[Solved] Turn off DHCP server on br-lan, eth1 strangely no longer gets DHCP client address, no visible Luci

If in Luci you tick Network/Interfaces/LAN/Edit/DHCP Server/Ignore interface so that your router no longer acts as a DHCP server and can act as a bridge without NAT, I notice that for some unexpected reason, eth1 also stops acting as a DHCP client and getting an address from the upstream router.

The problem with that arrangement is that the router now has no IP address on the LAN's subnet and the admin Luci port is inaccessible through regular means on the subnet.

(yes you can access Luci via default 192.168.1.1 if you manually configure your device to have an IP address in that subnet)

However, if you ssh onto the router and then run this command below, you can give it an IP address that then works so that the router is accessible, but what's the best way to do that properly in Luci so that it acts as a DHCP client and gets an IP address?

ifconfig br-lan:2 {fixed ip address} netmask 255.255.255.0 up

I had thoughts of creating a new network interface br-lan:2 in Luci to act as a DHCP client and seeing whether that would work but I fear stuffing up the networking on the router and causing myself a whole lot of grief.

If you'd like us to review your situation, we need to see your configuration and we also need to understand which physical port is used to connect to the upstream network.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Thanks! It is pretty stock standard apart from the fact that I've turned on Network/Interfaces/LAN/Edit/DHCP Server/Ignore interface

root@OpenWrt:~# ubus call system board
{
        "kernel": "5.15.167",
        "hostname": "OpenWrt",
        "system": "ARMv8 Processor rev 4",
        "model": "MERCUSYS MR90X v1",
        "board_name": "mercusys,mr90x-v1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.5",
                "revision": "r24106-10cc5fcd00",
                "target": "mediatek/filogic",
                "description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
        }
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd46:e324:4f33::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan0'
        list ports 'lan1'
        list ports 'lan2'

config device
        option name 'lan0'
        option macaddr 'xx:xx:xx:xx:xx:xx'

config device
        option name 'lan1'
        option macaddr 'xx:xx:xx:xx:xx:xx'

config device
        option name 'lan2'
        option macaddr 'xx:xx:xx:xx:xx:xx'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi'
        option channel '11'
        option band '2g'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'xxxxxx'
        option encryption 'psk2'
        option key 'xxxxxx'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi+1'
        option channel '40'
        option band '5g'
        option htmode 'HE80'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'xxxxxx'
        option encryption 'psk2'
        option key 'xxxxxx'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@OpenWrt:~# cat /etc/config/firewall
config defaults
        option syn_flood        1
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

config zone
        option name             wan
        list   network          'wan'
        list   network          'wan6'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
        option name             Allow-DHCP-Renew
        option src              wan
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option family           ipv4

# Allow IPv4 ping
config rule
        option name             Allow-Ping
        option src              wan
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT

config rule
        option name             Allow-IGMP
        option src              wan
        option proto            igmp
        option family           ipv4
        option target           ACCEPT

# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
        option name             Allow-DHCPv6
        option src              wan
        option proto            udp
        option dest_port        546
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-MLD
        option src              wan
        option proto            icmp
        option src_ip           fe80::/10
        list icmp_type          '130/0'
        list icmp_type          '131/0'
        list icmp_type          '132/0'
        list icmp_type          '143/0'
        option family           ipv6
        option target           ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Input
        option src              wan
        option proto    icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        list icmp_type          router-solicitation
        list icmp_type          neighbour-solicitation
        list icmp_type          router-advertisement
        list icmp_type          neighbour-advertisement
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Forward
        option src              wan
        option dest             *
        option proto            icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-IPSec-ESP
        option src              wan
        option dest             lan
        option proto            esp
        option target           ACCEPT

config rule
        option name             Allow-ISAKMP
        option src              wan
        option dest             lan
        option dest_port        500
        option proto            udp
        option target           ACCEPT


### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
#       option src              lan
#       option src_ip   192.168.45.2
#       option dest             wan
#       option proto    tcp
#       option target   REJECT

# block a specific mac on wan
#config rule
#       option dest             wan
#       option src_mac  xx:xx:xx:xx:xx:xx
#       option target   REJECT

# block incoming ICMP traffic on a zone
#config rule
#       option src              lan
#       option proto    ICMP
#       option target   DROP

# port redirect port coming in on wan to lan
#config redirect
#       option src                      wan
#       option src_dport        80
#       option dest                     lan
#       option dest_ip          192.168.16.235
#       option dest_port        80
#       option proto            tcp

# port redirect of remapped ssh port (22001) on wan
#config redirect
#       option src              wan
#       option src_dport        22001
#       option dest             lan
#       option dest_port        22
#       option proto            tcp

### FULL CONFIG SECTIONS
#config rule
#       option src              lan
#       option src_ip   192.168.45.2
#       option src_mac  xx:xx:xx:xx:xx:xx
#       option src_port 80
#       option dest             wan
#       option dest_ip  194.25.2.129
#       option dest_port        120
#       option proto    tcp
#       option target   REJECT

#config redirect
#       option src              lan
#       option src_ip   192.168.45.2
#       option src_mac  xx:xx:xx:xx:xx:xx
#       option src_port         1024
#       option src_dport        80
#       option dest_ip  194.25.2.129
#       option dest_port        120
#       option proto    tcp
root@OpenWrt:~#

What port is used to connect to the upstream network?

I list all ports and their connections below:

1. Router's WAN port - nothing
2. LAN port 1 - upstream connection
3. LAN port 2 - my computer
4. LAN port 3 - nothing

What is the address of the upstream router?

It is 192.168.16.1 (192.168.16.0/24)

In that case, typically you'll want to change the IP address of your OpenWrt lan to something like 192.168.16.2 (or any static IP address that it outside the DHCP pool and otherwise unused).

But that said, eth1 is associated with the wan, so it would not be expected to do anything here. The wan is setup as a DHCP client using device eth1, but you said that nothing is connected there. With that in mind, can you clarify the actual issue you're experiencing?

You can also try to create a firewall zone from lan1 to br-lan in luci and accept the input output and forward if you want to connect with two different subnet.

My goals are as follows:

1. New openwrt router to act as a network bridge such that clients connecting via wire/wifi get IP address from upstream router (also openwrt). This is already working the way I have it connected presently.
2. Ability to access and administer new openwrt router's Luci admin page using an IP address it gets from upstream router by acting as a DHCP client.

ok... that's simple:

Change this:

to this:

config interface 'lan'
        option device 'br-lan'
        option proto 'dhcp'

On the upstream router, I have the mac address of the new router bound to 192.168.16.222 so DHCP will always issue it that. I know it works.

Rather than editing the config file directly, I used Luci to change the protocol on br-lan to DHCP Client and I saved it with 90 second auto-revert.

Once the change was saved and applied, I did this from my computer attached to the wired LAN of the new router:

$ ping 192.168.16.222
PING 192.168.16.222 (192.168.16.222): 56 data bytes
92 bytes from latitude-david.lan (192.168.16.161): Destination Host Unreachable
92 bytes from latitude-david.lan (192.168.16.161): Destination Host Unreachable
92 bytes from latitude-david.lan (192.168.16.161): Destination Host Unreachable

That wasn't a good sign. I let it auto-revert.

Can I instead leave the 192.168.1.1 in-place and instead in Luci create an additional interface br-lan:2 with DHCP client configuration?

Let's start with this -- is the upstream DHCP server operating correctly? How have you verified this?

The upstream DHCP server is in use every day and it has issued my current computer IP address. I believe it is fully functional.

let's see the upstream router config (network and DHCP):

This is the config from the upstream router:

# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fda9:de1a:2d90::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan0'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.16.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        list dns '61.9.211.33'
        list dns '61.9.211.1'

config interface 'wan'
        option device 'eth2'
        option proto 'dhcp'
        option ipv6 '1'

config interface 'wan6'
        option device '@wan'
        option proto 'dhcpv6'
        option reqprefix 'auto'
        option reqaddress 'try'
        option defaultroute '0'

config device 'dev_wan'
        option name 'eth2'

config route6
        option interface 'wan6'
        option target '::/0'
        option gateway 'fe80::ca99:b2ff:fefa:edba'
        option metric '512'

config route6
        option target '2001:8004:1de1:b36b::/64'
        option onlink '1'
        option interface 'wan6'
        option metric '512'

config route6
        option target '2001:8004:1de1:b36b:80c:2959:f73d:299/128'
        option onlink '1'
        option interface 'wan6'
        option metric '512'

config route6
        option onlink '1'
        option interface 'wan6'
        option target '2001:8004:1de1:b36b:38a0:8174:9e49:d56c/128'
        option metric '512'

config route6
        option target 'fe80::/64'
        option onlink '1'
        option interface 'wan6'
        option metric '512'

config route6
        option target 'fe80::9848:cb93:4ce0:4c61/128'
        option onlink '1'
        option interface 'wan6'
        option metric '512'

config route6
        option target 'ff00::/8'
        option onlink '1'
        option interface 'wan6'
        option metric '512'

config route6
        option target '2001:8004:1de1:b36b::1'
        option onlink '1'
        option interface 'wan6'
        option metric '512'

# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        option port '0'
        option logqueries '1'
        list server '8.8.8.8'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        list dhcp_option '6,192.168.16.1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config domain
        option name 'router'
        option ip '192.168.16.1'

config domain
        option name 'openwrt'
        option ip '192.168.16.1'

config host
        option ip '192.168.16.4'
        option mac 'XX:XX:XX:XX:XX:XX'
        option dns '1'
        option name 'latitude-jayden'

config domain
        option ip '192.168.16.4'
        option name 'jayden-latitude'

config domain
        option name 'latitudew'
        option ip '192.168.16.5'

config host
        option name 'cam1'
        option mac 'XX:XX:XX:XX:XX:XX'
        option ip '192.168.16.15'

config domain
        option name 'cam1'
        option ip '192.168.16.15'

config host
        option name 'cam1w'
        option mac 'XX:XX:XX:XX:XX:XX'
        option ip '192.168.16.16'

config domain
        option name 'cam1w'
        option ip '192.168.16.16'

config host
        option name 'nas'
        option mac 'XX:XX:XX:XX:XX:XX'
        option ip '192.168.16.17'

config domain
        option name 'nas'
        option ip '192.168.16.17'

config host
        option mac 'XX:XX:XX:XX:XX:XX'
        option ip '192.168.16.18'
        option name 'black-ipad'

config domain
        option ip '192.168.16.18'
        option name 'black-ipad'

config host
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.19'
        option name 'pink-ipad'

config domain
        option ip '192.168.16.19'
        option name 'pink-ipad'

config host
        option name 'acaciaridgebapt'
        option mac 'XX:XX:XX:XX:XX:XX'
        option ip '192.168.16.21'

config domain
        option name 'acaciaridgebapt'
        option ip '192.168.16.21'

config host
        option name 'phoenix'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.22'

config domain
        option name 'phoenix'
        option ip '192.168.16.22'

config host
        option ip '192.168.16.27'
        option mac 'xx:xx:xx:xx:xx:xx'
        option duid 'xxxxxx'
        option name 'josh-iphone'

config domain
        option name 'joshiphone'
        option ip '192.168.16.27'

config host
        option name 'brother'
        option ip '192.168.16.30'
        option mac 'XX:XX:XX:XX:XX:XX'

config domain
        option name 'brother'
        option ip '192.168.16.30'

config domain
        option ip '192.168.16.34'
        option name 'moto-sharon'

config host
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.34'
        option name 'moto-sharon'
        option dns '1'

config host
        option name 'chromecast-lounge'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.35'
        option duid 'xxxxxx'

config domain
        option ip '192.168.16.35'
        option name 'chromecast-lounge'

config host
        option name 'vensmile'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.36'

config domain
        option name 'vensmile'
        option ip '192.168.16.36'

config host
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.37'
        option duid 'xxxxxx'
        option name 'latitude-sharon'
        option dns '1'

config domain
        option ip '192.168.16.37'
        option name 'latitude-sharon'

config host
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.38'
        option name 'work-iphone-david'
        option dns '1'

config domain
        option ip '192.168.16.38'
        option name 'work-iphone-david'

config host
        option name 'miwifi1'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.39'

config domain
        option name 'miwifi1'
        option ip '192.168.16.39'

config host
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.40'
        option name 'kindle-rosa'
        option dns '1'

config domain
        option ip '192.168.16.40'
        option name 'kindle-rosa'

config host
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.41'
        option name 'kindle-jayden'
        option dns '1'

config domain
        option ip '192.168.16.41'
        option name 'kindle-jayden'

config domain
        option name 'chromecast-bedroom'
        option ip '192.168.16.42'

config host
        option name 'chromecast-bedroom'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.42'
        option duid 'xxxxxx'

config host
        option name 'timsmac'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.43'

config domain
        option name 'timsmac'
        option ip '192.168.16.43'

config host
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.44'
        option name 'josh-pc'
        option duid 'xxxxxx'

config domain
        option ip '192.168.16.44'
        option name 'josh-pc'

config host
        option mac 'XX:XX:XX:XX:XX:XX'
        option ip '192.168.16.200'
        option name 'rumpus-router'

config domain
        option ip '192.168.16.200'
        option name 'rumpus-router'

config host
        option name 'hp7612'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.211'

config domain
        option name 'hp7612'
        option ip '192.168.16.211'

config host
        option name 'fujixeroxp265dw'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.160'

config domain
        option name 'fujixeroxp265dw'
        option ip '192.168.16.160'

config host
        option name 'google-home-mini'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.45'

config domain
        option ip '192.168.16.45'
        option name 'google-home-mini'

config host
        option name 'swann-cam'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.141'

config domain
        option name 'swann-cam'
        option ip '192.168.16.141'

config host
        option name 'lenovo'
        option mac 'XX:XX:XX:XX:XX:XX'
        option ip '192.168.16.6'

config domain
        option name 'lenovo'
        option ip '192.168.16.6'

config domain
        option ip '192.168.16.7'
        option name 'moto-david'

config host
        option mac 'XX:XX:XX:XX:XX:XX'
        option ip '192.168.16.7'
        option name 'moto-david'
        option dns '1'

config host
        option name 'rt31p2-voip'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.137'

config domain
        option name 'rt31p2-voip'
        option ip '192.168.16.137'

config host
        option mac 'XX:XX:XX:XX:XX:XX'
        option ip '192.168.16.31'
        option name 'brother-ink'

config domain
        option ip '192.168.16.31'
        option name 'brother-ink'

config host
        option name 'light-outside-front'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.81'

config host
        option name 'light-patio'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.192'

config domain
        option name 'light-outside-front'
        option ip '192.168.16.81'

config domain
        option name 'light-patio'
        option ip '192.168.16.192'

config host
        option name 'telstra-gateway'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.62'

config domain
        option name 'telstra-gateway'
        option ip '192.168.16.62'

config host
        option name 'owen-alcatel'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.85'
        option duid 'xxxxxx'

config host
        option name 'josh-xbox'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.47'
        option duid 'xxxxxx'

config domain
        option name 'owen-alcatel'
        option ip '192.168.16.85'

config domain
        option name 'josh-xbox'
        option ip '192.168.16.47'

config host
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.165'
        option duid 'xxxxxx'
        option name 'work-dell-david'
        option dns '1'

config domain
        option ip '192.168.16.165'
        option name 'work-dell-david'

config host
        option name 'light-office'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.238'

config host
        option name 'light-rosa'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.239'

config host
        option name 'light-jayden'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.240'

config domain
        option name 'light-office'
        option ip '192.168.16.238'

config domain
        option name 'light-jayden'
        option ip '192.168.16.240'

config domain
        option name 'light-rosa'
        option ip '192.168.16.239'

config host
        option name 'swann-camw'
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip '192.168.16.234'

config domain
        option name 'swann-camw'
        option ip '192.168.16.234'

config host
        option mac 'XX:XX:XX:XX:XX:XX'
        option dns '1'
        option duid 'xxxxxx'
        option ip '192.168.16.212'
        option name 'latitude-david'

config host
        option mac 'XX:XX:XX:XX:XX:XX'
        option dns '1'
        option duid 'xxxxxx'
        option ip '192.168.16.132'
        option name 'latitude-rosa'

config domain
        option ip '192.168.16.132'
        option name 'latitude-rosa'

config host
        option mac 'XX:XX:XX:XX:XX:XX'
        option dns '1'
        option ip '192.168.16.214'
        option name 'lockly-wall-plug-bridge'

config domain
        option name 'lockly-wall-plug-bridge'
        option ip '192.168.16.214'

config host
        option mac 'XX:XX:XX:XX:XX:XX'
        option name 'sungrow-solar-inverter'
        option dns '1'
        option ip '192.168.16.164'

config domain
        option name 'sungrow-solar-inverter'
        option ip '192.168.16.164'

config domain
        option ip '192.168.16.29'
        option name 'alcatel-rosa'

config host
        option mac 'XX:XX:XX:XX:XX:XX'
        option name 'alcatel-rosa'
        option dns '1'
        option ip '192.168.16.29'

config host
        option mac 'XX:XX:XX:XX:XX:XX'
        option dns '1'
        option name 'owen-ipad'
        option duid 'xxxxxx'
        option ip '192.168.16.179'

config domain
        option name 'ipad-owen'
        option ip '192.168.16.179'

config host
        list mac 'xx:xx:xx:xx:xx:xx'
        option name 'brotherlan'
        option ip '192.168.16.152'

config domain
        option name 'brotherlan'
        option ip '192.168.16.152'

config host
        list mac 'XX:XX:XX:XX:XX:XX'
        option duid 'xxxxxx'
        option name 'mercusys-router'
        option ip '192.168.16.222'

config domain
        option name 'mercusys-router'
        option ip '192.168.16.222'

Why do you have port 0? Remove this:

And you can then also remove this:

And remove the duid line from this:

Then restart your main router to make sure that those changes take effect. Once done, try changing the other device to DHCP client as you had done before.

applied the changes, rebooted upstream router, same again

and I know the new router works with the upstream router DHCP because before I turned off NAT, it was getting an IP address from the upstream server

Here below is what I could see while the change was applied [now reversed back], I could not ping the new router's DHCP-allocated IP, but I could ping the upstream router through the new router...

david@latitude-david ~/Downloads/mercusys_router
$ ping 192.168.16.222
PING 192.168.16.222 (192.168.16.222): 56 data bytes
92 bytes from latitude-david.lan (192.168.16.161): Destination Host Unreachable
92 bytes from latitude-david.lan (192.168.16.161): Destination Host Unreachable
--- 192.168.16.222 ping statistics ---
7 packets transmitted, 0 packets received, 100% packet loss

david@latitude-david ~/Downloads/mercusys_router
$ ping 192.168.16.1
PING 192.168.16.1 (192.168.16.1): 56 data bytes
64 bytes from 192.168.16.1: icmp_seq=0 ttl=64 time=0.582 ms
64 bytes from 192.168.16.1: icmp_seq=1 ttl=64 time=0.828 ms
--- 192.168.16.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.582/0.705/0.828/0.123 ms

Why did you revert those changes? Unless those changes broke something, they should have been kept.

I didn't revert the changes you told me to make in the config files on the upstream router.

I let the change from static IP to DHCP client auto-revert because it didn't work, and it could leave me in the position where I can't administratively access the router because it has no working IP.