Just want to double-check check I have certain settings right in my Beryl AX to ensure that the router is as secure and private as possible.
Under "Modify Network Settings", "MAC Mode" is set to "Random". When should "Factory" or "Clone" be used? How should I use them?
Under "Repeater Options", what should "Allow Switching to Other Networks Mode" and "Band Selection" be?
Under "Wireless", I have "Enable Randomized BSSID" turned on. For WiFi security, I can't exclusively use WPA3-SAE as my TV and other IoT devices don't support it. So I have "WPA2-PSK/WPA3-SAE" selected. How does this really work since there are two security settings in one? "SSID Visibility" is "shown". For "Wi-Fi Mode", I have "11ac/ax" selected because I don't have any devices older than AC. Does it matter though? Should I select other options to ensure greater compatibility? If so, what are the negatives of doing that? I have "bandwidth" set to "80MHz". I think I read there are apps out there that can help me decide which channel to use. Which app and how do I confirm which channel is best? Is there a way to further increase the "TX Power"? If so, will it make a measurable difference?
Under "Client", what are the pros and cons of using a "Reserved IP"?
Under "Network", besides "DNS", are there any other settings or tabs to select to further enhance my privacy and security?
Under Adguard Home's DNS Settings, is "Load-balancing" the best option? Should I leave "Fallback DNS servers" blank? Should I leave "Bootstrap DNS Servers" with the default settings? I only see a bunch of numbers. "Private reverse DNS servers" is blank. "Use private reverse DNS resolvers" and "Enable reverse resolving clients' IP addresses" are enabled. Everything else is at the default.
Client and DHCP settings are at the default or left blank. I've made no changes.
How do I check how much RAM is being used by all of the blocklists I have enabled in AdGuard Home?
Maybe you can use the clone mode when you need to copy the MAC address of other devices to your router (some special environments or tests may be used)
You can select different settings based on your needs, and a description of the function will appear at the top of the interface.
It is recommended to select the automatic mode for the frequency band.
For people who have multiple device types, they need to use this mode, which will automatically switch to another security protocol when WPA3 cannot match and work.
The Wi-Fi protocol you choose depends entirely on what Wi-Fi protocols your device supports. Using a newer protocol is always best, as it will provide a better user experience.
Wi-Fi Channel Analysis Tool.
This feature allows your client to obtain the same IP address every time it connects to the router. Eliminate the uncertainty caused by dynamic IP changes and improve network stability.
You can view the intercepted data through the ADGuard management page
'Random MAC' would be used when you're hitting an untrusted AP. Think 'coffeeshop' rather than 'home'
'Clone' would be used in cases where a finicky hotspot forces you to authenticate against the captive portal with your phone, then you'd use that same MAC in your Beryl AX to spoof the Upstream.
'Reserved IP' is GL GUI's way of assigning static IP. See this thread. You said you know the real learning begins with LuCI; here's the prefer opportunity for a low risk exercise to use it.
IDK about the specific block lists but opkg update && opkg install htop && htop. Have fun.
The wireless security protocol part, I believe my colleagues have explained it clearly.
To comply with regulatory restrictions, WiFi transmission power cannot be further increased.
Reserved IP, bring the client to obtain a specified fixed LAN IP, which is convenient for memory (I think domain is better remembered than IP?), port forwarding, etc.
