Reply

R7000 Firmware 1.0.7.10

TCHAMMER
Tutor

R7000 Firmware 1.0.7.10

 

R7000 Firmware 1.0.7.10

 

Bug Fixes

  • Fixed the buffer overflow when parsing usb shares access.
  • Fixed the buffer overflow issues in httpd web server.
  • Fixed the buffer overflow of Authenticated username/password.
  • Fixed the insecure timestamp password vulnerability, PSV-2016-0254.

Note: Firmware starting 1.0.7.2 will not include Arlo functionality

 

With this Firmware Bridge Mode is Stable Again in my case and the UI feels faster too.

 

http://kb.netgear.com/000037100/R7000-Firmware-Version-1-0-7-10?cid=wmt_netgear_organic

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 1 of 38
LeeH
Prodigy

Re: R7000 Firmware 1.0.7.10

Was bridge mode in 1.0.7.6 unstable for you?

Message 2 of 38
TCHAMMER
Tutor

Re: R7000 Firmware 1.0.7.10

Yeah it was not only the Media Bridge Mode i think the Firmware itself was faulty.

 

Media Bridge Mode unstable

 

here Is the link to my post with the previous Firmware.

Message 3 of 38
JFLOYD1
Aspirant

Rif.: R7000 Firmware 1.0.7.10

Hi
I have updated R7000 Firmware version 1.0.7.10.
I have a problem:
from the main PC, connected via ethernet, I can no longer access the router's configuration page (or 192.168.x.x www.routerlogin.net or www.routerlogin.com.).
Also I can no longer use, always on this PC, NETGEAR USB Control Center program to use the shared printer: the program can not connect to the router.

I have tried hard reset the router but the problem persists.
I also tried by turning off firewall and antivirus without solving the problem.

Before the firmware update, everything worked.

From another PC connected via ethernet, however, I can open the configuration page, and I can use a shared printer.

I really do not understand where is the problem ...
Can you help me please?

Thank you.

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 4 of 38
TCHAMMER
Tutor

Rif.: R7000 Firmware 1.0.7.10

Do a Factory Reset. Update The Firmware Manualy Again over the Web UI und after that Reset it Again. Otherwise ask Netgear Support. My Problem was with the Previous Firmware not with the Actual.

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 5 of 38
agalipe1
Aspirant

Rif.: R7000 Firmware 1.0.7.10

Try this,  shutdown, unplug power cable on pc,  push power button on pc for 10 seconds, make sure its unplugged,  this will drain capacitors on Motherboard. then plug back in and start up, then try to to login and see if everything works again. give it a shot let us know

Message 6 of 38
username12345
Aspirant

Rif.: R7000 Firmware 1.0.7.10

This firmware update messed up my router.  After updating it runs for a few minutes and then drops all LAN devices, both wired and wireless.  Only a hard reset will bring back service.  Which means you can't even access the admin page to fix anything.  Roling back to 1.0.6 seems to fix the issue, but it would be nice if Netgear would test firmware before messing up their customers.

 

Message 7 of 38
ChuckStein
Aspirant

Re: R7000 Firmware 1.0.7.10

I am on the latest OEM firmware.

Why is the "allow guests to see each other" grayed out? My R7000 is AP mode. Also, I want guest network so that guest devices cant climb out to my other SSID networks I have running in this R7000, etc. Right now I can connect as a guest via guest SSID and then I can reach across to my other wifi devices that are on my more secure non-guest SSID's.

 

guest ssid access

Message 8 of 38
StephenB
Guru

Re: R7000 Firmware 1.0.7.10


@ChuckStein wrote:

Why is the "allow guests to see each other" grayed out? My R7000 is AP mode.


That's why.  An AP can't create an isolated network. 

Message 9 of 38
ChuckStein
Aspirant

Re: R7000 Firmware 1.0.7.10

An AP can't create a bridge rule between two SSID's ? Why's that? Or are you saying the Netgear R7000 firmware just doesn't do it?

