What's new

rt-ac68u assigning static ip addresses but I want dynamic ip addresses

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Chris J Beausoleil

Occasional Visitor

Asus rt-ac68u is Assigning Static IP Addresses, I Did Not Configure This; How Do I Get Dynamic Addresses?​


I am using an asus rt-ac68u with asus-merlin firmware. The rt-ac68u is assigning static ip addresses to all devices that connect to it. I do not want this. I did not configure it to do this. I want all devices to be assigned dynamic ip addresses unless I myself specify a device to which I want a static ip address assigned.

On first use of the rt-ac68u (out of the clingwrapped box) I was getting dynamic ip assignment to all devices then something changed and the rt-ac68u began assigning all devices static ip addresses. This was the original reason I decided to try the asus-merlin firmware: I wanted to stop the router from assigning static ip addresses to every device and use dynamic ip assignment.

I have tried several versions of the firmware and currently I am using an older version. With each firmware install and reset static ip addresses were assigned to all devices, furthermore, the same ip addresses are always assigned to the same devices regardless the length of time the device remained disconnected or how many times I reinstall the firmware. For example. I don't connect device <00> for several months and in that period of time I install firmware and reset two or more times, each time changing the ssid name, then I reconnect device <00> and it is assigned the same address.

All my devices are configured to get ip addresses dynamically.

What is storing and holding persistently the ip address to device pairing? Does my rt-ac68u store this data somewhere? If so how is it kept persistent after a firmware install and reset? It is as if an ARP cache is being kept somewhere upstream from my router.

Reiterating, if I do a firmware install and a reset, and change ssid names, why are devices getting matched to the same ip addresses and if the data is being stored somewhere as it appears to be, then where is the persistant data being stored? How do I evaluate this, what tool(s) can I use to investigate?

I can't think of any configurations that would force static ip and I didn't configure manual assignment in Basic Config > Enable the DHCP Server > manual assignment. When I access the asus using the webui all settings are made for dynamic ip assignment.

Weird: Two Devices Connected to the Same Router Both With the Same IP Address​


Tonight, 05 July 2021, I noted the addresses for two of the devices I use: an old lumia and a t595 Samsung tablet. Then I manually assigned the ip address for the lumia to a third device (running debian) and I connected to the router via ethernet cable. With the debian device connected and using the ip address usually assigned to the lumia, I connected the Lumia (both are now using the same ip). The Lumia was assigned it's static ip address but was getting no internet connection. I shut off the wireless and turned it back on and the rt-ac68u assigned it an address incremented by one (the next number up). I expected the ac68u to assign the lumia with another ip automatically when I connected the first time but it didn't. I had to turn off wireless on the lumia and reconnect inorder to get another ip assigned.

I repeated the process with the Samsung t595 tablet: I assigned the t595 static ip to the debian device and then connected the t595. Unlike the Lumia, the t595 kept the same ip and it got internet connectivity. So debian and the samsung t595, both with the same ip address, are connected to the internet and getting connectivity.

But, the debian and t595 devices cannot use the internet at the same time, i.e I ping 8.8.8.8 on both devices, while ping runs a period of time on one it pauses on the other, then the devices switch, the device that was previously paused, now starts pinging and the other device previously pinging, now pauses. It is as if they are sharing the internet connection.

This seems very wrong to me.

I have tried several searches, for example, "asus-merlin default static dynamic address" but I haven't found anything related.

I don't know why static ip addresses are being forced or what is forcing this and two devices connected to the same router each having the same ip seems crazy.

Any ideas what is causing the static ip address assignment to every device connected? What trouble shooting steps or tools can be used to find the reason for the static ip address assignment; how do I correct this?

I am currently in Australia. My home has Fibre to the Premises (FttP), fibre all the way into the property ending outside our home at a piece of nbn(^tm) (National Broadband Network) equipment called a Network Termination Device (NTD). Inside the home is another piece of nbn(^tm) equipment the connection box and my rt-ac68u is connected to that.

Summary:
  • My rt-ac68u is assigning static ip addresses; I didn't configure this I want dynamic ip addresses by default.
  • The addresses are persistently assigned to all devices.
  • If I reinstall firmware and reset, or if I change the ssid name, the same devices get the same ip addresses even over long periods of time.
  • Two devices each with the same ip are able simultaneously connected to the router each alternating internet activity.
 
