Multiple SSIDs to multiple VLANs

Hello, I'm trying to configure my Xiaomi AX3000T with OpenWRT as a dumb AP, but i want to setup three SSIDs:

  • Home-Private
  • Home-Public
  • Home-IoT (Actually I haven't created it)
    which should respectively be bounded to
  • VLAN 11 (192.168.11.0/24)
  • VLAN 12 (192.168.12.0/24)
  • VLAN 13 (192.168.13.0/24)
    These VLANs are all created from the same bridge (all ports)
    and goes to my mikrotik css326-24g-2s+rm then to OPNSense.

When i try to connect to any of the SSIDs, it takes from 30s to some minutes to connect to get Ip address. If i set a static Ip, I cannot ping gateway before this time.
Using a wired device, I have no problem, so I tought the problem is with my OpenWRT configuration.
Can you help me?

I'm attaching my configuration (I configured everything through LuCI):

ubus call system board

{
	"kernel": "5.15.162",
	"hostname": "OpenWrt",
	"system": "ARMv8 Processor rev 4",
	"model": "Xiaomi Mi Router AX3000T",
	"board_name": "xiaomi,mi-router-ax3000t",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.4",
		"revision": "r24012-d8dd03c46f",
		"target": "mediatek/filogic",
		"description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
	}
}

cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fde3:6250:2654::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'wan'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '11'
	option name 'br-lan.11'
	option acceptlocal '1'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '12'
	option name 'br-lan.12'
	option acceptlocal '1'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '13'
	option name 'br-lan.13'
	option acceptlocal '1'

config device
	option type 'bridge'
	option name 'net.11'
	list ports 'br-lan.11'

config device
	option type 'bridge'
	option name 'net.12'
	list ports 'br-lan.12'

config device
	option type 'bridge'
	option name 'net.13'
	list ports 'br-lan.13'

config interface 'lan11'
	option proto 'dhcp'
	option device 'net.11'
	option metric '0'

config interface 'lan12'
	option proto 'dhcp'
	option device 'net.12'
	option metric '1'

config interface 'lan13'
	option proto 'dhcp'
	option device 'net.13'
	option metric '2'

cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/18000000.wifi'
	option channel 'auto'
	option band '2g'
	option htmode 'HE40'
	option cell_density '0'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/18000000.wifi+1'
	option channel 'auto'
	option band '5g'
	option htmode 'HE80'
	option cell_density '0'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'Home-Private'
	option encryption 'psk2'
	option key '********'
	option network 'lan11'

config wifi-iface 'wifinet3'
	option device 'radio1'
	option mode 'ap'
	option ssid 'Home-Private'
	option encryption 'psk2'
	option key '********'
	option network 'lan11'

config wifi-iface 'wifinet4'
	option device 'radio0'
	option mode 'ap'
	option ssid 'Home-Public'
	option encryption 'psk2'
	option key '********'
	option network 'lan12'

config wifi-iface 'wifinet5'
	option device 'radio1'
	option mode 'ap'
	option ssid 'Home-Public'
	option encryption 'psk2'
	option key '********'
	option network 'lan12'

hi @Paolo7297

try to add
option multicast_to_unicast_all '1'
to each SSID

No, this is not necessar.y Do not add this.

There are other issues:

Remove all the 802.1q stanzas:

Remove all of these -- you've already got a bridge, this would result in a bridge-in-a-bridge (which is not valid):

Create bridge vlans. For now, I'll assume that all VLANs are tagged on the wan port, and I'll make ports lan2-lan4 access ports for vlans 11-13.

config bridge-vlan
	option device 'br-lan'
	option vlan '11'
	list ports 'lan2:u*'
	list ports 'wan:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '12'
	list ports 'lan3:u*'
	list ports 'lan4'
	list ports 'wan:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '13'
	list ports 'lan4:u*'
	list ports 'wan:t'

Now, edit the network interfaces so they look like this (I'll assume VLAN 11 is the management lan):

config interface 'lan11'
	option proto 'dhcp'
	option device 'br-lan.11'

config interface 'lan12'
	option proto 'none'
	option device 'br-lan.12'

config interface 'br-lan.13'
	option proto 'none'
	option device 'net.13'

Then restart your device and test again. It should work if my assumptions were true.

If any of my assumptions were incorrect (uplink port, desired port-vlan membership, management VLAN), let me know if you need help to modify accordingly.