3Com OfficeConnect ADSL Wireless 54 Mbps 11g Firewall Router
This 3Com product has many functions: router, firewall, adsl modem, wireless access point, 4 port switch. 3Com chose to give two names to its products: a name for the market (as the long name in the title), which identifies the purpose of the product and is not changed when a new model replaces the older one, and a model name, a number which identifies the specific model.
The "ADSL" term in the name is particularly useful to specify that it's a adsl modem too, with a RJ-11 port that would connect the router directly to the phone line, through a RJ-11 cable, just like any adsl modem; in fact I found several routers that were capable of routing the adsl signal but were equipped with a RJ-45 port instead of a RJ-11 port: they were not DSL modems and needed to be connected to an external DSL modem. Checking the rear of the product, maybe on the user guide, can help making sure the router is a DSL modem too.
I will review two 3Com OfficeConnect ADSL Wireless 54 Mbps 11g Firewall Router models, the older 3CRWDR100A-72 and the newer 3CRWDR101A-75.
- Reliability and 3Com assistance
- Wireless trouble with 3CRWDR101A-75
- Wireless coverage
- Other features
- Missing features
I bought the 3Com OfficeConnect adsl wireless router, model 3CRWDR100A-72, in bundle with the 3Com OfficeConnect wireless PC Card, model 3CRWE154G72, for 99 euros in December 2005. I was choosing between this router, the Netgear DG834G/GT and the D-Link DSL-G604T. I spent some time reading comments by other users, and for each product there were opposite opinions: someone reported short wireless coverage, while for someone else it was great; and there were always some people reporting a malfunctioning unit. Apparently, the D-Link had some sort of buzzing that was annoying many people but had a wider coverage than the Netgear. Opinions regarding the 3Com were quite few but I found two very complete reviews: one was a test of three 3Com products (the 3CRWDR100A-72, the 3CRWE154G72 PC Card and the 3CRUSB10075 USB adapter) by wireless-italia.com, an italian site about wireless topics, and the other was a comparison between 10 wireless routers by trustedreviews.com: the direct comparison was particularly helpful because maintaining the same test conditions it was possible to see which router had the widest wireless coverage and I could see that 3Com was one of the best routers in the group in all the tests, together with Belkin, a product I could not find in Italy.
Unfortunately, the OfficeConnect router failed twice: the first one 3Com sent me a repaired identical router, the second one 3Com sent me the newer model, the 3CRWDR101A-75.
The package contains:
- obviously, the router and its power adapter
- 4 rubber feet
- 1 phone cable
- 1 straight-through RJ-45 cable
- the user guide, a cdrom with the pdf user guide and the warranty stuff
The default IP of the router is 192.168.1.1, so I had to change my pc network properties to start configuring it (I use fixed IPs): I set my pc IP address to be automatically obtained from a DHCP server, then I could set the router IP, the password for the router administration, the wireless and dsl settings etc. There is a setup wizard that sets the main parameters for standard situations, then it's possible to change the settings manually.
I had some problems getting dsl online at first because I didn't know which were the correct settings for my line, and 3CRWDR100A-72 missed the dsl settings autodetect feature which has been added later into 3CRWDR101A-75.
Wireless installation was much simpler, maybe because I did get informed about wireless security before buying the router. Also the 3CRWE154G72 PC Card installation is easy: as advised by 3Com instructions, I first installed the driver and software from the cdrom, then inserted the PC Card; that was to avoid the Windows "New hardware found" feature, that sometimes doesn't work well; finally, I set the wireless parameters to match those on the router.
The user guide is smart and clear, and gives basic information about what a setting is for.
Installation was complete: there was no need to change advanced settings for normal uses and firewall settings were safe enough; I changed the firewall settings later to fit my specific needs.
