We have the sequel to the 3Com Access Point base station; it is called the HomeConnect Home Wireless Gateway. Unlike the campus-focused Access Point, the HomeConnect is intended to be used as a standalone, wireless gateway and is equipped with the features you’d expect: The DHCP, NAT, firewall, PPPoE, and a three-port, integrated 10/100 Mb switch make this device perfect for the SOHO or limited-wireless-needs corporate network audience. The HomeConnect is priced competitively, listing for $299 when I searched for it on Pricewatch.com.

The HomeConnect Wireless Gateway device operates on the 2.4 GHz frequency band using the IEEE 802.11b communication standard. The 802.11b standard is internationally accepted as a standard that covers many products from a wide variety of manufacturers, all of which guarantee to provide basic compatibility. Coincidentally, 2.4 GHz is getting to be a very cluttered band. Many cordless phones and all microwave ovens operate on this spectrum, not including the HomeRF (reviewed later in this Daily Drill Down). Interference is a possibility, but 802.11b tries to minimize it by using multiple channels in the 2.4 GHz band, as well as by having a variety of transfer speeds.

While the 802.11b is a cellular system that supports the use of multiple base stations to increase the total coverage zone, the HomeConnect is not equipped with this feature. It retains the network identification numbers (referred to as a WLAN area) that keep a client from wandering into the wrong network. As a result, the security conscious should be sure to change the WLAN area from the default to prevent others from wandering into their network.

Security tip

Since wireless networking is broadcast to everyone in range, anyone with a receiver has the potential to eavesdrop. To counteract the security concern, 802.11b includes packet encryption and the option to change the keys in use. You should change the keys. There have been recent reports that imply cracking the encryption used by 802.11b will be easier than originally suggested. This has yet to be proven, but rotating the encryption keys will help keep your network secure.

Physical description
The HomeConnect Gateway has a very unobtrusive flat black design; no protruding antennas, wings, vanes, or other or unusual post-modern art additions. The face is equipped with the standard link, activity, and error lights for debugging. Three RJ45 ports for the internal network, a single RJ-45 uplink port, and the reset button adorn the back.

Specifications and concerns
Wireless support is limited to 35 clients, half the Access Point’s 60 clients. The three internal network ports offset that and provide enough capacity for your average wired small office network, especially if you want to cascade switches and hubs off of it. However, you might want to hold off before planning to use the Gateway as your main network component.

Network features include a DHCP server, network address translation, a firewall, and client service filtering. These are consumer grade SOHO features not suited for the enterprise, and here’s why:

First, the DHCP server is locked in to the 192.168.2.x Class C IP block, putting a total limit of 253 clients and factoring out the gateway’s use of You can’t manage the IP leases manually or force the Gateway to use a single IP for a specific MAC address. While suitable for most SOHO applications, it does limit the reliability of the client filtering, as client filtering is based on IP addresses.

That forced IP address creates another potential snag. While the network address translation (NAT) feature via DHCP is very nice, it isn’t really an option. Oh, you can use a different server to manage your NAT needs, but with that internal address always forced to, you really can’t put the Gateway into transparent networking mode.

Client filtering is intended to keep your kids or employees from getting into things they shouldn’t. Filtered protocols consist of web (HTTP), mail (POP3 and SMTP), news (NTTP), FTP, and telnet and can have start and stop times, along with day-of-week restrictions. These settings are easily understood but provide little flexibility. Any client that configures another IP or configures a proxy on a nonfiltered port can get around the client filter. Since you have to configure each IP separately, you can’t make blanket settings.

The firewall has an internal log feature and is targeted to block nine common types of network attacks: five denial of service (DoS) and four intrusion techniques. The DoSs blocked are the SYN land attack, SYN flood, Smurf ICMP broadcast echoes, Snork UDP packet routing, and the classic oversized ping. The firewall also claims to defend against UDP port scans, zero length IP packets, TCP null scans, and IP spoofing, which is admittedly more of a deception than an intrusion.

I tried several of the ping attacks and all were readily deflected. Since I don’t often attack other netizens, I don’t have the other attacks handy, but I’m fairly certain the listed tools will be blocked. I would be more concerned by the attacks that aren’t listed. However, it is more likely that any DoS attack will take down the Gateway instead of your PCs.

I also scanned the firewall to check the logging functions and was somewhat disappointed. Only my SYN scan was detected; the stealth TCP and UPD scans went undetected, as did the use of IP spoofing. A sense of false security is a dangerous thing.

As far as the physical security of your communications, the Gateway uses the default 802.11b 40-bit security keys. This level of security is more than sufficient to stop a curious teenager who figured out how to put their wireless card into promiscuous mode but really won’t slow down a determined data thief. However, even using the default encryption keys would at least stop random passersby with 802.11b devices from borrowing your bandwidth without some modicum of work.

Setting up the HomeConnect Gateway is like placing any other simple switch or hub in a network. Locate near a power outlet, connect RJ-45 cables to the ports, make sure to get your upstream source cable in the clearly marked and separate uplink port, and the wired connections are good to go. Wireless configuration is done through a simple Web interface. The limited number of options makes it difficult to mess things up and the layout is very functional. Documentation is thorough and is perfect for the target audience.

The wired performance of the Gateway was up to par, recognizing 10 Mb and 100 Mb connections and transmitting data at about 98% the rated speeds. Not bad, but 3Com’s been selling 10/100 Mb switches for years, and anything less would be disappointing. Besides, if you’re buying this product, the switch is a bonus on top of the wireless functionality, which is where we will spend our time.

