Summary of problem: Wyze Cam V3 grabs my local WAN endpoint after router momentarily loses connection with ISP’s ONT.
Situation: I have 3 Wyze Cam V3s setup behind my router, each provided a static private IP. Pretty typical setup. Several irrelevant details aside, the occasional extended brownout or power outage (usually during storms) will cause my router (ASUS RT-N66U) to reboot or momentarily lose connection to my ISP’s ONT, and while the process of re-establishing communications is usually successful (I also have a router script as backup), there have been half a dozen instances over as many months where my router fails to re-establish a route with my ISP (it’s apparently an issue with some ASUS routers and ISP ONTs). No camera access obviously.
Quick call to my ISP, a routine reset of the ONT, and I’m usually good to go except twice now the tech has informed me that he’s seeing a MAC address identified as Wzye. It’s obvious my router is providing Layer 1/physical access to the ISP, but how is a Wyze cam able to ‘beat’ my router to the punch in gaining an ISP-assigned IP, and why does it have this capability? In all my years as a Network Engineer I’ve never run across a ‘rogue’ LAN device that grabs the local WAN endpoint while the router is ‘re-gathering’ itself. Perhaps somebody can provide me with some technical information that would explain this/how the cam is able to do this, and/or provide me with a trick/workaround.
EDIT: I forgot to mention, no number of ONT resets will re-connect my router to the ISP while the Wyze cam has the WAN endpoint, so until I can go back home and I’m able to reset everything in person, I have no cam or router access.
Unless you have some strange wiring, the cameras should have absolutely zero direct connection to the WAN side of your router. It almost sounds like when your router goes wonky, it is directly connecting the WiFi access point (I assume part of the router) to the WAN connection. It should not be doing that. That is an odd failure of the router.
The camera is just a dumb WiFi client. It will take a DHCP address from whatever assigns one. So what it sounds like is that when the router goes wonky, the access point is at temporarily being directly connected to the WAN side of the router. If the camera also lost power in your momentary outage, then it would look for a DHCP server shortly after powering up. In that situation, the only DHCP server would be your ISP (or the ONT),
Like I said, unless you are doing something very non-standard with wiring, a failure in the router is teh only possible answer.
Hmmm…your comment about WAN side access point assignment has me wondering about one of my router’s somewhat obfuscated settings (MAC clone), although I have no idea why I would put any value in it since my ISP doesn’t really track-n-match allowed MACs.
Let’s go back to basics. What are the ports on your router and what’s plugged in? Specifically, is the ONT plugged into any Ethernet port other than the one labeled WAN? Any other switches?
While we are all told its impossible, i have in my 35 year career in IT, have had two separate instances where two network devices have had the same MAC Address… honestly… Yup, told its impossible, but twice ive had that happen. Id check your router/modem’s MAC against your Camera’s MAC address. Maybe the camera is getting your WAN side IP because your ISP is handing that IP to the camera because of the MAC address being the same (basic DHCP method of handing out IP addresses)
Still shouldn’t be possible - the WAN port is supposed to be on a different layer 2 network. The ISP should never see a MAC address on the LAN (WLAN here) side.
you would have thought so, being the first few octets are country, manufacturer, etc. One was a GBIC Transceiver from Proline, and the other device was an old HP 1300 (or something) Laser Printer, not even the same manufacturer. that was about 12-13 years ago, then about 8 or so years ago it was some IP camera, don’t recall who made it and an HP 48 port switch. so, not even the same kind of devices, or manufacturers… again.
happened twice no less, and isn’t even supposed to be possible… but there you go.
Still doesn’t explain how the camera is accessing the ISP to get a dhcp address. If the camera is on a separate non-routable subnet, behind a firewall or NAT, it shouldn’t even be seen by the ISP’s router, let alone receive a DHCP address from it.
Yes, the ONT is plugged into the WAN port, and there are 4 additional LAN switch ports. Yes, I do have additional switches (and CIsco routers) in my network, but they are all part of isolated VLANs (part of my CCIE practice lab). My cams aren’t part of those VLANs, and they are connected wirelessly to my edge router. In the past – when everything is working correctly – I’ve checked my routing tables, and everything is routing as expected. It’s only this occasional ‘glitch’ with a Wyze MAC that has me scratching my head.
Somehow, obviously, your WiFi segment is bridged to the segment the ONT sees. Whether it’s a funky switch situation, a weird config, or an outright major bug in the router I can’t tell.
This is the direction I’m going to go when I regain access or go onsite, but with a slight skew! I don’t suspect identical MAC addresses have been assigned by the manufacturer as the MAC in question isn’t from the same manufacturer as my router, but as I mentioned in a prior response, I recall a somewhat obfuscated item somewhere in my router’s settings that allows it to clone a MAC address for assignment on its WAN port (for ISPs that insist on MAC address matching for edge devices connected to them). This honestly is the only thing I can think of that would explain what’s going on here, but I have ZERO reason to have messed with that setting. If I had messed with it, I would have logically put a prior router’s MAC address in there.
and no duplicate MAC-addresses? its not supposed to happen, but ive personally had that happen to me, and even more crazy, from completely different devices and manufacturing companies. it was a long,/long time ago… but still… worth a check
I agree with you WildBill. That’s why I think my cloned-MAC suspicion is probably what’s going on here given Wyze and ASUS are different manufacturers. Again, I have had ZERO reason to clone a MAC for the WAN port, and even if I had, I wouldn’t use an active MAC on my LAN. I’ll know more whenever I can access my router.
The only way I can see getting duplicate MACs across manufacturers is if the device has the capability to accept a manually assigned MAC. I know the Wyze cameras use that feature at boot to get the “WYZE” MAC and occasionally that process fails and the cameras may get a different IP from the DHCP server. And, as @fletcher969 mentioned, the routers have the capability for MAC cloning in case the ISP wants/expects a specific device as the connection. I suppose it is also possible the ISP only assigns ONE ip to the connection so whichever device connects gets it.
Either way, MAC cloning doesn’t explain how the camera is connecting directly to the ISP’s router to get the DHCP address. As @Customer suggests, there is some problem with the network allowing the camera to connect directly to the ISP.
An additional question: Does the camera connect to the WiFi on the Asus router or some other access point? Just wondering how it could be online before the router during a reboot.
I’m proposing that it’s not actually the camera that is connecting to the ISP, but instead it is my router…cloned to use an active MAC of one of my cameras. Subsequently there is sufficient ‘confusion’ passing packets along at Layer 2 to prevent access to my router from the WAN side. Perhaps there’s some rule in the router’s OS that says to pass packets along (to the LAN side MAC) if there is a duplicate WAN/LAN MAC issue. Who knows?