Home routers are not receiving commands

Hello everyone,

I have been struggling with a persistent issue for weeks and I hope someone here can help. I am running GenieACS v1.2.13 on Ubuntu 24.04. Several routers (different brands/models) connect to the ACS, appear in the device list, and send periodic informs, but they do not execute any commands (Reboot, SetParameterValues, etc.). Even a Telegram bot I built (using the GenieACS NBI API on port 7557) sends commands successfully, but the devices simply ignore them – the tasks remain pending until the devices are manually rebooted.

Devices involved:

1. Huawei HG255s (multiple units)
2. Netis N2 (firmware version Netis(N2)-V1.6.1497)
3. MikroTik RB951G-2HnD (running RouterOS, with tr069-client package installed and enabled)

All devices are on the same local network (192.168.15.0/24). The GenieACS server is at 192.168.15.251.

What I have already tried (with no success):

· ACS URL: Verified that it is http://192.168.15.251:7547/ (not HTTPS) and that the devices can reach it (they appear in the GUI with correct IPs and last inform timestamps).
· Periodic Inform: Enabled and set to 300 seconds (also tried 60 seconds).
· Connection Request Credentials: The devices send their own credentials (username/password) during registration, and I can see them stored in GenieACS. I have also tried setting them manually.
· Port Forwarding & Firewall:
· On the HG255s, I tried opening port 7547 in its own firewall (limited options) and also configured port forwarding on a MikroTik router (acting as a gateway) to forward external ports (7547, 7548, etc.) to the internal IPs of these devices. I added firewall rules to allow incoming TCP traffic on those ports from the GenieACS server.
· On the MikroTik RB951G, I added firewall rules (/ip firewall filter) to allow input and forward on port 7547 from the GenieACS IP.
· Changing Connection Request Port: On the HG255s, I changed the connection request port from 7547 to 8080 and added corresponding port forwarding rules. The device updates the port in its Inform, but telnet from the server to the device’s IP on that port still times out or is refused.
· Testing Connectivity: telnet <device_ip> 7547 (or 8080) from the GenieACS server always results in Connection timed out or Connection refused. This confirms that the devices are not listening on the TR-069 port for incoming connections.
· Observing Logs: The GenieACS CWMP access log shows ACS request entries when I send a command (e.g., Reboot), but there is no corresponding response from the device. The task just stays in a pending state until the device next sends an inform (or is rebooted manually), at which point it executes.
· MikroTK Specific: On the RB951G, I have verified that the tr069-client is enabled, the ACS URL is correct, and periodic inform is working. The device appears in the GenieACS list with a recent last inform time, but it still refuses connection requests. The MikroTik firewall is configured to accept input on port 7547 from the GenieACS server.

What works (partially):

· Devices register and send periodic informs. I can see their parameters in the GUI.
· If I set the periodic inform interval to a very low value (e.g., 60 seconds) and send a command, it will eventually execute during the next scheduled inform, but only if the device initiates the connection. This confirms that the devices are capable of receiving and processing RPCs, but they will not accept an incoming connection request from the ACS.
· The Telegram bot works perfectly in terms of sending commands to the GenieACS API; the failure is purely on the device side.

My conclusions so far:

· The issue is not with GenieACS itself, nor with the network connectivity (since informs are received).
· The problem is that these consumer-grade routers (HG255s, Netis) do not support or have disabled the “Connection Request” feature of TR-069. They act as clients only and never open a listening port.
· Even the MikroTik, which is supposed to fully support TR-069, is behaving the same way in my setup, which suggests I might have misconfigured something on it, or perhaps there is a deeper issue with how the devices handle the ConnectionRequestURL parameter.

My questions to the community:

1. Has anyone successfully used TR-069 with Huawei HG255s or Netis N2 routers? Are they known to support RPCs like Reboot and SetParameterValues?
2. Is there any known workaround to force these devices to accept incoming connection requests? Perhaps a specific firmware version or a hidden setting?
3. Regarding the MikroTik RB951G, what could be wrong? I have followed the official documentation. Could it be a firewall issue at the device level that prevents it from accepting connections on port 7547 even though the rule is added? How can I verify that the tr069-client is actually listening?
4. Since the devices do execute commands during periodic informs, is there a way to force an immediate inform from the ACS (e.g., by sending a special packet or using a different RPC)? Or is the only reliable method to keep the inform interval very low (e.g., 30 seconds) and accept the delay?
5. Could this be related to the data model? Are these devices perhaps using a different parameter for connection request credentials that GenieACS is not updating correctly?

Hi Khaled,

When testing connectivity from client to the ACS, you should use http://deviceip:7547 but when testing from the ACS to the client, there is a different port that is used.

You should check the ConnectionRequestURL value for each device to confirm which port is being used. My devices use port 30005.

Are any faults being generated when your clients are first registering on the ACS?

ubject: Re: Devices register but do not accept commands – ConnectionRequestURL shows port 7547 but still fails

Hello again,

Thank you for your helpful reply. I checked the ConnectionRequestURL for one of my Netis routers as you suggested. The value I found is:

http://192.168.150.102:7547/

So it seems the device is using port 7547 for connection requests, not a random port. However, when I try to connect to this port from the GenieACS server using telnet 192.168.150.102 7547, I get Connection refused or Connection timed out. This confirms that the router is not actually listening on that port, even though it advertises it.

I also checked the Faults tab for this device, and I see errors like:

· Connection request failed
· Unable to connect

So the problem is clearly that the router does not accept incoming connections on port 7547, despite having the correct settings (ACS URL, credentials, etc.).

My questions:

1. Is there any known way to force the router to listen on that port? Could it be a firewall setting inside the router that I need to disable?
2. If the router simply does not support incoming connection requests (as I suspect), is the only reliable workaround to set a very short Periodic Inform Interval (e.g., 60 seconds) and let the device poll the ACS for pending tasks?
3. Have you encountered similar behavior with Netis or Huawei HG255s routers? Is there any firmware update or hidden setting that might enable this feature?

I really appreciate your time and expertise. Any further guidance would be very helpful.

Thanks

Port 7547 is usually used on the server-side but it is possible for a client to also use it,

Either way, if your client device is not listening on that port, unless there is some firewall option that is blocking incoming traffic on 7547, there is nothing you can do but to reach out to the vendor and let them correct that.

It is not uncommon for vendors to have TR69 clients that are working incorrectly. We use a few Huawei models (not your model) as well as other vendors and there have been a few times where we had discovered an error in their TR69 client and asked them to correct it with new firmware.

Hope this helps.

Connection refused actually points to a firewall issue.

You also need to check (mtr, traceroute) the path to the device 192.168.150.102. You can also have a problem with the firewall on the device itself (usally this is not an issue). As far as I can see 192.168.150.102 is a local IP address. Is this the same IP address that the CPE uses to connect to the ACS? Maybe the CPE is behind NAT and you’d need to use STUN/XMPP server to connect to it.

various reasons could cause your issue, but most certain they are a network connectivity problem.