Asus routers giving out public (WAN-side) IP addresses

[RadicalDad]

[Mods, please note: This post is very similar to this other thread that was started yesterday. I wasn't sure whether to start another thread or post in that one. Feel free to combine them if you think they are similar enough.]

I have three brand new Asus routers all with the identical problem - two ROG Rapture GT-AX6000 routers and an RT-AX3000 router. All three configure OK to start (well, almost OK, see below), but after a short period, a few hours to a few days, the router's DHCP starts giving out public side 10.0.0.x IP addresses, but only to clients attached by Ethernet. The Wi-Fi clients are all assigned proper 192.168.50.x addresses. Additionally, once this happens, I can no longer get into the router interface at 192.168.50.1.. Right now the Comcast/Xfi Arris XB7 modem/router combo reports the Asus RT-AX3000 router is at 10.0.0.109 but I can't reach it at that address either.

Additionally, the Comcast iOS app for the modem/router combo has a complete list of all 60 Internet connected devices in my home with product descriptions - Amazon Echo Dots, light switches, security cameras, the NAS, my business VoIP phone - everything. None of these have ever been connected directly to the Comcast modem. They have always been connected via one of the Asus routers. Shouldn't that information be filtered out by the Asus firewall? How is the Comcast modem getting this information? (Yes, the Asus routers have been properly connected via the WAN ports to the Comcast modem.)

Also of note: When I initially configured both of the GT-AX6000 routers, I successfully completed updating the firmware and doing almost all of the configuration I wanted only to have both of them spontaneously reboot themselves and go back to factory default, requiring a full configuration process yet again. This is my first experience with Asus routers, and it is likely to be my last. I've never encountered so many bugs in a router. Is there any chance that the Merlin firmware fixes any of this?

 

[Crimliar]

You probably need to scribble down a diagram of how you have the routers (including the ComCast device) physically connected together, and what mode(s) they are all (inc CC is it in bridged mode) in (Router, Access point, bridge etc).

 

[bbunge]

As several of us told you yesterday you need to factory reset the router and start over. A minimal config should take 15 to 20 minutes. Then reset the nodes and add them back in.

 

[glens]

I have three brand new Asus routers all with the identical problem

Las Vegas odds of all three arriving at your doorstep being faulty are through the roof. In as non-offensive way as can be said it sounds like a user fault instead.

I'd guess you've got the ISP's equipment hooked up to more than only the WAN port of the (only!) one unit you intend to use as THE router for your internal network.

Agreed that a diagram (either in "paint" or in more explicit words) is needed.

 

[Tech9]

As several of us told you yesterday

It was a different forum member yesterday. Seems like newer routers with configurable WAN/LAN ports are confusing for some users.

 

[bbunge]

It was a different forum member yesterday. Seems like newer routers with configurable WAN/LAN ports are confusing for some users.

Right. My morning sleepiness. Guess I should not post until after 1000 and the second cup of coffee.

Guess it is a case, too, of not reading the instructions and assuming it is being configured correctly. These new routers pretty much set themselves up well enough for 99% of users. It is the ones who want speed/high bandwidth that really bork things up.

 

[Tech9]

I found using the 2.5GbE port for WAN for no reason may create issues in specific configurations. It goes through an additional controller chip instead of straight to the built-in SoC interface for WAN. Not sure how different firmware versions behave. My RT-AX86U (it also has additional 2.5GbE controller) is waiting patiently for new firmware release with fixed Network Services Filter. No firmware updates for this one for quite some time.

 

[RadicalDad]

OK folks. I know what I'm doing. I've done this for years and in my early career, I was in IT. And I do mean EARLY years - anybody here old enough to remember LANtastic? I set up a LANtastic system for a small call center client about - what - 40 years ago? So knock it off with the "he doesn't know which plug goes where" stuff. Really, that's beneath you.

The other reason that's beneath you is that the RT-AX3000 has only one WAN port, yet I'm getting the same issues with that router. Had I inadvertently plugged the Ethernet cable from the Xfi modem into a LAN port on any of the three routers, initial firmware update, configuration, and operation would have been impossible.

