WLAN AP in Bridge mode behind router: websites loading slow and incomplete

[poenn]

Hi everyone,

I am stumped at this problem. I have 2 customers. Both use a FritzBox (popular german router) as their router and both have DrayTek WLAN Access Points connected via Ethernet. The APs are configured in bridge mode so the wireless clients get an IP via DHCP from the router. Clients (MacBooks, iPhones, etc.) do all connect fine and have very good reception. After a while (sometimes only minutes) the wireless clients can not load websites completely. It will take minutes to load and often miss many images. This is apparent on Facebook or using Apple Maps where some tiles will not load at all or very slowly.

The internet connection is not the problem, Ethernet always works fine. Both customers even have different models of the router and different connection types (VDSL and cable) as well as different models of DrayTek VigorAPs.

If we use the built-in WLAN of the router all is fine as is the case with Ethernet. But we need separate APs due to the locations.

DrayTek support told me to disable Airtime Fairness which did not help. Anything I can try before setting them up in routing mode (separate IP range and Double-NAT)?

 

[Paladin]

Get a different brand AP completely and test it out. Cisco used APs are dirt cheap on ebay, Ubiquiti are cheap for the older models (wifi 5 or 6), Aruba InstantON, etc. Very reliable and cheap.

 

[GaitherBill]

On the clients, turn off the private ip addressing and limit ip tracking.

Is there a DTIM setting on those AP’s? Set it to 3.

 

[poenn]

I can currently not test other APs since it’s a long drive there, but we tested with the router's internal WLAN and this worked fine. It’s just that this is not an option due to weaker signal and the location of the router and the clients. There is no DTIM setting on these APs. But since there’s voice packets (Wifi calling, etc.) involved I’d rather not change this anyway.

Why would disabling private IP and limit tracking help? Thanks!

 

[GaitherBill]

Why would disabling private IP and limit tracking help? Thanks!

I’ve had it cause issues with my i devices.

 

[steelghost]

Hi everyone,

I am stumped at this problem. I have 2 customers. Both use a FritzBox (popular german router) as their router and both have DrayTek WLAN Access Points connected via Ethernet. The APs are configured in bridge mode so the wireless clients get an IP via DHCP from the router. Clients (MacBooks, iPhones, etc.) do all connect fine and have very good reception. After a while (sometimes only minutes) the wireless clients can not load websites completely. It will take minutes to load and often miss many images. This is apparent on Facebook or using Apple Maps where some tiles will not load at all or very slowly.

The internet connection is not the problem, Ethernet always works fine. Both customers even have different models of the router and different connection types (VDSL and cable) as well as different models of DrayTek VigorAPs.

If we use the built-in WLAN of the router all is fine as is the case with Ethernet. But we need separate APs due to the locations.

DrayTek support told me to disable Airtime Fairness which did not help. Anything I can try before setting them up in routing mode (separate IP range and Double-NAT)?

Some questions that spring to mind:

• Are these Draytek APs newly installed?
• If not, have they always had this problem, or is it a new thing?
• Have you used them before elsewhere and found them to work properly?

Up to now I am inclined to point the finger at the Draytek APs and agree with Paladin's suggestion of trying a different AP entirely, seeing as the ethernet and onboard wireless connections both function as expected.

 

[Paladin]

I’ve had it cause issues with my i devices.

I have a couple of people at my work who constantly turn those features on and then get upset that they can't access things that are permitted by IP address.

 

[GaitherBill]

I have a couple of people at my work who constantly turn those features on and then get upset that they can't access things that are permitted by IP address.

If you're home or at a trusted location I really don't see the point in having them enabled.

 

[poenn]

Yeah, it looks like I need to put other APs there. I just wanted to know if somebody had a similar problem in the past and it maybe turned out to be a setting no one expected to cause this.

The DrayTek APs are brand new. There were no APs before at this location. But I am using 3 of these at home with no problems. The only difference is that I am using slightly older models and another make of router.

 

[Paladin]

It should be pretty simple but wifi has become more complex over time. I would look for any options you don't immediately recognize and understand and check the docs on what they do. If they seem like they are not necessary, turn them off one at a time and see if it helps. Being on site would be really helpful but if you can have someone there to do the testing on the phone that would be next best.

Another thought, you say they are access points but then say they are in bridge mode which makes them sound like they are actually routers. What model are they exactly?

 

[poenn]

Thanks. I have only basic settings selected, nothing of the fancier stuff. I made sure the latest firmware is installed and even reset them to factory defaults and set them up from scratch. Looks like I’m not alone. Here’s another soul with the same problem and no answer, except for mine which needs to be approved by a moderator first since I just registered there: https://www.draytek.co.uk/forum/wir...ad-when-using-draytek-ap805-in-ap-mode#105516

 

[w00key]

You need to familiarize yourself with Wireshark if you want to root cause this issue and be prepared to invest a lot of time in it.

The other way is swapping parts until it works, buy a Unifi or InstantOn AP to check if it's the router or AP, if AP, keep new one, if router, swap that out instead.

 

[Paladin]

Yeah, if they are new, I would contact Draytek (if you have not already) and if they can't offer a reasonable fix, in short order, I would simply return them or require Draytek to take them back. Then replace them with something else more reliable and simple. One AP per location means you don't need mesh and I doubt you need 200+ devices on it so any basic AP should be fine.

