cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6401
Views
59
Helpful
34
Replies

RV320 v1.1.1.06 Bugs + Feature Requests

matthew1471
Level 1
Level 1

Not sure if this is the right place to post this but here's a list of my observations from playing with the new RV320:

Bugs:

1. Mirror Port feature allows you to still interact with the network (which is not the behaviour of your small business switches) allowing your host PC to respond to received traffic causing a traffic amplification attack against the router (I think anyone complaining about the web-interface being slow may have encountered this!).

2. IP & MAC Binding - Editing an existing entry which contains a space (i.e. "Nexus 7") causes the space to be dropped upon edit.

3. DNS Local Database - Can create an entry such as "NAS" that would need to be queried as "NAS." to make the feature work as intended, the router domain name has to be appended i.e. "NAS.Router" if "Router" is entered in Network->Domain Name, for clients to find it by "nslookup nas". Default behaviour should be to append the domain name if no "." is specified (either in the interface or querying the DNS server should behave as if it was specified).

4. Impossible to set a Daylight Saving rule for the UK. http://en.wikipedia.org/wiki/British_Summer_Time

5. DHCP Status table periodically loses all entries.

6. Errors in "Incoming Log Table" :

2014-01-09, 00:38:06    Kernel    kernel: i2c i2c-0: Failed to register i2c client rs5c372b at 0x32 (-16)

2014-01-09, 00:38:06    Kernel    kernel: i2c i2c-0: Can't create device at 0x32

2014-01-09, 00:38:06    Kernel    kernel: gre: can't add protocol

7. System Statistics "Sessions" and "New Sessions/Sec" always say 0.

8. Help for "System Statistics" and "Processes" is very limited (and not helpful).

9. Clicking "Enabled" or "Disabled" against USB1 or USB2 does not contain a hyperlink to the "USB Failover Settings" tab of the selected interface under Setup->Network where the operation mode can be set to "Disabled"

10. Processes like "webBoot" appearing and using port 22088 in the Processes table and "HTTP Server with SSL support" on ports like 5443.

Feature Requests:

1. Ability to choose which port is mirrored (LAN2, LAN3, LAN4, WAN1, WAN2, VLAN1.. etc) and potentially the destination (i.e if we are not using WAN2 why not make it an option to be a mirror port destination?).

2. Tables to be sortable ASCending/DESCending by clicking on the column.

3. "Enable Mirror Port (Port 1)" renamed to "Mirror All Traffic (To Port 1)"

4. Web API or Proprietary Telnet API (or even just experimental SSH access) option so we can programmatically add items to the firewall rules table (fail2ban etc).

5. The option to choose what gets syslog'd and what gets written to the flash memory's log (worried about device longevity with all the logging turned on).

6. Bandwidth Management cannot set an IP to have a particular priority. The priority only lists services (with no IP address control) and the Rate Control only lists particular rates (but for specific IPs).. would like to say something like 192.168.1.5 has "High" priority.

7. Some of the columns to be sensibly sorted by default instead of the order they were entered.. for example IP & MAC Binding should be sorted by IP address.

8. A wider range of Dynamic DNS providers supported (1 for Europe/America and 1 for China is not really enough!). Perhaps an API/standard for this too so we can make our own.

9. Ability to route all web traffic via a HTTP proxy (like Squid). Sometimes called a transparent web proxy.

10. Ability to ban an IP after they fail to correctly login to either the VPN/Web Interface/SSL VPN etc.. to prevent bruteforce attacks that will eventually succeed.

34 Replies 34

Hi,

i have the same problem check here: https://supportforums.cisco.com/discussion/12226606/cisco-rv320-timeout-problem

 

syslog:

 

2023-09-13, 19:21:32Kernelkernel: i2c i2c-0: Failed to register i2c client rs5c372b at 0x32 (-16)
2023-09-13, 19:21:32Kernelkernel: i2c i2c-0: Can't create device at 0x32
2023-09-13, 19:21:32Kernelkernel: gre: can't add protocol
2014-06-05, 01:57:56Kernelkernel: i2c i2c-0: Failed to register i2c client rs5c372b at 0x32 (-16)
2014-06-05, 01:57:56Kernelkernel: i2c i2c-0: Can't create device at 0x32
2014-06-05, 01:57:56Kernelkernel: gre: can't add protocol
2014-06-05, 13:26:09Kernelkernel: i2c i2c-0: Failed to register i2c client rs5c372b at 0x32 (-16)
2014-06-05, 13:26:09Kernelkernel: i2c i2c-0: Can't create device at 0x32
2014-06-05, 13:26:09Kernelkernel: gre: can't add protocol
2014-06-05, 15:36:26Kernelkernel: i2c i2c-0: Failed to register i2c client rs5c372b at 0x32 (-16)
2014-06-05, 15:36:26Kernelkernel: i2c i2c-0: Can't create device at 0x32
2014-06-05, 15:36:26Kernelkernel: gre: can't add protocol
2014-06-08, 09:54:15Kernelkernel: i2c i2c-0: Failed to register i2c client rs5c372b at 0x32 (-16)
2014-06-08, 09:54:15Kernelkernel: i2c i2c-0: Can't create device at 0x32
2014-06-08, 09:54:15Kernelkernel: gre: can't add protocol
2014-06-07, 23:56:35Kernelkernel: i2c i2c-0: Failed to register i2c client rs5c372b at 0x32 (-16)
2014-06-07, 23:56:35Kernelkernel: i2c i2c-0: Can't create device at 0x32
2014-06-07, 23:56:35Kernelkernel: gre: can't add protocol
2014-06-08, 00:18:01Kernelkernel: i2c i2c-0: Failed to register i2c client rs5c372b at 0x32 (-16)
2014-06-08, 00:18:01Kernelkernel: i2c i2c-0: Can't create device at 0x32
2014-06-08, 00:18:01Kernelkernel: gre: can't add protocol

