Reply

RBR850 - Access Point + wired backhaul & security issues

Dries2
Guide

RBR850 - Access Point + wired backhaul & security issues

Hi all,

I created a topic earlier, describing my issues when combining the "Access Point modus" with a wired backhaul:

https://bit.ly/2zbOgG2

The topic was automatically closed, so I needed to create a new one.

 

Summary of the original issue: depending on how my RBR850 was connected to my switch (using the LAN or the WAN port), either the RBR850 and RBS850 were not able to sync (no mesh) or the security type of my 5Ghz wifi signal automatically switched to "none", allowing the entire neighbourhood to use my network. Smiley Mad

 

I wanted to add a new update to this issue.

 

I just upgraded my firmware from V3.2.9.2_1.2.4 to V3.2.10.11_1.2.12, and the problem has gotten worse.

 

The workaround I implemented for the issue was to remove my switch from my network and connect both RBR850 and RBS850 directly to my router (as a consequence, cables are lying around everywhere – so I don’t like this workaround at all).

But at least, it was working (waiting for the fix). The RBR850 and RBS850 are synced and the wifi signals are secured.

 

I decided to upgrade both devices to V3.2.10.11_1.2.12.

 

I noticed two things:

My RBS850 is listed twice in the “connected devices” tab (just to be clear: I only have one).

https://i.ibb.co/JR70HY7/Smart-Select-20200418-132724-Chrome.jpg 

 

 

 

And now the worse part: the 5Ghz Wifi signal was again unsecured:

https://i.ibb.co/wp9XQTj/Smart-Select-20200418-132638-Chrome.jpg 

 

 

Notice the different “Security Type” between the 2.4Ghz signal and the 5Ghz signal.

And this while you are not even able to make different security settings for each of the wifi signals.

 

I downgraded back to V3.2.9.2_1.2.4, and the problems have disappeared (with the temporary workaround still in place).

 

I logged the original security issue on March 1st, it took a while before they were taking it seriously (until April 6th), but they have confirmed Engineering is looking in to this.

 

I have updated that ticket (42369893) with this information as well.

 

Message 1 of 6
FURRYe38
Guru

Re: RBR850 - Access Point + wired backhaul & security issues

What is the Mfr and model# of the ethernet switch in the configuration?

 

There is a known problem with RBS being connnected to swtiches in bertween with v10.11 FW. This already has been reported to NG and they are aware of it. 

 

You can downgrade to v3.2.9.2 and use that FW with a switch in the middle, if not, keep current FW loaded and wirelessly connect the RBS until NG gets this fixed. 

 

Thankl you. 

My Setup (Cable 1Gbps/50Mbps)>CM1200 v2.02.03(LAG Disabled)>RBK50 v2.7.2.104(WW)/RBK853 AP Mode v3.2.18.1
Additional NG HW: C7800/CM1100/CAX80/CM2000, Orbi CBK40, R7800, R7960P, EX7500/EX7700, XR450 and WNHDE111
Message 2 of 6
kildare
Luminary

Re: RBR850 - Access Point + wired backhaul & security issues


@Dries2 wrote:

 

Notice the different “Security Type” between the 2.4Ghz signal and the 5Ghz signal.

And this while you are not even able to make different security settings for each of the wifi signals.

 

 


I encountered a similar problem when using a wired satellite in AP mode.

Substantially, when after some time the wired RBS850 satellite can no longer synch with the router RBR850, this satellite then operates as a standalone access point, the SSID remains the original one, but for some reasons the original security configuration is lost and the satellite originated wifi network becomes open.

As long as I used the Orbi AX, every couple of days I had to disconnect the wired satellite, reboot all the system and let the satellite synch wirelessly, then connect the cable to the satellite. After about 2 days the wired satellite de-synched again from the router and I had to repeat the procedure.

I eventually had enough of all that and therefore returned the Orbi.

Message 3 of 6
Dries2
Guide

Re: RBR850 - Access Point + wired backhaul & security issues

Hi FURRYe38,

* My switch is an unmanaged switch (Cisco SG102-24 Compact 24-Port Gigabit Switch). It has green ethernet features, and I'm aware that this causes issues. That's why I connected both RBR850 en RBS850 directly to my router.
* My router is a Fritz!Box 7590, which is connected to a cable-modem, a CBN CH6643E (provided by the ISP);

 

Using the 'old' firmware (V3.2.9.2_1.2.4), this worked fine. I just opened this topic to mention that it doesn't work on the new firmware (V3.2.10.11_1.2.12) anymore.

 

I have indeed downgraded the firmware as a temporary measure. I have also logged the issue at Netgear.

