You are on page 1of 23

Wireless Router (WiFi) Buying Guide

ARTICLE DATE: 09.10.09

By Mario Morejon

Almost every broadband router destined for the home market these days has Wi-Fi capability.
In fact, it's been ages since we reviewed a router that didn't include radios for wireless
networking. That means you've got a ton of choices when it comes to selecting the right router Buzz up!
for your home or small business. It can be confusing, even to seasoned professionals. on Yahoo!

One way not to choose is to go by the makers' advertised speeds, which seldom have much to do with reality.
Some vendors go as far as using the "300" megabits-per-second speed in the names of routers that can't
achieve anywhere near that throughput in the real world. Your best bet is to avoid any pitch that tells you
about the speed of the router. Instead, you should look at many features that you might need and that might
be buried deep down in the feature chart. Fortunately, the market is flooded with Wi-Fi routers, so finding a
good one could be simpler than you might think, if you know what you're looking for. I've put together a list of
the ten key points you should consider when choosing a Wi-Fi router:

Is 802.11n (N) really that much better than 802.11g (G)?

Yup. Believe it or not, the 802.11g Wi-Fi router, which uses a technology that has been around for seven
years, is still popular. (802.11 is the IEEE's technical name for wireless networks; the brand name used for
products is Wi-Fi which encompasses many different types of 802.11 technology.) Small businesses buy G
routers because they are cheaper and perform adequately. Some 802.11g routers include specialized
functions that are essential in business, such as powerful policy-based firewalls and threat-management
features. In the home, however, speed is far more important, and there the 802.11n Wi-Fi router is king. Some
N routers, such as the TrendNet Gigabit, can deliver upwards of 200 Mbps, and can theoretically reach 300
Mbps. 802.11n routers often deliver as much as five times as much throughput as G routers in real-world

802.11n, by the way, was only recently ratified by the propeller-heads of the IEEE. So look on the box for the
seal of certification from the Wi-Fi Alliance. Soon, instead of "draft-N" Certified it should indicate full 802.11n
Certified for the faster products.

Are dual-band routers better than single-band routers?

802.11n routers come in two flavors—single-band and dual-band. Single-band routers use the 2.4-GHz band,
the same frequency used by G routers. Dual-band N routers support 2.4-GHz and 5-GHz bands. Even at 2.4
GHz, 802.11n routers are faster than G routers because they make better use of the frequency range in the
band, and they're better at bouncing signals off surrounding surfaces such as furniture and walls. Average
throughput for single-band N routers is usually five times as fast as G routers. And switching a dual-band N
router from 2.4 GHz to 5 GHz is like trading a Toyota for a Maserati. Some routers can achieve as much as
100 Mbps more by switching up. The answer is, therefore, an overwhelming yes: Dual-band band routers,
though generally more expensive, outperform single-band (2.4-GHz) routers.

What about a simultaneous dual-band router?

Routers with this feature, such as the D-Link DIR-825 Xtreme N Dual Band Gigabit Router and the Apple
AirPort Extreme Base Station 802.11n, transmit the N signals simultaneously in 2.4 GHz and 5 GHz. By using
both frequencies, the routers achieve longer range and better signal strength, and, as you might expect, they
don't require manual switching between bands. It's like having two concurrent wireless networks, but that's
only useful if you have clients that use 5GHz, which are few are far between unless you purchase after-market
802.11a/n cards that use it.

Simultaneous dual-band routers are also more efficient in their throughput. Some, such as the D-Link DIR-
825, can even manage the bands without any input from users. Simultaneous dual-band can help stabilize the
overall throughput on your network. These routers are generally more expensive than regular dual-band
routers, but are worth the extra few bucks if you've got the cash to spend.

Do I need two, three, or four antennas, or hidden ones?

Because the speed in N routers depends heavily on signal bouncing and multiple transmitters and receiver
antennas, the ideal antenna configuration is 4-by-4. This means the router has four antennas, each of which
has a transmitter and a receiver. Generally, however, most high-end N routers come with a 3-by-2 or 3-by-3
antenna configuration. While antennas come in all shapes and sizes, most are visible, tubular antennas.
Vendors like Apple, Netgear, and Linksys by Cisco have redesigned antennas so they are hidden from view,
as in the Apple Xtreme, the Netgear RangeMax Wireless-N Gigabit Router WNR3500, and the Linksys by
Cisco Dual Band Wireless-N Gigabit Router WRT320N routers. During testing, I haven't found any noteworthy
performance advantages of one antenna design over another. The crucial point to consider is the number of
transmitters and receivers built into the router. More is better.

Should I get a portable router?

If you want or need to take your Wi-Fi on the road, a new breed of router making its mark is the portable. It
can travel with you because it uses a 3G signal from a cellular carrier for backhaul, AKA the connection back
to the Internet. This means it won't be as fast as hooking it up to your cable modem, but what you lose in
throughput you gain in movement. Because they're not as fast, most of them only support 802.11g instead of
the faster 802.11n, which also keeps the cost down. However, keep in mind that while the Wi-Fi side is free,
you have to pay a carrier for the 3G, which in the United States typically means an extra $60 (give or take) per
month. You may also be tied to one specific provider. However, devices like the MiFi routers from <
ZIFFARTICLE id="242350">Sprint and Verizon, which fits in a shirt pocket and runs on a battery rather than
off AC, making it even more portable than the competition.

What is guest access?

Guest access is one of the most useful, and most underrated, features of a wireless router. Routers with guest
access, such as the Belkin N+ Wireless Router (F5D8235-4), can separate one Wi-Fi network into two. This
allows friends to use your broadband access without knowing the password for your main network, so they
can't get to your files. You can achieve a similar configuration with routers that support virtual LANs (VLANs),
but the steps in setting up multiple VLANs are more difficult. I highly recommend this feature.

Tightening access to your router with MAC access control

If you are still not convinced that your wireless network is secure after encrypting your Wi-Fi router with Wi-Fi
Protected Access 2 (WPA2) —and you better be using WPA2—don't worry because this step ensures that
only your computers can access your Wi-Fi network. MAC filtering allows or prevents computers with certain
MAC addresses to access your network. Like a fingerprint, no two network adapters can have the same MAC
address, so snooping neighbors are out of luck when you enable that MAC filter. Your router will only accept
handshakes (geek speak) from your computers and other Wi-Fi network devices, filtering everything else.
Conversely, you can deny access to specific devices by enabling the deny option instead. MAC addresses
can be spoofed, so this isn't foolproof, but neither are doors; MAC filters coupled with encryption is like
installing dual deadbolts.

What about Wi-Fi Protected Setup (WPS)?

Wi-Fi Protected Setup is a standard for securing your laptop with a Wi-Fi router. The technology simplifies the
encryption process that users otherwise have to go through to secure a Wi-Fi network. Is the technology
simpler to use than the schemes that preceded it? That depends on the laptop and operating system you use.
Vista's Windows Connect Now (WCN), for instance, is compliant with WPS. When WPS does work, it's a
simple process for setting up WPA2 without thinking about it. Getting the configuration to work on laptops that
don't support it (in both software and hardware), however, is quite an ordeal. Should you then look for this
feature in a router? No. WPS isn't essential, and, all too often, some part of your setup won't be compatible.
Still, many newer routers offer it, and, when it does work, it's worthwhile.

How many wired ports do I want?

The more the merrier. While most Wi-Fi N routers come with a standard five-port block, you'll be surprise how
many don't—the Apple AirPort Xtreme and Apple Time Capsule, for example, have only four ports apiece.
Adding a NAS device, an Xbox 360, a VoIP phone, and a PC will max out a five-port router (the last port
connecting to your DLS or cable modem). If your router has only three free LAN ports, you'll have to buy an
extra Ethernet switch to accommodate extra network devices.

Turning your router into a gaming powerhouse

No one wants their Internet games to interfere with YouTube videos, Skype calls and Web surfing, or vice
versa. The answer lies in the QoS (quality of service) feature in your router. A router with QoS can separate
network packets and prioritize your network traffic, allowing your most important applications (i.e. games) to
get the largest bandwidth chunk. Luckily, games don't take up a lot of bandwidth, but they can slow your
network down when you are sharing the connection with the family.

Is a router with a strong firewall important?

Luckily, most routers include a firewall, and many use the SPI (stateful packet inspection) firewall, which is
better than the older NAT firewall alone. A few routers, such as the SMC Barricade N Wireless Broadband
Router (SMCWBR14S-N2), provide a range of manual settings on a firewall. Are these routers better? Not
really. Typically, manual firewall settings are designed for specific usage needs and not for enhancing the
overall capability of a firewall. As long as a Wi-Fi router has a SPI firewall, that's enough for most us.

Can home routers meet the needs of small businesses?

For the most part, yes. However, sometimes businesses need extra security or technologies that are not
available in some home routers. There are a few home routers, such as the SMC Barricade N Wireless
Router and the ASUS RT-N11 EZ Wireless N Router, with advanced features, such as 802.1X authentication,
routing, and VLANs that make them particularly attractive to small businesses.

What's the best way to access your router remotely?

Routers like the Netgear WNR3500, which support dynamic DNS—as in the or
services—are the best to buy if you want to access your network remotely. With dynamic DNS, you can gain
access by using a domain name like instead of using the IP address provided to you by
your ISP. Since ISPs rotate IP addresses, the easiest way to find your network on the Web is by activating a
dynamic DNS account in your router.

—Next: Routers In This Guide >

Single-Band Routers

ASUS RT-N11 EZ Wireless N Router

Although the ASUS RT-N11 EZ Wireless N Router has an impressive array of business features, it falls short
on performance.

Belkin N+ Wireless Router (F5D8235-4)

If you want to add extra storage to your network (or may want to in the future), this router is worth considering.
But you can find better performers for not a lot more money.

Netgear RangeMax Wireless-N Gigabit Router WNR3500

With its repeater functionality, this device might be handy as a second router or a repeater in a large office,
but mediocre throughput makes it hard to recommend the Netgear WNR3500 enthusiastically for home or
business use.

SMC Barricade N Wireless Broadband Router (SMCWBR14S-N2)

The SMC Barricade N Wireless Broadband Router (SMCWBR14S-N2) is far too complex for average
consumers, and many of the simple networking features are chaotically arranged in the interface.

Trendnet 300Mbps Wireless N Gigabit Router

This is a decent router, with a good software package. But before you can get to the software, you've got to
get past a frustrating installation wizard. While it does N only in the 2.4-GHz band, performance is adequate,
and it's available at a good price, considering all the features it offers.

Dual-Band Routers

Apple AirPort Extreme Base Station 802.11n

This is a solid wireless router for all-Mac and mixed Windows/Mac networks. But if you run all Windows (or
any flavor of Linux), you can get better features for less money.

Apple Time Capsule 1TB (A1302)

The Apple Time Capsule 1TB, an unusual combination of a Wi-Fi router and NAS device, gives all-Mac and
mixed Windows/Mac networks an effective wireless storage solution.

D-Link DIR-825 Xtreme N Dual Band Gigabit Router

The D-Link DIR-825 Xtreme N Dual Band Gigabit Router provides some remarkable capabilities and overall
good performance at a very reasonable price.

D-Link RangeBooster N Dual Band Router (DIR-628)

D-link's RangeBooster N Dual Band Router has state-of-the-art features and delivers impressive throughput,
all for as little as $75.

