DHCPDISCOVER DHCPOFFER loop

Hi, after installing OpenWRT on my Xiaomi AC2350 router, both my tv-boxes can't connect to wi-fi. In system log it's stuck at DHCPDISCOVER DHCPOFFER without REQUEST. I use default setting. All other devices connect and work normally. Any suggestion?

A piece of system log:

Thu Aug 26 19:30:07 2021 daemon.info hostapd: wlan1: STA 08:da:35:df:c4:96 IEEE 802.11: disassociated
Thu Aug 26 19:30:07 2021 daemon.info hostapd: wlan1: STA 08:da:35:df:c4:96 IEEE 802.11: authenticated
Thu Aug 26 19:30:07 2021 daemon.info hostapd: wlan1: STA 08:da:35:df:c4:96 IEEE 802.11: associated (aid 1)
Thu Aug 26 19:30:07 2021 daemon.notice hostapd: wlan1: AP-STA-CONNECTED 08:da:35:df:c4:96
Thu Aug 26 19:30:07 2021 daemon.info hostapd: wlan1: STA 08:da:35:df:c4:96 WPA: pairwise key handshake completed (RSN)
Thu Aug 26 19:30:07 2021 daemon.notice hostapd: wlan1: EAPOL-4WAY-HS-COMPLETED 08:da:35:df:c4:96
Thu Aug 26 19:30:08 2021 daemon.info dnsmasq-dhcp[2811]: DHCPDISCOVER(br-lan) 08:da:35:df:c4:96
Thu Aug 26 19:30:08 2021 daemon.info dnsmasq-dhcp[2811]: DHCPOFFER(br-lan) 192.168.1.193 08:da:35:df:c4:96
Thu Aug 26 19:30:09 2021 daemon.info dnsmasq-dhcp[2811]: DHCPDISCOVER(br-lan) 08:da:35:df:c4:96
Thu Aug 26 19:30:09 2021 daemon.info dnsmasq-dhcp[2811]: DHCPOFFER(br-lan) 192.168.1.193 08:da:35:df:c4:96
Thu Aug 26 19:30:10 2021 daemon.info dnsmasq-dhcp[2811]: DHCPDISCOVER(br-lan) 08:da:35:df:c4:96
Thu Aug 26 19:30:10 2021 daemon.info dnsmasq-dhcp[2811]: DHCPOFFER(br-lan) 192.168.1.193 08:da:35:df:c4:96
Thu Aug 26 19:30:12 2021 daemon.info dnsmasq-dhcp[2811]: DHCPDISCOVER(br-lan) 08:da:35:df:c4:96
Thu Aug 26 19:30:12 2021 daemon.info dnsmasq-dhcp[2811]: DHCPOFFER(br-lan) 192.168.1.193 08:da:35:df:c4:96
Thu Aug 26 19:30:13 2021 daemon.info dnsmasq-dhcp[2811]: DHCPDISCOVER(br-lan) 08:da:35:df:c4:96
Thu Aug 26 19:30:13 2021 daemon.info dnsmasq-dhcp[2811]: DHCPOFFER(br-lan) 192.168.1.193 08:da:35:df:c4:96

It's 2 years later and I am facing the same issue here.
Interestingly, only for SOME devices on my network, other will go through DHCPDISCOVER, OFFER, DISCOVER with IP address and ACK.
The other devices go through DHCPDISCOVER/OFFER loop for multiple times (20-30x) before do either ACK or the device gives up...
Any hints how this got solved?

Given that the OP posted this so long ago, they probably were on a different version of OpenWrt relative to you (hopefully you're on something more recent).

That said, this is not a common problem. We need a lot more information to understand what might be causing this...

  • does this happen with both wired and wireless devices?
  • What specific devices are affected?
  • Do you run only a single router+AP, or do you have outboard APs and/or switches? And if so, what firmware do they use and how are they configured?
  • Any other relevant info?
  • Configs?

