.20 has no connectivity problems at all and I would notice this very fast because this is my main PC where I connect to all devices.
(unless you have a bridge firewall setup, but even still, it would not be intermittent).
Indeed I have a bridge firewall setup.
I've just rebooted WR802N and forced roaming back to WR802N and problem still occurs. So this seems a different problem as the other with connection loss after a few weeks. I'll re-setup this WR802N completely and test if it got better.
Another Test. Device .69 and .20 can't ping .142 whereas at the same time .39 can ping .142
I had 10 seconds where .20 could ping .142 but .69 not. Very strange.
.69 is connected via Wifi to another WR802n
I've rebooted the switch. .20 had a lot of successfull pings whereas .69 had no single successful ping in that time. .40 still pings without any problems.
Since you have multiple WR802Ns, it is worth asking...
are they all using the same SSID and password? I assume so because you've mentioned roaming.
Are they all on the same channel? They should not be using the same channel (at least for any neighboring APs).
Yes, all use the same SSIDs and the same passwords.
They are on channel 13 and 1 to have most frquency space in between.
WR802n was resettet to factory defaults and settings were copied one by one from another WR802n. As soon as .142 roams to this WR802n .69 can't ping anymore whereas .40 pings flawlessly.
I honestly have no idea what could cause this from a software/firmware perspective (assuming the bridge firewall is no longer part of the equation).
Have you tried different ports on the switch? Or a different cable between the switch and the WR802n? Or a different switch entirely?
The switch is not so easy to change because it is manageable and has some VLANs confgured.
I've change key from WPA3 to WPA2 and Force CCMP (AES). That didn't change anything.
However I now disabled on all WR802n KRACK countermeasures and enabled mangement frame protection optional. And since then .69 can ping .142 again. Also .20 has no lost pings since 3 minutes, which was not possible before. Lets see if Wifi stays stable after a few weeks.
Not all client devices like protected management frames, and some will choke on WPA3 or WPA3/2 mixed mode. So that may be the reason you were experiencing the issues. Sorry I didn't think of that earlier... but good work finding some of the other potential causes.
Protected management frames were disabled before.
I still wonder if WPA3 is fully working with WR802n because with stock TP-Link firmware there is no WPA3 support and when enabling WPA3+WPA2 Raspberry PI Zero W can't connect to Wifi anymore.
Sorry my bad. It is quite late. Raspberry PI roamed to another WR802n where it worked.
I did also try another switch port. Still that didn't change anything.
However I was no successfull in finding the cause.
sudo tcpdump host 192.168.178.142 on .69 showd continous ARP requests from both hosts, .20 and .69 of course. As soon as a static ARP entry is added ping is working again. This also explains why after roaming to the problematic WR802n ping continues a few seconds and then is not possible any more.
sudo tcpdump arp on .142 shows that arp request is received and also answered.
The switch has the MAC for .142 on the correct port where the WR802n is where it is not working.
So any ideas why ARP answer doesn't arrive the device?
EDIT: I've also tried on both WR802n devices iptables -P FORWARD ACCEPT and iptables -F, but that didn't change anything. I'm running out of ideas.
After rebooting both WR802n to restore firewall rules ping now works as expected and I ensured twice, that devices are connected to the correct AP. Really strange.
What is the hardware version of your WR802n? Per wikidevi, v2 is Qualcomm and v4 is Mediatek.
So, if your WR802n is v4, you may give the new stable build 21.02.2 a try. It does include updated MediaTek wireless drivers (see here).
Thanks. Indeed I'm using v4 and try the upgrade.
I've updated yesterday, re-enabled WPA2/WPA3 and KRACK countermeasures. Today was the first raspberry PI again not reachable anymore. I've now disabled KRACK countermeasures again. Let's see if it gets better.
Sadly it didn't get better. I had to reboot twice within a few hours.
