Hello, I see a lot of traffic 400-500 Mbps, inside traffic with src address ff02::fb:5353; and Blocks the network???

that is specifically the CAPsMAN tunneling protocol - not sure why so much data would be going through it if not doing rolling upgrade etc - having it on all interfaces like that makes me think a bridge or loop issue.

Perhaps see if you can capture the traffic and load it up in wireshark so you can see the content of the traffic and get an idea of what its trying to do / what might be going wrong.

Short term fix might be to disable / enable CAPsMAN manager or reboot the head-end device.

Hello, I caught the villain. I named him 11 september hack. this is what helped me - block multicast on bridge
/interface bridge filter add chain=forward in-bridge=bridge-vlan10-wifi-mall packet-type=multicast action=drop (optionaly mac-protocol=ipv6)
/interface bridge settings set use-ip-firewall=yes
And then locate multicast source from Wi-Fi point