AC1900 loses internet access after reboot completes, need to manually disconnect/reconnect to internet each time

[LabQa]

Hi, I have a TM-AC1900 router and whenever I reboot it I lose internet access after reboot has completed. The router thinks it is connected, the little icon on top is lit and mouse hover shows 'Internet Status: Connected' but I can't get to any sites. I need to click on the little icon and click to 'Disconnect the Internet connection' and then click again to now connect to the Internet, at which point I then can access the web again.
It has always had this issue and a call a few years ago to tech support did not provide any help, anyone else have this problem with the AC1900 or have any ideas what would be causing it to always do this with every reboot? I have Xfinity Internet and use a Cisco modem, don't have IPv6 enabled, and the LAN Wi-Fi always works after reboot, it's the WAN access that has to be manually "rebooted" after each router restart. Not sure what other info to provide that may be of use but let me know,

 

[L&LD]

If you're not with the original ISP that provided that modem to you, time to upgrade. That (class/era) router is effectively obsolete today.

 

[LabQa]

It is a DOCSIS 3 modem, and the latest DOCSIS 3.1 version only has the benefits of higher speed and enhanced security, so those are not things that would have an effect on why the router cannot connect to the internet ONLY after a reboot. And I am still with the same ISP (Xfinity), just not renting a modem for $15/month and instead have always used my own (even when rental was only $3/month )

 

[L&LD]

The latest modern also has other benefits too.

Maybe you can buy a DOCSIS 3.1, test it in your environment, and if it works, sell the old one.

 

[drinkingbird]

Hi, I have a TM-AC1900 router and whenever I reboot it I lose internet access after reboot has completed. The router thinks it is connected, the little icon on top is lit and mouse hover shows 'Internet Status: Connected' but I can't get to any sites. I need to click on the little icon and click to 'Disconnect the Internet connection' and then click again to now connect to the Internet, at which point I then can access the web again.
It has always had this issue and a call a few years ago to tech support did not provide any help, anyone else have this problem with the AC1900 or have any ideas what would be causing it to always do this with every reboot? I have Xfinity Internet and use a Cisco modem, don't have IPv6 enabled, and the LAN Wi-Fi always works after reboot, it's the WAN access that has to be manually "rebooted" after each router restart. Not sure what other info to provide that may be of use but let me know,

Try toying with the settings for DHCP aggressiveness (if the T-Mo version has that). That router runs very old firmware and even when the firmware was new, was known to be buggy. When you're in that state check your WAN and see if it is getting an IP, gateway, and DNS servers from the ISP DHCP server. See if you can ping the ISP's default gateway from a LAN device (which may mean DNS isn't working).

All else fails, factory reset and reconfigure manually, see if it helps.

 

[LabQa]

Try toying with the settings for DHCP aggressiveness (if the T-Mo version has that). That router runs very old firmware and even when the firmware was new, was known to be buggy. When you're in that state check your WAN and see if it is getting an IP, gateway, and DNS servers from the ISP DHCP server. See if you can ping the ISP's default gateway from a LAN device (which may mean DNS isn't working).

All else fails, factory reset and reconfigure manually, see if it helps.

This router does not have a settings for DHCP aggressiveness, so that's not an option to tweak. The router WAN section does not show ISP Gateway so I can't confirm that, and the DNS servers I have set manually (and have tried automatic as well).

When I ping the ISP Gateway (96.120.103.137) after reboot I get Request Timed Out, and tracert does a reverse dns lookup and times out.

TRACEROUTE AFTER ROUTER REBOOT (Devices do not have internet access but Router UI shows "Internet Status: Connected" and shows the WAN IP address):
Tracing route to www.google.com [10.0.0.1]:
1 <1 ms <1 ms <1 ms 1.2.168.192.in-addr.arpa [192.168.2.1]
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.

TRACEROUTE WITH INTERNET DIS-CONNECTED (via Router UI):
Tracing route to www.google.com [10.0.0.1]
1 1.2.168.192.in-addr.arpa [192.168.2.1] reports: Destination net unreachable.