 

If thats the case, then why is "Guest" wireless even an option to configure if it can get to any other connected wifi device on all SSID's? It makes no sense. 

Message 10 of 38
schumaku
Guru

Re: R7000 Firmware 1.0.7.10


@ChuckStein wrote:

An AP can't create a bridge rule between two SSID's ? Why's that? Or are you saying the Netgear R7000 firmware just doesn't do it? 


In long: Both SSID connect into the same layer 2 network in AP mode - as Netgear does hard to change and start implementing some simple (limited control) VLAN towards a certain segregation between the "normal" and the "Guest" network in the Nighthawk Router and AP mode as well as the related EX extenders. Same with the otherwise very good Orbi systems...

 

In short: No plan, no intention to change, not keen to run some standardisation and design. It would not be that difficult...

@ChuckStein wrote:
If thats the case, then why is "Guest" wireless even an option to configure if it can get to any other connected wifi device on all SSID's? It makes no sense. 

The only sense I see is the abiity to share the Guest WiFi key, and change it independantly, without having to share (and change) many own WiFi clients.

 

Message 11 of 38
StephenB
Guru

Re: R7000 Firmware 1.0.7.10


@ChuckStein wrote:

An AP can't create a bridge rule between two SSID's ? Why's that? Or are you saying the Netgear R7000 firmware just doesn't do it?

 


Not exactly. In router mode, the R7000 uses internal VLANs (virtual lans) to create the guest network.  The guest VLAN can be bridged (or not) depending on the virtual lan setup.  Not allowing connections between wifi guests is a pretty simple extension (blocking some connections at the wifi level).

 

In AP mode, the router could still  probably isolate guests from each other.  But it can't isolate guests from your home network, because the VLAN is only within the router.  Once the traffic reaches the ethernet connection between the AP and the real router, there is full connectivity.  Since the isolation feature simply can't work as desired in AP mode, Netgear disables it.

 

 

I think this particular problem shows up with all home routers.  The easiest fix would be to extend the guest VLAN to the main router, but that would require changes to both devices.  It would be useful if all Netgear routers (and APs and extenders) supported that trick though - then in a Netgear-only setup you'd be able to get that feature..  So maybe you could post it on the idea exchange.

 

@schumaku and I are saying essentially the same thing btw (in somewhat different ways).

Message 12 of 38
schumaku
Guru

Re: R7000 Firmware 1.0.7.10


@StephenB wrote:

@ChuckStein wrote:

An AP can't create a bridge rule between two SSID's ? Why's that? Or are you saying the Netgear R7000 firmware just doesn't do it?

 


 

 

@schumaku and I are saying essentially the same thing btw (in somewhat different ways).


Yes, correct.

 

Trouble is that the current Guest VLAN is a pure L2 bridging and filtering, and not based on VLANs internally at all.

 

The VLAN implementations is nicking kind of a simple static VLAN config, mainly ot cover some IPTV ISP VLAN requirements. The Guest SSID can't be bound to a VLAN.

Message 13 of 38
StephenB
Guru

Re: R7000 Firmware 1.0.7.10


@schumaku wrote:

 

Trouble is that the current Guest VLAN is a pure L2 bridging and filtering, ant not based on VLANs internally at all.


Good to know - I'd seen some other info that suggested it was a vlan implementation, but that could easily be wrong.

 

It's a natural for VLANs though.

Message 14 of 38
schumaku
Guru

Re: R7000 Firmware 1.0.7.10


@StephenB wrote:


Good to know - I'd seen some other info that suggested it was a vlan implementation, ...


Think about it ... two deidcated L2 VLAN (say an untagged one for the normal (W)LAN traffic) and a tagged one can barely be operated in the same L3 TCP/IP subnetwork... 

Message 15 of 38
StephenB
Guru

Re: R7000 Firmware 1.0.7.10


@schumaku wrote:
Think about it ... two deidcated L2 VLAN (say an untagged one for the normal (W)LAN traffic) and a tagged one can barely be operated in the same L3 TCP/IP subnetwork... 