 

 

 

Hi Luca, sorry to hear you have the same problem. I think everyone who has this router gets those errors.. fortunately they Cisco are planning a new release to fix little problems like these and though not great these errors don't appear to affect how the device works.

Hi

I have a client that has been receiving these as well.  Router on latest firmware since January, but have had this happen twice since then, in addition to the 4-5 times logged previous to firmware update.

 

When this happens their 50Mbps connection goes to 2-10Mbps until the device is restarted.
Any word on the latest update? Once every 3-4 months is still to much. It seems to happen early in the day now when the office is just getting into gear.

Please advise if this should be on a new thread.

Thanks.

 

 

viningele
Level 3
Level 3

Add bug:

1.  Service management table, can't delete entry, I made two entries and then tried to change their ports but one entry kept switching back to the original port number.  Deleted both and then changed their names and entered the desired ports saved, closed, go to create a forward port and the name are back to their original names.  Delete both entries again, restart the router, check the tables and they're not there, go to enter again with a different name and same ports and again the original deleted names and ports appear.  So I now I need to go back in create a new name on different ports, make my forwarding config and then my device to use this new port.  What a PITA.

Edit:

Turns out my own system wasn't running v1.1.1.06 so I updated and it's better but still has bugs.  If I'm on the Forwarding page and click on service management I see my list but if I go to a line of the config'd forward ports, check a line, click edit and go to the drop down window to see available services I see an entry that doesn't appear on the service management page so something is still out of whack. 

Edit#2:

There's issues with the Access Rules page too and the service management table.  I created 2 other entries in the table and 1 disappeared.  I then created an access rule for the one that remained, saved and it appeared on the access rule page with a different service name, click edit and the edit box populates with the proper assigned service, save, and again the wrong service appears on the access rule page.  Seems like the html forms are reading and writing to different files.

Bump up.

Hello Viningele,

There are two Service Management tables on the RV320.

  • One is on the "Port Address Translation" page where you define a service name and assign external port and internal port. The Service name you have created here can be used in your port forwarding rule.
  • The other one is on the Forwarding page where you can define a service with the port range. You can use this service to forward a range of ports to a specific internal IP address (ports will not be translated). The Service Definitions you created here will be automatically replicated to the Service Management table of Access Rules.
  • You can also add Service definitions on the Access Rules page where you can find the Services you created on the "Forwarding" page. Any changes made over here would also be reflected on the Service Management table of the "Forwarding" page. However, they would not have any impact on the Service Management page of the "Port Address Translation"

Can you try these and let us know if you still face issues?

Nagaraja

Matthew and Joel,

We appreciate your support on these bugs and feature requests. My team is taking a look at the bugs as we type/speak. I will review the feature requests as well. We will have updates on both asap.

Viningele,

Please upload to the latest FW and try what Nagaraja requests.

Best,

Marc

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello Mathew,

Please find some of the answers inline:

 

1. Mirror Port feature allows you to still interact with the network (which is not the behaviour of your small business switches) allowing your host PC to respond to received traffic causing a traffic amplification attack against the router (I think anyone complaining about the web-interface being slow may have encountered this!).

Ans: The mirror port expects the host connected to that port to be a passive listener for traffic that is not destined to itself. Also, since every network may not have an extra switch to support an additional host, the host connected to the mirror port is also allowed to transmit data. Even the catalyst switches have this as a configurable feature.

 

2. IP & MAC Binding - Editing an existing entry which contains a space (i.e. "Nexus 7") causes the space to be dropped upon edit.

Ans: This seems to be a cosmetic defect. We will work with the Engineering team to address this in the future release.