TRACEROUTE WITH INTERNET CONNECTED:
Tracing route to www.google.com [172.217.14.196]
1 <1 ms <1 ms <1 ms TM-AC1900-37B0 [192.168.2.1]
2 7 ms 6 ms 9 ms 96.120.103.137
3 8 ms 6 ms 8 ms 24.153.80.113
4 10 ms 8 ms 12 ms po-100-xar02.everett.wa.seattle.comcast.net [69.139.164.217]
5 15 ms 9 ms 9 ms be-301-arsc1.seattle.wa.seattle.comcast.net [24.124.128.249]
6 14 ms 10 ms 12 ms 50.222.176.218
7 13 ms 10 ms 11 ms 142.251.50.43
8 10 ms 9 ms 9 ms 209.85.254.171
9 7 ms 14 ms 8 ms sea30s01-in-f4.1e100.net [172.217.14.196]

It seems it has to be a DNS issue, and I've tried changing the DNS servers on both Router WAN and LAN (and also device network adapters) to all use either automatic (Xfinity) or Google DNS, same result. Seems that something is getting messed up with DNS after reboot and the only thing that fixes it every time is when I have the router disconnect and then connect again to the internet. Something gets reset at that point that apparently gets messed up during reboot.

 

[drinkingbird]

This router does not have a settings for DHCP aggressiveness, so that's not an option to tweak. The router WAN section does not show ISP Gateway so I can't confirm that, and the DNS servers I have set manually (and have tried automatic as well).

When I ping the ISP Gateway (96.120.103.137) after reboot I get Request Timed Out, and tracert does a reverse dns lookup and times out.

TRACEROUTE AFTER ROUTER REBOOT (Devices do not have internet access but Router UI shows "Internet Status: Connected" and shows the WAN IP address):
Tracing route to www.google.com [10.0.0.1]:
1 <1 ms <1 ms <1 ms 1.2.168.192.in-addr.arpa [192.168.2.1]
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.

TRACEROUTE WITH INTERNET DIS-CONNECTED (via Router UI):
Tracing route to www.google.com [10.0.0.1]
1 1.2.168.192.in-addr.arpa [192.168.2.1] reports: Destination net unreachable.

TRACEROUTE WITH INTERNET CONNECTED:
Tracing route to www.google.com [172.217.14.196]
1 <1 ms <1 ms <1 ms TM-AC1900-37B0 [192.168.2.1]
2 7 ms 6 ms 9 ms 96.120.103.137
3 8 ms 6 ms 8 ms 24.153.80.113
4 10 ms 8 ms 12 ms po-100-xar02.everett.wa.seattle.comcast.net [69.139.164.217]
5 15 ms 9 ms 9 ms be-301-arsc1.seattle.wa.seattle.comcast.net [24.124.128.249]
6 14 ms 10 ms 12 ms 50.222.176.218
7 13 ms 10 ms 11 ms 142.251.50.43
8 10 ms 9 ms 9 ms 209.85.254.171
9 7 ms 14 ms 8 ms sea30s01-in-f4.1e100.net [172.217.14.196]

It seems it has to be a DNS issue, and I've tried changing the DNS servers on both Router WAN and LAN (and also device network adapters) to all use either automatic (Xfinity) or Google DNS, same result. Seems that something is getting messed up with DNS after reboot and the only thing that fixes it every time is when I have the router disconnect and then connect again to the internet. Something gets reset at that point that apparently gets messed up during reboot.

No if it was a DNS issue your first trace would work fine (the DNS lookup would time out and it would give you an IP). I don't know what the GUI of that router looks like but you must be able to see WAN IP stuff, on the regular 68 on the main page you click the globe icon and on the right under internet status it will show your IP, gateway, and DNS servers. If any of those are blank, DHCP seems to be failing on startup, maybe querying too soon.

So if you go to WAN settings then at the bottom under "special requirement from ISP" there is no "DHCP query frequency"?

Best thing I can suggest is hard reset to defaults (using WPS button) and reconfigure from scratch (not a backup), see if it improves. You can try and find if there is a later firmware than what you have out there, but even the latest one will be years old at this point. May be time to retire that router, it was a good deal at the time but it has a lot of security vulnerabilities now and the castrated T-Mobile firmware was never the best. Or check your cabling, it is possible it is having some errors and interfering with the DHCP. Since the initial DHCP request is UDP, there is no recovery mechanism. Though you'd think it would retry after a while.

Could just be some weird timing issue between that router and the modem, but it is a fairly common router I'd think it would be a more widespread issue. What happens if you power off the router, reboot the modem, let it fully synch, then power on the router? Or vice versa, once the router is fully online, reboot the modem?

Or one other hint, it is illegal to flash Merlin firmware onto that router, and cannot be discussed here. Other sites do not have the same discussion restriction, but it is still illegal technically.

 

[LabQa]

No if it was a DNS issue your first trace would work fine (the DNS lookup would time out and it would give you an IP). I don't know what the GUI of that router looks like but you must be able to see WAN IP stuff, on the regular 68 on the main page you click the globe icon and on the right under internet status it will show your IP, gateway, and DNS servers. If any of those are blank, DHCP seems to be failing on startup, maybe querying too soon.

