Android phones can't connect to access point

[Roy360360]

I use pfsense for routing, and use my AC66U and AC68P as access points.

Currently facing an odd issue where my Android devices don't get an IP address from certain SSIDs on the AC68P. When I set an IP address on the Android side, I am able to connect to the router, but I don't get internet connection or connection to my other LAN devices.

The AC68P has the following SSIDs:

• ASUS,
• ASUS_5G,
• ASUS [Guest] (VLAN20),
• ASUS_5G [Guest] (VLAN20) and
• ASUS [IOT] (VLAN30)

Only ASUS and ASUS_5G (default VLAN) suffer from this issue.

My wireless Windows 10 PCs have no issues with ASUS or ASUS_5G, but my android devices are only able to connect to the Guest or IOT networks.

Restarting pfsense, routers or the phones don't help the issue. Yesterday, I factory reset the AC68P and then reapplied all my settings, which worked initially, but this morning the issue reared it's head again.

The two routers are daisy chained: PFSENSE ---> AC66U --> AC68P

Any advice on how I could debug/resolve this?

I think my next step (assuming no-one has any suggestions), is to factory reset again, but this time only keep the physical VLAN rules. (So I strip out the bulk of the script)

Below is the script I'm using for the problematic router:
(I've been running this script for several months now, so I don't think it's the issue)

#!/bin/sh

# multi SSID with VLAN script for AC68P
# Trunk Port : WAN
# Ports 1 : LAN (Untagged)
# Ports 2 : VLAN20
# Ports 3 : VLAN30
# Ports 4 : VLAN40
# Guest WiFi:
# wl0.1 - ASUS [Guest] : VLAN20
# wl0.2 - ASUS [IOT] : VLAN30
# wl1.1 - ASUS_5G [Guest] : VLAN20

# eth0 - LAN
# eth1 - 2.4G Wifi
# eth2 - 5G Wifi

#VLAN Setup
robocfg vlan 1 ports "0 1 5t"
robocfg vlan 20 ports "0t 2 5t"
robocfg vlan 30 ports "0t 3 5t"
robocfg vlan 40 ports "0t 4 5t"

vconfig add eth0 20
vconfig add eth0 30

ifconfig vlan20 up
ifconfig vlan30 up

# Remove Guest Networks from VLAN1
brctl delif br0 wl0.1
brctl delif br0 wl0.2
brctl delif br0 wl1.1

# Guest WiFi
brctl addbr br1
brctl addif br1 vlan20
brctl addif br1 wl0.1
brctl addif br1 wl1.1

ifconfig br1 192.168.20.3 netmask 255.255.255.0
ifconfig br1 up

# IoT WiFi
brctl addbr br2
brctl addif br2 vlan30
brctl addif br2 wl0.2

ifconfig br2 192.168.30.3 netmask 255.255.255.0
ifconfig br2 up


nvram set lan_ifnames="vlan1 eth1 eth2"

nvram set lan1_ifnames="vlan20 wl0.1 wl1.1"
nvram set lan1_ifname="br1"

nvram set lan2_ifnames="vlan30 wl0.2"
nvram set lan2_ifname="br2"

# Disable HW Acceleration
nvram set ctf_disable_force=1

killall eapd
eapd

 

[grifo]

Do you run the same SSIDs on the AC66U and do the phones work on them? If you assign an IP manually to a phone can't you even ping it from a PC wired to the AC68P LAN1?

A few things I would change on the script: remove the lines with IP addresses as they aren't needed in AP mode, you only need one IP to manage the AP, the one you configure on the GUI. Add the line nvram set lan_ifname="br0" which is missing and remove nvram set ctf_disable_force=1 which shouldn't be on the script, it just has to be run once on the AP. Add nvram commit after the nvram set lines.

Can you post robocfg show and brctl show for both APs and logs from the AC68P at the time of an attempted phone connection? It's also worth posting the AC66U script.