TP-Link TL-WA801ND Wireless Access Point Review

In my continuing quest to upgrade our home network to 802.11n wireless and gigabit throughout, I purchased the TP-Link TL-WA801ND wireless access point.

My reason for selecting this device was three fold:

  1. Easily affordable and I could write off the price of it if it turned out to be a turkey.
  2. Single manufacturer of networking infrastructure in my home once all the upgrades are complete, making interoperability more likely.

The third reason requires a little more explanation. TP-Link sell two models of AP that I was interested in. The TL-WA801ND and that TL-WA901ND. Upon first inspection the difference is clear in that the 901 has three antenna for greater wireless client antenna diversity, however upon receiving the specifications, you can see that the extra £9 on the 901 isn’t worth it. Both devices feature a 100Mbps LAN connection RJ-45 port. This means that even if your wireless device is connected using a 40MHz channel width at 300Mbps, the most the AP can push out onto the wired network is 100Mbps, so why am I concerned therefore about antenna diversity? I’m quite happy if the wireless speed drops to 130Mbps because I enforce a 20MHz channel width as that is still faster that the wired interface. Had the 901 features a gigabit Ethernet port then the choice would be obviously the 901. An oversight on TP-Links device design teams in my opinion but that’s just me of course.

The first thing I will say about this device is that I was sceptical. The access point, brand new and boxed from Dabs Online via eBay was only £33. I personally couldn’t understand how someone could make a 300Mbps N rated access point for this price so quite frankly, I was expecting a Meccano set to arrive but not to include any of the tools required and that it would be a DIY access point. Oh how wrong I was.

First impressions are that the device looks a bit cheap and plasticy and doesn’t look as solid and robust as some other products available, but I figure that for £33 it’s almost disposable. It’s supplied with a passive PoE (Power over Ethernet) adapter allowing you to use the AP somewhere in your house without a nearby power socket, up to 30 metres away from the source of the power injection. This is a nice touch as Cisco for example, will charge you extra for a separate line item to include a power injector for PoE. The AP is wall mountable by means of two slot on, slot off screw positions on the underside and the wireless antenna are screw on type allowing you to select different antenna types such as uni-directional our outdoor if you require. The supplied antenna can be rotated and angled at any direction you like for optimal positioning if you wall or ceiling mount it.

Configuration is simple using the web interface and once I have resolved my issues, performance is also good. Transferring a file from a 300Mbps wireless client to my Home Server was done at 10MB/s (Megabytes), effectively maxing out the 100Mbps LAN connection. Some of the features include support for multiple AP modes (AP, Client, Multi-SSID and WDS Bridge). I am using it in Multi-SSID mode, connected to a trunk port on the wired side and it works great. There is also support to use the AP as a DHCP server, configure firewall rules up to Layer 4 and also a builtin traffic analyser to allow you to monitor throughput and performance of the access point.

I did have one issue which TP-Link support helped me to resolve, but other than that, the experience has been perfect. My issue was that when transferring files or streaming media content, it would drop the transfer speed to about 10 bytes/sec and would struggle to exceed 2MB/s. This turned out to be because the access point has a problem with LAN switch ports hard set to a specific speed and duplex configuration. My Cisco 2950 which it was connected to at the time was set to 100/Full. Setting the switch port back to Auto/Auto caused the port to stop generating FCS input errors and allowed the AP to negotiate it’s own speed (100/Full as it happens but never mind) and the performance instantly went ‘through the roof’.

Conclusion?

Great product for a great price. I may be looking to buy another in the future to extend my range/signal at the top level of my multi-story town house home.

Good Enough for a Network Engineer

In my home currently, I have three main areas of tech: There is the garage which hosts my home built rack with my firewall, switch and home server, the study where my desktop and our Vonage phone gateway live and lastly the living room where the HTPC media center lives.

All of this is interconnected with two Cisco 2950T L2 switches which are 10/100 switches with a pair of gigabit ports for god measure, and a Cisco Aironet 1100 access point for wireless. Downstairs, I make use of the gigabit ports on the core switch to the home server connected to a dual port Intel server adapter in a static 2Gbps team to ensure that there is sufficient bandwidth available for multiple clients accessing media content leaving everything else to run at 100Mbps.

I’ve been long toying with the idea of a gigabit upgrade for the home including a new 802.11n access point to increase the wireless speeds from their current 802.11g 54Mbps speed. Being an enterprise grade gear geek, I love having Cisco in my home. The performance meets and mostly exceeds home gear on a 100Mbps port by port basis and the reliability is amazing (prior to a planned power down this week to install a module in my UPS, my core switch had over 300 days uptime), but this all comes at a cost; a financial one and a feature one.

