Cheap Wireless Gateways

Return to main article and site

+ = yes  x = no  ? = unknown or unclear
Firewall ISP connection
Unit Configuration DHCP Server Logs and patterns NAT Punch through DHCP Client PPPoE WEP MAC cloning Users VPN Ethernet AppleTalk Modem AOL Print spooler Price (12/2002) Notes
3Com 11 Mbps Wireless LAN Access Point 2000 Windows setup then all Web
(XML-compliant browser)
+ + ? + ? 128-bit ? 253 addresses +
no details
x x x x $200 Lacks enough detail in online tech specs and manual
Agere Orinoco RG-1000, RG-1100 and BG-2000 Windows, Mac software

Third-party Java tools

+ + ? + + 64-bit (RG-1000)
128-bit (RG-1100/BG-2000)
? 250 addresses +
IPSec (all)
PPTP/L2TP (BG-2000 only)
1 LAN/WAN + +
x x RG-1000: $180
RG-1100: $150
BG-2000: $133
Apple Airport Base Station 2.0 Mac software for Mac OS 8 through X

free Java, Windows tools

+ + + + + 128-bit x 50 users +
1 WAN (10/100)
+ +
via direct dial-up
x $300 Beware older unit which cannot be upgraded to new features
Asanté FriendlyNet FR3002AL-1PCM Web + logging
packet-storm protection
+ + ? + 128-bit + 253 users +
2 LAN (10/100 switched)
+ x x +
Buffalo Technology AirStation L11G-L Web + + + ? + 128-bit + 253 users +
4 LAN (10/100 switched: L11G-L)
undocumented support in some units
x x x L11G-L: $170 L11G can repeat wired traffic to other access points
D-Link DWL-1000AP Web + x ? ? x 128-bit ? ? x x ? x x $160
D-Link DI-711, DI-713P, DI-714 Web,
Mac support
+ + + + 128-bit ? 252 users +
1 (DI-711), 3 (DI-713P), or 4 (DI-714) (10/100 switched)
x serial port: DI-714 x +
Win: DI-713P
DI-713P: $150
DI-714: $155
Intel Wireless Gateway WLGW2011BAK Web + + ? ? ? 128-bit ? 32 users ? 1 WAN
1 LAN (10/100)
x x x x $230 Little to offer
Linksys EtherFast Wireless AP: PrintServer (BEFW11P1), Switch (BEFW11S4) Web + + + + + 40-bit (PrintServer)

128-bit (Switch)

+ ? ? 1 WAN
1 LAN (PrintServer), 4 LAN (Switch)
(10/100 switched)
x x x + PrintServer: $192
Switch: $100
Linksys WAP11

Windows-only software

+ x x x x 128-bit x ? ? 1 LAN/WAN x x x x $105 Not really a gateway, but a popular unit for linking networks together
Proxim NetLine Wireless Brdoadband Gateway Web + Some pattern attack protection + + + + 128-bit ? 15-20 users +
+ x x x $260
SMC Networks Wireless 7004AWBR Web + pattern detection + ? + + 128-bit ? 253 users +
3 LAN (10/100 switched)
undocumented, not in all units
serial port
SMC has suggested future support



Configuration. Most gateways use a Web-based interface to configure, reboot, and install firmware (internal software) updates. A few require proprietary Macintosh or Windows software to manage them, needlessly limiting their market. Some Web-based gateways use Windows tools for firmware upgrades, or have limitations that keep Web tools from performing upgrades under Linux or Mac OS. See notes accompanying each gateway.

DHCP Server. All units surveyed except the Xircom offer a DHCP server to hand out IP addresses to local machines on request. These servers almost always work in bridge mode to offer DHCP over both a wired LAN and the wireless network.

Firewall. Most gateways have firewall features that block ports and attacks. Most gateways offer separate a WAN (Wide Area Network or broadband) Ethernet port and one or more LAN (Local Area Network) ports that a firewall protects as well: the LAN traffic is sent via the firewall before heading out over the WAN port. The amount of customization varies, as does the difficulty of allowing certain kinds of traffic to pass throgh. Some units monitor for pattern attacks and/or log firewall violations.

NAT. Almost all gateways support NAT (network address translation), which is a firewall-like service that masks internal machines by assigning them private addresses. The NAT software sorts out which machines packets need to be sent to and from, but the internal network is invisible to the outside world.

