Massive Packet Loss/TCP drops with NWA220AX-6E under FW 7.00
For several weeks the central firewall log of the core router had been showing many TCP connection drops, which indicated delayed TCP packets.
These only occurred in connections via the Zyxel NWA220AX-6E. On closer inspection, I found that the uplink speed to the connected 2.5G uplink port sometimes dropped to only 100M (displayed as such in both the WebUI of the AP and the switch). With several new cable connections, this occurred from time to time or remained at 2.5G.
In addition, editing the settings in standalone mode via the AP's WebUI had also become extremely slow, and there were frequent disconnections (with an alleged "3-minute URL timeout").
The AP was then replaced by support. I used the replacement device (with different cables and completely replaced upstream hardware) for several weeks afterward. Unfortunately, the symptoms did not change. Another temporarily installed wireless router on the same switch worked perfectly.
It took me a while but then I remembered that I had upgraded the firmware of the NWA220AX-6E in the summer to the new 7.00 branch (all the way to the newest V7.00(ACCO.2)). Today I downgraded to V6.60(1) / 2023-06-26 00:36:51 (which I thankfully had saved before, because it cannot be downloaded from the support site anymore). All issues instantly vanished. I therefore suspect that all of the V7.00 firmware packages (I started with the earliest V7.00(ACCO.1)) are somehow broken: they did not work on my initial device and also the completely new replacement device (which was delivered with the V7.00(ACCO.2)).
Is this a known issue?
Accepted Solution
-
Hi users,
We identified that an enhancement introduced in firmware V7.00 accidentally caused a packet flooding issue in specific scenarios. After a thorough investigation, we have resolved this issue through a dedicated date code firmware update as you seen.
Judy
See how you've made an impact in Zyxel Community this year!
0
All Replies
-
We had the same problem with an installation with 6 NWA220AX. Massive problems with the connection establishment and interruptions. The problem started with the automatic update to V7 in July.
After downgrading to V6 everything was fine again.1 -
Hi there,
To better assist you with this case, please check your Community inbox where we can discuss the details.
Judy
See how you've made an impact in Zyxel Community this year!
0 -
Hi, I saw your message. Unfortunately, I won't be able to test it until the end of next week. I will let you know then. Hopefully, there will be an improvement.
0 -
This is a big deal. I hope you can replicate this.
0 -
Hey,
I have the same issue and your post just helped me to find a workaround for it (by downgrading to 6.70) - The reason for why this is happening is that the 7.x firmware is expsoing packages from the "real" SSIDs intermittently to the MGMT VLAN.
I have a ticket open since more than 3 weeks with Zyel (#241000712) on this - Where I'm seeing a lot of packet drops on my firewall because of state issues (packet arrives on the VLAN 90 interface (management vlan) although it should arrive on the 103 (real interface for the SSID))
I've downgraded to 6.70 and it's immediately not happening anymore.
Nils
0 -
It is easy to replicate this - it was constantly happening for a few weeks. Zyxel sent me a beta firmware to test. But as I said, I can only report back at the end of next week.
Oh, good to know! I did not check why the packets were dropped. This sounds like a very logical explanation (and a very concerning one from a security standpoint). You can maybe ask in your ticket about the firmware "NWA220AX-6E_700P2C0-DF-2024-10-17". This is the one they sent me for testing.
1 -
Hey @TheDj,
they've just provided me with the file you've suggested / testing now.
Nils
0 -
Hi there,
Has the issue been resolved after implementing our suggested firmware solution?"
Judy
See how you've made an impact in Zyxel Community this year!
0 -
Hi,
I don't know about @nboeckmann but for me, this firmware seems stable. I have used it over the weekend and there are no issues like in my original post anymore.
@Zyxel_Judy Can you describe what the issue was?
Regards,
TheDJ
0 -
Hi @TheDJ,
I've been running it now for almost a week. The described issue with the packages being exposed to the wrong VLAN is no longer happening. I've observed that now the Access Point did do ARP packages on the wrong VLAN - so what should be done in the management VLAN was now done on one of the VLANs for an SSID. The support team was able to login to the AP and has done some changes - but I'm not yet sure if it was a configuration thing or an error in the firmware (the answer was not clear by them)
Nils
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 264 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 41 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight