What's new

RT-AX88U Guest Network connection issue when Access Intranet is set to Disable

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

wcoastsands

New Around Here
This is an odd issue. I recently upgraded from an RT-AC87U to an RT-AX88U Pro and installed the latest Merlin firmware version 3004.388.7. For the most part, everything works well. Except for one device on the Guest Network that keeps dropping and reconnecting every 30 seconds or so.

I was able to narrow down the cause to it being when the Access Intranet option for the Guest Network is set to Disable. When the Access Intranet option is set to Enable, there's no issue.

The device in question is a Sony XBR-49X700D Bravia TV running Android 9.

System logs for one drop/reconnect instance:
Code:
Jun 11 21:29:32 wlceventd: wlceventd_proc_event(645): wl0.1: Deauth_ind 94:53:30:54:F6:A1, status: 0, reason: Unspecified reason (1), rssi:-72
Jun 11 21:29:32 wlceventd: wlceventd_proc_event(685): wl0.1: Auth 94:53:30:54:F6:A1, status: Successful (0), rssi:-72
Jun 11 21:29:32 wlceventd: wlceventd_proc_event(722): wl0.1: Assoc 94:53:30:54:F6:A1, status: Successful (0), rssi:-72
Jun 11 21:29:32 hostapd: wl0.1: STA 94:53:30:54:f6:a1 IEEE 802.11: associated
Jun 11 21:29:33 hostapd: wl0.1: STA 94:53:30:54:f6:a1 RADIUS: starting accounting session
Jun 11 21:29:33 hostapd: wl0.1: STA 94:53:30:54:f6:a1 WPA: pairwise key handshake completed (RSN)
Jun 11 21:29:33 dnsmasq-dhcp[11381]: DHCPDISCOVER(br1) 94:53:30:54:f6:a1
Jun 11 21:29:33 dnsmasq-dhcp[11381]: DHCPOFFER(br1) 192.168.101.137 94:53:30:54:f6:a1
Jun 11 21:29:33 dnsmasq-dhcp[11381]: DHCPREQUEST(br1) 192.168.101.137 94:53:30:54:f6:a1
Jun 11 21:29:33 dnsmasq-dhcp[11381]: DHCPACK(br1) 192.168.101.137 94:53:30:54:f6:a1

Screenshot of the Wireless Log:
Screenshot 2024-06-11 21.21.37.png


Screenshot of the Guest Network config:
Screenshot 2024-06-11 21.45.03.png


Screenshots of Wireless settings for 2.4 GHz band:
Screenshot 2024-06-11 21.51.10.png


Screenshot 2024-06-11 21.51.15.png


The LAN IP address is 192.168.50.1/255.255.255.0 (factory default).

I've attempted two factory resets, and reconfigured the router three times using the same settings. I've also tried rebooting the router and restarting the device after changes to settings.

Can't figure out why the device keeps resetting its connection when the Access Intranet option is set to Disable. I appreciate any insight you folks might be able to provide.

Thanks in advance,

Nikko
 
This is an odd issue. I recently upgraded from an RT-AC87U to an RT-AX88U Pro and installed the latest Merlin firmware version 3004.388.7. For the most part, everything works well. Except for one device on the Guest Network that keeps dropping and reconnecting every 30 seconds or so.

I was able to narrow down the cause to it being when the Access Intranet option for the Guest Network is set to Disable. When the Access Intranet option is set to Enable, there's no issue.
Not an odd issue. Your issue sounds similar to what many other people have experienced and posted about in earlier discussions. For example; see here, and here, and here, and here, and here for some earlier discussions on this issue.

Asus supposedly released a fix for this issue to some of their routers back in January of this year. For example the RT-AX86U Pro:
ASUS RT-AX86U Pro Firmware version 3.0.0.4.388_24199
Version 3.0.0.4.388_24199 52.74 MB 2024/01/04
Bug Fixes and Enhancements:
- Resolved guest network connectivity issues on AiMesh nodes by disabling guest network internal access.
As already suggest by @ColinTaylor try using Guest Network #2 (or #3) if you are currently using Guest Network #1.

Another option is to try using the YazFi script addon. That script sets Access Intranet to Enable and then uses IPTables to restrict access to the intranet (main LAN/main WiFi clients). YazFi GitHub. Note: YazFi does not work with AiMesh nodes or with AP nodes.

A further option is to roll back to earlier firmware where this issue wasn't present.
 
Thank you so much! YazFi works like a charm.

I read through all the threads you linked to. I had no idea how common this issue was. It's such a weird issue. I also had no idea that functionality for Guest Network 1 was different from that of Guest Networks 2 and 3. I really appreciate you folks pointing this out to me. I did do some searching prior to posting, but wasn't really sure what I was looking for. I ran across YazFi, but book marked it for later since I wasn't confident I'd found the root cause of the issue. The additional info was a huge help. So thank you.

After getting up to speed with the back history of posts, I got to work on the issue. First I attempted using Guest Network 2 instead of 1, but encountered the same issue as before. Perhaps worse this time with the cycle occurring every 5 seconds instead of every 30 seconds. From there, I re-enabled Access Intranet for all Guest Networks. Then installed and configured YazFi.

Works perfectly now.

Screenshot of YazFi config:
Screenshot 2024-06-12 19.47.49 2.4GHz.png

Screenshot 2024-06-12 19.47.49 5GHz.png


Screenshot of Guest Network config:
Screenshot 2024-06-12 16.32.50.png


My main network is limited to only a couple devices, with all others connecting to one of the above guest networks:
  • Guest Network 1 (WPA2): Using MAC Filtering for devices that need intranet access
  • Guest Network 2 (WPA2): Using Client Isolation for devices that DO NOT need intranet access
  • Guest Network 3 (WPA/WPA2): Using MAC Filtering and Client Isolation for legacy devices that DO NOT support WPA2 or newer
Reason for doing this is so I can isolate devices and networks in the event something becomes compromised.

Screenshot 2024-06-12 17.35.45.png


With YazFi installed and configured, everything seems to work properly now. Will continue to test as I bring more devices online.

Screenshot 2024-06-12 19.46.52.png


Thanks again!

Nikko
 
Last edited:
So far, everything seems to be well behaved. The only oddity is that Network Map doesn't list any YazFi connected devices. Which I suppose is one of the tradeoffs.
 
The only oddity is that Network Map doesn't list any YazFi connected devices. Which I suppose is one of the tradeoffs.
It's not an oddity. Generally, according to the YazFi developer, the Network Map only shows devices within the same subnet or network. Because YazFi uses different IP subnets than the main LAN clients, the YazFi Guest Network clients don't show up in the Network Map. Its an often asked about issue in the YazFi discussions that one can find using the search feature and the terms; "YazFi Network Map".

To view YazFi connected clients see the System Log > Wifi Log page. Or see the YazFi tab's Connected Clients under Guest Network. Or access the YazFi CLI and select option #2 via SSH. Or issue the cat /var/lib/misc/dnsmasq.leases command via SSH (or a batch file).

There are a number of past YazFi discussions that can be found, mostly in the addon's subforum, using the subforum filter or subform search. Among those discussions are how to configure manual IP reservations for YazFi clients (see this post for example) and how to use custom scripting to allow specific YazFi clients to access main LAN clients (see this post for example).
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top