Setting up an ASUS RT-N66U running Merlin on an existing network

[LighthammerX]

Greetings,

I did some research on this forum and other sites on this topic, so if I am asking information that does exist and I missed, I apologize ahead of time; though this is a fairly esoteric situation.

I've been running a server setup running FTP, Emby, HTTP and a few other services over a Comcast 150 mbps connection for the last several years.

My apartment complex abruptly terminated Comcast's ability to provide internet to our complex without notice and, only after proding to find out what happened in part with Comcast's help, did we actually find out that they pulled the hardware out that allows Comcast to connect here and replaced it with a very insecure setup that is essentially four or so commercial Cisco switches serviced by a dedicated fiber optic line connected through a DFOG (Fiber Optic Router).

This setup has made it impossible for me to run my network the way I had. Worse yet, the performance over the network is absolutely abysmal. It's not simply that the speed or latency is bad, its also the fact the network forces me to send any network traffic all the way down to their switch and back up to computers in the apartment. That means any of these services I mentioned above, as well as such things as my network printer or my software KVM are exposed to the network and forced to travel the 5,000 feet or so down to the network switch and back. The in-network latency is over 5000 ms.

From my point of view, what I need to do is get my router running in such a way that I can make only the router exposed to the network and assign IP Addresses to devices on my own network via the DHCP on the router.

The company does not seem willing to help in assigning a static IP address to my router, but I can define one as well as a gateway (I have lists of the working gateways).

The odd problem I am having is, while my router is in "Router Mode", it can see the network, it can ping out, tracert out, netstat as well as all the usual commands, but any computers connected to the router can not access the internet.

I can place my router into "Access Point (AP)" mode and all computers can access the network, but since this turns off the DHCP of my router, I can't get any of my services to work. As described above, most my devices are being forced to run down to the network closet and run through their switch. This makes even running a Chromecast non-viable.

What I need is the correct setup to make my devices work "normally" behind the router so that only the router is exposed to the network. I have no issues assigning ports to the server as needed.

Essentially, I want the router to give me the same protection as if the Comcast Cable Modem was plugged in; except now, I have a network cable running to the site's switch plugged in.

On the administrative side of things, I'm already working with Comcast, the FCC and my state's Attorney General's Office to resolve what happened; but in the mean time, I'm hoping to set something viable up.

Thanks very much for any advice you guys can give and thanks very much for getting through this entire post (I know its long, I hope I explained the situation well enough to give advice).

 

[LighthammerX]

Also, yes, I know in the "WAN Setup - Marked" I have the WAN toggle turned off. This was in the middle of playing with various settings. It is on in the current configuration.

 

[ColinTaylor]

Unless you've got some strange wiring topology that you're not telling us about you shouldn't be setting up any static routes.

Factory reset the router (with the WAN connected). When it boots up for the first time choose Static IP as your WAN connection type and enter the WAN information the same as before. That's it, nothing else. No static routes.

Your LAN subnet will be 192.168.1.1/24 and all your clients should be able to connect it properly.

 

[LighthammerX]

Thanks for the response.

I've factory reset it several times by this point with a few backups I felt were important.

The wiring I've done I know is normal, but anything outside the apartment isn't accessible to me so I don't know how its setup (correctly, incorrectly, weirdly or otherwise) --- nor (of course) do I have access to the server closet.

After writing this post, I had an idea that seems to work (which I need to play with a little more).

Hooking Apartment Complexes cable into one of the LAN ports gives me internet access from my devices with the DHCP on, but once that's done, I can't see or connect to the router's control panel. I can see it with FING.

I assigned a static IP address to the router as well as a gateway. Addresses are 10.201.10.50 and 10.201.10.1 respectively. Neither 192.168.1.1 or 10.201.10.50 give me control panel access.

I'll play with it more later tonight. If anyone else has thoughts on this, let me know. Thanks again for the responses.

 

[ColinTaylor]

The connection should be to your router's WAN port, not the LAN port. If you use the LAN port it will not work properly as you have discovered.

All of your client devices should be connected directly to the RT-N66U, either wirelessly or by a direct Ethernet cable. Your clients should be set to use DHCP.

