ER605 V1_1.2.3 Beta Firmware causing Router Disconnects
System is OC200 (firmware 1.21.7 Build 20221206 Rel.58608), ER605, and switch TL-SG2210MP.
Tried the beta firmware V1_1.2.3 and the router disconnected two times a day for the last two days. The router memory was at 50% and CPU utilization was also typical at 18%. System had been stable for months on router firmware version 1.2.1.
The gateway acl seemed to work and were stateful, but I couldn't get any switch permit acl's to allow specific clients/ports through the gateway acl. I thought the switch acl would be a higher priority than the gateway acls?
Also activated the new mDNS service across all vlans and it did not seem to work. For now I have flashed the router back to version 1.2.1 Build 20220512 Rel.76748.
Logs:
[client:E4-C3-2A-75-ED-4D:OC200_Controller] is connected to [osw:B0-95-75-8C-67-CE:Switch_TS] on LAN network. 2023-03-06 11:52:07 AM
[osg:C0-C9-E3-CB-FE-D3:Router_ER605] was disconnected. 2023-03-06 11:51:20 AM
[client:E4-C3-2A-75-ED-4D:OC200_Controller] was disconnected from network "LAN" on [osg:C0-C9-E3-CB-FE-D3:Router_ER605](connected time:9m connected, traffic: 0Bytes). 2023-03-06 11:51:11 AM
[client:E4-C3-2A-75-ED-4D:OC200_Controller] is connected to [osg:C0-C9-E3-CB-FE-D3:Router_ER605] on LAN network. 2023-03-06 11:38:16 AM
[client:E4-C3-2A-75-ED-4D:OC200_Controller] was disconnected from network "LAN" on [osw:B0-95-75-8C-67-CE:Switch_TS](connected time:31h2m connected, traffic: 0Bytes). 2023-03-06 11:38:16 AM
[osg:C0-C9-E3-CB-FE-D3:Router_ER605] was connected. 2023-03-06 11:37:16 AM
[client:E4-C3-2A-75-ED-4D:OC200_Controller] is connected to [osw:B0-95-75-8C-67-CE:Switch_TS] on LAN network. 2023-03-06 11:37:01 AM
[osg:C0-C9-E3-CB-FE-D3:Router_ER605] was disconnected. 2023-03-06 11:36:00 AM
[client:E4-C3-2A-75-ED-4D:OC200_Controller] was disconnected from network "LAN" on [osg:C0-C9-E3-CB-FE-D3:Router_ER605](connected time:30h55m connected, traffic: 23.36KB).2023-03-06 11:36 AM
[client:3C-E4-41-98-6C-E5:Tablet_Basement] is disconnected from SSID "Auto" on [ap:C0-C9-E3-4C-6D-20:EAP245_Basement] (1h24m connected, 123.25KB). 2023-03-06 11:00:11 AM
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi All,
A newer 1.2.3 Beta firmware has been released for trial, please follow the post link below for details.
ER605 V1_1.2.3_Build 20230413 Beta For Trial (Released on Apr 14th, 2023)
- Copy Link
- Report Inappropriate Content
Hello @1207
Thank you for your valuable feedback on the ER605 1.2.3 Beta firmware.
Please allow me to confirm some details regarding the router disconnected issue you mentioned.
1. When the router was disconnected, would all of your network devices drop the network connection? Or would only the router get disconnected from the controller?
2. What did you have to do to recover the connection when the issue happened? Would it work automatically after some time?
Regarding the Gateway ACL and mDNS service, could you please try to provide more details (setup and network diagram if possible) as possible as you can to help us better understand the issue you encountered?
- Copy Link
- Report Inappropriate Content
Fae wrote
Hello @1207
Thank you for your valuable feedback on the ER605 1.2.3 Beta firmware.
Please allow me to confirm some details regarding the router disconnected issue you mentioned.
1. When the router was disconnected, would all of your network devices drop the network connection? Or would only the router get disconnected from the controller?
-- Connections to the local network continued to work. There was no web access for any client.
2. What did you have to do to recover the connection when the issue happened? Would it work automatically after some time?
-- The router needed to be hard rebooted to restore web access. It did not auto recover after 2 hours.
Regarding the Gateway ACL and mDNS service, could you please try to provide more details (setup and network diagram if possible) as possible as you can to help us better understand the issue you encountered?
-- Added a Gateway lan-lan deny ACL to evaluate new functionality of the beta firmware. The ACL blocked access from vlan1 (IoT) to vlan2. Tested the ACL and it blocked access as expected while allowing clients on vlan1 to respond to inquiries from vlan2 (stateful ACL). Then I needed to allow some clients on vlan1 to access specific ports/clients on vlan2. So, added a switch permit ACL to allow the specific access, but the all clients on vlan 1 were still blocked. Appeared the gateway ACL was a higher priority (overruling) the switch ACL.
Turned on mDNS service and selected Gateway, all networks, and enabled. I turned off my Avahi server that I was using for mDNS. The mDNS clients could no longer find other mDNS clients on the network. I did not troubleshoot the issue for long as I turned my Avahi server backon.
Let me know if you have any other questions.
