Pros & Cons
-
- Good performer.
- No appreciable throughput drop with WPA2/AES security.
- Easy Mac-based setup.
- Can share a USB hard drive over an Apple network.
-
- Apple-centric—not much thought given to Windows users.
- No firewall, even though this is intended as a home Internet gateway.
- Awful performance with security other than WPA2.
Apple Airport Extreme Base Station with Gigabit Ethernet Specs
| Wireless Specification | Yes |
[(12/20/07) Editor's Note: Contrary to what this review originally stated, this Apple router does support sharing of a printer connected via its USB port.]
Even before you see a new Apple product, you probably have some expectations: a flawless, minimalist design; a price a little higher than you'd like; and a mix of high-end features with some puzzling omissions. The Apple Airport Extreme Gigabit doesn't fall far from the tree: It's an elegant, somewhat pricey product that offers most of the important features a home or small-office draft-n wireless router should have, including dual-band (2.4-GHz or 5-GHz) operation and WPA2 security—but inexplicably, no firewall.
This router certainly qualifies as a good-looking piece of hardware (or for those less enamored by Apple's white-rectangle theme, at least not an eyesore). The front of the unit holds just a single activity light, which, in a triumph of intuitive design, glows green when everything's running peachy. The back has a power plug, a USB 2.0 port, and four other connectors—one WAN port for your broadband modem and three Gigabit Ethernet ports for whatever needs to be hardwired into your network.
Although there's certainly something to be said for a display like that on the
Good Stuff
Unlike most routers in the Wi-Fi world, including the other two in this review, Apple's provides no Web-based setup. To install the device, I had to run a disc-based utility that replaced my existing Airport software with a different program, and I don't see the logic behind the choice—more work for the developers, more work for consumers, and, since Apple supplies only Mac and Windows versions, no work for Linux users, who are left out in the cold. Still, the software works as advertised, and setup was fast and thorough.
You can get basic green-LED connectivity to your Mac in just a few minutes once the new draft n–capable Airport software is installed. Windows users are supposedly able to connect at n speeds as well, but neither our Gateway M275 running Belkin's N1 card nor our Lenovo with the embedded Intel N–capable chipset was able to connect to the Airport at n speeds. Both connected fine when we dropped to 2.4 GHz and b/g-compatible modes, however.
The utility is good about finding and talking to your broadband hardware, and it lets you quickly pick a new name for the router (meaning you also have to choose a new SSID). After that, it runs you through assigning a WPA2 password and picking a radio mode—2.4 GHz for b/g compatibility or 5 GHz for a/n—and channel. Now you've got basic connectivity. There are a few plusses and minuses here.
On the plus side, an Options tab lets you access a good set of advanced features. For example, owners of multiple Airports can opt to have them all run in a Wireless Distributed System (WDS)—which is similar to a wireless mesh network. WDS allows Airport access points (APs) to connect to each other and share SSIDs and security settings as well as the network and Internet gateway without being wired back to some central switch or router. The APs communicate entirely using Wi-Fi, so they're not just moving packets, they're also bridging a network backbone. As long as the routers are within range of one another, you can place them anywhere there's a power outlet—a rarity in a home-oriented device, and a good option for larger homes or small offices.
RADIUS server compatibility provides improved security. For example, a small business with an Active Directory server can enable RADIUS authentication mode, which lets the Airport use its enterprise WPA feature to authenticate off the server rather than having to use some more hackable password located on the router. The ability to turn off SSID broadcast and an automatic scheduler for authentication keys further bolsters security. Another advanced option lets you switch off routing functions, turning the device into a plain-old access point—a good thing if you'll be using more than one Airport Extreme Gigabit (for WDS, say). The device also includes fully configurable DHCP and NAT So far, so good.—
No Firewall?!
I was hugely surprised, however, at the lack of a firewall—yeah, that would be none. As in nada. Niente. Nichts. I'm not sure what Apple's thinking is here. When I asked during my briefing, Apple simply said it wasn't a feature their customers needed. I don't think I buy that. Customers may not know they need a firewall, but they do. If it's primarily intended as a home device, then the company is either leaving users to be protected by the low-quality firewalls in the modem's broadband that providers supply, or assuming purchasers will have nothing but Macs and thus be "immune" to Internet threats. That second assumption isn't exactly forward-thinking, considering that another Mac virus hit the Internet back in October. There may not be many Mac viruses out there, but it takes only one to ruin your day. Hey, the OS X firewall may be good, but it's not like the operating system hasn't been proven to have a number of vulnerabilities. The more popular that Tiger and the Limping Leopard become, the more those vulnerabilities will be exploited. Leaving users open to threats is a glaring omission, in my opinion.
And why include small office functions—not just DHCP, but RADIUS authentication and WDS—and then ignore the firewall issue? If Apple's assuming that an SMB has a dedicated hardware firewall, then why even build the Airport as a router? Why not assume that functionality exists elsewhere and simply make the Airport an SMB Wi-Fi access point? You can do just that, in fact, by turning all routing functions off on the Airport, but it makes for a somewhat expensive access point. And if you'd rather run everything off the Airport, the lack of a firewall forces those customers to add more hardware.
