Client mode bridge to br-lan not connecting because of technical limits, which?

According to when using OpenWRT as client, there must be two different subnets.
When using original TP-Link Firmware, for example with CPE210, there is Client mode. In client mode device connects to Wifi and devices attached to the LAN-Port are now connected via TP-Link and Wifi. So there is a bridge between Wifi and LAN.
When you create a normal station Wifi there is also a bridge between LAN and Wifi.

So why is there no bridge possible between Client-Wifi and LAN? If you try OpenWRT just doesn't connect to Wifi. As soon as you set interface from br-lan to wwan0 it connects. So what is the technical reason for this? The WifiChipset must be capable of handling, because with original firmware this works as well.

The original firmware is probably doing something akin to (if not exactly) relayd.


An AP-STA link assumes that the STA's radio MAC address is the same as the MAC of the device that ultimately receives the data packet. This is true for the original usage of connecting end users like laptops or smartphones since it is the same device.

A true layer 2 bridge though has multiple endpoint MACs behind one radio. This requires software tricks to make it work within the limits of only one MAC going over the radio. Relayd works by intercepting ARP traffic to tell the AP that the IPs of all the "extended" users have the same MAC, that of the router. The packets received by the radio are then examined for IP address and relayed to the proper machine. This only works for IPv4.


As mk24 laid out, the restriction stems from the IEEE 802.11 standard - which only accounts for transporting 3 MAC addresses per frame, while you'd need 4 for your usage scenario. There is no standards compliant way around that, either ugly hacks (relayd and similar ARP proxies) or proprietary (non interoperable) protocols on top of IEEE 802.11 (e.g. 4addr for mac80211 based drivers).

1 Like

Thanks for the explanation. That makes sense. I guess as wireless Repeater it is the same, because all clients connected to the repeater have the MAC address of the repeater. Is this assumption correct?

Regarding 3 MAC addresses per frame, what three MAC-Adresses are in a normal frame? I thought two:

  • BSSID MAC, so source
  • Client MAC, so destination

What is the third MAC-Adress?

BSSID MAC is not always the source, e.g., the AP and the gateway don't have to be the same device.