some lan clients are on different subnets (386.2_4) (SOLVED)

eusagc

Occasional Visitor
Hi! I found some strange thing going on in 386.2_4...

Some lan clients that were supposed to be static were somehow being assigned random IPs on different subnets. It seems to be happening on wlan devices that connect to one particular guest SSID. If they connect to a different AP (with the same SSID), they get the correct assigned IP, but when they connect on the router itself, they will get assigned an IP on either the 192.168.101.x or 192.168.102.x block. And what's also strange is that when they do (get a different IP), these devices still have internet connection. It's like there are VLANs defined/tied to the virtual wireless SSID.

The SSID in question is the first SSID in the guest network list. Both 2.4 and 5GHz interfaces have the same name, and can confirm that both have the same behavior. The 2nd SSID is also used and doesn't have this issue.

I'm using an Asus AC88U router running 386.2_4. This wasn't experienced in 384.19.

Please kindly let me know how we can fix this. Thanks so much.

PS. I'm not using AiMesh here. Client APs are a mix of two Asus routers in AP mode and TP-Link Omada, all connected to the main router on lan-lan ports.
 
Last edited:

eusagc

Occasional Visitor
Here's some snips and logs for this...

Static assignment:
1620970665663.png


Once connected on wifi on the router itself (this is the clients list):
1620970717875.png


Here's from System Log -> DHCP leases:
1620970805638.png


When I move the device to a different AP (same SSID, no AiMesh here):
1620970864570.png
 

eusagc

Occasional Visitor
Some relevant printouts and syslog stuff...

From dhcp file (showing erroneous IPs):
Code:
[email protected]:/tmp/var/lib/misc# more dnsmasq.leases
86391 e0:19:1d:8a:9f:a0 192.168.102.71 HUAWEI_MT7-TL10-40cfdde41 *
85763 f4:63:1f:77:58:e9 192.168.101.37 HUAWEI_Y6_Pro_2019-186786 01:f4:63:1f:77:58:e9
85101 a8:9c:ed:0e:fe:19 192.168.101.156 Redmi7-Redmi7 01:a8:9c:ed:0e:fe:19
(snipped)

From syslog, snip of assignment sequence:
Code:
May 14 10:26:48 dnsmasq-dhcp[607]: DHCPREQUEST(br0) 192.168.102.71 e0:19:1d:8a:9f:a0
May 14 10:26:48 dnsmasq-dhcp[607]: DHCPNAK(br0) 192.168.102.71 e0:19:1d:8a:9f:a0 wrong network
May 14 10:26:48 Skynet: [*] USB Not Found - Sleeping For 10 Seconds ( Attempt 3 Of 10 )
May 14 10:26:48 dnsmasq-dhcp[607]: DHCPDISCOVER(br0) e0:19:1d:8a:9f:a0
May 14 10:26:48 dnsmasq-dhcp[607]: DHCPOFFER(br0) 192.168.2.46 e0:19:1d:8a:9f:a0
May 14 10:26:48 dnsmasq-dhcp[607]: DHCPREQUEST(br0) 192.168.2.46 e0:19:1d:8a:9f:a0
May 14 10:26:48 dnsmasq-dhcp[607]: DHCPACK(br0) 192.168.2.46 e0:19:1d:8a:9f:a0 Phone-Ysa-HuaweiMate7
May 14 10:26:48 dnsmasq-dhcp[607]: DHCPDISCOVER(br0) 28:6d:cd:22:a8:06
May 14 10:26:48 dnsmasq-dhcp[607]: DHCPOFFER(br0) 192.168.2.221 28:6d:cd:22:a8:06

Another one:
Code:
May 13 19:39:00 dnsmasq-dhcp[580]: DHCPREQUEST(br1) 192.168.101.37 f4:63:1f:77:58:e9
May 13 19:39:00 dnsmasq-dhcp[580]: DHCPACK(br1) 192.168.101.37 f4:63:1f:77:58:e9 HUAWEI_Y6_Pro_2019-186786