I also wasn't impressed with the Airport's overall usability. Apple's done better in this department with other products. Don't get me wrong, everything worked just fine. And for propellerheads like me, it's a great interface. But for folks who might not know much about configuring a wireless network, Apple could have made the interface a little more approachable. Best advice for those unfamiliar with wireless networking: If you don't know what it means, leave the default settings. They're not perfect, but they should at least get you to a green link light.
For example, leave the Airport at its default settings and it'll push you toward adopting WPA2/AES security—hey, I'm all in favor of that. If you test performance with that form of security, you'll see remarkably little overhead. But mess with those settings—by, say, opting for WEP encryption—and you can see a shocking performance drop of more than 85 percent. That's not a typo.
Like the makers of most n hardware out there right now, including the Linksys WRT600N and Belkin N1 router I reviewed at the same time as the Airport Extreme, Apple apparently didn't tweak its router code for WEP. Unfortunately, configuring WPA2 on other boxes that might want to connect wirelessly—notably older Windows machines—isn't nearly as easy, so you might get some pain here. On the other hand, we don't recommend using WEP security (if you have any other options) since it's easily cracked and has been superseded by WPA and WPA2. So this isn't a huge strike against the Apple router.—
Performance
When configured with WPA2/AES, the Airport Extreme Gigabit did well on Ixia's IxChariot throughput tests, though I had to play games to get this working. The test's maker advertises Mac compatibility, but trying that resulted in a forehead-smacking moment when I realized that IxChariot was compatible with only PowerPC Macs. Fortunately, my MacBook has images of both Windows XP and Vista running under Parallels virtual machines, so I went wireless from the MacBook to a Windows XP machine plugged into one of the router's Gigabit Ethernet ports.
In 2.4-GHz, b/g–compatible mode, I measured about 88 megabits per second with just the MacBook running off the wireless (using simultaneous back-and-forth streams between the two endpoints, however). Not what I'd hoped, but that's the draft-n standard at work, not Apple. I then had a Lenovo ThinkPad XP laptop with its embedded 802.11n-capable Intel chipset log on. The ThinkPad was forced to drop to g mode to access the Airport, however, though this also happened with the Belkin.
Running IxChariot from the MacBook to the wired Windows XP machine while simultaneously running the same test script from the ThinkPad to another wired XP machine dropped the MacBook's n throughput down to an average of 72 Mbps—actually, fairly decent compared with other .11n routers burdened with .11g traffic. The ThinkPad didn't escape unscathed, either; its .11g throughput dropping from around 30 Mbps down to well under 10 Mbps, or .11b range. Again, however, this is typical of other draft-n products. Both the Belkin and Linksys products had over 60 percent performance drops when using WEP and from 40 to 50 percent drops when using WPA and TKIP.
But enough of this 2.4-GHz trash. I opened the Airport Utility and upgraded to 5-GHz mode. Booyah! The MacBook's .11n card hopped right on and managed an average throughput of about 122 Mbps in the same test. That, however, is with the Airport running in 40-MHz bandwidth mode (the .11a-compatible mode). Use the option of dropping to 20 MHz (locking out .11a, if you have a lot of neighbors running draft .11n at 5 GHz) and throughput drops precipitously—down to an average of around 76 Mbps. Once again, stick to the defaults.
As stated previously, the Airport Extreme Gigabit can use WEP as well as WPA with TKIP encryption, but the best advice I can give there is—don't. Not only is WEP a weaker security protocol, but it will also mercilessly pound performance down by almost 90 percent. WPA with TKIP fares better, but still results in well over a 60 percent performance loss. Using WPA2 with AES encryption, however, performance was essentially the same as running with no security at all. Just keep chanting "Stick to the defaults."—
There's A World Outside Apple?
As with both the other routers in this roundup, the Airport Gigabit Extreme has a USB port capable of sharing a hard drive or a printer across the network. When the drive is formatted using AFP (Apple's own file system), Mac users get a quick dialog asking if they want to access the new network share. Windows users get nothing. If the drive is configured as CIFS, Apple users can see it in Finder, but Windows users have to know it's there and manually map a network drive. Not very convenient when compared with other home-network storage schemes. UPnP, for example, would have been a good idea here and would have at least let Vista users see the drive automatically. This seems even stranger when you consider that OS X supports UPnP.
Overall, the Apple Airport Extreme Base Station with Gigabit Ethernet is a solid deal for OS X users. I was a bit miffed at having only three Gigabit Ethernet–wired ports, but, again, for home users that'll probably suffice. The lack of a firewall is a bigger minus to me. Ultimately, the Apple Airport Extreme Base Station with Gigabit Ethernet is a stylish, credible draft-n performer—but I'd look somewhere else if I had Windows machines on my network. The router has obviously been tweaked to work best with Macs, and just as with the default settings, you're best off following Apple's implied advice here.
More Wireless Networking Reviews: