ER8411- NAT - Virtual server - large range of ports translation not working - both SDN/SA modes
Hello,
I have replace the TL-ER6120 v3 with a ER8411 1.0.2.
I'm now facing front of big issue with range ports forwarding needed by my server.
In controller mode (OC300 5.7.6) :
First bug when I tried to add UDP ports range forward from 9000 till 10999, the controller replied that the start port must be lower to the end port, and I was forced to use 2 separates rules to add all those ports, 9000-9999 then add 10000-10999.
But even this bug forms turn around, the tests to check the reals ports mappings failed with showing shuffle externals ports opened (ex. 9000 IN->>29929 OUT), and I can’t get the right access to the server if behind the ER8411.
In Standalone mode:
I didn’t met the bug of non acceptance port entry 9000-10999, but the mapping ports issue is the same than in controller mode, wrong ports opened EXTERNALY..
Temporary, I have now reconnect the TL-ER6120 in front of/before the ER8411 to make the server again online, as I don’t have any issue with his ports mapping settings, and I have connect the ER8411 behind/after the ER6120. (using 2 NAT is in despite a temporary solution)
I can confirm that ER8411 can correctly manage/translate/forward ONE port mapping, but in my case it can’t be a solution to setting hundreds ports opening one by one.
Maybe I'm missing out something here with my settings ?
ISP directly connected to Wan/Lan4 port ER8411 and got dynamic IP
Server directly connected to Wan/Lan8
DHCP running from ER8411 -- IP reserved for the server 192.168.10.50
NAT-Port Forwarding rules:
Does anyone got some issue with large range ports forwarding with the SDN5.6.7 and ER8411 1.0.2 ?
Best Regards,
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @WallyRT
Hi,
Here is the link for the Beta Firmware.
Always be careful with Beta in production environment :
TP-LINK_ER8411_UN_1.0.3_20230411_BETA firmware Fix 3CX and FULL CONE NAT issue & NAT Type on the Xbox or Playstation 5 is still detected as STRICT NAT or TYPE 3
Officially posted here: "Solution to ER8411 NAT - Virtual Server or UPnP Not Working Issues"
- Copy Link
- Report Inappropriate Content
Hello @Pascal,
Pascal wrote
Hello,
Can you check with engineers if the latest official firmware ER8411(UN)_V1_1.1.0 Build 20230705 include the fix that was into the Beta firmware to resolve the NAT transversal issues ?
Thank you for your inquiry. The NAT transversal issue has been included in the official firmware ER8411(UN)_V1_1.1.0 Build 20230705. I'll update the relevant solution post later.
- Copy Link
- Report Inappropriate Content
@Hank21 Hello , I see you're following with conscientious the Business router postings.
Any clue about my Issue ?
is it maybe related to firmware from the ER8411 or worse with the one from SDN 5.7.6 ?
- Copy Link
- Report Inappropriate Content
it seems like this is a controller bug, I have v 5.9.9 and get the same error on the ER605,v1,v2 ER7206 and ER8411 sites
- Copy Link
- Report Inappropriate Content
Hi @Pascal
This issue has been reported to our R&D team
I'll update this post as soon as possible once the beta version is available.
Subscribe the following post to get the newest firmware notification for your Omada router :)
Current ER605 / ER7206 / ER8411 Firmware Releases - [Constantly Updated]
Edit: We are going to fix this issue on controller version V5.9.31
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
OK, then it can be a SDN firmware issue AND in the same time a firmware Device Router Issue
because I got the problem with the router in STAND ALONE mode too.
do you have possibility to test your ER8411 v1.0.2 in stand alone mode ?
- Copy Link
- Report Inappropriate Content
Dear @Hank21
Can you please explain to me how a update of the SDN controller will fix an issue with a router in STAND ALONE mode ?
I'm afraid we are loosing time with just a focus on the SDN firmware if the router still use a bugy firmware.
How a Router can be correctly manage by a controller if he is already in trouble in stand alone modus ?
Can TP-Link be fair and give to me the exact development's state of the ER8411 ?
This device, already on the market from months, and apparently don't look to be ready to work in production environment even less to manage entreprise network .
We didn't purshase the ER8411 to participate at his development, and the device is not officialy sale as a BETA device.
I understand well there can be some cosmetics addons or small development afterwall or securities holes that can be fixe after
but here we are on a BASIC fonction of routing that make this router non-productive and useless without the ports forwarding.
I opened this post just after sent a request ticket support to TP-Link NL, and BOTH replies are claerly not proffesionals answers:
The email support is now clearly hide theymself to the fact I posted on the community forum and give you the entiere responsability to manage my case.
And you are replying that my issue will be fix with a update of controller, here controller that have nothing to do with the device himself.
I would preferd heard that TP-Link will investigate the issue and provide a fast answer in term of fixing the Device issue or propose a hardware exchange for deffectousity
but here i feel and maybe misunderstand that we are on the wrong way and really not with a professional support to make the HIGH LEVEL ENTREPRISE ROUTER TO SHINE AS AN EXCELLENCE IN PERFORMANCE AND RELIABLE NETWORK DEVICE ON SITE.
May I still give an hope that I will have a real support with our ER8411 issue ?
Warms Regards,
- Copy Link
- Report Inappropriate Content
Hi @Pascal
We are doing research on port forwarding issue in standalone mode.
I found you already tried to contact our support.
I talked with the engineer (who handled your case), and I can confirm he has been aware of the port forwarding issue in standalone mode.
- Copy Link
- Report Inappropriate Content
sorry, I don't have the opportunity to test in stand alone,
it is sad that there should be so many problems with the so-called enterprice router. it doesn't seem like tp-link cares that much either, they don't do much to fix all the bugs.
- Copy Link
- Report Inappropriate Content
After more test and despite the possibility to got Teamviewer help with TP-Link support due to a +8 GMT forks proposal from them,
and production site can't be interrupted during daytime GMT+2,
I can confirm more details about the issue.
UDP port only translation give a randomly mapping for the internal IP.
I don't get a Ful Cone NAT with the ER8411 and it's look like an internal firewal issue from the ER8411.
If I put back my TL-ER6120, No issue at all with my test.
here are the test results with ER8411:
First with UDP 9000-10999
et its going like that til 10999 Port
Now testing only one port at once
retest port 5060 after few seconds and here is
after a minute next test 5060 again another mapping ...etc...
same with port UDP 5090
etc...
Now here are the results test done with TL-ER6120:
With UDP 9000>>>
With UDP5090 and 5060, all fine too
Made test with NMAP too and
both routers open the externals UDP ports but I didn't find a way to check the internal port mapping with NMAP.
So I'm stock with a ER8411 that give issue that compromise the usage of services from outside the Lan to inside the lan with UDP range mapping ports.
- Copy Link
- Report Inappropriate Content
have you tried the new firmware that came out yesterday?
ver 1.0.3 is available for download
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 4305
Replies: 26