AX86U Pro clients losing internet until factory reset

[tul918]

Running 3006.102.4
This has happened in the past when the router has been rebooted. The router has internet, I can ping externally and run speed tests from the router. However, the clients cannot get to the internet. Ultimately I have to do a factory reset and reconfigure the router. I've seen several posts about disabling "Enable WAN down browser redirect notice" which is what I thought this was doing, but it has been disabled, yet continues to happen. I've tried everything I can think of to get the internet back on the clients when this happens, but a reset is the only thing that works which has become a real PITA. Even restoring a config from a backup results in the same no client internet issue.
Any ideas or suggestions much appreciated.

 

[Tech9]

What else is installed on this router? Sounds like DNS issue for the clients.

 

[tul918]

What else is installed on this router? Sounds like DNS issue for the clients.

Yes, definitely DNS related. The first time it happened it looked like it was trying to redirect traffic due to the WAN being down. I just can't DNS resolution back on the clients after the router thinks the WAN is down. I've tried static DNS on the clients with no joy. The router itself will resolve DNS, but not the clients.
Nothing outside the ordinary running on the router; DHCP, no mesh, no parental controls, AI is turned on, IPV6 is turned off.
I am using 3 other AX86U Pro's in AP mode for the clients.

 

[bennor]

Any ideas or suggestions much appreciated.

What is the RT-AX86U Pro connected to upstream?
What your your WAN and LAN DNS settings? THis includes the settings for DNS Director if using one.
Do you have VPN enabled?
Do you have Pi-Hole or similar setup on the local network?
As a troubleshooting step, perform a hard factory reset on the main router with all other devices, except one wired computer, disconnected from the main router. After the hard factory reset do a manual configuration, do not import a saved router.cfg. Then test if you have internet access. If you do then add back the AiMesh nodes or AP nodes one at a time along with all the LAN clients testing along the way to ensure you still have internet access.

 

[bbunge]

Running 3006.102.4
This has happened in the past when the router has been rebooted. The router has internet, I can ping externally and run speed tests from the router. However, the clients cannot get to the internet. Ultimately I have to do a factory reset and reconfigure the router. I've seen several posts about disabling "Enable WAN down browser redirect notice" which is what I thought this was doing, but it has been disabled, yet continues to happen. I've tried everything I can think of to get the internet back on the clients when this happens, but a reset is the only thing that works which has become a real PITA. Even restoring a config from a backup results in the same no client internet issue.
Any ideas or suggestions much appreciated.

Try the Asus firmware. It works well for me.

 

[tul918]

What is the RT-AX86U Pro connected to upstream?
What your your WAN and LAN DNS settings? THis includes the settings for DNS Director if using one.
Do you have VPN enabled?
Do you have Pi-Hole or similar setup on the local network?
As a troubleshooting step, perform a hard factory reset on the main router with all other devices, except one wired computer, disconnected from the main router. After the hard factory reset do a manual configuration, do not import a saved router.cfg. Then test if you have internet access. If you do then add back the AiMesh nodes or AP nodes one at a time along with all the LAN clients testing along the way to ensure you still have internet access.

Fiber comes into the house via ethernet. No router or modem upstream.
No DNS director. WAN DNS set manually on the router to 1.1.1.1 and 8.8.8.8
VPN not enabled.
No Pi Hole.
I can initiate the issue by unplugging the wan port or rebooting the router. When the router thinks the WAN is down the clients go offline and don't come back until I reset the router.

 

[Tech9]

When the router thinks the WAN is down

What syslog messages you see when the router thinks the WAN is down?

 

[sfx2000]

What else is installed on this router? Sounds like DNS issue for the clients.

Thinking same thing - any third party scripts running?

 

[tul918]

What syslog messages you see when the router thinks the WAN is down?

