Business Community > Gateways > Omada ER7206 v2.0 (firmware 2.2.3) mDNS repeater bug causing malformed packets
< Gateways

Omada ER7206 v2.0 (firmware 2.2.3) mDNS repeater bug causing malformed packets

Omada ER7206 v2.0 (firmware 2.2.3) mDNS repeater bug causing malformed packets

Omada ER7206 v2.0 (firmware 2.2.3) mDNS repeater bug causing malformed packets
Omada ER7206 v2.0 (firmware 2.2.3) mDNS repeater bug causing malformed packets
a week ago - last edited Tuesday
Tags: #VLAN & Multi-Networks #Routing #mDNS
Model: ER7206 (TL-ER7206)  
Hardware Version: V2
Firmware Version: 2.2.3

I have a setup with ER7206 v2.0 (firmware 2.2.3), SG2016P v1.20 (1.20.14), and 3 EAP772(US) v1.0 (1.0.14). All controlled through Omada controller 6.0.0.24 and I believe I've found a bug in the mDNS repeater service.

 

I have a vlan for my IoT devices and a vlan for my devices, my soundbars are on the IoT vlan (one Samsung, one LG). Tidal connect won't work across vlans in any way shape or form. I've disabled any ACL blocks and added explicit allows already, and can verify traffic is flowing normally between VLANs. I've also set up mDNS service with the IoT as the server and main as the client, as well as added _tidalconnect._tcp.local as a bonjour service. (I actually added it both ways as a troubleshooting option).

 

However, my phone devices (on the main vlan) still can´t see any of my soundbars on tidal connect, and I believe it is because the mDNS repeater is broadcasting malformed packets. See a relevant packet capture:

 

My Phone asks about tidalconnect:

0000   01 00 5e 00 00 fb 90 b6 22 fe ba a9 08 00 45 00
0010   00 46 5f 01 40 00 ff 11 75 d9 c0 a8 05 28 e0 00
0020   00 fb 14 e9 14 e9 00 32 f6 6d 00 01 00 00 00 01
0030   00 00 00 00 00 00 0d 5f 74 69 64 61 6c 63 6f 6e
0040   6e 65 63 74 04 5f 74 63 70 05 6c 6f 63 61 6c 00
0050   00 0c 80 01
 

The mDNS repeater repeats it:

0000   01 00 5e 00 00 fb 24 2f d0 7f b9 c0 81 00 00 06
0010   08 00 45 00 00 46 b6 6a 40 00 ff 11 1d 97 c0 a8
0020   06 01 e0 00 00 fb 14 e9 14 e9 00 32 75 96 00 00
0030   00 00 00 01 00 00 00 00 00 00 0d 5f 74 69 64 61
0040   6c 63 6f 6e 6e 65 63 74 04 5f 74 63 70 05 6c 6f
0050   63 61 6c 00 00 0c 00 01
 

The soundbar responds:

0000   01 00 5e 00 00 fb c8 a6 ef df 0b 32 81 00 00 06
0010   08 00 45 00 01 42 cf b3 40 00 ff 11 03 33 c0 a8
0020   06 20 e0 00 00 fb 14 e9 14 e9 01 2e ce 78 00 00
0030   84 00 00 00 00 01 00 00 00 06 0d 5f 74 69 64 61
0040   6c 63 6f 6e 6e 65 63 74 04 5f 74 63 70 05 6c 6f
0050   63 61 6c 00 00 0c 00 01 00 00 11 94 00 2c 29 48
0060   57 2d 51 38 30 30 44 2d 37 39 35 65 63 32 35 66
0070   61 30 63 66 63 63 36 34 32 35 62 37 35 39 30 39
0080   30 31 65 36 64 38 66 33 c0 0c c0 30 00 10 80 01
0090   00 00 11 94 00 4b 0b 6d 6e 3d 48 57 2d 51 38 30
00a0   30 44 04 63 61 3d 35 23 69 64 3d 37 39 35 65 63
00b0   32 35 66 61 30 63 66 63 63 36 34 32 35 62 37 35
00c0   39 30 39 30 31 65 36 64 38 66 33 10 66 6e 3d 53
00d0   6f 75 6e 64 62 61 72 20 53 61 6c 61 04 76 65 3d
00e0   31 c0 30 00 21 80 01 00 00 00 78 00 12 00 00 00
00f0   00 c0 52 09 6c 6f 63 61 6c 68 6f 73 74 c0 1f c0
0100   c5 00 01 80 01 00 00 00 78 00 04 c0 a8 06 20 c0
0110   c5 00 1c 80 01 00 00 00 78 00 10 fe 80 00 00 00
0120   00 00 00 ca a6 ef ff fe df 0b 32 c0 30 00 2f 80
0130   01 00 00 11 94 00 09 c0 30 00 05 00 00 80 00 40
0140   c0 c5 00 2f 80 01 00 00 00 78 00 08 c0 c5 00 04
0150   40 00 00 08
 

