[Solved] DSA Multiple Networks on 21.02 not bridging to lan ports

I'm having trouble with my DSA configuration not bridging to physical lan ports.

I am running 21.02 first stable release (OpenWrt 21.02.0 r16279-5cc0535800) on my WRT1900ACSv2 router.

I have three networks:

  • Home Network (br-lan)
  • Office Network (br-lan2)
  • IoT Network (br-lan3)

The Home network is for my main devices. The Office network is bridged to my TAP VPN. The IoT Network isolates higher risk IoT devices from my main network.

Each interface has separate associated wlan wireless networks, firewall zones, and dynamic DHCP servers. At present all three networks work well (with internet) for their associated wlan clients.

My intent is for my home network to be accessible using lan1 and lan2, my office network to be accessible using lan4, and my IoT network to be accessible using lan3 when I connect my laptop directly via Ethernet cables.

My problem is that when I plug the Ethernet cable into lan3 or lan4, I have no internet and seemingly no bridged connection. When I plug the Ethernet cable into lan1 or lan2, I do have internet and bridged access to the Home network.

Below is my configuration:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'

config device
        option type 'bridge'
        option name 'br-lan2'
        option igmp_snooping '1'
        list ports 'lan4'
        list ports 'tap0'

config device
        option type 'bridge'
        option name 'br-lan3'
        option bridge_empty '1'
        list ports 'lan3'

config interface 'Home'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.1.1'

config interface 'Office'
        option proto 'static'
        option device 'br-lan2'
        option netmask '255.255.255.0'
        option type 'bridge'
        option ipaddr '192.168.2.1'

config interface 'IoT'
        option proto 'static'
        option device 'br-lan3'
        option ipaddr '192.168.3.1'
        option netmask '255.255.255.0'

Any ideas? Should I be using vlan tagged traffic to isolate my networks instead? Is this a bug or a misconfiguration issue?

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
{
	"kernel": "5.4.143",
	"hostname": "OpenWrt",
	"system": "ARMv7 Processor rev 1 (v7l)",
	"model": "Linksys WRT1900ACS",
	"board_name": "linksys,wrt1900acs",
	"release": {
		"distribution": "OpenWrt",
		"version": "21.02.0",
		"revision": "r16279-5cc0535800",
		"target": "mvebu/cortexa9",
		"description": "OpenWrt 21.02.0 r16279-5cc0535800"
	}
}
package network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'XXX'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'

config interface 'Home'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.1'

config device
	option name 'wan'
	option macaddr 'XXX'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'
	option peerdns '0'
	list dns '1.1.1.3'
	list dns '1.0.0.3'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option peerdns '0'
	list dns '2606:4700:4700::1113'
	list dns '2606:4700:4700::1003'

config device
	option type 'bridge'
	option name 'br-lan2'
	option igmp_snooping '1'
	list ports 'lan4'
	list ports 'tap0'

config interface 'Office'
	option proto 'static'
	option device 'br-lan2'
	option netmask '255.255.255.0'
	option type 'bridge'
	option ipaddr '192.168.2.1'

config device
	option type 'bridge'
	option name 'br-lan3'
	option bridge_empty '1'
	list ports 'lan3'

config interface 'IoT'
	option proto 'static'
	option device 'br-lan3'
	option ipaddr '192.168.3.1'
	option netmask '255.255.255.0'

package dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	option confdir '/tmp/dnsmasq.d'

config dhcp 'Home'
	option interface 'Home'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option ra_management '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'Office'
	option interface 'Office'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option force '1'
	list dhcp_option '6, 192.168.2.1'
	list ra_flags 'none'

config dhcp 'IoT'
	option interface 'IoT'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option force '1'

config dhcp 'TAP'
	option interface 'TAP'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option force '1'
	list ra_flags 'none'

config dhcp 'Tap1'
	option interface 'Tap1'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option force '1'
	list ra_flags 'none'

package firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'Home'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'Home'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled '0'

config include
	option path '/etc/firewall.user'

config zone
	option name 'Office'
	option output 'ACCEPT'
	option input 'REJECT'
	option forward 'REJECT'
	list network 'Office'

config rule
	list proto 'udp'
	option src 'Office'
	option dest_port '67-68'
	option target 'ACCEPT'
	option name 'Allow Fire DHCP'

config rule
	option src 'Office'
	option dest_port '53'
	option target 'ACCEPT'
	option name 'Allow Office DNS'

config rule
	option src_port '137-139'
	option dest 'Office'
	option target 'NOTRACK'
	option name 'Don'\''t Track NETBIOS Service'
	option src 'Office'

config rule
	option name 'Don'\''t track NETBIOS Service'
	option dest_port '137-139'
	option target 'NOTRACK'
	option dest 'Office'
	option src 'Office'

config rule
	option name 'Don'\''t track Windows Filesharing'
	option src_port '445'
	option target 'NOTRACK'
	option src 'Office'
	option dest 'Office'

config rule
	option name 'Don'\''t track Windows Filesharing'
	option dest_port '445'
	option target 'NOTRACK'
	option src 'Office'
	option dest 'Office'

config forwarding
	option src 'Office'
	option dest 'wan'

config zone
	option name 'IoT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option input 'REJECT'
	list network 'IoT'

config forwarding
	option src 'IoT'
	option dest 'wan'

config rule
	option name 'Allow Samba'
	option src 'Office'
	option dest_port '137-139'
	option target 'ACCEPT'

config rule
	option name 'Allow Samba 2'
	option dest_port '445'
	option target 'ACCEPT'
	option src 'Office'

config rule
	option name 'Allow-OpenVPN'
	list proto 'udp'
	option src 'Office'
	option dest_port '1194'
	option target 'ACCEPT'

config rule
	option name 'Allow-VPN2'
	option src_port '1195'
	option dest_port '1195'
	option target 'ACCEPT'
	option src 'Office'
	list proto 'udp'
	option enabled '0'

config rule
	option name 'Allow-DNS-IoT'
	option src 'IoT'
	option dest_port '53'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCP-IoT'
	list proto 'udp'
	option src 'IoT'
	option target 'ACCEPT'
	option dest_port '67-68'

config rule
	option name 'Allow HA'
	option src 'Home'
	list src_ip '192.168.1.166'
	option dest 'IoT'
	option target 'ACCEPT'

config rule
	option name 'Block Office Access to Private Network'
	option src 'Office'
	option dest 'Home'
	list dest_ip '192.168.1.0/24'
	option target 'DROP'

config rule
	option name 'Block IoT access to Private Network'
	option src 'IoT'
	option dest 'Home'
	list dest_ip '192.168.1.0/24'
	option target 'DROP'
	option enabled '0'

config redirect
	option target 'DNAT'
	option name 'Forward OpenVPN'
	list proto 'udp'
	option src_dport '1194'
	option dest_port '1194'
	option src 'wan'
	option dest_ip '192.168.2.1'

config redirect
	option target 'DNAT'
	option name 'Forward-VPN2'
	list proto 'udp'
	option src 'wan'
	option dest_ip '10.8.0.1'
	option dest_port '1194'
	option src_dport '1194'
	option enabled '0'

config rule
	option name 'Block IOT to Office'
	option src 'IoT'
	option dest 'Office'
	option target 'DROP'

config rule
	option name 'Block Office to IOT'
	option src 'Office'
	option dest 'IoT'
	option target 'DROP'

config forwarding
	option src 'Home'
	option dest 'IoT'

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
7: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP qlen 1000
    inet XXX/21 brd XXX scope global wan
       valid_lft forever preferred_lft forever
10: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
14: br-lan3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.3.1/24 brd 192.168.3.255 scope global br-lan3
       valid_lft forever preferred_lft forever
16: br-lan2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.2.1/24 brd 192.168.2.255 scope global br-lan2
       valid_lft forever preferred_lft forever
default via 72.XX.XX.1 dev wan  src 72.XX.XX.129 
72.XX.XX.0/21 dev wan scope link  src 72.XX.XX.129 
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1 
192.168.2.0/24 dev br-lan2 scope link  src 192.168.2.1 
192.168.3.0/24 dev br-lan3 scope link  src 192.168.3.1 
broadcast 72.XX.XX.0 dev wan table local scope link  src 72.XX.XX.129 
local 72.XX.XX.129 dev wan table local scope host  src 72.XX.XX.129 
broadcast 72.XX.XX.255 dev wan table local scope link  src 72.XX.XX.129 
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1 
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1 
broadcast 192.168.1.0 dev br-lan table local scope link  src 192.168.1.1 
local 192.168.1.1 dev br-lan table local scope host  src 192.168.1.1 
broadcast 192.168.1.255 dev br-lan table local scope link  src 192.168.1.1 
broadcast 192.168.2.0 dev br-lan2 table local scope link  src 192.168.2.1 
local 192.168.2.1 dev br-lan2 table local scope host  src 192.168.2.1 
broadcast 192.168.2.255 dev br-lan2 table local scope link  src 192.168.2.1 
broadcast 192.168.3.0 dev br-lan3 table local scope link  src 192.168.3.1 
local 192.168.3.1 dev br-lan3 table local scope host  src 192.168.3.1 
broadcast 192.168.3.255 dev br-lan3 table local scope link  src 192.168.3.1 
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 
lrwxrwxrwx    1 root     root            16 Aug 31 18:20 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root            47 Oct 13 11:47 /tmp/resolv.conf
-rw-r--r--    1 root     root           135 Oct 13 11:46 /tmp/resolv.conf.d/resolv.conf.auto

/tmp/resolv.conf.d:
-rw-r--r--    1 root     root           135 Oct 13 11:46 resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error

==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface wan
nameserver 1.1.1.3
nameserver 1.0.0.3
# Interface wan6
nameserver 2606:4700:4700::1113
nameserver 2606:4700:4700::1003

The interzone rules are not necessary. If you don't explicitly allow the forwarding from one zone to another, the traffic is not allowed, as per the global policy.
Are the iot or office hosts able to get IP from DHCP server? Can they do a nslookup on the OpenWrt?

Yes, clients are able to get an IP and use DNS when I connect to the iot and office hosts via their associated wlan, but no communication happens via their bridged lan port.

Thanks for the advice concerning the interzone rules.

So if you connect over wifi to the Office or IoT everything works fine, but when you connect to the lan port nothing works?
Why is bridge_empty configured in br-lan3 device config?
Why is there igmp_snooping in br-lan2 device config?
Do a brctl show as well.

This is probably some kind of mistake from evolving configuration with Luci. I can try to strike that from the actual configuration file to see if it makes a difference.

I'm not quite sure why I did that. I suspect I thought it would help the performance of my VPN setup. I can also strike this from the configuration file if you think it would help.

bridge name     bridge id               STP enabled     interfaces
br-lan2         xxxxxxxxxxxxxxxxx       no              wlan0-1
                                                        tap0
br-lan          xxxxxxxxxxxxxxxxx       no              lan2
                                                        wlan0
                                                        wlan1
                                                        lan1
br-lan3        xxxxxxxxxxxxxxxxx       no              wlan1-1

Thank you so much for looking into my issue! Why do you think lan3 and lan4 are not showing in the above command?

I am not sure why they are not part of the bridge. First remove those two lines from the device config. Second, while you are connected from lan1-2 do a ifup IoT, see if there is any log message, also paste here the log output logread

Thu Oct 14 17:08:30 2021 daemon.notice netifd: Interface 'IoT' is enabled
Thu Oct 14 17:08:30 2021 daemon.notice netifd: Interface 'IoT' is setting up now
Thu Oct 14 17:08:30 2021 daemon.notice netifd: Interface 'IoT' is now up
Thu Oct 14 17:08:30 2021 daemon.info avahi-daemon[3561]: Joining mDNS multicast group on interface br-lan3.IPv4 with address 192.168.3.1.
Thu Oct 14 17:08:30 2021 daemon.info avahi-daemon[3561]: New relevant interface br-lan3.IPv4 for mDNS.
Thu Oct 14 17:08:30 2021 daemon.info avahi-daemon[3561]: Registering new address record for 192.168.3.1 on br-lan3.IPv4.
Thu Oct 14 17:08:30 2021 daemon.notice netifd: Interface 'IoT' is now down
Thu Oct 14 17:08:30 2021 daemon.info avahi-daemon[3561]: Withdrawing address record for 192.168.3.1 on br-lan3.
Thu Oct 14 17:08:30 2021 daemon.info avahi-daemon[3561]: Leaving mDNS multicast group on interface br-lan3.IPv4 with address 192.168.3.1.
Thu Oct 14 17:08:30 2021 daemon.info avahi-daemon[3561]: Interface br-lan3.IPv4 no longer relevant for mDNS.
Thu Oct 14 17:08:30 2021 kern.info kernel: [105714.514463] br-lan3: port 1(wlan1-1) entered disabled state
Thu Oct 14 17:08:30 2021 kern.info kernel: [105714.523544] device wlan1-1 left promiscuous mode
Thu Oct 14 17:08:30 2021 kern.info kernel: [105714.528380] br-lan3: port 1(wlan1-1) entered disabled state
Thu Oct 14 17:08:30 2021 daemon.notice netifd: Interface 'IoT' is disabled
Thu Oct 14 17:08:30 2021 daemon.notice netifd: bridge 'br-lan3' link is down
Thu Oct 14 17:08:30 2021 daemon.notice netifd: Interface 'IoT' has link connectivity loss
Thu Oct 14 17:08:30 2021 user.notice firewall: Reloading firewall due to ifup of IoT (br-lan3)
Thu Oct 14 17:08:30 2021 kern.info kernel: [105714.678006] br-lan3: port 1(wlan1-1) entered blocking state
Thu Oct 14 17:08:30 2021 kern.info kernel: [105714.683788] br-lan3: port 1(wlan1-1) entered disabled state
Thu Oct 14 17:08:30 2021 kern.info kernel: [105714.689684] device wlan1-1 entered promiscuous mode
Thu Oct 14 17:08:30 2021 kern.info kernel: [105714.697308] br-lan3: port 1(wlan1-1) entered blocking state
Thu Oct 14 17:08:30 2021 kern.info kernel: [105714.703011] br-lan3: port 1(wlan1-1) entered forwarding state
Thu Oct 14 17:08:30 2021 daemon.notice netifd: Interface 'IoT' is enabled
Thu Oct 14 17:08:30 2021 daemon.notice netifd: Interface 'IoT' is setting up now
Thu Oct 14 17:08:30 2021 daemon.info avahi-daemon[3561]: Joining mDNS multicast group on interface br-lan3.IPv4 with address 192.168.3.1.
Thu Oct 14 17:08:30 2021 daemon.info avahi-daemon[3561]: New relevant interface br-lan3.IPv4 for mDNS.
Thu Oct 14 17:08:30 2021 daemon.info avahi-daemon[3561]: Registering new address record for 192.168.3.1 on br-lan3.IPv4.
Thu Oct 14 17:08:30 2021 daemon.notice netifd: Interface 'IoT' is now up
Thu Oct 14 17:08:30 2021 daemon.notice netifd: bridge 'br-lan3' link is up
Thu Oct 14 17:08:30 2021 daemon.notice netifd: Interface 'IoT' has link connectivity
Thu Oct 14 17:08:30 2021 daemon.notice hostapd: Remove interface 'wlan1'
Thu Oct 14 17:08:30 2021 daemon.notice hostapd: wlan1: interface state ENABLED->DISABLED
Thu Oct 14 17:08:30 2021 daemon.notice hostapd: wlan1-1: AP-STA-DISCONNECTED XXXXXXXXXXXX
Thu Oct 14 17:08:30 2021 daemon.notice hostapd: wlan1-1: AP-STA-DISCONNECTED XXXXXX34:01
Thu Oct 14 17:08:30 2021 daemon.notice hostapd: wlan1-1: AP-STA-DISCONNECTED XXXXXX
Thu Oct 14 17:08:30 2021 daemon.notice hostapd: wlan1-1: AP-STA-DISCONNECTED XXXXXX
Thu Oct 14 17:08:30 2021 daemon.notice hostapd: wlan1-1: AP-STA-DISCONNECTED XXXXXX
Thu Oct 14 17:08:30 2021 daemon.notice hostapd: wlan1-1: AP-STA-DISCONNECTED XXXXXX
Thu Oct 14 17:08:30 2021 daemon.notice hostapd: wlan1-1: AP-STA-DISCONNECTED XXXXXX
Thu Oct 14 17:08:30 2021 daemon.notice hostapd: wlan1-1: AP-STA-DISCONNECTED XXXXXX
Thu Oct 14 17:08:30 2021 daemon.notice hostapd: wlan1-1: AP-STA-DISCONNECTED XXXXXX
Thu Oct 14 17:08:30 2021 daemon.notice hostapd: wlan1-1: AP-STA-DISCONNECTED XXXXXX
Thu Oct 14 17:08:30 2021 daemon.notice hostapd: wlan1-1: AP-DISABLED
Thu Oct 14 17:08:30 2021 daemon.notice hostapd: wlan1-1: CTRL-EVENT-TERMINATING
Thu Oct 14 17:08:30 2021 user.notice firewall: Reloading firewall due to ifup of Office (br-lan2)
Thu Oct 14 17:08:30 2021 daemon.notice netifd: Network device 'wlan1-1' link is down
Thu Oct 14 17:08:30 2021 daemon.info avahi-daemon[3561]: Interface wlan1-1.IPv6 no longer relevant for mDNS.
Thu Oct 14 17:08:30 2021 daemon.info avahi-daemon[3561]: Leaving mDNS multicast group on interface wlan1-1.IPv6 with address XXXXXX.
Thu Oct 14 17:08:30 2021 kern.info kernel: [105715.086592] br-lan3: port 1(wlan1-1) entered disabled state
Thu Oct 14 17:08:30 2021 kern.info kernel: [105715.095012] device wlan1-1 left promiscuous mode
Thu Oct 14 17:08:30 2021 kern.info kernel: [105715.099771] br-lan3: port 1(wlan1-1) entered disabled state
