Hi. I am a new owner of one of these, I thought I'd leave some feedback in case anyone cares.
* I first reviewed the whole new user guide, and found it to be in pretty decent shape. The only issue I have with it is that some of the variable content that only shows up under certain conditions has been omitted from the screenshots.
* the whole bit about having to reboot, and the reboots taking so long, every time you make some change, gets old very quickly. Is it really necessary to reboot for ?2? minutes for every little change?
* if it is, why can you not warn me first and let me decide to do it later, or save changes and reboot once for the whole set? Even a consumer class dlink router warns me and gives me a chance to think twice. I guess this leads to the philosophy of 'dont touch the router unless it is a good time to reboot it'. However, I doubt that the developer of this mess ever sat down and provisioned one of these from start to finish. They would probably be suicidal afterward.
* the 'service management' page needs to be redone, it is clumsy, hard to understand, and not user-friendly. I expect business-class products with web UIs to be at least as easy to use as the consumer class products. Watch a newbie try to add a service and you will see what I mean. Or if it is going to be hard to use, then second choice is to provide a help button!
* log settings leave a lot to be desired. if not on the web page itself, why does the manual not explain the level #s and what they are for? and no warning that certain settings are going to bombard me with little mail messages. and the items don't have a level # in them to know why they were chosen to go in the mail. Again, no screen shots for this part!
* finally, I played a bit with IPV6. I found that the router somehow got an IPV6 IP address on its own, and after over-writing that address with one of my own, it soon reverted back. It would be nice if more documentation existed for the ipv6 aspects of this product. the manual is a bit lite on details. As in my first bullet above, it would be great if the different modes with their impact on the UI were reflected in the manual as screen shots.
I am hoping this will be very stable for me, I'll report back in a month or two unless something really bad goes wrong.
fun with logging...
so far I only see logging under '4', and it is a potfull, but nothing under the other numbers. granted they may be associated with vlan or vpn or something, it would be nice to see them documented. for a numbering scheme to be worth anything, it has to allow intelligent selection of the data to be seen by the user.
graphing with color...
on the ips graph, the lines are slightly different colors, but the key does not seem to carry those two colors. how about better contrast in the choice of colors? And please have the key match with the actual colors.
menu scheme preferences...
it seems the menu scheme mixes pages used to configure with those used to monitoring. In my personal opinion/preference, it would be nice to have those separate. As it is I have to pick and choose to review current status - IPS then report, lan then statistics, status and the two tabs there. maybe you could get an intern or co-op employee to do some task analysis for this.
not so open source
thought I'd look at the source code to see about the logging situation, found that the only code available was from 2008.
I see that the IP address it is using is for 6to4. I was able to get dns lookups going, but very little beyond that. the only site that actually is reachable
by ping6 is www.ipv6.bt.com, not that it is usable for anything. but not ipv6.google.com, anything else useful.
anyone actually using this feature?
why does the Current Time not show on the TIME settings page?
and the DST function could use some work. Don't feel bad,
my old router was just as bad with DST but at least it showed the current time on the page which had the settings.
talks about high, middle, normal, low choices, but neither the help page nor admin guide say what the difference between medium and normal is, and how the remaining 25% of bandwidth is split among them.
security log email:
Mar 25 14:14:56 - Receive NTP Reply from 192.168.1.69
Mar 25 14:15:08 - IPSEC EVENT: KLIPS device ipsec0 shut down.
Mar 25 14:15:11 - HTB init, kernel part version 3.16
Mar 25 14:15:13 - HTB init, kernel part version 3.16
14:15:11, one snmp_coldstart and one 184.108.40.206.220.127.116.11.5.1
but on main page is still says:
System up time: 2 days, 22:40:04
voice calls and a pass-thru vpn connection did not fail but something went wrong.
what was it?
How are you finding the router in terms of the QoS features?
You mentioned in a different thread about a small glitch when clicking on web links. Are you still using a seperate switch and vlan to handle the phone traffic?
Unfortunately in my case I can't use a seperate switch as the voice traffic will be from Skype!
Keep up the good investigation work!
Good to see someone reads these forums.
aside from the quirks above, this router is working well with the dual port / dual switch VLAN scheme. The other one worked fine too in this mode, although it was getting more and more frequent lockups. It will be 6 months before I can bless this one as reliable enough, I'm kind of a stickler that way.
With regard to the QOS features, this one has the advantage of both upstream and downstream rules. The gamefuel was only for upstream,
but it was more flexible in terms of being able to provide rules for a (LAN) ip address, not just a port set. However, the combination of the smart switches and this router seems to allow the equivalent functionality.
I'm getting a different outlook on things at this point. given that the phones / TA can mark the upstream traffic, and many switches can
work off those markings without being 'smart' or 'managed', I am wondering why no consumer or simple small business routers seem to allow
downstream marking based on LAN IP or service.
I will probably spend the next year or so digging through the various products to see if the command line stuff can do what I am interested in. It is not an urgent matter as this setup is doing what I need. Getting the applications on the PCs to mark the traffic appropriately is also a challenge, In the mircrosoft world it looks like you have to do stuff with policies etc. In the end, this is just polishing the apple as a gigabit LAN can handle lots of stuff if you can segregate out the sensitive WAN traffic.
Regarding Skype, not sure why it could not receive similar treatment.
what the heck?
security log email:
Mar 29 16:18:35 - 4>[Access Log]OIN=eth0 OUT=eth1 SRC 18.104.22.168 DST 22.214.171.124 LEN`
TOS=0x00 PREC=0x00 TTLc IDe453 DF PROTO=TCP SPT5230 DPT 21 WINDOWX40 RES=0x00 SYN URGP=0
near as I can make out SRC ip 192.168.1.69 (linux pc) dest 192.168.100.1 (cable modem)
can anyone read this garbage?
In fact, does anyone at Cisco actually read the forums?
all the log is saying is that your Linux box initiated an FTP connection with a source port of 5230 and destined for (does not mean final destination) your cable modem with destination port 21 began to make a connection today at 4:18:29; this is SYN packet; just the begining of a conversation.
Sounds like you have connection logging enabled. Are you having a problems with the notifications, or just mean they are cryptic?
* it says 'access log' but it was sent as a security log email
* it has three pairs of binary characters where there should be printables
* it doesn't show up in any of the logs accessible through the admin/log page of the router
* assuming the '4' means a level 4 log, it should have been suppressed because '4' is disabled
* as the only emission from the device not related to settings changes, I see it as an anomaly rather than a feature.
* And there should be no ftp between the stated IP and the cable modem which is what it claims.
The exact same thing is happening to me. I keep getting these somewhat cryptic messages:
Jul 21 17:55:53 - 4>[Access Log]OIN=eth0 OUT=eth1 SRC 126.96.36.199 DSTt.125.95.121 LENd TOS=0x00 PREC=0x00 TTLc ID5287 DF PROTO=TCP SPTS724 DPT€ WINDOWe535 RES=0x00 SYN URGP=0
The subject of the alert was "RVS4000 Security Log [A0:63:73]", so I too am puzzled. I only have logging enabled for 0-3 and like you, nothing shows up in the logs via the admin GUI. I am going to set up a local syslog server and see if it captures different info, or at least more readable log info.
Barring a full explanation, I'd equally appreciate being pointed to a resources that explains the different alerts the RVS4000 can generate in more detail, especially security related messages.
I am assuming this is innocuous, but I'd really like to know for a fact that is the case.
There is, of course, the ever present:
Jul 21 21:43:57 - IPSEC EVENT: KLIPS device ipsec0 shut down.
I get this one every single day.