MT7621 DSA Question

Hello gals and guys,

I have a Xiaomi R4A Gigabit edition running as a dumb ap with a few VLANs. Recently I've noticed I'm getting mac addr errors(mac censored):

[ 140.579563] br-lan: received packet on wan with own address as source address (addr:**:**:**:**:**:**, vlan:1)

Physical network does not have loops. I'm using VLAN 69 and 70 for guest and IoT and VLAN 1 for normal network. Main router is also MT7621 (Asus RT-AC85P, openwrt) and it's configured properly since it works with another dumb ap (mikrotik hap ac2, openwrt). Between main router and Xiaomi is a dumb 5 port mercusys MS105G network switch, however the problem reoccurs even when I bypass the switch directly. Between main router and hap ac2 is also dumb switch, same model but 8 port MS108G. VLANs pass through correctly. To rule out defective hardware I flashed another Xiaomi R4A Gigabit with same version of openwrt and same backup file and the problem persists. Based on those tests I ruled out switch and main router problems and narrowed it down to Xiaomi config.

My theory is that I have a misconfig in bridge config so it loops packets to itself:


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	option igmp_snooping '1'
	option ipv6 '0'
	list ports 'eth0'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'wan'

config interface 'lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option gateway '192.168.1.1'
	option delegate '0'
	list dns '192.168.1.242'
	list dns '192.168.1.241'
	option force_link '0'
	option ipaddr '192.168.1.6'
	option device 'br-lan.1'

config device
	option name 'wan'
	option ipv6 '0'

config device
	option name 'eth0'
	option ipv6 '0'

config device
	option name 'lan1'
	option ipv6 '0'

config device
	option name 'lan2'
	option ipv6 '0'

config device
	option name 'wlan0'
	option ipv6 '0'

config device
	option name 'wlan0-1'
	option ipv6 '0'

config device
	option name 'wlan1'
	option ipv6 '0'

config bridge-vlan
	option device 'br-lan'
	option vlan '69'
	list ports 'eth0:'
	list ports 'lan1:t'
	list ports 'lan2:t'
	list ports 'wan:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'eth0:'
	list ports 'lan1:u*'
	list ports 'lan2:u*'
	list ports 'wan:u*'

config interface 'guest'
	option proto 'none'
	option delegate '0'
	option device 'br-lan.69'

config interface 'kinezi'
	option proto 'none'
	option delegate '0'
	option device 'br-lan.70'

config bridge-vlan
	option device 'br-lan'
	option vlan '70'
	list ports 'eth0:'
	list ports 'lan1:t'
	list ports 'lan2:t'
	list ports 'wan:t'

config device
	option name 'br-lan.1'
	option type '8021q'
	option ifname 'br-lan'
	option vid '1'
	option ipv6 '0'

config device
	option name 'br-lan.69'
	option type '8021q'
	option ifname 'br-lan'
	option vid '69'
	option ipv6 '0'

config device
	option name 'br-lan.70'
	option type '8021q'
	option ifname 'br-lan'
	option vid '70'
	option ipv6 '0'

config device
	option name 'wlan0-2'
	option ipv6 '0'

config device
	option name 'wlan0-3'
	option ipv6 '0'


All devices are running 22.03.0-rc6 firmware, I've tried and the error reoccurs on 21.02.3.

If possible, I would like to retain that all 3 ports on xiaomi act as a switch and forward VLANs further downstream if needed in the future.

Does eth0 network switch have to be in the bridge or what, what is the purpose of having eth0, lan1, lan2 and wan separately? Isn't eth0 internally connected to lan1 and lan2? I'm not sure that I got that part of config right and I've tried a couple combinations but I keep getting locked out after applying so I decided to ask you guys.
Any help would be gladly appreciated.