Reviewed and updated by Brian Locker on August 21, 2019
Over the past several years I’ve been through at least one consumer-grade router from most of the major manufacturers (Cisco-formerly LinkSys, Netgear, D-Link, etc.). The best experiences I’ve had to date are 3rd party firmware builds such as DD-WRT and the Ubiquiti USG, which is my current router paired with a Unifi AP-AC long range for Wi-Fi.
My current network infrastructure comprises:
- Spectrum internet (100Mb up and 30Mb down)
- Spectrum DOCSIS 3.1 Cable Modem
- Ubiquiti USG security gateway router
- Attic: Ubiquiti Unifi AP-AC long range access point
- Master Bedroom: EnGenius ESR530 AP (bridged with wired backhaul)
- Living Room: EnGenius ESR530 AP (bridged with wired backhaul)
The Ubiquiti USG and Unifi AP-AC LR is adequate for my needs. It’s a dual-band router, so I can put a lot of stuff on the 5GHz band. However, the EnGenius ESR530 access points do help fill the parts of the home with weaker signal and provide some additional wired access. In addition, there are several things I like about the USG security gateway:
- Configuration can be completed through the web portal or via an app. Unlike some consumer routers, this “prosumer” gateway provides as much or as little configuration flexibility as I could want.
- Incredibly flexible VPN options, including site-to-site connections for off-site work environments.
- Dynamic DNS support with presets for almost every conceivable service. I use Google Domains, which piggybacks on the DynDNS protocol and it works like a charm for a reverse-proxy setup that I use when I’m out and about.
When I got the opportunity to review Luxul equipment, I jumped at the chance. Luxul delivers highly reliable solutions for use in the most demanding network deployments—ranging from residential and commercial LANs and WLANs to mobile Wi-Fi connectivity in heavy industrial and military applications. The equipment below (an XBR-4500 and XAP-1020) is representative of an installation in a typical residence or small business: a very large property may need additional access points.
Many consumers buy a single Wi-Fi Router/Switch device. While this conserves space, its location can severely impact W-Fi performance. As described above, I have my equipment strategically located throughout my home to ensure strong connections to most of my mission-critical network devices.
As you are likely aware, we are no stranger to Luxul networking gear. Continuing that trend, the Luxul hardware below offers everyone from consumers to small businesses distributed network efficiency by splitting the Wi-Fi access point from the router, allowing users to rack mount the router in a basement (for example) where the cable line comes in to the house, and locate the Wi-Fi access point on one of the upper floors where it can provide optimal coverage.
- 1 WAN Port, 1 LAN Port, 3 WAN/LAN Configurable Ports (10/100/1000 Base-T)
- Multi-WAN Failover and Load Balancing
- Virtual Private Network (VPN): PPTP, L2TP, IPsec
- Quality of Service (QoS)
- Virtual Local Area Network (VLAN)
- Network Security and Firewall
- Simple Setup and Management
- 1 USB 3.0 Port
- Fanless for Silent Operation
- Durable 1U Metal Enclosure for Rack Mount or Desktop Use
- Three Year Limited Warranty
- Built-in remote management (Domotz)
- High performance 802.11ac WiFi (data transfers up to 3167Mbps)
- Concurrent Dual-Band Wireless AC
- 2.4 and 5GHz Beamforming
- Compatible with Luxul Roam Assist™ Wireless Controllers
- VLAN support for creating a secure guest network
- Simple and discreet installation
- Up to 4 SSIDs per band for a total of 8 SSIDs
- Single cable installation with PoE (Injector included)
- Great for streaming media or other demanding applications
- Three-year limited warranty
- Supports 128 clients
- Wave 2 technology (MU-MIMO)
Both devices seem to be well constructed and are aesthetically pleasing. The XAP in particular, is quite stylish, The XBR-4500 comes complete with rack mount ears, which most professional installers would require. The XAP-1610 is equipped with a wall/ceiling mount bracket as well as keyhole slots for flush mounting.
The XAP-1020 uses Wave 2 802.11ac technology for maximum throughput for well over 100 clients on a single access point. For maximum efficiency, it should be aimed towards the area to which you would like to provide coverage. With this in mind, the ideal placement option is usually on a wall pointed into the coverage area; or in a multi-level installation, on the top floor ceiling pointed downwards. In my case, I ceiling mounted it in the second floor hallway facing down.