- ADSL modem [-]
- ADSL over POTS, ITU Annex A: ANSI T1.413 issue 2, ITU G.992.1 (G.DMT), ITU G.992.2 (G.lite)
- ADSL 2 (up to 12 Mbps downstream / 3.5 Mbps upstream): ITU G.992.3 (ADSL2 DMT), ITU G.992.4 (ADSL2 G.lite)
- ADSL 2+ (up to 24 Mbps downstream / 1 Mbps upstream): ITU G.992.5
- DSL can be disabled
- PPPoA (RFC-2364)
- PPPoE (RFC-2516)
- bridged/routed over ATM (RFC-1483, RFC-2684)
- 1 RJ-11 port
- Router/gateway [-]
- static routing
- dynamic routing
- DHCP server
- dynamic dns
- Firewall/security [-]
- SPI: can be disabled or set to 3 different levels of security (and the highest level, in the 3CRWDR101A-75 only, allows to set custom parameters for DoS and connection policy)
- content filter: 30 rules max based on URL or part of URL
- hacker pattern detection
- event log
- port forward by port + 20 IP forward
- access to configuration from WAN: yes specifing the remote IP, can be disabled
- client IP filter
- content filter with 14-day free trial
- VPN pass-through
- 10/100 4-port switch [-]
- 4 autosensing RJ45 10/100 Mbps ports (10BASE-T/100BASE-TX)
- auto mdi/mdix
- 54 Mbps wireless access point [-]
- 802.11b 11Mbps dBm+: 16dBm 11, 5.5, 2, 1 Mbps
- 802.11b sensitivity @ 11Mbps dBm-: -82 dBm @ 11 Mbps, -85 dBm @ 1÷5.5 Mbps
- 802.11g 54Mbps dBm+: 18dBm 54, 48, 36, 24, 18, 12, 9, 6 Mbps
- 802.11g sensitivity @ 54Mbps dBm-: -66 dBm @ 54 Mbps, -85 dBm @ 6÷48 Mbps
- 802.11e (QoS)
- frequency band: 2.4-2.4835 GHz
- 2 antennas that can be oriented but not detached
- connector for external antenna: NO
- estimated range (claimed by 3Com): 100 meters inside, 457 meters outside (100 meters inside, 350 meters outside claimed for 3CRWDR101A-75) 
- wireless activity monitor: WLAN LED on when wireless is enabled, blinking when there is wireless activity
- WPA: 256 bit with Radius server
- WPA2: not supported by 3CRWDR100A-72, supported by 3CRWDR101A-75
- WPA-PSK (TKIP) (3CRWDR101A-75 supports AES too)
- WEP 40/64/128 bit
- MAC filter: 32 MAC max
- MAC/IP matching: yes if using dhcp
- router IP can be changed
- SSID can be changed
- SSID broadcasting can be disabled
- Access Point function can be disabled
- Speed can be forced to 11 or 54 Mbps
- General features [-]
- Power on/off through button (3CRWDR100A-72 only, 3CRWDR101A-75 lost it)
- 3-years warranty
- configuration by http
5 months since I bought it, wireless, dsl and 3 of the 4 LAN ports suddenly stopped working (the router didn't even try to detect the line), and it was not possible to do a hardware reset (pushing the little reset button nothing happened). Currently failures of such products happen quite often to almost all producers (since they started building them in China instead of Taiwan, Singapore and Malaysia, the former cheapest production countries), so I wouldn't take it as a reason to choose another make.
I called 3Com assistance and the assistance guy asked me to make some tests, the same I had already done after reading the user guide, then he opened a RMA and after only 3 days I received at home another 3CRWDR100A-72: they first sent me another router and then I had 30 days to send back the broken one, after which they would have charged me the cost of the router; in my case I brought it personally to the Italian 3Com assistance, that's fortunately located at about 15 km from my house, saving shipping costs.
Support by email was quite late (they answered me 4-5 days since my web request for assistance), instead support by phone was very good; 3Com website, where I looked for assistance at first, was not very intuitive: I spent at least 1 hour searching for an email or a form where to ask for assistance but I only found a "request info" form. I had already registered me and my router on 3Com site but the only thing that can be done online to get assistance is opening a RMA; I wanted to explain my problem and get an answer like 'We will substitute your router' before opening a RMA myself: if I opened a RMA and 3Com technicians didn't find any malfunction (i.e. the problem was due to a misconfiguration and I delivered the router to 3Com thinking it was a failure, like when the provider change some settings without any advise), they would have charged me a penalty cost.
But the most disappointing thing is they sent me a used, formerly broken and repaired router, not a new one; the 3Com guy confirmed this at the phone and a little scratch on the bottom metal surface is a proof it's already been used. It's unpleasant to know that it's a common practice to send regenerated products as substitutions for broken ones. The good news is the "new" router they sent me has probably been repaired in Germany (it came from there), where quality controls are certainly stricter than in China.
1 year and 5 months after the first replacement also the repaired router stopped working: this time, as soon as I switch it on, all the 4 LAN leds and the Power led light up, even if the LAN cables are unplugged, and the wireless, sync and online leds don't light up, and router was dead: dsl, wireless, LAN were not functioning. I opened a RMA myself but I received no response before 4 days later; in the meantime I also contacted 3Com on the phone, but I had to first talk with a vendor because there isn't a direct assistance service. Finally I received two new routers, both 3CRWDR101A-75, the model next to 3CRWDR100A-72, both with user guide, cables and CD but without AC adapter. Obviously, I had to return one of the two new routers along with the malfunctioning unit.
As I replaced the 3CRWDR100A-72 with the 3CRWDR101A-75 a new problem arose, a blue screen of death on the notebook when wireless is activated. This is the message:
0E in 0028:C14E513F nel VxD VNBT(01) + 000011DF
This error occurs when the 3Com 3CRWE154G72 PC Card and the 3Com 3CRWDR101A-75 router are connected via wireless, but it has never occurred with the same PC Card on the same notebook connected to the 3Com 3CRWDR100A-72 until the day I replaced the router. After uninstalling and reinstalling the PC Card drivers and even formatting and reinstalling Windows 98 (following 3Com support advices) I came to this conclusion:
- with the 126.96.36.199 driver coming from the PC Card installation cdrom and encryption set to WPA-PSK, it's possible to use the wireless connection for a randomly short or long time before the BSoD appears, then wireless will not function until Windows is restarted
- with the 188.8.131.52 driver and encryption disabled, it seems the BSoD doesn't occur
- with the 184.108.40.206 driver 3Com support sent me (220.127.116.11 is the Windows 98 driver version included in the 18.104.22.168 release), either with WPA-PSK or with encryption disabled, the BSoD appears as soon as the wireless connection is activated
- unbinding the "Client for Microsoft networks" from "TCP/IP -> 3Com OfficeConnect Wireless 11g PC Card (3CRWE154G72)" in the network properties the BSoD never appears, with any of the two drivers, before and after reinstalling Windows, with or without WPA-PSK encryption
So, a workaround is to unbind the "Client for Microsoft networks" and use an alternate way to share files (ftp, for instance - I use the freeware War FTP Daemon), because the other non-solution of using the old driver and disabling WPA-PSK is not acceptable.
Another trouble I incurred is WPA-PSK was not working just as I reinstalled Windows 98 and the 3Com driver: the PC Card and router were detecting each other but the PC Card couldn't get a link and ping the router. It was because for some unknown reason the drivers installation didn't install the Aegis protocol. I had to run
AegisI2.exe from the
Program Files\3Com Wireless 11g PC Card folder.
Upstairs wireless signal (%) with the 3CRWDR100A-72 I bought
Downstairs wireless signal (%) with the 3CRWDR100A-72 I bought
My home is 100 square meters and the router is located upstairs near the south wall (room A in the pictures). Upstairs the signal is good and stable in all the rooms, even near the north wall (room E, there are three walls in between); the signal is a few points less powerful when I sit with the notebook looking in the opposite direction of the router, and my body making an obstruction to the wireless connection between the notebook and the router (I used the symbol IO), than when I look towards the router and don't stand in their way (OI).
Downstairs inside the house the signal varies from 40% to 55%, depending on the location, and falls very often (especially at location g); it's usable only near the stairs (h) but even there the connection drops quite often. In the garden, just under the window where the router is located (location b), signal is stable at 66-73%, with peaks at 60% and 80%, and connection almost never drops. Going a little farther (c) it's a bit better (73-80%). At 15 meters north of the house (j), signal is at 40% but the notebook must be located in a high position: sitting with the notebook on the legs the signal is too low to be used without falling every minute.
