When I run a packet capture on a host machine connected to the LAN port lan1, I can see all traffic from another host machine connected to LAN port lan2, which is destined for outbound internet (egressing out the WAN port lan0). Both hosts are on the same subnet, but it’s as if though the router lan ports are behaving like hub ports instead of switch ports, and are broadcasting their traffic on all ports.
My question is - Is this normal? Or are the BPI-R4 indeed switching ports and I instead need to investigate some Openwrt misconfiguration?
I know this isn’t a OpenWrt support forum but I will mention it in case someone here might have an answer - the lan ports (lan1, lan2 and lan3) are members of a “bridge interface” called br-lan in a default Openwrt configuration, but I’m not sure that implies they should be broadcasting to on all ports.
This appears to be somewhat relevant documentation on the Openwrt website, but I don’t think it answers my question: DSA Mini-Tutorial
The hardware may indeed isolate the ports from each other. However, OpenWrt creates a Linux software bridge ‘br-lan’ and binds the ports that constitute the “LAN” segment.
Try the following to see if you can isolate each ports on the LAN bridge (caveat I have not tried it). OpenWrt forums may get you more definitive answers.
Thanks for the reply. I was able to find the configuration knob for port isolation in LuCI web UI under:
Network | Interfaces | Devices | lan1 | Bridge port specific options | Port isolation
Checking that box did indeed end up isolating that port from the other hosts, but then the hosts on lan1 and lan2 were no longer able to communicate with each other.
I would like for the hosts/ports to have connectivity between each other, but not broadcast all their unicast IP traffic to each other. I may have to ask on the OpenWrt forums, but first wanted to ask here and confirm the BPI-R4 has switching ports.