Device stuck on wrong IP

[rickard]

Hello!

I have just bought and configured mu Asus RT-AX86U, and I am generally happy with it!

But, there's this one thing... I want one of my devices on a guestnet for IoT devices, which should be isolated from my core network (intranet). My core network uses the "192.168.1.*" addresses, while the guest network use "192.168.101.*"

Somewhere along the lines I made the mistake to assign this deivce a manual DHCP address in the same range as the core network. This is removed since long, but it seems to still hang around as a ghost?

The troublesome device always getting it's DHCP address as "*.1.92", which is within the core network, and it's assigned the same gateway and DNS servers as the core network. If I try to ping from the core network the device is not reached, but the device manages to get online, which should be impossible should it use the given DNS servers in the core network?

I have tried to assign an IP in the guest network range (that was not allowed), I have tried to set a static IP on the device and then switch back to DHCP (no change), I have tried to reset all DHCP leases on the router via SSH (no change), and quite a few smaller changes that didn't do anything....

Don't really know what to do next...?

Any thoughts on further tests or tricks from the experts?

Rickard

 

[ColinTaylor]

The 192.168.101.* addresses are only applicable to devices connecting to the 1st guest network on the 2.4GHz band. Is that what your IoT device is connecting to?

 

[rickard]

Well, yes and no.

I have enabled the first column (both 2.4 and 5 GHz), which should be the first guest network, but that guest network get the 102-range. The next column is my IoT network (only 2.4 GHz), and that is given the 101-range by the router. Maybe I activated the second column before I enabled the first?

 

[ColinTaylor]

The first guest SSID on 2.4GHz is 192.168.101.*, the first guest SSID on 5GHz is 192.168.102.*. The second and third guest SSIDs on either band get the normal 192.168.1.x addresses. Check that the device is connecting to the correct band.

 

[rickard]

This is an illustration of my guest networks:

** Tried to make it clear with both tabs and spaces, but those were removed, sorry... **

2,4 GHz
Network Name (SSID) ** GuestNet ** IoT ** Not enabled
Authentication Method ** WPA2/WPA3-Personal ** WPA2
Access Intranet ** Disable ** Disable
<my note>IP range ** 102 ** 101

5 GHz
Network Name (SSID) ** GuestNet ** Not enabled ** Not enabled
Authentication Method ** WPA2/WPA3-Personal
Access Intranet ** Disable
<my note>IP range ** 102

 

[rickard]

Hmm... strange things going on here, but you may be onto something.
If I connect my workstation to the guestnet, it gets a 102 address and DNS set to .1, just as expected.
If I connect the workstation to the IoT network, I get a 1.* address, just like you said, and DNS set to 1.200 (which is my local DNS in the core network), so a mix of behaviour????

 

[ColinTaylor]

Hmm... strange things going on here, but you may be onto something.

If I connect my workstation to the guestnet, it gets a 102 address and DNS set to .1, just as expected.
If I connect the workstation to the IoT network, I get a 1.* address, just like you said, and DNS set to 1.200 (which is my local DNS in the core network), so a mix of behaviour????

That sounds about right.

 

[rickard]

Ok, that's good, I guess!

I can buy that the IoT network also get a "1.*" address, now that I see that this is how it works, but should not the DNS be set to the router, rather than the local core DNS, just like the other guest network is behaving (DNS is set to 101.1)?

 

[ColinTaylor]

You'd have to ask Asus what their thinking was. I can imagine that for the 101 and 102 networks they were forced to create DNS servers at 101.1 and 102.1 just because of the way it works. For the old-style guest networks on 1.x it makes some sense (especially for intranet access enabled) to use your LAN DNS server even if that isn't the router.

 

[rickard]

You're probably right about that theory!

I guess that my setup is actually working as intended, even though at first it did not seem so.

Thank you for all your help, Colin! I have seen in the other threads that you are a big help around here.

Rickard

 

[nikr]

It seems there is a bug in which Guest network 2 isn't isolated from the main network. That could be the reason your IOT network is getting DNS from the main network and still working.

 

[rickard]

Well, the guest network seems to be isolated, the primary DNS set in router for "normal" network is not reached if I try to ping it, but it's still given as the guest network's primary DNS, which it obviously shouldn't. I guess Asus didn't take into account that a DNS could be located in the local network?