D-Link Forums

The Graveyard - Products No Longer Supported => DIR-655 => Routers / COVR => Europe DIR-655 => Topic started by: knudseno on December 26, 2013, 04:07:14 AM

Title: DIR-655 reboot when shcedule access changes
Post by: knudseno on December 26, 2013, 04:07:14 AM
I have had DIR-655 for several years (2009?), and I am generally very happy with it. :)

Wanted to upgrade to DIR-868L, but chose not to do that, because it seems to have essentially same firmware facilities and problems as DIR-655 has.  No reason to upgrade, then.

The annoying problems in DIR-655 are:  :-\
 1) Reboots every 5-10 minutes, when scheduled access control denies access for children's PC's.
 2) Breaks wired connection, when wireless is turned off/on by schedule.
 3) Allows internet access by IP address (skype,facebook,steam,lolplayer) when blocked

1st problem: reboot every 5-10 minutes when access control deny internet access
Children's PC's and smartphones are registered by MAC and assigned IP address by DHCP reservations.  Access control for these IP addresses change during day between 3 states:-
 a) 16:30-22:30 Mon-Sun Evening - allow all access, logged
 b) 22:30-06:30 Mon-Sun Night - blocked all access to internet
 c) 06:30-16:30 Mon-Fri Work - allow access to some internet sites (school)
 d) 06:30-16:30 Sat-Sun Weekend - allow all access, logged

When access changes to Night schedule, children's PC's and smartphones goes amok and sends thousands of DNS requests, which are correctly denied.  They are connected by wireless.  After 5-10 minutes, the router reboots itself and breaks my wired work server connection.

2nd problem: Breaks wired connection, when wireless is turned off/on by schedule.
So, I tried turn wireless radio off/on via schedule:
 a) 06:25-22:35 Mon-Sun - wireless ON
 b) 22:35-06:25 Mon-Sun - wireless Off

When wireless radio changes On-OFF or Off-ON, it interrupts wired connections.

3rd problem: full internet access by IP address, when limited by web address
Many internet services like Skype,Lolplayer,etc are still accessible when only 15-20 web addresses were allowed.  I guess they use IP addresses and bypass DNS lookup.

Other information
Hardware: DIR-655 rev. A4
Firmware: v1.37 EU (recently upgraded from v1.31 EU)

Are you wired or wireless connected to the router?
- my PC, NAS and work server are connected by wire (1gbit)
- 2 x children's PC's, 4 x smartphones and 1 x LG-tv by wire-less
Has a Factory Reset been performed?
- no (many reserved MAC addreses in DHCP, schedules, and access control)
Was a Factory Reset performed before and after any firmware updates then set up from scratch?
- Backed up configuration before, upgraded firmware, then restored configuration.
Was the router working before any firmware updates?
- no, DNS bypass "block some websites" always possible.
- no, wired interrupt always happened when wireless ON/OFF changed.
- yes, "reboot storm" every 5-10 minutes during night is much worse now
What ISP Service do you have? Cable or DSL?
- DIR-655 wan connected as DHCP client to Netgear CG3000 (cable/docsis)
What ISP Modem service link speeds UP and Down do you have?
- 30mbit down, 3 mbit up, 10 ms ping
Cable router/modem in NAT or Bridge mode?
- Cable router NAT mode, network: 192.168.1.1/255.255.255.0
- DIR-655 router NAT mode, network: 192.168.0.1/255.255.255.0, wan: 192.168.1.100
Under Setup/Wireless/Manual, What wireless modes are you using?
- mode N only
- auto scan: Off
- wireless channel: 1
- transmission rate: Best (automatic)
- channel width: auto 20/40 MHz
- WISH: Active
- RTS threshold: 2346
- Fragmentation threshold: 2346
- DTIM interval 1
- WLAN partition: Off
- WMM enable: ON
- Short GI: On (have also tried off)
- Extra wireless protection: ON (have also tried off)
What security mode are you using?
- Security mode:wpa-personal
- WPA mode: WPA2 only
- Cipher mode: AES  (no TKIP)
Router and wired configuration:
- Unicasting: On
- MTU: 1500
- DNS relay: ON
- DHCP server: ON
- DHCP reservations: 24 IP addresses reserved for known MAC (table is full)
- UPnP: Off
- WAN ping respond: Off
- WAN port: Auto (actual: 1gbit)
- Syslog: Enabled to NAS on 192.168.0.2
- NTP clock: Enabled to pool.ntp.org
- timezone: GMT+01:00 with Daylight saving enabled, offset +01:00
Advanced QOS engine
- WAN Traffic shaping: Off
- Automatic uplink speed: Off
- Manual uplink speed: 40000 kbps
- QoS engine: Off
Advanced WISH engine
- WISH engine: On
- HTTP priority classify: On
- Windows media classify: Off
- Automatic classify: On
Advanced Firewall
- UDP endpoint filtering: Port and Address restricted (have also tried Independent)
- TCP endpoint filtering: Address restricted (have also tried Independent)
- Anti-spoof check: ON
- DMZ: Off , not enabled
- IPsec: ON
- SIP: Off

