AC68U cause major disruption on my LAN....

[mlai]

Guys, been using the AC68U for several weeks and I have to say that it is not quite as reliable as my other two AC66Us.....

I am using AC68U with ASUS firmware 374_339. The AC68U is acting as a router between my LAN and ISP. The AC68U is connected to Netgear GS724T smart switches which also connects to various GS110TP smart switches. I experienced smart switches will go down sporatically with the AC68U connected, which did not happen with AC66U before.

Just a short in the dark, I enabled DOS protection on the switches and low and behold, the switch will disable the port connected to AC68U due to DOS detection. This does not happen when I replace the AC68U with the AC66U acting as a router.

The switch log will show:
<11> Nov 16 18:57:44 192.168.0.9-1 DOS[2171748940]: broad_system.c(4623) 2243 %% Dos Attack:TCP packet with flag SYN set and TCP source port less than 1024 received on the interface 15
<11> Nov 16 18:57:48 192.168.0.9-1 DOS[2181443252]: dos_api.c(586) 2245 %% Interface 15 has been shut down by Dos attack notification

Where AC68U is connected to port 15. DOS protection from WAN is enabled on the AC68U router.

Any of you can verify this?

 

[geops]

Guys, been using the AC68U for several weeks and I have to say that it is not quite as reliable as my other two AC66Us.....

I am using AC68U with ASUS firmware 374_339. The AC68U is acting as a router between my LAN and ISP. The AC68U is connected to Netgear GS724T smart switches which also connects to various GS110TP smart switches. I experienced smart switches will go down sporatically with the AC68U connected, which did not happen with AC66U before.

Just a short in the dark, I enabled DOS protection on the switches and low and behold, the switch will disable the port connected to AC68U due to DOS detection. This does not happen when I replace the AC68U with the AC66U acting as a router.

The switch log will show:
<11> Nov 16 18:57:44 192.168.0.9-1 DOS[2171748940]: broad_system.c(4623) 2243 %% Dos Attack:TCP packet with flag SYN set and TCP source port less than 1024 received on the interface 15
<11> Nov 16 18:57:48 192.168.0.9-1 DOS[2181443252]: dos_api.c(586) 2245 %% Interface 15 has been shut down by Dos attack notification

Where AC68U is connected to port 15. DOS protection from WAN is enabled on the AC68U router.

Any of you can verify this?

I am pretty sure this problem is specific to the ac68 and your smart switch. The switch doesn't like a packet that comes from the ac68 which in no way means there is a dos attack. Just disable the dos on your switches. They're on a hidden local network so using that option is pointless anyway.

 

[mlai]

I am pretty sure this problem is specific to the ac68 and your smart switch. The switch doesn't like a packet that comes from the ac68 which in no way means there is a dos attack. Just disable the dos on your switches. They're on a hidden local network so using that option is pointless anyway.

I did not have the DoS protection off on the Netgear switches, until I experienced network switch disruptions with the AC68U attached. The symptom will be that the switch will be completely unresponsive without DoS enabled on them!

 

[geops]

I did not have the DoS protection off on the Netgear switches, until I experienced network switch disruptions with the AC68U attached. The symptom will be that the switch will be completely unresponsive without DoS enabled on them!

Do you have any loops in your network? Are you running spanning tree on the switches? The AC68 has SPT enabled by default I think. Maybe you should disable SPT as in some situations it can create problems, especially if it is enabled and your network doesn't have loops. Even in high-end networks a proper switch priority has to be set so the switches don't elect a non-distribution switch to be the root of the SPT. Look for it under the LAN settings.