Two Identcal AX55 acting as Access Points on the same subnet
I have two identical WiFi Routers:
Firmware Version: 1.1.0 Build 20220428 rel.64552(4555)
Hardware Version: Archer AX55 v1.0
They are BOTH changed to work as Access Points using the WAN port to access the LAN.
The LAN is set to use static IPs 10.0.0.251 and 10.0.0.252 (255.255.255.0) and both Default Gateways are set to point to the FireWall LAN IP.
All WiFi SSIDs and settings including Smart Connect are identical for the two Access Points.
Since I'm running in Access Point mode on both devices no Mesh has been set up.
My problem is that one of the Access Points (...252) does not have Internet Access through the default Gateway. I can access both devices through wired WAN connections and I can ping 8.8.8.8 from the Web Interface on both routers! But only (...251) actually approves the Internet connection.
If I change the Default Gateway of troubled Access Point (...252) to point to the IP of the other to working Access Point (...251) by setting its Default Gateway to 10.0.0.251 - everything works.
Why is it so - it makes no sense to me?
Is there some kind of built-in intelligence when two identical TP-Link Access Points are located on the same subnet with identical WiFi parameters that forces them into some kind of automatic Mesh operation hereby creating one single WiFi net using joined radio coverage?
Best regards
zEnterHacker
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Whoohaa - someone might have coded the firmware for this device in a hurry (with some BOSS screaming that it had to be finished yesterday - LOL)
Is was a DNS problem - ie. the troubled device (...252) never received info about any DNS servers because it was turned into an Access Point before having actually been assigned any IP via the Default Gateway (Firewall/DHCP) so when I turned the (...251) into an Access Point it had already gotten info about a preferred DNS. This was not the case for the troubled device (...252) - so the "solution" (if you can call it that) was to turn ON the DHCP server and manually provide two DNS server IPs & Save the new setting - Go back turn the DHCP server to Auto & save the new setting - and at last Turn OFF the DHCP server & save the setting.
Now the Device has internet access via the normal and correct Default Gateway.
So - No one anticipated that a device working as an Access Point with static IP assignment needs to have an entry in the web interface that allows for setting up the DNS servers to use. I would say: "This is a major flaw and needs to be included in an up-coming version"
Having said that - it is still a un-clear to me why pointing the Default Gateway to the IP of the other working Access Point could provide the troubled Access Point with a valid DNS response that made it aprove the Internet Connection and allowed for DNS based PINGs of various public web servers????
The only reason I can think of is, that the (...252) is acting as gateway if receives DNS request on it WAN interface - however this is not exactly a job for an access point with disabled DHCP server!!!
Any comments are still welcome!!!
Best regards
zEnterHacker
- Copy Link
- Report Inappropriate Content
Whoohaa - someone might have coded the firmware for this device in a hurry (with some BOSS screaming that it had to be finished yesterday - LOL)
Is was a DNS problem - ie. the troubled device (...252) never received info about any DNS servers because it was turned into an Access Point before having actually been assigned any IP via the Default Gateway (Firewall/DHCP) so when I turned the (...251) into an Access Point it had already gotten info about a preferred DNS. This was not the case for the troubled device (...252) - so the "solution" (if you can call it that) was to turn ON the DHCP server and manually provide two DNS server IPs & Save the new setting - Go back turn the DHCP server to Auto & save the new setting - and at last Turn OFF the DHCP server & save the setting.
Now the Device has internet access via the normal and correct Default Gateway.
So - No one anticipated that a device working as an Access Point with static IP assignment needs to have an entry in the web interface that allows for setting up the DNS servers to use. I would say: "This is a major flaw and needs to be included in an up-coming version"
Having said that - it is still a un-clear to me why pointing the Default Gateway to the IP of the other working Access Point could provide the troubled Access Point with a valid DNS response that made it aprove the Internet Connection and allowed for DNS based PINGs of various public web servers????
The only reason I can think of is, that the (...252) is acting as gateway if receives DNS request on it WAN interface - however this is not exactly a job for an access point with disabled DHCP server!!!
Any comments are still welcome!!!
Best regards
zEnterHacker
- Copy Link
- Report Inappropriate Content
@zEnterHacker I have an AX1500 in Access Point mode, and it has a similar oddity. I have a static IP set on it, since in DHCP mode it renews constantly every 30 seconds or minute. But with a Static IP there's no way to set DNS servers. It seems to default to expecting the DNS server to be the same as the gateway/router IP. I have a DNS server enabled on the router, even though nothing else really needs it. So it works.
