Beta Software ER707-M2 V1_1.1.1 Build 20230927 Beta Firmware for Omada Controller v5.12 (Released on Sep 27, 2023)
This Article Applies to
ER707-M2 V1 / V1.6_1.1.1_Build 20230927 (Beta)
- Fully adapted to Omada SDN Controller 5.12.
Release Notes
New Feature/Enhancement
1. Add ACL support for IPv6 data.
2. Add support for IPv6 RA (Router Advertisement) configuration for LAN.
3. Add support for configuring multiple IP addresses on the WAN port.
4. Add support for monitoring session limits in controller mode.
5. Add support for configuring the MSS (Maximum Segment Size) of WAN port.
6. Add support for Gateway Tools in Controller mode.
- Ping.
- Traceroute.
- Terminal.
7. Add support for the ability to download device info of Gateway in Controller mode.
8. Add support for Location Group in Gateway ACL.
9. Add support for allow list of MAC filtering in Controller mode.
10. Add support for tagging same VLAN ID on different WAN port.
11. Increased security of communication between Gateway and Controller.
12. Add support for DNS cache, which can improve domain name resolution speed by handling recent address resolutions locally before sending request to Internet .
13. Add support for DH 14 and DH 15 for PFS.
14. Add support for 0.0.0.0/0 IP range of local network when using IPsec IKEv2 for Client-to Site VPN.
15. Add support for DDNS custom intervals (1~60 minutes).
16. Add support for link-local addresses of IPv6 DNS on the LAN side.
17. Log Enhancements.
- Show the source IP address of TCP no-Flag /ping of death attacks.
- Show the log of link backup switching.
- Show the log of DDNS update.
- Logs can be saved when the device is down. You need to short press the reset button within 5s, and after releasing the reset button, the sys light will be on for 3 seconds to indicate that the downtime log is saved successfully.
18. Add support for Intrusion Detection/Prevention
19. Add support for Deep Packet Inspection in Standalone mode.
20. Add support for enable/disable Flow Control in Controller mode.
21. Add support to modify the rate and duplex of the Ethernet port in Controller mode.
Bug Fixed
1. Fix the bug that ICMP type 13 packets cannot be intercepted
2. Fix the bug that VPN Client cannot access the other side through IPsec when the device act as a PPTP/L2TP/OpenVPN Server and also establishes IPsec VPN with other devices.
3. Fix the bug that VPN client cannot proxy Internet access when VPN IP Pool and LAN IP are in the same network segment.
4. Fix the bug of CPU abnormality caused by enabling more VLAN Interface.
5. Fix the bug of high latency in ISP Load in Controller mode.
6. Fix the bug of frequent reconnection with Omada Controller.
7. Fix the bug that the VLAN configuration of IPTV is affected by the VLAN configuration of WAN port in Controller mode.
8. Fix the bug that the device does not support proxy internet access as Wireguard VPN client.
9. Fix the bug that Port Forwarding does not take effect under multiple WAN ports.
10. Fix the bug that the port status display is abnormal in Controller mode.
11. Fix bugs related to OpenVPN:
- OpenVPN clients cannot proxy Internet access through the device.
- OpenVPN IP pool cannot be configured.
- When the device is used as an OpenVPN Server and the option is Split mode, OpenVPN clients cannot access the Internet normally.
- Remote IP error displayed in the OpenVPN Tunnel interface when the device connects successfully as an OpenVPN Client.
- When the device acts as an OpenVPN Client, OpenVPN fails to start when there are unsupported fields in the OVPN file.
12. Fix the bug that cloud access could not connect successfully when PPPoE dialup was performed on the WAN port.
13. Fix the bug that after the device connects to the Server as a WireGuard VPN Client, the peer cannot access the device via WireGuard Interface IP.
14. Fix a bug that prevented successful login when an underscore was used for the login password
Firmware Download
Before the Upgrade
(1) Please be sure you have read the Beta Test Agreement before upgrading the Beta firmware!
(2) You may follow the following guide to upgrade your Omada devices. How to Upgrade/Downgrade Omada Gateways
Firmware Download Link
ER707-M2 V1_1.1.1_Build 20230927 (Beta)
Notes:
(1) The above firmware is applied to ER707-M2 V1 and V1.60.
(2) Your device’s configuration won’t be lost after upgrading.
(3) The new features added in the above firmware require to upgrade of the Omada SDN Controller 5.12, which has been released for early access here.
Additional Information
All feedback is welcome, including letting us know about successful device upgrades.
If somehow you encounter an issue during or after the ER707-M2 Router upgrade, it's suggested to contact us with the following info:
- Omada Controller version
- Device Firmware version with Build number (previous and current)
If your ER707-M2 router gets bricked during the firmware upgrade, you may follow the guide below to recover the firmware.
How to use the Emergency Mode to recover the firmware for Omada Gateways
Update Log
Nov. 20th, 2023:
Update the format and incorrect description in the release note.
Sep 27th, 2023:
Post the ER707-M2 V1 / V1.6_1.1.1_Build 20230927 (Beta) firmware for early access.
Recommended Threads
Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates
Get the Latest Omada SDN Controller Releases Here - Subscribe for Updates
Experience the Latest Omada EAP Firmware - Trial Available Here, Subscribe for Updates!
Current Available Solutions to Omada Router Related Issues [Actively Updated, Post for Subscription]
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@a-sam Mine also is the same if I run gigabit with IDS.......... I get around 250-400Mbps ..... take it off and it's right up at the top. Needs some tweaking I suspect. Oddly it doesn't effect the connection when it's set to 250mbps......... only when it's set to run gigabit........ as I can boost it etc.