Wireless tests were conducted under different electromagnetic conditions to simulate various office situations. The HomeConnect is not intended for industrial situations. If you need wireless equipment in an industrial setting, you should look at the AirConnect Access Point.

The stated performance of the HomeConnect system, and all 802.11b devices, is 5 to 6 Mbps at maximum speed. This is because the system uses a preemptive packet collision avoidance system rather than the normal packet collision detection system employed by hard-wired networks. This preemptive system has an overhead cost that seems somewhat exorbitant when small numbers of clients are in use. However, if you remember that the HomeConnect’s wireless client support is analogous to a 35-port hub, you can see how necessary collision avoidance is.

Like a hub, the Gateway shares bandwidth on the wireless segment between all clients. This means that if you had 30 clients and the Gateway was working at its maximum theoretical speed of 5 Mbps, each one would only get about 0.15 Mbps (20 KBps). Of course, this would give each one the equivalent of an ISDN connection. However, that is assuming the Gateway works at the theoretical maximum. This may spoil the next section, but that’s not a good assumption.

Testing conditions
Minimum internal electronic interference
The only active electronic devices were the local file server (without monitor), the Gateway, and a few florescent lights. No computers were attached to the internal switch. This is as clean of a condition as I could expect to appear in any home or office.

Maximum electronic interference
Interference has been introduced in the form of a 21” monitor located about 18 inches from the Gateway, a desktop PC, the file server and hub, a 32” TV, the computer, Gateway, and the coup de grace, a 300-watt microwave about 10 feet down the hall operating on high. I thought about scuffing my feet on the carpet and arcing static discharges into the doorknob but figured that was going too far. I expect that this is more indicative of the indoor working conditions this device should expect to contend with.

Range and obstructions
In addition to the introduced electronic interference, I tested the device at a variety of ranges. The number and type of obstructions are also noted. Tests over 30’ were done with the Gateway within six feet of a window and the client outside. Realize that the effects of the electronic interference are more noticeable when in close proximity. At longer range you will be dealing more with what your client has to deal with rather than what is near the Gateway. Table A shows the results of my testing.

Table A

Range Obstructions Interference Listed Mbps Transfer Mbps Rate KBps Ping time (millisecond/
5′ None Minimum 11 2 250 4 / 4 / 6 / 0
5′ None Maximum 5.5 1 125 4 / 14 / 7 / 0
30′ Two interior walls Minimum 11 2 250 4 / 4 / 7 / 0
30′ None Maximum 1 6kb .5 4 / 17 / 7 / 0
100′ None Minimum 5.5 1.4 175 4 / 9 / 4 / 0
100′ None Maximum 5.5 1.4 120 4 / 12 / 6 / 0
150′ None Minimum 2 .5 64 5 / 55 / 9 / 1
150′ None Maximum 1 0.123 16 5 / 153 /
22 / 5
100′ Two exterior walls Minimum 1 Unsus-tained Unsus-tained 5 / 100 /
22 / 10

As you can see, network performance under best-case conditions was disappointing. Throughput was never able to exceed half the Gateway’s maximum functional bandwidth (5 to 6 Mbps). This is fine for typical consumer DSL service, but it is a little slim for file sharing within the office or taking advantage of larger connections.

Range didn’t really challenge the Gateway, as the performance was adequate around 100 feet. When in immediate proximity, the signal quality dropped significantly but not enough to really interfere with normal operation. However, when used at any range worth justifying a wireless connection, the performance degrades to nearly unusable levels with the introduction of interference. Thus, you are wise to look at the layout of your office and make sure you won’t be using the Gateway anywhere near your break room. Regardless, the Gateway isn’t going to let you surf the Net in the parking lot of your building or in your backyard unless you happen to park in direct sight of it or leave the window open.

Final grade
While the Gateway is no replacement for an actual security policy implemented by people who understand how to secure and maintain a network, it does provide an additional layer of security that will help protect end users. It should block the common attacks and scans that plague many cable modem and DSL networks without affecting your internal network adversely.

Wireless communication has an inherent security risk that comes from transmitting a signal willy-nilly into space. However, the use of 40-bit signal encryption, rather than the more powerful 128-bit encryption, is acceptable in a product of this class. I feel it was less acceptable to have all encryption disabled by default. The only potential pitfall is using the right encryption key, but since default settings are, well, default, it’s just a matter of clicking the right button. Only people who change the encryption key will have to make any significant effort, and those people should realize the work entailed, which, for the record, consists of typing in the same 10-character string into the Gateway and to each of your clients.

The Gateway is a nice piece of equipment as long as it is used when and where intended. It may seem like I’m overstressing this, however, if you expect too much from the Gateway, you will be disappointed. It is targeted for small sites with little to no current network infrastructure that needs a flexible single solution which doesn’t require much maintenance. It does all that quite admirably, although I think the performance and signal strength were a little weaker than I would like, especially after seeing the Access Point.

The HomeConnect Gateway provides a cost-effective 802.11b base station suitable for SOHOs that complements the AirConnect Access Point in 3Com’s product line up. The price is comparable to other feature-rich, consumer-grade base stations once you factor in the integrated switch and the advantage of 3Com’s considerable reputation. So if you need a standalone wireless network solution that can handle all your basic needs, the Gateway is the toy for you. If you plan on integrating it into a larger network, you should pay more attention to its older sibling and know enough to stay away from SOHO products.