Linksys by Cisco Dual Band Wireless-N Gigabit Router WRT320N

This is one of the easiest routers to install and manage. A good choice for novice users, professionals, and
businesses that have to give remote workers secure access.

Business-Class Routers

Ruckus Wireless ZoneDirector 1000 and ZoneFlex 7942

The Ruckus Wireless ZoneDirector 1000, combined with ZoneFlex 7942 access points, offers enterprise-level
mesh network technology at a price that small businesses can afford.

ZyXEL ZyWall 2WG

For its price, the ZyWall is as robust as security gateways come. The appliance provides a good combination
of firewall, routing, VPN, and content-filtering capabilities.

Portable Routers

Netgear 3G Wireless Router (MBR624GU)

The Netgear MBR624GU router is one of the simplest 3G routers to get going; yet it can slice up a 3G
network and provide an almost limitless number of Internet connections.

Linksys Wireless-G Router for Mobile Broadband (WRT54G3GV2-ST)

The Linksys Wireless-G 3G router works with Sprint (EV-DO) and Verizon Wireless. This is a big 3G router so
it's not convenient for traveling but it packs the best Linksys has to offer in router security and networking.

LevelOne 54M MobilSpot Portable Wireless Hotspot (3G/3.5G)

The LevelOne 3G router is compatible with European, Australian and Asian 3G modem vendors and supports
six models in the US. The LevelOne router packs many advanced features, including QoS (quality of service),
SNMP service, and remote management.

Sprint MiFi 2200 Hotspot

The Sprint MiFi 2200 hotspot is small but quite capable of handling up to five Wi-Fi connected computers at a
distance of about 40 feet. Some advanced features include VPN pass-through, port filtering, DHCP server and

Verizon MiFi 2200 Intelligent Mobile Hotspot

Like the Sprint MiFi, the Verizon MiFi 2200 Hotspot is small enough to fit in your shirt packet, and capable of
connecting up to five computers with its 802.11b/g Wi-Fi radio. The Verizon Hotspot can be accessed through
three client interfaces. The Verizon MiFi supports port blocking and MAC filtering.

ASUS RT-N11 EZ Wireless N Router

REVIEW DATE: 05.20.09

Although the ASUS RT-N11 EZ Wireless N Router has an impressive array of business features, it falls short on

Plenty of biz features—SNMP, VLAN, VPN, Radius, virtual DMZ, and multiple SSIDs. Decent performance. Runs cool.
Attractive design. Affordable.

Awkward setup. Limited documentation. No Gigabit Ethernet ports.

AsusTek Computer Inc.

Price: $65.00 List
Device Type: Router
Parental Controls: Yes
Setup: Web
WPA Security: Yes
Networking Options: 802.11n


By Mario Morejon

The ASUS RT-N11 EZ Wireless N Router may be plain on the outside, but it's filled with surprises, many of
which are useful in small businesses. The device supports multiple SSIDs, VLANs, and a number of
authentication methods, including SNMP. The price—$68 street—is quite reasonable, too, though the router's
performance is only average, because ASUS capped its throughput by not building in Gigabit Ethernet ports.
Even so, I like this 2.4-GHz router, and I think small-business professionals will like it, too. Home users with
less experience using Wi-Fi routers are going to have a tougher time navigating the RT-N11's features,
however—though not as much as with the SMC Barricade N Wireless Broadband Router (SMCWBR14S-N2),
another consumer router with SMB aspirations.

ASUS clearly took some cues from Macintosh designers, as the attractive RT-N11 has that classic white
porcelain-like Apple look. A clear band around the edge accentuates the design nicely. The router sports
some modern features, such as the red button in the back for Wi-Fi–protected setup (WPS) and clearly
marked green status LEDs, including one in front that indicates 2.4-GHz operation. The well-ventilated box
runs cool—much more so than the SMC Barricade N. This is important, as excess heat can degrade the
electronics over time.


The installation utility (which comes on an included CD) seems amateurish, especially when compared with
those included with the Belkin N+ F5D8235-4 and the Netgear WNR3500. On some steps it was hard to tell
what it was doing. For example, when I deselected the check box for WPA encryption, the software still
provided a network key with the SSID. I wasn't sure if the key was for WEP or something else. For all I could
tell, WPA might still have been active during this procedure.

After I selected the cable modem, the software asked me to provide a host name and MAC address. In
another place, the utility wanted static IP and DNS addresses. The requests reminded me of home-router
installations from years ago, making me think that ASUS hasn't updated the software in a long time. Modern
setup utilities, such as that in the D-Link RangeBooster N Dual Band Router (DIR-628), take care of most of
this for you.

In general, I'm not impressed with this setup tool. Using it when installing the router on a cable network is a
waste of time—the steps involved don't require the wizard. And although the software is more relevant for
those installing the router on an ADSL line, the quick setup built into the router is just as useful. In fact, the
steps are almost identical. I recommend navigating to the router and using its procedure instead.

As with the installation utility, the router's management interface looks like a throwback—it's distractingly
colorful and uses HTML frames. Even so, it's better designed than that of the TP-Link TL-WR941ND and the
Belkin N+ F5D8235-4. The RT-N11 has a status page wherein it shows the DHCP WAN IP, unlike the Belkin
N+, and the feature sections are logically divided into folders, so they're easy to find and use. —next:


The RT-N11 provides some good firewall capabilities that match those of the Netgear WNR3500, and even of
the D-Link RangeBooster N Dual Band Router (DIR-628). However, the features are not well explained.
Novice users will find terms such as ICMP and port to WAN access too confusing. Even the basic
configuration uses a lot of networking terminology—and offers no explanations. As you mouse over options,
brief pop-up help messages do appear (and are often accidentally truncated), but they tend to be of little use.

Perhaps my favorite feature is the SNMP port, a dedicated network-management port that broadcasts the
status of network devices. It's extremely useful when you need to monitor traffic bandwidth across the router.
With ISPs starting to impose various limits on users, this feature couldn't be more important.

Network utilities such as Byteometer ( can communicate with the router and collect this
traffic information. The port is also helpful for remotely gathering network status information. This is a big
selling point for small businesses that are using managed services.

The router comes with other business-centric features such as RADIUS, VLAN and Multi-SSID support,
including bandwidth optimization of SSIDs. Assigning multiple SSIDs is a good way to separate portions of the
network without having to buy another wireless router. It's also useful when you want your kids on a different
network so you can manage their traffic without having to use quality of service (QoS) rules.

The RT-N11's IP-based QoS is separate from the SSID-based QoS. The use of multiple SSIDs to provide
QoS is not the usual way to segment traffic on home routers. But in this case it creates a more precise way to
choose the SSIDs' throughputs, because you can set a kilobits-per-second value for each. When you're
setting up multiple SSIDs and VLANs, network traffic is controlled at the IP and port addresses. This is where
the QoS feature comes into play. Not only can you divide traffic by SSID, you can also do so with the QoS
capability, which supports ten network ports (and you can add your own). ASUS has made the process simple
by giving only three choices for each IP. You can also configure the rules to take effect only at certain times.

The ability to change operation mode is another advanced feature that's unusual to see in a small router. The
RT-N11 supports gateway, router, and access point modes. I highly recommend leaving the router setting
alone because in router mode, you need a separate firewall to block incoming traffic.

As with the Belkin N+ router, you can turn the RT-N11 into a wireless bridge. The access point mode is the
bridge option. And although the router is not a full layer-3 switch, it still lets small businesses do network
segmentation and separate network traffic securely using VLANs. That's pretty impressive for a $68 router.
IT professionals will like seeing such powerful features and will have no trouble with them. The only problem is
that the controls for them appear in the top level of the interface. They shouldn't. Average users don't need
such advanced settings and will find them intimidating. If ASUS is going to put these up front, it needs to do a
better job of explaining them in the management interface. —next: Performance


This router is advertised to hit speeds as high as 300 megabits per second (Mbps), but real-world testing says
otherwise. To benchmark the RT-N11, I ran Ixia's IxChariot, a demanding test suite that can show the true
colors of a router. I loaded the suite on a Windows XP SP3 machine. For the client, I used an HP laptop
running Microsoft Windows Vista Premium.

I performed the Wi-Fi tests only in N mode and found throughput to be 78 Mbps at 3 feet. That was better than
the 68 Mbps of the Belkin N+, but it didn't beat the 93 Mbps of the TP-Link TL-WR941ND. The Trendnet
300Mbps Wireless N Gigabit Router (TEW-633GR) scored 125 Mbps at close range. This result indicated that
the ASUS is an average performer, and further tests bore this out. At 20 feet, for instance, the RT-N11
managed 59 Mbps. At this distance, the Belkin scored more than 10 Mbps less, averaging 47 Mbps. The TP-
Link router produced a comfortable 70 Mbps at 20 feet. After moving the ASUS back 50 feet, I managed to get
a steady 36 Mbps. At 50 feet, the Belkin nearly matched the ASUS, scoring 30 Mbps. The TP-Link performed
better, scoring 64 Mbps at 50 feet.

ASUS shortchanged itself by offering the RT-N11 with 100Base-T ports instead of Gigabit Ethernet. Still, the
router offers decent performance, as well as many attractive features for small businesses, especially the
availability of SNMP, VLANs, and multiple SSIDs. If you need the extra performance, I recommend looking
into the TP-Link TL-WR941ND, or our Editor's Choice, the D-Link 825 Xtreme N Dual Band Gigabit router. But
those looking for a little more business-class functionality than your average home router offers will find it in
the ASUS RT-N11 EZ Wireless N Router.

More Router Reviews:

Belkin N+ Wireless Router (F5D8235-4)

REVIEW DATE: 03.16.09

If you want, or may want in the future, to add extra storage to your network, this router is worth considering. But you
can find better performers for not a lot more money.

Makes adding network storage easy. Well-designed case. Easy setup.

Below-average performance. Confusing interface. Some extra features are poorly implemented.

Belkin Corporation

Price: $119.99 Direct
Device Type: Router
Parental Controls: Yes
WPA Security: Yes
Networking Options: 802.11n


By Mario Morejon

Beauty is in the eye of the beholder. And to this beholder, the $119.99 (direct) Belkin N+ Wireless Router
(F5D8235-4) is a beauty, with its upright design and bright blue status LEDs. Is the device more than a pretty
case, though? Yes and no, but mostly no. One big plus is the ability to use it not just as a 2.4-GHz router but
also as a bridge to extend the range of your wireless network. And USB 2.0 port makes it simple to add a USB
2.0 storage device—a useful feature not offered by many routers in this price range. But the router's interface
is mediocre, and it just can't deliver when it comes to performance.

Belkin paid attention to design with the N+ router. Like the Netgear RangeMax Wireless-N Gigabit Router
WNR3500, Belkin's router locks into an included stand that keeps it solidly upright. A number of rival
products—some Linksys N routers, for instance—tip over easily because of their poorly designed stands. This
is an important point, since your throughput is bound to take a hit if the router falls behind your desk. The N+
also includes a thoughtful touch that helps with initial setup: Affixed to the router is a large white sticker printed
with simple, three-step instructions that walk users through starting the router and plugging in the cables.

In addition to the router's WAN (wide-area network) port, which lets you connect to the Internet through a
cable or DSL modem, you'll find four Gigabit Ethernet connectors and a USB 2.0 port for connecting an
external storage device. Handy front-panel lights are molded into shapes indicating what they represent. The
LAN-connection shape let you see the router's status from 20 feet away. The front panel even sports
speedometer lights, so that you can gauge the traffic going across the router at a glance. Like most similar
routers, the N+ has omnidirectional antennas in a 2-by-2 MIMO setup, which means it has two receivers and
two transmitters. The antennas are adjustable, so you can position them for the best wireless performance.


