I have a 2860n setup for a customer with a single BT FTTC connected to WAN1. The network is essentially just 4 PCs, 5 Credit card processing terminals (Streamline/Worldpay), A couple of printers, and a couple of iPhones on WiFi.

To separate the Credit Card Terminals from the other devices (for the purposes of PCI/DDS compliance) I have created a second VLAN and tagged the ports which the card machines are connected to. This works perfectly and I have all of the card machines getting a different LAN IP etc and traffic cannot pass between the two networks (as expected).

My issue is that AFTER A COUPLE OF DAYS (believe this may give a clue) the card machines are unable to communicate with Streamline/Worldpay and therefore cannot take payments - also if you run a diagnotics test on the machine is fails when trying to connect to Worldpay's servers. It happens randomly, but the only way to get the machines to start working again (and taking payments) is to reboot the router.

Over the past few weeks I have tested different combinations and we have even got 4 new card machines from Streamline. It appears that if I only have a single card machine connected, this will work fine for a week. If I have more than 2 machines connected they will stop communicating with Worldpay within 3 or 4 days and the only way to recover is to reboot the router (rebooting the card machines makes no difference).

When having a single card machine connected I noticed in the NAT Sessions Table there were a large number of connections open for this machine (even when it was not in use at the time) and that these sessions never appear to clear. I ran a “show portmap ?” command in telnet and got the following:

Code:

------------------------------------------------------------------------------- Private_IP:Port Pseudo_IP:Port Peer_IP:Port [Index/Protocol/Flag] ------------------------------------------------------------------------------- 192.168.50.15:61167 MYWANIP:62127 195.188.150.155:45606 [49996/6/10e0] 192.168.50.15:61168 MYWANIP:62128 195.188.150.155:45606 [49999/6/10e0] 192.168.50.15:61169 MYWANIP:62129 195.188.150.155:45606 [49995/6/10e0] 192.168.50.15:61170 MYWANIP:62130 195.188.150.155:45606 [49997/6/10e0] 192.168.50.15:61171 MYWANIP:62131 195.188.150.155:45606 [49998/6/10e0] 192.168.50.15:61172 MYWANIP:62132 195.188.150.155:45606 [49993/6/10e0] 192.168.50.15:61173 MYWANIP:62133 195.188.150.155:45606 [49994/6/10e0] 192.168.50.15:61265 MYWANIP:62225 195.188.150.155:45606 [49900/6/10e0] 192.168.50.15:61266 MYWANIP:62226 195.188.150.155:45606 [49905/6/10e0] 192.168.50.15:61367 MYWANIP:62327 195.188.150.155:45606 [49914/6/e0] 192.168.50.15:61368 MYWANIP:62328 195.188.150.155:45606 [49859/6/e0] 192.168.50.15:61370 MYWANIP:62330 195.188.150.155:45606 [49910/6/e0]

This is just a small snippet of the repeated rows produced (there were approx 100).
192.168.50.15 - is the card machine on the LAN
MYWANIP - is my external WAN IP which I have redacted for security
195.188.150.155 - is one of the IPs for Streamline (I believe).

I ran a “portmaptime -f” telnet command to flush all of the portmaps and then re-ran the “show portmap ?” command and this still showed all of the sessions. For some reason I am unable to clear the sessions.

As far as I can tell it’s as if the sessions get stuck and never clear and so they build up until it stops accepting sessions. Usually with card machines I would expect to only see 1 or 2 sessions per device and never any more than that.
When I have all 4 machines connected at the same time, this seems to stop the connections quicker (3 to 4 days) and requires the router reboot to resolve.

Is this router faulty perhaps? I was previously running on firmware v3.8.1. However have since upgraded to v3.8.2 and the same issue occurs.

There is nothing complicated configured on this router, just factory defaults, 1 WAN (FTTC) with 2 WAN IPs. 2 LANS with VLANs assigned to the ports, Wireless enabled and secured and that's about it. I have been battling this problem for quite a few weeks now so would appreciate some advice.

Many thanks
James.