Efficient / Speedstream / Siemens 5851 Survival Guide

If you're a DSL user - particularly with an ISP that supports multiple IP addresses - there's a good chance you have one of these routers.  It started out from Flowpoint as the 2200.  Then it became Speedstream, then Efficient Speedstream, and now Siemens owns the brand, or what's left of it.

I have an SDSL connection through Speakeasy, and that package came with a Speedstream 5851 DSL router, which new costs about $300.  It has been cooking pretty much non-stop for four years, but a few weeks ago it began its death rattle.  Over the course of a week there were progressively worse slowdowns and increasingly unpredictable behavior until in the end, it wouldn't even power up.  Speakeasy mailed me a dusty, paint-splotched loaner and said I could keep it for $99 if I wished.  Instead, I sought cheap replacements via eBay.

Speakeasy assured me that any DSL router that supported ATM would be OK, but since they provide Speedstream and Netopia equipment, it would be best to stick with one of those since their techs know the platforms.  And since I already invested a great deal of time in learning the ins and outs of the Speedstream's command line and various features, I decided to stick with what I had.

As I had found out a couple of years ago when seeking firmware or "kernel" upgrades, there are actually a wide variety of 5851 DSL routers, distinguished by a three digit code following the model number.  The differences involve DSLAM compatibility, memory capacity, processor type, etc.  I looked on the bottom of the dead equipment and the loaner and found that the routers provided by Speakeasy were the -001 variety.

While searching eBay for routers, very few sellers knew enough to specify the entire model number.  Even fewer thought to mention anything about what version of firmware was installed.  I had to email many sellers to find out whatever details I could.  I was tempted to stick with the -001, but as I dug around for information about the various models I got lured into getting an -055 instead.  At the very least this model is newer and has more memory.  More on this later.

I bought not one but two replacements through eBay, the first for $25 since I was in a hurry to get the loaner back to Speakeasy, then the second for just $5!  Next time I have problems with the equipment I can do an immediate swap and not have to worry.  The easy part was over.

A big problem with these second-hand routers is that the ISPs (Speakeasy included, by the way) configure them for the customers and won't tell you or anyone else the password, ever.  The result is that most of the sellers have absolutely no idea what the password is.  Four years ago I ran into this.  I scoured the Internet to find a document that describes how to reset the password on a 5800 -series router without destroying the configuration, and now I won't tell them what it is.  It's easy to do...  you find the recessed reset button between the console port and the LAN ports, press it for three seconds with the router already powered up, the "test" light turns amber, and at that point you can use the numeric part of the serial number as the password.  Or at least that's how it worked on my old router...

First I had to gain access to the router.  Not recalling the handy fact that the password reset trick also avoids addressing guesswork by temporarily enabling a DHCP scope, I chose the serial cable method.  First I tried my trusty blue Cisco cable, which works on pretty much everything else including my UPS, my KVM switch, a Sun workstation, etc.  It seemed to work, but nothing I typed made it into the router.  Apparently the documentation wasn't kidding when they warned that only the supplied adapter would work.  Make sure to use the adapter with a standard Ethernet cable, not a crossover type cable.  And since not all the eBay bargains come with all the bits and pieces, make sure yours comes with that adapter.

My old router from Speakeasy originally came with a 4.x version kernel, and I had upgraded it to 5.3.8 a year or two ago.  The newer routers came with newer kernels.  A major version number newer - 6.0.x on one and 6.1.x on the other.  So new in fact, that Siemens' knowledgebase at http://kb.efficient.com made no mention of them, nor even hinted at the mere existence of anything beyond 5.3.8.  The new kernels now maintain usernames and passwords instead of just a password, and a document pertaining to one of the newer routers said to use "login" as the name and "admin" (or the serial number if you twiddle the reset button) as the password.  None of this worked.  And there's no way to reset the unit to factory defaults except by gaining access via TELNET or the serial console cable, both of which demand the username and password.  I was stuck.

Every now and then an eBay bargain turns out to be less of a bargain than you count on, and I was beginning to think this was one of those times.  Determined more than ever now and unwilling to concede defeat, I scoured the Internet for as much information as I could find on these routers.  Finally I discovered that the version 6 firmware now used "superuser" instead of "login" as the user name.  Success!

Now that I had access to the router, a "reboot factory" command put the configurations back to factory defaults (and changed the password from the serial number to "admin") and gave me a clean slate with which to work.