The included quick-installation software does a thorough setup job and has a friendly, effective question-and-
answer troubleshooting procedure. For security setup, however, you'll need to go to Security Assistant, a
separate utility (on the installation CD) that displays and lets you select your WPA2 or WEP encryption
settings. Choose WPA2—it's more secure. The security wizard suggests that you either print out the WPA2
key and install it manually on your computers or save it to a USB flash drive and transfer it with that. I wish
this security app were integrated with the installation software, but on the whole, the router does a better job
than many others when it comes to instructing users on how to manually set up security.

But you may not have to do it manually—that is, if all your Wi-Fi–enabled network devices have a WPS (Wi-Fi
Protected Setup) button like the one on the N+ router and the included wireless adapter. You just press the
button on the device and the router simultaneously, repeating the process for each WPS-equipped item. WPS
doesn't provide a new type of security; it just simplifies the setup by automating formerly manual processes.
The technology assigns both the code that lets the network devices recognize one another (the SSID) and the
WPA encryption key. A blue LED above the router's WPS button comes on when you enable wireless
encryption. For WPS devices without a button, you have to enter a PIN code manually.

The management interface has an unusual layout that I found confusing and irritating. Information and
settings for related capabilities, such as guest access and the domain name system (DNS), are displayed on
separate pages, each of which has its own tab. While that may make the interface look more feature-packed,
it means that you have to hunt for related settings instead of seeing them all in the same place.—Next:


In addition to the setup software, Belkin provides a storage manager that works like a charm. I tried it with a
Seagate FreeAgent Pro 750GB and, after that, a 500GB Western Digital My Book Pro plugged into the
router's USB 2.0 port. The utility worked well and mapped both units as local drives. The combination of the
utility and the port provides a tremendously useful feature you won't find on many routers at this price.

Besides WPA, WPA2, and WEP (64-bit and 128-bit) security, the router also supports guest access, as does
the Netgear WNR3500. This is a popular feature with hotels, coffee shops, restaurants, and other places that
allow strangers on their networks but need to restrict what they can do. When the capability is enabled, users
land on a page that asks for a key. Unfortunately, the router allows only one pass at a time, has no guest-pass
management, and doesn't offer time-sensitive passes. An administrator would have to actively manage
encryption keys. In the real world, Belkin's take on this feature is impractical. The WNR3500 does a much
better job at guest-pass management.

The Belkin N+ router lets you block or allow wireless clients that have particular MAC (hardware) addresses
and apply Internet-access policies to clients you allow. The access-control features also provide a simple way
to manage your kids' computer use. You can set schedules, block URLs, and prevent children from reaching
sites that contain certain words. But the interface gives you only five lines for entering restricted words, which
makes this a pretty useless feature. On the other hand, few users rely on their routers for parental control
anyhow, so I won't penalize the router much for that.

You can also put the router into access-point mode, which makes it behave like a network bridge. A bridge
extends a network connection by relaying a signal between two distant routers to reach areas where you
normally get weak Wi-Fi signals. All security features work in access-point mode. In my testing, setting up the
N+ router as an access point was a snap. Once I checked the access-point option in the interface, the Belkin
router immediately started passing the IPs from the DHCP server from the other router I used in the test (a
TP-Link TL-WR941ND).—Next: Performance


In theory, the router's GigE wired ports should let it outperform rivals with slower 10/100-megabit-per-second
ports. For example, the 10/100 LAN ports on both the ASUS RT-N11 EZ Wireless N Router and the TP-Link
TL-WR941ND limited their Wi-Fi performance. Yet despite its bigger pipes, the Belkin router's Wi-Fi
performance was below average.

I evaluated performance from the router to the client and the reverse with the standard IxChariot high-
throughput test. The IxChariot server ran under Windows XP SP3 on a 3.0-GHz Pentium 4 PC that was
connected to the router via GigE. The client PC that was connected wirelessly was a 1.83-GHz, Intel Core 2
Duo HP dv2000 laptop running Windows Vista SP1. At close range (3 feet), the measured throughput was
below average: 68 Mbps. Other routers with GigE LAN ports did better. The $125 Netgear RangeMax
WNR3500, for example, managed 71 Mbps, and the $150 Trendnet 300Mbps Wireless N Gigabit Router
(TEW-633GR) pushed data at 125 Mbps.

At 20 and 50 feet, the Belkin router's throughput was 47 Mbps and 30 Mbps, respectively. These aren't great
scores by any stretch of the imagination. At the longer distance, the Netgear WNR3500 router was on a par
with the Belkin. The Netgear scored 58 Mbps and 34 Mbps at 20 and 50 feet, respectively. While the Netgear
WNR3500 is not that much better a performer, it has a feature for extending wireless range. Even the ASUS
RT-N11, with its lowly 10/100 LAN ports, beat the Belkin hands down.

Bottom Line

The Belkin N+ Wireless Router (F5D8235-4) is attractive, and the ability to add external storage easily is
certainly a plus. It's a decent choice if you want a network with storage or need a router that can function as
an access point. But the router's features are prettymuch vanilla, and some of them (such as parental control
and guest access) need work. The interface is disorganized, and the wireless performance just isn't up to par.
I'd recommend spending about $30 more for the 2.4-GHz Netgear WNR3500.

More Router Reviews:

Netgear RangeMax Wireless-N Gigabit Router WNR3500

REVIEW DATE: 03.12.09

With its repeater functionality, this device might be handy as a second router or a repeater in a large office, but
mediocre throughput makes it hard to recommend the Netgear WNR3500 enthusiastically for home or business use.

Does wireless repeating. (Mostly) easy setup. Attractive.

Mediocre performance. Dated UI. Bulky.


Price: $149.00 Direct
Device Type: Router
Setup: Web
Networking Options: 802.11n


By Mario Morejon

Setup and management of the Netgear RangeMax Wireless-N Gigabit Router WNR3500 router ($119.99
direct) is easy enough for networking neophytes to handle. And advanced features, such as its wireless
repeating capability (which extends the reach of your Wi-Fi network) could make it attractive to experts looking
for a good deal for a small business. But while this 2.4-GHz router's features sound good, digging a little
deeper reveals unimpressive performance and an interface that needs work (especially where it concerns


The WNR3500 has a distinctive, black lacquered 8.9-inch-high case, and blue LEDs illuminating both sides of
the panel make the device reasonably attractive. On the clearly marked front panel, numbered, multicolor
LEDs indicate which ports are connected. Lights for Wi-Fi and WPS encryption are also nicely displayed. The
device is a bit large, though, for hardware meant to reside in a home.

The router has four Gigabit Ethernet ports, eight internal antennas, and two control buttons—one in front, the
other in back. The first turns on WPS encryption automatically, the second enables the (useless but attractive)
antenna lights. Because the WNR3500's antennas are embedded—that is, hidden in the case—there's no
way to adjust them, so finding a good location for the box is important. Leaning it on a wall or blocking its
sides will likely reduce performance.

Netgear hasn't modified its setup process for as long as I can remember, and I can understand why: It just
works. The smart wizard walks you through all the steps needed to get you started with a minimum of fuss. At
the end of the process, the wizard prompts you for a username and password. Forcing you to choose a
password is a good security practice—too many people leave the default. Unfortunately, first you have to find
the default password, which is in the setup manual on the CD. Netgear might want to rethink this unnecessary

The WNR3500 uses Netgear's familiar user interface, and the layout has remained largely unchanged since
the company entered the Wi-Fi router market. While the setup process hasn't needed to evolve, the interface
should have—it dates from a time when people were less concerned about wireless intrusions, so, for
example, you'll find no dedicated security section. Instead, protection features are scattered throughout the
UI. Wi-Fi security and filtering settings live in the workspace panel, but the access-control button sits in the
advanced wireless settings pane.—Next: Features


The router boasts an advanced feature that fairly savvy consumers will like—the ability to adjust (Quality of
Service) parameters. This lets you, for example, prioritize traffic so that your voice calls don't get stuttery
when your kids are playing Quake online. Turn the capability on and add a QoS rule, and you're set up to
manage network traffic. The rules are less comprehensive than those of the D-Link DIR-628 and DIR-825, but
that's fine. The feature is handy, and I doubt the average home user would need to dig much beyond what's
offered here.

The router's most distinctive feature, its wireless repeating capability, is unusual for a home Wi-Fi router (a
fact that's reflected in the unit's slightly elevated price). Using up to five routers that support the feature, you
can extend the reach of your wireless network. It gives the WNR3500 a big advantage over many home

Although you have to set up each unit manually, doing so takes just a few relatively easy steps. In a simple
dialog, you configure the router that's plugged into your Internet modem as a wireless base station and set the
others as wireless repeaters. Once you've done that, all wired and wireless devices on any of the routers
should be able to share your Internet connection, files, and printers.

There are some disadvantages. For one, you can use only WEP security (or none), not the much stronger
WPA2—so use a 128-bit encryption key. Also, if any of the repeaters connect to devices other than the base
station wirelessly, bandwidth will drop by half.—Next: Performance


The WNR3500 offers several different performance modes: 54 megabits per second for backward
compatibility; 145 Mbps, useful in signal-saturated environments; and 300 Mbps for maximum throughput.
Though these designations simplify selecting the right channel and bandwidth, they're highly misleading
because the router can't possibly achieve the indicated speeds. While 300 Mbps sounds impressive, and it is
the theoretical speed described by the 802.11n standard, a 2.4-GHz connection is unlikely to ever make even
the 100-Mbps mark under real-world conditions.

I put the WNR3500 through its paces with our IxChariot software, and it quickly became obvious that
throughput was fair at best. The router was attached to an HP laptop running Windows Vista and powered by
a 1.83-GHz Intel Core 2 Duo with 3-GB of RAM. The wireless card was a D-Link DWA-160. The custom
Windows XP SP3 PC I used for the IxChariot server had a 3-GHz Intel Core 2 Duo processor and 4-GB of
RAM. With the router at its 300-Mbps setting and at a distance of just 3 feet from the laptop, IxChariot
reported so-so throughput of just 66 Mbps. At 20 feet, the WNR3500 scored 55 Mbps. That's not a big drop,
but it's still a mediocre result. At 50 feet, the score dropped to 38 Mbps.

By contrast, the $60 2.4-GHz TP-Link TL-WR941ND managed 93 Mbps at 1 foot and 70 Mbps with a tougher,
4-pair test. At 20 feet, the Netgear scored slightly higher than the Belkin Wireless N+ (F5D8235-4) and the
SMC SMCWBR14S-N2, which clocked 47 Mbps and 53 Mbps, respectively. The Netgear's performance at 50
feet was no different from that of the other routers I tested that operated in the single N-band.

The Netgear RangeMax Wireless-N Gigabit Router WNR3500 sounds and looks impressive. It's attractive,
and its ability to extend the reach of your Wi-Fi will make networking enthusiasts sit up and take notice. But a
dated interface, mediocre performance, and a scattered approach to security really hurt its score. Advanced
niche features are well and good, but there's no substitute for getting the basics right.

