Release Asuswrt-Merlin 3006.102.7 is now available

[aex.perez]

Probably will get told this doesn't belong here but this one issue began with 3006.102.7, and there are several others that likely not related to Merlin FW, but here goes...

Since moving to 102.7 and eventually 102.7_2 I occasionlly get this popup AT&T's ActiveArmour on the IPhone on occasion on the Main MLO network, after a few seconds it goes away.

I wouldn't normally be botherd by this but because I'm set up as, the Main Network MLO SSID is set for WPA2/WPA3 personal, Custom Network SSID (mimicking my old AX88/AX86's) WPA2 Personal but here's what has me wondering. When connecting the Sound Bar to Wifi to the Custom Network SSID after applying 102.7 and 102.7_2, I also got a similar message about connecting to an unprotected WiFi network ( set for WPA2-Personal), so I cancelled and tried again, and no warning that second time.

Then this morning got a email from MerlinAU that my BT10 nodes had a new Stock firmware for download. Did that and applied it, after the nodes restarted all went bonkers.
The Router restarted (not sure why, nothing in the log) as the Nodes did, and while the AiMesh showed the nodes connected afterwards (wired backhaul) and some Wireless devived connected to them. The router showed none, and after 30 minutes I checked the log and...

Apr 7 08:55:33 v4cplsy kernel: [0;31mdhd_pktfwd_lut_lkup: dhd_pktfwd_lut_lkup: pool 2 and unit 15 mismatched
Apr 7 08:55:33 v4cplsy kernel: [0m
Apr 7 08:55:33 v4cplsy kernel: br0: port 10(wl1.2) entered disabled state
Apr 7 08:55:33 v4cplsy kernel: [0;31mdhd_pktfwd_lut_lkup: dhd_pktfwd_lut_lkup: pool 1 and unit 15 mismatched
Apr 7 08:55:33 v4cplsy kernel: [0m
Apr 7 08:55:33 v4cplsy kernel: [0;31mdhd_pktfwd_lut_lkup: dhd_pktfwd_lut_lkup: pool 1 and unit 15 mismatched
Apr 7 08:55:33 v4cplsy kernel: [0m
Apr 7 08:55:33 v4cplsy kernel: br0: port 8(wl0.4) entered disabled state
Apr 7 08:55:33 v4cplsy kernel: [0;31mdhd_pktfwd_lut_lkup: dhd_pktfwd_lut_lkup: pool 0 and unit 15 mismatched
Apr 7 08:55:33 v4cplsy kernel: [0m
Apr 7 08:55:33 v4cplsy kernel: [0;31mdhd_pktfwd_lut_lkup: dhd_pktfwd_lut_lkup: pool 0 and unit 15 mismatched
Apr 7 08:55:33 v4cplsy kernel: [0m
Apr 7 08:55:33 v4cplsy kernel: br0: port 7(wl0.2) entered disabled state
Apr 7 08:55:33 v4cplsy kernel: [0;31mdhd_pktfwd_lut_lkup: dhd_pktfwd_lut_lkup: pool 0 and unit 15 mismatched
Apr 7 08:55:33 v4cplsy kernel: [0m
Apr 7 08:55:33 v4cplsy kernel: [0;31mdhd_pktfwd_lut_lkup: dhd_pktfwd_lut_lkup: pool 0 and unit 15 mismatched
Apr 7 08:55:33 v4cplsy kernel: [0m
Apr 7 08:55:33 v4cplsy kernel: br0: port 6(wl0.1) entered disabled state
Apr 7 08:55:33 v4cplsy kernel: [0;31mdhd_pktfwd_lut_lkup: dhd_pktfwd_lut_lkup: pool 0 and unit 15 mismatched
Apr 7 08:55:33 v4cplsy kernel: [0m
Apr 7 08:55:33 v4cplsy kernel: [0;31mdhd_pktfwd_lut_lkup: dhd_pktfwd_lut_lkup: pool 0 and unit 15 mismatched
Apr 7 08:55:33 v4cplsy kernel: [0m
Apr 7 08:55:36 v4cplsy kernel: wfd_registerdevice Successfully registered dev wl0.2 ifidx 2 wfd_idx 0
Apr 7 08:55:36 v4cplsy kernel: Register interface [wl0.4] MAC: c2:cf:84:4e:4d:c4
Apr 7 08:55:37 v4cplsy kernel: Assigning idx[39] for wl1.1
Apr 7 08:55:37 v4cplsy kernel: wfd_registerdevice Successfully registered dev wl1.1 ifidx 1 wfd_idx 1
Apr 7 08:55:37 v4cplsy kernel: Register interface [wl1.1] MAC: 6a:cf:84:4e:4d:c5
Apr 7 08:55:37 v4cplsy kernel: CFG80211-ERROR) wl_cfg80211_add_virtual_iface :
Apr 7 08:55:37 v4cplsy kernel: Recvd application provided mac address:6a:cf:84:4e:4d:c6
Apr 7 08:55:37 v4cplsy kernel: Assigning idx[40] for wl1.2
Apr 7 08:55:37 v4cplsy kernel: wfd_registerdevice Successfully registered dev wl1.2 ifidx 2 wfd_idx 1
Apr 7 08:55:37 v4cplsy kernel: Register interface [wl1.2] MAC: 6a:cf:84:4e:4d:c6
Apr 7 08:55:39 v4cplsy kernel: br0: port 10(wl1.2) entered blocking state
Apr 7 08:55:57 v4cplsy kernel: device wl2 entered promiscuous mode
Apr 7 08:55:57 v4cplsy kernel: br0: port 14(wl2) entered blocking state
Apr 7 08:55:57 v4cplsy kernel: br0: port 14(wl2) entered forwarding state
Apr 7 08:55:57 v4cplsy kernel: CFG80211-ERROR) wl_set_beacon_protection :
Apr 7 08:55:57 v4cplsy kernel: Enter
Apr 7 08:56:01 v4cplsy wlceventd: main(1239): wlceventd Start...

