Custom VLAN bridge: Guest-WiFi doesn't work on BE6500

Hi all,

GL-BE6500 (Flint 3e), firmware 4.8.8 (latest for this model).

Set up 5 VLANs manually via SSH/UCI on switch1 (RTL8372N) - standard pattern, switch_vlan + eth1.XX device + bridge device + static interface.

The problem is WiFi. Any AP interface with network pointing to a custom bridge (not br-lan) just doesn't work.. Tested with guest2g/guest5g and a custom IoT SSID, same result on both.

What happens: phone associates, completes the full WPA 4-way handshake fine, then immediately disassociates and reassociates in a loop. Never sends a DHCPDISCOVER. This shows up in the kernel log every single time it tries:

kern.err kernel: wlan: [8343:I:ANY] wlan_cfg80211_change_station: Ignore set station for ap vlan wlan11

Compared the actual hostapd runtime configs:

# main SSID, network=lan, works fine
wds_sta=1
bridge=br-lan

# guest SSID, network=vlan50_if -> br-vlan50, broken
wds_sta=1
bridge=br-vlan50

Only difference is the bridge. Looks like the driver's AP-VLAN station attachment only works against br-lan and just silently fails on any software bridge.

Tried to fix it:

  • isolate=0 - no change

  • wds=0 via normal UCI - doesn't even take, hostapd conf still shows wds_sta=1 no matter what uci show says

  • hostapd_bss_options override to force wds_sta=0 - gets saved in UCI but never makes it into the actual generated conf, so that mechanism doesn't seem to exist in this build

  • LuCI -> Network -> Switch -> Save & Apply with no changes - nothing

  • full reboot - nothing

  • put wds back to 1 (found a working GL-BE9300 config online using wds=1) - same exact error anyway

So none of that mattered, the error is identical regardless.

Is wds_sta just forced on for every AP interface on this platform (ipq53xx / qcawificfg80211) no matter what? And is there an actual way to get a bridge that isn't br-lan working with wifi on this chipset, or is this just not supported right now? Saw 4.9 is adding a dedicated IoT network feature, guessing that might be the "official" way to do this once it lands on the BE6500 - is that a fair guess?

Can post more logs/config if it helps. Wired VLANs are rock solid, this is purely a wifi-to-custom-bridge thing.

Thank you!

Hi,

To investigate this further, could you please send us your backup file via private message?

If you prefer not to share the full backup, please send the following files instead:

/etc/config/wireless
/etc/config/network
/etc/config/firewall
/etc/config/dhcp

After receiving them, we will check the setting.
Thank you for your understanding and cooperation.