The UK's largest independent broadband news and information site
The SAR-110 is another combined ADSL modem and router brought to the UK market by Solwise at a competitive price. This router is designed to work with the BT Wholesale, Kingston Communications, and G.DMT/PPPoA LLU services. Single and static IP address modes are supported, as are blocks of static IP addresses. This review details the use of the router on a single IP service; the configuration is identical for either a static or dynamic IP address. The router has a single 10/100Mbps Ethernet socket, which you can uplink to a network hub/switch or simply connect to a single computer.
Feature wise, the router includes a good web configuration system that allows you to do the normal configuration changes needed for an ADSL router. In addition there is a firewall, denial of service protection, Multi-NAT and a wide range of port forwarding options including support for VPNs.
What you get for your money
The £70 price tag (January 2003) includes the router, RJ11 cable, RJ45 Ethernet cable, RS-232 console lead and a power brick. Basically everything you need to get going, a CD is also included that holds a copy of the extensive 150-page manual. This router is configurable so long as you have a device that can talk TCP/IP across Ethernet and run a fairly modern web browser.
Of course Solwise do not expect you to cope totally on your own or to wade through a 150-page document to learn how to set the router up.
Looking at the hardware itself the casing is nothing spectacular, functional but tough plastic; there are not many ventilation slots but the router runs a lot cooler than some others. Along one side is an on/off rocker switch, a small but nice touch as it avoids pulling the power cord if ever resetting the device. The front of the box is plain except for 5 LED's, which are:
- Power - constantly on if unit is turned on and has power
- ADSL - illuminated when the router detects the presence of an ADSL signal on the RJ11 line
- PC - indicates activity on the single Ethernet socket, will be on as soon as a lead with an Ethernet signal is plugged in. Flickers when traffic is occurring.
- TX/RX - indicates the presence of activity across the DSL line
- Diag - diagnostic LED shows the router is in its diagnostic mode.
Looking at the rear of the router, from left to right, there is the DC power socket, a RS-232 9 pin console port for accessing the command line interface (CLI), the single 10/100Mbps Ethernet socket and a RJ11 socket for connecting to the phone line or micro-filter. The Ethernet port is not auto-sensing so if connecting to a network hub, either plug the standard patch cable into the uplink port, or use a crossover cable.
Getting a router online and working with your ADSL can be very confusing. A great many routers come with very few instructions or worse have misleading instructions that have been through many different language translations and may not even be correct for the UK. The SAR-110 is nice breath of fresh air - every option you could want in a web GUI is available and Solwise have done their usual sterling effort at producing a step-by-step guide to getting you online.
Configuring the router is a matter of connecting the Ethernet cable to your computer and ensuring your network card has some appropriate TCP/IP properties. The router defaults to the IP address of 192.168.7.1 therefore to set a PC up initially give it these settings.
- IP address: 192.168.7.2
- Subnet mask: 255.255.255.0
- Gateway IP: 192.168.7.1
- DNS: 192.168.7.1 or the IP addresses of your ISPs DNS servers
Once your network card is setup, point your web browser at the routers web server on http://192.168.7.1 and provide the default username/password to gain access. These defaults are DSL and DSL respectively (note: the authentication is case sensitive). The router should now display its default home page:
The home page shows the basic state of the router at that time, for example, it is connected at 576/288kbps and is authenticated as we have a WAN interface with green status and a valid IP address. Also it shows one of the nice aspects of the router, you can assign a domain name to the router and a host name. Therefore, rather than referring to http://192.168.7.1, you can call it http://router.mydomain.com
To navigate around the interface the seven tabs at the top of the screen are used to group together logical settings. The next step of configuration is either reboot the router to its default configuration via the Admin tab, or if you know there is no previous configuration, simply select Quick Configuration on the Home tab.
The screenshot above shows how you should set up the router for a single IP service on a BT Wholesale service. It is worth pointing out that a common problem is that users with single static IP addresses often specify the IP address at this point. There is no need the router will always obtain the same one. By letting the router pick up the IP address, you make it easier to use the BT Wholesale test login of [email protected]_domain. Once you have the settings done, click the Submit button that is just off the bottom of this screenshot. The next step is to commit the changes to the routers firmware, otherwise if you switch the router off, your configuration will be lost. To do this click on the Admin tab, select the Commit and Reboot section and now click Commit. Once the changes have been committed select reboot to ensure the new settings have been saved.