As for topology, the Xfi router/modem is stock as I got it from the Xfinity store a few days ago. That is to say, it is NOT in bridge mode. Both the modem and router are operational. The only thing I did was turn off the Wi-Fi on the Xfi, but that was after the first router failed. There are four Ethernet ports on the Xfi. Only ONE of them is in use. ONE Ethernet cable runs between the Xfi and the WAN port of whatever Asus router is failing at the moment. Enough with the plug stuff, OK?

The only other topology issue that might be a factor is that I'm using AiMesh with a wired backhaul. At the node location I'm using all Ethernet ports, including a 5-port switch, for items that must be wired such as VoIP phones. When the GT-AX6000 was the main router, I was using the RT-AX3000 as the node. After two failed GT-AX6000 routers, I pushed the RT-AX3000 into service as the main router and used an RT-AX1800S as the node. Before you ask, all of the Asus equipment is brand new, replacing an older LInksys router and wired backhaul repeater in roughly the same configuration, and yes, all of the Asus routers were factory reset before attempting new configurations.

The suggestion that I (or anybody) should factory reset the router and configure again when failure happens every few hours to every few days is ridiculous. Read the initial post carefully, please. FWIW, the spontaneous reset-to-factory incidents I experienced on both of the GT-AX6000 routers happened within about 15 seconds of completing the AiMesh configuration, which I did last to ensure that a complete configuration was sent to the node and no leftovers from an incomplete configuration process were accidentally left in the node due to poor firmware coding. (Aww, that could never happen, right? I never saw anything like that in my career.) On each GT-AX6000 the spontaneous reset only happened once, then never again, leading me to believe that that a factory reset leaves some data behind such that this error doesn't happen after the initial one.

Finally, the "Las Vegas odds" of all of this hardware being faulty is indeed very low. Now let's factor in the thread I cited in my original post and at least one other thread I found here on SNB where similar problems are occurring, and hardware seems to be an unlikely culprit. I've read in several places that one of the coding intents with AsusWRT is to keep the firmware as similar as possible across all hardware versions. That being said, this problem smells a lot like firmware to me.

So here's the question and the help I'm seeking. Is anyone using a similar topology where this is working? Does everyone set their modem/router combo into bridge mode thereby possibly avoiding this firmware bug? Has the Merlin firmware perhaps fixed this issue? And what's wrong with AsusWRT security that all of my LAN details have leaked out to the WAN side and are visible in the Xfi app? (See original post for details.)

 

[Tech9]

OK folks. I know what I'm doing.

Let us know what the issues is then. Not normal behavior definitely.

 

[RadicalDad]

Was I not clear in the last paragraph? (I know, it was a long read.) I'd like to use Asus hardware as nothing else comes close to what I need. However, I need a way around these firmware bugs.

(I'm sure there is other good stuff out there, but seemingly nobody else has multiple LAN ports and wired backhauls unless you go to very expensive gear meant for commercial environments.)

 

[Tech9]

Not clear what is happening. This is a second thread in 2 days about the same issues. Can be some exploit we don't know about yet. If you know what you are doing and have experience - investigate please and post your findings. This is how you can help others. This is not a firmware bug, something else.

 

[Crimliar]

So treat us as idiots and give us a diagram showing how each piece of equipment is connected to each other piece. Tell us what is set-up as a Router, Access Point, Media Bridge, how DHCP is set up and where. I'm assuming you have a double-NAT set-up.
*I have seen something similar when adding a mostly nerfed BT Smart Hub 2 as a switch, which would over the period of a few days bring the home network to a grinding halt

 

[bennor]

A question that I'm not sure has been asked. Were the routers purchased used or refurbished? Or are they brand new from a reputable seller or reputable store?

Because of the lengthy posts it isn't clear (unless I missed it), does this leakage/WAN side IP address being assigned to LAN clients happen right after doing a hard reset on the routers before you start configuring it? In particular does this happen without or before setting up AiMesh (which was mentioned as being used)?

