How to extend the wifi network of a downstream router?

I have two routers with OpenWrt 23.05.

"Upstream" with its own dhcp and lan 192.168.30.0/24
"Downstream" with it's own dhcp and lan 192.168.20.0/24

Thanks to the help of @psherman (thank you!), I was able to repeat the lan of "Upstream" using a wan bridge in "downstream" so any devices connected to Upstream-Wifi_AP2 (a wifi network in "Downstream" router) get a lan ip from Upstream router.

I would like to accomplish the same, in reverse.

How do I make a wifi network in "Upstream" router, such as clients connected to it get in the lan of the downstream router? (Clients get ips from 192.168.20.0/24, it's dns, etc)?

Why do I have two routers and one of them is not a "Dumb AP"? "Upstream" provides internet to the whole family and "Downstream" is an exclusive router for me so I can use wireguard, mwan3, custom dns server, etc without disturbing the family (and I don't get angry faces screaming "The internet is down!")

The short answer is, you can't - I'm not aware of any driver that would allow this.

So you'd have to cheat around the problem by tunneling (VPN or gretap or something similar), but your concept of segregated networks pretty much goes down the drain that way (unless you have quite sophisticated (pbr like) routing and firewall zones set up), it's possible, but the dumb-AP route might be more attractive.

EDIT: to clarify, the above assume a wireless link between the two routers, which indeed precludes this operation (apart from the aforementioned cheating), if you had an uninterrupted wired link (at most using managed switches) between them, you could use different VLANs.

I have "upstream" (lan port) connected to "Downstream" (wan port) using ethernet.

Can vlans be used?

Yes, VLANs can be used in that situation.

how to use vlans for this situation?

Post the network config files for both routers, and also let us know which port on the main router is connected to the downstream one.

Upstream


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd7f:99db:cdad::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config device
	option name 'lan1'
	option macaddr '60:38:e0:9f:5b:51'

config device
	option name 'lan2'
	option macaddr '60:38:e0:9f:5b:51'

config device
	option name 'lan3'
	option macaddr '60:38:e0:9f:5b:51'

config device
	option name 'lan4'
	option macaddr '60:38:e0:9f:5b:51'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.30.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'wan'
	option macaddr '60:38:e0:9f:5b:50'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'

Downstream


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd5e:3c1e:0409::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config device
	option name 'lan1'
	option macaddr '60:38:e0:2d:92:34'

config device
	option name 'lan2'
	option macaddr '60:38:e0:2d:92:34'

config device
	option name 'lan3'
	option macaddr '60:38:e0:2d:92:34'

config device
	option name 'lan4'
	option macaddr '60:38:e0:2d:92:34'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	list dns_search 'lan'

config device
	option name 'wan'
	option macaddr '60:38:e0:2d:92:34'

config interface 'wan'
	option device 'br-wan'
	option proto 'dhcp'
	option metric '10'

config interface 'wan6'
	option device 'br-wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option metric '10'

config device
	option name 'br-wan'
	option type 'bridge'
	list ports 'wan'

The connection between routers is:

Upstream (lan4) ---> Downstream (wan)

On the upstream router, add these things:

config bridge-vlan
	option name 'br-lan'
	option vlan '1'
	list ports 'lan1:u*'
	list ports 'lan2:u*'
	list ports 'lan3:u*'
	list ports 'lan4:u*'

config bridge-vlan
	option name 'br-lan'
	option vlan '2'
	list ports 'lan4:t'

config interface 'downstream'
	option device 'br-lan.2'
	option proto 'none'

And edit the lan interface to use br-lan.1 instead of br-lan like this:

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	list dns_search 'lan'

On the downstream router...
remove this:

add the wan port to br-lan like this:

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'wan'

Now add the following:

config bridge-vlan
	option name 'br-lan'
	option vlan '2'
	list ports 'lan1:u*'
	list ports 'lan2:u*'
	list ports 'lan3:u*'
	list ports 'lan4:u*'
	list ports 'wan:t'

config bridge-vlan
	option name 'br-lan'
	option vlan '1'
	list ports 'wan:u*'

Next, edit the lan to use br-lan.2 like this:

config interface 'lan'
	option device 'br-lan.2'
	option proto 'static'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	list dns_search 'lan'

and the wan to use br-lan.1 like this:

[quote="omenraining, post:7, topic:175444"]

config interface 'wan'
	option device 'br-lan.1'
	option proto 'dhcp'
	option metric '10'

config interface 'wan6'
	option device 'br-lan.1'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option metric '10'

Now, if you want to broadcast an SSID on the upstream router that is the VLAN from the downstream router (192.168.2.0/24), you simply create a new SSID on the upstream device and attach it to network downstream and you should be good to go.

on downstream router, I have br-wan so I can repeat upstream's lan using wifi. Would it still be possible?

yes, in this case it is br-lan.1, but the name of the bridge shouldn't matter because you're going to associate the SSID with network wan (that should be how it's done already).

Where did you get "br-lan.1"?

On the downstream router, the wan is associated with br-lan.1 and the lan is br-lan.2.

On the upstream router, the lan coming from the downstream router is associated with br-lan.2 as a tagged network on port lan4.

