"AP Isolation" always active

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3, 4, 5  Next
Author Message
lolcocks
DD-WRT User


Joined: 31 May 2013
Posts: 123

PostPosted: Tue Feb 12, 2019 13:19    Post subject: Reply with quote
RobTheGob wrote:
I've had the same issues with two Chromecasts (v1 & v2), on my E4200's. I can only get them to work if I roll back to builds before the KRACk fix.

I'm currently running dd-wrt.v24-34411_NEWD-2_K3.x_mega-e4200 and can't reliably connect to my Chromecasts.

This bug may be related: http://svn.dd-wrt.com/ticket/6120

Not much action in it - I doubt anybody is working on it... I'm not sure where else to report DD-WRT bugs?



Now I found another weird thing.

If I ping laptop A from Laptop B, laptop B is able to access laptop A over Windows Network Sharing. But not vice versa.

In simple words, if I ping a laptop, I am able to access it from the device that pinged it.

Otherwise I will have to turn off Wireless Security completely to make Windows Sharing work (and have my neighbours steal my WiFi).
Sponsor
lolcocks
DD-WRT User


Joined: 31 May 2013
Posts: 123

PostPosted: Tue Feb 12, 2019 17:04    Post subject: Reply with quote
A new ticket has been created:

https://svn.dd-wrt.com/ticket/6556
seanwrt
DD-WRT Novice


Joined: 15 Feb 2019
Posts: 3

PostPosted: Fri Feb 15, 2019 18:58    Post subject: Reply with quote
I'm a new user of dd-wrt and ran into this issue with bonjour devices being unavailable on my Asus N66U. For whatever it's worth to others trying to find a solution, I've followed through some of the comments and downgraded to build 33006 and now everything is working. I'm not too worried about the Krack bug in my tiny neighborhood.
danielwritesback
DD-WRT User


Joined: 29 Aug 2011
Posts: 239

PostPosted: Tue Feb 19, 2019 10:40    Post subject: Reply with quote
seanwrt wrote:
...ran into this issue with bonjour devices being unavailable on my Asus N66U. ...I've followed through some of the comments and downgraded to build 33006 and now everything is working....

Did you use the K2.6 or the K3?

_________________
Broadcom:
WNR3500Lv2 DD-WRT 33525 K3 Giga
3 R6300.1 mips DD-WRT 42617 Giga
E3000 5ghz multicast AP Toastman 2017 RT
E2000 5ghz multicast AP DD-WRT 33525 K2.6
WRT54GSv2 long range AP HyperWRT 15
R6250 (retired--too hot)
Atheros:
Archer C7v2 AP DD-WRT 35831
DIR-835 Gargoyle 1.11 2019
3 WR841Nv9 AP DD-WRT 33006
seanwrt
DD-WRT Novice


Joined: 15 Feb 2019
Posts: 3

PostPosted: Wed Feb 20, 2019 15:51    Post subject: Reply with quote
danielwritesback wrote:
Did you use the K2.6 or the K3?


K3. Specifically I downgraded to dd-wrt.v24-33006_NEWD-2_K3.x_mega_RT-N66U.trx

I did notice your comments about 33525 being usable on your netgear as well but I just went with the earlier build since it was confirmed to work on an asus. I would consider testing other builds, but my wife has been frustrated enough lately with our network and now that everythings working I may leave things as is.
danielwritesback
DD-WRT User


Joined: 29 Aug 2011
Posts: 239

PostPosted: Fri Feb 22, 2019 7:00    Post subject: Reply with quote
seanwrt wrote:
K3. Specifically I downgraded to dd-wrt.v24-33006_NEWD-2_K3.x_mega_RT-N66U.trx

I did notice your comments about 33525 being usable on your netgear as well but I just went with the earlier build since it was confirmed to work on an asus. I would consider testing other builds, but my wife has been frustrated enough lately with our network and now that everythings working I may leave things as is.
33006.k3 and 33525.k3 are extremely similar; so, if it is working now, I suggest to leave it be.

33525.k3 didn't work on my E4200, and it did an incomplete job on my r6300v1 (brother to your asus) until I turned on IGMP from the network tab. So, I'm thankful to know that 33006.k3 provides an alternative.