Thu Oct 14 17:08:30 2021 daemon.notice netifd: bridge 'br-lan3' link is down
Thu Oct 14 17:08:30 2021 daemon.notice netifd: Interface 'IoT' has link connectivity loss
Thu Oct 14 17:08:31 2021 daemon.notice netifd: Interface 'IoT' is now down
Thu Oct 14 17:08:31 2021 daemon.info avahi-daemon[3561]: Withdrawing address record for XXXXXX on wlan1-1.
Thu Oct 14 17:08:31 2021 daemon.info avahi-daemon[3561]: Withdrawing address record for 192.168.3.1 on br-lan3.
Thu Oct 14 17:08:31 2021 daemon.info avahi-daemon[3561]: Leaving mDNS multicast group on interface br-lan3.IPv4 with address 192.168.3.1.
Thu Oct 14 17:08:31 2021 daemon.info avahi-daemon[3561]: Interface br-lan3.IPv4 no longer relevant for mDNS.
Thu Oct 14 17:08:31 2021 daemon.notice hostapd: nl80211: Failed to remove interface wlan1-1 from bridge br-lan3: No such device
Thu Oct 14 17:08:31 2021 daemon.notice hostapd: wlan1: AP-STA-DISCONNECTED XXXXXX
Thu Oct 14 17:08:31 2021 daemon.notice hostapd: wlan1: AP-STA-DISCONNECTED XXXXXX
Thu Oct 14 17:08:31 2021 daemon.notice hostapd: wlan1: AP-STA-DISCONNECTED XXXXXX
Thu Oct 14 17:08:31 2021 daemon.notice hostapd: wlan1: AP-STA-DISCONNECTED XXXXXX
Thu Oct 14 17:08:31 2021 daemon.notice hostapd: wlan1: AP-STA-DISCONNECTED XXXXXX
Thu Oct 14 17:08:31 2021 daemon.notice hostapd: wlan1: AP-STA-DISCONNECTED XXXXXX
Thu Oct 14 17:08:31 2021 daemon.notice hostapd: wlan1: AP-DISABLED
Thu Oct 14 17:08:31 2021 daemon.notice hostapd: wlan1: CTRL-EVENT-TERMINATING
Thu Oct 14 17:08:31 2021 daemon.notice hostapd: nl80211: deinit ifname=wlan1 disabled_11b_rates=0
Thu Oct 14 17:08:31 2021 daemon.notice netifd: Interface 'IoT' is disabled
Thu Oct 14 17:08:31 2021 kern.info kernel: [105715.333751] device wlan1 left promiscuous mode
Thu Oct 14 17:08:31 2021 kern.info kernel: [105715.338415] br-lan: port 3(wlan1) entered disabled state
Thu Oct 14 17:08:31 2021 kern.debug kernel: [105715.518591] ieee80211 phy1: change: 0x40
Thu Oct 14 17:08:31 2021 kern.debug kernel: [105715.572651] ieee80211 phy1: change: 0x100
Thu Oct 14 17:08:31 2021 daemon.info samba4-server: io_uring module found, enabling VFS io_uring. (also needs Kernel 5.4+ Support)
Thu Oct 14 17:08:31 2021 daemon.info avahi-daemon[3561]: Interface wlan1.IPv6 no longer relevant for mDNS.
Thu Oct 14 17:08:31 2021 daemon.info avahi-daemon[3561]: Leaving mDNS multicast group on interface wlan1.IPv6 with address XXXXXX.
Thu Oct 14 17:08:31 2021 daemon.notice netifd: Network device 'wlan1' link is down
Thu Oct 14 17:08:31 2021 daemon.info avahi-daemon[3561]: Withdrawing address record for XXXXXX on wlan1.
Thu Oct 14 17:08:31 2021 daemon.notice netifd: Interface 'IoT' is enabled
Thu Oct 14 17:08:31 2021 daemon.notice netifd: Interface 'IoT' is setting up now
Thu Oct 14 17:08:31 2021 daemon.notice netifd: Interface 'IoT' is now up
Thu Oct 14 17:08:31 2021 daemon.info avahi-daemon[3561]: Joining mDNS multicast group on interface br-lan3.IPv4 with address 192.168.3.1.
Thu Oct 14 17:08:31 2021 daemon.info avahi-daemon[3561]: New relevant interface br-lan3.IPv4 for mDNS.
Thu Oct 14 17:08:31 2021 daemon.info avahi-daemon[3561]: Registering new address record for 192.168.3.1 on br-lan3.IPv4.
Thu Oct 14 17:08:31 2021 user.notice firewall: Reloading firewall due to ifup of IoT (br-lan3)
Thu Oct 14 17:08:31 2021 daemon.notice hostapd: Configuration file: /var/run/hostapd-phy1.conf (phy wlan1) --> new PHY
Thu Oct 14 17:08:32 2021 kern.debug kernel: [105716.202551] ieee80211 phy1: change: 0xffffffff
Thu Oct 14 17:08:32 2021 kern.info kernel: [105716.267398] br-lan: port 3(wlan1) entered blocking state
Thu Oct 14 17:08:32 2021 kern.info kernel: [105716.272828] br-lan: port 3(wlan1) entered disabled state
Thu Oct 14 17:08:32 2021 daemon.notice hostapd: wlan1: interface state UNINITIALIZED->COUNTRY_UPDATE
Thu Oct 14 17:08:32 2021 kern.info kernel: [105716.278382] device wlan1 entered promiscuous mode
Thu Oct 14 17:08:32 2021 kern.debug kernel: [105716.319390] ieee80211 phy1: change: 0x100
Thu Oct 14 17:08:32 2021 kern.debug kernel: [105716.332555] ieee80211 phy1: change: 0x42
Thu Oct 14 17:08:32 2021 kern.info kernel: [105716.455589] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
Thu Oct 14 17:08:32 2021 kern.info kernel: [105716.462145] br-lan: port 3(wlan1) entered blocking state
Thu Oct 14 17:08:32 2021 kern.info kernel: [105716.467582] br-lan: port 3(wlan1) entered forwarding state
Thu Oct 14 17:08:32 2021 daemon.info avahi-daemon[3561]: Joining mDNS multicast group on interface br-lan2.IPv6 with address fXXXXXX.
Thu Oct 14 17:08:32 2021 daemon.info avahi-daemon[3561]: New relevant interface br-lan2.IPv6 for mDNS.
Thu Oct 14 17:08:32 2021 daemon.info avahi-daemon[3561]: Registering new address record for fXXXXXX on br-lan2.*.
