SA520W - Connection Issues on 2nd WAN Port

Unanswered Question
Aug 29th, 2010

I have spent literally dozens of hours trying to troubleshoot this.

The SETTING: I have redundant internet connections coming in from two different companies and I am trying to use the SA520 in "load balancing" mode.  The primary connection is working just fine as long as it is the only one.

PROBLEM: The WAN connection on the 2nd ("optional") port does not allow most websites to be loaded, or if it does load, it can take literally minutes for the header image to load.  (I can ping just fine, so maybe it isn't DNS?)

Here is the interesting thing, though: certain websites will work without problems!  I can pull up most Google pages (including subpages, such as news & images) and Cisco.com just fine.  But it refuses to load most any other website I would try, including MSN, Yahoo, etc.

TROUBLESHOOTING: Here is what I have tried:

-- Different browsers (IE & Chrome)
-- Different OS (Win 7 Pro, Win Server 2k3)

-- Different DNS servers (ISP, OpenDNS, 8.8.8.8)

All with the same results when using the 2nd WAN connection.  It will sit forever "waiting for XYZ.com to respond".  It's like it will allow a few KB of data through (it will resolve the page name at the top of the browser!), then it cuts it off for that site.

When plugging the modem straight into a laptop (bypassing the SA520W), all webpages work fine, with any of the 3 DNS servers.  So I know I have a good connection to the web.

Also, I have switched the primary and secondary ISP connections (from dedicated to optional WAN port) and the SAME problem happens with the Optional WAN port, regardless of which ISP is plugged into it.  They both work fine independently on the primary port.

Here is the CRAZY thing, though!  When connected wirelessly through my iPhone (mobile Safari), I can pull up any page that I want, connected through the SA520W, using only the 2nd Port!  So I am at a complete loss!

Any suggestions / ideas / help?  It would be much appreciated.  Thanks!

(Original Post: 8/29/10. Edited by: metachimp on 9/12/10)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
metachimp Sun, 09/12/2010 - 16:13

Bump... I have called in to request a service ticket, but apparently the ticketing system was down over the weekend.

I'm assuming by the complete lack of reply for weeks that no one at Cisco has any suggestions or SOLUTIONS?

Am I the only one with this issue when trying to use load-balancing from two modems?

thanks...

riroe Mon, 09/13/2010 - 01:18

I would call back to the Small Business Support Center at 1-866-606-1866 and

request a case be opened up for your issues.  Just a quick question for you--Are you running at the

1.1.65 firmware level?  If not I would upgrade the device to this latest firmware.

THANKS   

metachimp Mon, 09/13/2010 - 10:11

Yes, definately running the latest firmware (1.1.65).  This issue also existed on the previous firmware, so that wasn't able to fix it.

I will follow up with support again today to see if they got their ticketing system fixed.

thanks!

infoser_iw Fri, 09/17/2010 - 00:06

Hello,

I have the same problems with autorollover. I tested all the combinations of dedicated and optional WAN and they don't work ( I' ve got the same results like you).

Have you got any answer from Cisco support?

Igor

metachimp Fri, 09/17/2010 - 04:42

NO, they have been unable to help so far.

I have called their Business Support line TWICE since last weekend, spoken to two (friendly) techs who were completely unable to help on this issue, because apparently, Cisco's "ticketing" system has been down since last weekend.

I posted this WEEKS ago, have called about it twice, and I stil don't even have an Lv.2 support ticket.  Both guys said they would email me back with a resolution or at least continued support, but I have yet to hear anything.

Cisco seems to be selling Beta products, and letting their paying customers work out the bugs for them.  This was an expensive product! ($550.00+) for the the ADVERTISED features not to work!

I am reconsidering my previously unwavering loyalty in Cisco =/

metachimp Fri, 09/17/2010 - 17:24

Okay, as of today I have a case number!  The guys I'm working with are very nice and I believe they actually care and want to help me solve this.  And they are Americans!  Not outsourced to some broken-english script-robot overseas.  Let's see how this turns out...

Please call their tech support and let them know you are having this issue!  If we can get enough people, maybe it will get enough attention to rush out a firmware release.  If your symptoms are the SAME then you can mention my case number as a reference for the tech to look at (615472617)

Cisco SB Support: 1 866 606 1866

metachimp Sun, 09/19/2010 - 18:04

OKAY, after 2-hours and 45-minutes on the phone with tech support, we have identified PART of the problem: CDP

From the web interface: Network Management > CDP

Disabling ALL CDP has allowed the Optional (secondary) WAN port to begin to function by itself, almost immediately.
Before that, the Optional WAN port would not function at all.

We also disabled the firewall blocking of fragmented packets, as well as TCD and UDP floods.

This has HELPED the bigger situation of not being able to use Load Balancing mode, but not complete resolved it.  Now, network computers will connect to any web page after 20-60 seconds (before it was 120-360 seconds, if at all).

Workaround: By disconnecting the entire network (access points, hubs, etc) and only allowing one or two computers to be plugged directly into the router, the load balancing seems to work pretty well... but that is obviously not a solution.

