DHCP Leak to the wan(different vlan) on swconfig based hardware

i Have mt7628 based hardware, for which im using target as mt7628an_d-team_pbr-d1

When i am connecting my laptop cable to lan4 and wan cable to wan port,
DHCP request coming from laptop is also visible on wan network.
as well as dhcp server which is starting by default on br-lan is assigning dhcp leases on wan network as well.

Note:- I am using vanilla openwrt with openwrt 21.02 branch.
.config is generated is as well vanilla.
i have made 2 changes in dts for gmac as below
.config file

diff --git a/target/linux/ramips/dts/mt7628an_d-team_pbr-d1.dts b/target/linux/ramips/dts/mt7628an_d-team_pbr-d1.dts
index e5c52322b6..a5fcc59eb4 100644
--- a/target/linux/ramips/dts/mt7628an_d-team_pbr-d1.dts
+++ b/target/linux/ramips/dts/mt7628an_d-team_pbr-d1.dts
@@ -115,7 +115,6 @@
 			factory: partition@40000 {
 				label = "factory";
 				reg = <0x40000 0x10000>;
-				read-only;
 			};
 
 			partition@50000 {
@@ -152,7 +151,7 @@
 };
 
 &ethernet {
-	mtd-mac-address = <&factory 0x28>;
+	mtd-mac-address = <&factory 0x4>;
 };
 
 &sdhci {

AFAIK the D1 isn't supported by openwrt.

21.02 is EOL,

@frollic dteam_pbr_d1 is supported and still available in main branch,
As well i will try to compile a build for openwrt 23 to check, but if u can point out what to troubleshoot and what can be the issue for dhcp leak, it would be great.
I can not migrate to openwrt 23 as there are much applications running on openwrt 21 in my case which doesn't have compatibility with openwrt 23 being kernel change, fw changes and much more.

Thanks

Seems like your switch config is incorrect and is treating all your ports as a single LAN. Whether that's your config or a software issue is hard to tell since you don't include any other information.

== Pandorabox then ?

1 Like

@rkboni
following is my network config

root@OpenWrt:~# cat /etc/config/network 

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd29:64ed:6ddc::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config device
        option name 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'eth0.2'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'


config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6t'

root@OpenWrt:~# cat /etc/config/dhcp 

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

Is port 0 or port 6 your CPU port?
The CPU port needs to be tagged on each vlan.
(Maybe it is the root course of your issue regarding where the traffic is visible/passing through.)

@_bernd port 6 is the cpu port