Please help make bridge between two lan interfaces

bobroid · January 31, 2023, 9:27pm

Hi everyone!
Maybe I’m repeatable and such problem is routine on this forum, but I even don’t know how to properly google my issue.
I have xiaomi ax3600 router with latest snapshot build on it. Also I have two ISP’s connected to wan and lan1 ports. Second one, connected to lan1 port, provides internet via PPPoE, so I created corresponding interface — it works perfectly.

Also this ISP provides home security service, so via same cable I have to connect my indoor monitor (from Dahua manufacturer if it’s important). I connected this thing to lan2 port of my router and trying to create bridge between lan1 and lan2 (obviously removed these devices from lan bridge), but it doesn’t seems working — my indoor monitor shows no connection. Can anyone put me to the correct road to solve this issue, please?

bobroid · January 31, 2023, 9:28pm

I can’t put more than one image in post, so there is another screenshots

bobroid · January 31, 2023, 9:28pm

And the last one

psherman · January 31, 2023, 9:41pm

To make sure I understand... you have lan1 operating as a 2nd wan port, and you need lan2 to be a 'pass-though' so that the home security monitor device is on the same network as that second wan (i.e. not routed, essentially a 'pass-through' port)... is that correct?

Best to see this in text form...

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network

bobroid · January 31, 2023, 9:46pm

Thank you @psherman for your response!
The command output is here


root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fde5:2aa7:cb21::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan3'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'
        option metric '10'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config device
        option name 'phy1-ap0'

config device
        option name 'lan1'
        option macaddr '9C:9D:7E:75:BA:93'

config interface 'stikonet'
        option proto 'pppoe'
        option username '*'
        option password '*'
        option ipv6 'auto'
        option metric '20'
        option device '@wan_slave'

config interface 'wan_slave'
        option proto 'none'
        option device 'lan1'

config device
        option type 'bridge'
        option name 'dahua'
        option bridge_empty '1'
        list ports 'lan1'
        list ports 'lan2'

config interface 'dahua'
        option proto 'none'
        option device 'lan2'

psherman · January 31, 2023, 9:49pm

Change the device on your wan_slave interface to match the name of the bridge device you created with lan1 and lan2.

config interface 'wan_slave'
        option proto 'none'
        option device 'dahua'

then delete this:

reboot and test.

bobroid · January 31, 2023, 9:59pm

So, I did the changes, and now config looks like this


config interface 'loopback'
        option device 'lo' 
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
                                  
config globals 'globals'
        option ula_prefix 'fde5:2aa7:cb21::/48'
                                               
config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan3'   
                         
config interface 'lan'
        option device 'br-lan'
        option proto 'static' 
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'         
                             
config interface 'wan'
        option device 'wan'
        option proto 'dhcp'
        option metric '10' 
                          
config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'
                             
config device
        option name 'phy1-ap0'
                              
config device
        option name 'lan1'
        option macaddr '9C:9D:7E:75:BA:93'
                                          
config interface 'stikonet'
        option proto 'pppoe'
        option username '*'
        option password '*'
        option ipv6 'auto'        
        option metric '20'
        option device '@wan_slave'
                                  
config interface 'wan_slave'
        option proto 'none' 
        option device 'dahua'
                             
config device
        option type 'bridge'
        option name 'dahua' 
        option bridge_empty '1'
        list ports 'lan1'      
        list ports 'lan2'

But indoor monitor still shows that it disconnected

psherman · January 31, 2023, 10:02pm

Do you know if the monitor uses a VLAN? Or does it need to be on the 'other side' of the PPPoE? Currently, it's connected pre-PPPoE credentials.

What happens if you unplug the OpenWrt router (lan1) and directly connect the monitor to the upstream modem device?

bobroid · January 31, 2023, 10:02pm

I’m wondering could this issue be linked with firewall or other software settings?

bobroid · January 31, 2023, 10:13pm

As my ISP said it should be “directly connected” to the monitor if I won’t use their services, so I believe that it should be like “other side” of PPPoE (if I understand it correct)
For the cases when I want to use theirs services they recommend to buy microtic router and setup all by themselves for some $ but I hope that I’ll be able to setup such thing by my own
I’ll talk to my ISP tomorrow and clarify that things. I’m planning in the future buy outdoor button which also should be somehow connected to this network, and use both things with PoE switch, so I’m guessing that my ISP’s cable would be plugged in to that switch and my devices will be configured to communicate through ISP’s network.
Also there could be some mac filtering on theirs side, so it might be the reason why indoor panel shows “no connection”. I lowered my hands and come to this forum because I’m not so good in networking, but I believe that you couldn’t suggest me anything wrong

bobroid · January 31, 2023, 10:15pm

Also I forget to add that unfortunately I’m not able to connect monitor and ISP’s cable directly now

psherman · January 31, 2023, 10:17pm

So you can run a quick experiment to know if the monitor needs to be pre- or post- PPPoE credentials...

This means that you'll have the monitor plugged directly into the upstream device, so if it works, it needs to be pre-PPPoE (and maybe on a VLAN). If it doesn't work...

Try connecting the monitor to your regular LAN and see if it connects... maybe it doesn't truly need to be connected directly to the ISP's modem.

Maybe... but, before you buy anything, make sure you know if VLANs are part of the equation... if they are, you'll need a managed switch.

Why not?

bobroid · January 31, 2023, 10:19pm

So I tried and it connects to my local network. It couldn’t work because at this time second ISP was disconnected.

Length of cable is not allowing me to do this. I remember there exists such thing with two lan inputs on both sides to allow me to make such connection, but unfortunately I can’t find it

psherman · January 31, 2023, 10:26pm

Try connecting your second ISP to your OpenWrt router (and only the 2nd one... disconnect the 1st wan), and then see if the monitor works.

Can you physically move the monitor a better location to make that connection (especially for this test)? or is it permanently moutned somewhere?