changes. Therefore it is best when forwarding services to a machine to manually set-up the IP address on the computer. In Windows XP this is done by editing the properties for the network connection you are using and then setting the TCP/IP properties, one example is shown below:
The PC in this case has been given the IP address 10.0.0.100 which is in the default IP range for a SpeedTouch 580. The important part is to ensure you set the default gateway and DNS fields to be the IP address of the router.
The SpeedTouch 580 does not allow you to set-up ranges of ports for forwarding, which may prove restricting for some people. The way around this problem is to make use of the Default Server option. The Default Server is referred to as the DMZ option on some kit, and basically it forwards all data not destined for another computer to one default machine. The plus side of this is that very little configuration is needed to get some things working, e.g. putting an X-Box games console as the default server machine is an easy way to get all its online games to work. The downside if designating a computer as the default server is that it will make the machine visible to people on the Internet, therefore a software firewall is recommended to control access to the computer.
The Help button is ever present on the SpeedTouch 580, and is context sensitive. The above fragment gives you an overview of the routers capabilities.
The SpeedTouch 580 is a relatively simple to use well laid out web interface. Careful reading of the help should allow most people to explore the interface without too many problems. Before you play around too much, we would recommend using the option shown below to backup your configuration to a file on your computer.
One key component missing from the web interface of the SpeedTouch 580 is its firewall configuration. The default state of the router is enough to protect you from incoming attacks across the Internet, but if you want to control what applications can reach the Internet from your local network, you need to access the command line interface (CLI) of the router. This is done by using telnet. In MS Windows, at the run prompt simply type telnet <router IP>. An example is shown below. Of course if you have stuck with the defaults for the router you would type telnet 10.0.0.138.
If telnet works, the following window should appear. This interface relies on you understanding the syntax of commands or using the built in menu system to help you navigate.
Typing menu reveals a menu that you can navigate using the cursor keys. If you want to experiment with this area of the router we would suggest visiting the support section of the http://www.speedtouch.co.uk/ website to download the manual for the CLI.
Although the router has the default NAT protection, the firewall that can control outgoing access and block specific ports can be turned on or off. This can either be done by reloading the configuration via the Easy Setup option, or the simpler way is via the CLI. Below the command ip config firewalling on is used to turn the firewall on. The opposite command of ip config firewalling off will turn off the firewall and any rules you have created.
The hardest bit with a CLI controlled firewall is the format of the rules you enter. To this extent we will give an example for you to work from. The rule below is fairly simple, it denies all TCP port 443 connections from both the LAN and WAN sides of the router. The end result is that secure socket websites (HTTPS) or any other application that uses TCP Port 443 will not have any Internet access.
If at any point you forget what rules the router has, you can list them as shown below:
The router actually has several lists of rules. Above you can see those associated with the forward chain. For those not already put off by the firewall interface, a website worth visiting is http://www.sdharris.com/speedtouch510/basic.htm which while written for a SpeedTouch 510 is still relevant as both the 510 and 580 use the same firewall interface.
If you do venture into configuring the firewall, there is one key command to remember and that is config save. If you do not type this, when the router is restarted all the work you have done is thrown away.
There is an alternative method for configuring the firewall, and that is to make a copy of the backup configuration file you can save onto a computer via the web interface and editing the firewall rules in this. Then once you have changed the rules to suit your needs restore the configuration file into the router.
The SpeedTouch 580 seems to be a very mature and stable router. The review unit coped extremely well with the basic day to day web browsing and video streaming, but also continued to work well under load when P2P or other heavy downloading was occurring. Latency with respect to gaming seemed perfectly normal. Speed tests gave around 1900kbps from a 2Mbps ADSL line, and an upstream of 240kbps, which appeared to be fairly consistent.
As you can see from the tables above the wireless performance speed wise is nothing to shout about. An interesting thing to note though is the router while slower than some in terms of wireless throughput, it seems to maintain a better speed through several walls. Even though the SpeedTouch 580 seems slow on the wireless side, remember than most ADSL lines are only capable of up to 2Mbps.
It seems Thomson have a very stable router in the SpeedTouch 580. It proved more stable than a lot of other kit we have seen in the last 12 months, and just seems to carry on doing what its built to do, week after week, very much like its older brother the 510v4. The complexity of the firewall interface is a shame, and could do with some work in later firmware releases. In fact some of the business class Thomson routers do integrate the firewall configuration into the web interface.
Perhaps our favourite feature of this router is the user registration button which makes it very easy to restrict access to the wireless network. Hopefully as time goes by we will see features like this extending to wireless encryption. The two SpeedTouch wireless network cards seemed to operate well with a wide range of routers, which is to be expected now that the 802.11g standard has settled down.
The SpeedTouch 580 is not a bargain basement price, but then as with many products paying a few pounds more buys something that is more robust. The wireless network cards that we had with the router seemed reliable too, and it seems with the right combination of hardware can be fast. For those living in a larger house where blackspots in wireless coverage exist, then there is the SpeedTouch 180 Wireless Ethernet Bridge which will work in conjunction with the WDS mode of the router to fill in coverage blackspots.
£75.00 - Thomson SpeedTouch 580 (£88.13 including VAT)
£22.00 - SpeedTouch 110G Wireless 802.11g Adapter (£25.85 including VAT)
£32.00 - SpeedTouch 120g USB Wireless Adapter (£37.60 including VAT)
|Where to Buy:||See our DSL Hardware FAQ|
The contents of this review should not be relied upon in making a purchasing decision - You should always discuss your requirements with your service provider and hardware supplier.