Question Gryphon router + TPLink as AP issues ?

dr18

Prominent
Mar 13, 2022
11
0
510
I want to use a TPLink AXE-75 in AP mode connected to a Gryphon router. The problem is, when one client is accessing the web, connectivity stops. As in, web browsing totally stops, but ping still works and VPN still works on all machines on the AP. This happens on and off for a few minutes at a time. The router works fine if we use its own Wi-Fi. Gryphon just says that they don't support other APs behind their router. Any idea if there's any way around this?
Thanks
 
Pretty standard answer from some idiot who just wants to get you off the phone and close their ticket.

Technically no router "supports?" a AP. Unless it is some silly mesh system a AP is a completely independent device. It will function on any network because to the network it looks like a computer connected via ethernet. It can't actually tell if there is wifi radio in the device, same as it can't tell if your pc also has a wifi card or not when you are using ethernet.

My guess would be you have a IP conflict. If both the router and the AP were to use 192.168.0.1 then they would conflict with each other. If they were using that exact IP you would change the IP on the AP to say 192.168.0.250 or some other unused address. You need to check the IP used by your devices.
 

dr18

Prominent
Mar 13, 2022
11
0
510
Thanks.

The AP's IP was already reserved in the router's DHCP (and different than the router's). As well, why would ping (using fqdn, btw) and VPN continue to work without a glitch, when web traffic, doesn't? Seems to be something special with how the router deals with 443/80 traffic (recall the Gryphon does web filtering for parental control).

Thanks
 
The reason this is strange is a AP looks like a switch that just happens to have wifi radios.

These devices have no concept of IP addresses and even less on ports and apps etc. They function purely with mac addresses.
The AP is really stupid it just takes data in on one port and then send it out on another port that leads to the proper mac address.

I can't see how your router would know if a device was directly connect to one of its ports is a pc or a pc that first connects to wifi and then gets converted to ethernet by the AP. ...I assume you are connecting via ethernet cable and not using some wifi repeater function in your "AP".

A couple things to try.

Maybe change the SSID of the AP to something different so your pc connects to where you want it to and does not do something stupid like switch between the AP and the router.
Try connecting a pc to the AP with a ethernet cables and see if it causes similar issues.

Note parental controls and web filtering are pretty much useless. All modern web traffic is encrypted so there is no way to see what a machine is doing or even what URL it is using. At best you get a IP address which also now means little since most servers are virtual and reside in cloud data centers. You could check if you are using encrypted DNS on your PC. This prevents the last hole in the traffic monitoring. If it was all your pc having the issue then it could be the DNS proxy function in the router. These have a long history of strange issues. Using encrypted DNS bypasses both the router and ISP dns functions.
 

dr18

Prominent
Mar 13, 2022
11
0
510
The reason this is strange is a AP looks like a switch that just happens to have wifi radios.

These devices have no concept of IP addresses and even less on ports and apps etc. They function purely with mac addresses.
The AP is really stupid it just takes data in on one port and then send it out on another port that leads to the proper mac address.

I can't see how your router would know if a device was directly connect to one of its ports is a pc or a pc that first connects to wifi and then gets converted to ethernet by the AP. ...I assume you are connecting via ethernet cable and not using some wifi repeater function in your "AP".

A couple things to try.

Maybe change the SSID of the AP to something different so your pc connects to where you want it to and does not do something stupid like switch between the AP and the router.
Try connecting a pc to the AP with a ethernet cables and see if it causes similar issues.

Note parental controls and web filtering are pretty much useless. All modern web traffic is encrypted so there is no way to see what a machine is doing or even what URL it is using. At best you get a IP address which also now means little since most servers are virtual and reside in cloud data centers. You could check if you are using encrypted DNS on your PC. This prevents the last hole in the traffic monitoring. If it was all your pc having the issue then it could be the DNS proxy function in the router. These have a long history of strange issues. Using encrypted DNS bypasses both the router and ISP dns functions.
Thanks. Yes, I was very surprised that things worked fine directly to the router, but locked up via AP. The SSID are different and I even turned off wifi on the Gryphon (well, timed to be on for 15 minutes a day).

I already tried different cables... As well, only 1 client (maybe two?) Trigger the issue (for the entire network). There are no IP conflicts with that client...and if there were, that would be the same with or without the AP .

I gather the web filtering is using DNS lookups. I can't get the entire URL... And even if using cloud (where an IP is useless), most cloud users have a domain name for their company and not the cloud provider.

The client isn't using encrypted DNS. It's a Chromebook and has the same issue after a power wash. I don't think the other son's Chromebook causes the same issue...-if- it does it's definitely nowhere nearly as frequent to see that it does. Websites work fine until the kids come home to do homework :) I don't get how one client would trigger this... Only the two Chromebooks are mapped to parental control, the other devices just pass through the Gryphon.

Due to this issue, at the moment, I'm double-natting (yuck) the Gryphon so that the parents get better Wifi reception via the AP and the kids can work via the Gryphon..
Modem>regular router, connected to both Gryphon and AP.

Thanks