Question on simple config 4 port router with one port as upstream wan0

Hi,

I have been at this on and off for over a week, ( in between my fun with my other openwrt box ), but I cannot get my head around Openwrt naming conventions even after I read an article about the way of naming devices and interfaces and how this differs in openwrt. I do not get. There is an intelligence test going on, and I failed:-

I have got an Archer MR200. It has a LTE modem in it with no working SIM card. I installed OpenWrt 22.03.2 some years ago. It has these ports on the back LAN 1, 2,3,4(wan).
I did a factory reset.

Currently, I plugged my note book into one of the ports lan2, and got an address from dhcp. 192.168.1.201, and I can log into LUCI and with SSH. Access works.

I renamed the lte usb devices from wan and wan6 to lte and lte6.

Question1: How can I configure the RJ45 port called LAN4 ( probably should be called eth3 ) to act as a WAN port and get a DHCP address from my upstream EdgeRouter?

Question2: How can I get the traffic from LAN 1,2,3 and wifi-iface 'default_radio0' and wifi-iface 'default_radio1' to send all the traffic up to the WAN port to the Edgerouter? ( the EdgeRouter should just route it upstream to the ISP).

I know ideally I should let the EdgeRouter take care of the DHCP/firewall/traffic shaping/vlans etc etc, but having reviewed many openwrt configurations I conclude: I am thick, and the boat set sail years ago but I was not onboard. So please do humour me. Keep It Simple Stupid comes into play on a different level. That EdgeRouter config is actually simple compared with OpenWrt: You lot have got the brains.

Some little change to this config might well work, but I do not understand the config:

Wireless

# awk NF wireless 
config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
	option band '5g'
	option htmode 'VHT80'
	option country 'PA'
	option cell_density '3'
	option channel '104'
config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option encryption 'sae-mixed'
	option key 'xxxxxxx'
	option ssid 'fly50_nomap'
config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/10180000.wmac'
	option band '2g'
	option cell_density '0'
	option country 'PA'
	option htmode 'HT40'
	option channel '13'
config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option encryption 'psk-mixed+ccmp'
	option key 'xxxxxxx'
	option ssid 'fly20_nomap'

Network

# awk NF network
config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'
config globals 'globals'
	option ula_prefix 'fd8e:cb38:1235::/48'
config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'
config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
config device
	option name 'usb0'
	option macaddr '18:d6:c7:c4:45:42'
config interface 'lte4'
	option device 'usb0'
	option proto 'dhcp'
config interface 'lte6'
	option device 'usb0'
	option proto 'dhcpv6'
config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'
config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 6t'

This is pretty straight forward. We just need to take one port off the lan (br-lan/switch) and move it to serve the wan. The details of this are slightly different depending on the hardware in use (DSA vs swconfig), but this should be pretty simple either way.

Taking into account my earlier respons and this question, it isn't clear if your intent is to use this device as a router (i.e. creating a completely independent downstream network relative to the upstream on the EdgeRouter), or if you are hoping to use this MR200 as a basic bridged AP where the lan ports and wifi are on the same network as the upstream network.

What is your goal?

Before you do anything, install 23.05 since your current version is EOL and unsupported.

https://firmware-selector.openwrt.org/?version=23.05.4&target=ramips%2Fmt7620&id=tplink_archer-mr200

Allow the device to reset to defaults during the process by unchecking the "keep settings" box or using the -n argument on the commandline.

But we need to know what this device is going to be doing -- wifi + switch for the upstream network, or an independent network (behind NAT and a firewall) relative to the upstream.

1 Like

Hi again!

If it is easy to use it as a dumb AP with vlans, then excellent.

I was taking the simple option because I did not understand how to do this. I did try last week by using the RE650 as a template, but I broke the network on the Archer MR200 and decided to consider a simpler option.

wifi + switch for the upstream network,

Would be the best.

Meanwhile, I have just upgraded this router to the latest version.

Yes, very much so.

