The firmwares v1.2.0 and v1.2.1 for TL-R605 have a serious bug. Don't upgrade if you use ACL rules!

The firmwares v1.2.0 and v1.2.1 for TL-R605 have a serious bug. Don't upgrade if you use ACL rules!
The firmwares v1.2.0 and v1.2.1 for TL-R605 have a serious bug. Don't upgrade if you use ACL rules!
2022-04-22 18:56:51 - last edited 2022-06-16 12:42:57
Hardware Version: V1
Firmware Version: v1.2.1

Edit (16-06-2022):

The latest firmware v1.2.1 still suffers from the same issue as v1.2.0!

In standalone mode, if you have configured ACL rules (blocking something) in Firewall with ! in front of the vlan's name, the router will block everything, you can't even access to the config page, nor to WAN ports.

 

@Fae 

It's incorrectly stated at the v1.2.1 release note that this new update fixed the mentioned issue. No, it did not! Sorry.

 

We have to stay with the v1.1.1 again.

 

-------------------------------------

 

Unfortunately, the official thread doesn't inform you about it, so I'm compelled to create this one. I don't want others to screw their time with this nightmare I went through.

 

If you have an R605 router configured with ACL rules in standalone mode, the new update v1.2.0 will cause DHCP not working, leaving the device non-functioning.

Others have already reported about the issue here and someone confirmed that developers had recognized it as a bug in the new firmware.

 

Do not upgrade from v1.1.1 to v1.2.0!

Let's wait for the bugfix.

1
1
#1
Options
1 Accepted Solution
Re:The latest firmware v1.2.0 for TL-R605 has a serious bug. Don't upgrade!-Solution
2022-04-28 03:10:23 - last edited 2022-04-28 03:20:09

Dear @Arion, @Phoenclix, @btx,

 

Arion wrote

Unfortunately, the official thread doesn't inform you about it, so I'm compelled to create this one. I don't want others to screw their time with this nightmare I went through.

 

If you have an R605 router configured with ACL rules in standalone mode, the new update v1.2.0 will cause DHCP not working, leaving the device non-functioning.

Others have already reported about the issue here and someone confirmed that developers had recognized it as a bug in the new firmware.

 

Do not upgrade from v1.1.1 to v1.2.0!

Let's wait for the bugfix.

 

Sorry for any trouble caused. You didn't elaborate on your ACL configuration, but I guess that you used the "!" to set a Source/Destination Network to create the ACL rules. If it's the case, the issue you have is the same as it's mentioned in this post (yes, you already found it).

 

The main cause of the issue is that the 1.2.0 firmware has adjusted the ACL rules strategy, when the ACL rules created with a "!" network, it will also restrict the access to the gateway itself. That's why the clients are unable to obtain IP addresses from the DHCP after the 1.2.0 firmware update.

 

I'll add a note in the thread (link) you mentioned to inform others about this change. Thank you @Arion for your thoughtful suggestion.

New to the TP-Link Community? Getting Started from this thread: https://community.tp-link.com/en/business/forum/topic/551684
Recommended Solution
2
2
#7
Options
15 Reply
Re:The latest firmware v1.2.0 for TL-R605 has a serious bug. Don't upgrade!
2022-04-25 15:44:39
I can confirm this behavior. I had to revert back to the previous firmware version. @Fae: please confirm and update with ETA for a fix.
0
0
#2
Options
Re:The latest firmware v1.2.0 for TL-R605 has a serious bug. Don't upgrade!
2022-04-27 20:41:32 - last edited 2022-04-27 21:21:29

  @Arion &  @Phoenclix

 

This bug was already reported in several threads and @Fae posted already firmware with a fix, which is confirmed to be working by everybody who raised the issue about it.

I do think this bug is critical, especially as firmware update over cloud controller would install latest with this bug and beta is not available for upgrade over omada (only manual), therefore it means, everybody running on a latest stable has this bug (some maybe did not notice it). I am using this beta and dhcp issue is resolved, I believe that current stable should be taken out and new stable should be pushed (even if with only dhcp fix, dhcp is very basic feature of every router, even the cheapest, it is not acceptable if business line has such issues.

 

 

Fae wrote

This Article Applies to:

 

ER605(UN)_V1_1.2.0 Build 20220114 and earlier firmware

ER7206(UN)_V1_1.2.0 Build 20220117 and earlier firmware

 

 

Background:

 

Omada SDN Controller v5.0 has supported to configure DHCP Reservation for Omada Devices (mentioned HERE), and also support to reserve static IP address outside the DHCP Range (mentioned HERE). Besides, the DHCP issue caused by wrong configuration (duplicated DHCP reservation) has also been fixed completely with the gateway 1.2.0 official firmware (mentioned HERE).


