NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
GS110TPP auto-ds continuing shutting down port/s
I have a GS110TPP with a TLink WR1043NDv2 (OpenWRT 19.5) connected as an Access Point. The point the wr1043nd keeps shutting down if i use the auto-ds function. In an attempt to isolate the prob...
1) In regards to my GS110TPP, the UDP Port and TCP Ports were enabled (not sure how that happened). NFSv4 was causing it, because 2049 is both the source and destination. Once i disabled those two, Kubuntu was fine.
2) It is not the Huawei, I have a GS108T and two ports on both are used in a LAGG as a trunk.
While i was down stairs, the TP link connected to the GS108T caused a disable of the Trunk ports. The TP link also had a LG TV and Kodi Box so i still can't be sure what is causing that.
GS108Tv3 Log
| <180>1 2021-01-12T19:06:33.176+1:00Z 192.168.xx.10-1 PORT-4-ERR_DISABLE rsd_port.c(950) %% dos error detected on GigabitEthernet8, putting GigabitEthernet8 in err-disable state |
| <179>1 2021-01-12T19:06:33.176+1:00Z 192.168.xx.10-1 SYSTEM-3 %% Interface GigabitEthernet8 has been shutdown by DOS attack notification. |
| <180>1 2021-01-12T19:06:32.006+1:00Z 192.168.xx.10-1 PORT-4-ERR_DISABLE rsd_port.c(950) %% dos error detected on GigabitEthernet7, putting GigabitEthernet7 in err-disable state |
| <179>1 2021-01-12T19:06:32.006+1:00Z 192.168.xx.10-1 SYSTEM-3 %% Interface GigabitEthernet7 has been shutdown by DOS attack notification. |
GS110TPP log
| <182>1 2021-01-12T19:06:33.819+1:00Z 192.168.xx.11-1 LLDP-6-NEIGHBOR_DEL proto_lldp.c(4881) %% Neighbor deleted on port GigabitEthernet9: Chassis ID 08:36:xx:xx:xx:xx, Port ID g8 |
| <182>1 2021-01-12T19:06:33.679+1:00Z 192.168.xx.11-1 STP-6-MSTI_PORT_STATE proto_stp.c(810) %% Port LAG1 instance 2 moving from Forwarding to Disabled |
| <182>1 2021-01-12T19:06:33.679+1:00Z 192.168.xx.11-1 STP-6-MSTI_PORT_STATE proto_stp.c(810) %% Port LAG1 instance 1 moving from Forwarding to Disabled |
| <182>1 2021-01-12T19:06:33.679+1:00Z 192.168.xx.11-1 STP-6-MSTI_PORT_STATE proto_stp.c(810) %% Port LAG1 instance 0 moving from Forwarding to Disabled |
| <181>1 2021-01-12T19:06:33.539+1:00Z 192.168.xx.11-1 TRAPMGR-5-PORT_LINK_DOWN ksi_snmp.c(230) %% Interface LAG1 link down |
| <181>1 2021-01-12T19:06:33.539+1:00Z 192.168.xx.11-1 TRAPMGR-5-PORT_LINK_DOWN ksi_snmp.c(230) %% Interface GigabitEthernet9 link down |
I have temporarily disabled the autoDOS on the GS108T to minimize impact, i will try to identify and wifi devices on via the GS110T
Ok, looks like the log is not complete enough - considering the many DoS attributes that can be enabled/disabled in the Web UI. YeZ something the switch engineering must look into.
And then: I'm not sure on how smart it is to shut down a port and expect the admin does manually re-activate...
they were all the entries from the specific time the port went down, the other entries, were just standard entries. there were no indications of which rule triggered the port closure (which of course would make a resolution easier). For now i have to disable on both devices so we can continue to work and i will look again on the week. I will setup suricata on the pfsense to try and identify the traffic that is causing the problems.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
