I recently ( three days ago ) purchased a SRP 527w and have been using it in a mixed Mac/Windows network. The setup is currently primarily using defaults apart from enabling logging. While I was still able to access the internet with some applications, accessing web content appears to have blocked after approximately 48 hours uptime.
No web pages using port 80 were available and that included the router web interface. The router would respond to ping only.
Frmware is 1.01.09
On a different note. I have to say that I find it very strange that the supplied documentation doesn't advise setting up the router using the admin login. It was only after reading one of the comments on this site that I was alerted to this security problem. I also find it rather annoying that I appear to have to purchase additional support merely to be able to download firmware updates which are designed to give the device improved functionality.
Thanks for your feedback - we've had some similar cases raised to what you describe and are actively progressing a solution.
Many thanks for your prompt response. I have just finished setting back up after a factory reset and will advise how it goes.
As far as the settings go, I am using PPPoA VC type, static DNS settings, wireless and logging enabled. The only change I have made this time is using the preferred wide channel wireless rather than the default 20Mhz.
Network side computers are using Windows XP, Vista 32 and 64 bit, Windows 7 64bit, Mac OSX 10.4.11 and 10.6.4 just in case certain operating systems are having a negative impact.
I am having the exact same issue. bough this box from ebuyer.com and set up the SRP 527w last Thursday. It has locked up twices in 5 days. The web interface is not accessible, DHCP refused to assign the IP address. Internet is still working though. After done some research, there is a firmware update but requires support agreement.
So far I found quite few major issues:
1. web management interface locked up every few days
2. Once hte system locked up, DHCP refuses to assign IP to clients
3. Multi SSID is not working.
I am about to return to this box to ebuyer if there is no workable solution. I can't belive Cisco product is such rubblish
Thanks again for providing feedback on this community.
As a quick update: We have been actively working on this issue, which so far seems to be specific to devices connected to BT wholesale and retail DSL services in the UK. We have reproduced the issue and are now actively pursuing a root cause.
The ADSL and Internet are working fine. It is web management interface locked up and cannot be accessed. when the web interface locked up, the cisco DHCP server refuse to assign IP address to client. Further to the above issues, the Multi SSID has not worked since out of box .
A quick question from me, if a fix is out, would that be a firmware update? Would that require the technical support aggrement? Is the technical support agreement chargable?
A suggestion has been made by one of our local ISPs that a possible cause could be related to the SIP settings.
I have been advised to change a setting in "Voice" for "Line 1" and "Line 2" --> "Restrict Source IP" from the default "No" to "Yes".
Currently there is a fairly large number of scans for incorrectly set up VoIP systems occurring in our neighbourhood and the aggressive nature of the hacks supposedly can result in the router failing to respond on the LAN side.
I have made the above modification to the "Voice" settings and will see if this resolves the issue. As an aside, I don't currently have VoIP setup for my connection, but do have the default settings in this area apart from now having changed the default IVR password and making the above change.
We now know why the device is locking up, but are now actively investigating a root cause. Based on what we have seen, I'd suggest that the advice you have been given is very good.
A couple more suggestions:
- You could change the port numbers used by the voice ports from the standard 5060/5061
- You could disable the voice lines
The .11 gave me an uptime of approximately 10 days before the same issue occurred. Once again the router access on port 80 and 443 was refused as well as no external access on ports 80, 443, 465 and 995 ( ie SSL email ). The router does respond to ping and appears to allow access to the internet for applications using high port ranges.
Doing traceroutes appears to show the SRP as having two interfaces as I have been getting an additional hop that doesn't respond to ping. This would seem to imply that the issue may be related to the LAN interface rather than the WAN as your post surmised due to applications still having internet access.
Also, mentioned by Chun Wong the router DHCP server also stopped assigning IP addresses.
Is it possible to enable ssh access into the router as I noticed that this port is open on the LAN and may be accessible? Just thinking about trying to access the "debug" when something occurs.
Many thanks for the update and the link to the screenshots documentation.
I would like to say that it was my ISP, but credit should definitely go to WorldxChange/Xnet as they were the source of the suggestion ;-)
These "workarounds" do not do anything!!
I am sick of excuses with this product. We have sent back all of our routers for RA. After we logged a TAC it was approved and we were credited for all the routers.
It seems with over 6 months since the last firmware release, that this maintenance release doesn't exist or the most useless people @ cisco are on the case.
Is there even an estimated date that we might see the firmware? Or do we have a product that was pushed by product managers again only to perform sub-standardly?
I'd love to actually get a response in 2011
Any solution available as of yet Andrew?
I have followed your other suggestions (Workaround for SRP500 Issues) all to no avail. Well, it's been a week since I had to restart the router but now I'm faced with a different problem.
Whenever I sign into the router using the web GUI, I'm presented with a "Connecting your client device to your network. Please wait..." window. This window remains shown indefinitely even when I restart the browser and login again. I'm unable to do anything when this window is shown. After a long time, I can login as usual again only to be presented with that same window once more. It has something to do with the Wireless Protected Setup or WPS. I did not enable this feature nor use WPS on my WLAN so I'm stumped as to why I'm presented with this annoying persisting message!
Any solutions as of yet Andrew?
I'd like to thank you for this fix and add that this should really be publicised to the users if the 527w as it's a fairly new product and there isn't much in the way of user comment on the forums.
I've spent the last week dealing with random lock-ups on the 527w and had upgraded the firmware to the latest version in an attempt to resolve this issue without success. My customers had pretty much lost faith in this product at this stage but I'm hoping this fix will resolve the ongoing reliablity issue and restore their confidence in Cisco hardware
I too have just purchased 2 SRP527's and ordered a 521 for a broadband connection, which will have VPN's connected between.
