TCP Connections May Fail Between Different VLANs On The Same EAP650/ EAP670/ EAP653

TCP Connections May Fail Between Different VLANs On The Same EAP650/ EAP670/ EAP653

TCP Connections May Fail Between Different VLANs On The Same EAP650/ EAP670/ EAP653
TCP Connections May Fail Between Different VLANs On The Same EAP650/ EAP670/ EAP653
2022-08-12 06:34:01 - last edited 2022-12-26 04:01:56

This Article Applies to:

 

EAP650 v1/ v1.20/ v1.26

EAP670 v1/ v1.20/ v1.26

EAP653 v1/ v1.6

 

Issue Description/Phenomenon:

 

Recently we received feedback that TCP connections (such as Remote Desktop) failed between clients connected to different VLAN SSIDs on the same EAP650/ EAP670/ EAP653. Here is the case details.

 

Topology & Setup: 

Internet --- Router --- EAP650 SSID1 & SSID2 ))) ((( PC1 & PC2

VLAN1 (SSID1): 192.168.1.x/24

VLAN3 (SSID3): 192.168.3.x/24

 

Problem:

  • When the PC1 & PC2 are connected to the different SSIDs respectively, TCP connections (such as remote desktop) are broken between the two for anything beyond a simple network ping, i.e., the client on VLAN1 can ping the client on VLAN3 but the attempt to open a remote desktop connection ends up a failure.

  • When two PCs are each connected to the same VLAN SSID, the Remote Desktop connection works as expected.

 

Related Threads:

EAP670 multiple SSID issue

Issues with tcp connections between VLANs on the same AP

 

Available Solutions:

 

The issue has been located and TP-Link will release the official firmware soon to resolve the issue.

If you are looking for a quick solution, you may install the Beta firmware below to fix the issue temporarily.

 

Note: Please be sure you have read the Beta Test Agreement before proceeding!

 

For EAP650 v1/ v1.20/ v1.26:

EAP650_v1_1.0.0_Build20220804(Beta)

 

For EAP653 v1/ v1.6:

EAP653_v1_1.0.0_Build20220804(Beta)

 

For EAP670 v1/ v1.20/ v1.26:

EAP670_v1_1.0.0_Build20220804(Beta)

 

Note: the above Beta firmware has added the PPSK support.

 

Thank you for your attention!

 

Feedback:
 

If this was helpful, welcome to give us Kudos by clicking the upward triangle below.

If there is anything unclear in this solution post, please feel free to comment below.

 

Thank you in advance for your valued feedback!

Happy New Year! Meet Us at CES 2023 | Featuring Wi-Fi 7, Omada Business Networking, VIGI Video Surveillance
  6      
  6      
#1
Options
31 Reply
Re:TCP Connections May Fail Between Different VLANs On The Same EAP650/ EAP670/ EAP653
2022-09-14 07:05:19

  @Fae 

 

Hi, any news concerning final version? For a business AP this is a serious issue and we cannot use beta firmware within our network (security reasons).

  3  
  3  
#2
Options
Re:TCP Connections May Fail Between Different VLANs On The Same EAP650/ EAP670/ EAP653
2022-09-27 03:02:33

  @Fae Do you guys have plans on releasing this firmware? Its been a while since the bugs have been identified and the firmware is still  in beta stage. No company would let us install beta stuff in PRODUCTION deployments.

  1  
  1  
#3
Options
Re:TCP Connections May Fail Between Different VLANs On The Same EAP650/ EAP670/ EAP653
2022-10-02 13:07:36

  @Fae 

 

Hi. Any news on final firmware? Waiting since a long long time now... Looks like there is only little going forward?

  0  
  0  
#4
Options
Re:TCP Connections May Fail Between Different VLANs On The Same EAP650/ EAP670/ EAP653
2022-10-17 21:05:53

  @Fae Any updates on this firmware being released?

  1  
  1  
#5
Options
Re:TCP Connections May Fail Between Different VLANs On The Same EAP650/ EAP670/ EAP653
2022-10-23 21:44:09

  @Fae I'm experiencing issues on EAP650(EU) v1.0. If using PPSK without radius and assigning a VLAN to a client, some untagged traffic is leaking to the client including all IPv6 router advertisements which allows the client to assign wrong IPv6 addresses from the untagged management VLAN.

 

This behaviour does not occur if a SSID for a single VLAN is used or the VLAN option on the SSID is selected and assigned to any VLAN while using PPSK without radius authentication. The latter is a suitable workaround for now.

  1  
  1  
#6
Options
Re:TCP Connections May Fail Between Different VLANs On The Same EAP650/ EAP670/ EAP653
2022-10-29 21:31:15

  @Fae Any news for the release of the new firmware? With the Beta running i have an issue that some devices will lose the vlan after some time. After rebooting the AP the devices get their vlans.

  0  
  0  
#7
Options
Re:TCP Connections May Fail Between Different VLANs On The Same EAP650/ EAP670/ EAP653
2022-11-02 07:09:56

  @CuBiC I have similar problem with EAP610 (no PPSK or radius was used). Having multiple SSID with VLANs and untagged management VLAN. It was working fine, but some time after panic / ssh restart (reboot trough controller did not trigger it) clients on WiFi were able to communicate trough untagged VLAN and obtained IP from DHCP on untagged management network. I've set tagged management VLAN and that solved my problem. Maybe clients/EAP is still trying to use untagged packets, but they are dropped on my router.

It seems like a big security issue, but after several months this is still not fixed, so I sold EAP610. And this was not the only issue I found with EAP610.

 

  0  
  0  
#8
Options
Re:TCP Connections May Fail Between Different VLANs On The Same EAP650/ EAP670/ EAP653
2022-11-02 12:05:15

  @Fae could you please reply?  Its verry frustrating to get no answer from the tp link support

  0  
  0  
#9
Options
Re:TCP Connections May Fail Between Different VLANs On The Same EAP650/ EAP670/ EAP653
2022-11-02 15:56:21

It is very frustrating and very bad support. I waited 3 months and I returned mine with a restocking fee of 20%. I have since gone back to my trusty 225. It seems to me that we are the guinea pigs here. The time I lost on EAP 650 was not worth the price I paid for TP-Link. Going forward I am gonna avoid this brand and pay more to get a better brand with good QA and support

  0  
  0  
#10
Options
Re:TCP Connections May Fail Between Different VLANs On The Same EAP650/ EAP670/ EAP653
2022-11-08 20:52:47

  @Fae any news? How long do we have to wait?

  2  
  2  
#11
Options