As I said, I am still rather happy with DIR-655, but have dropped upgrade plan with DIR-868L
Title: Re: DIR-655 reboot when shcedule access changes
Post by: FurryNutz on December 26, 2013, 12:43:54 PM
This seems to be a mis-configuration issue rather than a problem with FW.

I recommend doing a factory reset and configure the router from scratch after doing any FW updates.
Please follow this for doing FW updates:
 FW Update Process (http://forums.dlink.com/index.php?topic=42457.0)
There maybe changes to the FW that maybe incompatible with the saved configuraiton from prior FW versions.

One issue that is not a D-Link issue and could impact proper operation is your ISP modem/router combo:

I recommend that you start with one device to configure and setup the schedule and access control to test with. Once you get it set up and tested with success, then add the next device. Keep graduating this and you should get a proper setup for all on the router and it working well. I recommend that you disable the iSP modems NAT and keep it solely on the 655 router. This will help eliminate problems.

As for the DIR-868L, it's not even close to being the same as the 655. Maybe the UI seems the same however it's very different. I do have both DIR-655 and 868L routers and I can tell you that both work well for me when configured correctly.

Please review this for recommended tips and suggestions:
Router Troubleshooting Suggestions and Tips (http://forums.dlink.com/index.php?topic=54498.0)

Try this for schedule and access control:
http://forums.dlink.com/index.php?topic=56478.0 (http://forums.dlink.com/index.php?topic=56478.0)
Title: Re: DIR-655 reboot when shcedule access changes
Post by: knudseno on December 26, 2013, 05:03:19 PM
Thanks for the reply.

The solution is to not use the parential controls,so aggressively.  Realise that web filter can be bypassed by not using DNS, and live with that.  Radio stay on all time.  DNSflood/reboot seems to be less of a problem, when rules are simpler.

I think I wanted to hear, that firmware for the new routers was actively improved on the subject of wireless schedule (no more interrupt on wired connection, when radio is toggled off/on), and access control schedules (flood detect and defense).

I am not really looking for a faster router, because I don't have any devices type AC on 5 GHz yet.  DIR-868 does not seem to offer much more speed with type N on 2.4 GHz than I already have with DIR-655.  2-3 years from now, when devices with 5 GHz type AC wireless becomes more mainstream, I'll reconsider anyways.  If the actual functional improvements (other than obvious type N vs. type AC) from DIR-655 to DIR-868 was documented, then I might reconsider a new router now. 

Some things that aren't documented in the manual for DIR-868L, are the limits, like
- how many DHCP reservations can you make?  Limit seems to be 24 MAC's.  I have more than 40 MAC's in the house.
- how many web sites can you allow/deny?  Limit sems to be 40 websites
- can I use different website lists for different access control schedules?  Don't think so...
It would be good to have a "whitelist" for work-time (allow only school's websites), and a "blacklist" for free-time (allow everything except Google Translate as cheat-tool), and a "emergency-list" which is always allowed, f.ex. Windows Update, Android Update, and a few others.  In short: multiple website filters to be used on different schedules.

Title: Re: DIR-655 reboot when shcedule access changes
Post by: FurryNutz on December 26, 2013, 05:07:30 PM
Then you may need to look at other model routers, maybe a DSR series router for those kinds of features. The DIR series is tuned to more of a home environment and some of those features and quality of MACs exceeds the DIR series line of routers in which the average home user may not have. There maybe other model routers that have more features and have bigger DHCP tables for those who need that kind of table to work with.

I would recommend also checking out some DDNS sites that you could use as an alternative suggestion to DNS and filtering web sites.

Glad you got the 655 working better for you. Enjoy.