RT-N66U problems with 5GHZ guest network

[Noldir]

Hi there,

I'm having the oddest problem with my RT-N66U in guest network mode. Whenever I use the 5GHZ band (seperate SSID) I can't access webpages anymore. Sometimes it will load a little bit of the page before getting stuck on endless "loading". It almost seems as if HTTP redirects are not getting through or that it can't resolve anything beyond the currently loaded web domain.

I can't really pinpoint what's wrong either, for instance: sometimes whatsapp works, sometimes it doesn't.

Every other SSID I have (2.4 and 5ghz) work just fine. In fact, when tunneling a VPN (different machine) over the guest network I have zero problems.

I've tried rebooting, resetting to default and pleading. None of them seem to work. Anyone any ideas? Help?

Kind regards,

Rob

 

[messerchmidt]

try the merlin firmware and/or another wireless channel. set it to 80mhz.

 

[Noldir]

try the merlin firmware and/or another wireless channel. set it to 80mhz.

Will do! What does the 80mhz do (and where to set it)?

 

[wouterv]

If you have a RT-N66U, you have no 80 MHz setting.
The setting is under Advanced Settings>Wireless>General>5 GHz>Channel bandwidth.
For the RT-N66U you can set it to 20/40, 20 or 40 MHz.
I don't believe it has to do with your problem though.

On the Guest network: what is the Authentication Method and look at the SSID.
I suggest to select a SSID (at least as trial) with maximum 8 Alphanumeric (Aa to Zz and 0 to 9) characters only.

 

[Noldir]

If you have a RT-N66U, you have no 80 MHz setting.
The setting is under Advanced Settings>Wireless>General>5 GHz>Channel bandwidth.
For the RT-N66U you can set it to 20/40, 20 or 40 MHz.
I don't believe it has to do with your problem though.

On the Guest network: what is the Authentication Method and look at the SSID.
I suggest to select a SSID (at least as trial) with maximum 8 Alphanumeric (Aa to Zz and 0 to 9) characters only.

Authentication method is WPA2-PSK. The weird thing is that is does have some non-alphanumeric characters in there, but so does the primary SSID (which is longer) which connects just fine. I'll give it a shot though!

 

[Noldir]

Didn't help a bit (unfortunatly). It seems it's device specific as well though, my gilrfriend can't internet from the 2.4 ghz guest network but with me it works like a charm.

Perhaps a DNS (cache) problem somewhere?

 

[wouterv]

What is the total number of connected computers to your router?
And are these computers strictly separated as computers that use Guest access do never use normal access, visa versa?

 

[Pericynthion]

I wonder if it's related to using the router itself as a DNS server? Using the guest network feature on the n66u automatically isolates that SSID - in other words clients connected to it can resolve external addresses but the firewall will block any traffic headed for your internal addresses (in my testing this includes the router itself - you'll find you can't even browse to the router admin page on the guest network).

You can easily prove this by manually setting an external DNS (eg 8.8.8.8) on one of the clients on the guest network and see if that fixes the web browsing.



Sent from my iPhone using Tapatalk

 

[Noldir]

What is the total number of connected computers to your router?
And are these computers strictly separated as computers that use Guest access do never use normal access, visa versa?

Total? About 6 computers, not withstanding the odd hobby pc I'm imaging.

3 of those are wifi, 3 of them are wired.

Those that use wifi regularly switch between the Guest and Non-Guest networks. This is because my NAS which also handles the RADIUS login sometimes has a fit and kills the RADIUS process (that one is still under investigation by Synology). Clients then get kicked and revert to using the guest network.

 

[Noldir]

I wonder if it's related to using the router itself as a DNS server? Using the guest network feature on the n66u automatically isolates that SSID - in other words clients connected to it can resolve external addresses but the firewall will block any traffic headed for your internal addresses (in my testing this includes the router itself - you'll find you can't even browse to the router admin page on the guest network).

You can easily prove this by manually setting an external DNS (eg 8.8.8.8) on one of the clients on the guest network and see if that fixes the web browsing.



Sent from my iPhone using Tapatalk

Actually, the router is not handling the DNS traffic, my NAS is. I've tried toggling the DNS settings on the router but to no avail. I've got no problem on the 2.4 ghz work browsing to slashdot et al. But my girlfriend does (well, facebook in her case). Strangely enough I *can* traceroute to slashdot from my phone but as soon as there's a redirect (in this case to m.slashdot.org) the connection times out.

 

[L&LD]

This is new to me.

Why is the NAS handling the DNS traffic and not the router?

 

[Pericynthion]

Back to a previous comment - the clients may be working sporadically due to cached DNS info. And is your NAS on the LAN side of your router? If so my comment on isolation still stands - guest networks can only access external addresses.

The firewall might be allowing basic icmp/ping/traceroute traffic but that's a different class to http.


Sent from my iPhone using Tapatalk

 

[Noldir]

This is new to me.

Why is the NAS handling the DNS traffic and not the router?

Private subdomains Got frustrated remembering all the ip-addresses!

 

[Noldir]

Back to a previous comment - the clients may be working sporadically due to cached DNS info. And is your NAS on the LAN side of your router? If so my comment on isolation still stands - guest networks can only access external addresses.

The firewall might be allowing basic icmp/ping/traceroute traffic but that's a different class to http.


Sent from my iPhone using Tapatalk

The NAS is indeed on the LAN side of the router but I've configured the router as the "main" DNS for all clients (DHCP). The router just forwards any request first to my NAS which in turn forwards it back via the router to the DNS servers of my provider. Also, just using the DNS server of the router doesn't help, I still have the same problems. Or am I misunderstanding what you mean?

 

[jlake]

Try a newer or older firmware than the one you are using.

Partially loaded pages are often a symptom of some type of MTU problem.

 

[Pericynthion]

Also, just using the DNS server of the router doesn't help, I still have the same problems. Or am I misunderstanding what you mean?

I think you've got it, but to prove a point we probably need to run another scenario.

If you choose a device on the guest network, and manually define the DNS server in its network config to be an external service (googleDNS - 8.8.8.8) and see if that works.

What I suspect is that the firewall rules for the guest network are allowing certain traffic and not others (basic name resolution=ok, other stuff=more complex).

If you point a client wholly at an external DNS service, and it works without problems - then it will prove if the problem is traversing between the guest-network and something your LAN is providing (whether name resolution or something else).

 

[Noldir]

Well, I've run into a bit of a problem here. The only device that will connect to the 5G network is my phone. Which is not rooted yet so I can't actually change the DNS servers.

Anyone have some ideas about what to do next? Or am I stuck rooting the phone?