So if you go to WAN settings then at the bottom under "special requirement from ISP" there is no "DHCP query frequency"?

Best thing I can suggest is hard reset to defaults (using WPS button) and reconfigure from scratch (not a backup), see if it improves. You can try and find if there is a later firmware than what you have out there, but even the latest one will be years old at this point. May be time to retire that router, it was a good deal at the time but it has a lot of security vulnerabilities now and the castrated T-Mobile firmware was never the best. Or check your cabling, it is possible it is having some errors and interfering with the DHCP. Since the initial DHCP request is UDP, there is no recovery mechanism. Though you'd think it would retry after a while.

Could just be some weird timing issue between that router and the modem, but it is a fairly common router I'd think it would be a more widespread issue. What happens if you power off the router, reboot the modem, let it fully synch, then power on the router? Or vice versa, once the router is fully online, reboot the modem?

Or one other hint, it is illegal to flash Merlin firmware onto that router, and cannot be discussed here. Other sites do not have the same discussion restriction, but it is still illegal technically.

Attached are a few screenshots, it shows that the router is connected to the internet after reboot and has all necessary settings aquired.

I missed the DHCP Query Frequency setting when I first looked, it was set to Aggressive and I have changed it to Normal (only other option), same issue still. I tried rebooting the modem after router reboot, same issue. And cable swapping did not help either.

It did find a workaround in the meantime to having to disconnect/connect to internet: After reboot, if I change the WAN setting of "Connect to DNS Server automatically" from Yes to No or No to Yes (and click Apply), I immediately have web access again. So it appears it is a DNS issue after all?
Why that works I don't' get since I have set the static DNS servers to be the same as when acquired automatically, and it does not matter if I have it set to Yes or No before reboot, I need to toggle from one to the other to regain web access.
Also, when I disconnect the router from internet, all the settings are blank as expected (IP address, gateway, ...) except for the DNS ones, they still show DNS values even when I have it set to automatic, which then I think it should not be able to acquire if it cannot acquire an IP or gateway.

Another thing that is confusing, when I do a tracert the first IP address besides the router shows as "96.120.103.137" which a Comcast gateway address but the router shows the gateway as "24.16.88.1" which does not show anywhere in the trace but apparently is also a Comcast gateway (https://ipinfo.io/96.120.103.137, https://ipinfo.io/24.16.88.1).

Tracing route to www.google.com [142.251.211.228]over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms TM-AC1900-37B0 [192.168.2.1]
2 7 ms 7 ms 12 ms 96.120.103.137
3 8 ms 8 ms 7 ms po-303-1239-rur101.everett.wa.seattle.comcast.net [24.153.80.137]
4 8 ms 12 ms 8 ms po-2-rur102.everett.wa.seattle.comcast.net [69.139.161.234]
5 8 ms 8 ms 8 ms po-100-xar02.everett.wa.seattle.comcast.net [69.139.164.217]
6 8 ms 10 ms 9 ms be-301-arsc1.seattle.wa.seattle.comcast.net [24.124.128.249]
7 12 ms 10 ms 9 ms 50.222.176.214
8 9 ms 9 ms 8 ms 142.251.50.47
9 12 ms 9 ms 10 ms 216.239.43.231
10 15 ms 8 ms 10 ms sea30s13-in-f4.1e100.net [142.251.211.228]
Trace complete.

Tracing route to c-24-16-88-1.hsd1.wa.comcast.net [24.16.88.1] over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms TM-AC1900-37B0 [192.168.2.1]
2 13 ms 7 ms 9 ms c-24-16-88-1.hsd1.wa.comcast.net [24.16.88.1]
Trace complete.

Any thoughts on these oddities? Thanks very much for all the input so far, I am leaving a factory reset for last, it's bugging me too much still that I can't figure out what's causing this. And I have looked into Merlin a few times in the past, may give that a try one of these days.

 

[drinkingbird]

Any thoughts on these oddities? Thanks very much for all the input so far, I am leaving a factory reset for last, it's bugging me too much still that I can't figure out what's causing this. And I have looked into Merlin a few times in the past, may give that a try one of these days.

I didn't notice in your original trace that google.com was returning 10.0.0.1 so yeah something going on with DNS. When the issue exists, try tracing to a known IP like 8.8.8.8 (Google DNS). If it gets there, your issue is definitely DNS related. When you change the DNS setting I believe that bounces the WAN port just like if you toggled it off and on so that may not actually be doing anything with DNS, or maybe it is "waking up" a buggy dnsmasq on your router.

