Need help setting up a br-lan interface

Hello guys.
I just need help setting up my interfaces to look like this:

instead of this:

I want to combine my lan and wlan interfaces into br-lan but i have no idea how.
Any help is apreciated. Thanks.

wlan (radios) should not be specified in the network config file. Instead, you create a bridge (which can be empty or can contain ethernet/VLANs), and then the network field within the SSID config (in /etc/config/wireless) is where the wifi is connected to the network.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

ubus call system board:

{
        "kernel": "5.10.176",
        "hostname": "OpenWrt",
        "system": "bcm63xx/96328dg2x2 (0x6328/0xB0)",
        "model": "D-Link DSL-2750U rev C1",
        "board_name": "d-link,dsl-2750u-c1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.5",
                "revision": "r20134-5f15225c1e",
                "target": "bcm63xx/generic",
                "description": "OpenWrt 22.03.5 r20134-5f15225c1e"
        }
}

NETWORK


config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdee:e272:a056::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option device 'eth0.1'
        option ipaddr '192.168.10.1'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '8t 0 1 2'

config switch_vlan
        option device 'switch0'
        option ports '8t 3'
        option vlan '2'

config interface 'WAN'
        option proto 'dhcp'
        option device 'eth0.2'
        option peerdns '0'
        list dns '1.0.0.1'
        list dns '8.8.4.4'
        list dns '1.1.1.1'
        list dns '8.8.8.8'

config interface 'WIFI'
        option proto 'static'
        option netmask '255.255.255.0'
        option device 'wlan0'
        option ipaddr '192.168.8.1'

wireless:

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0/0000:01:00.0/bcma0:1'
        option band '2g'
        option channel 'auto'
        option legacy_rates '1'
        option cell_density '0'
        option disabled '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'DJAWEB_D2306'
        option wmm '0'
        option disassoc_low_ack '0'
        option encryption 'psk2+ccmp'
        option key ''
        option network 'WIFI'
        option disabled '1'

DHCP:

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'WAN'
        option interface 'WAN'

config dhcp 'WIFI'
        option interface 'WIFI'
        option start '100'
        option limit '150'
        option leasetime '12h'

config host
        option name 'DESKTOP-FTALIS6'
        option ip '192.168.10.164'
        option mac 'EC:D6:8A:B7:63:74'


firewall:

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        list network 'WIFI'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'WAN'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'WIFI'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'WIFI'

config forwarding
        option src 'WIFI'
        option dest 'wan'

config rule
        option name 'WIFI'
        list proto 'udp'
        option src 'WIFI'
        option dest_port '67'
        option target 'ACCEPT'


As an FYI... this version is EOL and unsupported now. It appears your device is not supported in 23.05, so you may want to consider new hardware in the near future so that you can use the latest versions of OpenWrt (this is important for security, as the EOL versions are no longer patched). You should at least consider upgrading to 22.03.6 which was the last in that series.

edit your lan interface to use br-lan rather than eth0.1:

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option device 'br-lan'
        option ipaddr '192.168.10.1'

For the wifi network, add a new bridge like this:

config device
        option name 'br-wifi'
        option type 'bridge'
        option bridge_empty '1'

Then edit your wifi network to use that new bridge:

config interface 'WIFI'
        option proto 'static'
        option netmask '255.255.255.0'
        option device 'br-wifi'
        option ipaddr '192.168.8.1'

Currently your radio and your SSID are disabled in the wireless file. And you probably don't want legacy rates enabled.

In the firewall, you already have the wifi network defined in the lan firewall zone. Therefore, either remove it from there, or delete all of this:

Is there a reason you want the wifi and ethernet to be on different subnets?

I want to use this HSFC shaper thats like SQM but for low bandwith internets (for gaming). And the default configuration uses a br-lan and a wan, because when using it before with seperate LAN and WLAN interfaces it caused alot of issues including disabling my WIFI. Ill do the changes and let you know.

And no reason at all i just didnt know how to set it up properly with br-lan

It was setup by default with the lan using br-lan and the wifi setup against the lan network. It's easy to put that back if you want.... all depends if you want different subnets or one unified one.

No just a unified one like this one right here:

One more thing, i dont have the bridge option:

In that case...

make the change to the lan I recommended before:

Then delete this:

and delete this:

Delete the wifi network from the lan zone:

and then delete all of this:

Finally, edit the wireless file to use the lan network:

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'DJAWEB_D2306'
        option wmm '0'
        option disassoc_low_ack '0'
        option encryption 'psk2+ccmp'
        option key ''
        option network 'lan'

make sure to enable the radio (and remove the legacy rates option).
Reboot and it should work.

The WAN interface is my internet basically,that where i get internet from. My setup looks like this: ISP modem---->Openwrt---->Devices (PC-Phones....). I cant delete it.

you're only deleting it from the dhcp file. It's not needed there.

I get the idea now. Trying it as we speak.

Works like a charm. Thanks a ton bro really.

How can i limit the WIFIs bandwith with this setup? Before i used to add each interface into SQM and give them certain values. Now its just br-lan. Any tips?

Sorry, I latched on to the fact that you said you wanted a single subnet. IIRC, SQM operates only on the network interface level, so you'll need to recreate your wifi network and associate the SSID with the wifi network instead.

Add this back:

[quote="psherman, post:4, topic:203434"]

config device
        option name 'br-wifi'
        option type 'bridge'
        option bridge_empty '1'

config interface 'WIFI'
        option proto 'static'
        option netmask '255.255.255.0'
        option device 'br-wifi'
        option ipaddr '192.168.8.1'

And then put this back in:

Add wifi back to your lan firewall zone:

and then edit your SSID to use the wifi network:

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'DJAWEB_D2306'
        option wmm '0'
        option disassoc_low_ack '0'
        option encryption 'psk2+ccmp'
        option key ''
        option network 'WIFI'