FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
577 views 14 comments
by anonymous

Hello, 

My RUTX10 doesn't seem to be issuing my devices (specifically iOS devices) IP addresses using DHCP connected to an unmanaged switch to a Wireless LAN via 2 x GWN APs which both have static IP addresses.

I have done a Factory Reset and upgraded the Firmware to RUTX_R_00.07.04.1

Please let me know what else may help?

Kind regards

Adam

2 Answers

0 votes
by anonymous

Hello DaumantasG,,

Pretty sure I've fixed the issue, No more LAN on the WAN port.

So far all IP addresses are Issued straight away and in the LAN IP Pool. 

 I'm also connected to my ISP with DHCP and MAC ID is there now.

  1. Factory Reset the RUTX10, Change Mode From Basic -> Advanced (top Right)
  2. Network > VLAN > Add > WAN port = 'Tagged' >VLAN ID Set = 10. (I also SET the VLAN ID 1 & 2 WAN ports to 'Off'). Leave VLAN ID 1 - LAN1, LAN2 & LAN3 as 'Untagged' > Save and Apply.
  3. Network > Interface > General > WAN > PHYSICAL SETTING > Interface  change to 'eth1.10' > save and apply.
  4. That's It, I left all the Interface LAN settings as ‘Default’ i.e Physical Setting > Bridge Interface = Set to ‘On’  and Interface = Set ‘eth0’.

Kind Regards

Adam 

Best answer
0 votes
by anonymous

Hello,

  

From the troubleshoot file, it seems like the device with MAC address xx:xx:xx:xx:e4:6d is receiving DHCP offers from a different DHCP server, and the RUTX10 responds with DHCPNAK and wrong server-ID.

In your DHCP lease list I noticed the device Orbi-Satellite with MAC address xx:xx:xx:xx:xx:99:a8. From a quick Google search, this seems to be a WiFi range extender/router. Could you make sure it's DHCP server feature is disabled? Since it seems like it is conflicting with RUTX10 DHCP server. Also, make sure the access points are set to "dumb AP" mode.

If that does not help, I would like you to navigate to System → Administration → Troubleshoot, and enable the TCP dump option. Select the interface as br-lan, and press Save & Apply. Then, replicate the issue by trying to connect to the AP. After a few failed attempts, in the Troubleshoot menu, press the Download TCP dump file button, and attach the generated file to the original post. Thank you.

  

Best regards,
DaumantasG

by anonymous

Hello DaumantasG,

Thanks for your email,

sorry about the late response, I'm still having issues. I have attached the files requested to the original post.

Could it be the firewall? I noticed on WIreshark there was a IPv6 Address that kept coming back to the iOS device. but there's nothing on the network apart from the RUTX10 and I have the IPv6 was disabled.

I have made a Simple Topology:

Router > Switch > AP > iOS Device

Kind Regards

Adam

by anonymous

Hello,

Even from the TCPdump it seems like the Apple device is for some reason requesting an IP address from 101.xxx.xxx.xxx (if you have experience working with Wireshark, the .pcap file can be opened there and analyzed). Could you attach a screenshot of what the Apple device is showing in the network setting when connecting to the RUTX10?

Best regards,
DaumantasG

by anonymous

Hi DaumantasG,

Thanks, I don't have a great deal of experience with Wireshark unfortunately.

It could be a coincidence but I took the Security 'Off' after seeing your message from both RUTX10 native Wireless 2.4Ghz and 5Ghz and the Apple device connected but with completely different IP Range like you found in your discovery, I'm really confused. I attached the screen shots you requested  to the original message (1 of them is after it connected).

I'm connected via the Orbi AP -> RUTX10 and I've got the range in the Teltonika RUTX10 as 192.168.1.100 -> 150 and the apple iPad has taken an address of 100.64.177.73, Subnet 255.255.192.0. ??? 

Previous to this I have had success with other apple devices by allocating a 'Static Lease' to an IP address and going into the device and turning 'Off' Private Wi-Fi Address to that SSID. Then changing Configure IP -> Bootp. 

I Re-introduced the security Network > Wireless > WIFI 2.4GHZ > WIRELESS SECURITY > Encryption. I went from No Encryption > WPA2-PSK and I lost my iPad connection again with SSID. Something here is stopping the connection from going through I believe.

