AP unable to get IP from ISP that uses CGN (CGNAT)

  • 1
  • Question
  • Updated 9 months ago
  • Acknowledged
Both my Ruckus R710 and 7982 have worked just fine as standalone router/gateway/ap in my previous home, connected directly to a fiber converter and receiving public IP from the ISP. But I have just moved to a new home where the ISP uses CGN (CGNAT), and neither AP is able to get an IP when connected to the fiber converter here. Wireless and everything else works just fine, but the AP defaults to 192.168.0.1 when trying to acquire IP from ISP using the DHCP setting, so clients cannot reach the internet.

A workaround is having the clients bridged through the AP to WAN (using "bridge to wan" instead of local subnet), in which case each client gets assigned an external IP (actually semi-external because of CGN) from the ISP. This is not ideal because the ISP only lets me use 4 IP addresses, and I can't access the AP in this mode.

Has anyone gotten Ruckus APs to work with ISPs that use CGN? Are there any settings I can change in CLI to make the AP get an IP? The problem applies both to Unleashed firmware and the 100.4 standalone firmware.
Photo of devmapper

devmapper

  • 5 Posts
  • 0 Reply Likes

Posted 9 months ago

  • 1
Photo of thomas fankhauser

thomas fankhauser

  • 57 Posts
  • 14 Reply Likes
may be you already used the 4 ip adresses, then you should wait for leasetime to expire or release one on the computer.
sorry, just got only this... may be i'm wrong...
Photo of Michael Brado

Michael Brado, Official Rep

  • 2568 Posts
  • 351 Reply Likes
I don't know what is CGNAT, but maybe it is some ISPs way to prevent overuse...?

If your APs don't get an IP, does a workstation/laptop on the Ethernet/LAN get one either?  Did they
say you could only ever "use" 4 IP addresses, maximum?

If you can have 4 IPs, I'd say assign two for your APs and set them up with Static IP Addr/Def-GW,
so you can have an Internal (NAT) subnet behind the APs for your WLAN clients.  If you hosted an
Internet server at home, you'd statically assign it an IP too and your ISP should provide port fwding.

With APs using provided/routed IPs from your ISP, you should not need to "bridge to WAN" for one
of theirs, but should be able to NAT from inside/behind your AP.  Is this how you were setup before
moving?
(Edited)
Photo of devmapper

devmapper

  • 5 Posts
  • 0 Reply Likes
Thomas, thanks for your suggestion. However, I did call my ISP, and they released all 4 ip addresses to make sure that wasn't the problem. So, when all 4 addresses were available, the problem still persisted, meaning my computer and laptop for example managed to get an ip, but my ruckus AP (which was connected first, before any other devices) still wouldn't get an ip.
(Edited)
Photo of devmapper

devmapper

  • 5 Posts
  • 0 Reply Likes
Michael, CGNAT stands for carrier-grade NAT, which essentially means that the ISP is giving me 4 private (aka not public) IP addresses that all begin with 100.xxx.xxx.xxx., so a kind of double NAT situation arises because the end user's router also does NAT for their internal network. ISPs have started doing this because they are running out of public ipv4 addresses.

The ip addresses I get from my ISP are however not static, meaning I can't set up any static addresses for my access points or other devices. They are dynamic and shared with the ISPs other customers. It's like the ISP has one giant private network for all its customers, and the public IP shown to the rest of the internet is not the same as the ones assigned to the customers.

Previously with my other provider who used normal public IP addresses (still dynamic), my AP would act as a gateway, receiving a public ip via DHCP from the provider, and providing its own internal network/NAT for my home network (with addresses like 192.168....). That same setup should work with CGNAT too, and that's how most people have their home network set up. I suspect very few people here in Sweden are using Ruckus access points as their home router, and I think there is some software problem that prevents these ruckus units from getting an ip allocated from a CGN network. So I'm guessing that if I go out and purchase a cheap consumer router like everyone else uses at home, I'll be able to connect just fine. But I want to use my Ruckus equipment because it's so much better than consumer equipment!:)
(Edited)
Photo of Michael Brado

Michael Brado, Official Rep

  • 2568 Posts
  • 351 Reply Likes
Thanks for the CGNAT definition, and I do see the problem.

I cannot see an easy solution, but depending on the client subnet mask, can you risk assigning
your APs static IPs at the far end of the range, and still use 'bridge to WAN' for up to 4 WiFi clients...
who might get workable CGNAT addresses to go thru the ISP?  If you only get /22-bit subnet, no go.