TPLink devices are for casual use.
They have 2 problems:
1. Not many firmware update
2. For same model they can change BoM all the time, and requiring different firmware, and this kind of inconsistency will make you difficult to discuss with other users because everyone might have different hardware.
Same, I bought one because it was the first ax/6 device available via brick and mortar and I’ve been concerned with how few patches it has gotten. They’re not patching the security holes. I haven’t looked up their bug bounty history but it wouldn’t surprise me to hear folks are selling serious vulns on these and the vendor is doing little to no due diligence.
I’m talking about 0 days that folks have incentive to sell to security firms and nefarious folks, not publicly disclose. Publicly disclosed vulnerabilities =/= vulnerabilities that exist.
Only when someone reports then it will show up there.
Also, updates can bring in new features or other bug fix (not security related), no updates then there will be no new things as well.
There's always risk. I've had reliable hardware from TP, and would purchase again. If you're concerned with security and data leakage, I'd recommend deploying a software firewall like OPNSense, PFSense, etc. on the edge to block unwanted egress.
This is what I do, but it isn't going to save you from TP-Link "accidentally" sending your data elsewhere.
I wish the DoD would publish a list of equipment they use. Chips, storage, software, networking gear. The full gamut. I don't think our government is any less likely to spy, but I trust the government with jurisdiction over me rather than another government. Wait, what did I just say?
I decided not to buy anything from them again after they promised a firmware update for an access point without delivering. I'm stuck with a beta firmware...
Their Tapo cameras got hacked.
Various switches are advertised as supporting VLAN but are shit at it.
I have bought 90% of my stuff from them for my lab and have problems with all devices.
Their firmware updates are not consistently released. Their SmartManaged Switches fill a nice prosumer gap, but it's not for the serious homelabber or business, imo. Had no problem bonding to another TPL device, but couldn't get LAG to work on WS2019 with it, flakey perf with esxi too. VLAN was fine tho.
Switch and APs are fine but I recommend diy on the router and avoiding any router appliance other than maybe pfsense/opnsense.
I like TPs controller UI and have found them a better value and more reliable than comparable Ubiquity gear and miles better than engenious.
I use some TPLink smart devices, but after setup, I block them from accessing the external network via firewall. They seem to want to grab information from the internet, but otherwise seem to behave.
Director of IT Infrastructure and Cybersecurity for one of the largest municipal water supplies in my state here.
Unacceptable. Period. I’m doing my best to be reasonable in my response, but I’m beyond exhausted witnessing hospitals and other HIPAA (maybe pharmaceutical isn’t HIPAA, but breached often enough) compliant organizations blatantly ignore industry standards and CISA recommendations.
We have former hospital directors on our board and they give two shits about privacy or security.
Using any form or product of TP-Link for anything other than consumer applications is unacceptable. End of discussion.
This post is almost a year old. Also, thinking back on it I think I was mistaken (no longer work for that company), they used TendNet switches, I don’t think they used TP Link. Also, yes Pharmacies (very different from the pharmaceutical industry) must comply with HIPAA as they must handle patient healthcare information.
It doesn’t matter the age of the post. Reddit allows it. TP Link should not be utilized for anything commercial. I know for certain most POS IoT setups utilize TP Link, which explains the constant and consistent leaking of PII and credit card information.
I never said they didn’t. It also appears you didn’t read the rest of my response. Whether or not they should, the company I was talking about doesn’t.
You edited your post as I was commenting. You added the HIPAA portion after. I doubt pharmaceutical and pharmacies have VERY different standards in terms of compliance. Maybe differences in terms of payment processing. Doubt it though.
The issue is that your original post states they do use TP Link. Which really wouldn’t surprise me. Pharmacies have an extremely high rate of intrusion.
>You edited your post as I was commenting. You added the HIPAA portion after.
Not really relevant, but ok. The edit was made well before you posted the reply, when you start typing a reply is none of my concern.
>I doubt pharmaceutical and pharmacies have VERY different standards in terms of compliance.
Pharmaceutical companies would have very little if any HIPAA exposure, they produce medications, pharmacies dispense medications. Pharmaceutical companies are to pharmacies as Dell is to Best Buy... if dell didn't sell directly to customers that is.
