Edimax AC-M1000 review
This compact appliance offers a fine range of wired and wireless network access controls.
Edimax may not have the same high profile in the UK SMB networking arena as vendors such as Linksys and Netgear, but its latest Access Controllers do set it apart: these offer extensive access security and management facilities for both wired and wireless networks.
The range consists of two products, with the entry-level M1000 on review. The appliance provides eight LAN ports, which can function in either controlled or uncontrolled modes. Any device attached to the former type of port will be subject to authentication and have security policies applied to determine what services it can access and how much bandwidth it can have. The two WAN ports indicate that failover is also on offer, where the secondary connection will fire up if the primary fails.
Initial installation is simple, with a wizard that steps through securing administrative access, setting up the primary WAN port, and providing a default authentication mode and details of a homepage where authenticated users can be redirected to. The appliance can manage authentication locally, but also supports LDAP, NT Domain and RADIUS servers plus POP3.
Your next step is to decide which LAN ports are controlled and what authentication servers are to be used. Three local or external servers are supported, while the fourth provides on-demand access where the appliance can implement billing schemes based on time or traffic volume, making it ideally suited to wireless hotspots. The M1000 supports up to eight security policies, which we found easy to create. Each can have up to ten firewall profiles that determine what interfaces, protocols and port ranges are allowed or blocked. Default routes and gateways can be applied, as can schedules for each day that determine when the policy is active. Each policy also has options for restricting total bandwidth and maximum bandwidth per user.
Wireless access can be managed, although only four Edimax EW-7206APg APs are supported. For testing, we used a single Edimax AP on a controlled port, which was discovered by the appliance. From the AP list, you can reboot, enable or disable selected APs and apply security settings such as SSID masking, WEP/WPA/WPA2 encryption schemes and MAC access lists using one of three templates.
We liked the IPsec VPN feature, since Edimax has taken the pain out of client configuration normally associated with these. You simply enable VPN termination on the appliance, choose the encryption and integrity schemes you want, and then apply this on a per-user basis. When a user logs in, the appliance simply downloads an ActiveX control and sets up the tunnel - very smart. It's easy to use and we set this up successfully with a wireless test client on our first attempt.
Bear in mind that you'll be tied to Edimax if you want wireless AP management, and the lack of Gigabit Ethernet could present a bottleneck in larger networks. Nevertheless, these types of network access controllers are normally beyond the means of small businesses, and the AC-M1000 delivers a feature-packed solution well suited to those on a tight budget.