Router very slow to give dhcp leases

I have a wrt1900acs(wan) with a wired connection to a wrt1900ac(dumb ap, dnsmasq,firewall off, not using wireless). It was working fine until recently. I was running a snapshot(acs, over a month on same one), then suddenly problems. I tried a newer snapshot and going to 21.02.5 with fresh config. This is occuring on ethernet and wifi. If a set a static address on the client it has connectivity with both wire and wireless. Eventually an address will be assigned but can be tens of minutes. dhcp is mostly stock with some static leases and lan on 192.168.2.0/24. Clients affected are iOS, iPadOS, macOS and Linux(x86 and arm). Devices that have static leases seem to connect faster/closer to normal.

Any ideas on what might be going on?

Without configs, it's not possible to even guess what might be wrong.

You said that hte problem happens both on wired and wireless connections. In the case of wired, is that true when you directly connect to the main router (the ACS) and also when you connect directly to the dumb AP (AC) devices?

Let's start with the main router config (ACS):

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Also enable debug logging on the dhcp server and verify on the logs that the server responds to the solicitations immediately.

uci set dhcp.@dnsmasq[0].logdhcp='1'
uci commit dhcp
service dnsmasq restart
logread -f -e dnsmasq

Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 available DHCP range: 192.168.2.100 -- 192.168.2.249
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 DHCPDISCOVER(br-lan) c6:e5:20:78:f3:bf
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 tags: lan, br-lan
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 DHCPOFFER(br-lan) 192.168.2.217 c6:e5:20:78:f3:bf
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 requested options: 1:netmask, 121:classless-static-route, 3:router,
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 requested options: 6:dns-server, 15:domain-name, 108, 114, 119:domain-search,
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 requested options: 252
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 next server: 192.168.2.1
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 sent size:  1 option: 53 message-type  2
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 sent size:  4 option: 54 server-identifier  192.168.2.1
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 sent size:  4 option: 51 lease-time  14d
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 sent size:  4 option: 58 T1  7d
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 sent size:  4 option: 59 T2  12d6h
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 sent size:  4 option:  1 netmask  255.255.255.0
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 sent size:  4 option: 28 broadcast  192.168.2.255
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 sent size:  4 option:  3 router  192.168.2.1
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 sent size:  4 option:  6 dns-server  192.168.2.1
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 sent size:  3 option: 15 domain-name  lan
Wed Mar 22 10:52:11 2023 daemon.info dnsmasq-dhcp[15065]: 4221737123 available DHCP range: 192.168.2.100 -- 192.168.2.249

Here is the repeating log of an iPad connected by ethernet to the acs gateway. I don't know why it isn't being 'received' by the ipad though.

ubus call system board

{
	"kernel": "5.4.215",
	"hostname": "OpenWrt",
	"system": "ARMv7 Processor rev 1 (v7l)",
	"model": "Linksys WRT1900ACS",
	"board_name": "linksys,wrt1900acs",
	"release": {
		"distribution": "OpenWrt",
		"version": "21.02.5",
		"revision": "r16688-fa9a932fdb",
		"target": "mvebu/cortexa9",
		"description": "OpenWrt 21.02.5 r16688-fa9a932fdb"
	}
}

network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdbc:8e82:a568::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'wan'
	option macaddr '*:43'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
	option channel '44'
	option band '5g'
	option htmode 'VHT80'
	option country 'US'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option encryption 'psk2'
	option macaddr '*:45'
	option disassoc_low_ack '0'
	option key '*'
	option wpa_disable_eapol_key_retries '1'
	option ssid '*'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
	option channel '3'
	option band '2g'
	option htmode 'HT40'
	option country 'US'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid '*'
	option encryption 'psk2'
	option macaddr '*:44'
	option key '*'
	option wpa_disable_eapol_key_retries '1'

config dnsmasq

	option domainneeded '1'
	option localise_queries '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	option rebind_protection '1'
	option rebind_localhost '1'
	list rebind_domain 'jonathan-isom.net'
	list rebind_domain 'www.jonathan-isom.net'
	option logdhcp '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option force '1'
	option leasetime '14d'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'
config host
	option name
	option dns '1'
	option mac
	option ip '192.168.2.100'

config host
	option name
	option dns '1'
	option mac
	option ip '192.168.2.185'

config host
	option name
	option dns '1'
	option mac
	option ip '192.168.2.184'

config host
	option name
	option ip '192.168.2.125'
	option mac

config host
	option name
	option dns '1'
	option mac
	option ip '192.168.2.105'

config host
	option name
	option dns '1'
	option mac
	option ip '192.168.2.209'

config host
	option name
	option dns '1'
	option mac
	option ip '192.168.2.107'

config host
	option name
	option dns '1'
	option mac
	option ip '192.168.2.201'

config host
	option name
	option dns '1'
	option ip '192.168.2.114'
	option mac

config host
	option name
	option dns '1'
	option mac
	option ip '192.168.2.229'

config host
	option name
	option dns '1'
	option mac
	option ip '192.168.2.169'

config host
	option name
	option dns '1'
	option mac
	option ip '192.168.2.166'

config host
	option name
	option dns '1'
	option mac
	option ip '192.168.2.183'

config host
	option name
	option dns '1'
	option mac
	option ip '192.168.2.223'

firewall ( firewall.user empty)

