I’m facing a tricky situation in a LAN and can’t find any good reason why this fails.
I’m on Big Sur 11.6.8 with Safari 15.6
It’s totally common to access the admin interface of a router by typing in its IP number, this never fails in my own LAN with my own router and many, many others.
In a client’s LAN the login page of the router simply does not load and eventually times out. This happens with Safari, Chrome, Firefox and MS Edge. Using Wi-Fi or a wired Ethernet connection doesn’t make a difference.
I never have a problem to access the very same router in the same LAN from my iPhone (iOS 14.8.1) or from my iPad (iOS 12.5.5), both of these obviously over WiFi.
Typically, when I enter this office, I can access this router, but then something happens and later, subsequent logins to the same router fail and my browser or Mac cannot recover from it.
Restarting the router or the Mac doesn’t solve the problem.
The first idea is about some fault in the router (Teltonika RUT950, a 4G/LTE router). But iPad and iPhone have no problem, another Mac in the same office doesn’t have this problem. I can even access the router via 4G remotely.
Once a fault appears I can’t surf the internet with none of the browsers.
A PING to the router from TERMINAL is perfectly normal.
One thought: does the router have a local admin URL in addition to the explicit IP address? (I don’t know this particular router, but the combo of this router and the client’s Mac seems to be doing something that blocks direct IP access. Maybe asking the network to resolve a URL would help.)
Is there a security setting on either the client’s Mac or the router that’s set differently from networks in your other clients’ locations?
It seems to happen after an initial access over the network. Is it possible to plug that machine directly into the router (rather than over the LAN) and see what happens? Can you navigate away from the admin page and then back to it using that connection?
It sounds a bit like an IP address conflict. Do you have a static address on your machine which could be conflicting with an address already assigned on the network?
@trilo:
I thought about IP address conflict as well.
Reasons why this may not be the case. (Please note that I say ‘may’)
⁃ PING to 192.168.1.1 comes back perfectly normal.
⁃ An initial connection pretty much always works.
⁃ There is only one DHCP server, provided by the router.
@matt
No, this router doesn’t have a secondary management IP. (Some WLAN accesspoints have this, AFAIK these are Level 2 = bridging devices, not Level 3 = IP-routing routers. Either way, not applicable here.)
What did you mean by “directly to router”? If I use the router’s WiFi, it is ‘direct’.
Alternatively I use an ETH cable into the router, to no avail.
Over the LAN is in my understanding direct, even if there is a hub inbetween (hubs are L2 and don’t resolve IP)
One thing remains odd: The problem seems to affect my own MBP. On the other hand, I can’t constantly disturb other people’s Macs, just to check.
@tommy Yes, I have done that, multiple times. Nothing I do makes it reproducible (along the lines of “The moment I switch xyz on, I see the problem”. I saw that you deleted your comment, it was a valid thought nonetheless)
Doing the following might be my next steps:
• Allocating a reserved DHCP IP range for the LAN, away from commonly used ones. (say 192.168.1.100 … 192.168.1.200) or
• Using a different LAN, 192.168.77.x to get away from the ubiquitous 192.168.1.x ranges.
Following along the possibility of an IP address conflict, an idea.
Try running arp 192.168.1.1 on one of the Macs. As far as I remember, this should give what the Mac believes is the MAC address for that IP.
I’d do this whilst connected via Ethernet, not Wi-Fi, just for simplicity (mostly because I can’t remember the details of what Wi-Fi does here).
Then some ideas: compare the MAC address with the router’s (which is hopefully printed on it); try comparing the results from that arp command on a Mac that can access the router ok, vs the one that can’t; if that MAC address doesn’t seem to be the router, try using it to look up the device manufacturer, eg at https://maclookup.app… if there is another device also configured to 192.168.1.1, that might help to work out which device it is.
@ashley I can get all relevant MAC addresses, i.e. for each interface (Eth LAN, Eth WAN and WiFi) Currently trying to convince somebody there to do an arp for me (the site is about 1 hrs drive away). However, I fear I will need to do the arp on my own MBP, because that’s where the error shows. Tomorrow then…
Ok. After adding an initial zero to that MAC address, https://maclookup.app says the vendor is Teltonika? So perhaps that’s as expected?