The mDNS repeater repeats it with malformed packet:

0000   01 00 5e 00 00 fb 24 2f d0 7f b9 c0 08 00 45 00
0010   01 26 85 3d 40 00 ff 11 4e e4 c0 a8 05 01 e0 00
0020   00 fb 14 e9 14 e9 01 12 b9 6d 00 00 84 00 00 00
0030   00 06 00 00 00 00 0d 5f 74 69 64 61 6c 63 6f 6e
0040   6e 65 63 74 04 5f 74 63 70 05 6c 6f 63 61 6c 00
0050   00 0c 00 01 00 00 11 94 00 2c 29 48 57 2d 51 38
0060   30 30 44 2d 37 39 35 65 63 32 35 66 61 30 63 66
0070   63 63 36 34 32 35 62 37 35 39 30 39 30 31 65 36
0080   64 38 66 33 c0 0c 09 6c 6f 63 61 6c 68 6f 73 74
0090   c0 1f 00 2f 80 01 00 00 00 78 00 08 c0 c5 00 04
00a0   40 00 00 08 c0 30 00 2f 80 01 00 00 11 94 00 09
00b0   c0 30 00 05 00 00 80 00 40 c0 5c 00 01 80 01 00
00c0   00 00 78 00 04 c0 a8 06 20 c0 30 00 21 80 01 00
00d0   00 00 78 00 08 00 00 00 00 c0 52 c0 5c c0 30 00
00e0   10 80 01 00 00 11 94 00 4b 0b 6d 6e 3d 48 57 2d
00f0   51 38 30 30 44 04 63 61 3d 35 23 69 64 3d 37 39
0100   35 65 63 32 35 66 61 30 63 66 63 63 36 34 32 35
0110   62 37 35 39 30 39 30 31 65 36 64 38 66 33 10 66
0120   6e 3d 53 6f 75 6e 64 62 61 72 20 53 61 6c 61 04
0130   76 65 3d 31
 

The other soundbar also responds:

0000   01 00 5e 00 00 fb 44 27 45 4d 5b ee 81 00 00 06
0010   08 00 45 00 01 67 d1 35 40 00 ff 11 01 a0 c0 a8
0020   06 0c e0 00 00 fb 14 e9 14 e9 01 53 15 7b 00 00
0030   84 00 00 00 00 01 00 00 00 07 0d 5f 74 69 64 61
0040   6c 63 6f 6e 6e 65 63 74 04 5f 74 63 70 05 6c 6f
0050   63 61 6c 00 00 0c 00 01 00 00 11 94 00 29 26 53
0060   39 30 54 59 2d 66 63 32 36 61 63 31 32 64 64 39
0070   35 34 30 61 36 36 65 32 36 39 64 37 31 30 35 36
0080   31 32 32 66 65 c0 0c c0 30 00 10 80 01 00 00 11
0090   94 00 4a 08 6d 6e 3d 53 39 30 54 59 04 63 61 3d
00a0   34 23 69 64 3d 66 63 32 36 61 63 31 32 64 64 39
00b0   35 34 30 61 36 36 65 32 36 39 64 37 31 30 35 36
00c0   31 32 32 66 65 04 76 65 3d 31 12 66 6e 3d 53 6f
00d0   75 6e 64 62 61 72 20 53 75 c3 ad 74 65 c0 30 00
00e0   21 80 01 00 00 00 78 00 1f 00 00 00 00 07 e3 16
00f0   6c 67 65 2d 73 74 2d 63 34 61 2d 65 6d 6d 63 2d
0100   6d 74 37 36 36 38 c0 1f c0 c1 00 01 80 01 00 00
0110   00 78 00 04 c0 a8 06 0c c0 c1 00 1c 80 01 00 00
0120   00 78 00 10 fe 80 00 00 00 00 00 00 46 27 45 ff
0130   fe 4d 5b ee c0 c1 00 1c 80 01 00 00 00 78 00 10
0140   fd 5c 0d cd 86 2d 12 ae 46 27 45 ff fe 4d 5b ee
0150   c0 30 00 2f 80 01 00 00 11 94 00 09 c0 30 00 05
0160   00 00 80 00 40 c0 c1 00 2f 80 01 00 00 00 78 00
0170   08 c0 c1 00 04 40 00 00 08
 

