DHCP Server problem (not using the router for DHCP)

Discussion in 'Tomato Firmware' started by Surffisher2a, Jun 10, 2019.

Tags:
  1. Surffisher2a

    Surffisher2a Network Newbie Member

    warning -- I am using this firmware on an ASUS RT66u router -- I know this is a linksys forum, but I am posting here since the contact us info on the advanced tomato site suggested this forum. I think this is a firmware related issue not related to hardware.

    The problem I am having is that I wish to use my Windows Server for DHCP and disable the DHCP server in on the router. When I do this, randomly none of the clients utilizing wireless are able to obtain an IP. Wired clients on my network work perfectly fine.

    Details -- I have a flat IP network, no other subnets / vlans. The only routing in place is the RT66U for internet access (obviously the default gateway in my network). Only 1 wireless network setup (mirrored for 2.4 / 5.0 frequency ). Single internet connection (no dual wan).

    No USB or any other devices plugged into the router. No VPN, QOS, SMB, or NFS.

    Running Firmware version: 1.28.0000 MIPSR2-3.5-140 K26AC USB AIO-64K downloaded from advancedtomato com downloads

    Checked MD5 Hash to ensure no corruption on the download.

    The existing setup has worked perfectly with the original firmware on the router. Wireless and wired devices got DHCP from my windows server. As soon as i put the Advanced Tomato firmware on my router I started having issues (yes I turned off the DHCP on the router). The reason I say I am randomly having issues is that because it will work for a little while, then it just stops. Nothing I do will resolve the problem (reboots, etc). Then after a day or two it will work for a little while (without any intervention) and then stop working.

    When I setup the router to provide DHCP server, it works flawlessly (of course disabling the DHCP service on the windows server).

    Troubleshooting I have done.
    #1 Reboot all equipment (including windows server and network switch)

    #2 reflash router utilizing all the steps to clear NVRam and resetting back to factory defaults as described in the install guide.

    #3 Triple checked that DHCP was unchecked in the router config

    #4 Put in a spare TP link wireless router (Factory) to make sure DHCP from the windows server worked (It did)

    #5 Wireshark captures on the Windows Server show that its getting a discovery request, sending an offer but that is it.I am not seeing a request back from the client. I am assuming something in the router is blocking that.

    my question is does anyone have any idea what could be causing this issue and has anyone successfully running DHCP from another server ?
     
  2. Sean B.

    Sean B. Network Guru Member

    Disable wifi power saving under Advanced->Wireless ( set APSD mode to disabled ) for both radios. See if there's any change in behavior.
     
  3. Surffisher2a

    Surffisher2a Network Newbie Member

    So far it seems to be working since I disabled APSD. I'll have to keep an eye on it to make sure it keeps working since it randomly worked in the past.

    Thanks for the idea, I would never have thought to change that setting to fix the DHCP issue.

    PS -- on a side note, I noticed that disabled is supposed to be the default option for APSD because it has a * next to disabled in the menu, however I am 100% certain that I did not enable it manually.
     
  4. Surffisher2a

    Surffisher2a Network Newbie Member

    Unfortunately the problem still exists. Was working fine for a couple hours this evening, when we got back from dinner DHCP stopped giving out IP addresses to any wireless device (cell phones, laptop and a smart home device).
     
  5. Sean B.

    Sean B. Network Guru Member

    Let me clarify. Does the issue take place only when a wireless client leaves the network, and upon return is unable to obtain an IP via DHCP? Or do wireless clients that have not left/disconnected from the network suddenly lose connectivity as well?
     
    Last edited: Jun 11, 2019
  6. Surffisher2a

    Surffisher2a Network Newbie Member

    If the wireless clients have an IP address they work perfectly fine until their DHCP lease expires. If I try and add a new device they connect to the wlan, but won't get an IP address.
     
  7. Sean B.

    Sean B. Network Guru Member

    When this happens, assign a static IP on a wireless client such as a laptop. Can you ping your Windows DHCP server, as well as targets on the WAN?
     