To get me the gigabit ports I so crave at the core, I’m looking at either a Catalyst 2960 switch or a Catalyst 3560G switch. The 3560G is preferred in part because it gives me Layer 3 routing on the LAN side as opposed to doing router-on-a-stick with the firewall to traverse my VLANs but also because it’s an older model now replaced by the 3750 and 3750v2 switches making it marginally cheaper (although the 3560 series, including the 3560G still hold an incredible price purely due to the fact that they are one of the most commonly deployed enterprise switches). For upstairs on the access switch, I’m looking at a Catalyst 2960 Express to allow me to downsize my access layer point count as a 24 port switch for my study is crazy, but at the time served the requirement for LACP port channelling and price.  For the wireless, I’m looking at an Aironet 1140 Series.

When you price up the best of the used prices online for this gear, it’s frightening. £4-500 for the 3560G, £400 for the 2960 Express and £150-250 for the Aironet 1140 Series, totalling around £1,150, something I simply cannot afford or justify for a four or five user home network even if feature rich reliability and stability are critical to me.

After hearing my tales, a network engineer in our office introduced me to a company called TP-Link who he uses in his home and said that it’s good kit. For a network admin who normally deals in the realms of Cisco, RSA and other networking and security big boys, granting TP-Link the accolade of being good must mean they are worth a look surely?

TP-Link have a nice range of product and they actually compare if not slightly exceed Cisco on feature set when comparing like-for-like models, but best of all is their price. For a cool £300, I can get a brand new, Amazon retail priced TL-SG5428 24 port gigabit switch, a TL-WA801ND 300Mbps 802.11n wireless access point and a TL-SG3210 8 port gigabit desktop switch. For the most part, Amazon prices are actually cheaper than eBay prices for TP-Link kit.

So how do they actually stack up? I’ll start by comparing the switches. TP-Link switches are all fanless which means that the decibel from the stack in my study will become nill and garage will be cut probably by two thirds as the switch is currently the loudest item at 41dB for the 2950T. Features I use and rely on such as MAC port security, QoS mapping for voice and ACLs all exist in TP-Link land, and acutally, for TP-Link, they offer Layer 2 through 4 ACLs on their Layer 2 switches, compared to Cisco who only give you Layer 2 MAC based ACLs on the Layer 2 switches. Management options include an IOS alike CLI, Web, SNMP and RADIUS allowing me to manage the switches in the same way I do currently. Network features like LACP, port trunking, port mirroring and more are all still present on the TP-Link side of like too.

For the desktop switch there is actually no feature loss when compared to the rack mount 24 port model. All of the features listed across the two models compare equally which means I won’t suffer for taking a step down to a desktop switch from the current rack mount.

On the wireless front, my current 1100 Aironet access point supports PoE and I’m using this in the form of an inline injector which the TP-Link ships with whereas I had to buy my current Cisco one separately. All the usual wireless access point features exist on the TP-Link access point too such as multiple SSIDs, VLANs, detachable, replaceable antenna, 802.11d, 802.11i and all the managements such as the IOS alike CLI, Web, SNMP and RADIUS again.

The feedback from our network engineer has been that the throughput of the switches and their reliability are both top notch and he’s had no complaints since buying the switch many months ago nullifying the concern I had there.

The conclusion then is that the age old adage of nobody got fired for buying Cisco may stand true, but it looks as though you might not get fired for buying TP-Link either? Frankly, I was concerned over how you can even design and manufacture a 300Mbps N access point for £35 and a 24 port rack mount gigabit switch for £200 let alone sell it and turn profit, but the fact that TP-Link can and do so, and do it so well means I’m clearly paying for a badge that my home network doesn’t demand? It also means that my home network could stop suffering the two generations old only mantra that seems to flow currently. By no longer competing with  Cisco on feature and price, only being able to justify buying two or three generation old equipment, I can buy something bang up to date, giving me the gigabit I have for so long wanted and need.

Time will tell as I’m not going to be replacing everything overnight but I will be staggering all my upgrades throughout the 2013 calendar, but I’ve got strong optimism for the idea of the switch. The best part is that it will be largely free as the resale values on my old Cisco kit on eBay will cover 99% of the cost of the new kit. Who said there is no such thing as a free lunch?

Configuring Eye-Fi Manager as a Service for Windows Home Server

After configuring my Eye-Fi Manager appliction on the Windows Home Server, I quickly noticed a problem. The application is executed by the currently logged on user and not as a service. Because I am connected to the Windows Home Server via Remote Desktop I logoff the server once I’m finished and the application shuts down.

Solving the problem requires it to be running as a service. I looked at the forums for Eye-Fi and their website and there is a thread on the forum for exactly the same thing – Configuring Eye-Fi Manager as a service, however it doesn’t actually go into any details so I had to figure it out for myself.