The mDNS repeater repeats it also with malformed packet:

0000   01 00 5e 00 00 fb 24 2f d0 7f b9 c0 08 00 45 00
0010   01 3d 85 40 40 00 ff 11 4e ca c0 a8 05 01 e0 00
0020   00 fb 14 e9 14 e9 01 29 7d 19 00 00 84 00 00 00
0030   00 06 00 00 00 00 26 53 39 30 54 59 2d 66 63 32
0040   36 61 63 31 32 64 64 39 35 34 30 61 36 36 65 32
0050   36 39 64 37 31 30 35 36 31 32 32 66 65 0d 5f 74
0060   69 64 61 6c 63 6f 6e 6e 65 63 74 04 5f 74 63 70
0070   05 6c 6f 63 61 6c 00 00 10 80 01 00 00 11 94 00
0080   4a 08 6d 6e 3d 53 39 30 54 59 04 63 61 3d 34 23
0090   69 64 3d 66 63 32 36 61 63 31 32 64 64 39 35 34
00a0   30 61 36 36 65 32 36 39 64 37 31 30 35 36 31 32
00b0   32 66 65 04 76 65 3d 31 12 66 6e 3d 53 6f 75 6e
00c0   64 62 61 72 20 53 75 c3 ad 74 65 16 6c 67 65 2d
00d0   73 74 2d 63 34 61 2d 65 6d 6d 63 2d 6d 74 37 36
00e0   36 38 c0 46 00 2f 80 01 00 00 00 78 00 08 c0 c1
00f0   00 04 40 00 00 08 c0 0c 00 2f 80 01 00 00 11 94
0100   00 09 c0 30 00 05 00 00 80 00 40 c0 a1 00 1c 80
0110   01 00 00 00 78 00 10 fd 5c 0d cd 86 2d 12 ae 46
0120   27 45 ff fe 4d 5b ee c0 a1 00 01 80 01 00 00 00
0130   78 00 04 c0 a8 06 0c c0 0c 00 21 80 01 00 00 00
0140   78 00 08 00 00 00 00 07 e3 c0 a1
 

I've added a wireshark packet cap attached for visibility too. There are various reports across the internet of tidal connect not working with Omada mDNS and I believe this malformation of packet is the cause. 

 

File:
malformed packet repeat.pcapng.gzDownload
  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:Omada ER7206 v2.0 (firmware 2.2.3) mDNS repeater bug causing malformed packets-Solution
Tuesday - last edited Tuesday

  @TP_OMADA 

Firmware v2.2.7 for the 7206v2 has just been released and fixes this issue—please upgrade to the latest version.

Wishing you a joyful life and smooth internet! Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates Omada US Enterprise Beta Program Launch
Recommended Solution
  0  
  0  
#3
Options
4 Reply
Re:Omada ER7206 v2.0 (firmware 2.2.3) mDNS repeater bug causing malformed packets
a week ago

There is also a malformed packet case with LG Smart Devices mDNS, though it doesn´t break the connection entirely.

