.20 has no connectivity problems at all and I would notice this very fast because this is my main PC where I connect to all devices.
(unless you have a bridge firewall setup, but even still, it would not be intermittent).
Indeed I have a bridge firewall setup.
I've just rebooted WR802N and forced roaming back to WR802N and problem still occurs. So this seems a different problem as the other with connection loss after a few weeks. I'll re-setup this WR802N completely and test if it got better.
Another Test. Device .69 and .20 can't ping .142 whereas at the same time .39 can ping .142
I had 10 seconds where .20 could ping .142 but .69 not. Very strange.
.69 is connected via Wifi to another WR802n
I've rebooted the switch. .20 had a lot of successfull pings whereas .69 had no single successful ping in that time. .40 still pings without any problems.
Since you have multiple WR802Ns, it is worth asking...
are they all using the same SSID and password? I assume so because you've mentioned roaming.
Are they all on the same channel? They should not be using the same channel (at least for any neighboring APs).
WR802n was resettet to factory defaults and settings were copied one by one from another WR802n. As soon as .142 roams to this WR802n .69 can't ping anymore whereas .40 pings flawlessly.
The switch is not so easy to change because it is manageable and has some VLANs confgured.
I've change key from WPA3 to WPA2 and Force CCMP (AES). That didn't change anything.
However I now disabled on all WR802n KRACK countermeasures and enabled mangement frame protection optional. And since then .69 can ping .142 again. Also .20 has no lost pings since 3 minutes, which was not possible before. Lets see if Wifi stays stable after a few weeks.
Not all client devices like protected management frames, and some will choke on WPA3 or WPA3/2 mixed mode. So that may be the reason you were experiencing the issues. Sorry I didn't think of that earlier... but good work finding some of the other potential causes.
Protected management frames were disabled before.
I still wonder if WPA3 is fully working with WR802n because with stock TP-Link firmware there is no WPA3 support and when enabling WPA3+WPA2 Raspberry PI Zero W can't connect to Wifi anymore.
Sorry my bad. It is quite late. Raspberry PI roamed to another WR802n where it worked.
I did also try another switch port. Still that didn't change anything.
However I was no successfull in finding the cause. sudo tcpdump host 192.168.178.142 on .69 showd continous ARP requests from both hosts, .20 and .69 of course. As soon as a static ARP entry is added ping is working again. This also explains why after roaming to the problematic WR802n ping continues a few seconds and then is not possible any more.
sudo tcpdump arp on .142 shows that arp request is received and also answered.
The switch has the MAC for .142 on the correct port where the WR802n is where it is not working.
So any ideas why ARP answer doesn't arrive the device?
EDIT: I've also tried on both WR802n devices iptables -P FORWARD ACCEPT and iptables -F, but that didn't change anything. I'm running out of ideas.
After rebooting both WR802n to restore firewall rules ping now works as expected and I ensured twice, that devices are connected to the correct AP. Really strange.
I've updated yesterday, re-enabled WPA2/WPA3 and KRACK countermeasures. Today was the first raspberry PI again not reachable anymore. I've now disabled KRACK countermeasures again. Let's see if it gets better.