>The issue is that your original post states they do use TP Link. Which really wouldn’t surprise me. Pharmacies have an extremely high rate of intrusion.
Cool, but even before the edits and your response... I clarified that they do not in fact use TP link and I was mistaken. What is your point? Sure they probably shouldn't be used, i don't care. The point is moot.
TP-Link has committed the cardinal sin. They are now wanting to charge you a monthly fee to enable previously available AND BASIC features. These features, such as scheduling parental controls etc, are now “Advanced Features” and will cost you big $ every month to enable them! This is sick, disgusting, disturbing and should be illegal! I am no lawyer but I would be willing to bet a good lawyer could make a case on this. I purchased this router and all its features, you have absolutely no right to hijack the hardware I purchased and put paywalls up on basic features that are readily available on all standard equivalent equipment from all manufacturers. I am flabbergasted that you have the audacity to pursue such cheap and feckless means of profits. This is not proprietary stuff you are charging to access, there is NOTHING at all special about the features you have placed behind a paywall. You know it and I know it as a professional in this industry. It’s sickening and I will never buy or recommend another TP Link product ever again. Myself and my sphere of influence will not make a dent in your bottom line but I guarantee you I am not the only one. Simply put, you should be ashamed.
Which brands have less or close to zero vulnerability in their switch and wifi products and if there is a security risk, fast to provide vulnerability patch? How about ASUS, D-LINK, Linksys and Netgear?
I use a couple of their smart managed switches and some cheap dumb switches. They're documentation is in broken English, making it very difficult to understand some of their concepts, which aren't even consistent across devices. I did have to RMA one after the PoE features suddenly died, taking out the wireless side of my network. Fortunately, I had another PoE switch. One of my switches refuses to update its firmware, and I just haven't put in a ticket yet.
Their APs are solid and cheap though. They're kind of like budget Unifi, if that's even a thing. You can also buy an Omada appliance, to manage a lot these APs and some switches from a single management console, which is super neat. Personally, I just run Omada as a container on Proxmox, and there's a decent script out their you can google that literally does it for you.
So yeah, they're fine I guess, but you get what you pay for, and this case you are getting Chinese equipment, so there's that whole concern that you bought up. However in their defense, you can build out a surprisingly robust small business network for under a grand or so.
I have tplink stuff and worry about that a bit. Not just them but I have a lot of iot etc and two home offices. So I’m the process of switching to opnsense and APs running openwrt and locked down vlans … it seems easier to segregate things than to worry about each device
My AX20/23 cannot use a local DNS upstream server. It can tell DHCP clients to use it through "LAN", but will crash and reboot if told to use a local DNS through "Internet", meaning you cannot easily see traffic sent by the router itself. It'll be replaced soon enough, but I need something that can do DHCP Option 61 Auth...
Since you're posting it on /r/homelab so I assumed you will use it for homelab, with NO mission critical, impacting someone's revenue, then you are good to go. BUT if you really care about security, then go with industry grade routers, like Aruba, Fortinet, Palo Alto, etc, and you will need license for them.
for router why not pfsense or opensense? no license required unless you are going for pfsense plus i suppose, but even that has a free license for homelab at least for now.
for extra features you can even install the pfsense package for snort or suricata. there is even pfblocker.
as for hardware there is are prebuilts like protectli, that even have an option for coreboot bios.
Good idea about the next gen firewall recommendation. If for homelab use, Sophos has a very nice NGFW free for home use besides the pfSense/OPNsense alternative. But if using either of those two, then check out Zenarmor (free).
All that I can say, is that I've bought an ax3000 (deco x60) and returned it. The reason: a couple of months ago, I've bought a couple of deco m4 to an friend. it's an very basic router, enough for her needs. This one allowed her to track how much data each device that she has requires, does an good monthly report about the usage and most important, this one has an setting to set an desired network for each device. I found this important, because when you have just one ssid, every now and then an device insist on connecting to an slower wifi.