They wanted to blame other equipment on my network (especially hubs) for the issue, but EVERYTHING works flawlessly and reliably when using the Primary WAN port alone, or the Optional WAN port (with CDP turned OFF), so why would adding the load balancing mode suddenly make the router quit working with other previously-compatible network equipment?

And why does CDP break the Optional WAN port?

So we have made progress in isolating the issue, but in no way resolved.

This has been elevated to the Level 2 guys in California... so waiting to hear back from them.  I was promised a call back within 24-hours.

This is the 3rd tech I've worked with on this issue, they are all based out of South Carolina, and very good to work with.  They know their stuff, are patient, and talk with me like an intelligent human being... which is always appreciated =)

metachimp Fri, 10/01/2010 - 06:32

Well, it's been almost 2 WEEKS and no response from tech support, Lv.2 or otherwise.  So much for my 24-hour promised response time!

I emailed again this week, with no response.

Guess I have to set aside more time to call again.  What a headache!

Thanks for leaving me high & dry Cisco! =(

Marcos Hernandez Fri, 10/01/2010 - 08:10

I have forwarded your complaint as a urgent message to the SA500 Product Marketing team.


Marcos

metachimp Tue, 10/05/2010 - 12:01

Thank you Marcos for elevating the case.  Someone finally called me back the next day.  Apparently the guy I was working with has been out sick (for almost two weeks?) so the case has been collecting dust.  I hope he gets better soon!

I was waiting on a call from Lv2 in California, but I guess I have to jump through the hoops with Lv1 again.

We spent all morning on Saturday troubleshooting and discussing the issues with another (very easy to work with) tech in South Carolina.

Here is the best news as far as I'm concerned:

HE WAS ABLE TO REPRODUCE THE ISSUES ON ANOTHER SA520W!!

Now I know I'm not crazy.  Apparently the advertised feature (load-bearing dual WAN) does NOT work properly.  Looking back at the firmware history, this unit has had a LOT of problems.  Seems like another case of Cisco letting their paying customers be the BETA-testers.  This has been a huge headache and I immensely regret purchasing this  product, but at least your tech support guys are knowledgeable,  friendly, and easy to work with.

Anyway, a Lv2 support guy from California emailed me yesterday to let me know he was assigned to the case.  I responded by email immediately to ask if he needed anything from me, but no response yet (24 hrs).

So still waiting...

metachimp Fri, 10/08/2010 - 12:46

Update: Lv2 guys in Cali were NOT able to reproduce the issue in their labs.

They VNC'd into my network last night, and WERE able to reproduce the issues with CDP turned on.

For some reason, it worked for a little bit with CDP off (which I had YET to see w/ load balancing on, so that was interesting).

After observing the problem, they spend several hours capturing packets, etc, then put the network back to single-WAN mode so it can operate before office hours resumed this morning.

I do miss the South Carolina techs who speak english as their primary  language.  I had to keep asking the guy to repeat himself... he  was nice enough though.

I don't think anyone yet has come up with a good hypothesis as to why this is happening...  but it is reproducible!

We'll see what happens...

metachimp Mon, 10/18/2010 - 08:28

Okay, it's been another 10 DAYS with NO RESPONSE.

I emailed my case manager Stephen Foster mid-last week, with NO RESPONSE.

This is the THIRD email I sent him over the past 14 days, with NO RESPONSE

Why give me your email address if you aren't ever going to respond?

This problem been going on for over 2 months now.

Seriously, Cisco, this is how you treat your customers now?

You sell us BETA products, then drag us out for months as your paying test guinea pigs?

Either fix the issue (firmware), send me a new unit, or give me my money back (which I will NOT be spending on a Cisco product).

Or are you going to drag me out for another 2 months into the New Year?

Tiya Rabb Tue, 10/19/2010 - 10:35

Beta firmware is available for the SA500 devices which addresses the WAN port Load Balancing issue. You must contact the Cisco Small Business Support Center at 1 866-606 1866 to obtain a SR in order to receive this release.

Please contact the Small Business Support Center at 1 866 606 1866. International support numbers can be found here: www.cisco.com/go/sbsc. If you have already contacted the Small Business Support Center, please provide us with your case number in your question. If you have not contacted the Small Business Support Center in the past to open a Service Request, please register at Cisco.com prior to making your call to the SBSC as this will assist in expediting your case.

Unfortunatly, at this time there is no ETA on the next software release for the SA500's.

metachip, I sincerly apologize for the manner in which your case was handled. I can assure you Cisco is taking your concern very seriously. This is a very important issue for us and we thank you greatly for bringing it to our attention.

metachimp Tue, 10/19/2010 - 10:47

^^ haha, apparently we were typing at the same time!

Thank  you for the response.  It has become apparent that posting here is the only way to keep things moving.  So I do appreciate that someone with  influence does read the forums after the techs abandon an open case.

I have declined the beta firmware since it was described to me as having  additional "known issues",  as I can't have any business-hours  downtime on my client's network.  I'm sure you understand that I need a reliable product that will function dependably and as advertised.

I will wait for my promised update on Friday...

metachimp Tue, 10/19/2010 - 10:36

Well, it seems like posting here is the ONLY thing that gets a response.

