Some help needed with switching to new AP

Please keep in mind that I am not a networking professional like a lot of you folks here.

My current setup is pfSense > cisco sg300 > OpenWRT dumb AP(netgear nighthawk R7500).

It’s to time to upgrade on the wireless side of things seeing that the current AP isn’t keeping up with the gig speeds.

I have three vlans on top of the default on igb1. It leaves the router and hits the switch on port 9. Port 6 is tagged in the switch and everything works fine on OpenWRT AP .
vlantag
vlantagged
vlanMembership

To test things out i set up port 8 for the Grandstream 7660 just like port 6. All the tagged SSIDs work but the default SSID. I can talk to the openwrt from my desktop on default lan but not the Grandstream. As expected when I swapped ports with the APs, I got the same behavior

When I untag the port I get access to the Grandstream again. The tagged SSIDs appear to work and follow pfsense rules. When i pull up the speedtest app on my phone while connected to guest, kids or iot, i get a red ring around GO with a warning to check connection as speedtest may fail but default wifi is green. Speedtest will be great. If i tag the port, default wifi doesn’t work at all, but vlans have a nice green go button.

I’m confused and trying to make sense of whats different between the nighthawk running OpenWRT and the Grandstream 7660. it has to be something specific to it. Otherwise it works great and is a huge upgrade for me.

Any ideas?

Thanks,
Jaison

Maybe it has something to do with this? I can’t tag vlan1 though. I would think it should just take the untagged traffic on vlan1 from the switch?


Vlan1 is tagged in OpenWRT. Lan4 is the trunk connected to port 6 of switch.

My best guess is that you should uncheck the VLAN box altogether for that Tomato SSID interface.

Check out port GE9 as a template for this, but when set to trunk mode, Cisco ports have the concept of the Native VLAN. When there’s no 802.1q tag, traffic belongs to the Native VLAN. Here’s a post on the Cisco forum about that: whats difference between native vlan and pvid - Cisco Community. I wonder if the Native VLAN is set differently on GE6 and GE8.

If you need to troubleshoot more, it might be a cool exercise to mirror those ports and do a packet capture to see exactly how the switch is formatting the VLAN headers.