Kind Regards

Adam

by anonymous
The issue seems to be, that the Apple devices see the router as having an IP address 100.64.128.1, which is in the CGNAT range of your carrier. I can see, that you have a disabled PPP link configured on the WAN port, could you try deleting it, and deleting the created VLAN? It may be causing some issues. If that does not help, I will ask you to factory reset the RUTX10. Perhaps there is some firewall rule missing.

If that does not help, could you set a static IP on the Apple device in the RUTX10 LAN range and check if everything communicates properly?

  

Best regards,
DaumantasG
by anonymous

Hello DaumantasG,

Thanks for your message,

That's is interesting - yes it does look to be getting a IP address out of the CGNAT range, I had 2 x iOS devices on there randomly at one time using DHCP with IP addresses 100.64.x.x.

I did everything you suggested, except for deleting the VLAN with VLAN ID 10 as I need this for the ISP. 

The last thing I tried was setting a Static IP, Subnet Mask and Router e.g. 192.168.1.18, 255.255.255.0, 192.168.1.1 and it connects but had no internet until I changed the DNS Setting from Automatic -> Manual. Under DNS Servers  > Gateway IP address e.g 192.168.1.1

All connected now but it's not great having to manually set IP addresses for iOS devices, I hope Teltonika can come up with a fix.

Kind Regards

Adam

by anonymous

Hello,

  

I did not intend my last message to be a solution, only a troubleshooting step.

As many of our customers are using Apple devices with our routers, something else seems to be causing the issues in your network.

Since the devices try to get an IP in the CGNAT range, I will ask you to temporarily disconnect the ONT and check how the devices behave then. They might have some difficulty connecting, as there will be no internet available, but to figure out if they are causing the issue, this could be useful (make sure to remove the static IPs!). Let me know how this test goes.

  

Best regards,
DaumantasG

by anonymous

Hello DaumantasG,

Ok, thank you.

I carried out your request and after I disconnected the ONT, the iOS device connected and got issued an IP within the LAN range e.g 192.168.1.xxx.

Afterwards I Re-connected ONT and devices are back to CGNAT Range.

That's interesting, so they are causing the issue? has that got something to do with our Firewall settings? 

Kind Regards

Adam

by anonymous

I'm not sure why this could be happening, and only on Apple devices.

However, to overcome this, we could try using a firewall rule to block any DHCP requests from LAN from being forwarded to WAN. 

Navigate to Network → Firewall → Traffic Rules, and create a forwarding rule like this:

This should not affect the DHCP service, which assigns the IP address to the router itself, as we are only blocking the requests from the LAN zone, while the router itself is in the Input zone. Let me know if it helps!

  

Best regards,
DaumantasG

by anonymous

Thanks DaumantasG,

Unfortunately I carried out your instructions with the Firewall rule and the iPad is connected but has a CGNAT IP address. I tried forgetting the network and toggling the Wi-fi OFF and ON again but Its still got a 100.64.xxx.xx IP address. Other iOS devices won't connect at all.

I have a RUT240 and I tried this on my network connecting to the WAN from the ONT and it seems to be working and issuing IP Addresses correctly and promptly. I have noticed during the setup of the WAN on the RUT240 that I may have had the incorrect settings for ISP in the RUTX10. I found that the RUT240 connected to my ISP with DHCP (NOT PPPoe).

Here are my ISP recommended settings:

  • WAN Connection Type: DHCP (Automatic IP/Dynamic IP/IP over Ethernet)
  • 802.1Q: Enabled
  • VLAN ID (802.1Q): 10
  • 802.1P (Priority): 0
  • IP Version: IPv4 or IPv6
  • MTU Size: 1492 or 1500
  • NAT: Enabled
  • NAT: Enabled


I went back to RUTX10  and did a Factory RESET which was on my desk and replicated the WAN setting for my ISP, setting up the DHCP but it didn't initially work until Under the WAN settings >Physical settings, I toggled the 'Bridge Interface' from Off > ON  and then the router connected to the internet. I then disconnected the RUTX10 from my desk and placed it back into my Network, RUTX10 WAN stopped working. I then went back Under the WAN settings >Physical settings, I toggled the 'Bridge Interface' from On > Off  and then the router connected to the internet. ??? However unfortunately the iOS devices didn't all connect back to Wifi and I've had to enter in Manual IP addresses and DNS -> e.g. 8.8.8.8 to get those devices going. I re-instated the firewall rule you suggested afterwards but some devices still wont connect.