Good luck! I should say that the arp suggestion is just an idea - I don’t think I’ve run into exactly this before, but I’m throwing it in because I believe this is the relevant layer under IP addressing, and I read a little about arp table poisoning a long time ago. Don’t make a special trip on my account!
Another idea: an ad blocker or similar on your machine causing the router’s response to be blocked? Although: seems unlikely to have a common blocker across all four of the browsers you mention? Hmmm… do you have any of the recently added privacy settings turned on? I don’t have any experience with that yet - I expect it is designed to ignore local (eg 192.168.x.x) addresses, but that TidBITS article did raise my eyebrows.
Third idea: if the arp suggestion doesn’t seem to go anywhere, consider using Wireshark or similar tool to try and see what is actually going on. Perhaps the request isn’t even leaving your machine for some reason. Or, there’s a reply, but not the expected one. (But I’m no expert on any of this, just intermittently interested.)
In addition to a flaky ad blocker extension that thinks there are ads on the router’s admin login page, the only other thing that I can think of is to add the Develop menu to Safari and try turning off Javascript. I’m thinking that a router shouldn’t use Javascript (but I know that some do), and I don’t know that this one does, but perhaps there is a bad script that’s running that is causing an infinite loop with the router?
But I do like the idea of creating a new account on the Mac and seeing if you can replicate the issue.
I don’t think Big Sur had the System Preferences / Network / Limit IP address tracking, and DNS should not be involved in a local address, so using a custom DNS server setting for the network shouldn’t cause a problem.
Though this may not be the issue, I did not write “secondary management IP.” I wrote “ local admin URL.” In other words, a plain language string like “router.ASUS.com” that resolves to your router rather than being passed through the gateway.
If it has that, it would find your router’s admin console regardless of whether you have a conflicting IP address.
Sure, but you still have devices between you and the Ethernet port physically on the router. Whichever device is serving IP addresses to your LAN, there is a table of addresses involved that isn’t exactly dynamic. By “direct” I mean plug your laptop’s Ethernet interface directly into the router.
Along with others I think it is indeed your own MBP. You mentioned (I believe) that this same model router is on other clients’ networks. I’m wondering if your MBP “believes” it is on a different network than this one. Sounds weird, but troubleshooting includes discovering weird things.
Thank you @matt@ddmiller@ashley for helping.
It’s troubleshooting, no doubt it will be weird.
Latest, with me being on site:
arp from my own laptop is identical as before, like any client’s Mac here. In other words, my MBP sees the router, but it can’t connect.
Safari’s cache was mentioned earlier. But Firefox, Chrome and MS Edge show the same problem.
@ashley I see, but no, there isn’t such local admin URL.
“Directness” I was always either on a long (12 m) Eth cable or on the router’s WiFi. The DHCP server is (and always was) the router’s DHCP server. No other devices that could potentially interfere on routing matter (OSI Level 3). Devices we do have are all OSI Level 2 (say unmanaged switches), i.e. know nothing about IP numbers.
Will try now to set the LAN onto an entirely different IP range, away from 192.168.1.x to 192.168.9.x (and yes, this is a range that is definitely not in use by any of my other clients who use the same or any other router. I know this because we allocate IP ranges always from 192.168.10.x upwards.
This last step has now (for the moment, let’s not cheer too soon) gave me access to the router.
Hmmm. Now I’m speculating if there is a rogue device on the network (with a static address assigned on the device?), which has the same IP address of your laptop. So your laptop can talk to the router, but the router replies to the rogue device perhaps. After you’ve changed the IP range, might be worth trying ping 192.168.1.255 and see if anything replies. (Many devices won’t reply, so a lack of replies doesn’t prove anything, but worth a try perhaps.) Good luck!
I’d try LanScan to get a look at the entire network and assigned addresses. It still feels like an IP conflict to me but it’s hard to diagnose from the other side of the planet.
Thanks for various answers in this thread. Very much appreciated.
Given that we now have access again, after changing to 192.168.9.x I can stop working on this matter. Yes if wonder if there is a rogue device lurking somewhere, but tbh, I rather amuse you friendly LOT here with the real problem I have in this LAN, a highly inconsistent broadband provision over 4G. I’ll start another thread on this, see you there.