Hi, today I found a major bug with the switch chip. (I’m on a hAP AC). I have ether2-5 configured as a switch group, with various VLANs (including 0/unmanaged). ether1 (WAN) is not switched; but I have configured it to only accept untagged traffic (VLAN 0) with vlan-mode=secure.
Unfortunately this results in ether1 being switched with all the others! I can arping it from hosts on ether2-5, and I see ARPs from the WAN on my LAN.
If I set vlan-mode=disabled on ether1, this behavior stops and everything works as expected (traffic routed, not switched, between ether1 and ether2-5).
I understand if VLAN security can’t be used with non-switched ports, but if this is so, please DISABLE the vlan-mode option on those ports, so we do not accidentally bridge our WAN and LAN!