After doing the initial factory reset do not restore your settings from a backup file, that completely defeats the purpose of the factory reset.

If you have trouble accessing the N66U after the factory reset check that your PC has an address 192.168.1.x and that it can ping 192.168.1.1.

 

[ColinTaylor]

Given what you said about being able to access the internet when you had the feed connected to the LAN port, that would indicate that DHCP is working fine on the Apartment's equipment. So instead of trying to manually set a static IP on the router's WAN interface set it to "Automatic IP" instead and see if that works (with the internet feed in the WAN port of course).

 

[LighthammerX]

The connection should be to your router's WAN port, not the LAN port. If you use the LAN port it will not work properly as you have discovered.

While in the WAN port, the router gets internet access, but no devices on the router get internet access. They can only see other devices connected to the router.

Given what you said about being able to access the internet when you had the feed connected to the LAN port, that would indicate that DHCP is working fine on the Apartment's equipment. So instead of trying to manually set a static IP on the router's WAN interface set it to "Automatic IP" instead and see if that works (with the internet feed in the WAN port of course).

This only works when the cable is run into a LAN port, but the other oddities I reported on post #4 are in play.

 

[ColinTaylor]

While in the WAN port, the router gets internet access, but no devices on the router get internet access. They can only see other devices connected to the router.

Check what IP addresses the clients are getting from the router. In particular their default gateway should be 192.168.1.1. How are you determining that the router has internet access?

This only works when the cable is run into a LAN port, but the other oddities I reported on post #4 are in play.

In this configuration you are effectively just using the LAN ports on the router as a dumb switch and completely bypassing the router's functionality. It's exactly the same as if you had plugged your clients directly into you complex's equipment.

 

[LighthammerX]

Check what IP addresses the clients are getting from the router. In particular their default gateway should be 192.168.1.1. How are you determining that the router has internet access?

As stated, the RT-N66U is running Merlin. I don't know if the default software package of the RT-N66U has the ability to run such tools, but with the Merlin Firmware update, it has all the basic DOS Network Commands. It is able to Netstat, Ping, IPConfig, Tracert and a few other such commands. All of these, in particular ping, are able to see a wide array of websites while it is hooked up through the WAN port.

I can't get any computers to see the internet or the network while hooked up through the LAN ports while the connection is setup through the WAN port and in Router mode.

I've gotten mixed messages from the various techs who work for the company that manages the technology on this site (remotely). They've suggested to me they have some technology in play that "blocks routers", but they've also contradicted themselves saying there is nothing stopping routers from connecting. I can't get them to be more clear on this topic :-\. I honestly feel as though they either have the thing juryrigged and don't understand it themselves or are purposely being vague for security reasons and/or lack of knowledge.

In this configuration you are effectively just using the LAN ports on the router as a dumb switch and completely bypassing the router's functionality. It's exactly the same as if you had plugged your clients directly into you complex's equipment.

In a normal situation, I absolutely understand and agree with these statements. The fact I am having these weird issues is exactly why I came here. I am running two "mission critical" PCs currently through a Linksys WRT58G, which I think many people can recognize as an ancient router, especially compared to the RT-N66U.

However, with the Merlin Firmware, you can configure LAN ports to be treated by WAN ports. I actually used the apartment complex's internet for load balancing / data cap balancing for quiet some time before they started monkeying around with it to "upgrade it". After the upgrade that occurred in January, the connection no longer worked for this purpose and I didn't really give it any additional thought because I didn't really need it.

I'm really having a problem getting a beat on the oddities of what they are doing with this network that is making the router not like a "normal" setup.

 

[Grisu]

did you ever try with enabled MAC-cloning?

 

[LighthammerX]

did you ever try with enabled MAC-cloning?

Yes. I can successfully get it on the network with various cloned macs, but it doesn't seem to have an effect on the setup.

Thanks for the suggestion.

 

[LighthammerX]

@ ColinTaylor / others

RE: LAN vs WAN ports

I had the idea to try using a dumb switch to give myself the ability to plug my complex's internet connection into both the LAN01 and WAN ports at the same time.