However, we noticed that there are still some feedback on the "Use Fixed IP Address" (DHCP Reservation) issue after Omada Controller v5.0 (check Here for update) and Gateway 1.2.0 official firmware (check Here for update) is released.

 

 

Issue Description/Phenomenon:

 

Configuring the "Use Fixed IP Address" on Omada SDN Controller for some clients (IOT devices) doesn't take effect. For example, set static IP 192.168.0.150, the client consistently gets a different address after restart.

 

For more details, you may check for the following threads.

Use Fixed IP Address not working.

IP address reservation still not working reliably

 

Thanks for all of your effort to work on the issue.

After further investigation and tests, TP-Link support team has addressed the problem finally.

 

 

Available Solutions:

 

The R&D team has made a Beta firmware to adapt to the behavior of the IoT devices accordingly.

Welcome to install and verify that it can resolve your issue effectively.

 

ER605(UN)_v1_1.2.0_Build 20220328 (Beta)

ER7206(UN)_v1_1.2.0_Build 20220328 (Beta)

 

Note: Please be sure you have read the Beta Test Agreement before proceeding!

 

Feedback:
 

Still doesn't take effect for your clients with the Beta firmware above? 

It might be a different case, please don't hesitate to comment below for further assistance.

 

Looking forward to hearing from you for the test results of the above Beta firmware!

 

 

0
0
#3
Options
Re:The latest firmware v1.2.0 for TL-R605 has a serious bug. Don't upgrade!
2022-04-27 21:51:04

  @btx 

Thanks for the reply and the information.

I was going to select your post as a solution then I got confused a bit.

 

First of all, on the official release thread I linked above, by the moment I'm writing this, still there's no info about this bug, nor about the beta fix.

It needs to be corrected in that thread!

I haven't tried this beta yet, so I can't be sure if it solves the problem I have faced because the description of the issue is a bit different.

 

The "use fixed IP address" issue has been present in earlier firmware, as well, I've always found it odd but other than that it wasn't such a huge issue for me.

I don't have IoT devices in my setup, I've just intended to reserve the IP address of the switches connected to the R605, so I can easily access their page.

As it has never worked properly, I could have even deleted those configuration if it helped temporarily manage to be able to run the v1.2.0 firmware.

 

Now, I'm confused. In the linked thread about "fixed IP..." I couldn't any mention about the router getting bricked after the update, they only complain about the IP reservation not taking effect.

Did the v1.2.0 firmware break my router's operation because of that insignificant IP address reservation setup?

It would be helpful if someone with knowledge could give an answer to make it sure that this is actually the same situation indeed.

1
1
#4
Options
Re:The latest firmware v1.2.0 for TL-R605 has a serious bug. Don't upgrade!
2022-04-27 22:56:58

  @Arion I remember to have read a thread about not setting ACL in standalone before upgrading, beta fixes only dhcp issue and you describe that the dhcp issue was caused by ACL. I am not tp-link dev and they did not publish exact info, I can not know, but I strongly assume that not working dhcp did not have anything to do with ACL in standalone mode simply because dhcp issue affects all devices (not only IoT to which Fae was pointed) and that with routers which do not have any acl settings (defaults) as well as no ACL setting was set prior to adopting. By that, I do believe that you might speak about different issues, but from what you posted in first thread about breaking the network by breaking dhcp because of ACL, I simply wanted to point to already available solution which is beta firmware for router.

 

Like I mentioned, I remeber to have read about ACL&standalone and omada adopting, but as far as I remember it had only to do with managed switches, not with dhcp. Like I said, I flashed it on already 10 routers and none of them was bricked nor failed to adopt or similar. If you use ACL, simply backup your standalone settings, then reset your router to factory defaults, then integrate in omada and set your ACL settings, then you will know if on some point some device becomes unreachable. If it does not work, you can revert back to standalone mode and restore your working settings. As you do have a backup and if you want to help tp-link devs (not sure it helps), you can also simply flash with defined ACL in standalone mode and see if anything breaks, but if you are aware of possibility that something can go wrong, then make sure that you either are physically on location or that you can ask somebody who can hard reset device in case it is required.

 

There are some other issues unconnected to current firmware or your issue describe, like if one uses defined password for router and then resets the router without backing up those credentials, but those things are described in various guides/faq's and is I guess out of scope to discuss it here.

 

Hope that helps.

0
0
#5
Options
Re:The latest firmware v1.2.0 for TL-R605 has a serious bug. Don't upgrade!
2022-04-27 23:14:46 - last edited 2022-04-27 23:16:52

Thanks again.

I have this router in standalone mode, I don't have OC200, nor I want to connect a windows pc to use the software version of Omada.


I wrote my situation in that thread I linked in the first post here.