 

3. DNS Local Database - Can create an entry such as "NAS" that would need to be queried as "NAS." to make the feature work as intended, the router domain name has to be appended i.e. "NAS.Router" if "Router" is entered in Network->Domain Name, for clients to find it by "nslookup nas". Default behaviour should be to append the domain name if no "." is specified (either in the interface or querying the DNS server should behave as if it was specified).

Ans: This is mainly due to the way Window's hosts send DNS query. Windows host automatically appends the domain name to the DNS query where as the router is looking at the exact name (as entered in the DNS local database). To address this, you can configure the DNS entry to have the router's domain name as well. For example, if the router's domain name is set as xyz.com, then the DNS entry would be NAS.xyz.com. Now, if you perform a nslookup for NAS (windows host will automatically append xyz.com) you will get the IP as listed in the router.

 

4. Impossible to set a Daylight Saving rule for the UK. http://en.wikipedia.org/wiki/British_Summer_Time

Ans: The router supports this timezone as GMT (London) time. Have you tried this and see if that helps?

 

5. DHCP Status table periodically loses all entries.

Ans: Does this happen after a reboot or when the router is operating normally? Have you tried lowering the lease time to see if the router refreshes the database and keep it updated?

6. Errors in "Incoming Log Table" :

2014-01-09, 00:38:06    Kernel    kernel: i2c i2c-0: Failed to register i2c client rs5c372b at 0x32 (-16)

2014-01-09, 00:38:06    Kernel    kernel: i2c i2c-0: Can't create device at 0x32

2014-01-09, 00:38:06    Kernel    kernel: gre: can't add protocol

Ans: This seems like an error message related to GRE. We will work with Engineering team to investigate further.

7. System Statistics "Sessions" and "New Sessions/Sec" always say 0.

Ans: We will work with the Engineering team to understand the expected output here and update it accordingly.

8. Help for "System Statistics" and "Processes" is very limited (and not helpful).

Ans: Most of the outputs seem to be self explanatory. We will work with our documentation team to see if we can improve the documentation for this section.

9. Clicking "Enabled" or "Disabled" against USB1 or USB2 does not contain a hyperlink to the "USB Failover Settings" tab of the selected interface under Setup->Network where the operation mode can be set to "Disabled"

Ans: We will request this as a new feature request for one of the future firmware release.

10. Processes like "webBoot" appearing and using port 22088 in the Processes table and "HTTP Server with SSL support" on ports like 5443.

Ans: We will work with the Engineering team to understand the significance of these processes and update the documentation as appropriate.

Hi Marc + Nagaraja,

Wow thanks for such comprehensive answers and for taking my suggestions so seriously smiley. Sorry for taking so long to reply I've been in the process of moving homes.

Marc:

Sortable Tables (FR2) - That is amazing! Thank you!
Sensible Default Sort (FR7) - This will save me so much head scratching.

SSH / API (FR8) - That will in my opinion really win over the hacker community, a programmable firewall/router that you can modify the firewall rules from a program we develop sounds fantastic!

Nagaraja:

Passive Port Mirror (Bug 1) - ">Even the catalyst switches have this as a configurable feature." true but this behaviour is the default on this router (and not with the small business switch) and so it's inconsistent with the switch. I think it needs to be documented given the default can cause router instability for your customers. It made me think the router is unstable when it turns out I just wasn't "doing it right".. that sort of thing confuses users. A configuration option in the web-interface would be good.. but just updating the documentation would help resolve the immediate issue.

Cosmetic MAC & IP Binding (Bug 2) - Excellent. Many thanks. Let me know if you need anything more from me to reproduce it.

Windows DNS Query (Bug 3) - If the documentation could reflect this known quirk that would be great. Ideally it would make a great check-box on that page "Append the configured domain to the above entries for Windows clients". Documentation alone would be great to stop people like this guy from scratching their head : https://supportforums.cisco.com/discussion/11908241/rv320-dns-local-database-no-function

UK Time (Bug 4) - That won't help. The UK uses GMT throughout most of the year but changes to BST (British Summer Time) in summer which is GMT+1. So GMT is not correct during those months. BST is based on the pattern ("last Sunday of March.." etc etc) in that Wiki article not a specific date each year which is all the interface allows.

DHCP Lease Table (Bug 5) - When the router is operating normally. It may be based on when you click around in the interface something wipes it as I haven't logged into the router for a while it seems to have maintained all but one client at the moment (my WAP4410N isn't appearing in the list despite having got an IP via DHCP).

GRE Errors by default (Bug 6) - Thanks. Let me know if you need any help. It appears in other people's too (see: https://supportforums.cisco.com/discussion/12044921/rv320-router-keeps-restarting-probably-crashing)

Statistics Help Not Helpful / Weird Values (Bug 7 / 8) - Agreed they are self explanatory for someone technical like myself but to put a 1 line sentence of "Detailed information about the ports and the devices attached to them are shown." is not helpful. The ones I didn't understand were "Sessions, New Sessions/Sec, Upstream Bandwidth Usage and Downstream Bandwidth Usage" these all say 0 for me.. are they referring to the VPN functionality? As I am sat here there's definitely some non-VPN Downstream/Upstream Bandwidth usage.. so they're either defective or they are supposed to refer to the VPN functionality. The built in documentation should give me an idiots level explanation not just tell me something along the lines of "the statistics page shows statistics"...

