Linksys WRT32X
OpenWrt SNAPSHOT r21791-c03e458c86
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option delegate '0'
option ipaddr '192.168.2.1'
option device 'br-lan.4'
config device
option name 'wan'
option macaddr 'xx:xx:xx:xx:xx:xx'
config interface 'wan'
option device 'wan'
option proto 'static'
option ipaddr 'x.x.x.x'
option netmask '255.255.255.252'
option gateway 'x.x.x.x'
list dns '1.1.1.1'
config interface 'guest'
option proto 'static'
option ipaddr '192.168.3.254'
option netmask '255.255.255.0'
option type 'bridge'
option device 'br-lan.3'
option delegate '0'
config interface 'dmz'
option proto 'static'
option device 'lan1'
option ipaddr '192.168.0.254'
option netmask '255.255.255.0'
config bridge-vlan
option device 'br-lan'
option vlan '4'
list ports 'eth0:t'
list ports 'lan4'
config bridge-vlan
option device 'br-lan'
option vlan '3'
list ports 'eth0:t'
list ports 'lan3'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
option band '5g'
option htmode 'VHT80'
option country 'US'
option cell_density '0'
option channel '36'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'xxxxxxxx'
option encryption 'psk2'
option key 'xxxxxxxx'
option skip_inactivity_poll '1'
option disassoc_low_ack '0'
option wpa_disable_eapol_key_retries '1'
config wifi-device 'radio1'
option type 'mac80211'
option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
option band '2g'
option country 'US'
option htmode 'HT40'
option channel '11'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'xxxxxxxx'
option encryption 'psk2'
option key 'xxxxxxxx'
config wifi-device 'radio2'
option type 'mac80211'
option path 'platform/soc/soc:internal-regs/f10d8000.sdhci/mmc_host/mmc0/mmc0:0001/mmc0:0001:1'
option channel '34'
option band '5g'
option htmode 'VHT80'
option disabled '1'
config wifi-iface 'default_radio2'
option device 'radio2'
option network 'lan'
option mode 'ap'
option ssid 'xxxxxxxx'
option encryption 'none'
config wifi-iface 'wifinet3'
option device 'radio1'
option mode 'ap'
option encryption 'psk2'
option key 'xxxxxxxx'
option network 'guest'
option ssid 'xxxxxxxx'
I'll do another tcpdump and see if I can capture the initial valid frame and the subsequent invalid frames.
EDIT - I got lucky and was able to reproduce it
13:34:58.132565 b8:27:eb:dc:ef:ea > 7a:50:df:d0:bc:cb, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 42690, offset 0, flags [DF], proto ICMP (1), length 84)
192.168.2.211 > 192.168.2.2: ICMP echo request, id 31467, seq 1, length 64
13:34:58.132612 7a:50:df:d0:bc:cb > b8:27:eb:dc:ef:ea, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 24968, offset 0, flags [none], proto ICMP (1), length 84)
192.168.2.2 > 192.168.2.211: ICMP echo reply, id 31467, seq 1, length 64
13:34:59.137439 b8:27:eb:dc:ef:ea > 7a:50:df:d0:bc:cb, ethertype 802.1Q (0x8100), length 102: vlan 4, p 0, ethertype IPv4 (0x0800), (tos 0x0, ttl 64, id 42772, offset 0, flags [DF], proto ICMP (1), length 84)
192.168.2.211 > 192.168.2.2: ICMP echo request, id 31467, seq 2, length 64
13:35:00.146242 b8:27:eb:dc:ef:ea > 7a:50:df:d0:bc:cb, ethertype 802.1Q (0x8100), length 102: vlan 4, p 0, ethertype IPv4 (0x0800), (tos 0x0, ttl 64, id 42806, offset 0, flags [DF], proto ICMP (1), length 84)
192.168.2.211 > 192.168.2.2: ICMP echo request, id 31467, seq 3, length 64
For context, 192.168.2.211 is a wireless device and 192.168.2.2 is a wired device. Both are on the LAN network and not the Guest network. The packets were captured on the wired device.
As you can see, the first packet (ping from wireless to wired) exits untagged properly which allows the wired device to respond properly in the 2nd packet. Immediately after that, all following packets are still wrapped in VLAN 4 and the wired device doesn't know to respond.