Duplicate MAC conflicts after upgrade to 23.02.02

johnfzc · November 27, 2023, 11:11pm

I upgraded an AP to 23.05.2 and was no longer able to access the Internet through the AP. Strangely, I was able to reach the AP from other computers on the network, but communications between the AP and my main router didn't work.

After some investigation I discovered that the MAC address of the router had been assigned to one of the port interfaces on the AP. I suspect the change / increase in MAC usage is because of the transition to DSA and the assignment of MAC addresses to individual switch ports. I had purchased the two devices directly from the manufacturer and they had near sequential MAC addresses. One of the ports on the AP was assigned the mac address of the router.

Here you can see the output of ip a s and brctl showmacs on the two devices; first the router:

root@roooter:~# ip a s br-lan
23: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether e4:95:6e:40:31:04 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fd9e:5b70:f088::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::e695:6eff:fe43:3004/64 scope link 
       valid_lft forever preferred_lft forever
root@roooter:~# brctl showmacs br-lan
port no mac addr        is local?   ageing timer
  4 e2:95:6e:40:31:04   yes        0.00
  4 e2:95:6e:40:31:04   yes        0.00
  1 e4:95:6e:40:31:04   yes        0.00
  1 e4:95:6e:40:31:04   yes        0.00
  2 e4:95:6e:40:31:05   yes        0.00
  2 e4:95:6e:40:31:05   yes        0.00

And then the AP:

root@ap:~# ip a s br-lan
8: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether e4:95:6e:40:31:02 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.12/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fd8d:c043:4e5c::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::e695:6eff:fe43:3012/64 scope link 
       valid_lft forever preferred_lft forever
root@ap:~# brctl showmacs br-lan
port no  mac addr    is local?   ageing timer
  1   e4:95:6e:40:31:02 yes         0.00
  1   e4:95:6e:40:31:02 yes         0.00
  3   e4:95:6e:40:31:03 yes         0.00
  3   e4:95:6e:40:31:03 yes         0.00
  2   e4:95:6e:40:31:04 yes         0.00
  2   e4:95:6e:40:31:04 yes         0.00

The MAC e4:95:6e:40:31:04 was the source of the conflict and issue.

I was able to resolve the problem by changing the MACs of all interfaces adding 10 to the final octet of each one in Network > Interfaces > Devices. You could also do this with stanzas similar to these in /etc/config/network though enumerating the required interfaces may not be as easy as in the UI:

config device
   option name 'eth0'
   option macaddr 'E4:95:6E:40:30:12'

config device
   option name 'lan1'
   option macaddr 'E4:95:6E:40:30:12'

I don't know if there's an easy way to prevent this problem in the future, but wanted to share my experience in case other people run into this problem as well.

_bernd · November 28, 2023, 1:20am

I'm impressed you really got 2 devices produced exactly next to each other and hit the issue that Openwrt interface addresses gets incremented.

But I'm not sure how i.e. a randomize Mac addr on first boot feature would look like. But maybe the days of shitty devices are gone where you could not change the Mac addr.
And there is still some benefit on having the vendor present in the default mac.

Personally I use a schema how router and AP get a static Mac addr from the private use block and each device has enough spare to generate 256*256 addresses for it's interfaces.