More Wireless Router Reviews:

SMC Barricade N Wireless Broadband Router (SMCWBR14S-N2)

REVIEW DATE: 05.19.09

The SMC Barricade N Wireless Broadband Router (SMCWBR14S-N2) router is far too complex for average
consumers, and many of the simple networking features are chaotically arranged in the interface.

Many unusual manual settings rare in consumer routers. Inexpensive.
Knowledge of networking is needed to work with many settings. Poor interface. Weak help.

SMC Networks Inc

Price: $62.00 Street
Device Type: Router
Parental Controls: No
Setup: Web
Stateful Packet Inspection: Yes
WPA Security: Yes
Networking Options: 802.11n


By Mario Morejon

Given its street price of $60 or less, the SMC Barricade N Wireless Broadband Router (SMCWBR14S-N2) is
pretty tempting. Like the ASUS RT-11N EZ Wireless N Router, which is also a consumer router, this device
arrives with many features you'd expect to find in a small-business router, or even an enterprise router. SMC's
router, however trails the ASUS device because it requires too much networking expertise to get those
features—or even basic networking—up and running. The result is a router that is not particularly friendly to
consumers or business.

The router enclosure, a plain, gray box, has two MIMO antennas in back (one on each side) along with a four-
port block of 10/100 Ethernet ports, a WAN port, and a power jack. On the top, near the front, you'll find a Wi-
Fi Protected Setup button and three green status LEDs. Pretty typical for an N router—but the indicator lights
are too small to be seen easily at a distance. And because they're on top, they're of little use if you put the
device on a high shelf (which often produces the best coverage), or even at eye level on top of a desktop PC.
Also, compared with similar N routers, this one runs hot. Over time, that could degrade the electronics. The
ASUS runs much cooler.


When you start the installation process, you'll find that SMC seriously skimps on assistance here. An included
CD contains a PDF manual filled with technical specs but makes no mention of setup procedures. The quick-
install pamphlet tells you how to reach the router from a PC and provides the necessary password but little
else. The built-in setup wizard—accessible only after you log in to the management interface—is crude. For
instance, you have to select the types of WAN connections such as PPP over Ethernet, dynamic or static IP,
and PPTP, and all the wireless settings manually as you run through the steps. The average user doesn't
want to know what these things mean, let alone answer questions about them.

Worse, the help in the help files consists of brief descriptions that are often confusing. For example, the
description of the network address translation setting says that NAT allows you to access the Internet from
any computer in your home without having to buy more IP addresses. That's one of oddest explanations of
the capability I've seen, and one that's not particularly helpful.

The result is that setup is harder than I'd like to see, as it requires too much knowledge of networking. While
I'm all for people understanding networking, the fact is that the best routers are those that are a bit closer to
plug-and-play functionality. The ASUS RT-11N isn't a paragon of ease of use, but it's better than this SMC.—
Next: Features


As with the ASUS RT-11N, the SMCWBR14S-N2 router supports both MAC filtering and 802.1X RADIUS
authentication servers (a business-oriented capability). And while RADIUS authentication is an interesting
high-level feature, it and many of the router's other networking and security settings have little relevance to
home networks, so the layout of the Web UI seems more complex than it should for a home router. The more
complex features really ought to be relegated to an advanced menu setting.

Additionally, some of the features themselves are also disorganized. For instance, under the main Security
Settings page in the Wireless section you can choose WEP or WPA encryption, but when you navigate
deeper you find dedicated pages for both. I eventually figured out that on the main Security settings page you
activate the encryption you want, and on the dedicated pages you select additional wireless sub-options. But
this is a confusing arrangement that the documentation doesn't clarify. The Wi-Fi Protected Setup
configuration is also separated in this same confusing way. In the case of WPS, having separate pages for
configuring the personal ID and push-button features makes a little more sense, because they have different
The Network Address Translation (NAT) Settings page is even odder than Security Settings. Yes, you can use
NAT to do port forwarding (SMC calls it virtual server) or port triggering, but I couldn't make heads or tails of
why SMC placed the Address Mapping feature in a home router. Address Mapping provides global IP
addresses that you can use for grouping local IP addresses. In essence, Address Mapping is a NAT table, but
in this case, it is an additional NAT table in the SMC router that you can configure. The SMC router already
comes with its own NAT table, like all other routers on the market. This is a feature that you might find in a
business-class router, rather than a home router or even a home-office router.

SMC lets you tweak the router's firewall, which has more manual firewall settings than most of its competitors.
For example, the management interface dedicates a page to intrusion detection. There you'll find several
settings for connection policies, stateful packet inspection, types of intrusion detection, and prevention of
denial-of-service attacks. Unless you understand what these settings mean, I don't recommend changing the

You can also set some parameters of the routing features manually. For example, you can change routing
modes for the LAN and WAN connections. Here, too, I recommend against making changes.—Next:


To measure performance, I use Ixia's IxChariot to run a script that stresses both upstream and downstream
communication. The software runs on a Windows XP SP3 machine. I tested the Wi-Fi throughput with an HP
Pavilion dv2000 laptop running Vista. Since the router has just two antennas and LAN ports that run at 10/100
megabits per second (Mbps) rather than Gigabit Ethernet speeds, I didn't expect it to exceed 80 Mbps, and
that proved to be the case. With a separation of 3 feet between the router and wireless client, I measured 71
Mbps—less than the 78 Mbps of the RT-11N but slightly better than the 68 Mbps of the Belkin N+ (F5D8235-
4). The Netgear RangeMax Wireless-N Gigabit Router WNR3500 also scored 71 Mbps.

The performance champ is the Trendnet 300Mbps Wireless N Easy-N-Upgrader (TEW-633GR) in the single N
band category. The TrendNet router surpassed these other routers and scored 186 Mbps at close range—
which just goes to show you that even a 2.4-GHz-only router can excel, if it's got Gigabit Ethernet ports.

At 20 and 50 feet, the SMCWBR14S-N2 clocked in at 53 and 33 Mbps, respectively. The ASUS RT-11N fared
just slightly better, scoring 59 Mbps and 36 Mbps at 20 and 50 feet, respectively. Both results are solidly
average. The Trendnet blew them away by outputting 138 Mbps at 50 feet.

The SMCWBR14S-N2 isn't as complex to configure and manage as an enterprise wireless router would be,
but the layout is far too crude and the features too difficult for the average consumer to navigate. It's one of
the hardest-to-use modern routers I've come across. Even small businesses would need an IT person with
some knowledge of networking to help them with this router. If you're a serious networking expert, you might
be attracted by the price, which is quite reasonable for an N router, but otherwise I can't recommend it.

More Router Reviews:

Trendnet 300Mbps Wireless N Gigabit Router

REVIEW DATE: 06.06.08

This is a decent router, with a good software package. But before you can get to the software, you've got to get past
the frustrating installation wizard. While it does "n" only in the 2.4-GHz band, performance is adequate, and it's
available at a good price, considering all the features it offers.

Nice price. Full-featured router management. Attractive case.

2.4-GHz band operation only. Buggy installation wizard.


Price: $125.00 Street
Device Type: Router
Networking Options: 802.11n
Chipset: Broadcom
Antennas: Optional Range-extending: No
Setup: Web
WPA Security: Yes
Parental Controls: Yes
Stateful Packet Inspection: Yes

By Oliver Rist

Like SMC, Trendnet might not be the first name that comes to mind when you think wireless routers. You're
more likely to think of bigger names like D-Link or Netgear. But (again like SMC), the company is doing fine
and producing competitive wireless equipment at attractive prices. Though it follows the annoying industry-
wide trend of Really Long Router Names, the Trendnet 300Mbps Wireless N Gigabit Router (model TEW-
633GR) sells for only around $125 and has all the features you could want—except for one.

We might as well get this out of the way at the start. Though it incorporates Gigabit Ethernet (GigE) wired
ports, the TEW-633GR uses only the 2.4-GHz band for 802.11n traffic. This is fine for the wireless-g or
802.11b clients on your wireless network: They'll be able to connect. But because they're crowding the same
spectrum with your new "n" clients, the "n" clients will see a definite drop in performance. Also, if you've got a
lot of neighboring access points or wireless routers clogging up the 2.4-spectrum in your area, those will have
an adverse effect on throughput as well. So here's my most serious ding against the TEW-633GR: If you're
going to go to the trouble of upgrading the wired ports to GigE speeds, why wouldn't you tack on a 5-GHz-
capable radio so that "n" can perform at its optimal throughput? It just doesn't make sense to skip this step.
For four good routers that didn't skip it, see my roundup of dual-band routers.

But if you're not in a crowded area, wirelessly speaking, and if you don't have any legacy "g" or "b" clients to
worry about, then the TEW-633GR is certainly a competitive choice. First, it looks cool in the way that the
Linksys WRT600N does. The router has a sleek glossy black finish with three antennas on the right side, the
usual series of activity/speed LED indicators on the front, four GigE switched ports, and one GigE WAN port
on the back. There's one thing out of the ordinary: Trendnet also included a side-mounted Wi-Fi Protected
Setup switch for easy WPS client configuration (WPS is a standard for easy and secure establishment of a
wireless network), and a slide switch that turns off the wireless networking. I really liked the latter, as you
usually need to hit a router's Web interface to disable wireless networking. This can be an easy way to check
for specific network problems if things go wrong.

Setup is conducted via the usual CD-based routine. Plug a workstation into one of the router's wired ports,
insert the CD, and the setup wizard kicks off. Like most of the other routers we've reviewed recently, the
Trendnet seeks to take you from powering the router up all the way through setting up your wireless and wired
networks. It looks as if Trendnet and D-Link have the same OEM outfit programming their setup installations,
because the two routines looked very much alike, and both had similar problems—though Trendnet's were far
more pronounced.

When I ran this install routing on the D-Link DIR-855, the install wizard refused to see my Internet connection.
Fortunately, the router itself saw the connection just fine and finished the rest of the basic install on its own.
The TEW-633GR had more problems, however. First, it refused to see the wired adapters of my Dell XPS and
Gateway E275-M notebooks. The wizard tells you to unplug your Ethernet cable from your existing modem or
router before the installation and then tries to check for the adapter. But when you obediently unplug the cable
it simply assumes, because the cable is unplugged, that there isn't an adapter at all. You need to skip ahead a
couple of steps in the wizard and plug your PC into the router (and power the router on) before the wizard can
even begin its run.

That was annoying enough, but then the wizard hung when looking for the Internet connection as well.
Switching to another PC and starting the wizard all over again, including the trick of powering the router on
before I was told, allowed me to get through the wizard. In case you want to bypass this and go directly to the
router's management screen—good luck. The default Web address is (usually it's 0.1 or 1.1—
thanks, Trendnet). However, neither that nor the router's default password is listed in your startup materials.
You'll need to go dig through your docs to find those.

And as if all that wasn't enough, the install wizard installed a trial version of Network Magic without ever giving
me a chance to opt out. The wizard finished and the Network Magic icons were there. I had to uninstall after
the fact. That's bad software citizenship, no matter how you slice it.

All that said, setting up the wireless network wasn't particularly hard. Enter a wireless network name (aka
SSID), choose your security mode (again, I highly recommend WPA2, though, if you've got older "g" and "b"
clients, you'll likely get pushed back to WEP unless you can find new drivers), click "Finish," and you're done.
Like SMC, Trendnet's setup utility provides well-written "Learn More" descriptions of the important setup
steps; if you're confused, browsing these should clear things up. Once completed, the wizard shows a
summary of your setup information, reminds you to record this information somewhere, and then saves a text
file with the info to your desktop. Very thorough—and I like thorough.

