Problem with device roaming on LAN and WLAN

victorz · December 11, 2025, 4:12pm

Hello,

I have 2 wifi AP at home, one TAP200 and on RUTC50 device, RUTC50 providing wan acces. Same ssid is used with fast transition option.

The problem is: sometimes wifi devices (phone or laptop) do not have access to other LANs devices (in my case, local NAS).

After some searching, I found one thing: it happens when device is ‘roaming’ from TAP200 to RUTC50 wifi AP.
When it’s not working, here the content of the bridge forwarding database (fc:f8:ae:31:cb:b2 is my roaming laptop)

root@RUTC50:~# bridge fdb show | grep cb:b2
fc:f8:ae:31:cb:b2 dev lan3 vlan 1 master vlan
fc:f8:ae:31:cb:b2 dev lan3 vlan 1 self
fc:f8:ae:31:cb:b2 dev wlan0-1 master br-lan

And later, without doing anything, after a random time (90s-280s), it works again.
One entry goes away (ageing, I suppose):

root@RUTC50:~# bridge fdb show | grep cb:b2
fc:f8:ae:31:cb:b2 dev lan3 vlan 1 master vlan
fc:f8:ae:31:cb:b2 dev wlan0-1 master br-lan

For reference, here my bridge config. I uses other vlans on top of netdev vlan,
but not as bridge.

root@RUTC50:~# brctl show
bridge name bridge id STP enabled interfaces
br-lan 7fff.2097274becaa no wlan1-1
vlan.1
wan
wlan0-1
vlan 7fff.2097274beca9 no lan4
lan2
lan3
lan1

Closest issue I found is Regression: DSA breaks roaming to WLAN bridged to VLAN · Issue #11650 · openwrt/openwrt · GitHub
There are some ‘patch script’ proposed that removes arp entry on lan when it appears on another interface.
Unfortunately it doesn’t work, because I’m not able to remove bad entry by hand:

root@RUTC50:~# bridge fdb del fc:f8:ae:31:cb:b2 dev lan3 vlan 1 self
RTNETLINK answers: No such file or directory

How can I resolve this problem ?

Thanks,

Justinas · December 12, 2025, 9:57pm

Greetings,

Could you please provide a topology of your setup, including all IP addresses, VLANs, LANs, WLANs, and bridge networks? Please also indicate the physical connections in the diagram.

Best Regards,
Justinas

victorz · December 15, 2025, 7:57pm

Hi,

Here is a simple schematic:

   TAP200 -------- lan -------- RUTC50 ----- lan3 ----- router provider 
(192.168.1.253)     |        (192.168.1.2)            (192.168.2.4@vlan20)
      |             |        (dhcp@vlan20)  
      |            nas             |   
     wifi1    (192.168.1.1)      wifi2

WAN is on vlan 20, tagged on port 3. Option “Use WAN port as LAN” is set. Wan port is currently unused.

Vlan 25 and 100 can pass through rutc50.

Problem is with wifi device going from wifi1 to wifi2: for a few minutes, they cannot access to nas on local network.

Here is /etc/config/network content:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'
	option area_type 'lan'

config globals 'globals'
	option ula_prefix 'fd4c:d577:daa6::/48'

config port '_wan'
	option enabled '1'
	option autoneg 'on'
	option ifname 'wan'

config device '_wan_mtu'
	option name 'wan'

config port '_lan1'
	option enabled '1'
	option autoneg 'on'
	option ifname 'lan1'

config device '_lan1_mtu'
	option name 'lan1'

config port '_lan2'
	option enabled '1'
	option autoneg 'on'
	option ifname 'lan2'

config device '_lan2_mtu'
	option name 'lan2'

config port '_lan3'
	option enabled '1'
	option autoneg 'on'
	option ifname 'lan3'

config device '_lan3_mtu'
	option name 'lan3'

config port '_lan4'
	option enabled '1'
	option autoneg 'on'
	option ifname 'lan4'

config device '_lan4_mtu'
	option name 'lan4'

config device 'br_lan'
	option name 'br-lan'
	option type 'bridge'
	list ports 'vlan.1'
	list ports 'wan'

config interface 'lan'
	option device 'br-lan'
	option area_type 'lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.2'

config interface 'wan'
	option area_type 'wan'
	option force_link '0'
	list dns '8.8.8.8'
	option peerdns '0'
	option proto 'dhcp'
	option metric '1'
	option device 'vlan.20'

config interface 'wan6'
	option area_type 'wan'
	option metric '2'
	option netmask '255.255.255.0'
	option force_link '0'
	option proto 'static'
	list dns '2001:4860:4860::8888'
	list dns '2001:4860:4860::8844'
	option peerdns '0'
	option ip6prefix 'x:x:x:3b72::/63'
	option ip6gw 'fe80::x:x:x:1f7e'
	option device 'vlan.20'
	option ip6addr 'x:x:x:3b70::2/64'

config interface 'mob1s1a1'
	option proto 'wwan'
	option modem '2-1.1'
	option sim '1'
	option dhcpv6 '0'
	option pdptype 'ipv4v6'
	option method 'nat'
	option area_type 'wan'
	option pdp '1'
	option pref_apn '122'
	option metric '3'
	option auto_apn '1'
	option apn 'free'
	option auth 'none'

config interface 'mob1s2a1'
	option proto 'wwan'
	option modem '2-1.1'
	option metric '4'
	option sim '2'
	option dhcpv6 '0'
	option pdptype 'ipv4v6'
	option method 'nat'
	option auth 'none'
	option auto_apn '1'
	option area_type 'wan'
	option disabled '1'

config device '1'
	option type 'bridge'
	option name 'vlan'
	list ports 'lan4'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'

config bridge-vlan
	option device 'vlan'
	option vlan '1'
	list ports 'lan1:u'
	list ports 'lan2:u'
	list ports 'lan3:u'
	list ports 'lan4:u'

config bridge-vlan
	option device 'vlan'
	option vlan '20'
	list ports 'lan3:t'

config bridge-vlan
	option device 'vlan'
	option vlan '25'
	list ports 'lan3:t'

config route6 '2'
	option table '254'
	option target 'x:x:x:3b70:x:x:fe80:2e55'
	option gateway 'x:x:x:3b73:x:x:fe80:2e55'
	option interface 'lan'

config bridge-vlan
	option device 'vlan'
	option vlan '100'
	list ports 'lan1:t'
	list ports 'lan2:t'
	list ports 'lan3:t'
	list ports 'lan4:t'

config interface 'vrf1'
	option ifname 'vrf1'
	option disabled '1'
	option proto 'vrf'

If you need more information, please ask.

Justinas · January 14, 2026, 9:46pm

Greetings,

Apologies for the delayed response.

For troubleshooting purposes, we will require more sensitive information from your end, such as the troubleshoot file, which may contain passwords, public IP addresses, serial numbers, and such. To avoid leaking this information, we have sent you a form to fill out, which you will receive in your e-mail inbox that you have registered your account with in the forums. In the Ticket ID field of the form, please enter the ID of this thread, which is 16849.

Best Regards,
Justinas

Justinas · January 15, 2026, 8:30am

Greetings,

Apologies for the delayed response.

Could you please try running the following command in the CLI:

bridge link set dev lan3 learning off

This setting prevents the bridge from recording source MAC addresses for packets received on lan3. In other words, the bridge will ignore the source MAC and will not add an entry to its database indicating that a device is connected via lan3.

You may also add this command to the /etc/rc.local file so it runs automatically on startup after a reboot.

Please let me know if this resolves the issue..

Best Regards,
Justinas

system · January 17, 2026, 8:31pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.