Honestly at this point, factory reset is the way to go.

 

[LabQa]

I didn't notice in your original trace that google.com was returning 10.0.0.1 so yeah something going on with DNS. When the issue exists, try tracing to a known IP like 8.8.8.8 (Google DNS). If it gets there, your issue is definitely DNS related. When you change the DNS setting I believe that bounces the WAN port just like if you toggled it off and on so that may not actually be doing anything with DNS, or maybe it is "waking up" a buggy dnsmasq on your router.

Honestly at this point, factory reset is the way to go.

Tracert times out when I trace while the router is in the funky state:

C:\Windows\System32>tracert 8.8.8.8
Tracing route to 8.8.8.8.in-addr.arpa [8.8.8.8] over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 1.2.168.192.in-addr.arpa [192.168.2.1]
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * 1.2.168.192.in-addr.arpa [192.168.2.1] reports: Destination net unreachable.
Trace complete.

Yeah, looks like a factory reset is the only thing left to do at this point. Thanks again for your time and ideas on what to try, I appreciate it!

 

[dave14305]

Why do you need to clone a MAC address on the WAN page?

 

[ColinTaylor]

I didn't notice in your original trace that google.com was returning 10.0.0.1 so yeah something going on with DNS.

That's normal. It's the router's "WAN down browser redirect". When there's no WAN the router redirects all DNS queries to the "WAN down" error page.

 

[drinkingbird]

That's normal. It's the router's "WAN down browser redirect". When there's no WAN the router redirects all DNS queries to the "WAN down" error page.

Hm, his LAN IP is 192.168.2.1, I would think it would redirect to that? I don't see any loopback or other interface in my router for 10.0.0.1 (my LAN IP is 10.0.0.1 so it would conflict).

 

[drinkingbird]

Tracert times out when I trace while the router is in the funky state:

C:\Windows\System32>tracert 8.8.8.8
Tracing route to 8.8.8.8.in-addr.arpa [8.8.8.8] over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 1.2.168.192.in-addr.arpa [192.168.2.1]
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * 1.2.168.192.in-addr.arpa [192.168.2.1] reports: Destination net unreachable.
Trace complete.

Yeah, looks like a factory reset is the only thing left to do at this point. Thanks again for your time and ideas on what to try, I appreciate it!

As Dave said, why are you setting a MAC on the WAN - are you sure it isn't conflicting with something? If what Colin says is right, your router thinks the WAN is down, thus it isn't going to forward any traffic, just blackhole it. If you disable the browser redirect on WAN down it might work but still not figuring out what the actual problem is. Is your WAN detection set to DNS or ping or something? If so that could be causing it, it is failing before it fully boots up or something.

 

[LabQa]

As Dave said, why are you setting a MAC on the WAN - are you sure it isn't conflicting with something? If what Colin says is right, your router thinks the WAN is down, thus it isn't going to forward any traffic, just blackhole it. If you disable the browser redirect on WAN down it might work but still not figuring out what the actual problem is. Is your WAN detection set to DNS or ping or something? If so that could be causing it, it is failing before it fully boots up or something.

OH, I hadn't even paid attention to the MAC Address entry, I originally set this router up years ago and haven't made changes to WAN settings since. I don't know what this mac address is, it is not the modem or router and does not show up on "arp -a" list of any computers behind the router, don't remember at all when/why/if I made that entry or if it self populated when I first set up the router.

But I just removed it and lost web access right away and tracert then only returned this:

Tracing route to www.google.com [10.0.0.1] over a maximum of 30 hops:
1 * * * Request timed out.
2 * * * Request timed out.
...

Perhaps that is an address that Xfinity support made me add when I set up the current modem over phone, was a requirement? Don't remember at all ...

 

[drinkingbird]

OH, I hadn't even paid attention to the MAC Address entry, I originally set this router up years ago and haven't made changes to WAN settings since. I don't know what this mac address is, it is not the modem or router and does not show up on "arp -a" list of any computers behind the router, don't remember at all when/why/if I made that entry or if it self populated when I first set up the router.

But I just removed it and lost web access right away and tracert then only returned this:

Tracing route to www.google.com [10.0.0.1] over a maximum of 30 hops:
1 * * * Request timed out.
2 * * * Request timed out.
...

Perhaps that is an address that Xfinity support made me add when I set up the current modem over phone, was a requirement? Don't remember at all ...

