On 2015-07-23 21:24, Adam Thompson wrote:
On 2015-07-23 10:46 AM, Karl Fife wrote:
Your point about having a one-off solution is a great one. Installing
a single UniFi AP would be unnecessarily complex.
The TP-Link TL-WA801nd is a BGN-only device. Do you (or anyone) have
a preferred stand-alone AC access point?
Not a recommendation at all, but stay away from EnGenius devices. OK
hardware & good price, but (e.g.) my AP comes with an open DNS
resolver that can't be disabled, and they don't seem to think it's a
problem at all...
I like the EnGenius hardware, when it works, but if it doesn't, support
doesn't seem to care about much. I'm trying to map SSIDs to VLANs, the
traffic just won't pass, switch doesn't even see it, and support hasn't
be useful. Looks like a bug, but still, it's literally the reason I
bought the device over my previous solution. On the other hand, the
speed is amazing, so I'm not ripping it out.
I noticed the DNS resolver, but it didn't bother me personally as I have
other resolvers similarly positioned in my network. As a possible
workaround, does it need DNS at all? If not, either remove it's DNS
settings, or configure your resolver to refuse packets. Not perfect, but
it's better than being an open resolver if it's exposed to untrusted
users. And for whatever it's worth, it looks like a non-caching
forwarder, not a full resolver.
Still, it concerns me that support doesn't understand how it's a
potential issue. If you use it for NAT/routing/anything, does it listen
on the WAN interface, or only the LAN side?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
