Failover over Wlan with routing in other subnet

Hello all,

I have a somewhat unusual network setup which is currently only partially working and I hope you can help me.
My current setup:

  • There are 2 OpenWrt routers with different subnets, Router A and Router B.
  • Router A is connected to the internet (Router B is not).
  • Router A and Router B are connected via Lan cable, as well as Wifi-Bridge
  • Devices from subnet of router A should be able to access clients from subnet of router B
  • Router B gets its Internet via Router A

And this is the goal:

  • By default, the traffic should go over the Lan cable, as soon as the Lan cable is unplugged, the traffic should go over the Wifi bridge. As soon as the Lan cable is plugged in again, everything goes over the Lan cable again.

I have installed "mwan3" on Router B for failover and added Wan and Wifi Bridge - in the direction from Router B to A works fine.
On Router A I have set Static Routes as follows:


10.0.0.10 Lan Connection
10.0.0.11 Wifi

Now my problem: By default the ping from subnet A goes over the Lan connection (10.0.0.10), when I disconnect the Lan cable it also switches to Wifi without interruption.
But when I plug the lan cable back in, mwan3 automatically routes the outgoing traffic from router B over the lan cable again, but the outgoing traffic from router A still goes over the wifi connection (10.0.0.11).

How can I make Router A automatically set the route back to gateway 10.0.0.10 as soon as the lan cable is plugged in again?
Here I would need condition based routing or prioritization. But if I give the static routes different metrics, it still doesn't jump back automatically after the lan cable is plugged in.

Thanks for your help.

You should be looking at STP and not mwan3.

But does STP also work since router B acts as a full router including nat and different subnet?

I have now uninstalled mwan3 and enabled STP on both routers for the "br-lan". I left the priority on both routers at default 32767.
For this I have assigned different gateway metrics to the interfaces (wifi and lan) on router B.

But now I have the problem, if I have both Static Routes from the screenshot above active, Lan as well as Wifi are used for something. If I disable wifi (with active lan connection) the connection to router B breaks.
As soon as I disable the static route from wifi (10.0.0.11), the connection to router B works again.

Is there somewhere a manual for STP on OpenWrt? I must have forgotten a setting.

I read something about OSPF, isn't that a better option than STP?

Maybe I misunderstood something in the first post. Could you make a drawing of the network with the links and specify which part is layer 2 and which part is layer 3?

Here is a simple network drawing.
I marked the subnets and added a priority to the Wifi and Lan connections.
What is layer 2 and what is layer 3, I don't know exactly.

The goal is that "Device 1" can access "Device 2".
The Wifi connection should be used as failover as soon as the Lan connection is disconnected.

Alright I understood it properly. Since both lan and wifi are in the same broadcast domain you need to run STP to block one of the links. Router A needs to have lower bridge priority. Lan connection also needs to have lower cost to be preferred.

Thanks for the explanation.

How can I set the cost of the lan connection? I thought under Interfaces the Gateway Metric would be that, but apparently that is not correct.
I can't find anything else in the LuCI.

But via SSH I found this:
Router A:

root@routerA:~# brctl showstp br-lan
br-lan
 bridge id		5000.c03f0e7aaf2b
 designated root	5000.c03f0e7aaf2b
 root port		   0			path cost		   0
 max age		  10.00			bridge max age		  10.00
 hello time		   1.00			bridge hello time	   1.00
 forward delay		   2.00			bridge forward delay	   2.00
 ageing time		 300.00
 hello timer		   0.94			tcn timer		   0.00
 topology change timer	   0.00			gc timer		 123.55
 flags


wlan0 (2)
 port id		8002			state		     forwarding
 designated root	5000.c03f0e7aaf2b	path cost		 100
 designated bridge	5000.c03f0e7aaf2b	message age timer	   0.00
 designated port	8002			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.93
 flags
 hairpin mode		   1

wlan1 (3)
 port id		8003			state		     forwarding
 designated root	5000.c03f0e7aaf2b	path cost		 100
 designated bridge	5000.c03f0e7aaf2b	message age timer	   0.00
 designated port	8003			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.93
 flags
 hairpin mode		   1

eth0.1 (1)
 port id		8001			state		     forwarding
 designated root	5000.c03f0e7aaf2b	path cost		   4
 designated bridge	5000.c03f0e7aaf2b	message age timer	   0.00
 designated port	8001			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.92
 flags

Router B:

root@routerB:~# brctl showstp br-lan
br-lan
 bridge id		7000.c23f0e7aaefb
 designated root	7000.c23f0e7aaefb
 root port		   0			path cost		   0
 max age		  10.00			bridge max age		  10.00
 hello time		   1.00			bridge hello time	   1.00
 forward delay		   2.00			bridge forward delay	   2.00
 ageing time		 300.00
 hello timer		   0.23			tcn timer		   0.00
 topology change timer	   0.00			gc timer		  65.06
 flags


eth0 (1)
 port id		8001			state		     forwarding
 designated root	7000.c23f0e7aaefb	path cost		   4
 designated bridge	7000.c23f0e7aaefb	message age timer	   0.00
 designated port	8001			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.22
 flags

Is this the right one?
What surprises me is that on router B the wifi connections are not displayed. Do I need to set the priority only on one side?

Right.

That's right. Maybe in your simple case it won't be necessary to set it on both sides of the link, since Router A will be the root bridge and will always have both links active.

I have set the costs via SSH as follows. But after a restart all costs were set back to 100.

Before the restart, the network behaved as before, that as soon as I disabled Wifi, the connection dropped, despite active Lan connection.
Then I had to disable the route for Wifi again and could access Router B again.

root@armar3-router:~# brctl setpathcost br-lan wlan0 15
root@armar3-router:~# brctl setpathcost br-lan wlan1 10
root@armar3-router:~# brctl showstp br-lan
br-lan
 bridge id		5000.c03f0e7aaf2b
 designated root	5000.c03f0e7aaf2b
 root port		   0			path cost		   0
 max age		  10.00			bridge max age		  10.00
 hello time		   1.00			bridge hello time	   1.00
 forward delay		   2.00			bridge forward delay	   2.00
 ageing time		 300.00
 hello timer		   0.89			tcn timer		   0.00
 topology change timer	   0.00			gc timer		 116.85
 flags


wlan0 (2)
 port id		8002			state		     forwarding
 designated root	5000.c03f0e7aaf2b	path cost		  15
 designated bridge	5000.c03f0e7aaf2b	message age timer	   0.00
 designated port	8002			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.88
 flags
 hairpin mode		   1

wlan1 (3)
 port id		8003			state		     forwarding
 designated root	5000.c03f0e7aaf2b	path cost		  10
 designated bridge	5000.c03f0e7aaf2b	message age timer	   0.00
 designated port	8003			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.87
 flags
 hairpin mode		   1

eth0.1 (1)
 port id		8001			state		     forwarding
 designated root	5000.c03f0e7aaf2b	path cost		   4
 designated bridge	5000.c03f0e7aaf2b	message age timer	   0.00
 designated port	8001			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.87
 flags

Edit: Regarding the restart, I have now simply written the commands in the rc.local. This is acceptable. But the original problem when I disable the wifi remains.

This is expected, you'd need to configure them on boot in /etc/rc.local
Let's have a look at the following for both routers:

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; \
uci export dhcp; uci export firewall; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru

Here the Outputs:

Router A
root@routerA:~# ubus call system board; \
> uci export network; \
> uci export dhcp; uci export firewall; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
{
	"kernel": "5.10.146",
	"hostname": "routerA",
	"system": "Atheros AR7161 rev 2",
	"model": "Netgear WNDR3700",
	"board_name": "netgear,wndr3700",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "22.03.2",
		"revision": "r19803-9a599fee93",
		"target": "ath79/generic",
		"description": "OpenWrt 22.03.2 r19803-9a599fee93"
	}
}
package network

config interface 'loopback'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'
	option device 'lo'

config globals 'globals'
	option ula_prefix 'fd72:7341:3c62::/48'

config interface 'lan'
	option force_link '1'
	option proto 'static'
	option ip6assign '60'
	option ipaddr '10.0.0.1'
	option netmask '255.0.0.0'
	option delegate '0'
	option stp '1'
	option device 'br-lan'

config interface 'wan'
	option _orig_ifname 'eth1'
	option _orig_bridge 'false'
	option proto 'static'
	option ipaddr '141.xx'
	option netmask '255.255.254.0'
	option gateway '141.xx'
	option dns '141.xx'
	option device 'eth1'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'
	option blinkrate '2'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5t'

config switch_port
	option device 'switch0'
	option port '1'
	option led '6'

config switch_port
	option device 'switch0'
	option port '2'
	option led '9'

config switch_port
	option device 'switch0'
	option port '5'
	option led '2'

config route
	option interface 'lan'
	option target '192.168.1.0'
	option netmask '255.255.255.0'
	option gateway '10.0.0.10'
	option metric '0'

config device
	option name 'br-lan'
	option type 'bridge'
	option stp '1'
	option hello_time '1'
	option forward_delay '2'
	option max_age '10'
	list ports 'eth0.1'
	option priority '20480'

config route
	option interface 'lan'
	option target '192.168.1.0/24'
	option gateway '10.0.0.12'
	option metric '0'

package dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '200'
	option leasetime '24h'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'

config host
	option name 'a-ap'
	option ip '10.0.0.10'
	option mac 'C0:3Fxxxx'

config host
	option name 'a-ap'
	option mac 'C0:3F:xxxx'
	option ip '10.0.0.11'

config host
	option name 'a-ap'
	option mac 'C0:3F:xxx'
	option ip '10.0.0.12'

config host
	option name 'pc1'
	option mac '28:ee:xxxx'
	option ip '10.0.1.3'

config host
	option name 'pc2'
	option mac '00:1b:xxx'
	option ip '10.0.1.2'

config host
	option name 'pc3'
	option mac 'e0:cb:xxx'
	option ip '10.0.1.4'

package firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fe80::/10'
	option src_port '547'
	option dest_ip 'fe80::/10'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config rule
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    inet 141.xxx/23 brd 141.xxx scope global eth1
       valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 10.0.0.1/8 brd 10.255.255.255 scope global br-lan
       valid_lft forever preferred_lft forever
default via 141.xxx dev eth1
10.0.0.0/8 dev br-lan scope link  src 10.0.0.1
141.xx/23 dev eth1 scope link  src 141.xx
192.168.1.0/24 via 10.0.0.12 dev br-lan
broadcast 10.0.0.0 dev br-lan table local scope link  src 10.0.0.1
local 10.0.0.1 dev br-lan table local scope host  src 10.0.0.1
broadcast 10.255.255.255 dev br-lan table local scope link  src 10.0.0.1
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1
broadcast 141.xx dev eth1 table local scope link  src 141.xxx
local 141.xxx dev eth1 table local scope host  src 141.xxx
broadcast 141.xxx dev eth1 table local scope link  src 141.xxx
0:	from all lookup local
32766:	from all lookup main
32767:	from all lookup default
Router B
root@routerB:~# ubus call system board; \
> uci export network; \
> uci export dhcp; uci export firewall; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
{
	"kernel": "5.10.146",
	"hostname": "routerB",
	"system": "Atheros AR7161 rev 2",
	"model": "Netgear WNDR3700",
	"board_name": "netgear,wndr3700",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "22.03.2",
		"revision": "r19803-9a599fee93",
		"target": "ath79/generic",
		"description": "OpenWrt 22.03.2 r19803-9a599fee93"
	}
}
package network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd68:882c:819e::/48'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'
	option metric '10'

config device
	option name 'br-lan'
	option type 'bridge'
	option ipv6 '0'
	option stp '1'
	option hello_time '1'
	option forward_delay '2'
	option max_age '10'
	list ports 'eth0'
	option priority '28672'

config device
	option name 'eth0'
	option macaddr 'c2:3f:0e:7a:ae:fb'
	option ipv6 '0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.254'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'
	option blinkrate '2'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5'

config switch_port
	option device 'switch0'
	option port '1'
	option led '6'

config switch_port
	option device 'switch0'
	option port '2'
	option led '9'

config switch_port
	option device 'switch0'
	option port '5'
	option led '2'

config interface 'wwan'
	option proto 'dhcp'
	option metric '25'

config device
	option name 'eth1'

config interface 'wwan_5g'
	option proto 'dhcp'
	option metric '20'

package dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option name 'a-vis'
	option dns '1'
	option mac 'e0:cb:xxx'
	option ip '192.168.1.133'

config host
	option name 'a-2'
	option dns '1'
	option mac '00:01:0xxx'
	option ip '192.168.1.2'

config host
	option name 'a-3'
	option dns '1'
	option mac '00:01:xxx'
	option ip '192.168.1.3'

config host
	option name 'a-4'
	option dns '1'
	option mac 'E0:CB:xx'
	option ip '192.168.1.4'

config host
	option name 'a-master'
	option dns '1'
	option mac 'E0:CB:xx'
	option ip '192.168.1.1'

config host
	option name 'pc1'
	option dns '1'
	option mac '28:ee:xx'
	option ip '192.168.1.131'

config boot
	option filename 'pxelinux.0'
	option servername 'a-master'
	option serveraddress '192.168.1.1'

package firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wwan'
	list network 'wwan_5g'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow all from Robot Network'
	list proto 'all'
	option src 'wan'
	option dest 'lan'
	option target 'ACCEPT'

config rule
	option name 'Allow Webinterface'
	option src 'wan'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    inet 10.0.0.10/8 brd 10.255.255.255 scope global eth1
       valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.254/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
7: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 10.0.0.12/8 brd 10.255.255.255 scope global wlan1
       valid_lft forever preferred_lft forever
default via 10.0.0.1 dev eth1  src 10.0.0.10  metric 10
default via 10.0.0.1 dev wlan1  src 10.0.0.12  metric 20
10.0.0.0/8 dev eth1 scope link  metric 10
10.0.0.0/8 dev wlan1 scope link  metric 20
192.168.1.0/24 dev br-lan scope link  src 192.168.1.254
broadcast 10.0.0.0 dev eth1 table local scope link  src 10.0.0.10
broadcast 10.0.0.0 dev wlan1 table local scope link  src 10.0.0.12
local 10.0.0.10 dev eth1 table local scope host  src 10.0.0.10
local 10.0.0.12 dev wlan1 table local scope host  src 10.0.0.12
broadcast 10.255.255.255 dev eth1 table local scope link  src 10.0.0.10
broadcast 10.255.255.255 dev wlan1 table local scope link  src 10.0.0.12
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1
broadcast 192.168.1.0 dev br-lan table local scope link  src 192.168.1.254
local 192.168.1.254 dev br-lan table local scope host  src 192.168.1.254
broadcast 192.168.1.255 dev br-lan table local scope link  src 192.168.1.254
0:	from all lookup local
32766:	from all lookup main
32767:	from all lookup default

It's more clear now. Some remarks:

  1. There is no need to use /8 mask for the 10.0.0.0 network.
  2. All these interfaces are not in the same broadcast domain, they are not bridged, so STP cannot do anything.
  3. You cannot use the same network in two interfaces if they are not bridged. That means in Router B eth1 and wlan1 must be in different networks.

Once you set up distinctive networks for the lan and wlan, your problem is easily solved with two static routes and proper metrics for each route to prefer the lan and failover to wlan.

But if I have eth1 and wlan1 on different networks at router B, do the end devices get two IP addresses from both networks?

Since I access the end devices of router B from the end devices in the network of router A via direct IP, it is important here that an IP address always works.

The best practice here is to create separate networks for the interconnection of the routers.
That means on Router A lan is 10.0.0.1/24 , wired interface to Router B is 10.0.1.1/24 and wifi interface to B is 10.0.2.1/24. On Router B lan is 192.168.1.254/24, wired interface to Router A is 10.0.1.2/24 and wifi interface to A is 10.0.2.2/24.
Then on Router A you set two static routes to 192.168.1.0/24 via 10.0.1.2 metric 10 and via 10.0.2.2 metric 20.

Thanks for the explanation.
I have now tried to configure this. But I don't really understand how to do that.
I have created the interfaces on both routers accordingly, configured with Static IP and added to firewall zone "lan"" I have created a separate network for 2,4g and 5g each.
Where I'm not quite sure how to create the interface for the wired connection, I don't have all the ports listed under devices. Does this need to be assigned to an exact port or is it eth0 or eth0.1?
And do I still need to add those to br-lan?
At least the route is not working currently.

Here are the outputs again.
Don't stone me if this is fundamentally wrong. These are my first steps with routing at this scale.

Router A
root@RouterA:~# ubus call system board; \
> uci export network; \
> uci export dhcp; uci export firewall; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
{
	"kernel": "5.10.146",
	"hostname": "RouterA",
	"system": "Atheros AR7161 rev 2",
	"model": "Netgear WNDR3700",
	"board_name": "netgear,wndr3700",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "22.03.2",
		"revision": "r19803-9a599fee93",
		"target": "ath79/generic",
		"description": "OpenWrt 22.03.2 r19803-9a599fee93"
	}
}
package network

config interface 'loopback'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'
	option device 'lo'

config globals 'globals'
	option ula_prefix 'fd72:7341:3c62::/48'

config interface 'lan'
	option proto 'static'
	option ip6assign '60'
	option ipaddr '10.0.0.1'
	option delegate '0'
	option stp '1'
	option device 'br-lan'
	option netmask '255.255.255.0'

config interface 'wan'
	option _orig_ifname 'eth1'
	option _orig_bridge 'false'
	option proto 'static'
	option ipaddr '141.3.xxx'
	option netmask '255.255.254.0'
	option gateway '141.3.xxx'
	option dns '141.3.xxx'
	option device 'eth1'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'
	option blinkrate '2'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5t'

config switch_port
	option device 'switch0'
	option port '1'
	option led '6'

config switch_port
	option device 'switch0'
	option port '2'
	option led '9'

config switch_port
	option device 'switch0'
	option port '5'
	option led '2'

config route
	option interface 'lan'
	option target '192.168.1.0'
	option netmask '255.255.255.0'
	option gateway '10.0.1.2'
	option metric '10'

config device
	option name 'br-lan'
	option type 'bridge'
	option stp '1'
	option hello_time '1'
	option forward_delay '2'
	option max_age '10'
	list ports 'eth0.1'
	option priority '20480'

config route
	option interface 'lan'
	option target '192.168.1.0/24'
	option gateway '10.0.2.2'
	option metric '25'

config route
	option interface 'lan'
	option target '192.168.1.0/24'
	option gateway '10.0.3.2'
	option metric '20'
	option disabled '1'

config interface 'wifi_conn'
	option proto 'static'
	option ipaddr '10.0.2.1'
	option netmask '255.255.255.0'

config interface 'wifi_5g_conn'
	option proto 'static'
	option ipaddr '10.0.3.1'
	option netmask '255.255.255.0'

config interface 'wired_conn'
	option proto 'static'
	option ipaddr '10.0.1.1'
	option netmask '255.255.255.0'
	option device 'eth0'

package dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '200'
	option leasetime '24h'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'

config host
	option name 'pc1'
	option mac '28:ee:xx'
	option ip '10.0.1.3'

config host
	option name 'pc2'
	option mac '00:1b:xx'
	option ip '10.0.1.2'

config host
	option name 'a3-vis'
	option mac 'e0:cb:xx'
	option ip '10.0.1.4'

package firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'wifi_5g_conn'
	list network 'wifi_conn'
	list network 'wired_conn'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fe80::/10'
	option src_port '547'
	option dest_ip 'fe80::/10'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config rule
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    inet 10.0.1.1/24 brd 10.0.1.255 scope global eth0
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    inet 141.3.xxx/23 brd 141.3.xxx scope global eth1
       valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 10.0.0.1/24 brd 10.0.0.255 scope global br-lan
       valid_lft forever preferred_lft forever
8: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    inet 10.0.2.1/24 brd 10.0.2.255 scope global wlan0
       valid_lft forever preferred_lft forever
9: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    inet 10.0.3.1/24 brd 10.0.3.255 scope global wlan1
       valid_lft forever preferred_lft forever
default via 141.3.xxx dev eth1
10.0.0.0/24 dev br-lan scope link  src 10.0.0.1
10.0.1.0/24 dev eth0 scope link  src 10.0.1.1
10.0.2.0/24 dev wlan0 scope link  src 10.0.2.1
10.0.3.0/24 dev wlan1 scope link  src 10.0.3.1
141.3.xxx/23 dev eth1 scope link  src 141.3.xxx
broadcast 10.0.0.0 dev br-lan table local scope link  src 10.0.0.1
local 10.0.0.1 dev br-lan table local scope host  src 10.0.0.1
broadcast 10.0.0.255 dev br-lan table local scope link  src 10.0.0.1
broadcast 10.0.1.0 dev eth0 table local scope link  src 10.0.1.1
local 10.0.1.1 dev eth0 table local scope host  src 10.0.1.1
broadcast 10.0.1.255 dev eth0 table local scope link  src 10.0.1.1
broadcast 10.0.2.0 dev wlan0 table local scope link  src 10.0.2.1
local 10.0.2.1 dev wlan0 table local scope host  src 10.0.2.1
broadcast 10.0.2.255 dev wlan0 table local scope link  src 10.0.2.1
broadcast 10.0.3.0 dev wlan1 table local scope link  src 10.0.3.1
local 10.0.3.1 dev wlan1 table local scope host  src 10.0.3.1
broadcast 10.0.3.255 dev wlan1 table local scope link  src 10.0.3.1
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1
broadcast 141.3.xxx dev eth1 table local scope link  src 141.3.xxx
local 141.3.xxx dev eth1 table local scope host  src 141.3.xxx
broadcast 141.3.xxx dev eth1 table local scope link  src 141.3.89.35
0:	from all lookup local
32766:	from all lookup main
32767:	from all lookup default
Router B
root@RouterB:~# ubus call system board; \
> uci export network; \
> uci export dhcp; uci export firewall; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
{
	"kernel": "5.10.146",
	"hostname": "RouterB",
	"system": "Atheros AR7161 rev 2",
	"model": "Netgear WNDR3700",
	"board_name": "netgear,wndr3700",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "22.03.2",
		"revision": "r19803-9a599fee93",
		"target": "ath79/generic",
		"description": "OpenWrt 22.03.2 r19803-9a599fee93"
	}
}
package network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd68:882c:819e::/48'