The first time this happened I could see a DNS redirect happening. I turned off the wan down redirect then, but I suspect that is still what's happening even though it's turned off. It may be a while before I can start testing again. We lose internet until I can get the router set back up again.
No 3rd party scripts, I just got these a few weeks ago and they are pretty vanilla right now. Thanks guys.

 

[bennor]

WAN DNS set manually on the router to 1.1.1.1 and 8.8.8.8

Have you configured the LAN > DHCP Server > DNS fields with any DNS values? If not, as a troubleshooting test you may want to input some public DNS servers into the LAN DHCP DNS fields, then reboot the network clients and see if the issue persists.

I can initiate the issue by unplugging the wan port or rebooting the router. When the router thinks the WAN is down the clients go offline and don't come back until I reset the router.

To confirm, you have the fiber Ethernet line coming into the house connected to the RT-AX86U Pro's (blue) 1GB WAN port?
If using the (blue) 1GB WAN port for Internet, check that Dual WAN is disabled in the GUI and the Dual WAN's Primary WAN is set to 1G WAN.

When you initially configured the router(s), what setting changes did you alter from their default settings?
Were these routers bought new or used?
As a last resort troubleshooting step, perform a hard factory reset followed by a manual configuration (do not import a saved router.cfg file). Leave the router at default settings after reset and test to see if the issue persists.

 

[bbunge]

No DNS director. WAN DNS set manually on the router to 1.1.1.1 and 8.8.8.8

Not a good idea to use upstream revolvers, DNS, from different providers. Cloudflare has had some outages recently but that is likely not your problem.
By any chance is your ISP Brightspeed or Centurylink?

 

[Tech9]

The first time this happened I could see a DNS redirect happening.

Check in System Log for messages about the reason why WAN connection is down. It may say simply "WAN down", but it may say "Your ISP DHCP doesn't work properly", etc. You have to find some pointers what to look for. Load stock Asuswrt and see if the behaviour is the same. You don't use any of the extra features in Asuswrt-Merlin anyway. The need to reset the router to get back online sound like the same configuration mistake is done every time after reset. Do you touch anything in Dual WAN menu?

 

[ApexRon]

Fiber comes into the house via ethernet. No router or modem upstream.

There must be a fiber to Ethernet device provided by the fiber carrier.

A factory reset of the ASUS to resolve issue as a fluke, maybe, but as a continuing way to resolve issue doesn’t seem logical. Have you engaged your ISP?

Unless you are paying for a static IP address from ISP, the ISP assigns your ASUS’s IP address via DHCP. Something happens wherein the ISP re-assigns your ASUS a new IP address but the ASUS is not changing. Thus a factory reset will resolve.

 

[tul918]

Not a good idea to use upstream revolvers, DNS, from different providers. Cloudflare has had some outages recently but that is likely not your problem.
By any chance is your ISP Brightspeed or Centurylink?

I've changed back to using the ISP (Windstream) DNS servers. I really don't expect that to make a difference, but taking 3rd part DNS servers out of the equation.

There must be a fiber to Ethernet device provided by the fiber carrier.

A factory reset of the ASUS to resolve issue as a fluke, maybe, but as a continuing way to resolve issue doesn’t seem logical. Have you engaged your ISP?

Unless you are paying for a static IP address from ISP, the ISP assigns your ASUS’s IP address via DHCP. Something happens wherein the ISP re-assigns your ASUS a new IP address but the ASUS is not changing. Thus a factory reset will resolve.

Confident this is not an ISP issue. The reset is the quickest means to getting internet back. Like I've said, when the issue is happening the router can still ping and resolve DNS when testing from the router. It's the clients that can't get to the internet. I'm pretty sure this is going to have something to do with the router trying to redirect client DNS requests due to the brief interruption in the WAN link. I came here thinking others might have had this issue. There were quite a few posts with people having this problem, but turning off the "Enable WAN down browser redirect notice" fixed their issue, not the case with me.
Fiber comes into the house via a Cyberpower UPS FTTH.

 

[ApexRon]

I am using 3 other AX86U Pro's in AP mode for the clients.