The wlcevetd restart is my restarting WiFi from scMerlin trying to get the devices connecting via the BE96U. Didn't help, devices would not connect via the BE96U but could on the nodes. After some time waiting for things to settle down, I restarted the router via SSH (reboot), and after another 10 minutes, that didn't fix it either. After a few more minutes, went old school and powered it off for a minute then powered it back on, after a few minutes. All the devices started connecting again via the BT96U that before was only aloowing wired devices. Even a two devices that managed to connect but did not get an IP ADDR (0.0.0.0) were able to get an IP (one of them being a WPA devices see below).

A few more questions from this:

1. What doesn't reload from a reboot, and requires a power recycle to restart? I ask because this is the third time a reboot via SSH of this router didn't fix things that only a Power cycle did/does.
2. I have one device, I've since discovered, only supports WPA, but does connect to the Custom Network SSID that's set to WPA2 Personal, should it be able to and could that be influencing why I get the Network unprotected/unsafe warning on both the Main MLO WPA3/WPA2-Personal and Custom Network SSID with WPA2-Personal?
3. In the log, should ignore the LOT of these as debug or are these part of a larger porblem?;

• kernel: WLC_SCB_DEAUTHENTICATE_FOR_REASON err -30
• kernel: SBF: dhd0: INIT [MAC ADDR:] ID 65535 BFW 65535 THRSH 2048

Note: that in Scribe I have " Messages with 'debug' severity level" set to [Currently: Discarded] if that matters

Let me add that I have started from scratch on both the Router (Stock and Merlin) as well as the Nodes more times that I remember, enough to were I can almost rebuild the configs in my sleep across several firmware versions (assuming I try load the correct one, inside joke/previous post ). Asus themselves have reviwed the configs (when I ran stock firmware) and had complained about a separate device supporting WPA2, connecting to the WPA2 subnet and not setting an IP address anytime the Message Board Guest VLAN (separate Subnet) gets enabled, and gave me their blessing noting they had a bug issue with dnsmasq working across different subnets on the BE96U and other routers too.

So far, after applying the firmware upgrades to the nodes, rebooting the nodes post updated, rebooting the router twice via SSH, restarting WiFi via scMerlin, and finally restarting the router from a power recycle is everything running again (hence #1 above), just dreading the next Router or Node Firmware upgrade or touching anything that triggers a router restart (like fiddling with the Network Profiles...