Basically, after some tinkering around, I discovered what one would normally expect to happen (particularly what Colin pointed out earlier):

While the computer will use whatever IP the DHCP assigns to the router the first time it sees it, upon reboot, the computer will take whatever IP address is assigned by the complex's DHCP thereafter.

Any sense that it was a viable solution to use an unconfigured LAN01 (or other LAN ports) was simply utilizing the router as a switch in the long run.

There is an oddity that I've noticed in messing around with these settings:

- Upon a fresh factory reset, the RT-N66U seems to properly let a computer onto the network until one goes through the initial setup process. The only things configured at this time are the Admin userid, admin password, wifi 2.4/5.0 networks and their passwords. Upon confirming these settings and the router reboots to save the settings, internet connectivity is lost on LAN01 - LAN04 (all the LAN ports).

---

I'm wondering if configuring LAN01 as a backup internet connection will provide any useful results. I plan to try that sometime tomorrow.

I do have an old 2 core ATOM based computer laying around. I'm considering installing WRT on it and see if I can get it to let me do what I need. I have yet to actually try this. Any insights or thoughts on this are welcomed.

---

Any other suggestions or questions about this situation are welcomed.

 

[ColinTaylor]

- Upon a fresh factory reset, the RT-N66U seems to properly let a computer onto the network until one goes through the initial setup process. The only things configured at this time are the Admin userid, admin password, wifi 2.4/5.0 networks and their passwords. Upon confirming these settings and the router reboots to save the settings, internet connectivity is lost on LAN01 - LAN04 (all the LAN ports).

At this point it would be useful to know what the network configuration is that has been picked up by the clients that can't reach the internet. i.e. the output of "ipconfig /all". It would always be helpful to see what the router says at System Log > Routing Table and LAN > DHCP Server.

 

[dave14305]

Are your clients' IPv4 settings all automatic (i.e. from DHCP)? Or do you have any static IPs, gateways, DNS servers configured from your old network design? As Colin said, it really requires concrete data to help isolate your issue at this point.

 

[LighthammerX]

Are your clients' IPv4 settings all automatic (i.e. from DHCP)? Or do you have any static IPs, gateways, DNS servers configured from your old network design? As Colin said, it really requires concrete data to help isolate your issue at this point.

All clients in my apartment are not using any special settings.

The RT-N66U, as of this moment, is all in default settings mode save setting the admin password and the names/passwords on the wifi.

I managed all network IP assignments, routing, port forwarding etc from the RT-N66U under my previous setup.

I will see about getting copies of logs when I have a little time to work on it today.

 

[LighthammerX]

What I think I need help with is how to properly setup a subnet while still having the network able to see the internet.

I don't really have any experience on this and the documentation I've found/read on it, isn't clear to me.

 

[ColinTaylor]

What I think I need help with is how to properly setup a subnet while still having the network able to see the internet.

I don't really have any experience on this and the documentation I've found/read on it, isn't clear to me.

That is the default out-of-the box configuration. So what you've currently got ought to work with no other changes. The mystery is why it doesn't after the first reboot. If you can provide the information mentioned earlier we should have a better idea where the problem is.

 

[LighthammerX]

That is the default out-of-the box configuration. So what you've currently got ought to work with no other changes. The mystery is why it doesn't after the first reboot. If you can provide the information mentioned earlier we should have a better idea where the problem is.

To be clear, it's not "out of box" configuration, it's running Merlin v380.70 Firmware:
https://sourceforge.net/projects/asuswrt-merlin/files/RT-N66U/Release/

I'm starting to wonder if I should try a different firmware. Been thinking about trying straight WRT or Tomato.

 

[LighthammerX]

Here's the current raw log

https://ln.sync.com/dl/a900b0840/9jrr3ykv-3ps9b27x-h3k6brn9-ue4hu93b

 

[ColinTaylor]

To be clear, it's not "out of box" configuration, it's running Merlin v380.70 Firmware:
https://sourceforge.net/projects/asuswrt-merlin/files/RT-N66U/Release/

Merlin is pretty much identical to stock Asus in this respect.

I'm starting to wonder if I should try a different firmware. Been thinking about trying straight WRT or Tomato.

I suggest you wait until we've collected the current information.