Massive Packet Loss/TCP drops with NWA220AX-6E under FW 7.00

TheDJ
TheDJ Posts: 5  Freshman Member
First Comment Friend Collector

For several weeks the central firewall log of the core router had been showing many TCP connection drops, which indicated delayed TCP packets.

These only occurred in connections via the Zyxel NWA220AX-6E. On closer inspection, I found that the uplink speed to the connected 2.5G uplink port sometimes dropped to only 100M (displayed as such in both the WebUI of the AP and the switch). With several new cable connections, this occurred from time to time or remained at 2.5G.

In addition, editing the settings in standalone mode via the AP's WebUI had also become extremely slow, and there were frequent disconnections (with an alleged "3-minute URL timeout").

The AP was then replaced by support. I used the replacement device (with different cables and completely replaced upstream hardware) for several weeks afterward. Unfortunately, the symptoms did not change. Another temporarily installed wireless router on the same switch worked perfectly.

It took me a while but then I remembered that I had upgraded the firmware of the NWA220AX-6E in the summer to the new 7.00 branch (all the way to the newest V7.00(ACCO.2)). Today I downgraded to V6.60(1) / 2023-06-26 00:36:51 (which I thankfully had saved before, because it cannot be downloaded from the support site anymore). All issues instantly vanished. I therefore suspect that all of the V7.00 firmware packages (I started with the earliest V7.00(ACCO.1)) are somehow broken: they did not work on my initial device and also the completely new replacement device (which was delivered with the V7.00(ACCO.2)).

Is this a known issue?

Accepted Solution

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,606  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula
    Answer ✓

    Hi users,

    We identified that an enhancement introduced in firmware V7.00 accidentally caused a packet flooding issue in specific scenarios. After a thorough investigation, we have resolved this issue through a dedicated date code firmware update as you seen.

    Judy

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

«1

All Replies

  • zhng
    zhng Posts: 2  Freshman Member
    First Comment Fourth Anniversary

    We had the same problem with an installation with 6 NWA220AX. Massive problems with the connection establishment and interruptions. The problem started with the automatic update to V7 in July.
    After downgrading to V6 everything was fine again.

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,606  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi there,

    To better assist you with this case, please check your Community inbox where we can discuss the details.

    Judy

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • TheDJ
    TheDJ Posts: 5  Freshman Member
    First Comment Friend Collector

    Hi, I saw your message. Unfortunately, I won't be able to test it until the end of next week. I will let you know then. Hopefully, there will be an improvement.

  • jpblanch75
    jpblanch75 Posts: 161  Master Member
    First Comment Friend Collector Second Anniversary Community MVP

    This is a big deal. I hope you can replicate this.

  • nboeckmann
    nboeckmann Posts: 6  Freshman Member
    First Comment Friend Collector Sixth Anniversary

    Hey,

    I have the same issue and your post just helped me to find a workaround for it (by downgrading to 6.70) - The reason for why this is happening is that the 7.x firmware is expsoing packages from the "real" SSIDs intermittently to the MGMT VLAN.

    I have a ticket open since more than 3 weeks with Zyel (#241000712) on this - Where I'm seeing a lot of packet drops on my firewall because of state issues (packet arrives on the VLAN 90 interface (management vlan) although it should arrive on the 103 (real interface for the SSID))

    I've downgraded to 6.70 and it's immediately not happening anymore.

    Nils

  • TheDJ
    TheDJ Posts: 5  Freshman Member
    First Comment Friend Collector

    It is easy to replicate this - it was constantly happening for a few weeks. Zyxel sent me a beta firmware to test. But as I said, I can only report back at the end of next week.

    Oh, good to know! I did not check why the packets were dropped. This sounds like a very logical explanation (and a very concerning one from a security standpoint). You can maybe ask in your ticket about the firmware "NWA220AX-6E_700P2C0-DF-2024-10-17". This is the one they sent me for testing.

  • nboeckmann
    nboeckmann Posts: 6  Freshman Member
    First Comment Friend Collector Sixth Anniversary

    Hey @TheDj,

    they've just provided me with the file you've suggested / testing now.

    Nils

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,606  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi there,

    Has the issue been resolved after implementing our suggested firmware solution?"

    Judy

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • TheDJ
    TheDJ Posts: 5  Freshman Member
    First Comment Friend Collector

    Hi,

    I don't know about @nboeckmann but for me, this firmware seems stable. I have used it over the weekend and there are no issues like in my original post anymore.

    @Zyxel_Judy Can you describe what the issue was?

    Regards,

    TheDJ

  • nboeckmann
    nboeckmann Posts: 6  Freshman Member
    First Comment Friend Collector Sixth Anniversary

    Hi @TheDJ,

    I've been running it now for almost a week. The described issue with the packages being exposed to the wrong VLAN is no longer happening. I've observed that now the Access Point did do ARP packages on the wrong VLAN - so what should be done in the management VLAN was now done on one of the VLANs for an SSID. The support team was able to login to the AP and has done some changes - but I'm not yet sure if it was a configuration thing or an error in the firmware (the answer was not clear by them)

    Nils