Confirm this is your basic setup:

 

[tul918]

Confirm this is your basic setup:

There is a Cisco SG300 28 port POE+ switch between the router and the WAPS. Everything is wired, no mesh. Anything not on wifi is wired to a patch panel and goes through the SG300. I swapped out an OPNSense firewall for the AX86U Pro. Before that was a AC68U. I've never had this problem with any of the previous routers in the same config. Thanks

 

[ApexRon]

Individuals on this forum possess varying levels of networking expertise and are eager to provide assistance. However, it appears that your network situation is more intricate than can typically be resolved within a forum environment. Consequently, either on-site or remote access may be necessary to resolve, which is undesirable for all parties involved, particularly for you from a security perspective. Our responses should, minimally, lead to discover the root cause of issue.

For me an approach that I typically use first is to try to re-create the issue at will. Another approach is to minimize such that probably determination can become easier.

Based on my current understanding of your network, it’s too complex to attempt to minimize. So I recommend that you try to recreate but under your schedule. By being able to recreate you will be able to advise your clients of scheduled maintenance windows needed to identify and fix issue.

Okay, let me recap:

Somewhere in your premise you have an ONT provided by your ISP to do the fiber to Ethernet conversion. The Ethernet is connected directly to what I will call ASUS Prime. There are three additional ASUS routers that are connected to ASUS Prime via Ethernet connections. I will call them ASUS WAP1, ASUS WAP2, and ASUS WAP3. Clients are connected to the ASUS WAPx routers.

When there is an ISP outage, it is detected by ASUS Prime and the clients experience an outage. When the ISP comes back online, only ASUS Prime can access the internet. None of the ASUS WAP routers can ping an internet resource.

Bottom line is that when there is an ISP outage the clients have no access to the internet. There is no backdoor to the internet.

Historically, I have been successful in cascading NAT. Can I assume that is what you are doing here? An example: ASUS PRIME LAN would be 192.168.0.1 . ASUS WAP1 LAN would be 192.168.1.1, ASUS WAP2 LAN would be 192.168.2.1, and ASUS WAP3 LAN would be 192.168.3.1 . The WAN side of all ASUS WAPx routers would point to 192.168.0.1 .

Is this how your’s is setup?

 

[Tech9]

Is this how your’s is setup?

Highly unlikely. Routers in AP Mode have no WAN or NAT. They are all on the same subnet.

What seems strange to me is swapping OPNsense appliance with home router, but everyone is free to make own choices.

 

[ApexRon]

Highly unlikely. Routers in AP Mode have no WAN or NAT. They are all on the same subnet.

What seems strange to me is swapping OPNsense appliance with home router, but everyone is free to make own choices.

Understood, but we still don’t have a good picture of the network even after having confirmed there’s four routers and a 28 port switch. As well as the fact that it worked with a AC86U?

 

[tul918]

Highly unlikely. Routers in AP Mode have no WAN or NAT. They are all on the same subnet.

What seems strange to me is swapping OPNsense appliance with home router, but everyone is free to make own choices.

Everything is on the same subnet. I had been experimenting with OPNSense and PFSense. I just don't have the time to devote to messing with either right now. I wanted to simplify back to a home router. Amazon had the Pro's for $100 so I went ahead and got 4 of them. I get enough time working things out in a lab at work. Really just want a simple setup at home so I don't have to come home and "work".
I've been a long time member here, my account was locked so I created a new account. I was really hoping for Merlin to comment on the Wan down redirect. I recall him being active on this forum back in the day. I saw quite a few posts saying it was a known bug that had yet to be fixed. Didn't think this would get down in the weeds like it has. I appreciate all the help, but like I've said before I'm feeling pretty strongly this is a DNS redirect issue. Each time the problem has happened the situation was such that getting the internet back was a priority so I didn't spend more than a few minutes troubleshooting. I'm going to have to spend some more time on my end to flesh this out. Thanks guys