Author: Tim Higgins
Review Date: 7/23/2000

Model: MIH-130

Pros:
– Speedy!
– Nice access control features.
– Easy Mac and Windows upgrading

Cons
– No on-line admin help.
– A little on the expensive side.

Updates

6/5/01 1.19d Firmware added PPPoE setting to the One Page Setup, implemented MAC address cloning, and added a “Force DHCP Renew” feature. View the Readme for more.

10/24/00 1.19b firmware update adds triggered port ranges and other features.  See the ReadMe here.

The Basics

Indicators
  • Power

  • Link/Activity, Full/Collision for each of four LAN ports

  • Link, Activity  for the WAN port

  • Ready/Test

Connectors
  • One RJ45 10BaseT for the WAN

  • Four RJ45 auto sensing 10/100BaseT LAN

  • Power

Comes with
  • printed User guide

  • CDRom with HTML setup guide and PDF copy of User guide

  • One UTP cable.

Other 
  • Reset switch (back panel)

  • Normal / Crossover switch for LAN Port #1.

 

Introduction

If you liked MacSense’s XRouter, then you may like the XRouter Pro even more!  MacSense has taken their popular XRouter, substituted a 4 port 10/100 auto sensing switch for the 4 port hub, added Content filtering and access controls, and threw in Static Routing and Dynamic routing capabilities while they were at it.  And all this while keeping the street price only about $20 higher than the original XRouter!  Oh, and they changed the color to a see-thru gray (I think it’s called “Graphite”).

 

Setup and Basic Features

The XPro sets up as easily as any of the routers that have browser based administration.  You just need to power up the XPro, connect a computer with its TCP/IP set to obtain an address automatically (or from a DHCP server) to one of the LAN ports, boot the computer and then enter 192.168.1.1 in your browser Location box.  If you’ve set it up right, you’ll get a login box (the XPro comes set with a default password, which you should change as soon as possible, since it’s commonly known!) where you just enter the password and you’re in.

Most of what you need for basic setup is on a single page, which you see along with selected other setup pages, below.  (Clicking on an image will open another window with a full-sized image.)

(If you’d like to play with a virtual XPro Admin interface, you can try it out here.)

The XPro can be a DHCP client or be statically set on the WAN side.  You can enter a “host name” (useful for @Home user authentication), but the XPro doesn’t allow you to enter a domain name (needed for some @Home affiliates), support the RoadRunner TAS login, or allow you to change the WAN side MAC address (to ease MediaOne installations).  It does, however, support PPPoE.

On the LAN side, you can set the starting IP and number of addresses that the DHCP server will hand out, or disable it and assign your Client IP info manually.  You can also use the Status Monitor page and check your WAN and LAN IP info and also see what addresses the DHCP server has leased.

The XRouter manual can be found on this page (802KB, PDF format).  A printed copy of the manual is included with the XPro.  The latest firmware is located on this page for Windows and this page for Macs.

 

 

Advanced Features

The most unique feature of the XPro is its Access controls, which allow you to control access by URL, IP address and port, or combination of both.  The URL Access controls allow you to either block access to up to 20 URLs or allow access to only a list of 20 URLs.  This feature is smart enough to block all secondary domains (i.e. site1.domainname.comsite2.domainname.com) of the domain you enter, whether you enter www.domainname.com or just domainname.com. The downside is that the selections apply to all LAN computers.  The XPro doesn’t announce its blocking action with a special message or anything.  All that happens is that the user’s browser hangs while trying to access a blocked URL.  If you want to limit access for just certain machines on your LAN, you need to use the IP Access controls.

The IP Access controls give you five ranges of IP addresses. For each one, you can select four individual and one range of TCP, UDP or both types of ports to block.  You can’t control access by MAC address, however.

Along with the Access controls comes a URL log.  This log shows the URLs that have been accessed via the XPro, along with a “Pass” or “Blocked” indication.  MacSense doesn’t say how many URLs the log holds, and it’s cleared each time you change the URL Access controls.  You also can’t save the log to a file and the only way to get a printout is by taking a screen shot.

 

Virtual Servers

NOTE: Opening holes in your firewall can compromise your LAN’s security if done incorrectly.

Moving along to more common Advanced features, the XPro’s port mapping or “Virtual Server” features include one DMZ computer and 10 single ports.  You can select TCP, UDP or both protocols on each mapped port, but no port ranges are supported.

10/24/00 1.19b firmware update adds triggered port ranges and other features.  See the ReadMe here.

“Loopback” is supported for Virtual servers, so you won’t have problems reaching any of your LAN side Virtual servers via the WAN side IP address or domain name (if you have one).

Although I didn’t confirm this, reader Barry Barnett reports that the XPro nicely supports Apple’s QuickTime Real Time Streaming Protocol (RTSP). It opens the RTSP ports only when needed and without using a Virtual Server mapping.

The XPro also has a “Remote administration” feature that when enabled allows you to reach the built-in administration HTTP server from the WAN side.  But if you use this feature, which is disabled by default, be sure you set a strong password.

NOTE: If you enable Remote administration AND have a Webserver (Port 80) set as a Virtual Server, the Webserver will be what you see when you enter the XPro’s WAN port address in your web browser.  Other routers handle this situation by moving the Admin server to another port, but I couldn’t find where MacSense hid the Admin server port!

Finally, the XPro has a static routing table and supports RIP-1 and RIP-2 in case you use it in larger networks where it needs to play nice with other routers!

 

VPN

The XPro supports multiple PPTP and IPsec clients on the LAN side of the router.  MacSense says Nortel Extranet, Checkpoint, and Intraport clients have been confirmed to work.

I haven’t been able to get a clear answer on LAN side server support for either of these protocols, however.

Burnin’ up the test track

MacSense said that the XPro was faster than the original XRouter… and they were right!  The speed of the XPro almost outpaced my test setup! Let’s cut to the chase:

Wan-LanLan-WanSimultaneous
V1.17d4.54.55.0

All numbers are in Mbits per second (Mbps).
(Details of the measurement method can be found here.)

A few items of note:

  • The router really was equally fast in both directions!  No skimping on the LAN-WAN transfer rate.
  • For the “Simultaneous” test, port 80 is forwarded to a LAN-side webserver.  File download via web-browser is started on both machines simultaneously.  The number is calculated as follows:

Transfer speed (Mbits/sec)= ((Filesize in MBytes/sec x 2) / Total Xfer time) x 8

  • In the “Simultaneous” test, the transfers finished at just about the same time.  Not sure why the Simultaneous rate is faster than the one-way rates, but it was pretty consistent.

  • The LAN “Collision” LED was lit almost constantly during the WAN-LAN transfer, but didn’t seem to affect the transfer rate.

ConclusionUp there with the fastest low-end routers!

 

Summary

The XPro looks like a strong entry in the “Who wants to be the next Linky?” competition going on in the low-end router market.  The Access controls, and high bandwidth are very attractive advantages.  And although Mac compatible firmware upgrading only makes a difference to a relatively small group of customers, if ya’ need it, the XPro’s got it!

But MacSense, here’s the “To Do” list if you really want the XPro to be the king of the hill:

  • add Port range mapping (throw in Triggered maps while you’re at it!)

  • keep the price competitive,i.e. follow the pricing curve down.

And although there’s no evidence of the following problems:

  • frequent PPPoE disconnects

  • data corruption on large transfers

  • finicky PPTP and IPSec passthru

…make sure you keep it that way!