Help with DSA: bridge VLAN

I think what you need to do is treat router A as your main router. Router A will need to be configured as a multi-WAN device (mwan) and then you can treat the network created by router B as one of the WANs.

I would recommend changing the VLAN 2 definition to be VLAN 3, in the event that VLAN 2 is currently being used by the OpenWrt router (A) as the current WAN. Router B's LAN will be VLAN 3, and VLAN 3 on Router A will be treated as WAN 2. VLAN 1 will be your normal LAN and the devices on LAN 1 will all be served by the DHCP server on Router A (unless you have some other DHCP server), and Router A will be the gateway for all of the traffic on your network. Router A's multi-wan configuration will enable it to steer the traffic appropriately to the correct upstream (WAN) network (radio or router B).

This sound's very intresting and I have to think about it more carefully.

At the moment route decision to gateway is done by OSPF (default-information originate) which is easier to understand for me, but I can try out mwan3.

How can this be done without double-NAT? router B is doing NAT.

It's late here, I'll take a closer look tomorrow.

Thank you very much for your time.

You might be able to avoid double NAT by using routing tables. Your other WAN (the radio) may be doing NAT and/or may be subject to NAT/CGNAT by the ISP anyway... but if you're trying to avoid double NAT, you'll need to look at policy based routing or similar.

I am still looking for what's wrong with the bridge config.
This post seem's to clarify that it should work,or?
For me policy based routing seems to be more complex.

Thank you for your help!

A bridge is usually not the right approach for merging networks. A bridge is the software equivalent of a switch. You need to route.

Router A and LAN is in the same network, only DHCP should be dropped.
I tested it with an additional router configured as bridge between A and LAN.
The config is very simple (only one firewall entry).
But you are right, that is not entirely flawless but it's simple and working.

Apart from this, I want to learn about VLAN's.

If router B interface connected to switch is set as tagged vlan, or you will tag on switch. The setup is possible.

You can set this clan to wan interface on router A and lan part as untagged.
This way computers connected to switch will only see router B.

The switch tag's for incoming (PVID2) und untags VLAN2 for outgoing packets.

Sorry I don't understand.
When I "bind" the VLAN2 to wan port on router A then the networks are seperated.
I'd like them to be in the same network and bridge the VLAN's for filtering.

Ah I see, i thought that you wanted to separate it.

I would do the NAT on router A in that case.

I assume that router B is from your ISP? Isn't it possible to just set it to bridge mode and do everything on your router A (I did this in my setup)

If the bridge in VLAN's does not work, I'll do this, whether I like it or not.

Unfortunately I can't switch the ISP router to anything other than NAT.