Now, it's the part that made me return ax3000: every single report was paid. Parent lock? If you wish to see what your kids are browsing, you can see it, but only today. For free, tomorrow you will be unable to see it. Ok, I could live with that. preference for an network? Forget it, it doesn't allow you to set it. The problem: my ps5 was connecting to 2.4 and I've just noticed, because an download was painfully slow. Ok, ps5 has an setting to make it connect to 5ghz only (ax300 was less than 3 meters or 10 foot away). Then I've noticed that this problem wasn't happening just with my ps5. Most of my 5ghz enabled devices, was connecting just to 2.4 and I was unable to force them to connect to an faster network, due an simple setting that is missing for each device that is connected.
I've thought: ok, at least I can see my reports about bandwidth usage. And guess what, this report also is paid. I wouldn't mind about it, but it would fix just one problem, not the other ones. And then, I've returned it.
Now, I need another one. Any suggestions about an router, that is able to track bandwidth usage for each device, allows an specific network to be forced into an device?
I can build an server to do all those things without any worries, but I don't wish to waste the power required to do that, just because an faster router requires an extra an hidden payment for an simple report, claiming that would also provides an extra layer of security on those devices. I don't wish an router, that is too limited, like x60 was. This one is fast, I don't doubt it. But I've felt that while one hand was giving me an very fast connection (faster than my current internet service can handle), the other hand was taking me several things that I've taken for granted, because those options exist in the slower TP-Link mesh line of products.
Tp link going downhill steadily last several years. They were always and still are good from a cost perspective, but some products are outright flawed, like the immensely popular sg108e, which has two flaws (no management vlan, you can access it from any por and any vlan and second, using dhcp, the switch gets ip from any first to respond vlan dhcp server). I only discovered this when it was too late to return... Same is true for the netgear's variant with almost similiar name... but in same priceclass the d link didn't had this issue and more features, but I've no idea about longetivity (they used to be bad at one point, with security flaws, the reason resellers didn't put them in stock anymore, but nowadays seem fine and are an older company than tp link and based in Taiwan with a bit higher cost, but usually not more than 15%).
Few years ago, I got a few deco's for free from my isp. Guess what, you could only configure them via a fcking smartphone, there was no management interface to browse to. It keeps phoning home around over a thousand times an hour, WTF. Needless to say, I got those all blocked in an upstream firewall. They are otherwise fine as ap's, but if I didn't got them for free, I'd never bought them.
I've serious questions about this company. They promise a lot, i.e. firmware fixes to resolve them and it never happens. The problem with the sg108e is several years old and latest firmware dating back to 2019 and it's still being sold as the #1 fake managed switch and claimed to be for small-medium businesses, but hell no, this device is a huge security risk.
Tp-link reminds me of D-link, heading in the same direction. Maybe they will be great again in the future after disaster strikes (which is what happened to D-link), but I doubt it, because the competitor probably sells 1% vs tp-link, while providing more features and battle harden security, but no idea about the longevity (can use cheap capacitors, etc., I haven't owned and D-link product in over two decades). Too bad cisco is too expensive for home use or it would be my top choice.
As for unmanaged switches, yeah, tp-link is best, because only for the price. For basic L2 switching any brand would probably do. But also here... they fuck up with plastic casing for certain models. When you put lots of load through 24/7, they get hot and have no ventilation holes, real genius design...
TPLink devices are for casual use. They have 2 problems: 1. Not many firmware update 2. For same model they can change BoM all the time, and requiring different firmware, and this kind of inconsistency will make you difficult to discuss with other users because everyone might have different hardware.
And sometimes buggy firmware as they always reinvent the wheel.
[удалено]
Same, I bought one because it was the first ax/6 device available via brick and mortar and I’ve been concerned with how few patches it has gotten. They’re not patching the security holes. I haven’t looked up their bug bounty history but it wouldn’t surprise me to hear folks are selling serious vulns on these and the vendor is doing little to no due diligence.
[удалено]
I’m talking about 0 days that folks have incentive to sell to security firms and nefarious folks, not publicly disclose. Publicly disclosed vulnerabilities =/= vulnerabilities that exist.
Only when someone reports then it will show up there. Also, updates can bring in new features or other bug fix (not security related), no updates then there will be no new things as well.