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option synflood_protect '1'
	option forward 'ACCEPT'

config zone 'lan'
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list device 'tun+'

config zone 'wan'
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled 'false'

config include
	option path '/etc/firewall.user'

config redirect
	option target 'DNAT'
	option name 'http'
	option src 'wan'
	option src_dport '80'
	option dest 'lan'
	option dest_ip '192.168.2.201'
	option dest_port '88'

config redirect
	option target 'DNAT'
	option name 'https'
	option src 'wan'
	option src_dport '443'
	option dest 'lan'
	option dest_ip '192.168.2.201'
	option dest_port '443'

config redirect
	option target 'DNAT'
	option name 'ssh'
	option src 'wan'
	option src_dport '22'
	option dest 'lan'
	option dest_ip '192.168.2.201'
	option dest_port '22'

config redirect
	option target 'DNAT'
	option name 'imaps'
	option src 'wan'
	option src_dport '993'
	option dest 'lan'
	option dest_ip '192.168.2.201'
	option dest_port '993'

config redirect
	option target 'DNAT'
	option name 'imap'
	option src 'wan'
	option src_dport '143'
	option dest 'lan'
	option dest_ip '192.168.2.201'
	option dest_port '143'

config rule 'ovpn'
	option name 'Allow-OpenVPN'
	option src 'wan'
	option dest_port '1194'
	option proto 'udp'
	option target 'ACCEPT'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Smtp'
	option src 'wan'
	option src_dport '25'
	option dest_ip '192.168.2.201'
	option dest_port '25'

Use some packet capturing on the affected devices to verify that they send/receive the packets immediately as well.

I don't see anything unusual in the config files.

If you unplug the dumb AP and then connect a computer via ethernet to the main router, does it still take a long time to get a DHCP lease?

My favorite method is to watch all DHCPv4 on the router itself:

opkg update ; opkg install tcpdump
tcpdump -i br-lan -vvvn udp port 67   # Trace all DHCPv4.

If you want to see all DHCPv6 traffic, simply change port 67 to 546.

Edit:
If you have a windows host laying about, do an ipconfig /renew on it and you'll see an immediate pair of request/response packets.

option rapidcommit '1' in /etc/config/dhcp speeds this up but since you mentioned it takes minutes you definitely have something else going on.

16:52:15.890904 IP (tos 0xc0, ttl 64, id 3472, offset 0, flags [none], proto UDP (17), length 328)
    192.168.2.1.67 > 192.168.2.107.68: [bad udp cksum 0x8702 -> 0x5853!] BOOTP/DHCP, Reply, length 300, xid 0xfe65106, secs 41, Flags [none] (0x0000)
          Your-IP 192.168.2.107
          Server-IP 192.168.2.1
          Client-Ethernet-Address e2:63:35:a5:f3:5b
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Offer
            Server-ID Option 54, length 4: 192.168.2.1
            Lease-Time Option 51, length 4: 1209600
            RN Option 58, length 4: 604800
            RB Option 59, length 4: 1058400
            Subnet-Mask Option 1, length 4: 255.255.255.0
            BR Option 28, length 4: 192.168.2.255
            Default-Gateway Option 3, length 4: 192.168.2.1
            Domain-Name-Server Option 6, length 4: 192.168.2.1
            Domain-Name Option 15, length 3: "lan"
            END Option 255, length 0
            PAD Option 0, length 0, occurs 3

Here is the connection log from my ipad trying to connect. By default iPadOS has "private wi-fi address" on, so it was requesting a new lease with a different mac address.

Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 available DHCP range: 192.168.2.100 -- 192.168.2.249
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 DHCPDISCOVER(br-lan) e2:63:35:a5:f3:5b
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 tags: lan, known, br-lan
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 DHCPOFFER(br-lan) 192.168.2.107 e2:63:35:a5:f3:5b
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 requested options: 1:netmask, 121:classless-static-route, 3:router,
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 requested options: 6:dns-server, 15:domain-name, 108, 114, 119:domain-search,
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 requested options: 252
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 next server: 192.168.2.1
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size:  1 option: 53 message-type  2
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size:  4 option: 54 server-identifier  192.168.2.1
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size:  4 option: 51 lease-time  14d
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size:  4 option: 58 T1  7d
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size:  4 option: 59 T2  12d6h
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size:  4 option:  1 netmask  255.255.255.0
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size:  4 option: 28 broadcast  192.168.2.255
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size:  4 option:  3 router  192.168.2.1
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size:  4 option:  6 dns-server  192.168.2.1
Wed Mar 22 16:52:24 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 sent size:  3 option: 15 domain-name  lan
Wed Mar 22 16:52:25 2023 daemon.info dnsmasq-dhcp[20342]: 266752262 available DHCP range: 192.168.2.100 -- 192.168.2.249

I tried a plugging in a computer with the line from the dumb-ap and it connected instantly. So my impression is it is eating the packets for some reason.

Let’s look at the configuration files from the dumb ap.

Nothing wrong there, the router's DHCP server appears to be doing everything correctly.

I just burned down the config with firstboot, installed the same 21.02.5 version I have on the acs as there is not currently a 22 version for these devices and set it back up frest. I am going to see how this works out and go from there. I have tested a couple devices that didn't have leases and they connected normally.

Hopefully I won't have to come back to this thread.

Thank you all for the assistance.

Yeah... I suspect something was wrong with the config on the dumb AP... since you reset, we probably won't be able to identify what might have been going on, but if your problem does indeed get resolved, that's great. Keep us posted.

Exactly. After re-reading, this sounds suspiciously like the dumb AP had a DHCP server running, colliding/competing with the router's.