Posted: Thu Mar 06, 2014 0:44 Post subject: LAN ports isolated, DNS not resolving
Hi all-
First time using DD-WRT on a primary router! But unfortunately I am having issues right off the bat.
I have a Asus RT-N66U. Flashed DD-WRT v24-21676 (one of the K3.X Broadcom Builds), everything seems to have gone fine. I setup my static WAN ip address, DNS, etc. and all seems to be fine, however all the LAN ports are isolated from each other and no computers can get out to the internet.
The weird thing is that I called Charter (cable internet co.) and they told me they see internet traffic from the router! Checked the status page in DD-WRT and it said WAN connection was up.
I have Windows Server 2008 running DNS and DHCP so I disabled DHCP on the router. (same setup with old router that had stock Linksys firmware).
So, this is what the issues are:
-no computers can connect to the internet
-DNS requests cannot be resolved
-LAN ports isolated from each other and Wireless
Swapping out the new router with the old (the one with stock Linksys firmware) fixes the problems instantly.
All devices are getting an valid IP; however the router does not handle DHCP- it is more like a firewall than anything. A Windows Server 2008 R2 machine handles DHCP, DNS, etc.
Then we at least know all the LAN ports are communicating over ethernet w/ the same DHCP server
Well, we don't really know that. I am actually not sure if devices on other lan ports are getting IP addresses. I just know devices connected to the same switch that is connected to the router are getting valid IP's.
eibgrad wrote:
And you’ve configured the DHCP server to return the router’s IP as the default gateway?
Yes.
eibgrad wrote:
If you telnet/ssh into the router, can you ping an internet address by name? By IP?
This sure sounds like a DNS problem where something (like the Server 2008 box) or the router are not configured correctly.
Can you describe how your network is setup. I assume it is something like:
modem/demarc
|
|
V
Asus RT-N66U (with Static WAN setup from ISP)
|
|
V
some type of unmanaged switch
|
|
V
Server 2008 (handling DNS/DHCP) plugged into switch along with all other client computers.
Is that right?
A few other questions.
- When the clients connect and get an IP address can they ping the Server 2008 box's IP? Not hostname but IP.
- Can they ping the Asus RT-N66U via IP?
- On the DD-WRT setup page what settings do you have under the Router IP for "Gateway" and "Local DNS". Is it setup with the IP of your 2008 Server?
- Also in the Setup page Under "Network Address Server Settings (DHCP)" did you disable the DHCP Server or choose the drop down for DHCP Forwarder?
- Lastly, when you hook everything up can you connect to the Internet on your 2008 Server? Hate to ask you to do this but if you hook all that up and reboot the Server, can you still get out to the Web? Sorry to ask you to reboot a Server 2008 box. I know it takes a while and it's an inconvenience.
- Almost forgot, one more thing. When you quickly swap out the Asus for the Linksys have you set up the exact same IP address for the Router IP? Maybe your pointing DNS requests to your old Router IP on your Server 2008 box so when you put in that new Asus with a different IP it breaks.
This sure sounds like a DNS problem where something (like the Server 2008 box) or the router are not configured correctly.
Can you describe how your network is setup. I assume it is something like:
modem/demarc
|
|
V
Asus RT-N66U (with Static WAN setup from ISP)
|
|
V
some type of unmanaged switch
|
|
V
Server 2008 (handling DNS/DHCP) plugged into switch along with all other client computers.
Is that right?
A few other questions.
- When the clients connect and get an IP address can they ping the Server 2008 box's IP? Not hostname but IP.
- Can they ping the Asus RT-N66U via IP?
- On the DD-WRT setup page what settings do you have under the Router IP for "Gateway" and "Local DNS". Is it setup with the IP of your 2008 Server?
- Also in the Setup page Under "Network Address Server Settings (DHCP)" did you disable the DHCP Server or choose the drop down for DHCP Forwarder?
- Lastly, when you hook everything up can you connect to the Internet on your 2008 Server? Hate to ask you to do this but if you hook all that up and reboot the Server, can you still get out to the Web? Sorry to ask you to reboot a Server 2008 box. I know it takes a while and it's an inconvenience.
- Almost forgot, one more thing. When you quickly swap out the Asus for the Linksys have you set up the exact same IP address for the Router IP? Maybe your pointing DNS requests to your old Router IP on your Server 2008 box so when you put in that new Asus with a different IP it breaks.
Yes, I think it's a DNS problem too. The Win7 network connectivity troubleshooter says that there is an issue with the DNS server as well. EDIT: It says DNS server not responding!
Yes- my network is setup just as you described it.
-Clients can ping the Server 2008 box.
-Clients can ping the Asus RT-N66U at 192.168.1.1
-On the DD-WRT setup page I have it setup as you described
-I did disable DHCP and also tried forwarding DHCP to the Windows Server box, still no internet connectivity
-I cannot connect to the internet on the 2008 server. I tried rebooting it yesterday and it didn't help.
-The new router has the same IP as the old one (192.168.1.1).
Also, after using telnet to get into the router and attempting to ping IP addresses returns things such as "PING 216.239.51.99 (216.239.51.99): 56 data bytes". Pinging domain names does not do anything...
Still no internet with the new router......
But thank you for the troubleshooting ideas, 80sguitartist.
Alright then, just to make absolutely sure it is a DNS problem here are a few more things to test. They won't "fix" the issue but will definitely isolate it.
Try this:
1. Go to one of the workstations and manually assign the DNS settings in the workstations NIC. Use 208.67.222.222 for the Primary and then use 208.67.220.220 for the Secondary. You shouldn't need a static IP just static DNS. Those Server's are OpenDNS servers and should work.
2. After you get the DNS servers on the Workstation changed, reboot the workstation.
3. Log back in, it may take a while to log in (up to 2 minutes). This is because the workstation cannot find the Active Directory Server because you just changed the DNS to point to someplace else besides your Server 08 box.
4. After it finally shows the Desktop. Try to get on the Web. I bet you can.
5. If this is the case and the web pulls up, it is 100% a problem with DNS. The Server can't find it's way out to the web so neither can the workstations. By changing the workstation's DNS it can now resolve websites.
Now, how familiar are you with Server 2008? Is it Server 2008 or Small Business Server 2008? My initial guess is that you may be pointing DNS to itself and since it can't resolve how to get out to the Internet, none of your clients can either. I pretty much loath Windows DHCP/DNS stuff now and rarely install Windows Server's for that reason. Of course with Active Directory it's tough to get it working properly without having the Server run DHCP/DNS otherwise you have a lot of login timeouts and Group Policy errors.
This also may be opening another can of worms but if you had the time to devote to it I would start changing some roles on that Server 2008 box. I would have the DD-WRT router handle DHCP and DNS. You can set it up in such a way where everything works BUT when you reboot the Server everyone can still get out to the Internet. How many times have you had to reboot that Server and told everyone "Alright, everyone log out. I have to reboot the Server". Someone inevitably asks, "Can we still get on the Internet?". Of course, the answer is "No!". If you changed the DHCP/DNS roles around and let the Router handle that, the answer would be "Yes, you can still get on the Internet." Also, when configuring stuff like multiple wireless SSID's that stuff is easier too. Port Forwarding is also easier if you need that. There is a long list why I don't let Server's handle DHCP/DNS and that's just the beginning. Let the router do it, it's better at that job especially when it's got DD-WRT on it.
Sorry for the late reply, I have been quite busy lately.
So I finally got around to trying to change the DNS settings on one of our computers to the ones you gave me... after restarting the computer and logging on I still can't access the internet.
After checking the DD-WRT control panel, I noticed something weird. There is nothing listed for the WAN mac and there is no WAN activity. Shouldn't there be at least something showing for WAN activity as the router should be trying to connect?
Ok- good news, I resolved the issue and we can connect to the internet fine now!
Edit: The issue was that DD-WRT was not detecting the WAN mac. Manually assigning it fixed the issue.
First issue "erase nvram" via telnet into the router.
Then navigate to Administration>>Commands tab in your DD-WRT control panel and run the following command:
Code:
nvram set et0macaddr=00:11:22:33:44:55
nvram commit
(Replacing 00:11:22:33:44:55 with the MAC that is located on the sticker that's on the bottom of the router)
Then Click Run...Save Startup... and power cycle the router.
Last edited by samh on Mon Mar 31, 2014 1:56; edited 2 times in total
Sorry I didn't see your post till a little later samh. While I'm glad you got it fixed the problem is most likely due to not waiting long enough. What I mean by that is with a lot of ISPs (especially cable ISPs) the device that you have connected to the modem is seen by them and its MAC address. Often you cannot quickly unplug an existing device and then replace it with something else. It's best to wait 15-30 minutes in between. Also, it's best to unplug the modem (and any battery backups within it) for at least 15 minutes and then power it back up. Then the unit will usually connect to a device with a new MAC address. By "cloning" the MAC address of the old router you simply worked around that issue. So in the future when you want to switch out a routing device like that you need to unplug the modem and wait at least 15 minutes. I've seen it take as long as 30 before.
Sorry I didn't see your post till a little later samh. While I'm glad you got it fixed the problem is most likely due to not waiting long enough. What I mean by that is with a lot of ISPs (especially cable ISPs) the device that you have connected to the modem is seen by them and its MAC address. Often you cannot quickly unplug an existing device and then replace it with something else. It's best to wait 15-30 minutes in between. Also, it's best to unplug the modem (and any battery backups within it) for at least 15 minutes and then power it back up. Then the unit will usually connect to a device with a new MAC address. By "cloning" the MAC address of the old router you simply worked around that issue. So in the future when you want to switch out a routing device like that you need to unplug the modem and wait at least 15 minutes. I've seen it take as long as 30 before.
Well, just wanted to say thank you for the great tips and troubleshooting steps you shared with me. They were very helpful in determining the problem and I'm sure I'll be using them in the future.