Punch through or virtual servers. Most units that offer NAT and/or firewall support also let you create a path between the gateway and a specific port on a specific machine on the network. This allows you to run a Web server without using a static IP or exposing the entire machine or network to the Internet.

DHCP Client. Almost all the gateways sport a DHCP client to request an address from a broadband provider. The gateway requires this client in order to route traffic through the provider.

PPPoE. PPPoE (PPP over Ethernet) is used by some broadband companies as a security measure and/or as a session-length-control tool. Practically all the gateways support this as well.

WEP encryption. Although the encryption built into 802.11b has been compromised, WEP (Wireless Equivalent Privacy) is still a first line of defense and a reasonable way to prevent casual users from peeking into your network, especially for home users who don't create enough traffic to allow crackers to extract the key. Most gateways now support full 128-bit WEP encryption keys; older gateways only supported the shorter key, known variously as 40, 56, and 64 bits long, but all compatible with each other. Note that some gateways require you to manually make up and enter 14 pairs of hex digits to create a 128-bit key while hiding the values from you as you type them (SMC Networks, for instance). This can be an exercise in frustration, as a single slip of the pinky and you've rendered your unit inaccessible.

Cloning address for gateway. Some broadband providers use a MAC address (the unique Ethernet Media Access Control layer address) to limit access to a single machine on a network. The gateway may need to clone or replicate the MAC layer address of a machine on the network in order to connect to the remote broadband service.

Simultaneous Users. The number of machines supported by each gateway varies, and manufacturers' recommendations aren't necessarily the guide to follow; I've tried to indicate the numbers of users claimed, at least. There's a sharp distinction between the number of NAT addresses a unit can feed out (usually 252 or 253) and the number of users it can actually cope with simultaneously. Many companies are employing a sort of marketing cloud by stating the NAT limit, not the user limit. If you see a number like 35 to 50, it's more likely to be a true count of users.

VPN. VPNs or Virtual Private Networks use end-to-end encryption to make sure that traffic can't be sniffed or intercepted in legible form between a user's machine and the end goal inside a company network. There are two protocols for VPN in wide use, PPTP and IPSec, and a third, L2TP, gaining in popularity. If you need to use VPNs via a home gateway, make sure it can pass the protocol your company uses. Support varies widely and changes constantly, so check the current specs or call the company to be sure.

Ethernet. All the gateways surveyed include an Ethernet port. Some also include one to four additional ports for the LAN. One port is dedicated to the WAN connection, such as a DSL modem. Just because a unit offers multiple LAN Ethernet ports does not mean that it has a firewall between the LAN and WAN. Most of these Ethernet ports are 10/100 Mbps and many gateways with hubs are switched (separate channels for each port offering full network bandwidth); see details by access point below.

AppleTalk and NetBEUI. Mac OS and Windows have their own filesharing and printer protocols which not all access points will pass. For instance, only Apple, Asante, and Proxim gateways pass AppleTalk and note this in their documentation; SMC Networks's gateway also passes AppleTalk but doesn't mention it. If you're using a wireless network just for Internet traffic (TCP/IP), this doesn't affect you. But if you're trying to build an internal wireless network and the gateway can't handle the protocols you need, it's a showstopper. Read the tech specs very carefully and compare notes with other users.

Modem. The Apple and Agere models have a built-in "56K" modem for dial-up routing. A few others have an RS-232C port to connect to an external modem or ISDN device that use PPP.

AOL. Tens of millions of people dial up to AOL every week with no broadband connectivity in sight. Only Apple's current AirPort Base Station (or older one with new firmware) can dial AOL directly and pass through traffic from a wirelessly connected computer which is using the AOL 5.0 client for Macintosh. A Mac OS X version is coming.

Print spooling. Many gateways have - as a default or as one of their model options - a parallel port to allow the unit to function as a print spooler for Windows machines; the Asanté claims to work for Macs as well. (An alert reader pointed out that many of these spoolers support Unix LPR style printing as well as Windows's print system. Macs can print to LPR by using the Apple Printer Utility to set up an LPR device. That application is installed by default - search your system for it.)

Prices. Checked 6/02 at manufacturers' Web sites and online merchants. Listing a price is not a guarantee of any kind. Links to are provided as available.

Return to main article and site