Actually, even with the AX1500 LAN settings set to Dynamic IP, it still won't allow you to set manual DNS servers when it's in AP mode (I tried). I think it's a bug.
- Copy Link
- Report Inappropriate Content
If AX1500 FW is similar to AX3000 (AX55) then you could try my solution.
I know it is not logical that the DNS servers keyed in under the DHCP server is used to retrieve IPs for URL address also when the DHCP server is inactive.
You might have misunderstood my solution the DHCP I'm NOT talking about the DHCP IP setting for the WAN port - I'm talking about the DHCP SERVER on the AX3000 used to deliver IP address to WiFi clients when they connect to the Router. This DHCP service should normally be turned OFF when acting as Access Point - since your main router should normally provide this DHCP service for all wired clients as well as WiFi clients. If you are forced to use multiple distributed DHCP servers you need to be sure they all use separate non overlapping IP scopes - or else two clients could end up with identical IP address.
If You set the LAN IP to retrieve it IP via DHCP then if your main router is acting correctly it should also provide DNS IPs when you AX1500 requests for its LAN IP.
However in your case - when you use a static IP for the AX#### LAN IP no DNS can be set manually - therefore my work-around:
1 Set DHCP SERVER ON and enter appropriate DNS servers (8.8.8.8 & 8.8.4.4).
2 Save the setting and reconnect to the WEB interface.
3 Set DHCP SERVER to AUTO. (this might not be required - but I cannot test this anymore - since this was what I did).
4 Save the setting and reconnect to the WEB interface.
5 Set DHCP to OFF.
6 Save the setting and reconnect to the WEB interface.
7 Make sure the LAN interface Default Gateway is pointing at your router IP (Gateway to "The World").
8 See if you can ping 8.8.8.8 from the web interface. - If yes IP routing to the Internet works
9 See if you can ping ibm.com from the web interface - If yes correct DNS request are handled by the Access Point.
Btw: When acting as Access Point I use the WAN RJ45 port on both my AX3000 Access Points to connect to my main LAN switch also connected to my main router (Gateway to "The World")
If I misunderstood what you mean in your reply - please just bear over with me :-)
Regards
zEnterHacker
- Copy Link
- Report Inappropriate Content
I'm curious about the network layout, how are the two AX55 connected to the ISP modem/router? What kind of modem/router do the two AX55 connect to? Are both AX55 configured as APs in the same way?
The feature why you can enable the DHCP server when the AX55 is working as an AP is called Smart DHCP, you may read this article to understand it better. Be aware that it won't change the DHCP or DNS settings in your network when it is configured as Auto, there is no need to disable it.
- Copy Link
- Report Inappropriate Content
Hi Kevin_Z,
Thanks for pointing to the "Smart DHCP" explanation - very informative!
However "Smart Things" are sometimes too smart for me - so to rule out any conflicts and/or any doubts as to whom is responsible for handing out IP addresses on my network I will keep the DHCP server on both my AX3000 APs disabled - in my world this is good practice (KISS - Keep It Simple ......).
You ask for my network topology - it is very simple and very common and therefore no secret:
300/300 Fiber line bridge
|
| (wired WAN: Public IP DHCP from ISP)
|
Main Router/NAT/VPN firewall/DHCP server - (LAN: Static IP1 subnet 255.255.255.0)
|
| (LAN: wired)
|
Main 1GB 24 port switch (Unmanaged) --wired-- NAS servers, Printers etc.
| |
| | (wired)
| |
| AX3000 WiFi AP - (LAN: Static IP2 subnet 255.255.255.0)
|
| (wired)
|
AX3000 WiFi AP - (LAN: Static IP3 subnet 255.255.255.0)
I have no local DNS servers in my network and the two AX3000 (AX55) has been setup COMPLETELY IDENTICAL in all aspects including (WiFi SSIDs/WPA2-PSK etc. so they form one single uniform WiFi network with increased coverage because the APs are physically located in distant strategic locations on my premises. The ONLY configuration difference is of course that the Static LAN IP are not the same for the two APs :-)
As can be seen on the "drawing" above it is NOT a MESH configuration since all APs are WAN port connected to the main switch by wired RJ45 cables - this frees up all 4 RJ45 1GB ports on both APs.