Reading articles and forums about wireless it seems that positioning the router at the center of the house and in a higher position the signal improves. My experience is a little different: with router upstairs (A) and notebook downstairs (g) I have a weak and very unstable signal, while switching the two positions (the router downstairs at location g and the notebook upstairs at location A) I have a more usable signal. Indeed, my experience tells me that when the signal is weak it could be improved or worsened simply moving aside some centimeters or turning the notebook position by some degrees, just like what happened with the first cell phones. Furthermore, closed doors and windows significantly reduce the signal: for instance, at location i in winter, when windows are closed and blind, the signal drops too frequently to work there, instead in summer, when windows are fully opened, the connection is usable and seldom drops.
With the repaired router I've got a slightly weaker signal than with my former one, and the two antennas in the repaired router appear less reliable, being less firm than the former one's. See the following pictures for signal details.
Upstairs wireless signal with the repaired 3CRWDR100A-72
Downstairs wireless signal with the repaired 3CRWDR100A-72
The 3CRWDR101A-75, the newer model, seems to have a stronger signal than the repaired 3CRWDR100A-72 and about the same, or maybe a bit stronger, than the old 3CRWDR100A-72. Since the two models have the same technical specifications regarding wireless power, I think the major power of the newer model is not by design but depends on the same "random" cause that made the repaired 3CRWDR100A-72 having a worse signal than the 3CRWDR100A-72 I bought.
Upstairs wireless signal with the 3CRWDR101A-75
Downstairs wireless signal with the 3CRWDR101A-75
I did all these tests using UltraVNC and Remote Desktop on a connection between a pc connected to the router LAN port and a notebook's 3Com 3CRWE154G72 PC Card: when I say the signal drops I mean VNC viewer hangs a few seconds and then drops.
Using a RDP connection when the signal is weak and is about to drop the connection doesn't fall immediately like VNC connection: a "broken connection" icon on the upper right corner flashes for some seconds and the connection could be kept alive moving a bit the notebook to get a better position and a better signal.
To measure the wireless signal I used the 3Com OfficeConnect Wireless Utility coming with the 3CRWE154G72 PC Card:
These routers support port triggering, which can be configured in the Special Applications section, and port forwarding, which can be configured in the Virtual Servers section, both with a maximum of 20 rules. Every rule can be enabled or disabled, a useful feature I use to allow or deny to myself temporary access to my pc from the internet. Peer to peer programs ports are a case of port triggering: I can run DC++ on any machine inside my LAN (one at a time) setting the port used by DC++ in Special Applications; a web server is instead a case of port forwarding: all connections coming to the router's public port 80 will be routed to the IP and LAN port defined for the Virtual Server having 80 as public port.
SPI (Stateful Packet Inspection) settings are summarized in one only parameter, the firewall level: high, medium, low or disabled; what the three levels do exactly can't be known. With firewall level set at High I've never had any problem with 3CRWDR100A-72, even with peer to peer programs; only once, just after installing a torrent client, I had to reduce the number of simultaneous connections in the program settings because the default settings were causing the router to report flooding in its log.
Something has changed in the 3CRWDR101A-75: first, there is an e-mail alert service, missing in the previous model, whose alerts could be accessed reading the log, either through the router's web interface or through a syslog program; second, choosing the High level some more parameters can be set:
- Fragmentation half-open wait: 10 secs - Configures the number of seconds that a packet state structure remains active. When the timeout value expires, the Router drops the un-assembled packet, freeing that structure for use by another packet.
- TCP SYN wait: 30 secs - Defines how long the software will wait for a TCP session to synchronize before dropping the session.
- TCP FIN wait: 5 secs - Specifies how long a TCP session will be maintained after the firewall detects a FIN packet.
- TCP connection idle timeout: 3600 secs - The length of time for which a TCP session will be managed if there is no activity.
- UDP session idle timeout: 30 secs - The length of time for which a UDP session will be managed if there is no activity.
- H.323 data channel idle timeout: 180 secs - The length of time for which an H.323 session will be managed if there is no activity.
DoS detect criteria
- Total incomplete TCP/UDP sessions HIGH: 300 sessions - Defines the rate of new unestablished sessions that will cause the software to start deleting half-open sessions.
- Total incomplete TCP/UDP sessions LOW: 250 sessions - Defines the rate of new unestablished sessions that will cause the software to stop deleting half-open sessions.