If at anytime during the routers use you suspect a problem with the line or your setup, a built in diagnostics page is available to help find the problem. Simply select the admin tab, and click diagnostics to carry out a sequence of tests, complete with handy help hints to explain what it all means to the new router owner. The tests range from simple ADSL line sync, through to pinging hosts out on the Internet.
That is the basic configuration done, not quite as simple as some routers, but the basic setup is contained on a single page and is easy to follow. The routers web interface is very slick and things like committing settings is fast and even reboots are quite a bit quicker than a lot of other routers. Once you know you are online, then click the modify button at the bottom of the home page and set the clock for the router. The remaining parts of configuration would be the firewall and any port forwarding that you require.
For people adding the router to an existing network it is possible to change the routers IP address and enable/disable the DHCP server that is built into it. This is all controlled via the LAN tab. For the duration of the review, I have had the router running on 192.168.0.1, using a mixture of DHCP clients and computers with static IPs. As you navigate the routers web configuration, which I would recommend so you can learn where all the various options are, you will see the great range of statistics that it records and allows you to see. The WAN tab is just one example. It allows you to look at and alter any of the Wide Area Network (WAN) characteristics of the router after the quick configuration, and also view error statistics for the various DSL side facing components.
The above screen shows the DSL parameters from the router, the figures look around 4-5dB lower than the woosh attenuation test that was done on that line, but these values can vary over time. So rather than the router telling you whether your line meets the BT specifications, it is more useful for telling you that something abnormal has occurred, e.g. if my Local Line Attenuation was to jump to 62dB suddenly, I would suspect a faulty micro-filter or extension.
During the course of the review version 1.38 of the firmware for the SAR-110 was released. The upgrade process is simple and straightforward via the web interface and only takes a couple of minutes. The upgrade fixed some minor bugs in the web interface and added an MS Messenger ALG, more on that later.
The majority of people with ADSL in the UK are on a single IP service, and if using an ADSL router this generally means you are running NAT. NAT hides your local LAN from the Internet, but also it stops a few applications working, e.g. web servers. Most ADSL routers include some degree of NAT configuration so that services can be enabled and applications like Netmeeting will work again. The SAR-110 handles NAT very well and includes many modes. Additionally it has an Application Layer Gateway (ALG), which helps applications that are running behind NAT to function correctly with minimal intervention from the user. The router also has support for various virtual private network protocols and is known to work with at least some Cisco, Watchguard and Microsoft IPsec solutions.
The different types of NAT rules you can use on the SAR-110 are:
- NAPT rule: The default rule that is used in a basic single IP setup. This blocks unsolicited incoming data, but allows replies to data you requested to return.
- RDR rule: The basic port forwarding rule, allows you to forward a single port or a range of ports. The protocols that are supported are: ANY, TCP, UDP,
- ICMP and protocols 1 through to 255. It also allows the external port to be set to a different value as that of the internal port.
- Basic rule: Behaves similar to the NAPT rule, except it does not translate port numbers in the packet header. This means less security than the NAPT rule.
- Filter rule: Translates public and private IP addresses on a one-to-one basis. The manual states that this allows you to limit the locations LAN computers can visit.
- Bimap rule: Performs translation in both the outgoing and incoming directions. This rule allows you to run a service on the local LAN, but to external users they think they are connecting to a service running on the WAN IP address.
- Pass rule: Allows specific addresses through without any translation.
The router has a limit of 12 NAT rules. This appears rather low but since it is possible to forward ranges of ports these 12 rules should cover the vast majority of needs. As with other parts of the routers web configuration extensive notes are available in the online help section. The online help in the router is perhaps one of the largest I have seen for a router and reflects the flexibility of this device. Some people will be looking for a DMZ option. This does not exist under the options provided, but one way to emulate this functionality is to forward all the protocols to a single IP address using a RDR rule.
