Wifi device not connecting on SSID that is associated with VLAN

Installing and Using OpenWrt Network and Wireless Configuration
1

I have a Bananapi BPI-R3 running the latest snapshot. I did setup 3 VLANS in my main bridged device and associated one of the VLANs to an extra SSID I created.

When I try and connect with my Galaxy Tab 7 or an IOT device, I get the following in the logs:

Fri Jun  9 13:55:15 2023 daemon.info hostapd: phy0-ap1: STA cc:50:e3:37:4d:72 IEEE 802.11: authenticated
Fri Jun  9 13:55:15 2023 daemon.info hostapd: phy0-ap1: STA cc:50:e3:37:4d:72 IEEE 802.11: associated (aid 1)
Fri Jun  9 13:55:15 2023 daemon.notice hostapd: phy0-ap1: AP-STA-CONNECTED cc:50:e3:37:4d:72 auth_alg=open
Fri Jun  9 13:55:15 2023 daemon.info hostapd: phy0-ap1: STA cc:50:e3:37:4d:72 WPA: pairwise key handshake completed (RSN)
Fri Jun  9 13:55:15 2023 daemon.notice hostapd: phy0-ap1: EAPOL-4WAY-HS-COMPLETED cc:50:e3:37:4d:72
Fri Jun  9 13:55:20 2023 daemon.notice hostapd: phy0-ap1: AP-STA-DISCONNECTED cc:50:e3:37:4d:72
Fri Jun  9 13:55:20 2023 daemon.info hostapd: phy0-ap1: STA cc:50:e3:37:4d:72 IEEE 802.11: disassociated
Fri Jun  9 13:55:21 2023 daemon.info hostapd: phy0-ap1: STA cc:50:e3:37:4d:72 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Fri Jun  9 13:55:24 2023 daemon.info hostapd: phy0-ap1: STA cc:50:e3:37:4d:72 IEEE 802.11: authenticated
Fri Jun  9 13:55:24 2023 daemon.info hostapd: phy0-ap1: STA cc:50:e3:37:4d:72 IEEE 802.11: associated (aid 1)
Fri Jun  9 13:55:24 2023 daemon.notice hostapd: phy0-ap1: AP-STA-CONNECTED cc:50:e3:37:4d:72 auth_alg=open
Fri Jun  9 13:55:24 2023 daemon.info hostapd: phy0-ap1: STA cc:50:e3:37:4d:72 WPA: pairwise key handshake completed (RSN)
Fri Jun  9 13:55:24 2023 daemon.notice hostapd: phy0-ap1: EAPOL-4WAY-HS-COMPLETED cc:50:e3:37:4d:72
Fri Jun  9 13:55:28 2023 daemon.notice hostapd: phy0-ap1: AP-STA-DISCONNECTED cc:50:e3:37:4d:72
Fri Jun  9 13:55:28 2023 daemon.info hostapd: phy0-ap1: STA cc:50:e3:37:4d:72 IEEE 802.11: disassociated
Fri Jun  9 13:55:30 2023 daemon.info hostapd: phy0-ap1: STA cc:50:e3:37:4d:72 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)

The wifi interface looks like this:

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid 'Radioactive-IOT'
        option encryption 'sae-mixed'
        option hidden '1'
        option key 'mypassword'
        option wpa_disable_eapol_key_retries '1'
        option network 'VLAN_IOT'
        option disassoc_low_ack '0'
        option dtim_period '3'

Does anyone hav a clue what that could be?

Edit:
The regular SSID that has the regular VLAN (1) works flawlessly:

Fri Jun  9 14:21:08 2023 daemon.notice hostapd: phy1-ap0: AP-STA-CONNECTED 16:95:b0:2f:2f:a2 auth_alg=sae
Fri Jun  9 14:21:08 2023 daemon.info hostapd: phy1-ap0: STA 16:95:b0:2f:2f:a2 WPA: pairwise key handshake completed (RSN)
Fri Jun  9 14:21:08 2023 daemon.notice hostapd: phy1-ap0: EAPOL-4WAY-HS-COMPLETED 16:95:b0:2f:2f:a2
Fri Jun  9 14:21:09 2023 daemon.warn odhcpd[1799]: A default route is present but there is no public prefix on lan thus we don't announce a default route by overriding ra_lifetime!
Fri Jun  9 14:21:12 2023 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(switch.1) 16:95:b0:2f:2f:a2
Fri Jun  9 14:21:12 2023 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(switch.1) 192.168.1.119 16:95:b0:2f:2f:a2
Fri Jun  9 14:21:12 2023 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(switch.1) 16:95:b0:2f:2f:a2
Fri Jun  9 14:21:12 2023 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(switch.1) 192.168.1.119 16:95:b0:2f:2f:a2
Fri Jun  9 14:21:12 2023 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(switch.1) 16:95:b0:2f:2f:a2
Fri Jun  9 14:21:12 2023 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(switch.1) 192.168.1.119 16:95:b0:2f:2f:a2
Fri Jun  9 14:21:12 2023 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(switch.1) 192.168.1.119 16:95:b0:2f:2f:a2
Fri Jun  9 14:21:12 2023 daemon.info dnsmasq-dhcp[1]: DHCPACK(switch.1) 192.168.1.119 16:95:b0:2f:2f:a2 Tab-S7-xxxx

Is this maybe a DHCP issue? The other device on my VLAN is not getting an IP via DHCP?

Edit2: I figured it out, it was a firewall rule. I had the Firewall set to:

config zone
        option name 'VLAN_IOT'
        option input 'DROP'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'VLAN_IOT'

Since I don't have a forward to the WAN zone I figured I could just set everything to "ACCEPT" and that worked...

2

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like