I am hitting some quite serious issues with the Omada EAP products, after an initially smooth setup.

I will describe the topology.

• I purchased 2x EAP650.
• Root EAP650 is connected to a managed switch.

• One port connects to pfSense which functions as router and firewall, and one of the ports connects to the AP. Default (and management) VLAN is ID 1.

• My wireless network is ID 86, and so the AP port and pfSense port are both tagged as such.

• Upstream AP is a range away, but when a client is connected I get great download speeds.

• The controller is on a docker instance using mbentley's image. Latest version 6.0.0.25. Reachability is no issue between the APs and the controller. Ping works fine and I can always manage the APs with no issue.

The problems seem to arise when roaming about with laptop and mobile device. There is no issue connecting to the internet (WAN) for any device. The issues arise when attempting to communicate between devices on the same SSID, and so before hitting the router in most cases. I will move between the APs and can no longer reach the Raspberry Pi connected to the meshed AP from my mobile for example. It does not happens always and it will not be a specific AP. It some times happens when mobile is connected to meshed or root AP. During this time, mobile device can access other wireless devices on same SSID, and other wireless clients can access the Raspberry Pi as well. If I SSH into the Raspberry Pi from a host who can reach it (the pfSense root console in this case) and ping my mobile device, it will "fix the route" and the mobile device can reach it again.

It is not just the Raspberry Pi, it also happens occasionally when my laptop attempts to ping my mobile device, this time both connected to the same meshed AP but on different radios, (laptop was on 5GHz, mobile was on 2.4 GHz). When using the packet capture feature, I can see the mobile device issuing pings on the 2.4 GHz radio, but those are not seen on the 5 GHz packet capture. The mobile device is issuing pings with the correct MAC address of the laptop, but they are not emitted on the radio of the laptop. Now, if I then ping the laptop from my mobile device (reverse direction) suddenly both directions are reachable.

The only relevant wireless settings I have enabled are 802.11r and Fast Roaming in the Omada Controller.

This seems to point to a stale MAC address to wireless radio table... but I would need help diagnosing this. It is difficult because many functions of the product are working, but a core function seems broken.

Summary

• Wireless client-to-client traffic intermittently fails after one client roams between APs.
• ARP resolution is correct.
• Wireless clients can still reach the router/WAN (through pfSense)
• Traffic resumes immediately when the "unreachable" device sends traffic to the roaming client, indicating stale MAC forwarding state in the AP/mesh system.