At office Wifi access
-
Couple things about the DNS...
- You would prefer if they went to Google or OpenDNS, not to internal. No need to hit an internal one.
- Hitting your DNS is a pretty trivial thing and in the docs it said that this is something that is allowed by the AP.
So I don't see this as an issue if it works as desired and/or as described.
-
No chances of any kind of DNS attack on your network? Or so minor you don't care?
Personally - yeah they should be able to be sent to something like google dns or opendns.
but I can see that that might not be desirable either if you want to allow some local access, for example to your mail server while on the guest network. -
@Dashrender said:
No chances of any kind of DNS attack on your network? Or so minor you don't care?
DNS attack meaning what? That someone that you let into your building is sitting in the lobby launching a DDoS on your DNS? If so, worst case, power off the AP for a minute.
Once someone is willing to do this, I think you have bigger concerns.
-
@Dashrender said:
Personally - yeah they should be able to be sent to something like google dns or opendns.
but I can see that that might not be desirable either if you want to allow some local access, for example to your mail server while on the guest network.If you are allowing SOME local access I think that "guest" is not what you want to be enabling. This is for guest access to the Internet, not for a partial LAN scenario.
-
@scottalanmiller is correct here. You can setup a guest network, that is completely separate, without having to deal with VLAN
I did this myself on my Ubiquity AP. It takes just seconds to setup (at least during the first setup), and I confirmed that guess have no access to my internal network.
-
