Ubiquiti AP Guest mode
-
My TWC connection is not the lowest plan they have,.. but I'm running a 6/1MB line. Thus far, even with working from home now it has been decent.
They mainly play Minecraft and such on their iPads and some Youtube videos.
Thus far, other than recent signal issues, it's worked nicely.
-
huh - a 6/1 connection, I haven't seen anything that small in years. That said though, I am looking for a second ISP connection for redundancy and the best I've found so far (on the cheap that is) is a 12/2 DSL.
Our normal lowest level cable modem around here is 20/2.
-
@Dashrender said:
huh - a 6/1 connection, I haven't seen anything that small in years. That said though, I am looking for a second ISP connection for redundancy and the best I've found so far (on the cheap that is) is a 12/2 DSL.
Our normal lowest level cable modem around here is 20/2.
Wow, my parents are still on 5/.5 ADSL the only thing that is offered where they are.
-
@coliver said:
@Dashrender said:
huh - a 6/1 connection, I haven't seen anything that small in years. That said though, I am looking for a second ISP connection for redundancy and the best I've found so far (on the cheap that is) is a 12/2 DSL.
Our normal lowest level cable modem around here is 20/2.
Wow, my parents are still on 5/.5 ADSL the only thing that is offered where they are.
OUCH! no wireless options eh? or just to expensive?
-
@Dashrender said:
huh - a 6/1 connection, I haven't seen anything that small in years. That said though, I am looking for a second ISP connection for redundancy and the best I've found so far (on the cheap that is) is a 12/2 DSL.
Our normal lowest level cable modem around here is 20/2.
While not trying to stray to far, the 6/1 seems to run us okay. We watch Netflix and I can still work, AND being on a VoIP call without to much lag or drop outs.
I have kinda looked at stepping up,.. but with the kids in school now,... not much of an issue.
@coliver said:
Wow, my parents are still on 5/.5 ADSL the only thing that is offered where they are.
Friend of mine across the creek in the next county has no options right now other than Satellite, and he also works from home. He kills his monthly plan every month and has overages. Cable and DSL are not possible (to rural), and Wireless isn't the best due to the amount of cliffs and trees.
-
@Dashrender said:
@coliver said:
@Dashrender said:
huh - a 6/1 connection, I haven't seen anything that small in years. That said though, I am looking for a second ISP connection for redundancy and the best I've found so far (on the cheap that is) is a 12/2 DSL.
Our normal lowest level cable modem around here is 20/2.
Wow, my parents are still on 5/.5 ADSL the only thing that is offered where they are.
OUCH! no wireless options eh? or just to expensive?
They could do satellite (which would be very expensive) but wireless internet in our area is next to impossible. Too many mountains and valleys.
-
@Dashrender said:
I tried pinging many of those addresses (different ones from what I pinged before) and I still didn't get a response.
My guess is it is showing MAC tables and is blocked from IP access.
-
@g.jacobse said:
My TWC connection is not the lowest plan they have,.. but I'm running a 6/1MB line. Thus far, even with working from home now it has been decent.
I was working on a 2/2 not that long ago and it was enough to get by.
-
@coliver said:
They could do satellite (which would be very expensive) but wireless internet in our area is next to impossible. Too many mountains and valleys.
And introduces horrific latency.
-
@scottalanmiller said:
@Dashrender said:
I tried pinging many of those addresses (different ones from what I pinged before) and I still didn't get a response.
My guess is it is showing MAC tables and is blocked from IP access.
You think it's pulling a MAC table from the switch? Do you consider this an issue? and how do you manually query for the MAC table?
-
@Dashrender said:
You think it's pulling a MAC table from the switch? Do you consider this an issue? and how do you manually query for the MAC table?
I'm not an expert on ARP but doesn't an ARP Probe return all ARP addresses in use?
-
Guest Access does not block you from seeing those devices, it just stops you communicating.
The only benefit for Guest Access to us, is that it stops other "guest" clients disturbing each other, the VLAN is the main way that we stop people interfering with the work network.
-
@Breffni-Potter said:
Guest Access does not block you from seeing those devices, it just stops you communicating.
The only benefit for Guest Access to us, is that it stops other "guest" clients disturbing each other, the VLAN is the main way that we stop people interfering with the work network.
Guest Access on the Ubiquiti AP should stop them from messing with anything on the network, no VLAN needed.
-
@scottalanmiller said:
Guest Access on the Ubiquiti AP should stop them from messing with anything on the network, no VLAN needed.
"Should" but doesn't, I can still see other devices on the network when it's enabled.
-
@Breffni-Potter said:
@scottalanmiller said:
Guest Access on the Ubiquiti AP should stop them from messing with anything on the network, no VLAN needed.
"Should" but doesn't, I can still see other devices on the network when it's enabled.
Can you? This was tested in another thread and the answer was that there was no visibility to other devices. How are you defining "seeing" them?
-
I assume by "see" that you can ping and interact with them?
-
@scottalanmiller said:
I assume by "see" that you can ping and interact with them?
IP scanner shows all the devices on the network when on guest SSID.
At home but when I'm next in I might be able to do a screenshot.
-
@Breffni-Potter said:
IP scanner shows all the devices on the network when on guest SSID.
I'd not call that "seeing" them. Getting a list of them from the ARP table, which is what we were discussing here, isn't the same as seeing the device itself. I might see a list of names of people, but it doesn't mean I can see the people themselves. Unless you can interact with the device, that's not considered "seeing" the device in a networking sense.
-
@scottalanmiller said:
@Breffni-Potter said:
IP scanner shows all the devices on the network when on guest SSID.
I'd not call that "seeing" them. Getting a list of them from the ARP table, which is what we were discussing here, isn't the same as seeing the device itself. I might see a list of names of people, but it doesn't mean I can see the people themselves. Unless you can interact with the device, that's not considered "seeing" the device in a networking sense.
Exactly - the ability for an IP scanner to list all of the IPs and MAC addresses of other devices on the corporate network is why this thread exists and brings about my question - Is the fact that Guest network computer can pull an ARP listing considered an acceptable thing? and Why or Why Not?
I confirmed that I am not able to ping any of those addresses while on the Guest network, nor can I seem to access (ping) addresses on the other side of my Site to Site VPN. I consider this a great step forward, but access to that MAC table makes me Leary. If ARP positioning could happen, would I be able to get access to that network?
-
@Dashrender said:
Exactly - the ability for an IP scanner to list all of the IPs and MAC addresses of other devices on the corporate network is why this thread exists and brings about my question - Is the fact that Guest network computer can pull an ARP listing considered an acceptable thing? and Why or Why Not?
Depends. In any normal environment, lacking IP access is enough to not have any concerns. Getting a listing alone is not at all a threat.
See if it can only see the ARP listing or if Ethernet connections is possible.