 

[poenn]

Thanks everyone. Today I got a Beta-Firmware to test with from DrayTek, but the problem has already re-appeared. They are checking the logs right now and I’ll give them another chance, but will swap the APs with something else if there’s no solution in the coming days.

In case I need to replace them, can anyone tell me which InstantOn APs do offer a local admin web interface? I only got mixed results looking that up. I do not want or need a controller, be it local like Unifi or even Cloud-based. That’s why I have been eyeing the Zyxel NWA50AX currently. It offers both, their Nebula Cloud admin as well as local web GUI.

 

[steelghost]

All Aruba InstantOn APs are cloud controller only. Older Aruba Instant APs could be used in a local admin mode, but their current product set doesn't seem to allow that.

TP Link and Mikrotik APs both allow local web management, but I . I am not familiar with the Zyxel range but for this simple use case of course any AP should be fine as long as it actually works properly.

 

[poenn]

…for this simple use case of course any AP should be fine as long as it actually works properly.

Yes, you’re right. Thanks for the heads up concerning Instant and InstantOn.

 

[w00key]

For home / small business cloud controllers are actually fine. I like the additional monitoring that comes with it, when a device goes down I know, or all devices on a site = internet kaput.

Aruba InstantOn cloud controller is free. Unifi is DIY on a VM (we have two) or rent it from Ubiquiti.

 

[Muhata10111b]

Terminology can vary, but if the devices are hooked up by Ethernet you should be using AP mode not bridge mode. Bridge mode is typically used to expand your wifi network wirelessly, so they are connecting to the router through WiFi and rebroadcasting.

 

[Kyuu]

I don't think I've ever seen "bridge" used that way. Generally that means that any typical routing features (routing, firewall, DHCP server) are disabled and traffic is passed through the device unmolested.

 

[poenn]

I see it the same way as Kyuu. By bridge mode I mean that the APs are simply bridging the LAN to WLAN without acting as a router. In router mode they would employ their own IP range, hand out IPs via DHCP and do NAT and firewall for the clients. In bridge mode DHCP and NAT is handled by the router and the APs are relatively dumb. This also prevents Double-NAT. Yes, sometimes this mode is referred to as AP mode.

In the meantime the first Beta firmware did not help. I got another one today and so far the problems seem to be gone. My client is still testing, but DrayTek support has been good so far. I will report if the problem is indeed solved in the coming days…

 

[poenn]

OK, the second beta firmware did not help either. I have just ordered 3 Zyxel APs. They look like a good replacement since they feature some of the same things that the DrayTek APs have which is what the client wants: white housing, PoE, LEDs possible to disable, etc.

I will still stay in contact with DrayTek support, because I will take these APs back and have no interest in 3 paper weights. And my other client with another of their models will need a solution, too.

 

[steelghost]

Its staggering to me that their response to basically broken hardware amounts to "here, try this random dev build of the firmware". If a WAP can't do basic WAP things, what on earth are they selling it for?

The only Draytek hardware I have direct experience of is our VDSL modem, which has been on for 3.5 years straight without missing a beat. I'd assumed it was all like that, solid but unassuming. I'd be interested to know if you get a resolution from them.

 

[poenn]

Yeah, it's a bit disappointing right now. I have used, sold and installed lots of DrayTek hardware in the past. Their routers are rock solid as were their earlier APs which I am using 3 different models of and lots of clients do too. I even have one of their gigabit switches, which is also a very good device. It seems to me that it’s only happening with their current lineup, but I don’t want to play unpaid beta tester any longer. Will keep you posted of any news…

 

[gusgizmo]

Late to this thread, are they doing WDS encapsulation for bridged traffic? Or are they doing ARP proxy?

WDS tends to work well enough, ARP proxy can trigger network stack specific bugs.

The idea here is that wireless != ethernet so something has to sit in the middle and translate, or you have to wrap up the frame and tunnel/encapsulate it.

There are other bugs around 802.11r/k/v that could be in play here as well. There's not really a right answer but there was a good thread on it a few months ago here.

https://meincmagazine.com/civis/threa...he-recommendations-in-your-home-wlan.1506654/

 

[w00key]

I doubt krv is an issue when basic connectivity doesn't work. K just tells you where else to look, r is for faster handshake but never enabled on non .X networks, V is a more pushy K and tells the client to move, signal is bad.

The video tests V without K which is nonsense, you tell a client to move somewhere, anywhere, but instead handing it 3 channels you APs are on, you tell it to scan all 13x 2.4 Ghz and idk how many 5/6 Ghz channels? V requires K in practice, don't do what the guy did, ofc you get a major half a second lag spike when the wifi takes a stroll and on each channel, sends out a probe request + listens for answer. You're literally asking for it, and yet, that still won't make the internet as slow as described, roaming doesn't happen when you don't move and if it did, you are back to full speed after a second.

 

[poenn]

Yes, all the roaming stuff is off and Airtime Fairness is also off. These APs are set up the most basic way possible. I am still waiting for the delivery of the replacements (Zyxel NWA50AX) I chose.

 

[poenn]

The 3 Zyxel NWA50AX which I had ordered as replacements are working fine for over a week now. I tried to replicate the problem with the DrayTeks and set up a very similar test environment, but they work fine here…

I will soon test the beta firmware on the other customer’s DrayTek AP805, but since it did not help with the 1062C models I suspect the same over there.

 

[poenn]

Just a quick follow-up: The other customer’s AP805 exhibits no problems after its firmware update. Case closed for now. Thanks everyone for your input!