P.S. The K2.6 versions also work.
sunnytoes
DD-WRT Novice


Joined: 26 Feb 2019
Posts: 2

PostPosted: Sun Mar 17, 2019 8:16    Post subject: chromecast on 2.44 laptop 5ghz, not able to configure Reply with quote
discerr wrote:
I'm also running 34311 on an RT-AC66U, and I can confirm that AP isolation appears to be occurring; I can't cast to my Chromecast (on my 2.4GHz AP) from my laptop (on my 5GHz AP). If my laptop connects to my 2.4GHz network, casting works fine.


Actually thats by design, these days. the Google Home App must be conencted to the same AP, and the same Freq, per the docs.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7610
Location: Texas, USA

PostPosted: Sun Mar 17, 2019 12:02    Post subject: Re: chromecast on 2.44 laptop 5ghz, not able to configure Reply with quote
sunnytoes wrote:
discerr wrote:
I'm also running 34311 on an RT-AC66U, and I can confirm that AP isolation appears to be occurring; I can't cast to my Chromecast (on my 2.4GHz AP) from my laptop (on my 5GHz AP). If my laptop connects to my 2.4GHz network, casting works fine.


Actually thats by design, these days. the Google Home App must be connected to the same AP, and the same Freq, per the docs.


That clarifies some things. But I think there was some intention to 'fix' that in DD-WRT, or maybe the gtk and KRACK fixes broke the intended functionality of the manufacturer by design. I can't speculate on that, but.
knob-creek
DD-WRT Novice


Joined: 29 Nov 2013
Posts: 33
Location: Düsseldorf, Germany

PostPosted: Sun Mar 17, 2019 21:23    Post subject: iptables Reply with quote
Actually, you need to use -v to see, which interfaces are affected:
Code:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 5766  993K ACCEPT     0    --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED
   15  5042 ACCEPT     udp  --  vlan2  any     anywhere             anywhere            udp spt:bootps dpt:bootpc
    0     0 DROP       udp  --  vlan2  any     anywhere             anywhere            udp dpt:route
    0     0 DROP       udp  --  br0    any     anywhere             anywhere            udp dpt:route
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere            udp dpt:route
  650 46143 ACCEPT     0    --  br0    any     anywhere             anywhere           
    0     0 DROP       icmp --  vlan2  any     anywhere             anywhere           
    0     0 DROP       igmp --  any    any     anywhere             anywhere           
    9   629 ACCEPT     0    --  lo     any     anywhere             anywhere            state NEW
    0     0 ACCEPT     0    --  br0    any     anywhere             anywhere            state NEW
  247 25414 DROP       0    --  any    any     anywhere             anywhere
sunnytoes
DD-WRT Novice


Joined: 26 Feb 2019
Posts: 2

PostPosted: Thu Apr 04, 2019 2:04    Post subject: Re: iptables Reply with quote
knob-creek wrote:
Actually, you need to use -v to see, which interfaces are affected:
Code:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 5766  993K ACCEPT     0    --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED
   15  5042 ACCEPT     udp  --  vlan2  any     anywhere             anywhere            udp spt:bootps dpt:bootpc
    0     0 DROP       udp  --  vlan2  any     anywhere             anywhere            udp dpt:route
    0     0 DROP       udp  --  br0    any     anywhere             anywhere            udp dpt:route
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere            udp dpt:route
  650 46143 ACCEPT     0    --  br0    any     anywhere             anywhere           
    0     0 DROP       icmp --  vlan2  any     anywhere             anywhere           
    0     0 DROP       igmp --  any    any     anywhere             anywhere           
    9   629 ACCEPT     0    --  lo     any     anywhere             anywhere            state NEW
    0     0 ACCEPT     0    --  br0    any     anywhere             anywhere            state NEW
  247 25414 DROP       0    --  any    any     anywhere             anywhere


Call me dense or lazy. plz. But tell me what this means!
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7610
Location: Texas, USA

PostPosted: Thu Apr 04, 2019 15:21    Post subject: Reply with quote
I'm wondering now if this is all tied into the 'broken' SFE you mentioned in the other thread @knob-creek. I haven't tested disabling SFE yet, but I've also turned off my 2.4GHz radio since it's not being used, and to see if it was culprit to other wi-fi issues.
pietrek
DD-WRT Novice


Joined: 07 Jan 2016
Posts: 1

PostPosted: Sat Apr 06, 2019 14:52    Post subject: Reply with quote
Happening to me as well on a Linksys WRT1200AC V2 (Marvell-based device, so it seems it's not BCM-specific) running 39296 build.
Tried disabling SFE - did not help.
What's strange is that sometimes (for a reboot, or two) everything works and sometimes the bug shows up.
knob-creek
DD-WRT Novice


Joined: 29 Nov 2013
Posts: 33
Location: Düsseldorf, Germany

PostPosted: Sun Apr 07, 2019 21:49    Post subject: Reply with quote
kernel-panic69 wrote:
I'm wondering now if this is all tied into the 'broken' SFE you mentioned in the other thread @knob-creek.