Also while you say you've updated the firmware, what firmware version did you update to?

Your issue and the one mentioned in the other thread seem to be rarities. Could it be a firmware bug? Possible. Could it be due to some other cause? Also a possibility.

 

[Tech9]

I'm pretty sure the effects above are achievable with Ethernet link between the two networks on the LAN side - 10.0.0.x and 192.168.50.x.

 

[Kingp1n]

Before you ask, all of the Asus equipment is brand new, replacing an older LInksys router and wired backhaul repeater in roughly the same configuration, and yes, all of the Asus routers were factory reset before attempting new configurations.

Did you have the same issues with your older Lynksys router? You can try using asus-wrt-merlin firmware (make sure you factory reset router after installation) and let us know if the issues continue. Best of luck!

 

[domic]

I'm the guy from the other thread.
I solved my problem last night by running a simple DHCP server (there are several free open source ones found online) from a Windows box, with the network cable connected to my selected/active WAN port, not LAN. Basically pretending to be an ISP and log in to my router from the "outside".

 

[Tech9]

I need like 10 more years in IT to understand the problem and the solution discussed here. Sorry.

 

[RadicalDad]

I'm the guy from the other thread.
I solved my problem last night by running a simple DHCP server (there are several free open source ones found online) from a Windows box, with the network cable connected to my selected/active WAN port, not LAN. Basically pretending to be an ISP and log in to my router from the "outside".

Thanks for the update. Helpful.

 

[RadicalDad]

Did you have the same issues with your older Lynksys router? You can try using asus-wrt-merlin firmware (make sure you factory reset router after installation) and let us know if the issues continue. Best of luck!

Didn't have those issues at all with the old Linksys router. Indeed, I've never seen anything like this. It's almost like the Asus router is in bridge mode for the wired clients and not in bridge mode for the wireless clients. That shouldn't be a thing. Plus, being new to Asus, I don't even know if their routers can be put into bridge mode.

 

[RadicalDad]

A question that I'm not sure has been asked. Were the routers purchased used or refurbished? Or are they brand new from a reputable seller or reputable store?

Because of the lengthy posts it isn't clear (unless I missed it), does this leakage/WAN side IP address being assigned to LAN clients happen right after doing a hard reset on the routers before you start configuring it? In particular does this happen without or before setting up AiMesh (which was mentioned as being used)?

Also while you say you've updated the firmware, what firmware version did you update to?

Your issue and the one mentioned in the other thread seem to be rarities. Could it be a firmware bug? Possible. Could it be due to some other cause? Also a possibility.

Routers were brand new from Amazon. The way they were packaged leads be to believe they were neither returns nor refurbs. Brand new product all around.

The weirdness with the IP addresses doesn't happen immediately. I get through configuration, including connection to the AiMesh node and all is normal for several hours or days. I've never been at my computer watching things when it goes wonky. They way I can tell is that suddenly wired clients can't communicate with wireless clients as normal. Checking IP addresses on wired and wireless clients shows the discrepancy as described. Once that happens, I can't get into the router's web interface anymore, so it is impossible to say what is going on inside the router.

I've just set my Comcast Xfi box to bridge mode. That shouldn't make a difference. AFIK, DHCP is DHCP whether it is a 10.0.0.x non-routable address coming from the router side of the Xfi box or a 71.x.x.x address coming straight from Comcast. Why would the Asus router care about the difference? Then again, if the Asus tries to hand out 71.x.x.x addresses, it won't be able to. Anyway, I'm about to factory reset one of the GT-AX6000 routers and then set it up on the bridged Xfi box. Once I do that, I'll report back about the firmware version.

I know. Doing the same thing over and over again is the definition of insanity. OTOH, I'm looking at the Netgear mesh router that has bad reviews and really not enough LAN ports I just picked up at Best Buy and I just can't bring myself to configure it. Sigh. Back online soon. Wish me luck!