AX6000 False "Poor Network" / Red LED on PPPoE + CGNAT (India FTTH) - Internet Works Perfectly
The Problem
Internet works perfectly on all 13 client devices (WiFi + LAN). Full 100Mbps speed. Zero drops. Gaming, streaming, 4K all work fine.
But the router constantly reports "Poor Network" or "No Internet" with a red LED. Tether app intermittently shows Online/Offline cycling. Firmware OTA updates fail.
The pattern:
- Devices idle → Red LED → "Poor Network" but Internet is working perfectly, even though the LED stays RED
- Heavy traffic (4K stream, large download) → Blue LED → "Connected."
- Returns to red after traffic subsides
- When an LED is RED router cannot check for updates or do speed test.
Diagnosis I've Done
Pinged devs.tplinkcloud.com (the router's cloud check endpoint) directly from my Mac:
145 packets transmitted, 0 received, 100% packet loss
Then ran curl to the same endpoint:
Connected → TLS handshake successful → SSL cert verified → Empty reply from server
Conclusion: devs.tplinkcloud.com / prd-elb-connector-aps1.tplinkcloud.com is reachable at the network level but returns an empty response to anything that isn't a proper TP-Link device protocol handshake. The router interprets this empty response as "no internet."
Traceroute confirmed full path to Singapore AWS servers (where TP-Link cloud is hosted). The server receives the connection and closes it — it's not a routing problem.
ISP gateway 10.0.159.1 is reachable with 0% packet loss at 4ms. PPPoE session is stable. WAN IP assigned correctly.
What I've Already Tried
- MAC cloning (resolved initial PPPoE auth)
- MTU set to 1492 (correct for PPPoE)
- DNS — ISP DNS working, Google/Cloudflare breaks connection (ISP uses transparent DNS interception)
- Connection Mode changed to Always On
- Manual firmware update (OTA fails due to this same issue)
- Factory reset 10+ times.
- Reboot sequences
- SSH — port 22 refused (disabled in firmware)
- Telnet — not available on this firmware build
- Continuous ping keepalive to ISP gateway — insufficient, ISP appears to require actual TCP/UDP payload traffic to maintain session routing
Root Cause (My Assessment)
Two compounding issues:
- TP-Link cloud check endpoint (
devs.tplinkcloud.com) rejects non-device HTTP traffic with an empty response, causing the router to falsely report no internet - ISP CGNAT + traffic-triggered session routing — the PPPoE session stays alive at LCP level but ISP routing only activates with sufficient traffic load, meaning router-originated lightweight checks fail during idle periods
The router firmware was designed assuming a standard public IP environment. On Indian FTTH with CGNAT, the cloud check architecture breaks down completely.
What I'm Asking
- Is there a hidden setting or config file parameter to change the internet detection target IP from
devs.tplinkcloud.comto a custom IP (e.g., ISP gateway)? - Can SSH/Telnet access be enabled via the web UI or a firmware flag to allow manual nvram edits?
- Will a future firmware update address CGNAT compatibility for the internet detection check?
- Is this a known issue for Indian ISP users on this firmware version?
Note - This is not an internet connectivity problem. It is a router self-diagnostic failure caused by cloud endpoint behavior + CGNAT environment. Please do not suggest factory reset or PPPoE credential checks.