Your router is assigning addresses as it should. the DHCP will assign the same IP address to a client for a long time which is by design. The DHCP Lease Time setting does not mean the client will get a new IP address.
If you want to assign static IP addresses to clients it is a good idea to change the DHCP address pool. Do this in LAN/DHCP Server/IP Pool Starting address and IP Pool Ending address. This way there is no chance of an IP address conflict.
You can also manually assign IP addresses around the DHCP list.
 
How is it that when I install a new firmware and then reset the router all my devices are assigned the same ip addresses as were assigned to them prior to the firmware install and reset?
 
How is it that when I install a new firmware and then reset the router all my devices are assigned the same ip addresses as were assigned to them prior to the firmware install and reset?
The same DHCP logic is present in Asus and Merlin firmwares. Address assignment is small stuff. Advise from an old guy: Do not sweat the small stuff and enjoy the Merlin enhancements.
 
Your router is assigning addresses as it should. the DHCP will assign the same IP address to a client for a long time which is by design. The DHCP Lease Time setting does not mean the client will get a new IP address.
If you want to assign static IP addresses to clients it is a good idea to change the DHCP address pool. Do this in LAN/DHCP Server/IP Pool Starting address and IP Pool Ending address. This way there is no chance of an IP address conflict.
You can also manually assign IP addresses around the DHCP list.
hi bbunge,
What are your thoughts on the two different devices being assigned the same ip address? It also seemed weird how when pinging one devices remained paused while the other device pinged then they switched back and forth the two devices could not ping or use the internet at the same time they could only share.
 
you would need to reset not only router but turn off all deviced that are connected.
yes. I on a daily basis I disconnect every device and power off every device; everything is off and disconnected overnight.

Several devices I had disconnected for a month or more and in that time I reinstalled the firmware and I reset, and when I reconnected they got the same address as they had before.
 
How is it that when I install a new firmware and then reset the router all my devices are assigned the same ip addresses as were assigned to them prior to the firmware install and reset?

This behaviour is by design (dhcp-sequential-ip is not enabled on the router):

--dhcp-sequential-ip
Dnsmasq is designed to choose IP addresses for DHCP clients using a hash of the client's MAC address. This normally allows a client's address to remain stable long-term, even if the client sometimes allows its DHCP lease to expire. In this default mode IP addresses are distributed pseudo-randomly over the entire available address range. There are sometimes circumstances (typically server deployment) where it is more convenient to have IP addresses allocated sequentially, starting from the lowest available address, and setting this flag enables this mode. Note that in the sequential mode, clients which allow a lease to expire are much more likely to move IP address; for this reason it should not be generally used.​
See this post: http://www.snbforums.com/threads/question-re-ac68u-ip-generation-from-mac-address.73313/post-696903
 
Reading the man page for dnsmasq: "This normally allows a client's address to remain stable long-term". I was under the impression that static addresses are easier to exploit and that it is more difficult (or maybe just more annoying) for hostile agents to attack ip addresses that where changing. If my router is assigning ip addresses as it was designed to do and the result is my ip addresses that never change (I haven't seen them change in maybe close to a year), then what is the need for static ip addresses? It seems like my dhcp assigned addresses are acting just like static addresses.

I always dhcp assigned a different address ever time a device was disconected powered off and reconnected. This is how it used to be with my old routers.

Thank you all for your input and insight. I will check in later on. Have a good one.
 
Reading the man page for dnsmasq: "This normally allows a client's address to remain stable long-term". I was under the impression that static addresses are easier to exploit and that it is more difficult (or maybe just more annoying) for hostile agents to attack ip addresses that where changing. If my router is assigning ip addresses as it was designed to do and the result is my ip addresses that never change (I haven't seen them change in maybe close to a year), then what is the need for static ip addresses? It seems like my dhcp assigned addresses are acting just like static addresses.

I always dhcp assigned a different address ever time a device was disconected powered off and reconnected. This is how it used to be with my old routers.

Thank you all for your input and insight. I will check in later on. Have a good one.

You're mixing a few things up.

