Hi, I have a Hitron Gigabit Cable Modem from Rogers, connected via ethernet to an ASUS RT-68U router for wifi home networking...
I am getting a "Your ISP's DHCP is not functioning properly" message on my ASUS web UI several times a day as my internet connection drops. Basically, I have to log into my ASUS UI, click the warning message, and it would renegotiate an IP with the Hitron, and everything will be connected again. I checked with ASUS and they said this would be an issue with the ISP or the cable modem. Does anyone have any idea how I can fix this?? I work from home and rely on the gigabit connection, so suffice to say, any dropped service is frustrating and immensely inconvenient.
Thanks in advance.
Is that message seen on a device that is connected via ethernet, wifi or both?
Have IPV6 running?
I'm assuming that the modem is in Bridge mode with the RT-AC68U running in full router mode? Please confirm.
Fwiw, I run an RT-AC68U as well, and I've never seen that message, but, I also have IPV6 disabled except for test purposes. If you do have IPV6 running in the router, disable IPV6 and reboot the router. I'd reboot the connected devices as well. If this works please let me know as it might point to an issue with the Cable Modem Termination System (CMTS), or possibly to a packet loss issue between the modem and CMTS.
This applies to both ethernet AND wifi, and is a message shown on the Asus web UI. I confirm that IPV6 is DISABLED.
Also, the Hitron is NOT running on bridge mode. I actually spoke with a tech on the phone at Rogers, and she said that I did not have to put it in bridge mode, which I thought was a little weird. However, with it NOT in bridge mode, it avails the ethernet ports on the back of the Hitron for my ethernet network at home...
Ok, you might have a DHCP conflict going on with your present configuration. The tech is correct, you don't have to run the modem in Bridge mode, but, you do have to do one of two things if you want to keep running the modem in Gateway mode:
1. Ensure that there is only one DHCP server on the network, which in this case should be the modem. So, essentially what that means is turning the router into an Access point. You can do that via the Router's Operating Mode selection, selecting Access Point mode instead of Router Mode. It should turn off the router firewall and DHCP server. The router is still connected via the Router's WAN port.
You can do this manually as well by disconnecting the modem cable from the WAN port and connecting it to any of the router's LAN ports. You also have to turn off the router's firewall and DHCP server.
Either way, the modem is in control of the network in terms of the IP addresses.
2. You can run the router in full Router Mode, with its own firewall and DHCP server running. To do that you have to set the Router's IP address and IP address range to something else in the private address range. This is to avoid any conflicts with the modems IP address or IP address range. I use 10.0.0.1 as the router's IP address for example, and keep the IP address range to a minimum, running from 10.0.0.2 to 10.0.0.30
The private IP Address Ranges are as follows:
IP addresses: 10.0.0.0 -- 10.255.255.255.
IP addresses: 172.16.0.0 -- 172.31.255.255.
IP addresses: 192.168.0.0 – 192.168.255.255
With those parameters set, reboot the router. This is the configuration that I use as I'm too lazy to configure the router as an access point every time that I'm running any tests on the modem. What this results in is a walled off network within a network. Anything behind the router can't be seen from the modem side of the router. This gives me access to the modem from behind the router by using 192.168.100.1 as the modem's log in page. I can flip the modem into Bridge mode, or Gateway mode at any time and the router keeps on running without any issue. I've never had any problems with this configuration.
The only drawback is if you had devices, like a printer or NAS behind the router that you wanted to access from the modem, or WAN side of the router. In that case, you're out of luck. You would have to physically connect to the router, or turn off the firewall on the router. So, you will have to decide what devices you want to access and where they have to sit, either behind the modem or behind the router. That will also depend on how you run the router, in Full Router mode (walled off) or in Access Point mode which should give you network wide access to all devices.
Hope this helps.
Edit: Corrected the following to read:
"but, you do have to do one of two things if you want to keep running the modem in Gateway mode:"
Note that running the modem in Gateway mode with the router in full Router Mode results in a double NAT situation which is very inefficient and which can lead to problems. I don't do that very often, but, for test purposes when I need the modem running temporarily in Gateway mode, that is what I do. When I'm done, I'll return the modem to Bridge mode. Everything within the router's network stays the same however and I've never seen any issues with any device.
Thank you so much for this. Would I still be able to use the VPN clients functionality with either of the options you suggested?
Thank you again!!!
You should be able to, but I would connect to the VPN via the router. If you are looking to run a VPN, or running a VPN now, you should consider loading Merlin's Asuswrt-Merlin, as it will give you additional options in terms of determining which device runs thru the VPN and which devices don't, and Merlin supports additional VPN capability beyond the stock Asus firmware.
Here's the support forum:
Here's the download page for the RT-AC68U:
The latest download, released last week is at the bottom of the page, version 360.68.4 This was released due to very recent dnsmasq security updates. There is no sign of the same update on the main Asus support site. Here's a link to an article for this:
Fwiw, I've never used Merlin's Asuswrt until last week, but, loaded it due to Merlin's fast response to the dnsmasq issue. Personal opinion, anyone with an Asus router on hand would probably be better off running the router in full router mode with the modem in Gateway mode. For the dsnmasq security update, and simply due to the fact that the router will give you a good number of options to use, compared to the limited capabilities of the modem. If you need more ethernet ports, perhaps a gigabit switch, running off of the router would suffice? It all depends on where the modem and router are located within the home.
That's what I am running on the Asus, Asuswrt-Merlin, and I just the built-in VPN clients. So if I have it correct, I can keep everything the same, but just change the IP range on the Asus router as you have described in Option 2?
Sorry, where would one put the private ip range? I know where to change the router's IP and the DHCP ip pool, but "private ip"?
Those addresses that I listed above, are designated by the standards group as Private Address ranges, meaning that they can't be addressed from the WAN side of the modem or router, ie: on the internet.
So, you would enter anything within those ranges into the router's IP Address and the DHCP IP Pool. Those are LAN side addresses and address ranges only.
You could keep it straightforward, so that you have router IP address followed by IP address range, or, something like:
IP 10.20.20.20 -- IP range: 10.100.100.0 - 10.255.255.255.
IP 172.16.50.50 -- IP range: 172.20.200.255. - 172.20.255.255
IP 192.168.200.0 – IP range: 192.168.200.100 - 192.168.200.255 The problem with this is that you would
have to ensure that the modems IP range
is below 192.168.200.0 to avoid any IP
So, you can go crazy and be creative, or keep it straightforward. The router will most likely reject anything that is outside of those ranges, so, you probably can't go wrong.