Very weird WiFi/networking issue with my Model X

[uplusd]

I have what seems to be a very unique issue going on with my Model X. I've been noticing lately that software updates hang and I can almost never connect to my vehicle via the Tesla mobile app when its on my home WiFi.

I investigated further and for some reason the Model X wants to designate its own IP address (192.168.20.2). As a result, I keep getting source IP/VLAN errors on my router.

For my networking geeks, my home network lives on a 192.168.128.0/24 subnet. Here is the log dump from my router for the Model X:

source_client_ip: 192.168.128.144, source_client_mac: A0:14:3D:F3:67:4D, source_client_assigned_vlan: 1  « hide
last_illegal_ip    192.168.20.2
client_total_illegal_packets    1428
all_total_illegal_packets    6808
last_reported_total    6807

So as you can see, the Model X wants to assign itself the 192.168.20.2 IP address and my DHCP server is assigning it 192.168.128.144 (in this specific example, but could be anything else on the 192.168.128.0/24 subnet).

I did some googling for how 192.168.20.2 applies to Tesla and it looks like that IP address could be used by Tesla technicians during service by connecting a cable to a port that exists in the driver side footwell.

I've tried almost everything to fix this issue and I'm about to pull my hair out. Does anyone know what's going on?

 

[ShawnA]

Hi uplusd,

On your wifi setup in the car there is a "Tesla" entry that is for Tesla when it's
at a Service Center.

The Telsa uses the SSID and the password, I have never seen an instruction related to IP address.

You need an entry for your home SSID whether it's visible or not.
The security has to be WPA2 (Check your owner's manual)
Enter your password. I cannot remember about weird characters.
Uppercase/lowercase and numbers and a sufficient length (10 to 12 characters long) can create a strong password.

If you foul it up, don't be afraid to forget the network and add it back...

One other user had a horrible problem with Frontier cable/modem/routers but worked OK with Comcast.

Good luck,

Shawn

 

[uplusd]

Hi uplusd,

On your wifi setup in the car there is a "Tesla" entry that is for Tesla when it's
at a Service Center.

The Telsa uses the SSID and the password, I have never seen an instruction related to IP address.

You need an entry for your home SSID whether it's visible or not.
The security has to be WPA2 (Check your owner's manual)
Enter your password. I cannot remember about weird characters.
Uppercase/lowercase and numbers and a sufficient length (10 to 12 characters long) can create a strong password.

If you foul it up, don't be afraid to forget the network and add it back...

One other user had a horrible problem with Frontier cable/modem/routers but worked OK with Comcast.

Good luck,

Shawn

Thank you for the response! The car actually is connected to my home SSID which does use WPA2. I've tried deleting, adding back, trying different subnet ranges, etc. but nothing fixes the issue.

 

[ShawnA]

Hi uplusd,

Why are you bothering with subnet ranges???
Are you only allowing IP ranges or filtering MAC addresses???

On a simple network, all devices have their name,
you attach to the SSID and enter the password.
The car connects and you are done....

Do you require subnets for gaming or DMZ or ???

What year is the car??? -
Newer ones use the 5 Ghz and 2.4 Ghz but the older ones only use 2.4 Ghz

Shawn

 

[uplusd]

Hi uplusd,

Why are you bothering with subnet ranges???
Are you only allowing IP ranges or filtering MAC addresses???

On a simple network, all devices have their name,
you attach to the SSID and enter the password.
The car connects and you are done....

Do you require subnets for gaming or DMZ or ???

What year is the car??? -
Newer ones use the 5 Ghz and 2.4 Ghz but the older ones only use 2.4 Ghz

Shawn

looks like I found the reason on a different thread:

WiFi connection problem when access point is connected trough a VLAN switch

apparently MCU1s don’t like VLAN tagging

 

[DCGOO]

looks like I found the reason on a different thread:

WiFi connection problem when access point is connected trough a VLAN switch

apparently MCU1s don’t like VLAN tagging

If your Wifi network is tagged (very unusual), I would not expect your car to connect. But hardly any client devices recognize any 802.1q tags without specifically being configured to do so. In Wifi networks a VLAN tag is usually converted to a specific WiFi SSID, but the frames over the radio are not actually tagged themselves. As long as whatever network the car ends up on, there must be a DHCP server to assign a correct IP address to the car. Are you certain there is not a loose DHCP server handing out incorrect 192.168.20.0 addresses?

