Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 16 replies
  • Subscribers 7 subscribers
  • Views 6578 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WLAN / WIFI - Clients can not communicate after roaming twice - OPENWRT Bug

Daniels_UTM
Szenario:
 
  • Customer uses a sophos Wifi infrastruckter with a SG210 Cluster since 7 years- Models: AP50/AP55/AP/100/AP100X
  • SSID with WPA2 PSK
  • testing in 2.4, 5G  and both together
  • One Client starts at AP1, the other at AP2
  • tested Firmware Version: 9.702-1 / 9.703-3 / 9.704-2
  • the client devices, APs, network devices are pingable all the time from LAN network. There is no packetloss due roaming
  • no features involved like client isolation and so on
  • no matter if the ssid is bridge to AP-LAN or bridge to vlan
  • due the movements each client pings the other one
  • Sometimes the device will meet on the same AP

 

Initial:

(AP1)------------------------------------(AP2)

(Device1)---------------------------(Device2)

  

 

1st movement (communcation between Device 1 and 2 ok)

=============>(Device1)   moving

=============(Device 2)    stays and meet Device 1 on same AP

(Device2)<=============    moving

(Device1)<=============    moving

(Device 2)    meeting (Device 1) on same AP

 

 =============>(Device 2)   moving

... connection is broken 

 

 

Issue:

  • After the parties have crossed each other, reside on the same AP one time and came back to their first location, they are unable to communicate
  • This might happend after the second crossing sometimes
  • this only affects wifi clients to wifi clients on different accesspoints in the same SSID
  • What we figured out is, that one AP is filtering the ARP Replys between interface wlan11 and br-lan
  • this could be seen by a tcpdump on the AP as shown on the pictures

 

 

 

  • Wireshark Window on the Client (ARP)
  • left shell tcpdump wlan11 (ARP)
  • right shell tcpdump br-lan (ARP)

 

So from our point of view, the issue is located in the OPENWRT Firmware, because the packets get lost between the "wlan" and "br-lan" interface.

 

 

As we checked on the web, there are complains @ openwrt community about that issue.

 
We have checked all settings and tested a lot with the APs Shell but we are unable to solve the problem.
 
 
 
Till today Sophos is informed, but did not respond to the case.
 

 

Notes:

  • This is reproduceable - we did it three times with different hardware.
  • We know that this usecase is a little bit special.
  • How we get that? At the customers site some robots are traveling through the factory and they have to communicate to each other by WiFi. So we have noticed a connection loss after some movements.

 

If you are interested, explore it yourself and report it to sophos, maybe they will solve it quickly

 

best regards Daniel

 

 

 

 

 



This thread was automatically locked due to age.
Parents
  • 0

    Update:

    Sophos confirmed the problem in the level 1 support 

    We are also able to produce the scenario with a single move of one device. So at the beginning we are at the same AP and move with one device to the other (roaming) -> result: the devices can't ping each other anymore, but can communicate with LAN network & back. Reason: ARP replys would be filtered out.

    It will be escaleted -> keep you up2date

Reply
  • 0

    Update:

    Sophos confirmed the problem in the level 1 support 

    We are also able to produce the scenario with a single move of one device. So at the beginning we are at the same AP and move with one device to the other (roaming) -> result: the devices can't ping each other anymore, but can communicate with LAN network & back. Reason: ARP replys would be filtered out.

    It will be escaleted -> keep you up2date

Children
No Data
Unfiltered HTML