VLAN leak with bridge VLAN filtering on MOX running TOS 6.0.4
Possibly related to #355.
In my setup, Turris Mox have all interfaces in a bridge and VLAN filtering is used to setup different roles for different ports. In this output of
bridge vlan command, port
lan1 has only one allowed VLAN number 60 that is also PVID. This port is used as an access port for computers.
# bridge vlan port vlan-id eth0 20 PVID Egress Untagged 21 60 lan1 60 PVID Egress Untagged lan2 62 PVID Egress Untagged lan3 20 PVID Egress Untagged 21 60 lan4 22 PVID Egress Untagged br-guest_turris 1 PVID Egress Untagged br-lan 20 21 22 60 62 wlan1 22 PVID Egress Untagged wlan0 22 PVID Egress Untagged wlan0-1 62 PVID Egress Untagged
Despite this setup, I can see some tagged frames with VLAN tag 20 or 22 leaking into the lan1 port. Only multicast traffic leaks like this. This is especially harmful for Windows, since that OS mostly ignores 802.1q header and receive data from all VLANs, breaking IPv6 configuration every time a RA is sent into some of the other VLANs.