Some system stuff in syslog showing relevant stuff:
Code:
May  5 13:05:15 dnsmasq[607]: started, version 2.84-42-g433dc70 cachesize 1500
May  5 13:05:15 dnsmasq[607]: asynchronous logging enabled, queue limit is 5 messages
May  5 13:05:15 dnsmasq-dhcp[607]: DHCP, IP range 192.168.102.2 -- 192.168.102.254, lease time 1d
May  5 13:05:15 dnsmasq-dhcp[607]: DHCP, IP range 192.168.101.2 -- 192.168.101.254, lease time 1d
May  5 13:05:15 dnsmasq-dhcp[607]: DHCP, IP range 192.168.2.201 -- 192.168.2.250, lease time 1d

May 13 18:13:54 RT-AC88U-1DB8 avahi-daemon[5324]: Registering new address record for 192.168.102.1 on br2.IPv4.
May 13 18:13:54 RT-AC88U-1DB8 avahi-daemon[5324]: Registering new address record for 192.168.101.1 on br1.IPv4.
May 13 18:13:54 RT-AC88U-1DB8 avahi-daemon[5324]: Registering new address record for 192.168.2.2 on br0.IPv4.
May 13 18:13:54 RT-AC88U-1DB8 avahi-daemon[5324]: Registering new address record for 192.168.2.1 on br0.IPv4.

May 13 18:16:43 RT-AC88U-1DB8 kernel: Dead loop on virtual device vlan2, fix it urgently!
May 13 18:16:43 RT-AC88U-1DB8 kernel: Dead loop on virtual device vlan2, fix it urgently!
May 13 18:16:43 RT-AC88U-1DB8 kernel: Dead loop on virtual device vlan2, fix it urgently!
May 13 18:16:43 RT-AC88U-1DB8 kernel: Dead loop on virtual device vlan2, fix it urgently!
May 13 18:16:43 RT-AC88U-1DB8 kernel: Dead loop on virtual device vlan2, fix it urgently!
 

L&LD

Part of the Furniture
Guest Network 1 uses its own subnet.
 

eusagc

Occasional Visitor
Guest Network 1 uses its own subnet.
Hi! Thanks for the reply... Not really, at least not in this case. It's possible, but in Merlin, the only way I know is via this addon called "Yazfi". There, you can also specify DCHP pool size/range, customize DNS, and route all clients to a VPN client. But right now I got nothing specified about those subnets, and I don't even have Yazfi loaded.
 

dave14305

Part of the Furniture
Hi! Thanks for the reply... Not really, at least not in this case. It's possible, but in Merlin, the only way I know is via this addon called "Yazfi". There, you can also specify DCHP pool size/range, customize DNS, and route all clients to a VPN client. But right now I got nothing specified about those subnets, and I don't even have Yazfi loaded.
It’s an ASUS “feature” of 386.x. 101 is Guest 1 2.4Ghz, and 102 is Guest 1 5.0GHz. Guest 2 and 3 behave as expected.
 

eusagc

Occasional Visitor
It’s an ASUS “feature” of 386.x. 101 is Guest 1 2.4Ghz, and 102 is Guest 1 5.0GHz. Guest 2 and 3 behave as expected.
Oh wow, so that's why, that should explain it. Thanks so much.

As a side note though, while there's good reasons to do this, it has no benefit for us with multi-AP setups. This is actually the reason I never used YazFI. Since the FW doesn't support VLANs, the subnetting that's built-in only works on the router itself, i.e., it cannot propagate to external APs. Should it work in a AiMesh setup now (coz I remember it didn't before)? If yes, then it would be great, but only totally if the entire network is using Asus routers/APs that has FW supporting AiMesh.
 

ColinTaylor

Part of the Furniture
Yes, LAN isolation of the first guest network (only) on each band can now be propagated to the Aimesh nodes in the 386 firmware. That is the reason for the change of IP addresses. It also uses VLANs to implement this I'm told.
 
Last edited:

eusagc

Occasional Visitor
Yes, LAN isolation of the first guest network (only) on each band can now be propagated to the Aimesh nodes in the 386 firmware. That is the reason for the change of IP addresses. It also uses VLANs to implement this I'm told.
Wow this is certainly good news! Tbh, I've been waiting for this to happen for the longest time. It's like Christmas came early this time. Cheers!

PS. Now, if it would just be possible to map/combine/tag the VLANs to physical ports it would be perfect.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top