D-link DIR-655 router and DAP-1522 AP

Posted on 22 November 2012

0


I bought a 11n wlan router to replace my good old 11g router. But I feel like it’s not that much faster. And there are problems with VOIP, workgroups and a reliable wlan bridge from my house to my office.

Setup

I have a Cisco EPC 3212 modem, connected to the Dlink DIR-655 B1 2.02. I use the gigabit LAN to connect to a Gigaset C475IP VOIP phone and the 11n WLAN access point to connect to the Dlink DAP-1522 which is setup as a wireless bridge for the gigabit netwerk at the office, with a connected MacPro and a Linksys SPA 3102 VOIP converter for the fax.

Speedtest

To start with the speed, the only way to find out is testing. The first test is speedtest.net, but that’s of course limited to the maximum speed of the internet connection (in my case this is 20 mbps down / 3 mbps up).

To test the speeds in the network itself I use three freeware programs in windows:

  • Netstress sends packets from the netstress program on one computer (set up as netstress client) to the netstress program on another computer (set up to listen). It reports the avarage speed every five seconds in kBps (1 kBps = 8 kbps).
  • Networx reports the speed of the ethernet connection in MBps, so also the packets of netstress. The speedgauge can display the avarage speed in a periode (like an 8 hour test for reliability) and the graph can display short dropouts that would dissapear int the five second interval of netstress.
  • LAN Speed Test sends packets to a share map on a local server and then immediately starts downloading them. So it measures the speed of the connection but also the speed of the server share. This is a nice tool to test the speed to a mac.

Speedtest WLAN

First I tested the available wifi channels, using InSSIDer. I found that channel 1 (channel width 20/40 for full N speed) was the best option in my area.

I am testing the wlan using the combination of netstress and network. In the router-statistics (status -> wireless) I found that the wifi speed of the DAP-1522 is fluctuating (39M – 117M), even though it has 100% signal. This is strange, especially because my old HPNC8710 (11n) laptop does keep it’s reported speed between 104 – 130M (both in the same room).

But these numbers are far from reliable. When I start a test it only gives me a much lower speed and the graph shows me that the speed has al lot of short drops to zero. Here are the results of half an hour netstress (speed = MBps):

Speed Setup Client (sending)          Setup Server (receiving)
   DIR655 staat in de hoek naast de kast. Daar lees ik speed/signal
 1,2  LAN -> 655 (11n/39-117M/100%)   LAN -> Bridge op tafel woonk.*
 2,9  LAN -> Bridge op tafel woonk.   LAN -> 655 (11n/39-117M/100%)
 6,0  LAN -> 655 (11n/104-130M/100%)  WLAN (HPNC8710)
 5,5  WLAN (HPNC8710) op eettafel     655 (11n/104-130M/90-100%)
 5,5  WLAN (HPNC8710) op hoek schuur  655 (11n/104-130M/90-100%)
 1,2  LAN -> Bridge op R.sp. schuur   655 (11n/26-78M/94-100%)
 2,1  idem maar dan bridge rechtop met pluggen naar raam

I found that the best speed and reliability I could get was 2,5 MBps, by putting both the bridge and the router in the windows, facing each other, with the antennas of the router in this position: | | _

Speedtest LAN

I have not tested the DIR-655’s gigabit ports, but I did test the DAP-1522 access point. This also should be a gigabit router, so the LAN should reach a speed of 1000/(10*8)=800 mbps=100 MBps. I’ve done some tests with LAN speedtest, using a macpro as server:

Via DAP1522 bridge: 40MBps down / 21 MBps up
Via SLM2008 switch: 38MBps down / 20MBps up
Direct via cat5e kabel: 41MBps down / 22MBps up

It seems like the Dlink holds up pretty well, the limitation here are the harddisks of the computers.