As already mentioned in the other thread: After disabling SFE first everything seemed to work much better. But after some time, the known issues were back.

The situation is exactly as described in ticket 6556. Sometimes, connections blocked (e. g. to my cell phone, from which i cannot send pings) are even working again spontaneously.

I have now enabled logging to a PI connected by wire. Except for some messages like
Quote:
Apr 7 21:14:30 dark-knight kernel: br0: received packet on eth1 with own address as source address

The content of the log looks harmless.

Except that i had to filter out huge amounts (10 MB/min!) of totally weird messages regarding some "timer":
Quote:
Apr 4 19:54:44 dark-knight : timer : #0 (0x42ef00)->0x42ef40: #0110 sec 0 usec#0110x4033a9
Apr 4 19:54:44 dark-knight : timer : #1 (0x42ef40)->0x42ef80: #0110 sec 0 usec#0110x4033a9
Apr 4 19:54:44 dark-knight : timer : #2 (0x42ef80)->0x42efc0: #0110 sec 0 usec#0110x4033a9
Apr 4 19:54:44 dark-knight : timer : #3 (0x42efc0)->0x42cb00: #0110 sec 0 usec#0110x4033a9
Apr 4 19:54:44 dark-knight : timer : #4 (0x42cb00)->0x42cbc0: #0110 sec 0 usec#0110x4033a9
Apr 4 19:54:44 dark-knight : timer : #5 (0x42cbc0)->0x42cc20: #0110 sec 0 usec#0110x4033a9
Apr 4 19:54:44 dark-knight : timer : #6 (0x42cc20)->0x42cc60: #0110 sec 0 usec#0110x4033a9
Apr 4 19:54:44 dark-knight : timer : #7 (0x42cc60)->0x42cca0: #0110 sec 0 usec#0110x4033a9
Apr 4 19:54:44 dark-knight : timer : #8 (0x42cca0)->0x42b260: #0110 sec 0 usec#0110x4033a9
Apr 4 19:54:44 dark-knight : timer : #9 (0x42b260)->0x42b220: #0110 sec 0 usec#0110x4033a9
Apr 4 19:54:44 dark-knight : timer : #10 (0x42b220)->0x42cb80: #0110 sec 0 usec#0110x4033a9
hellork
DD-WRT Novice


Joined: 19 Apr 2019
Posts: 1

PostPosted: Fri Apr 19, 2019 21:49    Post subject: Exact same issue (fixed?) Reply with quote
This problem with AP's being wrongly isolated appeared after turning on "Bluetooth Coexistence" mode under Wireless->Advanced Settings.

I recalled what changed, so I did some playing around with it.

* Turn off Bluetooth Coexistence and I am able to ping and access other computers on the network.

* Turn on Bluetooth Coexistence and the home network is inaccessible again. (Internet still works.)

* Some hosts get 88% packet loss trying to ping the router when Bluetooth Coexistence mode is on.

* Bluetooth Coexistence does not coexist with Bluetooth devices as advertised. Turning on Bluetooth keyboard still knocks the tablet offline.

* Bluetooth Coexistence seems to be wrongly hooked up to AP isolation. Hmmm. Wonder if turning on AP isolation will fix the Bluetooth...

Router Model Linksys WRT54Gv8 / GSv7
Firmware Version DD-WRT v24-sp2 (10/10/09) micro - build 13064
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1516
Location: Belgrade

PostPosted: Sat Apr 20, 2019 8:27    Post subject: Re: Exact same issue (fixed?) Reply with quote
hellork wrote:
DD-WRT v24-sp2 (10/10/09) micro - build 13064


you have 10 years old build?! Upgrade to latest and then report back...

this way it is hard to say what is wrong because a lot of things changed during this period of time...
Goto page Previous  1, 2, 3, 4, 5  Next Display posts from previous:    Page 4 of 5
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum