Hi folks, I'm the beginner's principle about OpenWRT and networks in general.
I managed to configure the connection of the TP-Link TD-W8970 using the VLAN tag with ppoe as my provider specifies and everything seems to work fine. Now I would like to figure out how to make this modem / router a simple and stupid modem, so that it can cascade the router eero 6 and avoid double NAT as I have now.
I believe the stock firmware for this device supports bridge mode. You might find it simpler to just re-flash the device back to stock and use that to achieve what you want. You're not gaining anything from having OpenWRT on there if you're just using it as a modem.
If you google 'td-w8970 bridge mode openwrt' you'll get a number of results back for forum threads where it has been discussed. I've not tried such a setup so can't help any further, but you might find something useful in one of those threads.
So the term of art is rather bridged-modem instead of dumb modem, but I get your point.
Here is what I do on a FB 7520 (uses a snapshot with DSA instead of swconfig):
cat /etc/config/network:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdcd:4cf3:765d::/48'
config atm-bridge 'atm'
option vpi '1'
option vci '32'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
config dsl 'dsl'
option tone 'b'
option annex 'b'
option ds_snr_offset '0'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option proto 'static'
option ip6assign '60'
option device 'br-lan.42'
list ipaddr '192.168.100.1/24'
config device
option name 'dsl0'
option macaddr '98:9B:CB:C0:F5:BB'
config interface 'wan'
option device 'dsl0'
option proto 'none'
config interface 'wan6'
option device '@wan'
option proto 'dhcpv6'
config bridge-vlan
option device 'br-lan'
option vlan '42'
list ports 'lan1:t'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config bridge-vlan
option device 'br-lan'
option vlan '7'
list ports 'lan1:t*'
config device
option type '8021q'
option ifname 'dsl0'
option vid '7'
option name 'dsl0.7'
config device
option type 'bridge'
option name 'br-dsl'
list ports 'br-lan.7'
list ports 'dsl0.7'
config interface 'MODEM'
option proto 'none'
option device 'br-dsl'
This sets the modem to use 192.168.100.0/24 as its IP network to avoid clashes with the router's default 1092.168.1.0/24.
This changes br-lan to use VLAN 42 (only port 1 needs to use tagged packets). So all ports and port lan1.42 will connect to the modem's LAN.
Then it defines a VLAN (7) for the modem (my ISP requires VLAN 7 if your does not, simply leave out this step and use plain dsl0) as well as br-lan.7 with only port lan1 as member (requiring tagged packets).
Then it creates a bridge (br-dsl) that contains br-lan.7 and dsl0.7.
After this a packet send to lan1 with VLAN tag 7 will be send out over the DSL link, and packets received via DSL will be sent out via lan1.7, so the pprimary router will need to use VLAN7 and pppoe on its wan interface.
At the same time if you connect to the the modem's lan1 port with VLAN tag 42 (or any other lan-port without a VLAN tag) you can reach the OpenWrt instance running on the modem, e.g. for looking at the DSL statistics or whatever else you want to look at :).
In my case the primary router is also running OpenWrt and I created a second interface there using 192.168.100.2/24 (without a default gateway) with VLAN42 so I can easily reach the modem's GUI from my internal network via its 192.168.1.1 address, not sure how/if this is achievable with the eero (nor whether you would want that).
There are ways of doing this that rely on IP addresses alone, but I prefer to use VLANs as I hope this results in stricter isolation of modem access and internet bridge.
This way Modem ports lan2 lan3 lan4 and WIFI AP are extending my home network to the basement in my case.
Also worth mention is full 1500 MTU on pppoe-wan
Clever and elegant, I thought about this as well. What stopped me so far is that this way my internal network's security does not only depend on keeping my router secure, but also the modem. On the other Hand an attacker would need to first jump out of the dsl/lan1 bridge...
Also this makes it a tad harder to replace the modem (my cold spare is a zyxel with very limited configurability, not capable of running OpenWrt). But again a clever and elegant solution.
Well, that is the norm* the exception are baby jumbo-frames of 1508 so that the internet visible MTU is 1500. That however requires cooperation by your ISP. As far as I know Deutsche Telekom decided against that, so I am stuck with internet MTU 1492....
*) The PPPoE header is part of the ethernet payload, so the typical MTU to the ISP's PPPoE server is indeed 1500, it is just after PPPoE decapsulation the maximum apparent payload size is restricted to 1492, but I am sure you know this and just use MTU 1500 as short hand for 'internet MTU' after all that is more important...
the exception are baby jumbo-frames of 1508 so that the internet visible MTU is 1500. That however requires cooperation by your ISP. As far as I know Deutsche Telekom decided against that, so I am stuck with internet MTU 1492....