I had one inexplicable hiccup, post-setup. Upon checking my network after setting up the router, none of the
PCs could see my HP Color LaserJet 3800dn. The printer was set to receive an IP address via DHCP, but the
address refused to take. My XP, Vista, OS X, and Fedora 8 clients, as well as my Netgear ReadyNAS NV+,
all took their addresses just fine, but the HP had to be manually configured with a static IP address before
anything could print. The fix was easy enough, and, for things like printers and NAS boxes, I like to assign
static IPs anyway. But networking newbies will doubtless not be pleased when their printer doesn't show up
without further configuration.—Next: TrendNet Management
TrendNet Management

There's more to setups than just the basics, so I clicked on over to Trendnet's standard Web-based
management screens. These were clear and intuitive, with the same help descriptions as on the router—
useful, because Trendnet has configured this router with plenty of options.

For example, the TEW-633GR, like the D-Link DIR-855 and the SMC Barricade, supports Virtual Servers.
This feature allows you to use a static or DDNS-supplied public IP address to host multiple Web servers off
your network. This is still primarily a small-office function, but home users looking to host their own photo-
sharing sites, or even power users looking to run FTP or a secondary e-mail server, will love the Virtual Server

The router also has multiple forms of QoS-style traffic protection. You'll find support for a standard QoS rules
page, StreamEngine for protecting specific kinds of gaming traffic, and WISH (Wireless Intelligent Stream
Handling) for protecting a variety of traffic over your wireless network. I found the setup screens for all these
features only moderately intuitive. Still, Trendnet's done a good job of including workable default values where
applicable, and if you read through the help descriptions, you should be fine.

The TEW-633GR also has plenty of security features, including an SPI firewall, traffic filtering, and content
filtering. The firewall and traffic-filtering rules setup pages aren't for newbies, but the parental content controls
are easy enough. These let you set up rules for restricted Web access (including a white list) for specific times
of day. There's also an e-mail report you can issue to yourself of all router activity just to keep an eye on
things. For telecommuters, the TEW-633GR also supports VPN via standard IPsec or PPTP protocols.—Next:
TEW-633GR: Protection

TEW-633GR: Protection

Performance was a mixed bag, mainly because of the 2.4-GHz-only issue and the fact that even at home I'm
in a neighborhood where you can constantly scan between four and six other access points. Still, at an
optimal range of 20 feet and using Trendnet's own 300-Mbps Wireless N USB Adapter on a Dell XPS
notebook running Vista Business, my Ixia IxChariot and JPerf throughput tests averaged out to 186 Mbps
throughput. That's very quick for a 2.4-GHz connection.

This changed rapidly, however, the further away I moved from the router. At 50 feet, I was down to 138 Mbps
average, and at 80 feet in the drive I was down to 57 Mbps. Adding a ThinkPad T42 with its internal wireless-g
client did even more damage, though less than I would have thought. Throughput at optimal range dropped to
only 156 Mbps; at 50 feet the speed averaged 91 Mbps, and at 80 feet it fell to 36 Mbps. Though the the
TEW-633GR isn't nearly as fast as the dual-band routers in 5-GHz mode, these are respectable numbers for
a 2.4-GHz box.

With decent throughput, especially considering its 2.4-GHz handicap, I think the Trendnet TEW-633GR is
good router for its low price tag. I'm unimpressed with the installation wizard, but if you scan the docs you can
bypass it entirely. I still think GigE wired ports require 5 GHz on the wireless side, but if you can live with the
wireless throughput numbers, then you're getting an awful lot of other high-end functionality for your Benjamin
and a quarter.

More Router Reviews:

Apple AirPort Extreme Base Station 802.11n

REVIEW DATE: 04.20.09

This is a solid wireless router for all-Mac and mixed Windows/Mac networks. But if you run all Windows (or any flavor of
Linux), you can get better features for less money.

Simultaneous dual-band operation. Guest-network capability. Can extend wireless range. Performs well at long
distances. Printer, hard-drive sharing.

Inadequate firewall. Only three LAN ports. Inconvenient LAN link-status lights.

Apple Computer Inc.


By Mario Morejon

Let's play a word game. I'll give a description, and you'll say the first thing that comes to mind. Ready?
Porcelain-white, minimalist, 802.11n, some nifty features, others that are inexplicably missing, a tad
overpriced at $179 direct. "Sounds like the latest Apple Extreme Base Station 802.lln router," you say? You
cheated. You read the same description in our review of the AirPort Extreme Base Station with Gigabit
Ethernet, this router's predecessor. It all applies equally to the current iteration of Apple's well-built, reliable
router, but Mac devotees who buy the updated box will get two impressive new features: simultaneous dual-
band broadcasting and guest access. For networks that are all Mac or even Mac/Windows, it's a sound
choice. For wall-to-wall Windows installations, however, you'll get better bang for the buck elsewhere.

Out of the Box

Externally, the AirPort Extreme is identical to its older incarnation: Apple kept the hefty square, gloss-white
polycarbonate case, which is easily as stylish as the Belkin N+ Wireless Router (F5D8235-4) or the Netgear
RangeMax Wireless-N Gigabit Router WNR3500. The same thick rubber pad protects furniture and keeps the
router from sliding around. And, as before, the three antennas are hidden within the case, so as not to spoil
the router's lines.

Unlike many routers, the AirPort Extreme has no Web interface. That's a bit of a pain, since you
must install a setup/management utility on every client machine. Luckily, the Mac OS includes
the necessary software. At least the process is quick and easy. Buzz up!
on Yahoo!

The software's interface is very different from that of non-Apple routers. Installation veterans comfortable with
"typical" routers might be a bit thrown at first, but anyone used to the Apple UI style will feel at home. I do
think, though, that the utility forces the average user to consider too many technical settings. Few consumers
will know what "SNMP port over WAN" means, for example. Your best course is to leave the default settings
or shut off features that aren't needed (if you recognize them). The common perception is that Apple products
are simpler to set up and use than Windows products—this is a clear exception. The best Windows routers,
such as the Linksys by Cisco Dual Band Wireless-N Gigabit Router WRT320N, hide such arcane terms in the
advanced menus, which the average user may never need to see.—Next: Good Apple

Good Apple

The new AirPort Extreme supports simultaneous dual-band Wi-Fi, which means it can broadcast at 2.4-GHz
and 5-GHz at the same time—a feature it shares with several Windows routers, including the D-Link DIR-825
Xtreme N Dual Band Gigabit Router. You can even give each band its own SSID and name, which I did during
testing. That lets legacy devices connect at the lower frequency while more modern equipment can use the
less-crowded higher band. On dual-band routers that don't offer this extra ability, such as the Linksys
WRT320N, you have to switch manually between bands. Apple's band-segregating is a very cool ability, and
one that I haven't seen in many routers. It works really well.

By default, the AirPort Extreme generates a name (unique ID) for you. After you obtain the unique names for
the bands, switching between the Wi-Fi connections is as easy as finding the network and connecting to it.
You can also manually adjust the transmission power on the router's radios, bolstering the signal when there's
interference from other Wi-Fi devices. Or, if you'd rather not broadcast beyond a certain area, you can also
cut signal strength. If you don't need the maximum transmission power, lowering it can save electricity—a
good green benefit.

As with the previous AirPort Extreme, this one lets you extend the reach of your wireless network by chaining
together multiple wireless devices. The procedure is simple, extremely powerful, and one that businesses, in
particular, can put to good use. You just have to identify your wireless network to the second Apple wireless
device (such as another AirPort Extreme or the Apple Time Capsule 1TB, which I recently reviewed), and sign

When I tested the feature by combining the network I just created with a previously existing one, the AirPort
Extreme automatically realized it was inside a LAN and, as a result, didn't try to generate an internal IP
address (which would have conflicted with those the existing network was already creating). The Airport
Extreme extended the range of my router by doubling the distance that it normally covers.

Guest access, as mentioned earlier, is another powerful new capability. This lets you give outside users—
friends, customers, and business associates, for example—access to the Internet via your network, but blocks
their access to all other network resources. The restricted network gets its own password, and you can set it
to allow guests' wireless devices to communicate with each other.

Strong file-sharing support is another benefit of the AirPort Extreme. You can share drives, protect them with
passwords, and even access them over the Internet (from Mac clients only) using Bonjour, the Apple program
that lets you discover network devices. The router can also limit access if, for example, you want to regulate
how much time your children spend on the Web.—Next: Bad Apple

Bad Apple

This version certainly improves on its predecessor, but a number of complaints we (and others) had about the
previous AirPort Extreme remain. Some, I'd wager, result from Apple's fanatical devotion to high style. So, for
example, there are no visible ventilation holes to mar the enclosure, but that makes the device hot, especially
on the top.
You'll also find just three LAN ports. That's one less than on any other consumer or SOHO router I've tested—
a decision made, I'm guessing, to shave off an insignificant amount of case width to make the design square.
For many home users, a trio of LAN connectors is plenty. But let's see: Connect your desktop, the Xbox 360,
the VoIP phone, and…. Uh-oh, where are you going to plug in your networked storage device? Time to buy an
Ethernet switch.

The most annoying sacrifice of function on the altar of design hits when you look for link status. The face of
the enclosure has just one indicator—a power/WAN-connection LED. That gives you info about your Internet
connection, but that same quick glance should also disclose problems with your wired Ethernet. Not so with
the AirPort Extreme. To check for Internet activity, Apple makes you turn the box around—the link lights are
on the back. On the plus side, the rear of the case holds a USB port where you can connect a printer, hard
drive, or (with a USB hub) both for sharing across the network—a very thoughtful extra that few competing
products offer.

The most serious deficit of this router is the firewall. But rather than go with up-to-date protection technology
in the form of stateful packet inspection (SPI), Apple dialed up 1995 and ordered a firewall. That's certainly a
necessary security component—every consumer router provides NAT. But is it sufficient on its own? No way.
NAT is not a true firewall but rather a special table that hides private IP addresses from the Web. In contrast,
SPI is a true firewall feature. SPI maintains the state for the traffic between your computer and the computer
you are reaching over the Web.

There's little doubt that this router's extensible wireless, simultaneous dual-band Wi-Fi, sharing of multiple
USB-connected peripherals, and guest access are all powerful, high-end features. So the AirPort Extreme's
lack of features that are commonplace on other routers is all the more puzzling. The absence of a true firewall
is just one example. Another example is DDNS—it's just not available for Windows users of the AirPort
Extreme. Mac users can get it, but only if they pay for a MobileMe subscription. Okay, we all know that Apple
can get away with charging loyal customers for extras that competitors give away.—Next: Performance


I used Ixia's IxChariot software to test simultaneous upstream and downstream performance. The IxChariot
server connected to the router was a Windows XP SP3 PC driven by a 3-GHz Intel Core 2 Duo backed by
4GB of RAM. The client, a 1.83-GHz RAM HP Pavilion dv2000 laptop with 3GB of RAM, used a USB D-Link
DWA-160 network adapter and was running Vista SP1.

The AirPort Extreme has impressive wireless range, and better-than-average throughput, but many 802.11-n
routers I evaluated beat it. When I set it up for 2.4-GHz operation and separated it from the client by 3 feet,
the router scored 61 megabits per second—typical for the 2.4-GHz band. The ASUS RT-N11 EZ Wireless N
Router clocked in at 86 Mbps at that distance, and I got 93 Mbps with the TP-Link TL-WR941ND Wireless N
Router. I clocked the Editors' Choice D-Link DIR-825 at 80 Mbps at 3 feet.

