WRT3200ACM: Unstable wireless LAN connections again

Sure. Here is the config of network:

root@LEDE:/etc/config# cat network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdfb:960e:7156::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option ifname 'eth1'
	option proto 'dhcp'
	option peerdns '0'
	option dns '8.8.8.8 8.8.4.4'

config interface 'wan6'
	option ifname 'eth1'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6'

The config of wireless is:

root@LEDE:/etc/config# cat wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11a'
	option htmode 'VHT80'
	option channel 'auto'
	option country 'US'
	option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'Monkey-5G'
	option encryption 'psk2'
	option key ‘xxxxxx’

config wifi-device 'radio1'
	option type 'mac80211'
	option hwmode '11g'
	option htmode 'HT20'
	option channel 'auto'
	option country 'US'
	option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'Monkey'
	option encryption 'psk2'
	option key 'xxxxxx'

config wifi-device 'radio2'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'platform/soc/soc:internal-regs/f10d8000.sdhci/mmc_host/mmc0/mmc0:0001/mmc0:0001:1'
	option htmode 'VHT80'
	option disabled '1'

config wifi-iface 'default_radio2'
	option device 'radio2'
	option network 'lan'
	option mode 'ap'
	option ssid 'LEDE'
	option encryption 'none'

The config of firewall is:

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config redirect
	option enabled '1'
	option target 'DNAT'
	option src 'wan'
	option dest 'lan'
	option proto 'tcp'
	option src_dport '9527'
	option dest_ip '192.168.1.211'
	option dest_port '5900'
	option name 'Pi-VNC'

Please lmk if anything else could be helpful Thanks!

In this router, it's advised not to use radio2, and you have it configured without any encryption at all. Someone could be using it to connect to your router and be reusing an IP address, for example. Unless you have a good reason to keep it, I would disable it immediately.

phy2 appears disabled.

You were altering the switch settings and left vlan setup in a state of disrepair apparently.

Although it looks odd not to have a tagged cpu port, it shouldn't behave as described, that is to work for a while.

Could be, if you kept the settings over the upgrade. Take a config backup, then try to factory reset and manually restore the configuration, by editing the files or by luci, NOT by automatic restore.

Yes, it is disabled, indeed, my mistake.

The switch on this device has two ports connected to the CPU, so there is no need to use VLANs to separate LAN from WAN.

Correct me if I'm wrong, but isn't a vlan ONLY required for 1 cpu to the switch, not for the 2nd cpu to the wan port?

FYI, I tried:
OpenWrt 19.07 rc0/18.06.4/LEDE 17.01.6:

• option multicast_to_unicast 0: not working
• unset multicast_to_unicast: not working

I had to rollback to: LEDE Reboot 17.01.4 + 10.3.4.0-20171214-5955f5e driver. Then it works well.

Anyway, thanks everyone for the input and help!