 

[AmokTime]

Do other network-related things in the car work? Do the theater apps (Netflix, Hulu, etc.) or music streaming work over WiFi? That could tell you if it’s the ip config or if that error you’re seeing is unrelated. You’d have to be able to see traffic stats on your router to prove to yourself that the streaming traffic is going through WiFi instead of the car’s cell (only applies if you have premium connectivity).

 

[AmokTime]

If the tagging thing does not end up panning out, you might also check if your WiFi has a “block incoming malware” option. I’ve run into this a time or two with certain network gear - usually higher-end equipment, like Cisco Meraki. In my case, every time I get a firewall firmware update it turns my malware detection back on. The symptoms for me are that any time I download a zip file containing executables it downloads almost the entire file, then hangs on the last packet.

Another symptom I’ve seen related to malware blocking (you’d only see this if you have multiple Teslas) is that if you try to download the same file two or more times to devices at different IP addresses it is blocked and fails in the same way - hangs on the last packet. Basically, the gear is watching to see if your network has become infected with something that downloads a malware payload to each infected device.

 

[AmokTime]

Perhaps you could adjust the subnet on your router/dhcp server to include the 192.168.20.x range (if it doesn’t already) and create a dhcp reservation for your car’s MAC for the 192.168.20.2 address. If it has some strange affinity for that address, see what happens if you allow it.

 

[uplusd]

Yep I have Meraki gear at home. I do use VLAN tagging based on SSID. I have my main SSID and a separate SSID for IoT devices. I VLAN tag everything on the IoT SSID with VLAN 10 and everything on the main SSID gets tagged with VLAN 1 by default.

I've tried the Model X on both the main SSID and the IoT SSID, but still get the source/ip vlan mismatch error.

I like my other IoT devices to be on a separate VLAN that doesn't have access to my main VLAN.

Also it's weird because my Model 3 doesn't have this problem, only the MX does (maybe its a MCU1 thing?)

A workaround I’ve found with the help of a reddit user is that I created a new SSID (on native VLAN) for the Tesla only and use L3 firewall rules to block anything on that SSID from the local LAN. Different solution but same effect to keep the Teslas on an isolated network.

also, for what it’s worth, I do have advanced malware protection enabled on the Meraki config.

 

[ShawnA]

Hi Uplusd,

I am glad you were able to fix it...

Enjoy!!!

Shawn

 

[DCGOO]

Yep I have Meraki gear at home. I do use VLAN tagging based on SSID. I have my main SSID and a separate SSID for IoT devices. I VLAN tag everything on the IoT SSID with VLAN 10 and everything on the main SSID gets tagged with VLAN 1 by default.

I've tried the Model X on both the main SSID and the IoT SSID, but still get the source/ip vlan mismatch error.

I like my other IoT devices to be on a separate VLAN that doesn't have access to my main VLAN.

Also it's weird because my Model 3 doesn't have this problem, only the MX does (maybe its a MCU1 thing?)

A workaround I’ve found with the help of a reddit user is that I created a new SSID (on native VLAN) for the Tesla only and use L3 firewall rules to block anything on that SSID from the local LAN. Different solution but same effect to keep the Teslas on an isolated network.

also, for what it’s worth, I do have advanced malware protection enabled on the Meraki config.

Sounds like a network that was designed by a Committee (j/k)

 

[Janus]

Another issue could be the weaker radios in MCU1. Plenty of stories here about the older MCUs needing an access point/extender/etc in the garage for any hope of a solid connection. How far away is the AP?

Speaking about my own setup, I also have my MX on a tagged VLAN (similar reasoning as OP). But I've not had any issues with the connection. That being said, my MX was built in 2019, so it probably has the same MCU as the OP's M3.