I have a wrt1900acs(wan) with a wired connection to a wrt1900ac(dumb ap, dnsmasq,firewall off, not using wireless). It was working fine until recently. I was running a snapshot(acs, over a month on same one), then suddenly problems. I tried a newer snapshot and going to 21.02.5 with fresh config. This is occuring on ethernet and wifi. If a set a static address on the client it has connectivity with both wire and wireless. Eventually an address will be assigned but can be tens of minutes. dhcp is mostly stock with some static leases and lan on 192.168.2.0/24. Clients affected are iOS, iPadOS, macOS and Linux(x86 and arm). Devices that have static leases seem to connect faster/closer to normal.
Without configs, it's not possible to even guess what might be wrong.
You said that hte problem happens both on wired and wireless connections. In the case of wired, is that true when you directly connect to the main router (the ACS) and also when you connect directly to the dumb AP (AC) devices?
Let's start with the main router config (ACS):
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
option domainneeded '1'
option localise_queries '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option rebind_protection '1'
option rebind_localhost '1'
list rebind_domain 'jonathan-isom.net'
list rebind_domain 'www.jonathan-isom.net'
option logdhcp '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option force '1'
option leasetime '14d'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option name
option dns '1'
option mac
option ip '192.168.2.100'
config host
option name
option dns '1'
option mac
option ip '192.168.2.185'
config host
option name
option dns '1'
option mac
option ip '192.168.2.184'
config host
option name
option ip '192.168.2.125'
option mac
config host
option name
option dns '1'
option mac
option ip '192.168.2.105'
config host
option name
option dns '1'
option mac
option ip '192.168.2.209'
config host
option name
option dns '1'
option mac
option ip '192.168.2.107'
config host
option name
option dns '1'
option mac
option ip '192.168.2.201'
config host
option name
option dns '1'
option ip '192.168.2.114'
option mac
config host
option name
option dns '1'
option mac
option ip '192.168.2.229'
config host
option name
option dns '1'
option mac
option ip '192.168.2.169'
config host
option name
option dns '1'
option mac
option ip '192.168.2.166'
config host
option name
option dns '1'
option mac
option ip '192.168.2.183'
config host
option name
option dns '1'
option mac
option ip '192.168.2.223'
firewall ( firewall.user empty)
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
option forward 'ACCEPT'
config zone 'lan'
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list device 'tun+'
config zone 'wan'
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
config redirect
option target 'DNAT'
option name 'http'
option src 'wan'
option src_dport '80'
option dest 'lan'
option dest_ip '192.168.2.201'
option dest_port '88'
config redirect
option target 'DNAT'
option name 'https'
option src 'wan'
option src_dport '443'
option dest 'lan'
option dest_ip '192.168.2.201'
option dest_port '443'
config redirect
option target 'DNAT'
option name 'ssh'
option src 'wan'
option src_dport '22'
option dest 'lan'
option dest_ip '192.168.2.201'
option dest_port '22'
config redirect
option target 'DNAT'
option name 'imaps'
option src 'wan'
option src_dport '993'
option dest 'lan'
option dest_ip '192.168.2.201'
option dest_port '993'
config redirect
option target 'DNAT'
option name 'imap'
option src 'wan'
option src_dport '143'
option dest 'lan'
option dest_ip '192.168.2.201'
option dest_port '143'
config rule 'ovpn'
option name 'Allow-OpenVPN'
option src 'wan'
option dest_port '1194'
option proto 'udp'
option target 'ACCEPT'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Smtp'
option src 'wan'
option src_dport '25'
option dest_ip '192.168.2.201'
option dest_port '25'
Here is the connection log from my ipad trying to connect. By default iPadOS has "private wi-fi address" on, so it was requesting a new lease with a different mac address.
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 available DHCP range: 192.168.2.100 -- 192.168.2.249
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 DHCPDISCOVER(br-lan) e2:63:35:a5:f3:5b
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 tags: lan, known, br-lan
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 DHCPOFFER(br-lan) 192.168.2.107 e2:63:35:a5:f3:5b
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 requested options: 1:netmask, 121:classless-static-route, 3:router,
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 requested options: 6:dns-server, 15:domain-name, 108, 114, 119:domain-search,
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 requested options: 252
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 next server: 192.168.2.1
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size: 1 option: 53 message-type 2
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size: 4 option: 54 server-identifier 192.168.2.1
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size: 4 option: 51 lease-time 14d
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size: 4 option: 58 T1 7d
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size: 4 option: 59 T2 12d6h
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size: 4 option: 1 netmask 255.255.255.0
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size: 4 option: 28 broadcast 192.168.2.255
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size: 4 option: 3 router 192.168.2.1
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size: 4 option: 6 dns-server 192.168.2.1
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size: 3 option: 15 domain-name lan
Wed Mar 22 16:52:25 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 available DHCP range: 192.168.2.100 -- 192.168.2.249
I tried a plugging in a computer with the line from the dumb-ap and it connected instantly. So my impression is it is eating the packets for some reason.
I just burned down the config with firstboot, installed the same 21.02.5 version I have on the acs as there is not currently a 22 version for these devices and set it back up frest. I am going to see how this works out and go from there. I have tested a couple devices that didn't have leases and they connected normally.
Hopefully I won't have to come back to this thread.
Yeah... I suspect something was wrong with the config on the dumb AP... since you reset, we probably won't be able to identify what might have been going on, but if your problem does indeed get resolved, that's great. Keep us posted.