DAP-1522 IP and MAC adresses

There is another thing to note: it looks like the bridge takes the IP address and a mac address of one of the four computers that are attached to it. Really strange. There are three places to look in the DIR-655:

  • status -> device info. This gives us a list of the LAN COMPUTERS (IP, MAC, NetBIOS NAME*) but this list also includes the wlan computers.
  • status -> wireless. This gives a list of the connected WLAN devices (IP, MAC) with indication of signal (%) and speed (mbps).
  • setup -> network settings. This is a list of the DHCP clients (IP, MAC, Computer NAME).

* sometimes the NetBIOS name is empty: the LAN-list does show both the MAC and IP address of the connected device, but the hostname is not showing until the DHCP list is updated)

It seems like the LAN computers list is fed from the NetBIOS (WINS) announcements, while the DHCP list is fed with the DHCP requests. The name you fill in as ‘hostname’ in the static DHCP list doesn’t matter: you can give it any name you want to. The WLAN list also has it’s own input: If I disable a device it immediately disappears from the wlan list but stays on the LAN and DHCP lists for a while.

I did some more testing and this is what happens:

  • AP without any computer attached: it doesn’t show up in the router.
  • AP with one computer: AP shows in router with it’s own IP address, but the MAC address of the computer.  After a while it also shows the IP address of the computer. At that time the computer is also showing up in the ‘LAN computers’ list of the DIR-655, with it’s own MAC, IP and hostname. The computer also shows up in mshome. But in the DHCP list of the router it doesn’t show up until I log on.
  • AP with an extra computer: now the ‘wireless’ list of the router shows the two IP addresses in sequence, while it keeps the mac address of the first computer. It will even do so if I detach the first computer before connecting the second! The second computer will show up in the DHCP list, but NOT in the ‘LAN computers’ list. Both computers might show up in mshome, but sometimes also not.

After updating the DAP-1522 to firmware v1.40b (22/3/12) with fixed SSID, it’s possible to turn of ‘Mac cloning’. The router is not displayed in the lists of the DIR-655 anymore, except for the WLAN list with IP 0.0.0.0 and it’s own mac address. But the SIPURA is not in the list of WLAN clients or LAN computers (my iphone is) but it IS in the list of DHCP clients. After a while, it’s IP is in de wireless clients list (with the mac address of the AP) and the device itself… I’ll have to look.

Workgroup not accessible

Could all this be the reason that I sometimes get the ‘mshome is not accessible. You might not have permission to use this network’ message?

It is strange to get this message, because when I just type the name of the server it suddenly does connect to it. The same goes for connecting to the client computer itself. Updating the router firmware from DIR655B1_FW201B05.bin to DIR655B1_FW202B07.bin didn’t help. Turning off the bridge (DAP-1522) did: the computer would find itself in the network. I’ve tested some more (see above) and now I am sure it is the bridge. Further testing shows that it starts off with all computers seeing each other nicely, but after an hour the computers will not show up in the network anymore. The mac’s are still fine by the way, but I guess they use a different protocol.

Netbios

I found that the windows computers are using the netbios name (Netbios over TCP/IP) to show other shares in windows explorer: if I disable it the computers are not visible in explorer anymore. I wanted the DIR-655 to be the master of this register:

  • NetBIOS announcement: ON
  • NetBIOS node type : Broadcast only

It seems like this solved my problems: the workgroup shows all computers immediately. Sometimes there is one error but after hitting F5 it’s all good. The only other problem is that devices that are turned off will stay in the mshome for another half hour. It’s not because it’s in the cache of the other computer: restarting it doesn’t make the turned-off device disappear from the mshome listing. So it must be the cache  of the DIR-655? The fact that the LAN-computer list of the DIR-655 still shows the computer that is turned off confirms my idea about this.

This needs further testing. Keywords are: ‘Netbios name’  WINS and LMHOSTS.