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

OK, so here is my information:

  • so far, I've only noticed this on wireless devices
  • I am running 22.03 version on x86 HW with 4x intel 2.5Gb ports, one setup as WAN, another as LAN with 7 vlans
  • the APs are EAP670
  • the connecting client is Samsung Galaxy tab S6 lite, tested with both open-source e.foundation OS and the stock firmware
  • the router and AP are connected using Zyxel GS1900-24HP, which supports VLANs and the ports for both the AP and the router are marked as trunk, all VLANs are allowed to flow through
    Observed situation:
  1. if the device was connected with different IP (e.g. connected to WiFi network linked to different VLAN), the REQUEST/OFFER loop does not happen, the device will get IP on the first try
  2. if the device was connected to the main VLAN/WiFi combo and disconnects, on next reconnect it will go through ~1 minute of REQUEST/OFFER loop, until it connects
  3. any other devices (e.g. Xiaomi redmi 8T with e.foundation OS or redmi 10 with stock firmware) connect no problem, so do all my Shelly devices.
  4. I specifically created a VLAN/WiFi combo for only 5GHz network and another for 2.4GHz network - the behavior is always the same.
  5. If I set the "use randomize MAC" on the android device, the behavior is the same as if I use the HW MAC, just getting different IP address.
    Here is the log from last few minutes:
Aug  9 23:11:13 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:13 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:13 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:13 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:14 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:14 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:17 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:17 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:17 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:17 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:18 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:18 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:19 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:19 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:20 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:20 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:20 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:20 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:20 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:20 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:21 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:21 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:23 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:23 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:24 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:24 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:25 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:25 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:26 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:26 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:31 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:31 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:33 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:33 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:33 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:33 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:34 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:34 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:37 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:37 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:38 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:38 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:38 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:38 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:39 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:39 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:40 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:40 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:40 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:40 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:41 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:41 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:42 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:42 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:44 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:44 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:44 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:44 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:45 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:45 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:46 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:46 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:48 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:48 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:52 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:52 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:53 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:53 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:11:54 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:11:54 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b


Aug  9 23:12:26 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:12:26 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:12:26 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:12:26 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:12:26 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:12:26 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:12:26 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:12:26 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:12:26 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:12:26 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:12:26 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:12:26 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:12:27 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:12:27 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:12:27 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:12:27 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:12:29 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:12:29 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:12:29 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:12:29 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:12:30 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:12:30 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:12:31 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:12:31 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:12:33 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:12:33 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:12:37 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:12:37 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:12:37 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:12:37 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:12:38 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:12:38 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:12:40 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:12:40 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b



Aug  9 23:13:52 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:13:52 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:13:52 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:13:52 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:13:52 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:13:52 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:13:52 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:13:52 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:13:52 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:13:52 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:13:52 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:13:52 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:13:52 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:13:52 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:13:53 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:13:53 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:13:55 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:13:55 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:13:55 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:13:55 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:13:56 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:13:56 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:13:57 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:13:57 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:13:59 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:13:59 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:14:04 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:14:04 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:14:04 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:14:04 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:14:05 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) 86:3c:80:ef:1b:7b
Aug  9 23:14:05 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:14:06 router dnsmasq-dhcp[1]: DHCPREQUEST(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b
Aug  9 23:14:06 router dnsmasq-dhcp[1]: DHCPACK(eth0.10) 10.10.10.108 86:3c:80:ef:1b:7b sanchoTablet

root@router:~# ubus call system board
{
	"kernel": "5.10.134",
	"hostname": "router",
	"system": "Intel(R) Celeron(R) J4125 CPU @ 2.00GHz",
	"model": "Default string Default string",
	"board_name": "default-string-default-string",
	"rootfs_type": "ext4",
	"release": {
		"distribution": "OpenWrt",
		"version": "22.03.0-rc6",
		"revision": "r19590-042d558536",
		"target": "x86/64",
		"description": "OpenWrt 22.03.0-rc6 r19590-042d558536"
	}
}

root@router:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdd2:0a68:9143::/48'

config interface 'lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '10.0.0.254'
	option device 'LANbridge'
	option defaultroute '0'
	option delegate '0'

config interface 'wan'
	option device 'eth3'
	option proto 'dhcp'
	option peerdns '0'
	list dns '208.67.222.222'
	list dns '208.67.220.220'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '0t 2 3 4'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '2'
	option ports '0t 1'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '0t 2t 3t 4t'
	option vid '10'
	option description 'mainNet'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option ports '0t 2t 3t 4t'
	option vid '20'
	option description 'iotSafe'

config switch_vlan
	option device 'switch0'
	option vlan '5'
	option ports '0t 2t 3t 4t'
	option vid '30'
	option description 'iotUnsafe'

config switch_vlan
	option device 'switch0'
	option vlan '6'
	option ports '0t 2t 3t 4t'
	option vid '40'
	option description 'inetDevs'

config switch_vlan
	option device 'switch0'
	option vlan '7'
	option ports '0t 2t 3t 4t'
	option vid '50'
	option description 'netHW'

config switch_vlan
	option device 'switch0'
	option vlan '8'
	option ports '0t 2t 3t 4t'
	option vid '60'
	option description 'servers'

config switch_vlan
	option device 'switch0'
	option vlan '9'
	option ports '0t 2t 3t 4t'
	option vid '70'
	option description 'guests'

config device
	option name 'eth0.10'
	option type '8021q'
	option ifname 'eth0'
	option vid '10'
	option macaddr '88:C3:97:13:77:10'
	option acceptlocal '1'

config device
	option name 'eth0.20'
	option type '8021q'
	option ifname 'eth0'
	option vid '20'
	option macaddr '88:C3:97:13:77:20'
	option acceptlocal '1'

config device
	option name 'eth0.30'
	option type '8021q'
	option ifname 'eth0'
	option vid '30'
	option macaddr '88:C3:97:13:77:30'
	option acceptlocal '1'

config device
	option name 'eth0.40'
	option type '8021q'
	option ifname 'eth0'
	option vid '40'
	option macaddr '88:C3:97:13:77:40'
	option acceptlocal '1'

config device
	option name 'eth0.50'
	option type '8021q'
	option ifname 'eth0'
	option vid '50'
	option macaddr '88:C3:97:13:77:50'
	option acceptlocal '1'

config device
	option name 'eth0.60'
	option type '8021q'
	option ifname 'eth0'
	option vid '60'
	option macaddr '88:C3:97:13:77:60'
	option acceptlocal '1'

config device
	option name 'eth0.70'
	option type '8021q'
	option ifname 'eth0'
	option vid '70'
	option macaddr '88:C3:97:13:77:70'
	option acceptlocal '1'

config interface 'mainNet'
	option proto 'static'
	option device 'eth0.10'
	option netmask '255.255.255.0'
	option ipaddr '10.10.10.254'
	option delegate '0'

config interface 'iotSafe'
	option proto 'static'
	option device 'eth0.20'
	option ipaddr '10.10.20.254'
	option netmask '255.255.255.0'

config interface 'iotUnsafe'
	option proto 'static'
	option device 'eth0.30'
	option ipaddr '10.10.30.254'
	option netmask '255.255.255.0'

config interface 'inetDevs'
	option proto 'static'
	option device 'eth0.40'
	option ipaddr '10.10.40.254'
	option netmask '255.255.255.0'

config interface 'netHW'
	option proto 'static'
	option device 'eth0.50'
	option ipaddr '10.10.50.254'
	option netmask '255.255.255.0'

config interface 'servers'
	option proto 'static'
	option device 'eth0.60'
	option ipaddr '10.10.60.254'
	option netmask '255.255.255.0'

config interface 'guests'
	option proto 'static'
	option device 'eth0.70'
	option ipaddr '10.10.70.254'
	option netmask '255.255.255.0'

config interface 'WLAN6'
	option proto 'dhcpv6'
	option device 'eth3'
	option reqaddress 'try'
	option reqprefix 'auto'

config device
	option name 'eth3'
	option ipv6 '0'

config device
	option type '8021q'
	option ifname 'eth0'
	option vid '1'
	option name 'eth0.1'
	option ipv6 '0'
	option macaddr '88:C3:97:13:77:01'

config device
	option type 'bridge'
	option name 'LANbridge'
	list ports 'eth0'
	list ports 'eth0.1'
	option ipv6 '0'
	option macaddr '88:C3:97:13:77:FF'

The rest (DHCP and firewall) are a bit sensitive, even from network I had to remove wireguard parts...
Anything specific that might help from there?

This could be the problem here... bridging eth0 and eth0.1 is not recommended. If the network should be tagged on the port, remove eth0. If the network is expected to be untagged, remove eth0.1.

Thanks for the tip.
I did not realized it.
Unfortunately, it did not helped.
Removed the bridge interface altogether and linked the LAN interface directly to eth0.1.
Rebooted the router fully, tried to reconnect and the same problem...

Aug  9 23:49:42 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:49:42 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:49:42 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:49:42 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:49:43 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:49:43 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:49:43 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:49:43 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:49:44 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:49:44 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:49:45 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:49:45 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:49:45 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:49:45 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:49:46 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:49:46 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:49:48 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:49:48 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:49:49 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:49:49 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:49:50 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:49:50 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:49:50 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:49:50 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:49:52 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:49:52 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:49:57 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:49:57 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:49:57 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:49:57 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:49:58 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:49:58 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:01 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:50:01 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:01 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:50:01 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:02 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:50:02 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:02 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:50:02 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:03 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:50:03 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:04 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:50:04 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:04 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:50:04 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:05 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:50:05 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:07 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:50:07 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:08 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:50:08 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:09 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:50:09 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:10 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:50:10 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:12 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:50:12 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:17 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:50:17 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:17 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:50:17 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:18 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.10) a8:30:bc:ec:8d:07
Aug  9 23:50:18 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:18 router dnsmasq-dhcp[1]: DHCPREQUEST(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07
Aug  9 23:50:18 router dnsmasq-dhcp[1]: DHCPACK(eth0.10) 10.10.10.63 a8:30:bc:ec:8d:07 sanchoTablet

Given that this is a DHCP issue we're trying to debug, it'll be necessary to see these files to make sure there isn't an obvious problem in one or both. You can remove DHCP reservations and other sensitive data (just make it clear that you have redacted that info).

Also, it is entirely possible that there is something with the OS on the phone given that it is the only one having the issue.

OK, will try...

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option local '/house/'
	option domain 'house'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option ednspacket_max '1232'
	option logqueries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option localservice '0'
	option sequential_ip '1'
	option confdir '/tmp/dnsmasq.d'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option dhcpv4 'server'
	option leasetime '1h'
	option force '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'mainNet'
	option interface 'mainNet'
	option force '1'
	option start '100'
	option limit '150'
	option leasetime '1h'

config dhcp 'iotSafe'
	option interface 'iotSafe'
	option start '100'
	option limit '150'
	option force '1'
	option leasetime '1h'

config dhcp 'iotUnsafe'
	option interface 'iotUnsafe'
	option start '100'
	option limit '150'
	option force '1'
	option leasetime '1h'

config dhcp 'inetDevs'
	option interface 'inetDevs'
	option start '100'
	option limit '150'
	option force '1'
	option leasetime '1h'

config dhcp 'netHW'
	option interface 'netHW'
	option start '100'
	option limit '150'
	option force '1'
	option leasetime '1h'

config dhcp 'servers'
	option interface 'servers'
	option start '100'
	option limit '150'
	option force '1'
	option leasetime '1h'
	list dhcp_option '150,10.10.60.111'
	list dhcp_option '66,10.10.60.111'

config dhcp 'guests'
	option interface 'guests'
	option start '100'
	option limit '150'
	option force '1'
	option leasetime '1h'

config domain
	option name 'xxx.xxx.xxx'
	option ip 'xxx.xxx.xxx.xxx'

config dhcp 'VPN'
	option interface 'VPN'

config host
	option name 'sanchoTablet'
	option mac 'a8:30:bc:ec:8d:07 a2:10:aa:a6:55:e5'
	option ip '10.10.10.63'
	option leasetime '24h'

config host
	option mac '08:3A:F2:51:5C:54'
	option name 'diyColin'
	option dns '1'
	option ip '10.10.30.21'
	option leasetime '24h'

config host
	option mac 'A4:45:19:4B:C0:E4'
	option name 'redmi8t'
	option dns '1'
	option ip '10.10.10.64'
	option leasetime '24h'

Redacted around 150 static host definitions.

I don't think it is truly necessary, but consider adding this to your mainNet DHCP server:

	option dhcpv4 'server'

There are two MAC addrsses here... try removing one and setting just one.

Also, make sure that the device is always presenting the same MAC... this would mean turning off MAC randomization/privacy if it enabled on that device.

And now anonymized (:slight_smile: ) firewall:

root@router:~# cat /etc/config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'
	option flow_offloading '1'
	option flow_offloading_hw '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow guest DHCP and DNS'
	option src 'guests'
	option dest_port '53 67 68 69'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'SSH from outside'
	list proto 'tcp'
	option src 'wan'
	option dest_port '22'
	option dest_ip 'XXX.XXX.XXX.XXX'
	option src_dport 'XXX'

config zone
	option name 'mainNet'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option family 'ipv4'
	option forward 'REJECT'
	list network 'mainNet'

config zone
	option name 'iotSafe'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option family 'ipv4'
	list network 'iotSafe'

config zone
	option name 'iotUnsafe'
	option forward 'REJECT'
	option family 'ipv4'
	option input 'REJECT'
	option output 'REJECT'
	list network 'iotUnsafe'

config zone
	option name 'inetDevs'
	option family 'ipv4'
	option input 'REJECT'
	option output 'REJECT'
	option forward 'REJECT'
	list network 'inetDevs'

config zone
	option name 'netHW'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option family 'ipv4'
	list network 'netHW'

config zone
	option name 'servers'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option family 'ipv4'
	option forward 'REJECT'
	list network 'servers'

config zone
	option name 'guests'
	option forward 'REJECT'
	option family 'ipv4'
	option input 'REJECT'
	option output 'ACCEPT'
	list network 'guests'

config forwarding
	option src 'mainNet'
	option dest 'wan'

config rule
	option name 'Allow iotUnsafe DHCP and DNS'
	option src 'iotUnsafe'
	option dest_port '53 67 68 69'
	option target 'ACCEPT'

config rule
	option name 'Allow iotUnsafe DHCP and DNS output'
	option src_port '53 67 68 69'
	option dest 'iotUnsafe'
	option target 'ACCEPT'

config forwarding
	option src 'servers'
	option dest 'wan'

config rule
	option name 'Allow inetDevs DHCP and DNS'
	option src 'inetDevs'
	option dest_port '53 67 68 69'
	option target 'ACCEPT'

config rule
	option name 'Allow inetDevs DHCP and DNS output'
	option src_port '53 67 68 69'
	option dest 'inetDevs'
	option target 'ACCEPT'

config rule
	list proto 'tcp'
	option src '*'
	option dest 'inetDevs'
	list dest_ip 'xxx.xxx.xxx.xxx'
	option dest_port '443 80'
	option target 'ACCEPT'
	option name 'xxx web allow input'

config rule
	option name 'xxx web allow output'
	list proto 'tcp'
	option src 'inetDevs'
	list src_ip 'xxx.xxx.xxx.xxx'
	option src_port '443 80'
	option dest '*'
	option target 'ACCEPT'

config forwarding
	option src 'mainNet'
	option dest 'servers'

config rule
	option name 'Allow iotSafe to xxx'
	option family 'ipv4'
	list proto 'all'
	option src 'iotSafe'
	option dest 'servers'
	list dest_ip 'xxx.xxx.xxx.xxx'
	option target 'ACCEPT'

config forwarding
	option src 'servers'
	option dest 'iotSafe'

config forwarding
	option src 'servers'
	option dest 'iotUnsafe'

config rule
	option name 'Allow iotUnsafe xxx'
	list proto 'tcp'
	option src 'iotUnsafe'
	option dest 'servers'
	list dest_ip 'xxx.xxx.xxx.xxx'
	option dest_port 'xxxx'
	option target 'ACCEPT'

config forwarding
	option src 'servers'
	option dest 'inetDevs'

config forwarding
	option src 'servers'
	option dest 'mainNet'

config forwarding
	option src 'mainNet'
	option dest 'inetDevs'

config forwarding
	option src 'inetDevs'
	option dest 'wan'

config forwarding
	option src 'guests'
	option dest 'wan'

config zone
	option name 'VPNzone'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'VPN'

config forwarding
	option src 'VPNzone'
	option dest 'wan'

config rule
	list proto 'udp'
	option src 'wan'
	option target 'ACCEPT'
	option name 'Allow xxx'
	option dest_port 'xxxxx'

config forwarding
	option src 'mainNet'
	option dest 'iotSafe'

config rule
	option src 'mainNet'
	option dest 'netHW'
	option target 'ACCEPT'
	option name 'Allow from xxxx/xxxx'
	list proto 'all'
	list src_ip 'xxx.xxx.xxx.xxx'
	list src_ip 'xxx.xxx.xxx.xxx'

config rule
	option name 'Allow xxxxxxx'
	option src 'inetDevs'
	list src_ip 'xxx.xxx.xxx.xxx'
	option dest 'servers'
	list dest_ip 'xxx.xxx.xxx.xxx'
	option dest_port 'xxxx'
	option target 'ACCEPT'

config forwarding
	option src 'mainNet'
	option dest 'lan'

config forwarding
	option src 'iotSafe'
	option dest 'wan'

config forwarding
	option src 'VPNzone'
	option dest 'mainNet'

config forwarding
	option src 'VPNzone'
	option dest 'servers'

config forwarding
	option src 'mainNet'
	option dest 'VPNzone'

config forwarding
	option src 'mainNet'
	option dest 'iotUnsafe'

config forwarding
	option src 'VPNzone'
	option dest 'inetDevs'

config forwarding
	option src 'VPNzone'
	option dest 'iotSafe'

config forwarding
	option src 'VPNzone'
	option dest 'iotUnsafe'

config rule
	option name 'Allow xxxx to xxxxx'
	option dest 'servers'
	list dest_ip 'xxx.xxx.xxx.xxx'
	option target 'ACCEPT'
	option src 'iotUnsafe'
	list src_ip 'xxx.xxx.xxx.xxx'
	list src_ip 'xxx.xxx.xxx.xxx'
	list src_ip 'xxx.xxx.xxx.xxx'

config forwarding
	option src 'iotSafe'
	option dest 'servers'

config rule
	option name 'Allow NTP from iotUnsafe'
	list proto 'udp'
	option src 'iotUnsafe'
	list dest_ip '10.10.30.254'
	option dest_port '123'
	option target 'ACCEPT'

config rule
	option name 'avahi servers'
	list proto 'udp'
	option src 'servers'
	option src_port '5353'
	option dest_port '5353'
	option target 'ACCEPT'

config rule
	option name 'avahi mainNet'
	list proto 'udp'
	option src 'mainNet'
	option src_port '5353'
	option dest_port '5353'
	option target 'ACCEPT'

config rule
	option name 'avahi trustedIoT'
	list proto 'udp'
	option src 'iotSafe'
	option src_port '5353'
	option dest_port '5353'
	option target 'ACCEPT'

config rule
	option name 'allow xxxx Dashboard'
	option src 'iotUnsafe'
	list src_ip 'xxx.xxx.xxx.xxx'
	option dest 'servers'
	list dest_ip 'xxx.xxx.xxx.xxx'
	list dest_ip 'xxx.xxx.xxx.xxx'
	option dest_port '8888 8123'
	option target 'ACCEPT'

config rule
	option name 'Allow xxxx to get to net'
	list proto 'all'
	option src 'netHW'
	list src_ip 'xxx.xxx.xxx.xxx'
	option dest 'wan'
	option target 'ACCEPT'
	option enabled '0'

config rule
	option name 'xxx to xxx'
	option src 'netHW'
	list src_ip 'xxx.xxx.xxx.xxx'
	option dest 'servers'
	list dest_ip 'xxx.xxx.xxx.xxx'
	option target 'ACCEPT'
	list proto 'all'

config rule
	option name 'xxx to xxx'
	option src 'servers'
	list src_ip 'xxx.xxx.xxx.xxx'
	option dest 'netHW'
	list dest_ip 'xxx.xxx.xxx.xxx'
	option target 'ACCEPT'
	list proto 'all'

config rule
	option name 'xxxx to netHW'
	list proto 'all'
	option src 'lan'
	list src_ip 'xxx.xxx.xxx.xxx'
	option dest 'netHW'
	option target 'ACCEPT'

config rule
	option name 'netHW to xxxx'
	list proto 'all'
	option src 'netHW'
	option dest 'lan'
	list dest_ip 'xxx.xxx.xxx.xxx'
	option target 'ACCEPT'

config rule
	option name 'xxxx to inet'
	list proto 'all'
	option src 'netHW'
	list src_ip 'xxx.xxx.xxx.xxx'
	option dest 'wan'
	option target 'ACCEPT'
	option enabled '0'

config rule
	option name 'xxxx to internet'
	option src 'netHW'
	option dest 'wan'
	option target 'ACCEPT'
	list proto 'all'
	list src_ip 'xxx.xxx.xxx.xxx'
	list src_ip 'xxx.xxx.xxx.xxx'
	option enabled '0'


Not seeing any issues with the firewall. Try the DHCP file adjustment (and the device MAC verification) I recommended and let me know if that helps.

Tried to:

  • remove the MAC and only assign the IP on hostname
  • kept only 1 MAC address
  • kept both MAC for 2.4GHz and 5GHz wiki.

The behavior seems the same.
Even when selecting random MAC on the device and after few minutes (!!!) receiving a non-allocated IP address from DHCP pool, not from the allocated one.

I want to point out that a lot of devices work OK, just some do have this connectivity issue - Samsung tablets, Microsoft surface devices and one old cellphone (OnePlus one).
The rest gets IP after first attempt.
So I do start to lean towards the problem on the client side...

Yeah, my thoughts, too.

One other thing -- it is possible that the APs are swallowing some of the DHCP packets. This was a known issue on Unifi APs (stock firmware 4.3.21+; I still run 4.3.20 years later for this reason, although I am thinking of trying an upgrade).

I did a test - limited one WiFi to a specific AP and tried to connect to that one - same result.
I will now try to connect using ethernet cable on the tablet (not sure it will work) to see if the DHCP problem remains...

OK, over ethernet the connection was MUCH smoother:

Aug 10 01:13:24 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.60) 00:e0:4c:68:00:7c
Aug 10 01:13:24 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.60) 10.10.60.113 00:e0:4c:68:00:7c
Aug 10 01:13:24 router dnsmasq-dhcp[1]: DHCPDISCOVER(eth0.60) 00:e0:4c:68:00:7c
Aug 10 01:13:24 router dnsmasq-dhcp[1]: DHCPOFFER(eth0.60) 10.10.60.113 00:e0:4c:68:00:7c
Aug 10 01:13:24 router dnsmasq-dhcp[1]: DHCPREQUEST(eth0.60) 10.10.60.113 00:e0:4c:68:00:7c
Aug 10 01:13:24 router dnsmasq-dhcp[1]: DHCPACK(eth0.60) 10.10.60.113 00:e0:4c:68:00:7c sanchoTablet

Connected to different vlan (due to switch config on my desk, but still no repetitive action there).

Seems to suggest that it is not the router. Could be the client, or the AP (or both).

Well, there is some interesting development.
I've dug out my old Unifi AP (U6-Pro) and installed it into garage.
I've set up the same VLAN/WiFi combination (just modified the AP SSID, so I know where I connect).
I connected to it using the same Samsung tablet and got DHCP in 2 seconds.
So I disconnected, connected back to the old WiFi and got the IP in 2 seconds, too.
Tried to reboot the tablet, disconnect and reconnect to the old WiFi, now everything works super-fast.

What I think is the problem here - I have 3x EAP670 in my house. All of them transmit the same SSIDs, on different channels and on 2 different frequencies (2.4 and 5GHz).
As the tablet is connecting, it might (due to some roaming or something) transmit the DHCP using multiple APs. As these arrive in different order to the OpenWRT, it responds in sequence - this sequence then MIGHT confuse the device and fail to actually finish the DHCP sequence.
Next step - I will try to isolate the device to a specific AP, but now I cannot reproduce the problem anymore :frowning:

No, it doesn't work like that. The client will connect to exactly one AP at a time. It could be an issue with the configuratoin of one or two of the APs, though, such that the client is unable to properly obtain an IP through it.