Thu Oct 14 17:08:32 2021 kern.info kernel: [105716.510962] br-lan3: port 1(wlan1-1) entered blocking state
Thu Oct 14 17:08:32 2021 kern.info kernel: [105716.516908] br-lan3: port 1(wlan1-1) entered disabled state
Thu Oct 14 17:08:32 2021 kern.info kernel: [105716.522765] device wlan1-1 entered promiscuous mode
Thu Oct 14 17:08:32 2021 kern.info kernel: [105716.581815] br-lan3: port 1(wlan1-1) entered blocking state
Thu Oct 14 17:08:32 2021 kern.info kernel: [105716.587517] br-lan3: port 1(wlan1-1) entered forwarding state
Thu Oct 14 17:08:32 2021 kern.info kernel: [105716.593512] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan3: link becomes ready
Thu Oct 14 17:08:32 2021 daemon.notice netifd: bridge 'br-lan3' link is up
Thu Oct 14 17:08:32 2021 daemon.notice netifd: Interface 'IoT' has link connectivity
Thu Oct 14 17:08:32 2021 kern.info kernel: [105716.696588] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1-1: link becomes ready
Thu Oct 14 17:08:32 2021 daemon.notice hostapd: wlan1: interface state COUNTRY_UPDATE->ENABLED
Thu Oct 14 17:08:32 2021 daemon.notice hostapd: wlan1: AP-ENABLED
Thu Oct 14 17:08:33 2021 daemon.notice netifd: Network device 'wlan1' link is up
Thu Oct 14 17:08:33 2021 daemon.notice netifd: Network device 'wlan1-1' link is up
Thu Oct 14 17:08:33 2021 daemon.info avahi-daemon[3561]: Joining mDNS multicast group on interface br-lan3.IPv6 with address XXXXXX:6435.
Thu Oct 14 17:08:33 2021 daemon.info avahi-daemon[3561]: New relevant interface br-lan3.IPv6 for mDNS.
Thu Oct 14 17:08:33 2021 daemon.info avahi-daemon[3561]: Registering new address record for XXXXXX:6435 on br-lan3.*.
Thu Oct 14 17:08:33 2021 daemon.info hostapd: wlan1-1: STA XXXXXX IEEE 802.11: authenticated
Thu Oct 14 17:08:33 2021 daemon.info hostapd: wlan1-1: STA XXXXXX IEEE 802.11: associated (aid 1)
Thu Oct 14 17:08:33 2021 daemon.notice hostapd: wlan1-1: AP-STA-CONNECTED XXXXXX
Thu Oct 14 17:08:33 2021 daemon.info hostapd: wlan1-1: STA XXXXXX WPA: pairwise key handshake completed (RSN)
Thu Oct 14 17:08:33 2021 daemon.info dnsmasq[9846]: read /etc/hosts - 4 addresses
Thu Oct 14 17:08:33 2021 daemon.info dnsmasq[9846]: read /tmp/hosts/odhcpd - 10 addresses
Thu Oct 14 17:08:33 2021 daemon.info dnsmasq[9846]: read /tmp/hosts/dhcp.cfg01411c - 4 addresses
Thu Oct 14 17:08:33 2021 daemon.info dnsmasq-dhcp[9846]: read /etc/ethers - 0 addresses
Thu Oct 14 17:08:34 2021 daemon.info avahi-daemon[3561]: Joining mDNS multicast group on interface wlan1.IPv6 with address XXXXXX.
Thu Oct 14 17:08:34 2021 daemon.info avahi-daemon[3561]: New relevant interface wlan1.IPv6 for mDNS.
Thu Oct 14 17:08:34 2021 daemon.info avahi-daemon[3561]: Registering new address record for XXXXXX on wlan1.*.
Thu Oct 14 17:08:34 2021 daemon.info dnsmasq-dhcp[9846]: DHCPDISCOVER(br-lan3) XXXXXX
Thu Oct 14 17:08:34 2021 daemon.info dnsmasq-dhcp[9846]: DHCPOFFER(br-lan3) 192.168.3.132 XXXXXX
Thu Oct 14 17:08:34 2021 daemon.info dnsmasq-dhcp[9846]: DHCPREQUEST(br-lan3) 192.168.3.132 XXXXXX
Thu Oct 14 17:08:34 2021 daemon.info dnsmasq-dhcp[9846]: DHCPACK(br-lan3) 192.168.3.132 XXXXXX ESP_94ED43
Thu Oct 14 17:08:34 2021 daemon.info avahi-daemon[3561]: Joining mDNS multicast group on interface wlan1-1.IPv6 with address XXXXXX:6435.
Thu Oct 14 17:08:34 2021 daemon.info avahi-daemon[3561]: New relevant interface wlan1-1.IPv6 for mDNS.
Thu Oct 14 17:08:34 2021 daemon.info avahi-daemon[3561]: Registering new address record for XXXXXX:6435 on wlan1-1.*.
Thu Oct 14 17:08:35 2021 daemon.info hostapd: wlan1: STA XXXXXX IEEE 802.11: authenticated
Thu Oct 14 17:08:35 2021 daemon.info hostapd: wlan1: STA XXXXXX IEEE 802.11: associated (aid 1)
Thu Oct 14 17:08:35 2021 daemon.notice hostapd: wlan1: AP-STA-CONNECTED XXXXXX
Thu Oct 14 17:08:35 2021 daemon.info hostapd: wlan1: STA XXXXXX WPA: pairwise key handshake completed (RSN)
Thu Oct 14 17:08:35 2021 daemon.info hostapd: wlan1-1: STA XXXXXX IEEE 802.11: authenticated
Thu Oct 14 17:08:35 2021 daemon.info hostapd: wlan1-1: STA XXXXXX IEEE 802.11: associated (aid 2)
Thu Oct 14 17:08:36 2021 daemon.notice hostapd: wlan1-1: AP-STA-CONNECTED XXXXXX
Thu Oct 14 17:08:36 2021 daemon.info hostapd: wlan1-1: STA XXXXXX WPA: pairwise key handshake completed (RSN)
Thu Oct 14 17:08:36 2021 daemon.info hostapd: wlan1: STA XXXXXXXXXXXX IEEE 802.11: authenticated
Thu Oct 14 17:08:36 2021 daemon.info hostapd: wlan1: STA XXXXXXXXXXXX IEEE 802.11: associated (aid 2)
Thu Oct 14 17:08:36 2021 daemon.info hostapd: wlan1-1: STA XXXXXX IEEE 802.11: authenticated
Thu Oct 14 17:08:36 2021 daemon.info hostapd: wlan1-1: STA XXXXXX IEEE 802.11: associated (aid 3)
Thu Oct 14 17:08:37 2021 daemon.info dnsmasq-dhcp[9846]: DHCPDISCOVER(br-lan3) XXXXXX
Thu Oct 14 17:08:37 2021 daemon.info dnsmasq-dhcp[9846]: DHCPOFFER(br-lan3) 192.168.3.108 XXXXXX
Thu Oct 14 17:08:37 2021 daemon.info dnsmasq-dhcp[9846]: DHCPREQUEST(br-lan3) 192.168.3.108 XXXXXX
Thu Oct 14 17:08:37 2021 daemon.info dnsmasq-dhcp[9846]: DHCPACK(br-lan3) 192.168.3.108 XXXXXX ESP_ACF98D
Thu Oct 14 17:08:37 2021 daemon.info hostapd: wlan1-1: STA XXXXXX IEEE 802.11: authenticated
Thu Oct 14 17:08:37 2021 daemon.info hostapd: wlan1-1: STA XXXXXX IEEE 802.11: associated (aid 4)
Thu Oct 14 17:08:37 2021 daemon.notice hostapd: wlan1-1: AP-STA-CONNECTED XXXXXX
Thu Oct 14 17:08:37 2021 daemon.info hostapd: wlan1-1: STA XXXXXX WPA: pairwise key handshake completed (RSN)
Thu Oct 14 17:08:37 2021 daemon.notice hostapd: wlan1: AP-STA-POSSIBLE-PSK-MISMATCH XXXXXXXXXXXX
Thu Oct 14 17:08:37 2021 daemon.notice hostapd: wlan1-1: AP-STA-CONNECTED XXXXXX34:01
Thu Oct 14 17:08:37 2021 daemon.info hostapd: wlan1-1: STA XXXXXX34:01 WPA: pairwise key handshake completed (RSN)
Thu Oct 14 17:08:38 2021 daemon.notice hostapd: wlan1: AP-STA-POSSIBLE-PSK-MISMATCH XXXXXXXXXXXX
Thu Oct 14 17:08:38 2021 daemon.info hostapd: wlan1-1: STA XXXXXX87:a5:63 IEEE 802.11: authenticated
Thu Oct 14 17:08:38 2021 daemon.info hostapd: wlan1-1: STA XXXXXX87:a5:63 IEEE 802.11: associated (aid 5)
Thu Oct 14 17:08:38 2021 daemon.notice hostapd: wlan1-1: AP-STA-CONNECTED XXXXXX
Thu Oct 14 17:08:38 2021 daemon.info hostapd: wlan1-1: STA XXXXXX WPA: pairwise key handshake completed (RSN)
Thu Oct 14 17:08:38 2021 daemon.info dnsmasq-dhcp[9846]: DHCPDISCOVER(br-lan3) XXXXXX
Thu Oct 14 17:08:38 2021 daemon.info dnsmasq-dhcp[9846]: DHCPOFFER(br-lan3) 192.168.3.208 XXXXXX
Thu Oct 14 17:08:38 2021 daemon.info dnsmasq-dhcp[9846]: DHCPREQUEST(br-lan3) 192.168.3.208 XXXXXX
Thu Oct 14 17:08:38 2021 daemon.info dnsmasq-dhcp[9846]: DHCPACK(br-lan3) 192.168.3.208 XXXXXX TY_WR
Thu Oct 14 17:08:39 2021 daemon.info dnsmasq-dhcp[9846]: DHCPDISCOVER(br-lan3) XXXXXX
Thu Oct 14 17:08:39 2021 daemon.info dnsmasq-dhcp[9846]: DHCPOFFER(br-lan3) 192.168.3.100 XXXXXX
Thu Oct 14 17:08:39 2021 daemon.info dnsmasq-dhcp[9846]: DHCPREQUEST(br-lan3) 192.168.3.100 XXXXXX
Thu Oct 14 17:08:39 2021 daemon.info dnsmasq-dhcp[9846]: DHCPACK(br-lan3) 192.168.3.100 XXXXXX ESP_778E1E
Thu Oct 14 17:08:39 2021 daemon.notice hostapd: wlan1: AP-STA-POSSIBLE-PSK-MISMATCH XXXXXXXXXXXX
Thu Oct 14 17:08:39 2021 daemon.info dnsmasq-dhcp[9846]: DHCPDISCOVER(br-lan3) XXXXXX34:01
Thu Oct 14 17:08:39 2021 daemon.info dnsmasq-dhcp[9846]: DHCPOFFER(br-lan3) 192.168.3.159 XXXXXX34:01
Thu Oct 14 17:08:39 2021 daemon.info dnsmasq-dhcp[9846]: DHCPREQUEST(br-lan3) 192.168.3.159 XXXXXX34:01
Thu Oct 14 17:08:39 2021 daemon.info dnsmasq-dhcp[9846]: DHCPACK(br-lan3) 192.168.3.159 XXXXXX34:01 RMMINI-1a-34-01
Thu Oct 14 17:08:39 2021 daemon.info hostapd: wlan1-1: STA XXXXXX IEEE 802.11: authenticated
Thu Oct 14 17:08:39 2021 daemon.info hostapd: wlan1-1: STA XXXXXX IEEE 802.11: associated (aid 6)
Thu Oct 14 17:08:40 2021 daemon.notice hostapd: wlan1-1: AP-STA-CONNECTED XXXXXX
Thu Oct 14 17:08:40 2021 daemon.info hostapd: wlan1-1: STA XXXXXX WPA: pairwise key handshake completed (RSN)
Thu Oct 14 17:08:40 2021 daemon.info hostapd: wlan1: STA XXXXXX IEEE 802.11: authenticated
Thu Oct 14 17:08:40 2021 daemon.info hostapd: wlan1: STA XXXXXX IEEE 802.11: associated (aid 3)
Thu Oct 14 17:08:40 2021 daemon.notice hostapd: wlan1: AP-STA-CONNECTED XXXXXX
Thu Oct 14 17:08:40 2021 daemon.info hostapd: wlan1: STA XXXXXX WPA: pairwise key handshake completed (RSN)
Thu Oct 14 17:08:40 2021 daemon.info hostapd: wlan1-1: STA XXXXXXXXXXXX IEEE 802.11: authenticated
Thu Oct 14 17:08:40 2021 daemon.info hostapd: wlan1-1: STA XXXXXXXXXXXX IEEE 802.11: associated (aid 7)
Thu Oct 14 17:08:40 2021 daemon.notice hostapd: wlan1-1: AP-STA-CONNECTED XXXXXX
Thu Oct 14 17:08:40 2021 daemon.info hostapd: wlan1-1: STA XXXXXXXXXXXX WPA: pairwise key handshake completed (RSN)
Thu Oct 14 17:08:40 2021 daemon.info dnsmasq-dhcp[9846]: DHCPDISCOVER(br-lan3) XXXXXX
Thu Oct 14 17:08:40 2021 daemon.info dnsmasq-dhcp[9846]: DHCPOFFER(br-lan3) 192.168.3.186 XXXXXX
Thu Oct 14 17:08:40 2021 daemon.info dnsmasq-dhcp[9846]: DHCPREQUEST(br-lan3) 192.168.3.186 XXXXXXXXXXXX
Thu Oct 14 17:08:40 2021 daemon.info dnsmasq-dhcp[9846]: DHCPACK(br-lan3) 192.168.3.186 XXXXXXXXXXXX
Thu Oct 14 17:08:40 2021 daemon.info hostapd: wlan1: STA XXXXXX IEEE 802.11: authenticated
Thu Oct 14 17:08:40 2021 daemon.info hostapd: wlan1: STA XXXXXX IEEE 802.11: associated (aid 2)
Thu Oct 14 17:08:41 2021 daemon.notice hostapd: wlan1: AP-STA-CONNECTED XXXXXX
Thu Oct 14 17:08:41 2021 daemon.info hostapd: wlan1: STA XXXXXX WPA: pairwise key handshake completed (RSN)
Thu Oct 14 17:08:41 2021 daemon.info hostapd: wlan1: STA XXXXXX IEEE 802.11: authenticated
Thu Oct 14 17:08:41 2021 daemon.info hostapd: wlan1: STA XXXXXX IEEE 802.11: associated (aid 4)
Thu Oct 14 17:08:41 2021 daemon.info dnsmasq-dhcp[9846]: DHCPDISCOVER(br-lan3) XXXXXX
Thu Oct 14 17:08:41 2021 daemon.info dnsmasq-dhcp[9846]: DHCPOFFER(br-lan3) 192.168.3.106 XXXXXX
Thu Oct 14 17:08:41 2021 daemon.notice hostapd: wlan1: AP-STA-CONNECTED XXXXXX
Thu Oct 14 17:08:41 2021 daemon.info hostapd: wlan1: STA XXXXXX WPA: pairwise key handshake completed (RSN)
Thu Oct 14 17:08:41 2021 daemon.info dnsmasq-dhcp[9846]: DHCPREQUEST(br-lan3) 192.168.3.106 XXXXXX
Thu Oct 14 17:08:41 2021 daemon.info dnsmasq-dhcp[9846]: DHCPACK(br-lan3) 192.168.3.106 XXXXXX
Thu Oct 14 17:08:41 2021 daemon.info dnsmasq-dhcp[9846]: DHCPREQUEST(br-lan) 192.168.1.229 XXXXXX
Thu Oct 14 17:08:41 2021 daemon.info dnsmasq-dhcp[9846]: DHCPACK(br-lan) 192.168.1.229 XXXXXX Google-Home-Mini
Thu Oct 14 17:08:41 2021 daemon.info hostapd: wlan1: STA XXXXXX IEEE 802.11: authenticated
Thu Oct 14 17:08:41 2021 daemon.info hostapd: wlan1: STA XXXXXX IEEE 802.11: associated (aid 5)
Thu Oct 14 17:08:41 2021 daemon.notice hostapd: wlan1: AP-STA-CONNECTED XXXXXX
Thu Oct 14 17:08:41 2021 daemon.info hostapd: wlan1: STA XXXXXX WPA: pairwise key handshake completed (RSN)
Thu Oct 14 17:08:41 2021 daemon.info hostapd: wlan1-1: STA XXXXXX IEEE 802.11: authenticated
Thu Oct 14 17:08:41 2021 kern.debug kernel: [105725.840882] ieee80211 phy1: Mac80211 start BA XXXXXX
Thu Oct 14 17:08:42 2021 daemon.info hostapd: wlan1: STA XXXXXX IEEE 802.11: authenticated
Thu Oct 14 17:08:42 2021 daemon.info hostapd: wlan1: STA XXXXXX IEEE 802.11: associated (aid 6)
Thu Oct 14 17:08:42 2021 daemon.notice hostapd: wlan1: AP-STA-CONNECTED XXXXXX
Thu Oct 14 17:08:42 2021 daemon.info hostapd: wlan1: STA XXXXXX WPA: pairwise key handshake completed (RSN)
Thu Oct 14 17:08:42 2021 daemon.info hostapd: wlan1-1: STA XXXXXX IEEE 802.11: authenticated
Thu Oct 14 17:08:42 2021 daemon.info hostapd: wlan1-1: STA XXXXXX IEEE 802.11: associated (aid 8)
Thu Oct 14 17:08:43 2021 daemon.info hostapd: wlan1: STA XXXXXXXXXXXX IEEE 802.11: authenticated
Thu Oct 14 17:08:43 2021 daemon.info hostapd: wlan1: STA XXXXXXXXXXXX IEEE 802.11: associated (aid 7)
Thu Oct 14 17:08:43 2021 daemon.notice hostapd: wlan1-1: AP-STA-CONNECTED XXXXXX
Thu Oct 14 17:08:43 2021 daemon.info hostapd: wlan1-1: STA XXXXXX WPA: pairwise key handshake completed (RSN)
Thu Oct 14 17:08:43 2021 daemon.info dnsmasq-dhcp[9846]: DHCPDISCOVER(br-lan3) XXXXXX
Thu Oct 14 17:08:43 2021 daemon.info dnsmasq-dhcp[9846]: DHCPOFFER(br-lan3) 192.168.3.219 XXXXXX
Thu Oct 14 17:08:43 2021 daemon.info dnsmasq-dhcp[9846]: DHCPREQUEST(br-lan3) 192.168.3.219 XXXXXX
Thu Oct 14 17:08:43 2021 daemon.info dnsmasq-dhcp[9846]: DHCPACK(br-lan3) 192.168.3.219 XXXXXX
Thu Oct 14 17:08:44 2021 kern.debug kernel: [105728.190691] ieee80211 phy0: Mac80211 start BA 54:60:09:7f:51:9c
Thu Oct 14 17:08:44 2021 daemon.info hostapd: wlan1-1: STA XXXXXX IEEE 802.11: authenticated
Thu Oct 14 17:08:44 2021 daemon.info hostapd: wlan1-1: STA XXXXXX IEEE 802.11: associated (aid 9)
Thu Oct 14 17:08:44 2021 daemon.notice hostapd: wlan1-1: AP-STA-CONNECTED XXXXXX
Thu Oct 14 17:08:44 2021 daemon.info hostapd: wlan1-1: STA XXXXXX WPA: pairwise key handshake completed (RSN)
Thu Oct 14 17:08:44 2021 daemon.notice hostapd: wlan1: AP-STA-POSSIBLE-PSK-MISMATCH XXXXXXXXXXXX
Thu Oct 14 17:08:44 2021 kern.debug kernel: [105728.543355] ieee80211 phy0: Stop BA XXXXXXX
Thu Oct 14 17:08:44 2021 daemon.info dnsmasq-dhcp[9846]: DHCPDISCOVER(br-lan) XXXXXX
Thu Oct 14 17:08:44 2021 daemon.info dnsmasq-dhcp[9846]: DHCPOFFER(br-lan) 192.168.1.106 XXXXXX
Thu Oct 14 17:08:44 2021 daemon.info dnsmasq-dhcp[9846]: DHCPREQUEST(br-lan) 192.168.1.106 XXXXXX
Thu Oct 14 17:08:44 2021 daemon.info dnsmasq-dhcp[9846]: DHCPACK(br-lan) 192.168.1.106 XXXXXX Switch-
Thu Oct 14 17:08:44 2021 daemon.info dnsmasq-dhcp[9846]: DHCPDISCOVER(br-lan) XXXXXX
Thu Oct 14 17:08:44 2021 daemon.info dnsmasq-dhcp[9846]: DHCPOFFER(br-lan) 192.168.1.114 XXXXXX
Thu Oct 14 17:08:44 2021 daemon.info dnsmasq-dhcp[9846]: DHCPREQUEST(br-lan) 192.168.1.114 XXXXXX
Thu Oct 14 17:08:45 2021 daemon.info dnsmasq-dhcp[9846]: DHCPACK(br-lan) 192.168.1.114 XXXXXX Switch-0
Thu Oct 14 17:08:45 2021 daemon.notice hostapd: wlan1: AP-STA-POSSIBLE-PSK-MISMATCH XXXXXXXXXXXX
Thu Oct 14 17:08:45 2021 daemon.info dnsmasq-dhcp[9846]: DHCPDISCOVER(br-lan3) XXXXXX
Thu Oct 14 17:08:45 2021 daemon.info dnsmasq-dhcp[9846]: DHCPOFFER(br-lan3) 192.168.3.169 XXXXXX
Thu Oct 14 17:08:45 2021 daemon.info dnsmasq-dhcp[9846]: DHCPDISCOVER(br-lan) XXXXXX
Thu Oct 14 17:08:45 2021 daemon.info dnsmasq-dhcp[9846]: DHCPOFFER(br-lan) 192.168.1.129 XXXXXX
Thu Oct 14 17:08:45 2021 daemon.info dnsmasq-dhcp[9846]: DHCPREQUEST(br-lan) 192.168.1.129 XXXXXX
Thu Oct 14 17:08:45 2021 daemon.info dnsmasq-dhcp[9846]: DHCPACK(br-lan) 192.168.1.129 XXXXXX Switch2
Thu Oct 14 17:08:46 2021 daemon.notice hostapd: wlan1: AP-STA-POSSIBLE-PSK-MISMATCH XXXXXX

