WAX620 NAT mode is terribly unstable and unusable

Question

WAX620 with firmware V10.6.1.1I'm trying to set up a guest wifi using NAT configuration.Connecting to the SSID with NAT enabled, strange network behaviour is observed.Initial connection opening any web page or youtube app, whatever takes very long time 10 to 20 sec.After the first connection, network flows smoothly but stuttering sometimes.Measured throughput is as good as other bridged normal setting SSIDs.There seems to be a mistake in firmware handling some kinds of packet like DNS or ACK? I'm not sure.&nbsp;In addition, one possible misleading configuration is "DHCP Offer Broadcast to Unicast".When this setting is "Enabled", devices that connect to the NAT SSID receive DNS nameserver configuration from the upper network. IPv6 nameserver in my case. That causes connected devices totally unusable.So usually for a guest WiFi network, NAT and DHCP Offer disabled would be the possibly configuration. I believe.&nbsp;This behavior is already acknowledged? Working to resolve in the future firmware?Thanks

ESGR · Answer

Apologize,&nbsp;I will create a new thread.

schumaku · Answer

Reads like something is very wrong with the NAT config or the WAX6xx config in general.
&nbsp;
Have defined an IP subnet not in use on any other local LAN or VLAN? Overlapping IP subnets probably?
&nbsp;
An IPv6 DNS server must be able to resolve IPv6 and IPv4, including the fallback from IPv6 to IPv4. Check using&nbsp;https://ipv6-test.com/&nbsp;for example FMI - from both a direct SSID as well as for the NATed SSID connection.
&nbsp;
When using the NATed SSID, only IPv4 can be available, as the many-2-one NAT in place does support IPv4 only, using the WAX6xx LAN IP as the target for the NAT address.
&nbsp;
The&nbsp;DHCP Offer Broadcast to Unicast is available to reduce the burden of massive broadcast traffic on the wireless. Unclear why and how this should make a difference in the way the DNS is used from the NATed SSID - essentially the same DNS config is in use either way.
&nbsp;
&nbsp;

JakeJ · Answer

Thanks for replying.&nbsp;My another attempt to make a guest network with wax620 is:&nbsp;setting a bridged SSID with VLAN=2, DHCP offer disabled, and install a OpenWrt Hyper-V virtual machine as a routerbetween VLAN=2 and untagged LAN.Under this condition, everything works fine.&nbsp;&nbsp;As for IPv6. When NAT and DHCP both are enabled, connected client PC gets IPv6 nameserver address ofthe upper network but doesn't get IPv6 address assigned to the PC. Ipv6 address advertisement seems not working to NAT network. I think that's why.&nbsp;So far, for me, just NAT setting does not work well.&nbsp;

schumaku · Answer

JakeJ&nbsp;wrote:
As for IPv6. When NAT and DHCP both are enabled, connected client PC gets IPv6 nameserver address of
the upper network but doesn't get IPv6 address assigned to the PC. Ipv6 address advertisement seems not working to NAT network. I think that's why.
&nbsp;
So far, for me, just NAT setting does not work well.

Would you mind to show how a common system on this NATed SSID does announce an IPv6 DNS address? Here what I get (while connected to a full dual-stack IPv6/IPv4 network, but only connecting to the NATed SSID) e.g. Windows shows, including which DNS server is accessed:
&nbsp;
Z:\Users\xxxxxxx\&gt; ipconfig /all
&nbsp;
Drahtlos-LAN-Adapter WiFi 2:
Verbindungsspezifisches DNS-Suffix: localBeschreibung. . . . . . . . . . . : Intel(R) Wi-Fi 6 AX210 160MHzPhysische Adresse . . . . . . . . : &lt;&lt;snip&gt;&gt;DHCP aktiviert. . . . . . . . . . : JaAutokonfiguration aktiviert . . . : JaVerbindungslokale IPv6-Adresse . : fe80::fc5:eea3:4fdf:7275%11(Bevorzugt)IPv4-Adresse . . . . . . . . . . : 172.20.20.30(Bevorzugt)Subnetzmaske . . . . . . . . . . : 255.255.255.0Lease erhalten. . . . . . . . . . : Mittwoch, 1. November 2023 17:08:05Lease läuft ab. . . . . . . . . . : Donnerstag, 2. November 2023 17:08:05Standardgateway . . . . . . . . . : 172.20.20.1DHCP-Server . . . . . . . . . . . : 172.20.20.1DHCPv6-IAID . . . . . . . . . . . : 557109238DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-xx-xx-xx-xx-xx-xx-xx-xx-xx-xxDNS-Server . . . . . . . . . . . : 8.8.8.8NetBIOS über TCP/IP . . . . . . . : Aktiviert
&nbsp;
Z:\Users\xxxxxxx\&gt; nslookupStandardserver: dns.googleAddress: 8.8.8.8
&gt;
&nbsp;
All relevant IPv6 details I see here is the link-local IPv6 address, and the&nbsp;DHCPv6-Client-DUID.&nbsp;
&nbsp;
Can't see on how any IPv6 config should come to the client....

JakeJ · Answer

I tried to reproduce the problem that I had with NATted SSID.But I could not reproduce the same situation again.Therefore I'd like to close the case for now.Thanks for your help.&nbsp;Previously I had this configuration:SSID1: normal bridged WiFi to the wired LANSSID2: temporary VLAN2 WiFi with a virtual machine OpenWrt router as a guest WiFi.&nbsp;What I did was trying to add a problematic NATted SSID as SSID3.I could not observe any problem. Whatever the setting of "DHCP offer" and "client isolation".&nbsp;ipconfig shows all healthy. No IPv6 leakage from the upper network and no interference of DNS.&nbsp;One more thing I noticed in the meanwhile was:When "client isolation"&nbsp; is disabled, the clients in the NATted network candiscover Chromecast devices that blong to the upper network.In this context, NATted SSID is not completely a "guest WiFi".Probably "client isolation disabled" option allows some special protocols like DNS-SD to pass through.&nbsp;Formerly I was using WAX214, in which there was "Guest WiFi" configuration and it did'nt behave like the NAT configuration in WAX620.&nbsp;Thanks anyway.&nbsp;&gt; NAT SSID2 is nowConnection-specific DNS Suffix . : localDescription . . . . . . . . . . . : Intel(R) Wi-Fi 6 AX201 160MHzPhysical Address. . . . . . . . . : ************DHCP Enabled. . . . . . . . . . . : YesAutoconfiguration Enabled . . . . : YesLink-local IPv6 Address . . . . . : fe80::************%5(Preferred)IPv4 Address. . . . . . . . . . . : 172.31.6.177(Preferred)Subnet Mask . . . . . . . . . . . : 255.255.252.0Lease Obtained. . . . . . . . . . : 2023年11月2日 7:09:00Lease Expires . . . . . . . . . . : 2023年11月3日 7:08:59Default Gateway . . . . . . . . . : 172.31.4.1DHCP Server . . . . . . . . . . . : 172.31.4.1DHCPv6 IAID . . . . . . . . . . . : 66*********DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-************DNS Servers . . . . . . . . . . . : 8.8.8.8NetBIOS over Tcpip. . . . . . . . : Enabled&nbsp;&nbsp;&nbsp;

Forum Discussion

WAX620 NAT mode is terribly unstable and unusable

9 Replies

Related Content

RBR750 - unstable, satellites keep disconnecting

Unstable Internet on Zoom calls

Brand New RS700 terribly slow speeds

CM2050V unstable after Comcast updated firmware

Zoom and Unstable Internet

NETGEAR Academy

ProSupport for Business