First, a client getting the same address repeatedly does not mean the address is static. Simply that either:
1. the client renews the address repeatedly, as designed
2. the client requests the address on renewal (i.e. after you update the firmware on the router), the router sees that it is in fact available in it's pool of addresses, and therefore assigns it to the client.

Second, there is no real additional security in frequently changing the client address scheme. If someone has penetrated your network they'll simply scan it for IPs on the network. Instead, you should securely setup you clients, but turning on firewalls at the client level where available, and disabling network services that are not needed (NetBIOS, FTP, etc etc). Which will _actually_ make a difference to how secure your network is.

Good luck.
 
I was under the impression that static addresses are easier to exploit and that it is more difficult (or maybe just more annoying) for hostile agents to attack ip addresses that where changing.
Not at all. It would only create a false sense of security for the user.

If my router is assigning ip addresses as it was designed to do and the result is my ip addresses that never change (I haven't seen them change in maybe close to a year), then what is the need for static ip addresses? It seems like my dhcp assigned addresses are acting just like static addresses.
The difference is that a reserved (static) IP address will never be assigned to a different client. Whereas dynamic addresses are "sticky" but not guaranteed to always be the same for each device. As the address is pseudo-random the more the DHCP pool gets used up the higher the probability of an address having already been assigned to another device which will cause the client to be assigned a different address.

I always dhcp assigned a different address ever time a device was disconected powered off and reconnected. This is how it used to be with my old routers.
It depends on the router and the clients. dnsmasq is used in almost all consumer routers. Also, clients like Windows PC's remember what IP address they previously had and will ask for that address again even if the DHCP server initially offers it something different.
 
Not at all. It would only create a false sense of
Ok. Is the consensus that dynamic ip's and static ip's within a home LAN network have no influence on the level of security? Then the following is false?

I want to put this here for reference to any person that might visit this post. I have often thought as Colin Taylor and Captainoblivious (cptnoblivious) that ip dynamic or static ip addresses have uses but do not increase security.

cptnoblivious said
. If someone has penetrated your network they'll simply scan it for IPs on the network. Instead, you should securely setup you clients, but turning on firewalls at the client level where available, and disabling network services that are not needed (NetBIOS, FTP, etc etc). Which will _actually_ make a difference to how secure your network is.
and this is sensible, but if one were unaware, maybe poorly instructed, or didn't know where to find correct information one might have concern and do an internet search and find information as in the following two links. Colin Taylor clarified that in these examples the authors are discussing WAN address not internal LAN address. So for WAN addresses, dynamic ip addresses are helpful, but for Internal address i.e. addresses assigned by one's home router via dhcp to client devices, dynamic addresses make no improvement on security, focus instead on that "Which will_actually makes_a_difference to how secure your network is"


The following discusses WAN addresses:
dynamic IP addresses provide more security than static IP addresses. When a static IP address is assigned, it makes it a lot easier to perform long repeated attacks on that IP address. For those with dynamic IP addresses, there is a less security risk because the IP address changes and therefore you are less prone to repeated attacks.

Also, static IP addresses are easier to track by companies or hackers. Most websites already try to track your browsing habits so that they can show you more personalized ads and with a static IP address, it’s even easier to do this.

On the client side, a user can make the network less secure or less stable by using a static IP address for nefarious purposes. Even though most ISPs cap the amount of bandwidth that a single user can consume, someone with a static IP could still eat up a lot of bandwidth indirectly. For example, if someone is hosting a website from their home using a static IP address and hackers decide to level a DDOS attack on the site, the ISP will get flooded with traffic, which could cause slowness or outages for other customers
This blog also comments that dynamic addresses (WAN) improve security:


At this link to microsoft answers web page Rajesh Govind is discussing internal LAN addresses:

People may think that the Dynamic IP address is more secure than the Static, as it changes with each session on the network and it becomes difficult for the hackers to find the computer. In contrast, a static IP address can become a security risk, because here the address is always the same and it is easier to track the computer for data mining purposes or someone who is really determined to find your computer and cause damage to it has a better chance of doing so or has more time to work on getting past your security. But, according to me, the type of IP address assigned has nothing to do with the security of the computer when you have a good security program or a firewall installed on it.
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top