 

My devices asks about _lg-smart-device._tcp.local

0000   01 00 5e 00 00 fb 90 b6 22 fe ba a9 08 00 45 00
0010   00 49 cd a8 40 00 ff 11 07 2f c0 a8 05 28 e0 00
0020   00 fb 14 e9 14 e9 00 35 9d 6e 00 04 00 00 00 01
0030   00 00 00 00 00 00 10 5f 6c 67 2d 73 6d 61 72 74
0040   2d 64 65 76 69 63 65 04 5f 74 63 70 05 6c 6f 63
0050   61 6c 00 00 0c 00 01
 

The router mDNS repeats it

0000   01 00 5e 00 00 fb 24 2f d0 7f b9 c0 81 00 00 06
0010   08 00 45 00 00 49 83 68 40 00 ff 11 50 96 c0 a8
0020   06 01 e0 00 00 fb 14 e9 14 e9 00 35 9c 99 00 00
0030   00 00 00 01 00 00 00 00 00 00 10 5f 6c 67 2d 73
0040   6d 61 72 74 2d 64 65 76 69 63 65 04 5f 74 63 70
0050   05 6c 6f 63 61 6c 00 00 0c 00 01
 

The soundbar responds the query
0000   01 00 5e 00 00 fb 44 27 45 4d 5b ee 81 00 00 06
0010   08 00 45 00 01 ef dc 31 40 00 ff 11 f6 1b c0 a8
0020   06 0c e0 00 00 fb 14 e9 14 e9 01 db a1 09 00 00
0030   84 00 00 00 00 01 00 00 00 07 10 5f 6c 67 2d 73
0040   6d 61 72 74 2d 64 65 76 69 63 65 04 5f 74 63 70
0050   05 6c 6f 63 61 6c 00 00 0c 00 01 00 00 11 94 00
0060   36 33 4c 47 5f 53 4d 41 52 54 5f 41 55 44 49 4f
0070   2d 31 33 64 63 62 61 30 31 2d 38 66 39 65 2d 34
0080   62 39 32 2d 39 30 38 61 2d 38 36 32 30 34 65 32
0090   38 32 39 30 35 c0 0c c0 33 00 10 80 01 00 00 11
00a0   94 00 c2 0d 50 52 4f 54 4f 5f 56 45 52 3d 31 2e
00b0   30 0c 4d 6f 64 65 6c 5f 54 79 70 65 3d 30 0f 41
00c0   53 53 49 53 54 41 4e 54 3d 66 61 6c 73 65 11 69
00d0   70 76 34 3d 31 39 32 2e 31 36 38 2e 36 2e 31 32
00e0   2b 69 70 76 36 3d 66 64 35 63 3a 64 63 64 3a 38
00f0   36 32 64 3a 31 32 61 65 3a 34 36 32 37 3a 34 35
0100   66 66 3a 66 65 34 64 3a 35 62 65 65 2e 64 65 76
0110   69 63 65 5f 69 64 3d 36 62 35 66 39 37 36 31 2d
0120   34 39 31 62 2d 35 36 62 34 2d 38 64 32 37 2d 31
0130   62 64 66 61 33 63 62 31 34 35 63 29 55 55 49 44
0140   3d 31 33 64 63 62 61 30 31 2d 38 66 39 65 2d 34
0150   62 39 32 2d 39 30 38 61 2d 38 36 32 30 34 65 32
0160   38 32 39 30 35 c0 33 00 21 80 01 00 00 00 78 00
0170   1f 00 00 00 00 26 0d 16 6c 67 65 2d 73 74 2d 63
0180   34 61 2d 65 6d 6d 63 2d 6d 74 37 36 36 38 c0 22
0190   c1 49 00 01 80 01 00 00 00 78 00 04 c0 a8 06 0c
01a0   c1 49 00 1c 80 01 00 00 00 78 00 10 fe 80 00 00
01b0   00 00 00 00 46 27 45 ff fe 4d 5b ee c1 49 00 1c
01c0   80 01 00 00 00 78 00 10 fd 5c 0d cd 86 2d 12 ae
01d0   46 27 45 ff fe 4d 5b ee c0 33 00 2f 80 01 00 00
01e0   11 94 00 09 c0 33 00 05 00 00 80 00 40 c1 49 00
01f0   2f 80 01 00 00 00 78 00 08 c1 49 00 04 40 00 00
0200   08

