NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
WAX620 NAT mode is terribly unstable and unusable
WAX620 with firmware V10.6.1.1 I'm trying to set up a guest wifi using NAT configuration. Connecting to the SSID with NAT enabled, strange network behaviour is observed. Initial connection opening...
Reads like something is very wrong with the NAT config or the WAX6xx config in general.
Have defined an IP subnet not in use on any other local LAN or VLAN? Overlapping IP subnets probably?
An IPv6 DNS server must be able to resolve IPv6 and IPv4, including the fallback from IPv6 to IPv4. Check using https://ipv6-test.com/ for example FMI - from both a direct SSID as well as for the NATed SSID connection.
When using the NATed SSID, only IPv4 can be available, as the many-2-one NAT in place does support IPv4 only, using the WAX6xx LAN IP as the target for the NAT address.
The DHCP Offer Broadcast to Unicast is available to reduce the burden of massive broadcast traffic on the wireless. Unclear why and how this should make a difference in the way the DNS is used from the NATed SSID - essentially the same DNS config is in use either way.
Thanks for replying.
My another attempt to make a guest network with wax620 is:
setting a bridged SSID with VLAN=2, DHCP offer disabled, and install a OpenWrt Hyper-V virtual machine as a router
between VLAN=2 and untagged LAN.
Under this condition, everything works fine.
As for IPv6. When NAT and DHCP both are enabled, connected client PC gets IPv6 nameserver address of
the upper network but doesn't get IPv6 address assigned to the PC. Ipv6 address advertisement seems not working to NAT network. I think that's why.
So far, for me, just NAT setting does not work well.
JakeJ wrote:
As for IPv6. When NAT and DHCP both are enabled, connected client PC gets IPv6 nameserver address of
the upper network but doesn't get IPv6 address assigned to the PC. Ipv6 address advertisement seems not working to NAT network. I think that's why.
So far, for me, just NAT setting does not work well.
Would you mind to show how a common system on this NATed SSID does announce an IPv6 DNS address? Here what I get (while connected to a full dual-stack IPv6/IPv4 network, but only connecting to the NATed SSID) e.g. Windows shows, including which DNS server is accessed:
Z:\Users\xxxxxxx\> ipconfig /all
Drahtlos-LAN-Adapter WiFi 2:
Verbindungsspezifisches DNS-Suffix: local
Beschreibung. . . . . . . . . . . : Intel(R) Wi-Fi 6 AX210 160MHz
Physische Adresse . . . . . . . . : <<snip>>
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::fc5:eea3:4fdf:7275%11(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 172.20.20.30(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Lease erhalten. . . . . . . . . . : Mittwoch, 1. November 2023 17:08:05
Lease läuft ab. . . . . . . . . . : Donnerstag, 2. November 2023 17:08:05
Standardgateway . . . . . . . . . : 172.20.20.1
DHCP-Server . . . . . . . . . . . : 172.20.20.1
DHCPv6-IAID . . . . . . . . . . . : 557109238
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx
DNS-Server . . . . . . . . . . . : 8.8.8.8
NetBIOS über TCP/IP . . . . . . . : AktiviertZ:\Users\xxxxxxx\> nslookup
Standardserver: dns.google
Address: 8.8.8.8>
All relevant IPv6 details I see here is the link-local IPv6 address, and the DHCPv6-Client-DUID.
Can't see on how any IPv6 config should come to the client....
I tried to reproduce the problem that I had with NATted SSID.
But I could not reproduce the same situation again.
Therefore I'd like to close the case for now.
Thanks for your help.
Previously I had this configuration:
SSID1: normal bridged WiFi to the wired LAN
SSID2: temporary VLAN2 WiFi with a virtual machine OpenWrt router as a guest WiFi.
What I did was trying to add a problematic NATted SSID as SSID3.
I could not observe any problem. Whatever the setting of "DHCP offer" and "client isolation".
ipconfig shows all healthy. No IPv6 leakage from the upper network and no interference of DNS.
One more thing I noticed in the meanwhile was:
When "client isolation" is disabled, the clients in the NATted network can
discover Chromecast devices that blong to the upper network.
In this context, NATted SSID is not completely a "guest WiFi".
Probably "client isolation disabled" option allows some special protocols like DNS-SD to pass through.
Formerly I was using WAX214, in which there was "Guest WiFi" configuration and it did'nt behave like the NAT configuration in WAX620.
Thanks anyway.
> NAT SSID2 is now
Connection-specific DNS Suffix . : local
Description . . . . . . . . . . . : Intel(R) Wi-Fi 6 AX201 160MHz
Physical Address. . . . . . . . . : ************
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::************%5(Preferred)
IPv4 Address. . . . . . . . . . . : 172.31.6.177(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : 2023年11月2日 7:09:00
Lease Expires . . . . . . . . . . : 2023年11月3日 7:08:59
Default Gateway . . . . . . . . . : 172.31.4.1
DHCP Server . . . . . . . . . . . : 172.31.4.1
DHCPv6 IAID . . . . . . . . . . . : 66*********
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-************
DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : EnabledStill BUGGY.
I switched back the setting to
SSID1 main network
SSID2 NAT guest network
then I started observing unstable connections on NAT SSID2 again.
DHCP leased addresses : ok
Nameserver: ok
Measured throughput: ok
Youtube playback stuttering.
Opening web pages super slow.
Sometimes good, somtimes bad.
I just suspect NAT router in the accesspoint is overloading or
doing too much extra work.
Anyway I hope the future firmware release will solve it.
Thanks.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