 

Hi Kildare,

Very recognizable, I also have the issue that my network became open (unsecured). See my original topic here:

https://community.netgear.com/t5/Orbi-AX/RBR850-Access-Point-wired-backhaul-amp-security-issues/td-p...

 

If I had the option, I also returned the Orbi. It's just too much money for what you get. I'm sure the hardware is fine, but the firmware has way too little options to deploy as a router (so I use it as AP), and the overall quality of the firmware is low (e.g. the wifi that suddenly becomes unsecure - I logged that early March!).

Message 4 of 6
kildare
Luminary

Re: RBR850 - Access Point + wired backhaul & security issues

A relevant problem related the open wifi network originated from the wired satellite is that likely people might not realize that they are actually connected to an unsecured wifi, as the wifi devices (ex. smartphones) still establish the connection to the satellite also if they are configured to use WPA2/etc security, and this without notice!

 

The only way to verify this situation is connecting to the wired satellite web GUI, or checking for the available networks from the wifi devices, or using a wifi analyzer app.

 

So the problem might sometimes remain unperceived!

 

 

 

 

Message 5 of 6
FURRYe38
Guru

Re: RBR850 - Access Point + wired backhaul & security issues

You can't connect the RBS to a router. You have to connect the RBS directly behing the RBR or thru a non managed non green switch behind the RBR serially. It can't be parallel to the RBR. https://kb.netgear.com/000051205/What-is-Ethernet-backhaul-and-how-do-I-set-it-up-on-my-Orbi-WiFi-Sy...

 

For some reason RBR and RBS have specific status data traffic that doesn't get passed thru when connected to a external router. The data flow has to come between the RBR and RBS directly between each other. 

 

Also there is a problem with v10.11 FW in AP mode and using a switch in between the RBR and RBS. The status doesn't report correctly on the RBR for the wired RBS. I made NG aware of this in a bug report already. 

 

So you might want to downgrade back to v3.2.9.2 for AP mode and a switch in the mix or use the current FW version and let the RBS wireeslly connect. That works. Also router mode on the RBR works with RBS ethernet connected with a switch. Whic you could use the RBR in router mode with your ISP modem/router with the option #2 in the following suggestion:

1. Configure the modem for transparent bridge or modem only mode. Then use the Orbi router in router mode. You'll need to contact the ISP for help and information in regards to the modem being bridged correctly.
2. If you can't bridge the modem, disable ALL wifi radios on the modem, configure the modems DMZ/ExposedHost or IP Pass-Through for the IP address the Orbi router gets from the modem. Then you can use the Orbi router in Router mode.
3. Or disable all wifi radios on the modem and connect the Orbi router to the modem, configure AP mode on the Orbi router. https://kb.netgear.com/31218/How-do-I-configure-my-Orbi-router-to-act-as-an-access-point and https://www.youtube.com/watch?v=H7LOcJ8GdDo&app=desktop

 


@Dries2 wrote:

Hi FURRYe38,

* My switch is an unmanaged switch (Cisco SG102-24 Compact 24-Port Gigabit Switch). It has green ethernet features, and I'm aware that this causes issues. That's why I connected both RBR850 en RBS850 directly to my router.
* My router is a Fritz!Box 7590, which is connected to a cable-modem, a CBN CH6643E (provided by the ISP);

 

Using the 'old' firmware (V3.2.9.2_1.2.4), this worked fine. I just opened this topic to mention that it doesn't work on the new firmware (V3.2.10.11_1.2.12) anymore.

 

I have indeed downgraded the firmware as a temporary measure. I have also logged the issue at Netgear.

 

Hi Kildare,

Very recognizable, I also have the issue that my network became open (unsecured). See my original topic here:

https://community.netgear.com/t5/Orbi-AX/RBR850-Access-Point-wired-backhaul-amp-security-issues/td-p...

 

If I had the option, I also returned the Orbi. It's just too much money for what you get. I'm sure the hardware is fine, but the firmware has way too little options to deploy as a router (so I use it as AP), and the overall quality of the firmware is low (e.g. the wifi that suddenly becomes unsecure - I logged that early March!).


 

 

My Setup (Cable 1Gbps/50Mbps)>CM1200 v2.02.03(LAG Disabled)>RBK50 v2.7.2.104(WW)/RBK853 AP Mode v3.2.18.1
Additional NG HW: C7800/CM1100/CAX80/CM2000, Orbi CBK40, R7800, R7960P, EX7500/EX7700, XR450 and WNHDE111
Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 489 views
  • 0 kudos
  • 3 in conversation
Announcements