There's always risk. I've had reliable hardware from TP, and would purchase again. If you're concerned with security and data leakage, I'd recommend deploying a software firewall like OPNSense, PFSense, etc. on the edge to block unwanted egress.
This is what I do, but it isn't going to save you from TP-Link "accidentally" sending your data elsewhere. I wish the DoD would publish a list of equipment they use. Chips, storage, software, networking gear. The full gamut. I don't think our government is any less likely to spy, but I trust the government with jurisdiction over me rather than another government. Wait, what did I just say?
Not a direct list, but it is possible snooping around the various .gov sites a list of vendors to avoid: https://www.acquisition.gov/far/52.204-25
Been using tplink omada access points. Closed network. No open ports. Been working great
I decided not to buy anything from them again after they promised a firmware update for an access point without delivering. I'm stuck with a beta firmware... Their Tapo cameras got hacked. Various switches are advertised as supporting VLAN but are shit at it. I have bought 90% of my stuff from them for my lab and have problems with all devices.
TL-WA1201?
Correct...
Their firmware updates are not consistently released. Their SmartManaged Switches fill a nice prosumer gap, but it's not for the serious homelabber or business, imo. Had no problem bonding to another TPL device, but couldn't get LAG to work on WS2019 with it, flakey perf with esxi too. VLAN was fine tho.
I only purchase their cheap PoE switch, not expecting anything else.
Switch and APs are fine but I recommend diy on the router and avoiding any router appliance other than maybe pfsense/opnsense. I like TPs controller UI and have found them a better value and more reliable than comparable Ubiquity gear and miles better than engenious.
I have an AC-1300 router from them \~$80 on amazon. Get one that can handle DD-WRT and sleep well at night.
I use some TPLink smart devices, but after setup, I block them from accessing the external network via firewall. They seem to want to grab information from the internet, but otherwise seem to behave.
Can the TL-SX1008 do that? Since it is an unmanaged switch, does that mean it is harmless?
you should be fine. It might call back, just watch your firewall.
i buy them because of the good openwrt support. i wouldnt bother with their firmware.
I work for a very large pharmacy company, and we have TP link switches all over the place. I think it all depends on which specific devices you get.
Director of IT Infrastructure and Cybersecurity for one of the largest municipal water supplies in my state here. Unacceptable. Period. I’m doing my best to be reasonable in my response, but I’m beyond exhausted witnessing hospitals and other HIPAA (maybe pharmaceutical isn’t HIPAA, but breached often enough) compliant organizations blatantly ignore industry standards and CISA recommendations. We have former hospital directors on our board and they give two shits about privacy or security. Using any form or product of TP-Link for anything other than consumer applications is unacceptable. End of discussion.
This post is almost a year old. Also, thinking back on it I think I was mistaken (no longer work for that company), they used TendNet switches, I don’t think they used TP Link. Also, yes Pharmacies (very different from the pharmaceutical industry) must comply with HIPAA as they must handle patient healthcare information.
It doesn’t matter the age of the post. Reddit allows it. TP Link should not be utilized for anything commercial. I know for certain most POS IoT setups utilize TP Link, which explains the constant and consistent leaking of PII and credit card information.
I never said they didn’t. It also appears you didn’t read the rest of my response. Whether or not they should, the company I was talking about doesn’t.
You edited your post as I was commenting. You added the HIPAA portion after. I doubt pharmaceutical and pharmacies have VERY different standards in terms of compliance. Maybe differences in terms of payment processing. Doubt it though. The issue is that your original post states they do use TP Link. Which really wouldn’t surprise me. Pharmacies have an extremely high rate of intrusion.
>You edited your post as I was commenting. You added the HIPAA portion after. Not really relevant, but ok. The edit was made well before you posted the reply, when you start typing a reply is none of my concern. >I doubt pharmaceutical and pharmacies have VERY different standards in terms of compliance. Pharmaceutical companies would have very little if any HIPAA exposure, they produce medications, pharmacies dispense medications. Pharmaceutical companies are to pharmacies as Dell is to Best Buy... if dell didn't sell directly to customers that is. >The issue is that your original post states they do use TP Link. Which really wouldn’t surprise me. Pharmacies have an extremely high rate of intrusion. Cool, but even before the edits and your response... I clarified that they do not in fact use TP link and I was mistaken. What is your point? Sure they probably shouldn't be used, i don't care. The point is moot.