Well, I do use VLANS, and I found it simplified my home network.  But I could only do that because I have smart swtiches. 

 

I do agree there needs to be investment in human factors to make it meaningful to normal folks.  But it's starting to show up anyway (VLAN iptv configuration in many of the routers now), so one way or another it will be needed.

 

There are some equivalent L3 approaches (IP tunneling for instance) which could also be made to work through ordinary switches.  Netgear devices could discover each other, and automatically set up appropriate tunnels. 

Message 16 of 38
ChuckStein
Aspirant

Re: R7000 Firmware 1.0.7.10

an SSID is a L2, yes?

 

SSID1 to SSID2 is a L2 bridge if both SSID's sit on the same L2, if they were on different L2's there would be no way for anything on those VLANs to talk to each other, you would then need L3 VLAN's (aka router mode). Packet switchig within same L2 VLAN is nothing more than the CAM table in a Cisco switch.

 

I can add L2 (single L2 VLAN) security in a Cisco switch, so I see no reason why the R7000 firmware cannot implement this feature. Essentially, a src MAC from one SSID cannot be the src MAC on any other SSID. An secured SSID is nothing more than, as example, "TLS in .1q" via wireless.

Message 17 of 38
StephenB
Guru

Re: R7000 Firmware 1.0.7.10


@ChuckStein wrote:

an SSID is a L2, yes?

 


WiFi (802.11) is a layer 2 protocol, as is ethernet (802.3).  In principle one could construct a guest VLAN in the router, and use VLAN tagging on the internet port.  You'd probably also want to use different L3 address spaces (for example 192.168.2.x for guest). 

 

From a practical point of view, to get the isolation you want now, you'll need to dedicate the R7000 to the guest wifi networks (either in router or AP mode). Then find a way to isolate the R7000's internet port from the core network.

 

 

 

 

Message 18 of 38
ChuckStein
Aspirant

Re: R7000 Firmware 1.0.7.10

i still not following everyone who are saying "its AP, cannot be done".

 

hogwash.

 

VACLs w/ PVLANs can be configured on a Cisco Catalyst at L2 without the need for a router. thus, creating a security control layer at L2, all on the same single L2 VLAN. one L2, a few ports, two servers on same VLAN who are not allowed to talk to each other, but both can reach the same DFG on the same L2.

 

and technically, since VACL's can use MAC you could implement dynamic VACL via port security method to deny the src MACs from one PVLAN as being the dst MAC on other PVLANs, so essentially a MAC filter preventing two hosts from talking to each other, all done via L2.

 

so cant be done because AP mode sounds silly to me, seems more like lacking code in the firmware.

 

 

Message 19 of 38
StephenB
Guru

Re: R7000 Firmware 1.0.7.10


@ChuckStein wrote:

...seems more like lacking code in the firmware.

  


That is what we are saying.  There are a couple of different ways it might be done in AP mode (I suggested VLANs, you suggested something else), but the router firmware doesn't support those ways.   And if it did, you'd also need the appropriate features in the router.

 

FWIW, the solutions for this would be too difficult for almost all home users. so there is a difficult human factors challenge here too. 

Message 20 of 38
ChuckStein
Aspirant

Re: R7000 Firmware 1.0.7.10

@StephenB

 

?? to complicated for the home user ?? its a checkbox in the gui.

and no, you dont need a router to do MAC filtering (vacl or other) at layer-2.

 

 

Message 21 of 38
schumaku
Guru

Re: R7000 Firmware 1.0.7.10


@ChuckStein wrote:

?? to complicated for the home user ?? its a checkbox in the gui.


Netgear has all this L2/L3 logic glued together as there are some more capabilities in these routers whihc are not available on most models. Thus the simple "not available" 8-(


Agree with the "simple" checkbox anyway.  But seriously? There is no "design" in place here at all. Carry forward a guest 

 

Deploying simple VLAN internally (with some documentation...) would be much easier - as most WLAN AP (Netgear and many others) allow SSID<->VLAN configuration. Majority of "dumb" unmanaged GbE switches or powerline devices are able to handle the slightly larger frames with the pure VLAN information. 