The Service Command (sc.exe) application makes this real easy for me to do. The following command should as done the trick.

sc create EyeFiManager DisplayName= “Eye-Fi Manager” start= auto binPath= “C:Program FilesEye-FiEye-Fi Manager.exe”

Unfortunately when I tried to start the service, Process Explorer showed me the Eye-Fi Manager.exe application as running however after a few seconds it terminated and the Services MMC console gave the error that the application didn’t respond in a timely fashion, so the application is obviously not designed to be a service, I therefore needed a middle man.

Microsoft produced a utility for NT4 called srvany.exe which still works in Windows versions today. The premise is very simple. srvany.exe is the service executable and you provide your executable as a parameter for srvany. The result is that srvany handles the service and responds to Windows as required.

I’ve put a copy of the executable srvany.exe on my Windows Live SkyDrive for you to download for your own uses. In my example, I placed the executable in the System32 directory so that I can call it without declaring the path to the application and without having to add custom strings to the Path environment variable.

To this end, the command becomes the following:

sc create EyeFiManager DisplayName= “Eye-Fi Manager”  start= auto binPath= “C:WINDOWSSystem32srvany.exe” 

Once this is done, you need to instruct srvany the name of the executable you want it to handle. This is done easily using the reg command line tool as follows:

reg add HKLMSYSTEMCurrentControlSetServicesEyeFiManagerParameters /v Application /t REG_SZ /d "C:Program FilesEye-FiEye-Fi Manager.exe"

Starting the EyeFiManager service I created that launches srvany.exe will now start the Eyei-Fi Manager.exe application and it will run as required, with the exception that none of the user interaction such as thumbnail previews of the uploading pictures can be seen as it’s a background service.

I proceeded to test it and unfortunately I noticed a problem. Although the application was running it wasn’t processing any uploads. I immeadiatly assumed the problem was the permissions relat

reg add HKLMSYSTEMCurrentControlSetServicesEyeFiManagerParameters /v Application /t REG_SZ /d "C:Program FilesEye-FiEye-Fi Manager.exe"

ing to the default account used by servcies which is the System account. I decided to change thhe service to use the NetworkService account as this would allow it access to the network.

The following reg command performs this for me:

reg add HKLMSYSTEMCurrentControlSetServicesEyeFiManager /v ObjectName /t REG_SZ /d "NT AUTHORITYNetworkService"

After restarting the service, I still couldn’t upload the photos. I assumed it was NTFS permissions now, so I added the NetworkService account to the RW_7 group on the Home Server, which is the group created by Windows Home Server for permitting Read and Write access to the Public folder*.

* The reason I upload to the Public folder is that I like to rename, tag and adjust all my pictures before allowing them into the Photos shared folder.

Unfortunately this still didn’t solve the problem. Using Process Explorer and comparing the results (specifically the TCP/IP Stack) of the Eye-Fi Manager.exe process when it was running as a local user and the NetworkService account showed that the NetworkService service version didn’t open up the required TCP Listening ports.

At this point, I created a service account called svcEyeFi and used that account to launch the service, however this has the same results as the NetworkService account even after adding the account to the Local Administrators group.

I have now resorted to the the idea and am running the account using the Local Administrator account which is the account you use to login to the Windows Home Server Console for management purposes. It’s not ideal for security and principal of least privilege, however it works so that’s a plus I guess.

I decided that I wanted my service to look a bit less like a virus or trojan service and more genuine, so I deleted the service using the sc delete EyeFiManager command and then re-created the service using these commands as follows:

sc create EyeFiManager DisplayName= "Eye-Fi Manager" type= own start= auto depend= Netman binPath= "C:WINDOWSSystem32srvany.exe" obj= .Administrator cEyeFi password= [password]

reg add HKLMSYSTEMCurrentControlSetServicesEyeFiManagerParameters /v Application /t REG_SZ /d "C:Program FilesEye-FiEye-Fi Manager.exe"

reg add HKLMSYSTEMCurrentControlSetServicesEyeFiManager /v Description /t REG_SZ /d "Starts the Eye-Fi Manager application as at automatic system service allowing it to run without a user logged in."

So what does all of this do exactly?

Well the first line creates the service, marks it as Automatic start-up type, sets it to start using the local Administrator account and lastly adds the Network Connections service as a dependency. The addition of the dependency means that this service cannot start until the network connection is up and available.

The second command adds the parameter to the srvany application to start Eye-Fi Manager.

The last commands sets a description on the service so that anyone looking at the Services MMC will see what the service is doing.

For a bonus point, you can configure the recovery options so that if for any reason the service fails it will automatically restart the application.

If anyone trying to configure this runs into problems, email me and I’ll be sure to help you out.