Over a 20-foot separation, the router held steady at 55 Mbps. At 50 feet, the AirPort Extreme really shined. It
managed 49 Mbps with the power pumped to 100 percent—a good result, considering the distance. That
beats the Netgear WNR3500's score at that distance, which was just 38 Mbps. Another Editors' Choice, the
D-Link Xtreme N Duo Media Router (DIR-855) pumped out 133 Mbps.

Operating in the 5-GHz band, the router managed 105 Mbps at 3 feet—again, average for that band. On the
same test with the previous version of the router, the device pumped out 93 Mbps at about 5 feet. And, as
you'd expect, the router's Gigabit backbone certainly proved to be no bottleneck. Plain old Fast Ethernet LAN
ports, such as those on the ASUS RT-11N, do restrict throughput. Again, the D-link DIR-825 also beat the
AirPort in this band, with a score of 149 Mbps.

When I moved the laptop to 20 feet, the AirPort pushed through 81 Mbps, which is also average in the 5-GHz
band. At 50 feet, the AirPort Extreme performed better than expected, however, with 72 Mbps, indicating that
in the 5-GHz band it can perform well at long distances. The D-Link Xtreme DIR-855 scored a whopping 232
Mbps at 20 feet, and 167 to 189 Mbps at 50 feet! But that's a $300-plus router. The more reasonably priced
(at $150) D-Link DIR-825 produced 99 Mbps at 20 feet, and 68 Mbps at 50 feet.

The AirPort Extreme Base Station 802.11n is a good wireless router longing to be a great one. It won't be,
though, until Apple puts as much emphasis on features and value as it does on design. Users with pure Mac
networks get enough capabilities to make this box a worthwhile purchase. Users with mixed Mac and
Windows networks don't derive quite as much benefit, but they should still consider the router. It's got some
cool features, and it looks great. For the AirPort router to reach its tantalizingly close potential, however, Apple
will have to improve its firewall and make the UI friendlier.

More Router Reviews:

D-Link RangeBooster N Dual Band Router (DIR-628)

REVIEW DATE: 03.19.09
D-link's RangeBooster N Dual Band Router has state-of-the-art features and delivers impressive throughput, all for as
little as $75.

Easy to set up. Rich feature set for the price. Great performance.

User interface could use a facelift.

D-Link Systems Inc

Price: $119.99 List
Chipset: Atheros
Device Type: Router
Parental Controls: Yes
Stateful Packet Inspection: Yes
WPA Security: Yes
Networking Options: 802.11n


By Mario Morejon

The D-Link RangeBooster N Dual Band Router (DIR-628) is not only affordable ($99.99 direct—but it's
available for as little as $75), it's also fast and so easy to configure that even networking novices should find it
a snap to get up and running. More advanced users will love the fact that despite the low price, D-Link didn't
skimp on the features. My only peeve is the user interface (the Linksys WRT320N Dual Band Wireless N
Gigabit Router has a better one), but the router's other strengths more than make up for it. If you're looking for
a dual-band (2.4- and 5-GHz) N router, this is the one to get.

Setup and Security

D-Link gets what too many miss—most users set up a new router every year or two, then immediately forget
how it works. If you like wizards, you'll find setup to be a painless, nontechnical process (well, almost.) In
minutes, you can have the DIR-628 up and running, with a minimum of clicks.

The wizard skips lots of the high-end features, but it does walk you through configuring security, which is
important. The DIR-628 provides WEP and WPA encryption services, and the wizard can help you with either.
I recommend using the more secure WPA2-Personal with AES encryption. If you're the type who doesn't keep
your computer updated (shame on you!), you might need to install the hotfix (KB893357) that Windows XP
requires before it can use WPA2-Personal. If you're running XP SP3, you should be covered.

The management interface needs a bit of reworking. One aspect that needs taming is the way it
displays information: It hits you with way too much. For instance, when you go to adjust the
QoS engine, you'll see traffic-shaping settings that include sophisticated rules for throttling the Buzz up!
router's network bandwidth. No doubt about it, that's a good, powerful feature, and an expert on Yahoo!
won't be daunted. But the average user will be a whimpering mess. Those settings aren't a good option to
have on a main screen. Linksys routers, on the other hand, strike a middle ground between features and ease
of use. The Linksys WRT320N provides just three options for changing the QoS in the router.

The one advanced tweak I'd recommend that average users make is switching to the 5-GHz band instead of
using the 2.4-GHz. The higher-frequency band is less crowded with traffic, which means your router will be
competing with fewer devices: garage-door openers, 802.11g routers, cordless phones, microwave ovens,
and many, many others. The downside is that 5-GHz shortens the transmission distance compared with 2.4-
GHz. As you move further from the router, your signal will get weaker faster.—Next: Advanced Features

Advanced Features

Don't let the low price fool you. The DIR-628 is a state-of-the-art router. Like its D-Link predecessors, it has
port forwarding and Web filtering built in. And to those features it adds the ability to take your IP traffic control
to the next level with a quality of service (QoS) engine, VPN gateways, and access-control policies.

The built-in firewall even supports IPsec VPN and includes some nifty network address translation (NAT)
capabilities to limit traffic at the protocol level. If this is all Greek to you, don't worry—you don't need to mess
with any of it. But networking pros' eyes will light up at the thought of getting these features at such a low

Ambitious networking newbies might want to tinker with its QoS, though. This feature comes in handy when
you need to put the reins on bandwidth hogs in the house. Want to make sure your VoIP traffic gets higher
priority than your kids' P2P crimes? You can tweak that via QoS. However, prioritizing and shaping packet
size at the IP level is not for the faint of heart. D-Link provides some helpful QoS guidance, though—I'd read it
carefully before experimenting, if you're unfamiliar with the area.

Pros will find a ton of tools for tweaking their networks. But average users need do nothing more advanced
than switching to the 5-GHz band and making sure that XP is updated. From what my IxChariot testing
software strongly indicated, those modifications should guarantee good throughput with this router.—Next:


My initial experience with the DIR-628 was impressive enough that I was eager to get it on the bench and see
how it fared against our earlier Editors' Choice, the D-Link Xtreme N Duo Media Router (DIR-855).

My client test machine, a 1.83-GHz Core Duo HP Pavilion with 3GB of RAM, was running Windows Vista
SP1. The router was wired to a Windows XP SP3 PC powered by a 3-GHz quad-core PC with 3GB of RAM.
With the router and client 3 feet apart, the DIR-628 scored 231 megabits per second (Mbps). When I tried at
20 feet, I was surprised at the DIR-628's impressive 210-Mbps throughput. That's only slightly below the 232
Mbps I got with the much more expensive ($359.99 direct) DIR-855.

At greater distances, however, your investment in the DIR-855 would pay off. At about 50 feet, the DIR-628
managed to pump out 112 Mbps. That's decent (especially for the money), but the DIR-855 left it in the digital
dust with a score of 189 Mbps. Of course, for half-again the Mbps, you'd be paying three to four times as
much. The average household (and even the small business with two or three users) will probably get better
bang for the buck from the less-expensive router.

The D-Link RangeBooster N Dual-Band Router (DIR-628) offers good performance and incredibly easy setup
at an unbeatable price. With some work on the management interface, it'll be hard to beat all around.

More Router Reviews:

Linksys by Cisco Dual Band Wireless-N Gigabit Router WRT320N

REVIEW DATE: 03.27.09

This is one of the easiest routers to install and manage. A good choice for novice users, professionals, and businesses
that have to give remote workers secure access.

Simple installation. Easy to use. Supports VPN and QoS.

Performance isn't spectacular. MAC filtering enabled by default may cause setup headaches. Uses interference-prone
2.4-GHz bandwidth as the default.



By Mario Morejon

The Linksys by Cisco Dual Band Wireless-N Gigabit Router WRT320N is the little router that could. For just
$110 (street) you get a dual-band device that's easy to set up and operate but supports virtual private
networking. That combination of price, simplicity, and features makes it ideal for businesses—especially those
with employees who need to work remotely.

The WRT302N is about two-thirds the size of its Linksys predecessors but is otherwise similar in design. Four
numbered green/blue activity LEDs on the front correspond to the four GigE ports on the back, where you'll
also find the WAN (Internet) port, power connector, and reset button. Other front-panel switches and
indicators include a Wi-Fi protected Setup button (for quickly configuring all devices that support WPS) and
status light, as well as a power LED.

Because of its relatively diminutive size, the router can fit almost anywhere, which I like. The reduced volume
places circuitry closer to the case, making it feel a little hotter than its older siblings, yet it stays considerably
cooler than rivals such as the SMC Barricade N Wireless Broadband Router (SMCWBR14S-N2). That's
good—excessive heat can lead to failures.


Linksys has its act together as far as installation goes. To get started, you insert the included
on Yahoo!
CD into a PC connected (via a cable) to the router. A four-step wizard does almost everything
needed to get you up and running. I found the process easier than that of the Belkin N+
Wireless Router (F5D8235-4), the Netgear RangeMax Wireless-N Gigabit Router WNR3500, or Buzz up!
the SMCWBR14S-N2. About the biggest difficulty you'll have in the setup wizard is choosing
whether to use the less-secure WEP-128 for compatibility with older wireless computers or the more-secure
WPA/WPA2. If your devices support WPA2, that, of course, should be your choice. But the router supports
Wi-Fi Protected Setup installation (there's a WPS button on the front of the case), making security
configuration easy for devices that support WPS.

With the initial steps complete, the CD installs the Linksys EasyLink Advisor (LELA). Much like Cisco's
Network Magic utility, LELA tries to automate some aspects of network setup, sharing, management, and
security. It attempts to discover the wired and wireless devices on your network, connect them to the router,
and produce a map showing the connections. The utility can also alert you when an intruder tries to log in
wirelessly. LELA will also install a 30-day trial of Trend Micro's Home Network Defender.

The wizard's designers did make a few somewhat questionable choices, though. Automatically enabling MAC
filtering is one. It does add a degree of security from the get-go, but it may confuse some users. Once you've
completed the setup, new wireless devices will be unable to access network resources other than the Internet
until you include them. Likewise, nothing on the network will see the new device. Experienced users will figure
out that they need to enable sharing; others will be lost.

Another problem is that the configuration process sets the router to broadcast at 2.4-GHz, rather than in the
faster, less-interference-prone 5-GHz band. Not only that, but the lower band is the default for Wi-Fi Protected
Setup. For the demanding tasks more and more users are expecting their routers to perform, such as
streaming video wirelessly, you want 5 GHz. Why not make that the default? Users with some understanding
of networking will know to alter the settings, and will do so easily enough in the router's Web interface.
Beginners won't even realize that they should make the change. I prefer the approach taken by the D-Link
DIR-825 Xtreme N Dual Band Gigabit router in which 2.4-GHz and 5-GHz bands work simultaneously and are
managed by the router—users need never think about switching between them.—Next: Interface and

Interface and Features

The layout of the tab-based Linksys user interface hasn't changed for quite some time; that's fine, because it's
the best in the business. Feature categories are logically separated, and the more complicated network
settings are tucked away in secondary tabs below the main ones. From the tab labels, geeks know that
powerful features exist and can get to them easily. But because you don't actually see the more complex
settings, less-experienced users won't feel daunted. The interfaces of routers like the Belkin N+ F5D8235-4,
the SMCWBR14S-N2, and even the Netgear WNR3500 pay less attention to the way complex features are
separated and shown.

