AC87U 5Ghz guest network

[Lucky-Strike]

Hi guys,

I also get changing results...
I stopped testing from my Android phone since it was - for whatever reason - screwing up results. From a computer, I usually see the 5Ghz guest network.
Intranet access is off.
When I connect, I sometimes get internet access but get DNS errors (DNS_PROBE_FINISHED_NXDOMAIN).
Other times, I get the "no internet" error (DNS_PROBE_FINISHED_NO_INTERNET).
No change of any settings in between.

Btw @RMerlin , how can I check the qtn firmware version on my router ?
Found an updated version of netgear R7500 SRC (V1 is using Quantenna QT3840BC + QT2518B) with QTN package from late 2018. Might be the same, might be older, might be newer ? All I can say is filesize differs.
Went from here : https://patchwork.kernel.org/patch/10706331/
To here : https://github.com/ILOVEPIE/qts1kpcie_wifi_driver/tree/BuildScripts/kernel/quantenna_qts1kpcie
To there : https://kb.netgear.com/2649/NETGEAR-Open-Source-Code-for-Programmers-GPL
Downloaded and extracted V1.0.0.130 (https://www.downloads.netgear.com/files/GPL/R7500-V1.0.0.130_and_qtn_gpl_src.tar.zip).
Than it can be found in package > qt-wireless > binary

 

[JIPG]

Hi guys,

I also get changing results...
I stopped testing from my Android phone since it was - for whatever reason - screwing up results. From a computer, I usually see the 5Ghz guest network.
Intranet access is off.
When I connect, I sometimes get internet access but get DNS errors (DNS_PROBE_FINISHED_NXDOMAIN).
Other times, I get the "no internet" error (DNS_PROBE_FINISHED_NO_INTERNET).
No change of any settings in between.

Btw @RMerlin , how can I check the qtn firmware version on my router ?
Found an updated version of netgear R7500 SRC (V1 is using Quantenna QT3840BC + QT2518B) with QTN package from late 2018. Might be the same, might be older, might be newer ? All I can say is filesize differs.
Went from here : https://patchwork.kernel.org/patch/10706331/
To here : https://github.com/ILOVEPIE/qts1kpcie_wifi_driver/tree/BuildScripts/kernel/quantenna_qts1kpcie
To there : https://kb.netgear.com/2649/NETGEAR-Open-Source-Code-for-Programmers-GPL
Downloaded and extracted V1.0.0.130 (https://www.downloads.netgear.com/files/GPL/R7500-V1.0.0.130_and_qtn_gpl_src.tar.zip).
Than it can be found in package > qt-wireless > binary

Quantenna firmware version is shown in page TOOLS>Sysinfo/Router

 

[ColinTaylor]

Haha omg did another reboot now i have intranet access on normal 5Ghz and guest 1
Now it seems to be working as it should..no access on 5Ghz guest 2 or 3

Edit:
Now did a hard reboot
Have intranet access on normal 2.4 and 5Ghz and guest1(5Gghz)
No intranet access on the other guest networks
So all seems to be working now dont understand..

Thanks for the update. I don't think we'll pursue this any further unless something changes.

For future reference; The output of your brctl is correct AFAICT. The vlan400x entries are the guest networks that don't have intranet access (I think "x" increments for each enabled network without intranet, rather than a one-to-one relationship). I'm not sure how the 5GHz networks that do have intranet access connect to the LAN . The relevant code appears to be in qtn_monitor.c, particularly here.

 

[Zastoff]

The changing results is gnawing at me a bit here..(maybe it`s just broken)
Think i will give it a longer test run next week to see if i can get some clarity to why it suddenly all worked..and why it dident before
Was it because i enabled all 3 5Ghz guests it suddenly worked?
Will try it out in some different scenarios and see how it goes with DNS and intranet access..

 

[Zastoff]

Testing done on RT-AC87u (fw 384.11) 5Ghz Guest networks
Testing done with Win7 Computer and Android phone (Brave Browser)
(5Ghz) Guest1 with intranet access on
(5Ghz) Guest2 with intranet access off
(2.4Ghz) Guest2 with intranet access off

Win7 Computer worked flawless during testing on both guest networks
Android phone has worked fine on Guest1 with intranet access
Android phone had some trouble on Guest2 with getting DNS_PROBE_FINISHED_NXDOMAIN on some sites when using DNSCrypt
Solution: Testing android phone using DNSfilter to bypass DNSCrypt and Diversion=No more DNS_PROBE_FINISHED_NXDOMAIN
Internet has been stable during testing on both guest networks


Status from my test: Working both with and without intranet access
Tested with:
DNS Privacy Protocol DoT (Working)
DNS-Filter Global Filter Mode=Router (Working)
ISP DNS/No Scripts (Working)
DNSCrypt (Working) with intranet access on.
DNSCrypt with guest networks 2.4Ghz & 5Ghz-intranet access off has issues with Android only in my tests.
(Recommend bypassing DNSCrypt on android by using DNS-Filter or skip DNSCrypt and use DNS Privacy Protocol DoT if you have issues)

Spoiler: Sort of testing log UPDATED

May 11 Enabled ZAST_5G_Guest1(only) intranet access on (Testing with computer win7 not routed thru vpn)
Have SSID and internet access/intranet access after reboot
May 11 14:18:06 mbss: prefix_bss_enabled:[wl1.1_bss_enabled][1]
May 11 14:18:06 mbss: prefix_lanaccess:[wl1.1_lanaccess][on]
May 11 14:18:06 mbss: dp-11 unit:[1], subunit:[1]
Testing browsing alot of different web sites(30+) no DNS errors
Continue testing on Android phone(ver 9+)(routed thru vpn) on ZAST_5G_Guest1
Intranet access working and browing 20+ different sites no DNS errors
Checking wireless log:
Wireless 5 GHz
SSID: ZASTOFF_5G Mode: AP
SNR: 33 dB Noise: -51 dBm Channel: 48/80 BSSID: 385:47:E5:99:FC
Device IP Address Rx/Tx & RSSI Connected Flags
xx:xx:xx:xx:xx:xx
Daniel-Dator 192.168.1.37
780 / 1053 Mbps
-51 dBm 0:37:31 AUG
xx:xx:xx:xx:xx:xx
Sony-XZ2 192.168.1.240
325 / 6 Mbps
-63 dBm 0:09:56 AUG
All is working so far
Enabled ZAST_5G_Guest2 intranet access off
Rebooting Router clearing browser cache on computer and android phone
Have SSID and internet for ZAST_5G_Guest2 testing on win7 computer(not routed thru vpn)
check: no intranet access
Browsing 30+ sites no DNS errors
Connecting Android phone on ZAST_5G_Guest2 (Routed thru vpn)
Have internet and no intranet access
Browsing 10+ sites got DNS_PROBE_FINISHED_NXDOMAIN on 1 site dubble checked on win7 computer on same site and worked there..on ZAST_5G_Guest2
Testing same site on android again=same error
Browsing some other sites and working and re testing the site i got error and same DNS error again..
Changeing to ZAST_5G_Guest1 on android browsing working again..no errors
Testing Paused (Change android phone to routing thru WAN and test again)
New entries in syslog did not see on previeus testing
May 11 15:13:12 acsd: eth1: NONACSD channel switching to channel spec: 0x1001 (1)
May 11 15:38:13 acsd: eth1: NONACSD channel switching to channel spec: 0x1803 (1l)
May 11 17:30:43 acsd: eth1: NONACSD channel switching to channel spec: 0x1001 (1)
May 11 17:55:45 acsd: eth1: NONACSD channel switching to channel spec: 0x1803 (1l)
May 11 18:25:51 acsd: eth1: NONACSD channel switching to channel spec: 0x1803 (1l)
May 11 18:30:52 acsd: eth1: NONACSD channel switching to channel spec: 0x1001 (1)
My Wireless settings:
Channel bandwidth 20/40Mhz & Control Channel 1 for 2.4Ghz
Channel bandwidth 80Mhz & Control Channel 48 for 5Ghz
May 12 Resume testing Android on ZAST_5G_Guest2(Routing thru WAN)
Same issue on browsing some sites DNS_PROBE_FINISHED_NXDOMAIN
Switched to ZAST_5G_Guest1 on android and no errors on browsing
Set Android in LAN/DNSfilter(Cleanbrowsing-Security so it bypass DNSCrypt(2.0.23) & Diversion(4.09)
Testing Android again on ZAST_5G_Guest2
Browsing working with no errors on Android phone
Clearing Browser cache on computer and Android phone and rebooting them
Again Testing Win7 computer on ZAST_5G_Guest1 & ZAST_5G_Guest2 all good no errors and intranet access working for ZAST_5G_Guest1
Again Testing Android on ZAST_5G_Guest1 & ZAST_5G_Guest2 all good no errors and intranet access sort of working for ZAST_5G_Guest1**
**can not log in to router.asus.com:8443 with DNSFilter?? but https://pixelservip/servstats working on ZAST_5G_Guest1 but NOT on ZAST_5G_Guest2

