2 WAN on a single port

Hi, I have the following:

  • Xiaomi 4A Gigabit, it has two LAN ports and one WAN port.
  • BPI R3 Mini, it has one LAN port and one WAN port.

I want to use the Xiaomi router as a managed switch. Specifically, I'll connect ISP1 to LAN port 1, ISP2 to LAN port 2, and then connect the Xiaomi router's WAN port to the WAN port of my primary router (BPI R3 Mini) via trunk.

I plan to set up mwan3 on my primary router. While it would be easier to just use the Xiaomi router for mwan3, I've found it to be slower than the BPI R3 Mini. Additionally, I need to run SQM, an adblocker, a server, and other services.

Not sure if this would help but here's the xiaomi network config:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdd2:db7a:ba06::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

I would greatly appreciate any help to point me to the right direction. Thank you so much.

There will be some stuff to do with the lan network -- you need to set the IP address correctly for your main lan subnet to be able to manage this device.

But let's get your VLANs working:

Delete the wan interface (also wan6 if it is present):

Add the wan port to br-lan:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'wan'

Create bridge-VLANs:

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'wan:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '2'
        list ports 'lan1:u*'
        list ports 'wan:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '3'
        list ports 'lan2:u*'
        list ports 'wan:t'

[EDIT: ports lan1 and lan2 should be omitted from VLAN 1 above; this was a typo on my part, but leaving it in place because I called it out below]

Now edit the lan interface to use br-lan.1:

config interface 'lan'
        option device 'br-lan.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

And create 2 unmanaged interfaces for the wans:

config interface 'wan1'
        option device 'br-lan.2'
        option proto 'none'

config interface 'wan2'
        option device 'br-lan.3'
        option proto 'none'

That should set this up as you desire (with the exception of the lan IP)... now we need to look at your main router.

2 Likes

Hi @psherman, will try this.

Btw, here's the network config of my primary router:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd2f:9659:25b::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '10.10.10.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        list dns '10.10.10.1'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'

config device
        option name 'eth0'

Thank you so much for the help :bowing_man:

Edit wan to use eth1.2

config interface 'wan'
        option device 'eth1.2'
        option proto 'dhcp'

And add wan2 (don't forget to add wan2 to your wan firewall zone, too):

config interface 'wan2'
        option device 'eth1.3'
        option proto 'dhcp'

Next, add eth1.1 to br-lan:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'eth1.1'

Back on your first unit (the one that is serving as a switch), change the IP address of that device's lan:

config interface 'lan'
        option device 'br-lan.1'
        option proto 'static'
        option ipaddr '10.10.10.2'
        option netmask '255.255.255.0'

(obviously make sure this is outside the DHCP range of your main lan; adapt if necessary).

Then you can install mwan3 on the main router and set it up as desired.

1 Like

Hi @psherman, It worked great!
Thank you for very detailed steps and explanation. :bowing_man:

I just noticed a minor error...

Remove ports lan1 and lan2 from VLAN 1. It should only be tagged on wan like this:

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'wan:t'

Got it, i've updated my network config.

Btw, Is there any way I can directly connect my ISP to the WAN port of my primary router (just like how it behave on default)? Aside from being my primary router, it’s also my go-to router that I sometimes bring to other places.

It would be great if there’s also a configuration for this scenario. If not, I guess I’ll have to rely on a simple script to change and restart the network configuration.

Thank you! :bowing_man:

Yes, if you make one of the wan connections untagged.

So on your upstream (switch) device, you'd change this:

So that it looks like this instead:

config bridge-vlan
        option device 'br-lan'
        option vlan '2'
        list ports 'lan1:u*'
        list ports 'wan:u*'

Then, you make a corresponding change on the main router:

becomes...

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'

If you can, I'd recommend buying a travel router for the latter situation. That's what I do and it works really well. Not only that, with a sepearate device to use as your travel router, you have the opportunity to set it up for the unique scenarios that travel brings with it and not cause conflicts when you're using it as your main home router which will have different needs. For example, wifi uplink using TravelMate to help manage that gracefully, a road warrior VPN to connect back home when you're abroad, etc.

Some things are easily accounted for such as the untagged wan, some things can be easily scripted, but other things may be more variable in practice than it's worth as a function of trying to script or pre-configure. That's another reason a fit-for-purpose travel router makes a lot of sense. But that's just an opinion and may or may not be an option for you.

1 Like

Yes, if you make one of the wan connections untagged.

Woah nice!. New learnings :hand_with_index_finger_and_thumb_crossed:

I actually bought this mini router to act as my travel router (Storage for photos, file sharing, downscaling of images, server and etc). It is very handy because it has NVME, 5g Module and small enough to fit in my bag.

I have other routers as well but they just can't simply go more than 500mbps+ when SQM is enabled. I guest it is time to upgrade them :sweat_smile: :money_with_wings:

Thank you so much. I trully appreciate your help. I've learned a lot.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.