[SOLVED]I had to give my VLANs unique MAC addresses [SOLVED] Two bridges screwed everything up

I have been chasing my tail for 2 weeks trying to figure out why my WiFi will quit working, or will be working but my Kindle Paperwhite would connect and then complain there was no internet.
I narrowed it down to a problem with 2.4 only (that's why my phone still worked and the Kindle didn't)
I followed the rabbit to changing the MAC address on each SSID but that didn't work.
I changed the MAC address at the VLAN and I had success. Only time will tell if this is a temporary success or permanent. I currently have all 4 SSIDs working on both 2.4 and 5, for now...
This wasn't covered in the VLAN tutorials I was watching so I'm not sure if my situation is unique or what.

etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option band '2g'
        option cell_density '0'
        option htmode 'HT20'
        option channel 'auto'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'SSID4'
        option ieee80211r '1'
        option ft_psk_generate_local '1'
        option encryption 'psk2'
        option key '***********'
        option ft_over_ds '1'
        option network 'Time_inter'
        option wpa_disable_eapol_key_retries '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option band '5g'
        option htmode 'VHT80'
        option cell_density '0'
        option channel 'auto'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option mode 'ap'
        option ssid 'SSID4'
        option key '*********************'
        option ieee80211r '1'
        option ft_psk_generate_local '1'
        option wpa_disable_eapol_key_retries '1'
        option encryption 'psk2'
        option ft_over_ds '1'
        option network 'Time_inter'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid 'SSID3'
        option key '***************'
        option ieee80211r '1'
        option ft_psk_generate_local '1'
        option wpa_disable_eapol_key_retries '1'
        option network 'Guest_inter'
        option encryption 'psk2'
        option isolate '1'
        option ft_over_ds '1'

config wifi-iface 'wifinet3'
        option device 'radio1'
        option mode 'ap'
        option ssid 'SSID3'
        option key '****************'
        option ieee80211r '1'
        option ft_psk_generate_local '1'
        option wpa_disable_eapol_key_retries '1'
        option network 'Guest_inter'
        option encryption 'psk2'
        option ft_over_ds '1'
        option isolate '1'

config wifi-iface 'wifinet4'
        option device 'radio0'
        option mode 'ap'
        option ssid 'SSID2'
        option key '*********'
        option wpa_disable_eapol_key_retries '1'
        option network 'IOT_inter'
        option ieee80211r '1'
        option ft_over_ds '1'
        option ft_psk_generate_local '1'
        option encryption 'psk2'
        option macfilter 'allow'
        list maclist '*********'
        list maclist '*********'
        list maclist '*********'
        list maclist '*********'
        list maclist '*********'
        list maclist '*********'
        list maclist '*********'
        list maclist '*********'
        list maclist '*********'
        option isolate '1'

config wifi-iface 'wifinet5'
        option device 'radio0'
        option mode 'ap'
        option ssid 'SSID1'
        option key '*********'
        option network 'lan'
        option encryption 'psk2'
        option ieee80211r '1'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'

config wifi-iface 'wifinet6'
        option device 'radio1'
        option mode 'ap'
        option ssid 'SSID1'
        option encryption 'psk2'
        option key '*********'
        option ieee80211r '1'
        option ft_psk_generate_local '1'
        option network 'lan'
        option ft_over_ds '1'

/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix '********::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config device
        option name 'lan1'
        option  macaddr '00:00:00:00:00:00'

config device
        option name 'lan2'
        option  macaddr '00:00:00:00:00:00'

config device
        option name 'lan3'
        option  macaddr '00:00:00:00:00:00'

config device
        option name 'lan4'
        option  macaddr '00:00:00:00:00:00'

config interface 'lan'
        option proto 'static'
        option ip6assign '60'
        option ipaddr '192.168.0.1'
        option device 'br-VLAN.99'
        option netmask '255.255.255.0'

config device
        option name 'wan'
        option  macaddr '00:00:00:00:00:00'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config interface 'wwan'
        option proto 'dhcp'

config device
        option type 'bridge'
        option name 'br-VLAN'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        option bridge_empty '1'

config bridge-vlan
        option device 'br-VLAN'
        option vlan '4'
        list ports 'lan4:t'

config bridge-vlan
        option device 'br-VLAN'
        option vlan '66'
        list ports 'lan4:t'

config bridge-vlan
        option device 'br-VLAN'
        option vlan '99'
        list ports 'lan1:u*'
        list ports 'lan2:u*'
        list ports 'lan3:u*'
        list ports 'lan4:t'

config interface 'IOT_inter'
        option proto 'static'
        option device 'br-VLAN.66'
        option ipaddr '*******.1'
        option netmask '255.255.255.0'
        list dns '1.1.1.1'

config interface 'Guest_inter'
        option proto 'static'
        option device 'br-VLAN.4'
        option ipaddr '******.1'
        option netmask '255.255.255.0'
        list dns '1.1.1.1'

config interface 'Time_inter'
        option proto 'static'
        list dns '1.1.1.1'
        list dns '208.67.220.220'
        list dns '208.67.222.222'
        list dns '8.8.8.8'
        option netmask '255.255.255.0'
        option ipaddr '1*****.1'
        option device 'br-VLAN.3'

config device
        option name 'br-VLAN.4'
        option type '8021q'
        option ifname 'br-VLAN'
        option vid '4'
        option ipv6 '0'
        option  macaddr '00:00:00:00:00:04'

config device
        option type '8021q'
        option ifname 'br-VLAN'
        option vid '3'
        option name 'br-VLAN.3'
        option  macaddr '00:00:00:00:00:03'

config device
        option name 'br-VLAN.66'
        option type '8021q'
        option ifname 'br-VLAN'
        option vid '66'
        option  macaddr '00:00:00:00:00:06'

config device
        option name 'br-VLAN.99'
        option type '8021q'
        option ifname 'br-VLAN'
        option vid '99'
        option  macaddr '00:00:00:00:00:09'

Or it could be because you haven’t removed the lan ports from br-lan. Each port is supposed to be part of 1 bridge only.

OK
I was following a tutorial so I must have screwed that up.
Well Crap

WellCrap1157×1163 47.5 KB

I removed all the LAN thingys from the "br-lan" and then removed all the overide MAC addresses and everything is working.... So far....

Thank you.

lol you're welcome

24 hours later and my kindle and my thermostat (which were both on the IOT network) stopped communicating with the internet. The DHCP lease time is 12 hours but at 3 AM I wasn't checking either of those devices. The kindle can connect to 3 of the networks but can't get out on the internet on any of them. I rebooted the router and it fixed things. I was toying with the router today testing firewall rules so Without changing anything else I will check again tomorrow and see what is and isn't working.

10:20 PM (7 hours later) the Kindle can't reach Amazon. It can and will connect to all 3 of the SSID but complains that it can't reach the internet. The thermostat, which is on the IOT network is also unreachable.

IMG_20230417_222135036_HDR~21920×1817 96.1 KB

Can you post your firewall config?

I'm going to start a new post because it has nothing to do with the topic listed above. The short version is that 2.4 will work for several hours and then it will stop connecting to the internet. My devices get an IP address and can connect but can't even browse to my media server. Whenever I made a change to OpenWRT it would restart some things and everything would start working again for a few hours and then die. This makes troubleshooting very frustrating, because you fix something and then it breaks again.
So I'm going to start a new topic.
Also This topic makes no sense anymore because once I got rid of the manual MAC addresses they were all automatically assigned new individual MAC addresses.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.