Gamers will appreciate a few capabilities the router gives them. Using the Applications and Gaming tab they
can open ports, which allows games (and other applications) to connect directly to the Web, bypassing the
built in configurable firewall. Permitting access to single ports and ranges is easy, and the router's built-in
assortment of port configurations will satisfy the most demanding game enthusiasts.

In addition, Linksys has simplified the Quality of Service (QoS) feature, which lets you prioritize applications
that degrade too much if bandwidth drops—VoIP phone service, for example. To add Skype, Yahoo
Messenger, or a custom VoIP application, assign the network ports that the application uses, give it a priority,
and you're done. You can also play around with the network bandwidth, adjusting the amount you give the
application. Most users, however, should be happy with the default settings. In any case, the options are far
simpler to use than those of the D-Link RangeBooster N Dual Band Router (DIR-628).

Linksys also provides a way to remotely access the management interface and also perform remote
upgrades. Many rival products enable remote management, but you still have to upgrade the firmware through
a PC. Some of the router's features could use updating, however. Access Restrictions, for instance, is a bit
archaic and doesn't give you many options for blocking bad Web sites. You can create just ten policies, each
of which can have only four objectionable words or inappropriate sites, whereas the D-Link DIR-825 lets you
create a larger list of Web sites and inbound addresses to filter. This isn't a major complaint, however, as
almost no one filters Web sites via a router, anyhow.—Next: Performance


To test throughput, I used IxChariot, a utility that simulates network traffic. I hooked the router to a Windows
XP SP3 PC with a 3-GHz Intel Core 2 Quad CPU and 2GB of RAM. The Wi-Fi laptop was an HP Pavilion
dv2000 that had a 1.83-GHz Intel Core 2 Duo processor and 3GB of RAM and was running Vista SP1. I
connected a D-Link Xtreme N Dual Band Network Adapter (DWA-160) to the laptop.

I first tested the router's operation in the 2.4-GHz band. At a separation of 3 feet between the router and
laptop, I measured about 56.3 megabits per second—a little below what I'd expect. The Belkin N+ F5D8235-4,
for instance, scored 68 Mbps. Even the ASUS RT-N11 EZ Wireless N Router, which has only 10/100-Mbps
LAN ports, outperformed the WRT230N at close range, managing 86 Mbps. Our Editors' Choice, the D-Link
DIR-825, scored 80 Mbps.

At 20 feet and 50 feet, the WRT320N's throughput scores were 44 Mbps and 29 Mbps, respectively. The
Belkin N+ F5D8235-4 and the Netgear WNR3500 turned in about the same scores, and the DIR-825 scored a
much-more-impressive 70 Mbps and 56 Mbps. In this band, the Linksys router's performance was decent but
lagged a bit behind those of its competitors.

When I switched to the 5-GHz band, the WRT320N's throughput almost reached triple digits at 3 feet,
averaging 99 Mbps. Peak transfers measured well above 100 Mbps, a good score. The Apple Airport Extreme
Base Station 802.11n beat it, however, with a score of 105 Mbps, and the D-Link DIR-825 racked up a
blistering 149 Mbps. At 20 feet, the WRT320N's throughput dropped to 69 Mbps—a decent score, but the
Airport Extreme still beat it, with 79 Mbps], and the DIR-825 got 99 Mbps. At 50 feet, the WRT230N fell farther
behind, with a score of 51 Mbps against the Airport Extreme's 72 Mbps. The DIR-825 eked out 68 Mbps. Still,
by passing the 100-Mbps threshold on the 5-GHz-band test, the WRT230N, if not the first in the pack, showed
some real strength.

Overall, the Linksys by Cisco Dual Band Wireless-N Gigabit Router WRT320N is a capable device.
Performance may not quite reach the level needed for video streaming, but the router can easily handle the
traffic in the vast majority of homes and small businesses. It has a wide range of accessible, well-explained,
and useful features—VPN support, QoS capability, and more—and the Easylink Advisor utility makes it one of
the easiest-to-use routers around, at an attractive price. Despite the WRT320N's merits, the D-Link's DIR-825
Xtreme N Dual Gigabit Router gets the Editors' Choice. For an extra $50, it gives you dual-band operation,
better throughput, and 3G wireless over a USB port, among other strengths.

More Router Reviews:

Ruckus Wireless ZoneDirector 1000 and ZoneFlex 7942

REVIEW DATE: 12.23.08

The Ruckus Wireless ZoneDirector 1000, combined with ZoneFlex 7942 access points, offers enterprise-level mesh
network technology at a price small businesses can afford.

Excellent antenna technology and mesh architecture.

The network takes a long time to establish itself and to resync APs.

Ruckus Network Inc

Price: $1,200.00
Device Type: Access Point, Router
Networking Options: 802.11n


By Mario Morejon

So you need to reach large open areas within your business's wired network? Wireless is the obvious way to
go, but enterprise wireless solutions from Aruba Networks, Cisco, and Meru Networks are priced out of the
reach of most small businesses. Ruckus Wireless is a cheaper and leaner alternative and just as reliable as
the big players. Like its enterprise counterparts, the company's 802.11n Wi-Fi solutions are based on a mesh
architecture, which means that its access points communicate with each other over Wi-Fi. There's no need to
run cabling between them, which is a huge advantage when it comes to saving setup time and costs. The
$1,200 (list) ZoneDirector 1000 can handle up to six 7942 access points, which cost $799 each. I used a
ZoneDirector and two access points. [12/30/08 Editor's note: This review originally incorrectly stated the
number of access points used in testing and the total cost of the test setup].

After a battery of tests, I found Ruckus's technology resilient to changes in indoor environments and a great
way for businesses to set up a robust network with a minimum of fuss (and cabling).

The Ruckus BeamFlex antenna technology is a marvel of engineering. The antenna in the 7942 AP uses 12
unidirectional elements. Each element acts as a simple transmit/receive antenna, but when it's combined with
other elements in the array, over 4,000 possible patterns arise, and the client automatically chooses the one
that's best at the moment to maximize connection performance. As you move around with your wireless
laptop, Ruckus's BeamFlex technology causes the AP antenna to change patterns as needed to provide the
best access. This process creates less signal interference and consumes less energy. Better reception at a
lower cost: It's hard to argue with that!
By contrast, home routers use omnidirectional antennas. They don't focus the signal or track wireless clients
moving across a room. Instead, they go for a saturation approach relying on their profligate transmissions to
get through after bouncing off walls and furniture. Inside homes or small offices, that approach usually works
just fine, but when you need to deploy routers with omnidirectional antennas in large warehouses or machine
shops with lots of motors and steel parts, they don't perform well.

In addition, the Ruckus BeamFlex technology uses spatial multiplexing, or MIMO (multiple input, multiple
output) and channel bonding, to achieve the highest possible transmission rate. Spatial multiplexing and
channel bonding are orthogonal technologies, which mean that in practice they are difficult to combine. While
spatial multiplexing splits signals into chunks for each element in the antenna, channel bonding combines
channels to transmit data. Hats off to Ruckus for making these two 802.11n technologies work in an antenna
array. —Next: Setup and Performance

Setup and Performance

The Ruckus ZoneFlex 7942's access points form a mesh network. The ZoneDirector, a super-7942 AP,
manages communication with your entire mesh of APs. Only the ZoneDirector AP is connected to a LAN
switch on your network. Plugging those components together completes the physical installation. The Ruckus
meshing technology will detect and attach to each AP automatically; even upgrades occur automatically.

While the ZoneDirector is first detecting its APs, there's a noticeable delay. The process is automatic, but took
about 10 minutes in testing. There's a lot of network heavy lifting going on behind the scenes here, though,
and I'd rather spend those 10 minutes waiting for the Ruckus to do the work than running cables myself. The
coolest thing is that the network automatically adjusts to hardware changes in the same 10 minutes. Add in
some APs, and the network reconfigs in 10 minutes. Take one off-line, and it's the same story. Pretty cool!

ZoneDirector's management features are comprehensive. The software provides layer 3 functionality, so you
can install APs on different subnets, and each AP can have up to eight SSIDs. You can also create a VLAN
for each SSID and add the usual security, such as WPA, WPA2, and WEP. If that's not enough security for
you, Ruckus also uses its own security model, called dynamic PSK, which helps speed up the authentication
process by passing keys to users' laptops the first time they authenticate. I did a quick test on a Vista laptop
using dynamic PSK, and it worked well.

The 7942 is a fat AP, which means it has some intelligence built in. You can log on to the AP and perform
tests such as ping and Traceroute, and you can change settings to automate meshing with other APs. Before
doing my benchmark testing, I placed two APs about 25 feet apart in our labs. I decided to do all the testing in
this environment rather than in a home setting, because the Ruckus solution is mainly designed for
businesses. The lab environment is challenging, because we have several radio sources transmitting on just
about every channel.

I used ZoneDirector's network discovery and meshing capability to identify non-Ruckus wireless routers and
APs. As it scans in real time for wireless devices with the APs, ZoneDirector generates a list of all devices it
finds. In addition, it triangulates the radio sources using the APs and displays them in a sample floor plan. You
can also upload your own floor plan to match the locations.

I first tested the Ruckus APs using a network performance utility called SpeedFlex, which comes with
ZoneDirector. I wanted to get readings between APs and the ZoneDirector directly without having to go
through a switch. You can test only downlinks with SpeedFlex, however. SpeedFlex produces far less test
traffic than the IxChariot test I perform on routers. I used an HP Pavilion dv2000 laptop running Vista Home
Premium SP1 with a D-Link DWA-160 USB PC card (version 1.1, Rev. B driver).

The results were quite impressive. Using SpeedFlex, I got 29 Mbps over one hop at about 20 feet away from
the ZoneDirector root AP. This isn't anywhere near wireless-n speeds, but that's to be expected, since the
signal is going over at least one extra hop (and possibly several, depending on the size of your mesh and
distance covered) to reach your laptop. In exchange, however, you find that the throughput drops only a few
points at a distance of 50 feet. This is the beauty of mesh networks. As long as you're covered by an access
point to a distance between 50 and 75 feet, your overall throughput shouldn't decrease. Beyond that, you'll
need to make additional hops, and speeds will drop.

To check the SpeedFlex numbers, I did another test, this time with Ixia's IxChariot, the tool I use to test all
routers. The throughput dropped to 20 Mbps at 20 feet using IxChariot. This is a reasonable reduction, since
on this test I simulate four connections (two downlink and two uplink) instead of the one I used when running
the SpeedFlex tool.

Next, I tested at a few other distances and configurations with a single AP connected to the ZoneDirector—
that is, direct throughput, with no hops. While most people would use it in a mesh as described in the test
above, I wanted to see how the Ruckus fared on tests similar to those I perform on regular non-meshing
routers. At 2.4 GHz, Ruckus scored 31.7 Mbps on the SpeedFlex test—about what I expected. On IxChariot,
single-band "n" home routers usually perform better than the Ruckus—somewhere in the 70-to-90-Mbps
range, but only at relatively short distances.
The numbers changed completely when I switched the ZoneDirector to the 5-GHz band. At a distance of 20
feet I measured 158 Mbps with IxChariot, which is a harder test than SpeedFlex. This score is comparable to
what I've found with dual-band "n" routers, so I compared it with two of the best performers we've tested. This
score beat the 116 Mbps I got with the Linksys Ultra RangePlus Wireless-N Router (WRT160N) but can't
match the blazing 232 Mbps of the D-Link Xtreme N Duo Media Router (DIR-855). At 50 feet, the Ruckus
pulled a cool 141 Mbps. Only the D-Link, at 167 Mbps, came out ahead at that distance. Again, while you'll
want to use the Ruckus in a mesh, these non-meshed tests prove to me that the system's hardware is highly
capable. It also strongly suggests that you'll want to operate in the 5-GHz band.