Same issue, just configured them, left the clients sites, got a phone call a couple of hours later to say they cant access anything.
I could still access their server (rdp), but no internet access from the server. Could not access the router from the server, or from remotly. Computers in the network had no internet access either. Got an employee to restart the router, everything fine again. Then a day later the other one did the same thing.
I have disabled the voice, as Simons link suggested. I will do the same when I restart the other one. Fingers crossed....
We are in Australia, using Bigpond as out ISP.
Just to confirm my symptoms were exactly the same, router pingable, RDP access fine, but web browsing and http access to router not working, but the good news is that since applying the SIP settings suggested by Simon it's been running solid for the last 4 days and counting...
Same here Barry, SIP change made on Monday, been up and running ever since (touch wood!).
I updated the firmware to 1.01.11 before the SIP was turned off. Will be waiting for a reply from Andy to say they have found the root of the prob, and has another firmware update available. So far the modems seem to work well despite. The phone option is not being used anyway.
Users are saying the RDP and printing through the VPN are alot quicker than previously. We had Linksys WAG54G modems b4, but one site has very bad phone lines. The Linksys kept dropping out. We are changing to a wireless BBand and needed to have an ADSL and BB Wan capable routers. Nothing had VPN wich was compatable with the Linksys, so we are upgrading the lot (3 sites) with the SRP527W and SRP521W. The next option was the Cisco 877's or equivalent, but for a lot more $, which the client was reluctant to pay the extra. The 527 seems to be tolerating the lines a lot better than the Linksys. It hasn't dropped off yet!
To confirm your query, we do have a fix for the issue that was causing the web access lockup - this will be made available in a new maintenance release soon (hopefully some time in November).
I would say though, that even with that fix in place, the workarounds described in the link above remain a best practice configuration if you can use them (depending on the needs of your voice service of course).
Unfortunately I've just had another outage after approx 2 weeks of uptime since disabling the VOIP lines as suggested although I'm not sure if it related to this problem.
Web browsing stopped working but I could access the web interface ok and when I checked the router status the CPU activity was constantly maxxed out at 100%. I think it was related to the DNS proxy as I could ping hostnames from the router but from connected PCs that were using the 527w for DNS I could only access sites by IP address. I'm guessing the 100% CPU usage was afftecting the DNS proxy serving requests.
I rebooted the 527w 3 times but the CPU went back to 100% a few minutes after each reboot. I ended up disconnecting all devices from the router, rebooting and reconnecting all devices and the problem went away but I still don't know what was causing the max CPU activity so I 'm not too confident that it won't happen again. CPU activity has stayed around 10% for the last hour and counting.
Any ideas what, if any, activity on the internal VLAN could max out the SRP 527w CPU, all PCs are clean of viruses and no P2P clients in use.
We had a similar report to this a while ago. At the time, this seemed to be related to a client using the first version of Safari 5.0 which used a DNS look ahead process that tended to crash router DNSd services. Apple fixed this in a following maintenance release (5.0.1) of Safari and I haven't heard any reports of this since.
Are there any client processes on you LAN that might be having a similar impact?? As a work around, have you tried disabling DNS Proxy in the DHCP settings on the SRP?
The SRP 527 has been a source of Frustration for me also.
We went from a 857 to the 527W because we required a WAN router we are using one of the LAN ports on the 527 as a WAN port couldn’t get the 521.
We seem to have the same issues as experienced by others router lockup, DHCP failure port forwards seem to be working touch wood.
The admin login wasted some of my time couldn’t work out how to firmware upgrade the router until I figured this one out. The 1.01.11 firmware hasn’t seemed to have done much to improve things.
I tried the suggested fixes turning off the SIP ports as per the post form Andy and DHCP still didn’t work. I also turned off the SIP 5060 / 5061 forwards to our SIP enabled PABX as a test. I fail too see how this is related to the issues and highly doubt we have been receiving attacks on these ports. May be the sip attack is my Mobile Softphone client trying to register to our PABX.
I understand this is a low cost entry level product but I don’t see why we should have to purchase support to make the product do what it is supposed to do.
Hopefully these issues can be resolved quickly without the need for purchasing support.
It sounds like maybe you are seeing something different here. Could you describe your issues with DHCP in a little more detail please?
The suggested workaround to the access issue required the reconfiguration of the internal SIP User Agent in the SRP500, there should be no issue with SIP traffic being forwarded through the SRP.
The Port forwards to the SIP devices behind the firewall on 5060 work fine.
The DHCP symtoms I have seen is a cleint will register then have a lease time of 59 seconds then count down to 0 during this period the device dosent respond to pings.
At the Moment I can see 2 devices that have the full lease time of 6 days 22 hours and these can be pinged. Others are still popping up with the 59 second lease time also.
For now I will turn off the DHCP in vlan settings and wait for the update. After turning off the DHCP server in the router the devices that have been assigned adreseses do not respond to pings again I would have thought they would have lasted the lease time.
Some of our devices ie sonos dont have a fixed IP option.
I haven't heard of this DHCP issue before. Is there any difference between the devices (model / OS etc) that get short leases, versus those that get the full term?
I haven't specifically tested to see what happens when a DHCP rule is removed from a VLAN - but I suspect that the ARP cache / CAM table are getting flushed - did you try pinging the SRP from the DHCP client - did that work?
Is there updated firmware on the cards here?
We have rolled these out to many clients and we are having nothing but issues.
If there is no solution to these bugs we will be taking them our and returning them as an RA.