  8. Surffisher2a

    Surffisher2a Network Newbie Member

    Yes, if i assign a static IP I get full network connectivity and can ping the DHCP server.
     
  9. Sean B.

    Sean B. Network Guru Member

    Can you post your Wireshark captures please? Screen shots of the Basic->Network and Advanced->VLAN pages, a long with a basic topology description that locates the relative network connections of client/router/server would be helpful as well.
     
    Last edited: Jun 12, 2019 at 7:14 AM
  10. Sean B.

    Sean B. Network Guru Member

    Was this a capture of a wireless client that had been disconnected and then reconnected to the network? Or of a wireless client that had remained connected to the network and its lease expired?
     
  11. Surffisher2a

    Surffisher2a Network Newbie Member

    I did not save the wireshark captures, i'll get new ones on friday when I get some time to break the network again.

    The capture I did get was from the DHCP server while my laptop was trying to get an IP from an IPCONFIG / Renew. I previously did an IPCONFIG / Release so I didn't have to wait for the lease to expire to get my capture.

    I am attaching screenshots of the other requested info.
     

    Attached Files:

  12. Surffisher2a

    Surffisher2a Network Newbie Member

    Here is the last file since the previous post would only allow me 5 attachments.
     

    Attached Files:

  13. Sean B.

    Sean B. Network Guru Member

    You have DHCP enabled on the router, shown in the basic2 screenshot. And a reminder, if not done so already, make sure the router IP is either reserved or not within the configured DHCP address range on the Windows server.
     
  14. Surffisher2a

    Surffisher2a Network Newbie Member

    That screenshot was taken this morning. I can assure you that during my testing that the DHCP option was turned off.
     
  15. Sean B.

    Sean B. Network Guru Member

    Why is it currently enabled? Facilitating the wireless clients for now?

    The best next diag steps would be to run a Wireshark capture on a wireless connected laptop while the issue is occuring ( rather than from the server side ) and verify the DHCP offer is not making it to the laptop at all rather than being silently discarded, which can happen for a multitude of reasons lined out in the RFC's for DHCP. If it does indeed fail to reach the laptop, a capture run on the router interfaces should shed some light on why. This can be done by command line in a shell on the router using tcpdump. Or, my preferred method, using rpcapd as a background service on the router and running a remote capture using Wireshark on a client computer.
     
    Last edited: Jun 12, 2019 at 8:06 PM
  16. Surffisher2a

    Surffisher2a Network Newbie Member

    I had a chance to do a little more troubleshooting today. To answer your easy questions, yes it is enabled now to keep my network devices functioning, things like cell phones, Ipads, Sense Monitor, Wink Hub and etc all stop working once their DHCP lease expires.

    Anyways, I did some testing and got semi different results. First thing I did was disable DHCP on the router and turn on the DHCP service on the windows server. (laptop was already connected to Wifi before I did this).

    I performed a DHCP /renew on the laptop while doing a packet capture (on laptop, attached) and saw it sent out a discover request, but no response to it. The packet capture on the server didn't show any DHCP packets.

    Then I pinged the DHCP server by IP and they all timed out. I was able to ping all other devices on the network.

    I then did a ipconfig / release to clear my current IP. I then set a static IP for the laptop and tried to ping the windows server again which worked perfectly.

    Next I set my Laptop back to DHCP and did ipconfig /renew and had the same results as above (Discover sent but no reply, no DHCP packets received on the windows server.

    I hardwired my laptop into port 2 on the Asus and it instantly picked up an IP from the windows server.

    To me it seems something on the wireless bridge to the LAN is randomly blocking the traffic for some unknown reason I am thinking some kind of built-in security protection is kicking in. I would say its no relaying the broadcast traffic correctly, but the fact I couldn't ping the server, but could ping everything else tells me its more than just broadcast traffic that is being blocked to that particular IP / server. Also remember the fact that this will randomly start working (wired and wireless) for a couple of hours then all of a sudden quit again.

    It seems that whenever I disable the DHCP on the router it will start working for about an hour and then quit for a couple of hours and start working again for an hour, rinse, lather, repeat.

