|
Mr. Clark2 posted:- The controller software runs in a browser and requires both Flash and Java. You're probably thinking, "ok, not so bad so far, I can just install the sofware on my workstation and be done with it". See the next point to find out why you're wrong Not entirely correct. The controller software is Java-based to make it easily cross-platform. It'll run on pretty much anything (there are numerous people running it on Raspberry Pi or similar devices). It's administered via a web browser, and the map overview display requires Flash. Everything that actually matters works fine without it, you just lose a fancy map. No Java at this end. quote:- If you want to use any of the captive portal features, the software must be running in order for those features to work. So, you're going to need a dedicated machine for the controller software if you're using captive portal features. And that machine needs to be running Flash. And Java. And running 24/7. Yep, pretty boneheaded. Let's hope that machine isnt internet facing This part is mostly correct, again other than thinking the machine running the controller needs Flash. Only Java, and any Java will do, you don't need Oracle's version if you're on an OpenJDK-supported platform. Java itself is not a security hole when it's not attached to a web browser. I strongly recommend NOT running the controller on Windows. It's "quirky" at best to get set up as a service. I have built mini Debian VMs in Hyper-V to run the controller for my customers who only run Windows servers to get it to work more reliably. quote:- No ability to whitelist MAC addresses. Blacklist yes, whitelist no. Dont know why they made that decision. We can debate the efficacy of MAC address blocking, but when employed as part of a defense in depth, it's a legitimate layer of defense. Neither of these add anything over any form of encryption, even WEP64. Anyone who can break WEP can sniff the traffic over the air, and guess what that shows? The MAC addresses of anything communicating on the network and the SSID! You're only making it harder for legitimate users while doing absolutely nothing to stop attackers. Personally if I was an attacker I'd specifically focus on networks that have the SSID "hidden" because that tells me two things. 1. Someone thinks this network deserves special "protection". 2. That someone has no idea about wireless security. Anyways OP is talking about a captive portaled guest network, so regardless of effectiveness none of this is relevant to the topic. OP, I'd do this using UniFi Outdoor units and pfSense as the internet gateway. You can run the controller on the pfSense box (do a full install, appliance builds are a pain in the rear end to install third party software on) and if you don't like UniFi's captive portal pfSense offers one of its own. That said I also agree with those saying that a cheap-rear end customer is likely to be a bitchy customer when it doesn't work. MrMoo posted:The biggest problem I have is that you can run UniFi devices without a controller for basic functionality but with a power outage they always factory reset. What's nuts is that I have the devices behind a surge protecting UPS and it still happens and I cannot reproduce by simply pulling out the power. Can't say I've seen this behavior myself. Two of my sites had the controller running very intermittently for months due to the aforementioned shittiness on Windows and went through numerous power outages without any problems. I've had three UAP-LRs just straight up die on me but never had any factory reset. wolrah fucked around with this message at 04:39 on Sep 5, 2014 |
#
¿
Sep 5, 2014 04:37
|
|
|
|
| # ¿ Apr 24, 2024 06:23 |
|