ICMP pings from router

fvideira · July 28, 2025, 4:05pm

We are experiencing issues with wireless door locks that are running out of battery due to the high traffic on their VLAN.

They are on a separate VLAN, and after a packet capture, I noticed the router is pinging each lock every minute, which causes the locks to wake up and respond, wasting battery.

I tried blocking the ICMP traffic on the firewall (Any → to network, router to network, etc.), but I still see the router pinging the devices.

Is there a way to stop those pings?

Cheers!

Rick-DC · July 28, 2025, 4:55pm

We are dealing with similar issues. Schlage locks?

fvideira · July 28, 2025, 5:08pm

No. Dormakaba.

I opened a ticket with Peplink support to see if there is anything we can do.

MarceloBarros · July 28, 2025, 6:27pm

Hi, @fvideira

Have you enable…
Screenshot 2025-07-28 at 15.25.33

So… this way you will have a screen like this.

fvideira · July 28, 2025, 8:32pm

I have already set up the rules for internal networks.

I even set up some extra rules (two on the bottom) as I don’t want the devices on the 192.168.12.0 to send or reply to ICMP requests. The devices are on the LAN side.

MarceloBarros · July 28, 2025, 9:39pm

icmp:1 ??

But… echo request it is icmp:8 !
and echo reply is icmp:0 !

Google
The first byte specifies the type of ICMP message. For example, type 8 is used for an ICMP request and type 0 is used for an ICMP reply.

AND

VLAN_TO_VLAN

fvideira · July 29, 2025, 9:00am

ICMP:1 should block all ICMP traffic, as per Peplink’s menu

I have tried 0 and 8, both for the Inbound and Internal firewalls, adding the subnet and gateway, but it did not work. I still see 192.168.12.1 pinging and devices replying on the 192.168.12.0 network.

Here is a packet capture:

Do you have any other ideas? Could it be a firmware bug? I am running 8.5.2 build 5862.

MarceloBarros · July 29, 2025, 6:10pm

Hi, @fvideira
I believe, it is a software bug… I am using 8.5.2s042 b5760 (max700 hw3), but also test at MAX HD4 MF. Same issue with icmp rule…

Look at ARP below

support arp
? (192.168.212.5) at b8:27:eb:42:d0:ca [ether] on Untagged LAN
? (192.168.212.14) at 00:0c:43:06:ef:78 [ether] on Untagged LAN
? (10.33.131.33) at a8:c0:ea:43:76:00 [ether] on VWAN1 ID21 CLARO
? (192.168.212.13) at de:bd:f5:32:0f:38 [ether] on Untagged LAN
? (192.168.212.27) at on Untagged LAN
? (192.168.212.12) at 00:1a:dd:12:dc:60 [ether] on Untagged LAN
? (192.168.212.7) at b8:27:eb:05:83:0f [ether] on Untagged LAN
? (192.168.212.31) at on Untagged LAN

Why the ARP command does not show the ARP address of the LAN interface of Peplink?

Screenshot 2025-07-29 at 15.05.27

fvideira · July 29, 2025, 7:48pm

It looks like a bug. I will try to escalate the issue with support.

Cheers!

fvideira · August 5, 2025, 6:50pm

As per engineering, the pings that are killing the batteries of my Dormakaba locks are coming from InControl2.

At this time, there is no way to block them. However, they told me that Peplink will include an option/feature(?) that will fix this issue in firmware 8.5.3.

Meanwhile, the only workaround is to remove the router from InControl2 and manage it via remote connection.

After I made the changes to my routers (System> InControl - change to Disable), our locks reported normal behavior, and the sleep counts returned to normal.

So, gentlemen, let’s wait for 8.5.3 to be released, and I will post an update.

Cheers!