 

[gp067916858]

Sorry, I'm not sure where to put this. After upgrading I noticed something weird with Skynet.
Firmware: 3006.102.7_2Model: GT-AX6000
Skynet appears to be working but it doesn't seem like it's actually filtering any traffic. I tried troubleshooting using our trusty AI models, but I'm not sure if it's giving me false information. Here's the output from the commands I had entered:
# ipset -vipset v7.6, protocol version: 7Warning: Kernel support protocol versions 6-6 while userspace supports protocol versions 6-7
# ipset list -nSkynet-WhitelistSkynet-BlacklistSkynet-BlockedRanges(IPSets exist with 30,738 IPs loaded)
# iptables -S | grep -i skynet(empty)# iptables -L INPUT -n | grep -i skynet (empty)
It's telling me there's a kernel mismatch issue and my SPI firewall is doing the blocking, not Skynet and to report and wait for a Merlin update. I'm not sure if this is a problem or a wild goose chase, but hopefully this helps.

 

[dave14305]

Skynet appears to be working but it doesn't seem like it's actually filtering any traffic

How does it seem? What do you see that raises doubts?

trusty AI models, but I'm not sure if it's giving me false information

of course it is lying to you.
See if the rules exist in the raw table.

iptables -t raw -nvL

 

[gp067916858]

How does it seem? What do you see that raises doubts?

of course it is lying to you.
See if the rules exist in the raw table.

iptables -t raw -nvL

Thank you! The rules do exist in the raw table. AI was convinced that since iptables -L Skynet -n didn't produce anything there "must" be a problem.

 

[dave14305]

Thank you! The rules do exist in the raw table. AI was convinced that since iptables -L Skynet -n didn't produce anything there "must" be a problem.

You don't have to convince me. I already believed AI was stupid.

 

[gp067916858]

Thank you! The rules do exist in the raw table. AI was convinced that since iptables -L Skynet -n didn't produce anything there "must" be a problem.

I was running a script to check my services, and it showed Skynet as down and that's what started this rabbit hole. It was working before, but I noticed recently it would give me the false down message. The line I'll need to update is: echo "Skynet: $(ps | grep -q "[f]irewall" && echo "Running ✓" || echo "DOWN ✗")" && \

 

[dave14305]

I was running a script to check my services, and it showed Skynet as down and that's what started this rabbit hole. It was working before, but I noticed recently it would give me the false down message. The line I'll need to update is: echo "Skynet: $(ps | grep -q "[f]irewall" && echo "Running ✓" || echo "DOWN ✗")" && \

Skynet shouldn't be "running" except at the top of the hour and during any other scheduled cron tasks. Otherwise, you wouldn't expect to see "firewall" in the process list.

But this is completely off-topic for this thread.

 

[Igor]

How can I remotely find the serial number of my ASUS RT-BE88U fw 3006.102.7_2?

AiMesh issue.
When the RP-BE58 is connected to the network via Ethernet within the stable WiFi range of the RT-BE88U, the connection is fast and stable. When connected via Ethernet without WiFi, the RP-BE58's chances of successfully connecting are close to zero, unlike the stable connection of the RP-AX58.

In the log, I see a message about a disconnection by Ethernet MAC address due to a poor WiFi connection over Ethernet...

RT-BE88U-3AE8-522207D-C wlceventd: wlceventd_proc_event(662): wl0: Disassoc A0:AD:9F:E4:B4:90, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8), rssi:0
RT-BE88U-3AE8-522207D-C hostapd: wl0: STA a0:ad:9f:e4:b4:90 IEEE 802.11: disassociated

Support asks for the router serial number.

 

[bennor]

How can I remotely find the serial number of my ASUS RT-BE88U fw 3006.102.7_2?

Retrieving serial number via CLI or WebUI

Is there a way to retrieve the serial number of XT8 devices remotely (either via SSH or the WebUI)? I've looked all throughout the GUI, the various CLI commands and log files, with no success. There's so much other hardware information directly exposed and it would be convenient for...

www.snbforums.com

Try:

nvram get serial_no

Or in the GUI go to Network Map, click on the router button (next to "Security level:"), click the Status tab and scroll down.

Edit to add: May or may not work depending on the router.