It's the internet so more discussion.
I sure hope your IT department is up to task with making sure there are no backdoors where any of your IP might "leak" from an external request.
They’re not up to task. It’s not possible, and is completely unacceptable.
I bought a TP 2.5G switch and it was electrically dead 2.5 years later
If it was the 2.5GbE poe model that has to be a record. They're good switches when they're not dying constantly.
TP-Link has committed the cardinal sin. They are now wanting to charge you a monthly fee to enable previously available AND BASIC features. These features, such as scheduling parental controls etc, are now “Advanced Features” and will cost you big $ every month to enable them! This is sick, disgusting, disturbing and should be illegal! I am no lawyer but I would be willing to bet a good lawyer could make a case on this. I purchased this router and all its features, you have absolutely no right to hijack the hardware I purchased and put paywalls up on basic features that are readily available on all standard equivalent equipment from all manufacturers. I am flabbergasted that you have the audacity to pursue such cheap and feckless means of profits. This is not proprietary stuff you are charging to access, there is NOTHING at all special about the features you have placed behind a paywall. You know it and I know it as a professional in this industry. It’s sickening and I will never buy or recommend another TP Link product ever again. Myself and my sphere of influence will not make a dent in your bottom line but I guarantee you I am not the only one. Simply put, you should be ashamed.
I use the AP's and switches everywhere without issue. my firewall has not reported anything from them... alexa devices though..... they are chatty AF.
Which brands have less or close to zero vulnerability in their switch and wifi products and if there is a security risk, fast to provide vulnerability patch? How about ASUS, D-LINK, Linksys and Netgear?
I use a couple of their smart managed switches and some cheap dumb switches. They're documentation is in broken English, making it very difficult to understand some of their concepts, which aren't even consistent across devices. I did have to RMA one after the PoE features suddenly died, taking out the wireless side of my network. Fortunately, I had another PoE switch. One of my switches refuses to update its firmware, and I just haven't put in a ticket yet. Their APs are solid and cheap though. They're kind of like budget Unifi, if that's even a thing. You can also buy an Omada appliance, to manage a lot these APs and some switches from a single management console, which is super neat. Personally, I just run Omada as a container on Proxmox, and there's a decent script out their you can google that literally does it for you. So yeah, they're fine I guess, but you get what you pay for, and this case you are getting Chinese equipment, so there's that whole concern that you bought up. However in their defense, you can build out a surprisingly robust small business network for under a grand or so.
CCNP here - absolutely love TP- Link. Great ap and consumer routers. The ap walks you through entire router setup. Excellent value.
As long as you don’t have anything worth stealing. Lol
I have tplink stuff and worry about that a bit. Not just them but I have a lot of iot etc and two home offices. So I’m the process of switching to opnsense and APs running openwrt and locked down vlans … it seems easier to segregate things than to worry about each device
I have X55's set up as a mesh in access-point only mode and I haven't seen any shady DNS lookups in my logs (yet).
My AX20/23 cannot use a local DNS upstream server. It can tell DHCP clients to use it through "LAN", but will crash and reboot if told to use a local DNS through "Internet", meaning you cannot easily see traffic sent by the router itself. It'll be replaced soon enough, but I need something that can do DHCP Option 61 Auth...
Don't use their firewalls/routers in the Omada range they suck. The remainder is alright but I'd look out for once with OpenWRT support
Since you're posting it on /r/homelab so I assumed you will use it for homelab, with NO mission critical, impacting someone's revenue, then you are good to go. BUT if you really care about security, then go with industry grade routers, like Aruba, Fortinet, Palo Alto, etc, and you will need license for them.
for router why not pfsense or opensense? no license required unless you are going for pfsense plus i suppose, but even that has a free license for homelab at least for now. for extra features you can even install the pfsense package for snort or suricata. there is even pfblocker. as for hardware there is are prebuilts like protectli, that even have an option for coreboot bios.