WARNING: Turning the AX3000 into an Access Point also means that the built-in Firewall is completely disabled - so NEVER connect any port of an Access Point directly to the internet - You need a real firewall as the last device before the Internet in order to isolate you trusted LAN network from the "Russians" ;-)
I hope this was what you were asking for :-)
EDIT: Argh! - Sorry Kevin_Z - I see now that you are an expert related to the community - I apologize for maybe having "over-explained" things a little - sorry!
Regards
zEnterHacker
- Copy Link
- Report Inappropriate Content
@zEnterHacker Thanks, I had misunderstood at first and I was looking at the LAN settings (where you'd expect to set the DNS servers). I tried setting the DHCP server to "on" and then manually inputting the DNS servers there, saving it, and then turning DHCP server back "off." Then I rebooted. My (local) DNS servers are still getting requests from the AX1500 forwarded through the main gateway/router instead of receiving them directly, though. So it didn't work for me.
- Copy Link
- Report Inappropriate Content
It is not quite clear to me what your problem is? My AX3000 checks the WAN internet connection (going through my Main Router/Firewall) by sending out DNS request (to ex. 8.8.8.8) every 15 sec to a lot of well known public domains. And I guess it will do that by using what ever DNS server IP (8.8.8.8) stored inside the AX3000. If the AX3000 does not have any info about where to get an IP address it will report the internet connection as BAD (No checkmark) in the WEB interface. When your clients connect via WiFi your local DHCP server / Main Firewall/Router will be responsible for handing out both a client IP address and the DNS server IPs to be used by the client - the access point normally has nothing to do with that. IMHO - when the DHCP server is turned OFF in the AP the previous DHCP DNS server setting in the AP only serves to validate its WAN connection and to allow for TP-Link firmware update checks. To sum up: The router constantly checks the WAN connection via DNS request to various known domains on the internet. My "work-around" only allows the router it-self to access the internet via the normal DNS request - it does not influence any WiFi client aspects since i turned OFF the built-in DHCP server. If you have a local DNS server located on your LAN relaying/caching DNS request to public DNS servers (8.8.8.8) then I would suspect that you would like all your clients (Wired & WiFi & AX1500) to use that local relaying DNS server - and you claim that this is what is happening??? When You tried my so-called "Fix" did You type in your Local DNS server IP (192.168.1.127) or a public DNS server IP (8.8.8.8). Regards zEnterHacker
- Copy Link
- Report Inappropriate Content
@zEnterHacker When I tried, I used my local dns servers (192.168.3.2, 192.168.3.3). If the AX1500 LAN setting is set to use Dynamic IP, it's no problem. It gets the DNS servers from the router's DHCP server, as expected.
The problem only arises when the LAN setting is set to Static IP. There is no place to enter the DNS servers in the Static IP settings. Instead, something seems to be hard-coded in the TP-Link firmware to use the Default Gateway as the DNS server instead of allowing you to enter them.
Normally, I'd leave the LAN setting to use Dynamic IP, but in case of the TP-Link, it causes the DHCP lease to be renewed every 30 seconds or so, flooding the DHCP server with renewal requests, which is not desirable. That's the only reason I've set it to use a Static IP. So a work-around to fix one problem, creates others.
- Copy Link
- Report Inappropriate Content
Hmm that makes good sense.
BUT - Just tried an official TP-Link emulator.
Google search: tp-link ax1500 emulator and then click on link to TP-Link Emulators. Login pass1234 and then change the Internet Connection Type to Static
- then at least in normal Router Mode you can type in preferred DNS server IPs.
I cannot reconnect to the emulator after changing mode to Access Point - but You could try to switch your AX1500 to standard route (make sure you un the latest firmware) then change the Internet to Static + key in preferred DNS server. After reboot - switch back to AP mode and see if it remembers you preferred DNS servers
I don't know if changing WAN to static in normal Router mode and then switch to AP mode will make the device remember previously manual entered DNS IPs.
Good luck!!
zEnterHacker
- Copy Link
- Report Inappropriate Content
@zEnterHacker Thanks. At this point, I'm not sure it's worth messing with. The real solution would be for TP-Link to fix the bugs in their firmware.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1454
Replies: 10
Voters 0
No one has voted for it yet.