Any currently defined rules are displayed on the Services tab NAT section. This allows you to view the stats for each rule, detailing the number of packets received and what active NAT translations are taking place. One nice feature of the NAT service is that it allows you to control a wide range of parameters as shown below:
The ability to control the length of timeouts is something woefully lacking from most routers and users of SSH will welcome this. Put simply it allows you to control the length of time before an idle connection will drop, therefore if you set timeouts too short you may find applications like FTP dropping out a lot. The vast majority of users will never have to worry over these settings, but the option to change them is there.
Firewall and Security
The router has two sets of security above the basic blocking that NAT gives you. IP Filters that work by allowing the user to setup rules for what is and is not allowed through the router. The firewall page allows you to control the various Denial of Service (DoS) and other protection mechanisms.
This range of options is almost unheard of a consumer ADSL router and whilst hopefully most users will not have to contend with sophisticated DoS attacks, it provides an added level of security. The Black List button is designed to allow you to view the hosts that are currently blacklisted as the result of triggering one of the protection rules or an IP filter rule.
The IP Filter setup consists of two parts, a basic deny/accept page where you can define the basic rule behaviour and the actual rule definition page. The main page lets you tell the router to allow all traffic except that which you exclude, or to block all traffic apart from the few rules that you allow through. The IP Filter section appears to support a large number of rules, I entered 45 rules and it was still letting me add more.
The security level allows you to select which of the IP filter rules will apply. In the screenshot above, there are no rules and the security level is set to None, alas this means the configuration interfaces of the router are visible on the WAN side. Blocking of these is discussed shortly. In the screenshot above if you did select one of the security levels, since the Public Default action is Deny you would lose all traffic coming over the public interfaces, effectively cutting yourself off from the Internet.
The main bulk of the filter configuration is carried out in the IP Filter Rule Add screen. As you can see, the rules are fairly comprehensive and even allow you to define a period of time for when the rules are active. This is ideal if using the router on a shared network and you want to limit access to some protocols at certain times of the day (for example block the common gaming ports so that the kids are forced to do their homework, rather than playing online games).
Almost uniquely for a router, the online help embedded in the router, has a couple of examples of how to create rules, in this case how to block TCP port 80 (web traffic) for a specific computer on the LAN and another rule for blocking any external access to the telnet port of the router itself. One common problem is telling whether your rules are working or not, and the SAR-110 has this licked with the ability to view IP filter statistics. The session statistics are interesting even when you have no rules defined as it lets you see who is accessing precisely what across the various interfaces of the router.
As mentioned earlier the routers configuration interfaces, HTTP, FTP and Telnet are visible both to the WAN and LAN interfaces. The simplest way of blocking these on a single IP address service is to create a NAT RDR rule to forward the ports to a non-existent local LAN IP address. The other method and probably preferable is to define some blocking rules for those ports as shown in the example below where I have blocked FTP and Telnet access on the WAN side of the router.
To show how to define the rules exactly, below this paragraph is an example of how you could block HTTP (TCP port 80) access to the routers WAN port.
The points worth noting are: the rule ID must be a number, each rule has a unique number; ppp-0 is the name of the WAN interface of the router, therefore I can still access the router on http://192.168.7.1/; log tag is a simple human readable field and helps to identify the rule when viewing the blacklist; the destination IP address is set to self, in other words the IP of the router; TCP protocol and port 80. The remaining items are left at their default settings, simply then click add at the bottom of the page and the rule is added. I have found the best way to do the rules is add them one by one, and use a dialup connection on a machine off your LAN to verify it works, until I know the rule works I do not commit it to the firmware. By not committing the rule until I am happy, it easier to get control back of the router when you mess up - all that is needed is a simple off/on operation. The rule above does not block any NAT RDR rules that are defined on port 80 when using a single IP service, i.e. you are still able to run a web server, but it ensures that if you delete the port 80 RDR rule that the routers web interface does not become visible.
The firewall appears to be a powerful tool, and is limited only by the time people are willing to put into creating the rules. Some sets of basic rules pre-defined for the three security levels would have been useful, but it does not take long to start building a rule set.