- Copy Link
- Report Inappropriate Content
yes I experience the same, with VPN configured it is even slower. I got a UXG-Lite a few days ago, unifi's weakest router, but it actually manages close to 1GB with IDS/IPS enabled. This is a much weaker router than the ER707-M2 so it is possible.
apart from IDS/IPS, the UXG-Lite is completely useless compared to all TP-Link's routers.
- Copy Link
- Report Inappropriate Content
Hi @a-sam
Thanks for posting in our business forum.
a-sam wrote
@Clive_A and team, this will be a great update. I am testing this firmware on my ER707-M2 v1.0 with the Omada 5.13.10 controller (also beta) and when enabling IDS/IPS my internet speed is heavily impacted. I have a 1Gbps internet, with IDS/IPS on Low I can get around 400Mbps throughput and on Medium around 250Mbps. With IDS/IPS turned off and can get 950Mbps. Is this a hardware limitation? (CPU and memory are not maxed out) or can this be fixed on software prior to the final release?
IDS/IPS will heavily use the CPU to process the detection and prevention. What kind of security level do you have? Lowering the security level would also reduce the data it scrutinizes. Or change to Detect Only.
Let me know the result.
- Copy Link
- Report Inappropriate Content
I get 750Mbps with IDS and 500 with IPS, both using 12 out of 12 categories. I am connected to the 2.5 gb port with 1.25 gb internet service
- Copy Link
- Report Inappropriate Content
Hi @JasonAS @a-sam @MrHC1983 @MR.S
Confirmed that IDS+IPS would make it drop/lose by around 70%. Every single connection/session would be monitored.
Would be more accurate by this:
Confirmed that IDS+IPS(high) would make it drop/lose by around (max) 70%. Every single connection/session would be monitored.
- Copy Link
- Report Inappropriate Content
@Clive_A thanks for the update on this! I will turn it off for now as the drop in performance is too high to justify, even if using IDS on "Low".
here are my results:
IDS/IPS off - 950Mbps
IDS on Low - 200-500Mbps
IDS on Med - 200-450Mbps
IDS on High - 200-300Mbps
IDS+IPS on Low - 200-500Mbps
IDS+IPS on Med - 250-400Mbps
IDS+IPS on High - 160-200Mbps
Testing using speedtest cli on a linux machine with multiple runs each.
- Copy Link
- Report Inappropriate Content
@Clive_A Is there any information on reduced speed on port #2 (2.5gbe)? I have 2.5gb down on it, but only 300mbit up. While i use other ports i have 1/1gbit. When i switch manually port #2 to 1gbe it also saturates 1/1gbit.
- Copy Link
- Report Inappropriate Content
Hi @drbanan
Thanks for posting in our business forum.
drbanan wrote
@Clive_A Is there any information on reduced speed on port #2 (2.5gbe)? I have 2.5gb down on it, but only 300mbit up. While i use other ports i have 1/1gbit. When i switch manually port #2 to 1gbe it also saturates 1/1gbit.
Based on what you said, you mean 2.5Gbps symmetric up/down speed from your ISP, is that correct?
When it is plugged in #2, it is not getting the correct upload of 2.5Gbps but reduced to 300Mbps. Right?
What if you test this on #1 WAN port?
Do you have any other devices? Controller? Ver?
WAN config? Do you have anything related to it?
Cable, have you tried a different one?
It's a new issue never reported from the forum. I need details to present this to the related teams.
- Copy Link
- Report Inappropriate Content
@Clive_A ISP is 2/1 on #1, on #2 i had either my pc, ubuntu server (both have 2.5gbe cards) or TL-SX3008F with sfp+ 10gbe.
Problem:
#1 ISP, #2 my pc - 2gbit down, 300mbit up
#1 ISP, #3 my pc - 1/1gbit
#2 my pc #3 ubuntu server - 1gbit down, 300mbit up on my pc
Yes, i tried multiple cables
I have TL-SX3008F switch - i am able to saturate about 4/10gbit on windows machine from server on this switch.
Controller is up to date - Software Omada (hosted on windows)
WAN config - pppoe, nothing fancy put in, but if there is any special option please ask i will provide. I just tried Flow Control (anyway, what is this? can't find info) and it didn't help.
Tried all available FW versions - even beta one 1.1.1 - not helping.
Got kinda offtop, but same metric question - should 2.5gbe work on 10gb sfp+ transceiver via TL-SX3008F? Even if i am able to run it on router+pc, that i will be able to route it further to switch like this: 2.5gbe(ER707-M2)<->10gbe sfp+(TL-SX3008F) using TL-SM5310-T on switch sfp+ side
- Copy Link
- Report Inappropriate Content
@a-sam It appears it's hardware limited. Basically TPLink need to start using CPU's with alot more power/cores.
Quad Core / 1GB RAM Standard.
The speed issue with IDS doesn't both me, I typically run 250MBps...... so it runs around 200-250 on average which is fine. I did however winge to my ISP about it having speed issues when it was MEANT to be on Gigabit........ only to yes come across the IDS effecting the speed that much....
For me it run the same on gigabit as standard so it seems it's mostly only effecting those with that gigabit internet line.
Hopefully they can improve it, loosing like 60-80% of internet speed for a filter is pretty heavy. The MAP thing also needs updating to show blocked traffic on the Treat Management but I think that ultimately it just for the API host to block the IP's on that map mostly so.
Either way I have generally been really impressed with the IDS and the ER707-M2. I used to have a ER605 (still lying around here somewhere) and that thing sucks, constantly rebooted and all sorts of stuff.
Very happy with the ER707 and firmware progress. That said I still WISH that Static IP's reserved in DHCP should dish out CUSTOM DNS ..... The only real feature I am missing.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 2
Views: 7848
Replies: 26
Voters 0
No one has voted for it yet.