Link To USB Option (Bug 9) - Thanks. It took ages to find those USB settings and it's such a simple link that will help us navigate the interface and make the interface more intuitive.

Processes on random ports (Bug 10) - That sounds brilliant. After the undocumented test interface in WAP4410N I am a bit nervous of random processes listening on random ports and knowing these are normal and are internal and not accessible by users on either the WAN or LAN will help to re-assure me.

That leaves:

FR1

Port choosing on the mirroring I assume is a chipset thing / out of scope?

FR3

No problem if renaiming the port mirroring option wasn't a good idea.

FR5
>The option to choose what gets syslog'd and what gets written to the flash memory's log (worried about device longevity with all the logging turned on).

Not a big deal but it will cause the device to fail quicker.. if I am writing to the flash memory's log a lot (like when the content filter matches every few minutes as I have added advert hosts in the block domain list) then within a few years this device will die prematurely?

FR6
>Bandwidth Management cannot set an IP to have a particular priority. The priority only lists services (with no IP address control) and the Rate Control only lists particular rates (but for specific IPs).. would like to say something like 192.168.1.5 has "High" priority.

In my shared household I would really like to be able to stop one of my housemates from hogging the Internet without having to set a particular rate for them all the time... if nobody else is home they should be able to use the WAN link to its full potential.. but if we're all home we should all be medium priority each.

FR8
>A wider range of Dynamic DNS providers supported (1 for Europe/America and 1 for China is not really enough!). Perhaps an API/standard for this too so we can make our own.

This wasn't a very important one.. but would be nice to have. I assume this is out of scope for the next release?

FR9
>Ability to route all web traffic via a HTTP proxy (like Squid). Sometimes called a transparent web proxy.

I assume this is probably out of scope? It would be nice in a business environment to be able to use this feature to cache web-pages / perform AV scanning on a proxy...

FR10
>Ability to ban an IP after they fail to correctly login to either the VPN/Web Interface/SSL VPN etc.. to prevent brute-force attacks that will eventually succeed.

This is still a big one for me. I really don't see how these devices are secure on the Internet if they don't stop people from trying to repeatedly guess my password. Any chance this one could be prioritised? It would really increase the security of the device.

Thank you so much for your time and the features that will make it into the next release. I'll be sure to recommend the RV320 to more of my colleagues and friends!

Happy to be more involved (beta test firmware / clarify some of my ideas) if it's of any help to Ciscosmiley?

Thanks again,
Matthew

Marc Nagao
Cisco Employee
Cisco Employee

I will reply to the feature requests. My team is looking at the list - we take these seriously and will end up making some of them happen in one of the next Maintenance Releases. Let me comment on some of them now.

These will be added to the MR list. Thank you.

  • 2. Tables to be sortable ASCending/DESCending by clicking on the column.
  • 7. Some of the columns to be sensibly sorted by default instead of the order they were entered.. for example IP & MAC Binding should be sorted by IP address.

My team is exploring number 8. CLI via SSH (similar to our SMB Switching) - basic commands vs fullset is what we are evaluating in terms of scope of work.

Again - we are evaluating the rest of the list.

 

My team appreciates your input.

Best,

Marc

 

Marc

Great to see the level of ownership you have around these requests. This does much for restoring my confidence in the Cisco SMB Pro range of products after much upheaveal over the last few years.

We keenly await your feedback on progress.

I would also backup Matthews comments regarding FR10. We will be managing these devices remotely for our customers so automatic IP blacklisting would do much to build confidence around the security of these devices.

 

Michiel Beenen
Level 3
Level 3

Any update on a firmware update to address these things yet? :) Thank you!

Im still experiencing bugs with the priority of protocol binding entries. This was said to be corrected in 1.1.1.0.6. However I can only get my entries to work if they do not overlap.

 

e.g.

priority 1 Destination 123.123.123.123 WAN2

priority 2 Destination 1.1.1.1-254.254.254.254 WAN1

 

still uses rule #2 as it overlaps.

 

 

edit: nvm - it seems to be working. I deleted and readded the rules after upgrading the firmware.

Michiel Beenen
Level 3
Level 3

Hello Cisco, any news on the update? It's been over a month now.

Hello Cisco,

 any update on the new FW release date?

 Could you please add to the feature requests the possibility to select a wider DHCP scope? It seems it can only handle /24 networks. Apparently this feature is available on other models like the RV220W, RV315W, RV016 v2...

 

Thanks.

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: