1. http://www.piolink.com/en/product/Security-Exclusive-Engine.php
Do you plan to have "Selective Malicious Traffic Detection and Block" i.e
If hacker from port1 attack your ftp server on other port.
Switch will automatically block ftp traffic from port1 while still allowing other traffic such as web traffic from that port
2. Does it has rollback feature like Cisco Juniper Mikrotik. For example if I didn't commit within 10min. It will back to previous settings
3. Temporary Disable rule
Like Mikrotik, I can temporary disable my acl rule.
In cnPilot, I can't do that. I can only delete and re-add rule
4. OOT I request factory reset hole on cnPilot POE Adapter.
Currently it has only sequence factory reset which takes time
I prefer like TPLink which has hole in Adapter for factory reset, so that I don't have to climb to AP or do sequence reset in Adapter
tq
Hello! I'll answer your questions inline.
@nbctcp wrote:
1. http://www.piolink.com/en/product/Security-Exclusive-Engine.php
Do you plan to have "Selective Malicious Traffic Detection and Block" i.e
If hacker from port1 attack your ftp server on other port.
Switch will automatically block ftp traffic from port1 while still allowing other traffic such as web traffic from that portJM - It is important to us from a security point of view to protect against malicious attacks. We do have some support, but I'm not exactly sure what you are refering to above. I'll dig into this.
2. Does it has rollback feature like Cisco Juniper Mikrotik. For example if I didn't commit within 10min. It will back to previous settings
JM - Yes, we will support this capability.(it's working now in Beta) We call this the 'reload' command. You can set a timer, monitor the timer, or stop the timer. If the reload timer experires the configuration will revert back to the previously saved configuration. This is supported in our upcoming 2.1 release available in Mid summer.
3. Temporary Disable rule
Like Mikrotik, I can temporary disable my acl rule.
In cnPilot, I can't do that. I can only delete and re-add ruleJM - Our rules once created can be applied to muiltiple ports. You can later remove a rule from a port and then add it back again. However, we do not have exactly what you are asking, the ability to disable a rule. This is a interesting idea, and we'll look into being able to do this.
4. OOT I request factory reset hole on cnPilot POE Adapter.
Currently it has only sequence factory reset which takes time
I prefer like TPLink which has hole in Adapter for factory reset, so that I don't have to climb to AP or do sequence reset in AdapterJM - This is a good idea and your not the first to ask this question. Some of the Cambium devices do support this special power sequence that will result in a factory default of the device. cnMatrix today does not support this, but we do have it on our roadmap. We would like to do this, not only for the cnPilot, but also for some of our other Cambium products. I do not have an estimated date of when this feature will be available (possibly 3.0 at the end of the year.).
tq
I am eager to test cnMatrix with the latest firmware 2.1.
Anyone from Cambium Indonesia could let me come and test or lend me this product.
I have some scenario to test:
1. backup to usb
2. ospf routing with L3 switch preferred cisco or any switch
3. rollback firmware feature
4. disable rule
5. mac spoofing
6. LACP trunk to Cisco
7. connect pc1 to port1 and make sure it get vlan10
move pc1 to port2 and make sure pc1 still get vlan10
connect pc2 to port1 and make sure it didn't get any vlan
8. connect pc1 to port1 and make sure it get vlan10
unplug pc1
set pc2 mac address same as pc1
connect pc2 to port1
what will happen?
tq
Any updates on cnmatrix switch images for GNS3 / Packet Tracer?