Get Synology NAS work well with Archer AX6000 when Link aggregation enabled

Get Synology NAS work well with Archer AX6000 when Link aggregation enabled

Re:Get Synology NAS work well with Archer AX6000 when Link aggregation enabled
2022-06-02 10:46:56

I finally got tired of unfulfilled promises. I have put my AX6000 for sale. I have bought a Synology RT6600AX. It is a pity, I have always been very happy with TP-Link, I remember the fabulous WRD3600 that accompanied me many years, and the Archer C3200, but with this AX6000 they have not been able to live up to what they promised. 

  0  
  0  
#15
Options
Re:Get Synology NAS work well with Archer AX6000 when Link aggregation enabled
2022-10-10 19:06:16

  @Solla-topee It's ben working using LACP to a QNAP (forget model # atm)  8x 5-Gbps RJ45 + 4x 10Gbos RJ45 & SFP+. Of course you'll onlly get the 2Gbps from LAN downstream but all of my home lab servers and workstations are teamed or agg'd & had been working great since F/W beta 1.2.5 Build 20220321 rel.40146(5553). 

 

However, I have had a plethora of other issues, lot's of small issues that added up, with both the AX6000 & my A/V home mesh system via 3x Deco AX60, so I installed a multi-gig L2+ L3 managed switch with DHCP solicitation capabilities at the ONT & use one the QNAP as backup DNS & a trifecta of Windows Server VM's for authoratative DNS & for LAN side DHCP via ADDS & Windows DNS server with a tertiary backup DNS for IPv4 & v6 via a slave zone at hurricane electric. This has been great, aside from the TP-L equipment now being relegated to overpriced access points & with the switch at the ONT I can sniff packets from the entire network easily, I hang on to my dynamic public DHCP issued IP about 75% of the time via binding & when I do lose my IPv4 dynamic address, DDNS for IPv6 on top of the add'l DNS backup at Hurricane Electric (Using my own bridge address btw) takes care of ISP #1 when an interuptoin occurs that does force an IP change on the internet side. Even then, 90% of the time I can still get to any IPv6 capable/enable site or server since those addresses are cached on my primary internal DNS server with specific machines set or added as DNS update proxies via AD user and computer groups.

 

The last thing that I would say, not for you specifically, just anyone in the future reading... DO NOT BE LAZY OR IGNORANT. Do not assign anything not past a device with ACL rules as a DMZ device & document whatever ports you need, meaning whatever you do, DO NOT USE UPNP. This is a sure fire way to make the acquisition and LAN-side spread of malware so much easier & much more likely to occur. Use whatever manual forwarding you need or obfuscate via revrse proxy, or at a minimum change the default ports used and take advantage of port triggering. Also, if you have or get a managed switch, take advantage of VLAN's. Adding additional points which require routing can help keep malware away & can certainly aid in keeping packets from escaping with sensitive data using IN/OUT rules in conjunction with MAC Add's & IP ACL rules. I'd also suggest using a service (Free vversions available) from cloudflare as a gateway access control point, which adds an add'l layer of authentication & routing & uses a seperate IP, further obfuscating. Otherwise a 0-Trust tunneel type provider/server or at a minimum a VPN server, preferably Wireshark, bt OVPN can work as well, though I do not care at all for the lax (IMO) options on the TP-Link OVPN server. 

 

TP's router is actually decent at catching attacks from many vectors, but UPNP, DMZ & other settings can nullify that protection if other critical devices are not configured correctly. AND NEVER, NEVER use any QNAP NAS as a gateway, connected directly to the internet (public facing side/ISP assigned IP). You will end up with ransomware and beat case scenario is spending hours to extract all of the archived PW protected files you'll end up with. 

  0  
  0  
#16
Options
Re:Get Synology NAS work well with Archer AX6000 when Link aggregation enabled
2022-10-10 19:20:19

Interesting, but I'm already selling my AX6000 and I bought a Synology RT6600AX and I'm happy, for the same price and better support. Sorry tp-link.

  1  
  1  
#17
Options