That's expected, when your MAC changes you must reboot your modem. Xfinity hasn't required cloning MAC since they were AT&T decades ago. Not needed. The only reason you'd use that feature is if you want to force a new WAN IP (you get a DHCP IP that is blacklisted and need it to change, etc) then you just clone the MAC of anything on your LAN to the WAN. But if you don't have a reason for it, leave it blank.

But any time you change the device connected to the modem (including changing the MAC of the device connected, since from the modem's perspective, that is the same thing) you have to reboot the modem.

 

[bennor]

I have Xfinity Internet and use a Cisco modem

Doesn't appear anyone has asked but what is the model number of the Cisco modem? Is it an actual modem or is it a wifi router/modem/gateway? If you have a Cisco router/modem combo or gateway you will typically need to put it into bridge mode if you plan on using your own router behind it.

https://www.xfinity.com/support/articles/wireless-gateway-enable-disable-bridge-mode

The firmware you appear to be using is 3.0.0.4.376_3221 which is likely the stock (very, very old) firmware that came with that T-Mobile Asus router. Don't remember off hand if one can update the T-Mobile Asus router to later firmware without having to modify the router's code which generally cannot be discussed on this site.

Been years since dealing with Comcast (Xfinity) but if I remember right it used to be you had to "clone" the MAC address of the computer that was initially used by the tech installer/self install when setting up the service. It used to be the cable company linked the MAC address to the account. One may have to call Xfinity support and see if they can release the MAC address, if tied to the account, so you can use a different one if the clone MAC address option in the Asus firmware doesn't work.

 

[ColinTaylor]

Hm, his LAN IP is 192.168.2.1, I would think it would redirect to that? I don't see any loopback or other interface in my router for 10.0.0.1 (my LAN IP is 10.0.0.1 so it would conflict).

To be precise, it redirects DNS queries to a fake DNS server on port 18017 which returns 10.0.0.1 for everything. It also redirects plain HTTP to port 18018 which returns a "The network cable is unplugged." web page (this doesn't work well on modern browsers).

-A PREROUTING ! -d 192.168.1.0/24 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:18017
-A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.1.1:18018

# netstat -nlp | grep -E ":18017|:18018"
tcp        0      0 0.0.0.0:18017           0.0.0.0:*               LISTEN      1180/wanduck
udp        0   3072 0.0.0.0:18018           0.0.0.0:*                           1180/wanduck

C:\Users\Colin>nslookup blahblahblah
Server:  UnKnown
Address:  192.168.1.1


Non-authoritative answer:
Name:    blahblahblah.home.lan
Address:  10.0.0.1

 

[drinkingbird]

To be precise, it redirects DNS queries to a fake DNS server on port 18017 which returns 10.0.0.1 for everything. It also redirects plain HTTP to port 18018 which returns a "The network cable is unplugged." web page (this doesn't work well on modern browsers).

-A PREROUTING ! -d 192.168.1.0/24 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:18017
-A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.1.1:18018

# netstat -nlp | grep -E ":18017|:18018"
tcp        0      0 0.0.0.0:18017           0.0.0.0:*               LISTEN      1180/wanduck
udp        0   3072 0.0.0.0:18018           0.0.0.0:*                           1180/wanduck

C:\Users\Colin>nslookup blahblahblah
Server:  UnKnown
Address:  192.168.1.1


Non-authoritative answer:
Name:    blahblahblah.home.lan
Address:  10.0.0.1

Interesting. I guess in my case it would make perfect sense that it was returning the LAN IP when in reality it is just coincidence. And the redirect probably won't work since my traffic never leaves the LAN to flow through the iptables. Can't remember if I've ever tested it. Not that I really need the router to tell me the internet is down.

 

[drinkingbird]

Doesn't appear anyone has asked but what is the model number of the Cisco modem? Is it an actual modem or is it a wifi router/modem/gateway? If you have a Cisco router/modem combo or gateway you will typically need to put it into bridge mode if you plan on using your own router behind it.

Why? You can daisy chain routers without issue. Bridging it is a bit better but not required.

Been years since dealing with Comcast (Xfinity) but if I remember right it used to be you had to "clone" the MAC address of the computer that was initially used by the tech installer/self install when setting up the service. It used to be the cable company linked the MAC address to the account. One may have to call Xfinity support and see if they can release the MAC address, if tied to the account, so you can use a different one if the clone MAC address option in the Asus firmware doesn't work.

No they haven't done that in 20+ years. Just reboot the modem and it updates your MAC. ISPs gave up on trying to charge you for extra devices a long long time ago.