 After several hours of the RUTX10 working on DHCP on the WAN it stopped working, I had re-enable the PPPoe connection to get the WAN connection going again.

I have heard back from my Teltonika Supplier and they have said today 27/4/23 there are known issues with iOS devices connecting to WiFi due to the iOS policy to do with wireless security. They have similar issues with a RUTX11, some are connecting ok and some are not. They think it might be due to the iOS devices thinking that the wireless is insecure.

Kind Regards

Adam

by anonymous
Hello,

  

The supplier is most likely referring to the encryption algorithms, as up to v7.4, both TKIP and CCMP ciphers were used. however, now by default only CCMP is used, which is more secure, thus it should not be causing any issues with Apple devices.

As for the firewall rule, let's try changing it to only block destination ports 67 and 68. Remove the source port block and save the rule. Reboot the router and check if the Apple devices are still experiencing issues.

  

Best regards,
DaumantasG
by anonymous

Hello DaumantasG.

thanks for the message,

I've tried your new suggested firewall settings and it didn't work unfortunately. Also in the the picture what are the 'mob1s1a1' and 'mob1s2a1' in my WAN?

i spoke to my ISP provider and they said that there was multiple MAC Addresses Seeking Authentication on their end from our end. They sent me a whole heap of my LAN devices MAC IDs requesting Authentication on their end. They asked if I had bridging 'On'.

After the phone call with ISP I checked Interfaces  > LAN >Physical Settings, 'Bridge Interface' is 'ON'. Should I turn it 'Off'??? 

or what else could be letting LAN devices go around the Firewall?




Kind Regards

Adam

by anonymous

Hello,

  

It seems like I did not notice your network configuration issues. The Interface in the physical settings of the LAN interface should be eth0 and Bridge interfaces should be enabled.

For the WAN settings, open the WAN interface, change the protocol to PPPoE, enter the credentials, and in the advanced settings specify the VLAN tag ID. In the physical settings, bridge interfaces option should be disabled, and as the interface, eth1 should be selected.

The way you have configured it now, you are directly bridging the WAN and LAN interfaces (as your ISP told you).

As for the mob1s1a1 and mob1s2a1 interfaces, these are the mobile interfaces, but they should be hidden in the RUTX10. I will report it to our RnD department, however, it should not affect the functionality of the device.

Let me know how it goes!

  

Best regards,
DaumantasG

by anonymous

Hello DaumantasG,

No those credentials you suggested do not allow to connect to ISP at all, I tried using the VLAN tag in Advanced Setting but it didn't seem to do anything?

In the WAN I used In the physical settings, bridge interface  disabled, and as the interface, eth1.10 VLAN 10 - Tagged on WAN. This config connects to the ISP but the MAC ID is not there, so I think it's the same problem.

In the LAN I used In the physical settings, bridge interface  enabled, and as the interface, eth0.10 VLAN 10 - untagged on LAN but stil No Connectivity.

Kind Regards

Adam

by anonymous

Hello DaumantasG,,

Pretty sure I've fixed the issue, No more LAN on the WAN port.

So far all IP addresses are Issued straight away and in the LAN IP Pool. 

 I'm also connected to my ISP with DHCP and MAC ID is there now.

  1. Factory Reset the RUTX10, Change Mode From Basic -> Advanced (top Right)
  2. Network > VLAN > Add > WAN port = 'Tagged' >VLAN ID Set = 10. (I also SET the VLAN ID 1 & 2 WAN ports to 'Off'). Leave VLAN ID 1 - LAN1, LAN2 & LAN3 as 'Untagged' > Save and Apply.
  3. Network > Interface > General > WAN > PHYSICAL SETTING > Interface  change to 'eth1.10' > save and apply.
  4. That's It, I left all the Interface LAN settings as ‘Default’ i.e Physical Setting > Bridge Interface = Set to ‘On’  and Interface = Set ‘eth0’.

Kind Regards

Adam