Introduction

9 May 2012

I purchased this router specifically to enable IPv6 on my network. At the same time, I wanted to replace my ageing wireless access point that was giving me trouble. After a bit of research, E4200v2 looked like a good choice. If Cisco cannot build a decent home router, who can, right?

I ordered this router directly form the US, from B&H, who have been nothing but professional.

Of course, Cisco immediately told me that my warranty will be void, because the router was shipped to Australia. I'm sure networks here are very different than anything they have in North America. :-)

First impressions

The router is well built and it looks quite elegant. Ethernet is very fast and wireless provides strong signals in about half of my home (for the rest, I have other access points). The setup, using the web interface, was pretty easy.

However...

Bugs, bugs, bugs

The software shipped with this router is full of bugs. Even security problems, which have gone unfixed (to my and Cisco's knowledge) for months.

For instance, I had to disable IPv6 support altogether, because the Stateful Packet Inspection (SPI) firewall is completely non-functional for IPv6. If IPv6 is enabled, anyone can open a new TCP connection to any host on the network, right from the Internet. Simply unacceptable. Cisco didn't even open a CVE for this, although they've known about it for over two months now.

The original firmware that came with the router is version 2.0.36.126507. This firmware has no ability to disable Wi-Fi Protected Setup (WPS, which is faulty by design), unless Service Set ID (SSID) broadcast is disabled. A newer firmware, 2.0.37.131047 (not 2.0.37.131676, which got briefly released by mistake), has the disable option. Unfortunately, this version breaks the DMZ feature (ports 80 and 443 are no longer forwarded), so for my purposes, it is unusable.

I tried to work around this problem in 2.0.37.131047 by explicitly forwarding ports instead of using DMZ feature for it, but that does something even worse: it forwards requests to administrative interface over HTTPS to the DMZ machine as well. The only way to get this done is to disable HTTPS (why?) administrative interface and then forward ports explicitly. Mind boggling...

On top of all this, disabling management access from wireless does nothing.

I am suspecting that whoever wrote the software for this router hard coded IP addresses into the software, instead of taking into account traffic on internal v. external interface when deciding what to do with it. Just a theory of course.

Updates (sort of)

Today (4 Jul 2012), I tried FW_EA4500_2.1.38.138143.SSA firmware. Yeah, I know - why would I be trying firmware for a different router? Because, well, EA4500 and E4200 v2 are exactly the same thing. Enter marketing geniuses at Cisco. :-)

The firmware applies and boots fine. However, the DMZ bug was not fixed. Why would anyone want to fix regressions, right? I didn't even bother trying with IPv6.

But never mind unfixed bugs. Someone at Cisco has gone seriously bonkers...

You now have to have an account at Cisco Connect Cloud in order to see all the settings on your own router, sitting right there on your desk. WTF? Not only that, but in order to be able to login to see the basic stuff, you need to cut your internet connection. Cisco have got to be joking. Someone's been smoking too much "cloud" weed, me thinks.

Time to dump this piece of garbage as a router. Goodbye Cisco. Hello MikroTik RouterBOARD RB750GL. Cheap as chips and it actually routes (although it did have a problem syncing at 1 Gb/s to my JMicron JMC250 Gigabit Ethernet card - something that was fixed in later versions of RouterOS/firmware).

So, Belkin have now taken over the brand and released FW_E4200v2_2.1.41.162351_prod.SSA firmware in August 2014. Sorry to report, but it is pretty much the same garbage as before. Local management of the router is impossible - everything is in the cloud. So, yeah, avoid at all cost.

Conclusion

For such a prestigious name in networking, this router is an embarrassment. Security and other bugs are simply inexcusable. Sure, the hardware is not bad, but what good is it with so many bugs?

Copyright © 2012 Bojan Smojver.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the licence is here
.