This morning Stephen calls me (after almost 2 weeks of NO contact) saying they have a temporary firmware he created last night that I can try, but it has "KNOWN ISSUES", but is somehow supposed to work better than the public released one that I am currently running.

I declined deploying a firmware with "known issues" onto my client's live and mission-critical network.  I told him to let me know when they have a FIXED firmware that I can deploy.  So still no real progress...

When asked about the delay, he dodged the question and quickly promised to update me every 3 days from here on out.  I'm going to hold him to that.  I'll post an update after I hear from him (hopefully) on Friday.

metachimp Thu, 10/21/2010 - 20:29

Well, I received a call today (one day earlier than expected!) to let me know that:
MY ISSUE HAS OFFICIALLY BEEN IDENTIFIED AS A UNIT-WIDE "BUG"!

I knew I wasn't crazy!

The powers that be are working on a fix, so it seems that my headache and persistance in uncovering this bug will pay off for ALL SA520 owners when they finally release a new firmware with the fix.

I'm looking forward to using the second internet connection I've been wasting money on for over the past few months! =)

Now for more waiting...

metachimp Sat, 10/30/2010 - 07:52

Well, tomorrow will be another 10 DAYS without so much as a single word via phone, email or text.

Why am I not surprised that this "New Cisco" can't keep their word?

Oh yeah, I'm just a BETA-tester to them.  Not a paying customer.  How silly of me... =/

zfirestone Sun, 10/31/2010 - 22:24

I am having the same problem on my SA520.

I called the number and got the beta (1.1.75 I think it is), and so far, it's working perfectly.  I've had it up for 3 days without any issues.  It seems to be fixed.

Zach

metachimp Mon, 11/01/2010 - 09:40

^ That's encouraging!

Unfortunately, I cannot deploy BETA products to my paying clients... and I wish Cisco felt the same way.

I finally got a call this morning to let me know that a "Release Candidate" firmware should be available later this week... so we'll see.

metachimp Sun, 11/07/2010 - 20:07

Okay, I was sent a link this weekend to the new firmware!

Unfortunately I will be out of town all week, but I will apply the new firmware when I return (after the 15th) and report back then.

Thanks!

metachimp Wed, 12/01/2010 - 13:32

Update:  I've been out of town, then sick, then the holidays prevented testing out the new Release Candidate firmware until today.  Unfortunately, it casued more problems...

I am NOT able to use the new firmware (1.1.80) as it kept causing the SA520W router to reboot every 10 minutes or so, without any  warning, and would take 5-7 minutes before it would reload to a point that I could even log into the  web interface again.  While it was rebooting, all of the LAN lights on  the front would be off completely.  The WAN light would blink sometimes.

Also, the new "status" page on the web interface is awful, because it  auto-refreshes every 10 seconds, but due to the always-laggy web  interface (existing issue), sometimes it takes over 10 seconds for a new control panel  page to load, so it will not connect to the new page before the current page auto-refreshes,  causing me to have to try the link several times, hoping it will  load before the 10 seconds is up, and then try again.

The system resources with the new firmware uses up over 85% of the  router's processor, and that's while doing nothing but looking at the  status page.  Maybe this is why it keeps rebooting itself?

However, in the few minutes it worked before reboots, the dual WAN mode  DID seem to work.  But overall usability is worse, so I reverted back to  the previous firmware, with dual-WAN turned off.  What a frustration =(

Ideas?

metachimp Wed, 12/22/2010 - 17:31

So apparently the crashing in 1.1.80 is caused by a memory leak... which they hope to have fixed by a new firmware release around the end of January.  Now the fun part: more waiting...

metachimp Wed, 01/19/2011 - 12:05

GOOD NEWS!  After almost 6 MONTHS working on this problem, countless dozens of hours and phone calls with different support technicians, it seems like they have finally fixed the inherent flaw in the SA520W with the new 2.1.18 firmware!

For the first time, Load Balancing in Dual WAN mode actually works!  It has been up and running for 3 days now, and I believe we finally have a fix!

Why this didn't work out of the box as advertised months or years ago, I don't know.  But it finally works now, so I can use the second WAN connection I've been paying for (yet sitting unused) over the past 6 months.

thanks guys!

Here is the download link for everyone else:

http://www.cisco.com/cisco/software/release.html?mdfid=282571096&flowid=4828&softwareid=282728525

metachimp,

thanks for the leg work on this one. Just installed an SA520 at our church, dual WAN cable input... guess what same issue, they are actually still shipping these with the old firmware in them.....

Any chance you could send me your working sample config settings after the upgrade and fully functioning balancing.  I loaded the new firmware tonight and tomorrow is the test.... I am pretty new to this and I am learning on the fly thanks to guys like you. There are so many settings on this thing comparerd to the RV042 (which puked) that I replaced with this. We do not currently use vlan, vpn, port forwarding etc.  Just simple network. But if there are settings that are turned on by default that should be turned off I would not know that. 

Did you HAVE to use protocol binding or does the new firmware automatically just split the usage between the two WAN's?

that is really the question I need Answered.  If I do not add any Bindings will it just split ALL protocols between the two WAN's?

Chad