@ChuckStein wrote:

 

and no, you dont need a router to do MAC filtering (vacl or other) at layer-2. 


However, you need a much more capable Ethernet switch engine then what is in place in this product class. I've seen other vendors implementing such capabilities on simple switches ... and badly struggled when it comes to broadcast and multicast capaibilities resp. interperability and unwanted transparence.

 

On Netgear Genie routers, all L2/L3 processing as seen above is implemented in the processor - and just for a guest WLAN isolation and extension feature nobody is willing to pay that much more for a router. And when we're looking into the high end R9000, we find that even the 10 GbE SFP+ and the aggregation of the two ports (even on the switch....) are done by the CPU again. 

Message 22 of 38
StephenB
Guru

Re: R7000 Firmware 1.0.7.10


@ChuckStein wrote:

@StephenB

 

?? to complicated for the home user ?? its a checkbox in the gui.

and no, you dont need a router to do MAC filtering (vacl or other) at layer-2.

 


Enabling the current checkbox inside the R7000-as-AP is not enough.  You also need to ensure that the edge router (and any intermediate upstream switches) maintain the traffic separation. Unless there is something about your proposal I'm not getting.

 

I agree that the needed upstream configuration is layer-2 (and VLANs are layer-2).  Most consumer-grade switches and routers won't have the features.  If they do, then the steps needed will vary somewhat, depending on the manufacturer UIs.

 

I agree with @schumaku that creating a simple VLAN and documenting it would be a good approach for Netgear (since they are already needing that for their IPTV features).  They could also build in support into the new Nighthawk switches.

 

 

I still think most home users and small business owners will struggle to deploy this.  That judgment is based on responding to thousands of posts here.

 

 

Message 23 of 38
lepa71
Guide

Re: R7000 Firmware 1.0.7.10

Does anybody getting this when trying to check for firmware?

No Internet connection
No Internet connection is detected. The router cannot check the NETGEAR server for updated firmware. After setting up your Internet connection, go to the Router Upgrade screen to check for updated firmware.
Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 24 of 38
schumaku
Guru

Re: R7000 Firmware 1.0.7.10


@lepa71 wrote:

Does anybody getting this when trying to check for firmware?

No Internet connection
No Internet connection is detected. The router cannot check the NETGEAR server for updated firmware. After setting up your Internet connection, go to the Router Upgrade screen to check for updated firmware.

Some searching does leave me with the impression this is kind of an "old" issue. Suspect cause:

 

- (really) no Internet connection [unlikley, as you post here]

- Netger genie does "think" there is no Internet connection, does show this on the overview page, but the Internet is up and running (-> Factory Reset, Reconfigure)

- Netgear geine update test does fail to check firmware version due to several possible resons, ie.

-- ISP DNS blocking/redirecting certain domains (some US ISP seem to be very active, and they are under the impression it's "clever" for thier customers security...) -> In the router Internet Set-up -> Domain Name Server (DNS) Address, override the ISP DNS and configure ie. the generic Google Public DNS (8.8.8.8 and 8.8.4.4). Complain to your ISP if this does recolve the issue.

 

Over all, the Netgear genie message you perfectly replicated to the community is a *****, thier test should be able to provide much more information, and not state cofusing nonsense. I would expect a clear differentiation for real lack of Internet connection, DNS lookup failure, unable to locate the update information, ....

 

Hobbyists at work - not end user friendly at all. @ElaineM, please carry this forward to the Taiwan consumer router software engineering team. Further on, it would be nice to officially get information of the fully qualified host name the firmware update check and the effective update/download is looking for. This would greatly simplify the troubleshooting by your community members. This is a many year old problem with Netgear devices and routers, search the community and the Internet. Thank you!

 

-Kurt

Message 25 of 38
Top Contributors
Discussion stats
  • 37 replies
  • 6516 views
  • 3 kudos
  • 12 in conversation
Announcements