What's new

Need help with router RT-AC3200 causing DNS issues to windows 10.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Pierre Nakashian

Regular Contributor
this issue is over my head, i've partially identified the problem coming from the Main RT-AC3200 router.
The main router RT-AC3200 is behind ATT gigabit router, setup as DMZ Plus mode. i have a second router tmobile variant rt-ac68u wired to the 1st setup as Access point, there is a 16 port trendnet switch in between no special features. The second router is seeing 2 gateway ip with 2 different mac addresses. Mac address ending with D7:20 is the correct one see screen capture below.

this is what the client view lists looks like from the tmobile RT-AC68u, both are on wired interface
upload_2019-1-14_10-46-14.png


I don't know where the 2nd mac is coming from, nor have I been successful at blocking it. Windows 10 WIFI connection results with DNS issues, it obtains the mac address ending with E5:F6 which is not correct, i can see this with arp -a at command prompt. google chrome results with DNS_PROBE_FINISHED_NO_INTERNET, until I clear the arp arp -d 192.168.0.1 then statically set arp -s 10:7b:44:c2:d7:20, until next windows reboot or next wifi disconnect and reconnect.
I tried turning off the rt-ac68u and tried to connect to the RT-AC3200 still got the bad mac address.
I tried removing all wiring except ATT gigabit router from the RT-AC3200, still no luck, I may have forgotten to reboot the main router.

i have another ASUS RT-AC68u that shows 2 clients on one row with client ip 192.168.0.1 and correct mac address 10:7b:44:c2:d7:20, i have seen this router also come up with 2 mac addresses on 192.168.0.1, then the client list quickly clears and shows only 1 at the end. This router also is wired as Access point to the same switch the 1st RT-AC68U is connected, and the switch also connected to all the remaining network jacks in the house, the 16 port trendnet switch eventually connects to the RT-AC3200.

I don't know if the switch in between the RT-AC3200 and RT-AC68u would cause issues.

I don't own a TP-link device, haven't been able to block the mac address E8:DE:27:C6:E5:F6 yet. any help or explanation of 2 clients sharing same ip would be appreciated.

Thanks
 
Your issue seems to be the result of having multiple DHCP servers on your network.

To help you resolve your problem it would be useful to have a diagram of how you are set up now and what you are trying to accomplish. Including why you have added a switch to your setup.

A solution which should work is if you need to put your AT&T back in the router mode and turn off the WiFi if you don't need it. Do not put your AC3200 in the DMZ as it isn't necessary.

Run a cable from a LAN port on the AT&T to the WAN port on the AC3200. The 3200 must be set to get its WAN IP from the AT&T. You then must select another subnet for the AC3200's LAN which is not being used by the AT&T. So if the AT&T is 192.168.1.0/24 then use something like192.168.50.0/24 for the AC3200. This is a double NAT setup and it isn't an issue for most people

Then if you need the switch for more Ethernet ports plug it into a LAN port on the AC3200. Be sure that if it is a smart or semi managed switch it hasn't been given a static IP using the switch's firmware and it isn't running a DHCP server. This is unlikely but check anyway

The AC68 can be plugged into a LAN port on either the AC3200 or the switch.

Once you get this working you can look into eliminating the AT&T gear if it is just a router and if it is a combo modem/router disabling all the router functions.
 
the 2 RT-AC68U are in Access Point Mode, the DHCP Server Tab is hidden, so DHCP Server should be disabled.
I have SSH, SSLH, Stunnel and OpenVPN server running on the RT-AC3200, so I am a little hesitant to have my
setup NAT behind NAT. When I get home I'll try to shutdown everything and just run ATT router, RT-AC3200 and my windows pc
see if the PC gets the wrong mac address again. Then I'll try to experiment mutliple routers without the TrendNet switch being in between.

I may have to byte the bullet and reset the RT-AC3200 to factory settings see if that clears up 2 macs to the same .0.1
since it is the only DHCP server for 192.168.0.0/24 subnet where the ATT router has dhcp server setup for 172.16.0.0/16 subnet.
I already have a cable run from the AT&T LAN port to the AC3200 WAN port. this is the test I'll run wih AC3200 1st completely poweroffs
and all other RT-AC68U powered off.

The ASUS was changed from 192.168.1.0/24 subnet due to incompatibility with one of my lan devices.
.
 
If you need to use the AC3200 as a VPN server then a double NAT won't work for you.

You need to provide a network diagram an a complete statement of what you are trying to accomplish so people can offer suggestions on how to accomlish what you want.
 
Thanks for the diagram.

Just to clarify are the WAN connections shown as inputs into the AC68s actually LAN inputs/ports. When you configured the both of the AC68s as APs did you convert the WAN/Internet port to a LAN Port? It has been a couple of years since I set up an AP on an AC68 at it was a T-Mobil unit so I don't remember if this was automatic or you had to select the option to make the WAN port into a LAN port.
 
I don't recall getting prompted to convert WAN to LAN, but I do recall from reading somewhere here that it is. For easy identification purposes only I use the WAN port to know which wire is going to the wall.

I ended up resetting the RT-AC3200, and purposely changed the subnet back to 192.168.1.0/24, since the leaked traffic with ip 192.168.0.1 is from a different subnet it shouldn't be routed to my new network. So far I don't see the gateway ip used by 2 mac addresses, wifi is connecting normally. I do see my Lorex NVR device with 2 clients connections. this device is connected directly to the RT-AC3200 port. I suspect this was the device that must have had 192.168.0.1 internally. I notice now it is using 2 ip addresses, one from my manual DHCP list, and a second one outside my control. arp -a shows both .107 and .51 have the same mac address. Hopefully this device won't leak the 2nd client as 192.168.1.1 in the future, i have not much control on this.
upload_2019-1-16_20-8-58.png


only answer I need is during the client DHCP request stage to my router, is tcpdump best utility i can use to monitor the udp traffic, so I can figure out a way of blocking one of these 2 clients using mac address ebtable rule.

Thanks
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top