So how does this little box of tricks perform? Well as good as all the other ADSL routers really. Running at 512kbps tends not to tax most router hardware, for the gamers where ping performance is everything it runs at around 16ms to my first hop with the bt_test login, which compares well with the more expensive routers which come in at around 13 - 16ms. Downloads and video streaming over the device run well. In summary, the performance of the router has been impeccable throughout testing.
Software compatibility wise the router is in the mid ground. Why the mid ground? Well the lack of MS Messenger UPnP or SIP support; means that video support is lacking, but the Messenger ALG support appears to allow voice communications with another machine on a dialup connection (both computers were running XP). Even if you forward all the ports to the machine running Messenger it does not help, the problem is that Messenger embeds the IP address of the PC into the packets. The low-down on what does work in Messenger is that the following worked fine: text chat, receiving a file and voice communications. This appears to be better than some routers which do not support voice communications, but not quite the level of functionality that UPnP provides.
Microsoft Netmeeting is another oft asked about application, and by virtue of adding an RDR NAT rule to forward TCP port 1720 to the local IP address of the machine running Netmeeting I was able to get video/voice/file sharing running, so a good score for that. Counter Strike is one of the other applications that is known to mess routers around, in particular a full update of the server list, this amounted to over 30,000 servers to query and whilst it took 5-10 minutes. This operation completed successfully and I was able to continue using a browser on another machine. Admittedly, web browsing was very slow, but it did continue to work, once playing a game everything returned to normal.
Compared to the SAR-715 the web interface is a pleasure to use and updates very fast. Also with the vast amounts of information visible, e.g. what are the current NAT translations going on, it is easy to determine who is accessing any services you may be running at any point in time. The one moment of terror was when rebooting after the firmware upgrade, I did a 'reboot from clean configuration' which seemed to knock the router out, but by connecting with the supplied RS232 lead and Hyperterminal at 38400 baud and issuing a 'reboot from last configuration' command via the CLI the router sprang back into life.
This router is a pleasure to use, it was simple to get going initially, not as simple as say a Speed Touch 510v4 or DG814 but the small amount of effort is rewarded in the amount of changes you can make at a later date to cope with your changing demands on the router. The web interface is nice and slick, you can tell it was written by different people to the SAR-715, which can be slow in comparison, plus unlike the 510v4 you do not end up reverting to the CLI interface all the time for the advanced features.
It is not the best looking beast in the world, but merges into the background against the normal PC beige that is still the norm for computers. In fact fading into the background is something the router is very good at, in around 3-4 months of use I've had to reset it once to gain connectivity. Generally, it just keeps on going and appears to have very stable firmware, something which the SAR-715 is still aiming for. This makes the router much more suited as a first time purchase for someone who knows some networking but is not used to routers yet. You have the opportunity to experiment and learn and additionally it will not cost you an arm or leg.
For most people the lack of UPnP will not be an issue. Realistically the only thing that this causes problems with is the video components of MS Messenger - the text messaging still works and with the version 1.38 firmware, it is possible to run voice calls. Of course, MS Messenger is only one of many video conferencing applications available, so the lack of UPnP in itself is not that major a thing at this time.
On the security side, the visibility of TCP ports 21, 23 and 80 is a concern in terms of out of the box security, but these are easily closed. So long as people take the precautions of changing the default password, then even without the firewall the router should be reasonably secure. The firewall is almost a pleasure to work with compared to some of the other implementations that do exist.
So who at the end of the day is the SAR-110 the best router for? Well the wealth of information in the web interface may over power someone who has never seen a router before, but Solwise's step-by-step guide that comes with the router gets you going. By remembering to read the embedded help, almost anything on the router can be figured out. The firewall capabilities will make it attractive to people who want to ensure their local networks are secure and perhaps exercise some control over what various machines on a LAN can do. In summary the router may be a bit tepid in its visual looks but makes up for it with the contents, a little like sticking a V6 engine in a Rover Metro.
£69.95 – Solwise SAR-110 ADSL Modem/Router
Prices listed above are excluding postage and VAT.
|Where to Buy:||See our DSL Hardware FAQ|
The contents of this review should not be relied upon in making a purchasing decision—You should always discuss your requirements with your service provider and hardware supplier.