And now begins the intrigue...

The first new router identified itself with:
Efficient 5851 SDSL [ATM] Router (5851-658 / 5851-035 HW)
Efficient-5000 BOOT/POST V7.7.13 (25-Oct-02 15:51)
Software version v6.0.130-6 built Tue Apr 22 10:47:38 CDT 2003

The second new router identifies itself with:
Efficient 5851 SDSL [ATM] Router (5851-658 / 5851-035 HW)
Efficient-5000 BOOT/POST V7.7.14 (29-May-03 13:50)
Software version v6.1.050-3 built Wed Mar 17 10:18:00 CST 2004

Compare them to my old, dead router (and the loaner):
Efficient 5851 SDSL [ATM] Router (5851-001)
Efficient-5000 BOOT/POST V6.0.0 (18-Aug-00 16:15)
Software version v5.3.80 built Fri Mar 8 21:15:01 EST 2002

The choice of buying the -055 hardware turned out to be a good one for me, since as you can see under the sheets it's a -035 (aka -658) and according to the SpeedStream data sheet the -035 hardware is the "RapidSecure" version (which features VPN encryption in hardware) of the -001 and favors the same DSLAMs.  Other versions may have worked fine too, but if there are problems it's nice to be able to wag my finger at COVAD holding up the data sheet that says their DSLAM is specifically supported.

So why no mention of the 6.x versions on the Efficient support site?  I'm not really able to completely answer that yet.  It's strange that only ISPs seem to have the blessing of obtaining firmware that isn't several years old, even though these routers are still being actively peddled.  Siemens goes further to frustrate even mere investigation, since now that they own Efficient Networks they charge even for the most rudimentary support.  Luckily, if you search hard enough like I did on the Internet, you can find places like SNAKE, from which you can download recent firmware versions and their supporting documentation.  Oddly, a shadow of the same site is running here in a different country, on an ADSL line in the Netherlands.  Some things remain a mystery, like the details behind "Flashmaster".  And I still haven't found updated boot loader code either, which is probably in the Flashmaster files but it's difficult to tell.

And what's the big deal about getting the later versions, anyway?

Well for thing, the 6.x versions unlock all the features which required expensive activation keys before, such as those required to support VPN.  The 6.x versions also feature greatly improved support for VOIP and QOS, sport a SPI firewall in addition to the packet filter rules, allow the definition of multiple users for router administration and multiple [external] security authentication mechanisms for router access, employ a greatly enhanced web interface and more.

The release notes for 6.0.130-6 mention routing and RIP improvements, NAT improvements, etc.  The notes for 6.1.050-3 boast of many fixes and of a long list of improvements to VOIP -related features like SIP and traffic shaping, and practical little improvements like responding to NetBIOS name queries.  6.3.001 adds BRE mode, enhances SNMP manageability vastly, adds all kinds of debugging and tracing information and commands, and of course as always, provides fixes for various issues.

The gotcha's aren't over mind you.  Configuration Manager (latest is 3.9.6) still has not been updated in a few years, and that means it's becoming less of a configuration tool and more of an informational tool and a mechanism for performing things like firmware backups, restorations and upgrades.  This is also the time when you come to the understanding that CM talks to the router over SNMP, because the password you set on the superuser account, whether via TELNET or the GUI, does not work in CM.  Changing the superuser account password does not change the SNMP administration password, or vice-versa.

If you are counting on being able to use CM to transfer your router's configuration from a 5.x kernel to a 6.x kernel, you may be disappointed.  It did not work for me.  And you will not be able to copy an entire configuration (kernel and all) from a -001 router to a -035 model because of memory capacity and other hardware differences.  Don't even try.  Most people should be able to use the web-based GUI on the routers to record and replace their settings, but more advanced configuration steps may require reliance on the CLI (command line interface).  I recommend using the "system support" command to display all the settings via the CLI, and using the Technical Support Data option in CM's Port Monitor application.

Once you have a 6.x version of the firmware up and running on your routers, the easiest way to copy configurations is through the use of the "system configlist all" command, which outputs a series of CLI commands that would be required to reach the current configuration.  Capture the output from the command, edit it if necessary, and run it on another router.  This command does not exist at all on versions earlier than 6.x.  In its later versions it does a better job of capturing some of the unusual settings, i.e. NTP servers.