Unfortunately (and incidentally) I've already tried that scenario, too, when I reconfigured the router after hard reset and it became unaccessible right after I added the only ACL rule I needed. If it's not accessible, I assume that DHCP doesn't work. But I couldn't figure it out by my own, I just saw others' posts on this forum mentioning this possibility for the failing firmware update.

 

Now I can only use the router with the reverted v1.1.1 firmware.
I'm not in a hurry to upgrade, I don't want to push the developers to give me an ETA.

I prefer them to bake the new update without this sort of serious bug that didn't just break a feature, it made the router unusable for those who use ACL rules.

 

What do you mean "flash with defined ACL"?

1
1
#6
Options
Re:The latest firmware v1.2.0 for TL-R605 has a serious bug. Don't upgrade!-Solution
2022-04-28 03:10:23 - last edited 2022-04-28 03:20:09

Dear @Arion, @Phoenclix, @btx,

 

Arion wrote

Unfortunately, the official thread doesn't inform you about it, so I'm compelled to create this one. I don't want others to screw their time with this nightmare I went through.

 

If you have an R605 router configured with ACL rules in standalone mode, the new update v1.2.0 will cause DHCP not working, leaving the device non-functioning.

Others have already reported about the issue here and someone confirmed that developers had recognized it as a bug in the new firmware.

 

Do not upgrade from v1.1.1 to v1.2.0!

Let's wait for the bugfix.

 

Sorry for any trouble caused. You didn't elaborate on your ACL configuration, but I guess that you used the "!" to set a Source/Destination Network to create the ACL rules. If it's the case, the issue you have is the same as it's mentioned in this post (yes, you already found it).

 

The main cause of the issue is that the 1.2.0 firmware has adjusted the ACL rules strategy, when the ACL rules created with a "!" network, it will also restrict the access to the gateway itself. That's why the clients are unable to obtain IP addresses from the DHCP after the 1.2.0 firmware update.

 

I'll add a note in the thread (link) you mentioned to inform others about this change. Thank you @Arion for your thoughtful suggestion.

New to the TP-Link Community? Getting Started from this thread: https://community.tp-link.com/en/business/forum/topic/551684
Recommended Solution
2
2
#7
Options
Re:The latest firmware v1.2.0 for TL-R605 has a serious bug. Don't upgrade!
2022-04-28 03:24:39

I also use the ER605 in standalone mode, it is configured making extensive use of DHCP and ACL. The router is providing main internet access to my small business and as such cannot simply be turned off for hours of firmware upgrade and troubleshooting. The experience of upgrading to firmware 1.2 was painful and costly - not a common experience.

 

IMHO the described issue converts a perfectly working router into one that is incapable of using VLANs securely. For that reason I would recommend pulling it or at least clearly documenting it. Either should happen in a short time frame.

 

I am working in the IT industry and I am fully aware that issues happen. What separates the cream from the crop is how issues are dealt with.

 

This issue has been documented in multiple forum threads, yet not mentioned in a bug list of the firmware or the thread announcing the new firmware. I am used to upgrading firmware for bug fixes and new functionality and routinely check the documentation before applying - I don't think that the need to search a community forum should be necessary.

 

I am looking forward to a fix and upgrading to a new firmware because of other fixes (such as the one described) and the new features. Now I know that I need to guard my business and budget sufficient downtime for that endeavor.

0
0
#8
Options
Re:The latest firmware v1.2.0 for TL-R605 has a serious bug. Don't upgrade!
2022-04-28 03:27:20

  @Fae Thanks for documenting this issue. Your post arrived just as I was writing mine.

0
0
#9
Options
Re:The latest firmware v1.2.0 for TL-R605 has a serious bug. Don't upgrade!
2022-04-28 07:41:11 - last edited 2022-04-28 21:28:32

  @Fae 

Thanks. Yes, my only ACL rule was with ! before the vlan's name.

I've posted my setup here before. I had to use a trick to achieve blocking intervlan, creating an unused (phantom) vlan and adding an ACL rule with that after the mark "!".

 

Now I need some help. To use the new firmware I will need to find a new solution for my posted setup.

How can I block intervlan completely between about 50 vlans in standalone mode?

 

As the official thread has already added the following paragraph by @Fae, my previous question is unnecessary.

 

This has been confirmed to be a bug and will be fixed in the next firmware update. As a temporary solution, you may adjust your ACL rules without using "!" for the Source/Destination Network, or stay in the current firmware version and wait for the next firmware update patiently (I don't have ETA for it).

0
0
#10
Options
Re:The latest firmware v1.2.0 for TL-R605 has a serious bug. Don't upgrade!
2022-04-28 14:00:43

  @Fae if the issue with ACL prevents from access to device, does it mean it prevents any access on any vlan including from wan side? I ask, because this might be a workaround for those who run into the issue, at least over wan side one can connect if port forwarding is not broken too.

0
0
#11
Options