config interface 'wan'
	option device 'eth1'
	option proto 'static'
	option ipaddr '10.0.1.2'
	option netmask '255.255.255.0'

config device
	option name 'br-lan'
	option type 'bridge'
	option ipv6 '0'
	option stp '1'
	option hello_time '1'
	option forward_delay '2'
	option max_age '10'
	list ports 'eth0'
	option priority '28672'

config device
	option name 'eth0'
	option macaddr 'c2:3f:0e:7a:ae:fb'
	option ipv6 '0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.254'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'
	option blinkrate '2'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5'

config switch_port
	option device 'switch0'
	option port '1'
	option led '6'

config switch_port
	option device 'switch0'
	option port '2'
	option led '9'

config switch_port
	option device 'switch0'
	option port '5'
	option led '2'

config interface 'wwan'
	option proto 'static'
	option ipaddr '10.0.2.2'
	option netmask '255.255.255.0'

config device
	option name 'eth1'

config interface 'wwan_5g'
	option proto 'static'
	option ipaddr '10.0.3.2'
	option netmask '255.255.255.0'

package dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	option start '100'
	option limit '150'
	option leasetime '12h'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option name 'a3-vis'
	option dns '1'
	option mac 'e0:cb:xxx'
	option ip '192.168.1.133'

config host
	option name 'a3a-2'
	option dns '1'
	option mac '00:01:xxx'
	option ip '192.168.1.2'

config host
	option name 'a3a-3'
	option dns '1'
	option mac '00:01:xxx'
	option ip '192.168.1.3'

config host
	option name 'a3a-4'
	option dns '1'
	option mac 'E0:CB:xxx'
	option ip '192.168.1.4'

config host
	option name 'a3a-master'
	option dns '1'
	option mac 'E0:CB:xxx'
	option ip '192.168.1.1'

config host
	option name 'pc1'
	option dns '1'
	option mac '28:ee:xxx'
	option ip '192.168.1.131'

config boot
	option filename 'pxelinux.0'
	option servername 'a3a-master'
	option serveraddress '192.168.1.1'

package firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'wwan'
	list network 'wwan_5g'
	list network 'wan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow all from Robot Network'
	list proto 'all'
	option src 'wan'
	option dest 'lan'
	option target 'ACCEPT'

config rule
	option name 'Allow Webinterface'
	option src 'wan'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    inet 10.0.1.2/24 brd 10.0.1.255 scope global eth1
       valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.254/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
7: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 10.0.3.2/24 brd 10.0.3.255 scope global wlan1
       valid_lft forever preferred_lft forever
10.0.1.0/24 dev eth1 scope link  src 10.0.1.2
10.0.3.0/24 dev wlan1 scope link  src 10.0.3.2
192.168.1.0/24 dev br-lan scope link  src 192.168.1.254
broadcast 10.0.1.0 dev eth1 table local scope link  src 10.0.1.2
local 10.0.1.2 dev eth1 table local scope host  src 10.0.1.2
broadcast 10.0.1.255 dev eth1 table local scope link  src 10.0.1.2
broadcast 10.0.3.0 dev wlan1 table local scope link  src 10.0.3.2
local 10.0.3.2 dev wlan1 table local scope host  src 10.0.3.2
broadcast 10.0.3.255 dev wlan1 table local scope link  src 10.0.3.2
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1
broadcast 192.168.1.0 dev br-lan table local scope link  src 192.168.1.254
local 192.168.1.254 dev br-lan table local scope host  src 192.168.1.254
broadcast 192.168.1.255 dev br-lan table local scope link  src 192.168.1.254
0:	from all lookup local
32766:	from all lookup main
32767:	from all lookup default

Fix the interface in the static routes. It is not lan but wifi_conn, wifi_5g_conn, and wired_conn.
Router B also needs a route for the 10.0.0.0/24 via 10.0.1.1 with metric 10, via 10.0.2.1 with metric 25, and via 10.0.3.1 with metric 20. Also it doesn't have a default gateway for the internet, so you need to also add that.