- Incomplete TCP/UDP sessions (per min) HIGH: 250 sessions - Maximum number of allowed incomplete TCP/UDP sessions per minute.
- Incomplete TCP/UDP sessions (per min) LOW: 200 sessions - Minimum number of allowed incomplete TCP/UDP sessions per minute.
- Maximum incomplete TCP/UDP sessions number from same host: 10 sessions - Maximum number of incomplete TCP/UDP sessions from the same host.
- Incomplete TCP/UDP sessions detect sensitive time period: 300 msecs - Length of time before an incomplete TCP/UDP session is detected as incomplete.
- Maximum half-open fragmentation packet number from same host: 30 packets - Maximum number of half-open fragmentation packets from the same host.
- Half-open fragmentation detect sensitive time period: 10000 msecs - Length of time before a half-open fragmentation session is detected as half-open.
- Flooding cracker block time: 300 secs - Length of time from detecting a flood attack to blocking the attack.
The above values are the default values, and the explanations come directly from the user guide.
I had to raise the Maximum incomplete TCP/UDP sessions number from same host because when I was trying to check for new mail with a Hamster script that contacts many mailservers simultaneously (Hamster is a scriptable mail and news program) the firewall was blocking connections and reporting flood attack from inside the LAN to the dns server. This is the alert mail sent to my mail address:
Your router has detected and protected you against an attempt to gain access to your network. This may have been an attempted hacker intrusion, or perhaps just your Internet Service Provider doing routine network maintenance.
Most of these network probes are nothing to be worried about - these types of random probes should NOT be reported, but you may want to report repeated intrusions attempts. Save this email for comparison with future alert messages.
Your router Alert Information
Time: 09/08/2007, 07:56:02
Message: UDP Flood to Host
Source: 22.214.171.124, 32768
Destination:126.96.36.199, 53 (from PPPoE1 Outbound)
Visit the UXN Combat Spam web site to get more detailed information about the intruder - http://combat.uxn.com/
1. Type the intruder's IP address into the IP WHOIS search engine
2. Click the Query Button
3. Detailed network and administration information will be displayed"
Another useful firewall feature allows to restrict or completely deny traffic from certain LAN IPs; the firewall section where to configure restrictions is called Access Control in 3CRWDR100A-72 and PC Privileges in 3CRWDR101A-75; it's possible to:
- block certain ports for certain IPs: port-IP pairs can be made (block web access to 192.168.0.1-10, block web + mail + news to 192.168.11-254)
- enable or disable URL filters for certain IPs: if a URL contains one of the keywords it will be blocked for every IP having URL filters enabled, that is, every IP defined in PC Privileges and not having the ByPass URL filters option checked; each keyword can be set as allowed or denied, making possible to either block all the net but URLs containing the keywords or block only URLs containing the keywords; there is a maximum of 30 keywords and neither regular expressions nor simple
- enable or disable content filtering: it's a pay service, free for 14 days, and it's possible to choose which categories of sites are allowed or denied
Such restrictions can be always active or scheduled selecting for every restriction rule one of the rules set in Schedule rules section, which allows to set a hour range, and, basing on firmware version, a date range or the day of week.
Update Sep 22 2013: Configure the firewall to allow VPN connections
When enabling or disabling the wireless network or changing wireless settings the dsl connection drops and restarts. It's annoying, especially if you are running a p2p program with queues or downloading a big file from a server that doesn't support resume. Plan your day activity and decide if taking wireless on or off; the simplest solution is to keep it always on but the best wireless security measure is to disable wireless network as soon as it is not used.
A plus of the 3CRWDR100A-72 is the on/off button, a feature missing in many routers and in the 3CRWDR101A-75 too; it's useful especially if you don't have a general power switch, so that you can avoid plugging and unplugging the router each time you start and stop using LAN or dsl. Since I switch on and off my router when I switch on and off my pc, if I didn't get a general power switch I would plug and unplug the AC cable each time I begin and end using my pc: thanks to the power button it is not the 3Com's case. It seems a trivial thing but I assure you it is not: using one digit to press a button is faster and much more comfortable than using two hands to unplug the cord, especially for lazy or always-in-a-hurry people; and if you think "I'll let it always on" think about the waste of energy (damaging the environment more than your power bill) and, most important, the waves you gift your neighbourhood when you're away and the waves you give yourself when you're sleeping (it has not been scientifically demonstrated they are dangerous for humans, but it has neither been demonstrated they are totally harmless).
There are some features I would like these routers to have:
- grant access to a specific port from a specific remote IP: I would like to give access to my vncserver (port 5900) to connections coming from a remote host with a fixed IP (xxx.xxx.xxx.xxx), but with this router I can only do port forwarding, that means I can choose to redirect all the connections coming to port x of the router to port y of the operating system and to reject all the connections coming to ports that are not to be forwarded.
- better logs and statistics: it only logs the dsl connection start and I once saw some flooding warning when I used a torrent client with too many connections. It would be very useful a log about connections coming from outside and another one listing the wireless devices that got a connection. About statistics, some routers, like some D-Links and the 3CRWDR101A-75, show the amount of Megabytes that have been downloaded and uploaded during the last month; this feature could be useful to whom have a pay-per-megabyte connection.
- monitoring wireless connections: with the 3CRWDR100A-72 it's not possible to see if someone is connected to WLAN. It allows to block all but his own IPs, disable SSID broadcasting and enable a long WPA-PSK key, but it's not possible to see who is connected or which are the available wireless devices, the user must trust these security precautions. I believe it's a serious security leak. Fortunately the 3CRWDR101A-75 allows to see the wireless clients' MAC addresses in the Client List under Wireless Settings.
- monitoring dsl activity: it's not possible to know whether someone or some programs are going outside or someone is coming from outside or scanning my ports; even more, in the 3CRWDR100A-72 the LAN leds flash when there is LAN activity or internet activity, so there is absolutely no visual clue for DSL activity; in the 3CRWDR101A-75 the Online led flashes when there is WAN activity and the LAN leds flash when there is LAN activity, that's better than the older model but I would also like to see a list of current connections.
Unfortunately, I didn't find an entry level router firewall with such maybe too advanced features, and even expensive products miss them.
How to recover ISP username and password
If you don't remember the username and password you configured in the router a lot of time ago when you connected for the first time, and you know they are still stored in the router configuration, there's a simple way to recover them:
- login to the router web interface and go to the page where you configured the DSL connection parameters (Internet Settings, ATM PVC, Edit the existing PVCx)
- view the HTML source of the page (for Firefox users: This Frame, View Frame Source; for Opera users: Frame, Source)
- search for this string:
input NAME="ISP_Username"You will find a piece of html code similar to this:
<tr><td width=185 class=textCell>Username</b></td> <td width=335 class=textCell><input NAME="ISP_Username" TYPE="text" maxlength=63 size=30 value='donaldduck'></td> </tr><tr><td width=185 class=textCell>Password</b></td> <td width=335 class=textCell><input NAME="ISP_Password" TYPE="Password" maxlength=19 size=20 value='313'></td></tr>Watch the username and password that are assigned to
value; in the example they're
Am I satisfied of this purchase? I would have answered yes, if it didn't break two times: one time, it could happen; two times, it means the components quality is scarce.
There are some disadvantages and missing features but routers of the same level don't offer much more. Placing the router upstairs the wireless signal is too weak in some rooms downstairs; I could have chosen a 108 Mbps instead of this 54 Mbps router but I doubt the signal would have been better (increasing the speed the signal stabilizes but its capability to pass beyond obstructions like walls and doors does not increase); unfortunately, at the time of my purchase the 802.11n, a new protocol that would increase the wireless coverage even in presence of walls, was not a standard yet, although there were already some expensive products claiming to be 802.11n compliant.
Thus, I believe at the time of the purchase the 3Com Office Connect 3CRWDR100A-72 was one of the feature-richest entry level wireless routers on the market; and it seems the 3CRWDR101A-75 provides some of the previous model missing features. Features attract customers, but keeping them requires quality: well, 3Com has just lost one customers, unless they upgrade their quality standards to acceptable levels.
 It's more like the 3CRWDR100A-72 outdoor wireless range was over-estimated than the 3CRWDR101A-75 outdoor wireless range has been reduced.