Good idea about the next gen firewall recommendation. If for homelab use, Sophos has a very nice NGFW free for home use besides the pfSense/OPNsense alternative. But if using either of those two, then check out Zenarmor (free).
All that I can say, is that I've bought an ax3000 (deco x60) and returned it. The reason: a couple of months ago, I've bought a couple of deco m4 to an friend. it's an very basic router, enough for her needs. This one allowed her to track how much data each device that she has requires, does an good monthly report about the usage and most important, this one has an setting to set an desired network for each device. I found this important, because when you have just one ssid, every now and then an device insist on connecting to an slower wifi. Now, it's the part that made me return ax3000: every single report was paid. Parent lock? If you wish to see what your kids are browsing, you can see it, but only today. For free, tomorrow you will be unable to see it. Ok, I could live with that. preference for an network? Forget it, it doesn't allow you to set it. The problem: my ps5 was connecting to 2.4 and I've just noticed, because an download was painfully slow. Ok, ps5 has an setting to make it connect to 5ghz only (ax300 was less than 3 meters or 10 foot away). Then I've noticed that this problem wasn't happening just with my ps5. Most of my 5ghz enabled devices, was connecting just to 2.4 and I was unable to force them to connect to an faster network, due an simple setting that is missing for each device that is connected. I've thought: ok, at least I can see my reports about bandwidth usage. And guess what, this report also is paid. I wouldn't mind about it, but it would fix just one problem, not the other ones. And then, I've returned it. Now, I need another one. Any suggestions about an router, that is able to track bandwidth usage for each device, allows an specific network to be forced into an device? I can build an server to do all those things without any worries, but I don't wish to waste the power required to do that, just because an faster router requires an extra an hidden payment for an simple report, claiming that would also provides an extra layer of security on those devices. I don't wish an router, that is too limited, like x60 was. This one is fast, I don't doubt it. But I've felt that while one hand was giving me an very fast connection (faster than my current internet service can handle), the other hand was taking me several things that I've taken for granted, because those options exist in the slower TP-Link mesh line of products.
It's Chinese, so it definitly has a backdoor in it build. I wouldn't buy it.
Better than American companies forced by nsa. To share stuff
2 wrongs don't make a right.
Tp link going downhill steadily last several years. They were always and still are good from a cost perspective, but some products are outright flawed, like the immensely popular sg108e, which has two flaws (no management vlan, you can access it from any por and any vlan and second, using dhcp, the switch gets ip from any first to respond vlan dhcp server). I only discovered this when it was too late to return... Same is true for the netgear's variant with almost similiar name... but in same priceclass the d link didn't had this issue and more features, but I've no idea about longetivity (they used to be bad at one point, with security flaws, the reason resellers didn't put them in stock anymore, but nowadays seem fine and are an older company than tp link and based in Taiwan with a bit higher cost, but usually not more than 15%). Few years ago, I got a few deco's for free from my isp. Guess what, you could only configure them via a fcking smartphone, there was no management interface to browse to. It keeps phoning home around over a thousand times an hour, WTF. Needless to say, I got those all blocked in an upstream firewall. They are otherwise fine as ap's, but if I didn't got them for free, I'd never bought them. I've serious questions about this company. They promise a lot, i.e. firmware fixes to resolve them and it never happens. The problem with the sg108e is several years old and latest firmware dating back to 2019 and it's still being sold as the #1 fake managed switch and claimed to be for small-medium businesses, but hell no, this device is a huge security risk. Tp-link reminds me of D-link, heading in the same direction. Maybe they will be great again in the future after disaster strikes (which is what happened to D-link), but I doubt it, because the competitor probably sells 1% vs tp-link, while providing more features and battle harden security, but no idea about the longevity (can use cheap capacitors, etc., I haven't owned and D-link product in over two decades). Too bad cisco is too expensive for home use or it would be my top choice. As for unmanaged switches, yeah, tp-link is best, because only for the price. For basic L2 switching any brand would probably do. But also here... they fuck up with plastic casing for certain models. When you put lots of load through 24/7, they get hot and have no ventilation holes, real genius design...