Ruckus's mesh solution is highly resilient and performs well under brutal wireless conditions. It's true that in
mesh configuration, you won't see the same speeds as you'd get with non-meshed "n" routers, but this
business-targeted system wasn't designed for high-def video streaming and gaming, anyhow. I'd take the
moderate performance hit in exchange for the simple setup and robust network any day. The Ruckus Wireless
ZoneDirector 1000, a ZoneFlex 7942 combination, is a gem for small businesses that need Wi-Fi coverage
over a large space.

More Network Hardware Reviews:

ZyXEL ZyWall 2WG

REVIEW DATE: 11.21.08

For its price, the ZyWall is as robust as security gateways come. The appliance provides a good combination of
firewall, routing, VPN, and content-filtering capabilities.

Features galore: UTM, multiple WANs, fully managed switch, comprehensive network filtering. Inexpensive basic UTM

Wireless is 802.11g only. Annoying WAN configuration method.

ZyXEL Communications Corp.

Price: $369.99 List
Device Type: Router
Networking Options: 802.11g


By Mario Morejon

Few routers give small businesses strong networking and security features at a good price. The $300 (street)
ZyXEL ZyWall 2WG pulls it off, though, with a comprehensive firewall and wireless router. Naturally, the entry-
level business router can connect to the Internet via wired broadband, such as DSL, cable, or FiOS, but it has
a few other tricks up its sleeve, too. If your wired WAN connection fails, a special "WAN with 3G backup
mode," as the company calls it, takes over automatically. This combination of wireless broadband, provided
by a 3G extension card and a modem dial-up connection, works even if you connect to a central office through
a VPN. The backup can be a real life-saver if your business is in an area with spotty wired broadband service.
My one disappointment with the device is that the Wi-Fi supports only 802.11g—there's no 802.11n support.

ZyXEL sent my test unit with a Novatel Merlin EX720 EV-DO PC Card for Sprint Mobile Broadband service,
but the appliance will also work with the EV-DO AirCard 595s from Sierra, Sprint, Verizon, and Telus. It also
supports CDMA, EDGE, GPRS, HSDPA, and UMTS networks. I had to activate the EV-DO card from a PC
before installing it in the ZyWall 2WG, but Sprint Mobile Broadband software manager made installation a
snap. The one hiccup in the setup came when I was configuring the WAN; establishing an external IP took
more work than I would have liked. With the card installed, I could configure the appliance to use the EV-DO
service in backup or standalone mode. I chose the default backup mode.

The unit's main interface screen provides threat alerts along with an overview of resources, the Wi-Fi
connection, and the 3G WAN, including IP aliases for LAN and WAN connections. You can drill down to view
port statistics, the DHCP table, bandwidth utilization, and more. Navigating to advanced features is just as
easy. The designers did a good job of making all of the capabilities accessible. And if you don't understand
how to configure the advanced features, don't worry: The ZyWall comes with a wizard that sets up the IPs and
VPN tunnel—two steps and you're done.—Next: ZyWall Security

ZyWall Security

In addition to the features already noted, the box functions as an entry-level UTM appliance, but at about half
the price you'd pay for a dedicated UTM in this class. The eSoft InstaGate 404e, for example, starts at $799
(direct) with no services, and even the SonicWall TZ 180 can run you up to $750 (street). Both provide better
application filtering than the 2WG but are outmatched by the 2WG on wireless options—not bad for a $300

I took a close look at the ZyWall 2WG's UTM capabilities and found that they were baked into it at the most
basic level. Out of the box, the ZyWall is set up as a firewall, but you can also turn it into a firewalled router
and add policies to control communication between applications and clients. The difference between
firewalled routers and firewalls becomes crystal clear once you dig into the ZyWall's interface. Typical home
routers have a simple port-blocking firewall, while a firewall might have or might not have a router built in.
ZyWall's firewall is an all-in-one appliance that comes with router and many other networking and security
features. The firewall has three basic rules—permit, drop, reject—that you can apply to the appliance's
incoming with outgoing traffic. ZyWall protects itself against basic intrusion techniques such as denial of
service (against the DMZ, for example) and ping attacks, and it can block the WLAN from reaching the WAN.

Because the security policies of the ZyWall 2WG provide rules for traffic, and not just for firewalling the
network, it handily out-muscles the ZoneAlarm Z100G. The appliance also generates certificates and has a
built-in authentication database, which does the job of an Active Directory or LDAP server. The authentication
database is perfect for small businesses that don't have servers with multiple administration roles because it
lets you easily manage a small number of users in a centralized network.

You can separate multimedia, SIP, and FTP applications or other custom traffic by IP and port level, and
divide traffic based on protocols. You can even redirect traffic to other gateways and control the throughput of
that traffic. The options for routing traffic are granular, to say the least. For example, you can use network
address translation to set IP aliases for all LAN, WAN, DMZ, and WLAN components, letting you control
routing at a very fine level. You can even set IP routing policies to manage IPs and ports on each network. In
some cases, I found the ZyWall more flexible than higher-end corporate firewalls. In the DMZ, for example,
you can control physical ports simply by selecting which will follow LAN, DMZ, and WLAN roles. That's
impressive in any piece of hardware, and all the more so given the ZyWall's low cost.

External users connecting to a Web server in a LAN protected by the ZyWall can use self-signed certificates
or VeriSign's server. The appliance even lets you employ third-party unsigned certificate signers you trust,
and it supports RADIUS servers as well. The firewall's level of protection is just enough for a home office or a
small business, and the security features won't overwhelm novice IT administrators.

ZyWall won't disappoint you if you need to regulate applications and content either. You can create a filter list
of IPs and URLs, and can block browser-side ActiveX, Java, Cookies, and Web proxies. You can manually
enter Web pages you want to block and can also select categories in the policy engine. You can't, however,
create a file that has words you want to block or URLs you don't want to users to go to. Bandwidth
management at the port level is available, if you need to restrict P2P or other traffic but don't know how to
restrict individual IPs. ZyWall's application- and content-filtering module offers a good combination of high-
and low-level features.

The appliance provides extensive remote administration access—seven methods, in fact. When I used the
command-line interface, I found it just as useful as the Web interface, although it doesn't give you the active
monitoring features. You can also connect to the management console via a serial-to-RJ45 cable, auxiliary
Ethernet ports in the back of the appliance, and even UPnP. —Next: Testing the ZyXEL ZyWall

Testing the ZyXEL ZyWall

To test the appliance's Wi-Fi throughput, I used the IxChariot suite configured for two connection pairs for
uplink and two for downlink. I measured throughput to an HP dv2000 Pavilion running Vista with SP1 and
using a D-Link DWA-160 USB 802.11n adapter. At 20 feet, I got 35 Mbps, which is average for 802.11g Wi-Fi
devices (the ZoneAlarm Z100G managed 38 Mbps). At 50 feet, performance dropped to about 22 Mbps.
That's quite good for a 802.11g router. Throughput for ZoneAlarm Z100G, by comparison, was 21 Mbps.

To test the 3G connection, I cut the WAN connection, causing the router to switch to 3G backup mode. The
transition was smooth, and the 3G connection scored 600 Kbps at almost idle speed—average for 3G. The
3G connection began to slow when I was downloading 2MB files from the Web. At its slowest, I clocked it at
about 205 Kbps, which is still good enough for Web connectivity in a small office with four or fewer users.
That's a pretty solid backup, and one that can make a huge difference if your business relies on the Internet.

When I tried the external-filtering and IP-blocking capabilities, the ZyWall worked superbly. The content-
filtering mechanism uses global and local policy settings. You start by creating global objects of forbidden
Web sites, including a list of objectionable words to block. The content filter feature supports whitelists as well,
so you can add trusted sites that have objectionable words. I created a policy that used those objects and also
blocked sites outside the scope of its categories (pornography, gambling, phishing, violence, and the like).
ZyXEL uses the Blue Coat service to control content. Both the sites that qualified for blocking under the
category filtering I set up and the sites that contained the words I specified as objectionable were blocked
consistently in my testing.

Because of its 802.11g-only Wi-Fi, the ZyXEL ZyWall 2WG is more of an entry-level business router. That's
too bad, because in terms of features the appliance measures up to the big boys, offering enterprise-class
service without the enterprise price. Even low-end UTM appliances cost a lot more. If you can get away
without 802.11n connectivity, the ZyXEL ZyWall 2WG has everything you need, at a fantastic price. It's not
perfect, but it delivers impressive value for relatively little money.

More Network Appliance Reviews:

Apple Time Capsule 1TB (A1302)

ARTICLE DATE: 05.22.09

For its price, the ZyWall is as robust as security gateways come. The appliance provides a good combination of
firewall, routing, VPN, and content-filtering capabilities.

Features galore: UTM, multiple WANs, fully managed switch, comprehensive network filtering. Inexpensive basic UTM

Wireless is 802.11g only. Annoying WAN configuration method.

The Apple Time Capsule 1TB is an unusual network device in that it combines a wireless-n router (the Apple
AirPort Extreme Base Station 802.11n) with a network-accessible hard drive. It's extremely quiet, has good
wireless range, and its drive is delightfully simple to set up for networks using Windows or Mac OS X—or a
mix thereof. Many businesses (and some home users) can benefit from the ability the device gives them to
create a distributed wireless network and to entirely automate backup of Mac clients. Apple offers the
router/NAS combo with 1TB of storage (the version I tested) for $499 direct or with 500GB for $299. The Time
Capsule comes with a single drive, however. That's a drawback because it means no RAID redundancy, a
shortcoming that's a bit surprising at this price. But considering all the features it offers, the Time Capsule is a
good solution for many all-Mac or mixed Windows/Mac networks.

Read the fullreview : Apple Tim e Capsule 1TB (A1302)

D-Link DIR-825 Xtreme N Dual Band Gigabit Router

ARTICLE DATE: 03.30.09

For its price, the ZyWall is as robust as security gateways come. The appliance provides a good combination of
firewall, routing, VPN, and content-filtering capabilities.

Features galore: UTM, multiple WANs, fully managed switch, comprehensive network filtering. Inexpensive basic UTM

Wireless is 802.11g only. Annoying WAN configuration method.

The D-Link DIR-825 Xtreme N Dual Band Gigabit Router is one of the brainiest routers I've tested at's labs. D-Link has thrown in a USB port with 3G wireless capability, simultaneous dual 2.4-GHz-
and 5-GHz-band Wi-Fi mixed mode, power-saving green technologies, and an abundance of configurable
features that should satisfy the most demanding personal networks. I found the router's performance excellent
when I tested it close to the Wi-Fi source. The connection was a little less impressive but still quite good at
longer distances. You get all this for just $169.99 (direct)—that's highly competitive for such a fully loaded

Read the fullreview of the D -Link D IR-825 X trem e N D ualBand G igabit Router.

Copyright (c) 2010Ziff Davis Media Inc. All Rights Reserved.