  • run->cmd: net view, net share, ipconfig, ping (computernaam or ip adres).
  • run->\\computernaam (shows the computer in explorer). Z

Load Services.msc, and make sure following services are running:
a) Remote Procedure Call (RPC). Use by client for MS networks.
b) Server. MS network and file/print sharing.
c) Workstation. Both used for MS networks and File/print sharing
d) TCP/IP Netbios helper: NetBT en netbios naamomzetting
e) Computer Browser. Allow to see other computers on network.
f) Network connections
g) DHCP Client. registreren van IP adressen en DNS namen.

Internet over Power (IoP)

I didn’t want to do more testing, so the best solution was to throw out the DAP-1522 and buy two of these nice adapters to get the internet over the 230V mains. I bought two secondhand 85 mbps units and found that they only work nice if I put both on the same group. Jumping groups seems to be too difficult for these old devices, the speed would drop to 5 mbps. Initial speedtest.net tests show that this system can handle the 20 mbps of my internet connection just fine, nice!

VOIP

From the start I have had a lot of problems to get a reliable voip connection with the DIR-655 and my gigaset.

Firmware 2.01

This was solved by updating the router firmware to FW201B05 and the gigaset firmware to 02184 / 043.00 (epron 155).

But the problems were back when I tried to forward some ports to other ports by using the virtual server settings of the router. Apparently the 201B05 firmware of my router couldn’t handle the VOIP data on port 5060 if this port is within the range of the public- and private port of the virtual server forward.

  • Virtual Server: VOIP port 5060 (both) naar C475
  • QoS Engine: traffic shaping en alle 3 QOS engine setup ON
  • Firewall: Enable SPI / UDP endpoint independent / TCP address restricted

Firmware 2.02

I updated the firmware again to FW202 and ended up with these settings to get a very reliable VOIP connection:

  • Virtual Server: No VOIP forwarding, only virtual server for my http server
  • QoS Engine: OFF (as the measured uplink speed was only 400 kbps)
  • Firewall:
    • SPI: off (stateful packet inspection, would be good to turn it on)
    • UDP endpoint filtering: endpoint independent
    • TCP endpoint filtering: address restricted
    • ALG configuration: SIP ON (This is the great new feature!)

The virtual server forwarding still messes up the VOIP so I disabled it.

Firmware 2.05

I found on dlink.com that they have a 2.07 version of the firmware for my dir-655 rev-b router, but the router will only update to version 2.05 version as of 2012-2-29. After this I had problems with SIP-registration and one-way audio again. So first thing I did was update the Siemens firmware to eeprom 185, but that didn’t help. Then I tried and found the following solutions:

SIP-registration

I’ve set the Siemens to a static SIP port. It wouldn’t register. Then I tried DMZ on the DIR-655, to forward all trafic to the Siemens. Didn’t help. Only when I enabled firewall->ALG->SIP  it did register without problems.

I guess ALG is evaluating the SIP packets, and translates the local IP address inside the SIP packets to the global address, on the fly. I guess another way to solve this problem is by enabling STUN in the Siemens, so it would use the global IP address instead of it’s local address. And to conclude, I guess enabling both (ALG in the router and STUN in the phone) it would mess it up again.

One-way audio.

So I disabled DMZ again (I need some ports for other data) and now the other problem was back: one way audio. I can only hear the other side if they call me, but I can’t hear them when I call them (they can hear me though). I guess this is a problem caused by the DIR-655 using symmetric NAT.

It was easy to solve this by setting the Siemens to use static RTP ports and setting the UDP port forwarding of the DIR-655 with these RTP ports.

To conclude: I’m using firmware 2.05, enabled firewall->ALG->SIP and set UDP port forwarding for the RTP ports used.  Now my SIP/VOIP works just fine.

Other settings

After setting this, I could set these things without any problem:

  • QoS     ON (might limit the upload speed to 1,76 mbps (speedtest.net)
  • UDP and TPC endpoint filtering: both to ‘port and address restricted’
  • SPI and Antispoof ON
Advertisements
Posted in: Network