May 13 Resume Testing
Set vpn client to: Accept DNS Configuration=Exclusive
Set LAN/DNS-Filter: Enable DNS-based Filtering=off
Set Administration/System: Enable JFFS custom scripts and configs=No
Reboot from webgui (failed to fully boot)
Hard Reboot (off for 30sec)
SSID`s up and connected to ZAST_5G_Guest1 on Win7 computer have internet and intranet access
From syslog:
May 13 09:27:05 mbss: prefix_bss_enabled:[wl1.1_bss_enabled][1]
May 13 09:27:05 mbss: prefix_lanaccess:[wl1.1_lanaccess][on]
May 13 09:27:05 mbss: dp-11 unit:[1], subunit:[1]
May 13 09:27:08 mbss: prefix_bss_enabled:[wl1.2_bss_enabled][1]
May 13 09:27:08 mbss: prefix_lanaccess:[wl1.2_lanaccess][off]
May 13 09:27:08 kernel: device vlan4001 entered promiscuous mode
May 13 09:27:08 kernel: br0: topology change detected, propagating
May 13 09:27:08 kernel: br0: port 4(vlan4001) entering forwarding state
May 13 09:27:08 kernel: br0: port 4(vlan4001) entering forwarding state
May 13 09:27:08 mbss: dp-10 unit:[1], subunit:[2]
Checking: using isp dns server
Browsing and intranet access working on ZAST_5G_Guest1 Win7 computer
Browsing and intranet access working on ZAST_5G_Guest1 Android Phone
Testing ZAST_5G_Guest2
Browsing and No intranet access working on ZAST_5G_Guest2 Win7 computer
Browsing and No intranet access working on ZAST_5G_Guest2 Android Phone
No issues with internet or DNS errors, All working with 5Ghz Guest networks
Try Set LAN/DNS-Filter: Enable DNS-based Filtering= ON (Global Filter Mode=Router)
Reboot from webgui
More Coffee..
SSID`s up and connected to ZAST_5G_Guest1 on Win7 computer/Android Phone have internet and intranet access
Browsing working on both and have intranet access
Change to ZAST_5G_Guest2
Browsing working on both and have No intranet access
No issues with internet or DNS errors, All working with 5Ghz Guest networks with DNS-Filter (Global Filter Mode=Router)
Enable DNS Privacy Protocol (DoT) with Cleanbrowsing-Security DoT Servers
Reboot from webgui
Connected to ZAST_5G_Guest1 on Win7 computer and android phone both using DoT Servers
Have internet and intranet access
Browsing working on win7 computer and android phone
Change to ZAST_5G_Guest2
Internet and browsing work on win7 computer and android phone with No intranet access (DNS Privacy Protocol DoT and DNS-Filter)
No Errors
Disable DNS Privacy Protocol DoT and Set Administration/System: Enable JFFS custom scripts and configs=Yes (enable DNScrypt & other scripts again)
Reboot from webgui
SSID`s and scripts working
confirm using DNSCrypt servers
Testing ZAST_5G_Guest2 on Android phone
DNS_PROBE_FINISHED_NXDOMAIN error back on some sites
Testing ZAST_5G_Guest2 on win7 computer
confirm using DNSCrypt servers
No DNS errors

Conclusion: DNS issues on 2.4Ghz & 5Ghz guests with no intranet access only android with DNSCrypt
Other scenarios all working well for me during this test

Hope it can help someone that want to try/use 5Ghz Guest networks on RT-AC87U
/Zastoff