Joined: 04 Dec 2007 Posts: 1248 Location: Murrysville, PA
Posted: Thu Sep 25, 2025 13:59 Post subject: VLAN Setup, Confusion and Misunderstandings
I've done a lot of reading on the forum and internet, and I am more confused than ever. I probably am missing some fundamentals and am now not sure what I am doing so I wanted to ask here. I have a R7800.
My goal: Create a special WiFi network for IoT devices. My regular network is 192.168.16.x. I created 192.168.32.x for IoT. This worked. (attachment 1)
I tried to set up a VLAN for 192.168.32.x. (attachment 2) I thought I had it right but I have an issue. I am using a WiFi Extender. After about 2 to 4 hours of running well, the R7800 stops allowing traffic to the extender. I see in the logs:
Code:
kern.err kernel: [ 567.230542] arp spoofing detected ip=192.168.16.168 mac is 44:a5:6e:9e:eb:0c but should be 44:a5:6e:9e:eb:0e
Can anyone see a mistake in the setup I used?
2025-09-25_09-37-59.jpg
Description:
Filesize:
156.06 KB
Viewed:
4938 Time(s)
2025-09-25_09-26-33.jpg
Description:
Filesize:
416.93 KB
Viewed:
4938 Time(s)
_________________ Linksys MX8500 DD-WRT v3.0-r62966 std (12/06/25)
Linux 6.6.118-rt29 #4715 SMP Sat Dec 6 10:22:51 +07 2025 aarch64 Gateway, AP, DNSMasq, SmartDNS, NSS-ECM-SFE, QCA NSS, no STP
VAP on wlan1 for internet devices
IPv4 & IPv6 (Prefix Delegation)
Static Leases & DHCP
Cloudflare DoH & DoT, No QoS, No Forced DoT, 802.11k
2.4GHz: AP, AX Only, ACK Timing 300, WPA2 & WPA3 w/AES & GCMP
5GHz: AP, AX Only, ACK Timing 300, WPA2 & WPA3 w/AES & GCMP
Netgear AX1800 WiFi Mesh Extender
Xfinity 1.2Gbps/40Mbps
Pretty sure you just require an unbridged VAP, unless you require a LAN port for your I-o-T devices/switch on 32 subnet?
That looks like a VAP anyway not VLAN?
Why are you giving DHCPD to br0? You already have DHCP server running on br0 in setup - Basic setup, just select the wlan1.1 interface to give DHCP to your VAP.
You seem to have unbridged the wlan1.1 in network config, to assign it back to br0 again? Remove this so it is unbridged.
Were is your Lan4? Seems to be missing from interfaces? Unless you have unbridged this for any reason? _________________ Main Router: Dynalink WRX36, PPPoE, Gateway Mode, Network IPV4 - Isolated Vlan's. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. Paid Commercial Wireguard Client's & WG server, DNSMasq, Static Leases with Quad9 SmartDNS, DNSMasq Adblocking thanks to egc script.
No one can build you the bridge on which you, and only you, must cross the river of life!
Joined: 04 Dec 2007 Posts: 1248 Location: Murrysville, PA
Posted: Fri Sep 26, 2025 17:13 Post subject:
foz111 wrote:
Pretty sure you just require an unbridged VAP, unless you require a LAN port for your I-o-T devices/switch on 32 subnet?
That looks like a VAP anyway not VLAN?
Why are you giving DHCPD to br0? You already have DHCP server running on br0 in setup - Basic setup, just select the wlan1.1 interface to give DHCP to your VAP.
You seem to have unbridged the wlan1.1 in network config, to assign it back to br0 again? Remove this so it is unbridged.
Were is your Lan4? Seems to be missing from interfaces? Unless you have unbridged this for any reason?
Forgive the ignorance. My goal is to have a wifi only network on 192.168.32.128/24. I did not mean to have anything in Assign to Bridge so I got rid of that. I don't know why lan4 was not listed on that screenshot. It is there now. I did nothing to it. I attached what my networking page looks like now.
I wanted the 192.168.32.128/24 network to have a DHCP server, that's what I thought the last set of settings did. Am I wrong?
2025-09-26_13-09-21.jpg
Description:
Filesize:
475.57 KB
Viewed:
4671 Time(s)
_________________ Linksys MX8500 DD-WRT v3.0-r62966 std (12/06/25)
Linux 6.6.118-rt29 #4715 SMP Sat Dec 6 10:22:51 +07 2025 aarch64 Gateway, AP, DNSMasq, SmartDNS, NSS-ECM-SFE, QCA NSS, no STP
VAP on wlan1 for internet devices
IPv4 & IPv6 (Prefix Delegation)
Static Leases & DHCP
Cloudflare DoH & DoT, No QoS, No Forced DoT, 802.11k
2.4GHz: AP, AX Only, ACK Timing 300, WPA2 & WPA3 w/AES & GCMP
5GHz: AP, AX Only, ACK Timing 300, WPA2 & WPA3 w/AES & GCMP
Netgear AX1800 WiFi Mesh Extender
Xfinity 1.2Gbps/40Mbps
Sorry for late reply, Is that all working ok now?
The only thing that looks a little odd to me that your forcing the dns to your other 16 subnet, what reason are you doing that? Adblocker / Pi-hole or something?
With you isolating the 32 subnet just seems odd _________________ Main Router: Dynalink WRX36, PPPoE, Gateway Mode, Network IPV4 - Isolated Vlan's. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. Paid Commercial Wireguard Client's & WG server, DNSMasq, Static Leases with Quad9 SmartDNS, DNSMasq Adblocking thanks to egc script.
No one can build you the bridge on which you, and only you, must cross the river of life!
Joined: 04 Dec 2007 Posts: 1248 Location: Murrysville, PA
Posted: Wed Oct 01, 2025 13:22 Post subject:
foz111 wrote:
Sorry for late reply, Is that all working ok now?
The only thing that looks a little odd to me that your forcing the dns to your other 16 subnet, what reason are you doing that? Adblocker / Pi-hole or something?
With you isolating the 32 subnet just seems odd
Seems to work, mostly. Occasionally, but as frequently as before, the R7800 and an extender seem to stop communicating. I usually reboot the extender to restore traffic flow.
As for the DNS routing, I wanted the VLAN backing the VAP to use the SmartDNS & DNSMasq setup I use for my main network. Is that a mistake in your opinion? _________________ Linksys MX8500 DD-WRT v3.0-r62966 std (12/06/25)
Linux 6.6.118-rt29 #4715 SMP Sat Dec 6 10:22:51 +07 2025 aarch64 Gateway, AP, DNSMasq, SmartDNS, NSS-ECM-SFE, QCA NSS, no STP
VAP on wlan1 for internet devices
IPv4 & IPv6 (Prefix Delegation)
Static Leases & DHCP
Cloudflare DoH & DoT, No QoS, No Forced DoT, 802.11k
2.4GHz: AP, AX Only, ACK Timing 300, WPA2 & WPA3 w/AES & GCMP
5GHz: AP, AX Only, ACK Timing 300, WPA2 & WPA3 w/AES & GCMP
Netgear AX1800 WiFi Mesh Extender
Xfinity 1.2Gbps/40Mbps