Not seeing too much interesting in this log.

Removed those lines of code and restarted the router. Still no luck on lan3 access. Same output for the brctl command as previous post.

Any chance this could be a bug? It seems to be consistent with other DSA configuration models.

Your office interface sets „option type bridge“ which would cause netifd to spawn a br-Office over br-lan2, maybe that triggers undefined behavior. Try removing „option type bridge“ from „config interface Office“ and reboot or restart (not reload) network, then recheck the setup.

2 Likes

Thanks for the suggestion. Unfortunately, this did not work as well. I still cannot access br-lan2 or br-lan3 via lan4 and lan3.

Run brctl show again, now that you (correctly) don't have option type bridge in any of the config interface sections.

Having br-lan3 etc as a bridge name while lan3 etc are pre-defined port names might be an issue. You could try renaming them br-office and br-iot instead.

Also use strictly lowercase for all names.

There have been a number of of forum threads RE: Multiple bridged networks not manifesting correctly. I did a quick test with master image on a mamba:

Summary
root@mamba:/etc/config# cat network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'
	option ula_prefix 'fde2:1857:9a33::/48'

config device
	option name 'lan1'
	option macaddr '94:10:3e:85:b5:26'

config device
	option name 'lan2'
	option macaddr '94:10:3e:85:b5:26'

config device
	option name 'lan3'
	option macaddr '94:10:3e:85:b5:27'

config device
	option name 'lan4'
	option macaddr '94:10:3e:85:b5:27'

config device
	option name 'br-lan10'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	option macaddr '94:10:3e:85:b5:28'

config interface 'LAN10'
	option device 'br-lan10'
	option proto 'static'
	option ipaddr '192.168.10.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'br-lan20'
	option type 'bridge'
	list ports 'lan3'
	list ports 'lan4'
	option macaddr '94:10:3e:85:b5:29'

config interface 'LAN20'
	option device 'br-lan20'
	option proto 'static'
	option ipaddr '192.168.20.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'wan'
	option macaddr '94:10:3e:85:b5:25'

config interface 'WAN'
	option device 'wan'
	option proto 'dhcp'

config interface 'WAN6'
	option device 'wan'
	option proto 'dhcpv6'

root@mamba:/etc/config# brctl show
bridge name	bridge id		STP enabled	interfaces
br-lan20		7fff.000000000000	no
br-lan10		7fff.94103e85b528	no		lan2
							lan1
root@mamba:/etc/config# bridge vlan
port              vlan-id  
lan2              1 PVID Egress Untagged
lan1              1 PVID Egress Untagged
br-lan10          1 PVID Egress Untagged
br-lan20          1 PVID Egress Untagged

seems people end up going to one of the two followup VLAN configurations in the wiki to get things working.

2 Likes

THANK YOU - You are absolutely right there is an outstanding bug in this kind of DSA multiple network configuration method. I did some major demolition and migrated my setup to the latest snapshot build (OpenWrt SNAPSHOT r17756). I have my new network configuration using the VLAN methodology and it is working.

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'lan1'
        list ports 'lan2'

config bridge-vlan
        option device 'br-lan'
        option vlan '30'
        list ports 'lan3'

config bridge-vlan
        option device 'br-lan'
        option vlan '40'
        list ports 'lan4'

config interface 'Home'
        option device 'br-lan.10'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.1.1'

config interface 'Office'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option type 'bridge'
        option device 'br-lan2'

config interface 'IoT'
        option proto 'static'
        option ipaddr '192.168.3.1'
        option netmask '255.255.255.0'
        option type 'bridge'
        option device 'br-lan3'

config device
        option type 'bridge'
        option name 'br-lan2'
        option macaddr 'XXXXXXXX'
        option mtu '1500'
        list ports 'br-lan.30'
        list ports 'tap0'

config device
        option type 'bridge'
        option name 'br-lan3'
        option mtu '1500'
        option macaddr 'XXXXXXXX'
        list ports 'br-lan.40'

In this convoluted setup, I have three VLANs, three bridges, and three interfaces.

VLAN                         Bridge                        Interface     Wireless
br-lan.10 (lan1 and lan2)    NA                            Home          wan0, wlan1
br-lan.30 (lan3)             br-lan2 (br-lan.30 and tap0)  Office        wlan0.1
br-lan.40 (lan4)             br-lan3 (br-lan.40)           IoT           wlan1.1

I am sure it could have been simplified by not creating br-lan3 and adjoining Interface IoT with br-lan.40. But for now, I am able to connect to lan3 and lan4 as originally desired.

Thank you to everyone who diligently helped me figure this out.

1 Like

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

1 Like