I installed OpenWRT on a NanoPi with 1 onboard eth0 interface (192.168.1.1), and a eth1 interface over a USB to LAN adapter (192.168.1.2).
I wanted to bridge both interfaces and still be able to access LEDE. So I think a management VLAN will be needed.
I connected the NanoPi directly to my laptop, I than created a new interface, eth0.2, gave it the IP address 192.168.100.1, and added it to the LAN firewall rule.
I than set the IP address of my laptop LAN interface to 192.168.100.1, but I have no access to NanoPi.
The eth0.2 interface implies that you are using dot1q vlans, so if you have not configured your laptop accordingly you won't be able to communicate.
Basically you don't need any management vlan. Just assign an IP/mask (optionally gw,NS) on the bridge interface and use that one for management.
When you use a kernel bridge such as br-lan, it is a layer 2 bridge. The ports can't have their own IP addresses. They all operate with the IP from br-lan. It works like an unmanaged switch.
Putting the device on the WAN side of your main router it has to have a WAN like address for you to reach it. That is an address that is outside of the LAN range, so the router knows to route it out to the WAN port as the default route (for all IPs that are outside the router's known networks).
Oh, I'm just trying out how to bridge 2 interfaces. The goal is to use the NanoPi Neo with an USB LTE modem connected to it, as a regular modem with LAN interface. The would let all the routing/VPN stuff the the already configured Ubiquiti router.
By the way, do you think a NanoPi Neo2 with 4x A53 cores are powerful enough for that task (I expect an LTE connection around 200Mbit/s max)?
mmh, shouldn't the WAN port of the router be configured as DHCP in order to get an (public) IP address from the ISP???
Yes, if I give my WAN port an address in the same range as the OpenWRT, it works, but I loos access to the internet.
What you're doing now then is really making it more complicated and not in the direction of that goal. After you set up what you need to set up, you should have a 4G to Ethernet converter that provides a WAN gateway address via DHCP, just like a cable or DSL modem does.
Just like is possible with a cable modem, administration of that device over the WAN cable is done one of two ways.
If the modem is also routing, the WAN gateway IP is also the IP used to log into the modem. It is important that this network be outside the LAN range of the main router. This way when a machine on the main router's LAN goes to the modem IP, the main router considers it an unknown network and by default forwards it out the WAN port.
If the modem is not routing, the main router obtains a public IP from the modem. There is also a separate interface on the modem for administration. On cable modems, this address is usually 192.168.100.1. Again this address is outside the main router's LAN, so it can be accessed by being routed to the WAN port.
If you have configured the bridge to belong in the LAN firewall zone, then all traffic is accepted.
Otherwise you need to verify that firewall is not blocking it.
However you could test more easily by moving the NanoPi inside the LAN.