For those looking for easy setup, it’s as simple as plugging in the router, running an Ethernet cable and power (if not using POE) from the router to the access point. The access point automatically connects to the router and acquires an IP address. I was up and running in less than 10 minutes. Obviously, changing security settings and configuring port-forwarding and VPN access takes quite some time after this. In all, it took me about an hour from start to finish, but I have a lot of port-forwarding setup and I configured the VPN server too.
For those wishing to modify the setup, a web-based interface is provided.
What I Liked About the XBR-4500
On the whole, I liked the product a lot. Rather than run through every single feature (as these are found on many devices), I’ll mention the ones that really stood out.
Multiple WAN Ports
The multi-WAN port functionality is a very useful feature for those who need a guaranteed connection or can’t bare to be without streaming if their cable dies. One can subscribe to cable for their primary service and DSL as a backup. The router can be configured in 3 modes:
- Auto Load balancing – The system searches for the WAN port with the lowest usage and automatically distributes load accordingly. This load balancing mode automatically manages flow distribution and bandwidth overlap. By virtue this also provides automatic failover if the one the connections fails.
- Automatic Failover – Users can choose a WAN port as the primary connection, while making the other port a backup connection. The XBR-4500 will automatically switch to the backup connection when the primary connection has an interruption in service. This mode would typically be used when the backup connection should not be used in normal service (for example, there are tariff charges associated with uses—such as ISDN/X.25).
- IP Group – This mode allows for the control of bandwidth provided to groups of client devices. When using this mode, specific IP address ranges are placed in groups and assigned to a particular port. The source address, destination address, and destination port are all specified. All data packets included in the defined range are then processed by the selected WAN interface. All data packets that are not included in the defined range are forwarded to the other WAN interface.
There two key features here.
- Two routers can establish a WAN connection over a VPN tunnel, by making one a VPN server and the other its client.
- The VPN server can be used for remote clients to connect. I used this feature heavily during testing and it dramatically reduced the number of ports that I was required to forward. The advantage of a VPN, of course, is that once connected, I have access to everything. In contrast, without VPN, I would have to setup port forwarding for every device and service combination I wanted to access.
For those who are unable to obtain static IP’s from their ISP or just don’t feel like paying $15/month for the privilege, there are a plethora of services out there that will track changes in your router’s public IP address. In order for these to function, something on the local network needs to monitor the local WAN address and notify the Dynamic DNS service provider of the change. I chose DynDNS.org for my test and it worked like a charm.
What I Liked about the XAP-1610
For optimal performance, the access point should be located in the correct location. It’s likely that this could be somewhere visible in the main living space. Fortunately, the device is quite stylish and won’t look like an eye-sore.
Eight Wireless Profiles
This allows eight separate SSID’s to be configured. Each can have different encryption methods, passphrases and VLAN assignment.
VLANs keep traffic from different networks from interfering with each other. For example, on a large property, all the wireless control panels may be on their own VLAN to keep their traffic separate from other traffic. In a business environment, VLANs are typically used for security (e.g. isolate the financial department from the password-less guest network VLAN). Note that a managed switch may be required for full VLAN capabilities.
Channel Width Selection
If all devices are capable of supporting 40MHz channels, this can be selected and will either use channels 1 and 6 or 6 and 11.
Power over Ethernet (POE) Support
Running a network cable to an access point location is simple enough, but running power is typically a costly affair, as it requires an electrician. You also probably don’t want a power outlet near the ceiling, so the support for POE (Power over Ethernet) is very welcome.
Testing against an internal copy of SpeedTest running on my LAN confirmed that the XAP is fully capable of maxing out my ISP’s bandwidth, depending on where the wireless clients are located in relation to the access point.
With the increasing demands placed on networks (even residential ones) these days, investing in commercial-grade networking is a sound decision. I wish I could charge consulting to my friends who went to a big box store and bought the consumer products on offer or took what their ISP offered and then called me because their streaming quality was dreadful or they couldn’t get a Wi-Fi signal in parts of their house. The configuration I reviewed is more than adequate for a typical house or small business. What’s also really nice about Luxul, is that if I need multiple access points (indoors or out), or a connection to a remote building, they have a solution available. In a nutshell, I’d highly recommend the products.