The router repeats the response but with malformed packet
0000   01 00 5e 00 00 fb 24 2f d0 7f b9 c0 08 00 45 00
0010   01 d3 76 31 40 00 ff 11 5d 43 c0 a8 05 01 e0 00
0020   00 fb 14 e9 14 e9 01 bf 04 9f 00 00 84 00 00 00
0030   00 07 00 00 00 00 10 5f 6c 67 2d 73 6d 61 72 74
0040   2d 64 65 76 69 63 65 04 5f 74 63 70 05 6c 6f 63
0050   61 6c 00 00 0c 00 01 00 00 11 94 00 36 33 4c 47
0060   5f 53 4d 41 52 54 5f 41 55 44 49 4f 2d 31 33 64
0070   63 62 61 30 31 2d 38 66 39 65 2d 34 62 39 32 2d
0080   39 30 38 61 2d 38 36 32 30 34 65 32 38 32 39 30
0090   35 c0 0c 16 6c 67 65 2d 73 74 2d 63 34 61 2d 65
00a0   6d 6d 63 2d 6d 74 37 36 36 38 c0 22 00 2f 80 01
00b0   00 00 00 78 00 08 c1 49 00 04 40 00 00 08 c0 33
00c0   00 2f 80 01 00 00 11 94 00 09 c0 33 00 05 00 00
00d0   80 00 40 c0 69 00 1c 80 01 00 00 00 78 00 10 fd
00e0   5c 0d cd 86 2d 12 ae 46 27 45 ff fe 4d 5b ee c0
00f0   69 00 01 80 01 00 00 00 78 00 04 c0 a8 06 0c c0
0100   33 00 21 80 01 00 00 00 78 00 08 00 00 00 00 26
0110   0d c0 69 c0 33 00 10 80 01 00 00 11 94 00 c2 0d
0120   50 52 4f 54 4f 5f 56 45 52 3d 31 2e 30 0c 4d 6f
0130   64 65 6c 5f 54 79 70 65 3d 30 0f 41 53 53 49 53
0140   54 41 4e 54 3d 66 61 6c 73 65 11 69 70 76 34 3d
0150   31 39 32 2e 31 36 38 2e 36 2e 31 32 2b 69 70 76
0160   36 3d 66 64 35 63 3a 64 63 64 3a 38 36 32 64 3a
0170   31 32 61 65 3a 34 36 32 37 3a 34 35 66 66 3a 66
0180   65 34 64 3a 35 62 65 65 2e 64 65 76 69 63 65 5f
0190   69 64 3d 36 62 35 66 39 37 36 31 2d 34 39 31 62
01a0   2d 35 36 62 34 2d 38 64 32 37 2d 31 62 64 66 61
01b0   33 63 62 31 34 35 63 29 55 55 49 44 3d 31 33 64
01c0   63 62 61 30 31 2d 38 66 39 65 2d 34 62 39 32 2d
01d0   39 30 38 61 2d 38 36 32 30 34 65 32 38 32 39 30
01e0   35
 

  0  
  0  
#2
Options
Re:Omada ER7206 v2.0 (firmware 2.2.3) mDNS repeater bug causing malformed packets-Solution
Tuesday - last edited Tuesday

  @TP_OMADA 

Firmware v2.2.7 for the 7206v2 has just been released and fixes this issue—please upgrade to the latest version.

Wishing you a joyful life and smooth internet! Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates Omada US Enterprise Beta Program Launch
Recommended Solution
  0  
  0  
#3
Options
Re:Omada ER7206 v2.0 (firmware 2.2.3) mDNS repeater bug causing malformed packets
Yesterday - last edited Yesterday

  @Ethan-TP For some reason this update isn't showing up for me:

 

  0  
  0  
#4
Options
Re:Omada ER7206 v2.0 (firmware 2.2.3) mDNS repeater bug causing malformed packets
Yesterday

  @TP_OMADA 

You can download the firmware from the official website and upload it manually.Firmware Downloads

 

Wishing you a joyful life and smooth internet! Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates Omada US Enterprise Beta Program Launch
  0  
  0  
#5
Options

Information

Helpful: 0

Views: 179

Replies: 4

Tags

VLAN & Multi-Networks Routing mDNS
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.