Cannot reach wifi-connected devices from switch-connected devices

|Model|Turris Omnia|
|Firmware Version|OpenWrt omnia 15.05 r47055 / LuCI 96366054565006474c39e02dca00c9d45dcb9e15 branch (git-18.328.59464-9636605)|
|Kernel Version|4.4.169-7bc33afbb1b35f5830b2b1b42c9cd8a0-2|

Problem:

I’ve bridged WIFI in AP mode and router’s Switch.

Switch - connected devices CANNOT reach WIFI - connected devices.

WIFI - connected devices CAN reach switch - connected devices (ping etc…).

WIFI - connected devices CAN be reached from router itself (ping etc…).

As these are in the same firewall zone, where should be looking for the root cause of this problem?
Please let me know if you need more verbose info, settings etc.

/etc/config/network, wireless and firewall (sans credentials) maybe be helpful.

/etc/config/network:

config interface ‘loopback’
option ifname ‘lo’
option proto ‘static’
option ipaddr ‘127.0.0.1’
option netmask ‘255.0.0.0’

config globals ‘globals’
option ula_prefix ‘fd61:1fc6:28d3::/48’

config interface ‘lan’
option force_link ‘1’
option type ‘bridge’
option proto ‘static’
option netmask ‘255.255.255.0’
option ip6assign ‘60’
option ipaddr ‘x.x.x.x’
option _orig_ifname ‘eth0 eth2 radio0.network1 wlan1’
option _orig_bridge ‘true’
option ifname ‘eth0’

config interface ‘wan’
option ifname ‘eth1’
option proto ‘dhcp’

config interface ‘wan6’
option ifname ‘@wan
option proto ‘none’
option noserverunicast ‘1’

config switch
option name ‘switch0’
option reset ‘1’
option enable_vlan ‘1’

config switch_vlan
option device ‘switch0’
option vlan ‘1’
option vid ‘1’
option ports ‘0 1 2 3 4 5’

config interface ‘vpn_turris’
option enabled ‘1’
option ifname ‘tun_turris’
option proto ‘none’
option auto ‘1’

config atm-bridge
option unit ‘0’
option atmdev ‘0’
option encaps ‘llc’
option payload ‘bridged’
option vci ‘35’
option vpi ‘8’

config interface ‘dmz’
option proto ‘static’
option ifname ‘eth2’
option ipaddr ‘x.x.x.x’
option netmask ‘255.255.255.0’
option type ‘bridge’

config route
option interface ‘lan’
option target ‘x.x.x.x’
option netmask ‘255.255.255.0’
option gateway ‘x.x.x.x’

config route
option interface ‘lan’
option target ‘x.x.x.x’
option netmask ‘255.255.255.0’
option gateway ‘x.x.x.x’

/etc/config/wireless:

config wifi-device ‘radio0’
option type ‘mac80211’
option channel ‘36’
option country ‘CZ’
option hwmode ‘11a’
option path ‘soc/soc:pcie-controller/pci0000:00/0000:00:02.0/0000:02:00.0’
option htmode ‘VHT80’
option txpower ‘23’

config wifi-iface
option device ‘radio0’
option mode ‘ap’
option ssid ‘xxxxxxxx’
option hidden ‘1’
option encryption ‘psk2’
option key ‘cccccccccccccccc’
option ieee80211w ‘0’
option disabled ‘1’
option network ‘lan’

config wifi-iface ‘guest_iface_0’
option disabled ‘1’

config wifi-iface ‘guest_iface_1’
option disabled ‘1’

config wifi-device ‘radio2’
option type ‘mac80211’
option country ‘CZ’
option hwmode ‘11g’
option macaddr ‘04:f0:ff:ff:ff:ff’
option channel ‘auto’
option htmode ‘HT40’

config wifi-iface
option device ‘radio2’
option mode ‘ap’
option ssid ‘xxxxxxx’
option encryption ‘psk2’
option key ‘xxxxx’
option ieee80211w ‘0’
option hidden ‘1’
option network ‘lan’

/etc/config/firewall (I’ve omitted disabled sections):

config defaults
option syn_flood ‘1’
option input ‘DROP’
option output ‘DROP’
option forward ‘DROP’

config zone
option name ‘lan’
option input ‘ACCEPT’
option output ‘ACCEPT’
option forward ‘ACCEPT’
option network ‘lan’
option masq ‘1’
option mtu_fix ‘1’

config zone
option name ‘wan’
option masq ‘1’
option mtu_fix ‘1’
option forward ‘DROP’
option output ‘ACCEPT’
option network ‘wan wan6’
option input ‘DROP’

config include
option path ‘/etc/firewall.user’

config include
option path ‘/usr/share/firewall/turris’
option reload ‘1’

config include
option path ‘/etc/firewall.d/with_reload/firewall.include.sh’
option reload ‘1’

config zone ‘vpn_turris’
option enabled ‘1’
option name ‘vpn_turris’
option input ‘ACCEPT’
option forward ‘REJECT’
option output ‘ACCEPT’
option masq ‘1’
option network ‘vpn_turris’

config rule ‘vpn_turris_rule’
option name ‘vpn_turris_rule’
option target ‘ACCEPT’
option proto ‘udp’
option src ‘wan’
option dest_port ‘1194’
config zone
option name ‘dmz’
option network ‘dmz’
option masq ‘1’
option mtu_fix ‘1’
option forward ‘DROP’
option input ‘DROP’
option output ‘DROP’

config include ‘miniupnpd’
option type ‘script’
option path ‘/usr/share/miniupnpd/firewall.include’
option family ‘any’
option reload ‘1’

config forwarding
option dest ‘lan’
option src ‘vpn_turris’

config forwarding
option dest ‘vpn_turris’
option src ‘lan’

config forwarding
option dest ‘wan’
option src ‘lan’

config forwarding
option dest ‘wan’
option src ‘vpn_turris’

I’ve retested and it works for me now without changing settings. Could this be resolved by update to 3.11.3?

did you test with hostnames or ip-addresses?
(could have been a dns issue)

I’ve tested with ip addresses in all cases, thank you for prompt answer.