- Copy Link
- Report Inappropriate Content
Hello @1207
Thank you for sharing the details.
For your demand for allowing only some clients on vlan1 to access specific ports/clients on vlan2, it might be easy to achieve it on the router in Standalone mode. We can create IP Groups for the specific clients on vlan1 and vlan2 separately (say group1 and group2), then create Gateway Block ACL with ALL direction to block access from !group1 to !group2. However, this is not supported in Controller for the time being, hope it be supported soon.
In addition, it's not true that the switch acl would be a higher priority than the gateway acls. Actually, the priority of ACL rules depends on where the packets would be sent to. For your case, the packets will be sent to the gateway eventually, so your configuration didn't make it.
- Copy Link
- Report Inappropriate Content
Fae wrote
For your demand for allowing only some clients on vlan1 to access specific ports/clients on vlan2, it might be easy to achieve it in Standalone mode. We can create IP Groups for the specific clients on vlan1 and vlan2 separately (say group1 and group2), then create Gateway Block ACL with ALL direction to block access from !group1 to !group2. However, this is not supported in Controller for the time being, hope it be supported soon.
-- I already have the IP Groups created because I use them for my switch ACL's. They work on the switch, but they are not stateful. Which requires me to take extra steps to manage a client on a blocked vlan. It works, but is not very convenient. Good to know IP_Groups are supported for Gateway ACL's in standalone mode. I will just wait until they are available under Controller mode.
In addition, it's not true that the switch acl would be a higher priority than the gateway acls. Actually, the priority of ACL rules depends on where the packets would be sent to. For your case, the packets will be sent to the gateway eventually, so your configuration didn't make it.
-- I believe a switch deny ACL will prevent the Gateway ACL from taking effect, because it should block the packet at the switch and not allow it to reach the Gateway? With a switch permit ACL I thought the switch was smart enough to send the packet to the correct port on the switch, if both clients were connected to the same switch. But this is not the case and requires the Gateway to route the packet.
- Copy Link
- Report Inappropriate Content
For ER-605 v1 Beta, my understanding is, an Omada Software v5.8 is needed . Is there a beta for OC-200 v5.8? I have both OC-200 and OC-300 and both of them are 5.7.6 and I assumed that this new ER-605 v1 beta is for the stand-alone because my hardware controllers are below the v5.8 requirement so I never really tried them and I am too lazy to install a Software Controller to try it out (yay)....
As for Gateway ACL and Switch ACL, I have to turn off Gateway ACL since once the traffic leaves the L2 Switch, it will traverse the router, which will then trigger Gateway L3 ACL. I have it shown in Part 4 of this installment video.
- Copy Link
- Report Inappropriate Content
I was about to create a new post for the same issue, it looks like memory leak, memory usage starts around 35 when I reboot and slowly goes up to around 70 and then internet I'd dropped and the controller says Heartbeat Missed.
The cycle takes around a day.
I'm on software controller 5.9.9.
- Copy Link
- Report Inappropriate Content
Hello @Emmesp
Does the issue start to happen after you upgrade to the ER605(UN)_V1_1.2.3 Build 20230224 (Beta) Firmware?
If so, may I know the previous firmware version of your ER605 v1?
Would the router and only the router get disconnected from the controller finally?
Would all of your network devices drop the network connection when issue happened?
Would it work automatically after some time, or did you have to reboot the ER605 to recover the connection?
How many client devices do you have in your network? Is there any VPN connection established in your network with torrent network activities such as cam video stream, or large file downloading?
- Copy Link
- Report Inappropriate Content
Hi @Fae,
Does the issue start to happen after you upgrade to the ER605(UN)_V1_1.2.3 Build 20230224 (Beta) Firmware?
If so, may I know the previous firmware version of your ER605 v1?
This started to happen after the upgrade my previous version was ER605(UN)_v1_1.2.2_Build 20230208 (Beta)
Would the router and only the router get disconnected from the controller finally?
Yes Only the router gets dicconected and i notice when my internet starts slowing down and then droped.
Would all of your network devices drop the network connection when issue happened?
While the DHCP lease does not expire devices connected to the network can still talk to eachother.
Would it work automatically after some time, or did you have to reboot the ER605 to recover the connection?
First time i waited at least 10 minutes but i had to reboot to recover.
How many client devices do you have in your network? Is there any VPN connection established in your network with torrent network activities such as cam video stream, or large file downloading?
We have 20 wireless clients and 8 wired.
two of the wired clients are connected to corporate VPN using constant video meetings.
We have 3 cameras contantly uploading data to the cloud.
- Copy Link
- Report Inappropriate Content
Hello @Emmesp
To better assist you, I've created a support ticket via your registered email address, and escalated it to our support engineer to look into the issue. The ticket ID is TKID230326511, please check your email box and ensure the support email is well received. Thanks!
- Copy Link
- Report Inappropriate Content
Hello @1207
Regarding the ER605 1.2.3 Beta Disconnected issue you originally reported, I've created a support ticket via your registered email address and escalated it to the TP-Link support team for further follow-up. The ticket ID is TKID230326548. Please check your email box and ensure the support email is well received. Thanks!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3268
Replies: 22
Voters 0
No one has voted for it yet.