    I never did remote captures with wireshark, I always just spanned the port the device was attached to and did it that way, not sure my home switches will allow me to do that though, so I will look into the remote captures when I get some more time.


    PS -- Capture upload will need to be renamed with correct extension (.pcapng). I had to rename it to txt to allow this site to attach it.
     

    Attached Files:

  17. JoeDirte

    JoeDirte Networkin' Nut Member

  18. Monk E. Boy

    Monk E. Boy Network Guru Member

    Do devices connected via ethernet get IP leases from the Windows server? Just do it as a test. The firewall on the server could be blocking the DHCP server. At least this way you've removed the WiFi bridge from the equation.

    There is an issue on random units of ARM routers where switching 5Ghz to N mode will isolate the two networks (LAN & WLAN) from each other, but putting it in A mode makes it work. To my knowledge this is solely 5Ghz, so maybe you could try disabling 5Ghz? Or flip it to A mode if you have AN clients. However that seems to only be affecting FreshTomatoARM from what I remember.

    Worst case I would also try another build of Tomato as AdvancedTomato is kind of an odd duck and isn't being maintained anymore. I would try going all the way back to the 132 release of Shibby since that's the last one before MultiWAN, which introduced a lot of issues. If that works then you know its a bug in either AdvancedTomato or Shibby's 140 build. The option going forward would be to either stay on 132 or move to FreshTomatoMIPS which is still in active development.

    Personally I have a lot of N66s on a network in access point mode with Windows handling DHCP (the N66s are all running off ASUS's latest firmware). Currently the default route doesn't go through Tomato but at one time it did - though it was before MultiWAN.
     
  19. Sean B.

    Sean B. Network Guru Member

    Haven't had a chance to look over the capture yet, but have an experiment to suggest:

    Disable DHCP on the router for the br0 network, and re-enabled the Windows DHCP server.

    Create another network under Basic->Network as - Bridge = br1 | IP = 192.168.230.20 | DHCP = disabled

    The .20 octet of the IP is arbitrary so feel free to change it, just be sure to change it for steps below as well.

    Under Advanced->VLAN bridge both wireless interfaces to the br1 bridge.

    Under Advanced->DHCP/DNS put this in the Custom config box:

    Code:
    dhcp-relay=192.168.230.20,192.168.230.11,br0
    This assumes .11 is still the Windows DHCP server. After saving goto Tools->System commands and run:

    Code:
    cat /etc/dnsmasq.conf
    Make sure the output has these lines in it:

    Code:
    interface=br0
    interface=br1
    If not ( I'm not sure if they'll be there when DHCP is disabled on the router ) add them to the Custom Config box as well.

    Under Administration->Scripts->Firewall tab add these lines:

    Code:
    iptables -t filter -I FORWARD 1 -i br0 -o br1 -j ACCEPT
    iptables -t filter -I FORWARD 2 -i br1 -o br0 -j ACCEPT
    Try a wireless connection with the laptop and see what happens. In theory, if the router is preventing broadcast traffic between the wireless interfaces and the LAN, this should expose it. By making dnsmasq act as a DHCP relay, the broadcast traffic doesn't actually have to cross the interfaces. Dnsmasq will hear it on one interface and relay it on the other.
     
  20. Sean B.

    Sean B. Network Guru Member

    Didn't catch this earlier for whatever reason, but you stated clients that don't disconnect from wireless fail to renew their lease and lose connectivity as well. This means the issue is not isolated to broadcast traffic, as clients that already know the unicast address of the DHCP server will send their requests by that means. If the client fails to receive a response via unicast from the server it will then fall back to broadcast.
     
  21. Surffisher2a

    Surffisher2a Network Newbie Member

    Just letting everyone know I havn't ghosted you. Just have not had a chance to perform any other troubleshooting yet. Got friends visiting from out of state and BBQ competitions that are taking up my free time right now.
     
    Sean B. likes this.
  22. Sean B.

    Sean B. Network Guru Member

    You're forgiven providing you send me some of that BBQ ;)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice