It is a crap router - sorry - it is horrid. It seems to be really full of security holes, subject to DNS amplification attacks, all sorts. It tries to do lots of features (even URL blocking). So, we won't be using them as routers. They may be better with later s/w but I had to argue with my techies to even consider them, understandably.
However, some good news :-
- Annex A and M
- Work in PPPoE bridged mode
- Safe from external attack in PPPoE bridged mode, obviously
- Allow 1508 PPPoE bridged, so 1500 byte MTU connections on BT, TT, and BE
- Seem to sync better than the ZyXEL P660 which is what we used to use
So, how to solve the problem that someone could reset them in to their horridly broken mode somehow? Simple, a nice solid sticker with 3M adhesive on the back...
Longer term we'll try and get the GPL code and set them so they can only bridge.
P.S. just to clarify, what this does is handle "Ethernet Bridging" which uses LLC headers and bridges to a logical Ethernet segment on the far side where you can talk PPPoE to the BRAS.