In other words:

  • Upstream router port lan4:
    • untagged: [VLAN 1] lan (local: 192.168.30.0/24)
    • tagged: VLAN 2 remote lan (from downstream router: 192.168.2.0/24).
  • Downstream router port wan:
    • untagged: [VLAN 1] wan/upstream (from upstream router's lan: 192.168.30.0/24)
    • tagged: VLAN 2 lan (local: 192.168.2.0/24, VLAN 2) tagged.

after aplying the first part of the changes in "Upstream", LuCi lists devices "undefined.1" and "undefined.2" as VLAN (802.1q)

Is it normal? Shouldn't it have a name like br-lan.1 and br-lan.2?

let's see the complete upstream config (/etc/config/network)

After applying the changes in upstream, I lose connectivity and I have to reset the router with the tiny red button in the back. The router is a Linksys EA6350v3 and it seems like it used to have vlan problems in the past versions of openwrt

# upstream's /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd7f:99db:cdad::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config device
	option name 'lan1'
	option macaddr '60:38:e0:9f:5b:51'

config device
	option name 'lan2'
	option macaddr '60:38:e0:9f:5b:51'

config device
	option name 'lan3'
	option macaddr '60:38:e0:9f:5b:51'

config device
	option name 'lan4'
	option macaddr '60:38:e0:9f:5b:51'

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.30.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'wan'
	option macaddr '60:38:e0:9f:5b:50'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'

config bridge-vlan
	option name 'br-lan'
	option vlan '1'
	list ports 'lan1:u*'
	list ports 'lan2:u*'
	list ports 'lan3:u*'
	list ports 'lan4:u*'

config bridge-vlan
	option name 'br-lan'
	option vlan '2'
	list ports 'lan4:t'

config interface 'downstream'
	option device 'br-lan.2'
	option proto 'none'

This should be a valid config.

Try changing the following vlan 2 to be vlan 3 (just in case vlan 2 is still reserved):

config bridge-vlan
	option name 'br-lan'
	option vlan '3'
	list ports 'lan4:t'

config interface 'downstream'
	option device 'br-lan.3'
	option proto 'none'

Still, no luck. Connectivity lost on upstream


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd7f:99db:cdad::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config device
	option name 'lan1'
	option macaddr '60:38:e0:9f:5b:51'

config device
	option name 'lan2'
	option macaddr '60:38:e0:9f:5b:51'

config device
	option name 'lan3'
	option macaddr '60:38:e0:9f:5b:51'

config device
	option name 'lan4'
	option macaddr '60:38:e0:9f:5b:51'

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.30.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'wan'
	option macaddr '60:38:e0:9f:5b:50'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'


config bridge-vlan
	option name 'br-lan'
	option vlan '1'
	list ports 'lan1:u*'
	list ports 'lan2:u*'
	list ports 'lan3:u*'
	list ports 'lan4:u*'

config bridge-vlan
	option name 'br-lan'
	option vlan '3'
	list ports 'lan4:t'

config interface 'downstream'
	option device 'br-lan.3'
	option proto 'none'

I'm just making changes in upstream and not in downstream.

oh... my bad...

^^^ I made a mistake... the first line in the bridge-vlan should be

	option device 'br-lan'

(not option name 'br-lan').

Fix that for both bridge-vlan statements and roll set vlan 3 back to vlan 2 as we had it earlier.

I notices the vlans have the first line config bridge-vlan but other have config device and then have a line option type 'something'

Why are they different?

Also, adding option device 'br-lan' solved the connectivity problems.

Now, downstream:

I use the lan1 port as a second wan (wanb) for failover and loadbalancing with mwan3.


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd5e:3c1e:0409::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config device
	option name 'lan1'
	option macaddr '60:38:e0:2d:92:34'

config device
	option name 'lan2'
	option macaddr '60:38:e0:2d:92:34'

config device
	option name 'lan3'
	option macaddr '60:38:e0:2d:92:34'

config device
	option name 'lan4'
	option macaddr '60:38:e0:2d:92:34'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	list dns_search 'lan'

config device
	option name 'wan'
	option macaddr '60:38:e0:2d:92:34'

config interface 'wan'
	option device 'br-wan'
	option proto 'dhcp'
	option metric '10'

config interface 'wan6'
	option device 'br-wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option metric '10'

config interface 'eth1'
	option proto 'dhcp'
	option device 'eth1'
	option type 'bridge'

config device
	option name 'br-wan'
	option type 'bridge'
	list ports 'wan'

config device
	option type 'bridge'
	option name 'br-wanb'
	list ports 'lan1'

config interface 'wanb'
	option proto 'dhcp'
	option device 'lan1'
	option metric '20'

^^ this defines the "base device" upon which everything else will be referenced. It is creating a device, and in this case is specifying that it is a bridge (i.e. all entities in this device will be bridged together to operate as a single device).

^^ this defines the VLAN, and it references the device br-lan created earlier upon which the VLAN will exist.

^^ this is a network interface stanza and it says that the network should be attached to vlan 1 on br-lan --> device br-lan.1

Does that help clarify? (I hope I didn't make it worse).

Weren't we adding the wan port to br-lan in the earlier parts of the discussion (so that you can send the downstream lan back up to the main router using VLANs)? I don't see that in the config presented here.

I don't recall seeing eth1 previously, either. What device is this?

These bridges are unnecessary. lan1 doesn't need to be part of a bridge (and, in fact, you're using it directly in the wanb network interface). So delete the br-wanb bridge. Then, br-wan should also be deleted since the wan port needs to be added to br-lan as per above.