We need the following info:

  • What address the MR200 will take on the network for the purpose of administering the device (IP address and subnet mask/size; optionally gateway and dns for that network)
  • What physical port on the MR200 is used as the uplink
  • If VLANs are involved:
    • What VLAN IDs are being used, and are they all tagged or is one untagged
      • Ideally also what the network name/purpose is (i.e. lan, guest, iot) for naming purposes.
    • What VLAN is used for the management network
    • What each of the remaining ports should have in terms of port-vlan membership assignments.

And then we need to see your config (should be default or nearly so):

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like

Hi,

Router has been flashed with latest image.

The usb LTE modems should be called lte4 and lte6 for ipv4 and ipv6 respectibly.

There is a rj45 port on the MR200 that they labelled LAN/WAN4. This will be the upstream WAN interface.

VLANS: all other ports LAN 1 2 3 get native VLAN 100.

MR200 router IP address: 10.210.10.4/24 ( static ) default route: 10.210.10.2/24
I think it should be similar to this:

config interface 'vlan100'            
        option device 'br-lan.100'
        option proto 'static'     
        option ipaddr '10.210.10.4'
        option netmask '255.255.255.0'
        option ip6assign '60'         
        option gateway 10.210.10.2    
        list dns 1.1.1.1

Here is the default configuration after the upgrade:

{
	"kernel": "5.15.162",
	"hostname": "OpenWrt",
	"system": "MediaTek MT7620A ver:2 eco:6",
	"model": "TP-Link Archer MR200",
	"board_name": "tplink,archer-mr200",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.4",
		"revision": "r24012-d8dd03c46f",
		"target": "ramips/mt7620",
		"description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
	}
}
config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'
config globals 'globals'
	option ula_prefix 'xx:xx:xx::/48'
config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'
config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
config device
	option name 'usb0'
	option macaddr '18:d6:x:x:x:x'
config interface 'wan'
	option device 'usb0'
	option proto 'dhcp'
config interface 'wan6'
	option device 'usb0'
	option proto 'dhcpv6'
config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'
config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 6t'
config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option disabled '1'
config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'
config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/10180000.wmac'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option disabled '1'
config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'
config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'
config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'
config defaults
	option syn_flood	1
	option input		REJECT
	option output		ACCEPT
	option forward		REJECT
config zone
	option name		lan
	list   network		'lan'
	option input		ACCEPT
	option output		ACCEPT
	option forward		ACCEPT
config zone
	option name		wan
	list   network		'wan'
	list   network		'wan6'
	option input		REJECT
	option output		ACCEPT
	option forward		REJECT
	option masq		1
	option mtu_fix		1
config forwarding
	option src		lan
	option dest		wan
config rule
	option name		Allow-DHCP-Renew
	option src		wan
	option proto		udp
	option dest_port	68
	option target		ACCEPT
	option family		ipv4
config rule
	option name		Allow-Ping
	option src		wan
	option proto		icmp
	option icmp_type	echo-request
	option family		ipv4
	option target		ACCEPT
config rule
	option name		Allow-IGMP
	option src		wan
	option proto		igmp
	option family		ipv4
	option target		ACCEPT
config rule
	option name		Allow-DHCPv6
	option src		wan
	option proto		udp
	option dest_port	546
	option family		ipv6
	option target		ACCEPT
config rule
	option name		Allow-MLD
	option src		wan
	option proto		icmp
	option src_ip		fe80::/10
	list icmp_type		'130/0'
	list icmp_type		'131/0'
	list icmp_type		'132/0'
	list icmp_type		'143/0'
	option family		ipv6
	option target		ACCEPT
config rule
	option name		Allow-ICMPv6-Input
	option src		wan
	option proto	icmp
	list icmp_type		echo-request
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	list icmp_type		router-solicitation
	list icmp_type		neighbour-solicitation
	list icmp_type		router-advertisement
	list icmp_type		neighbour-advertisement
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT
config rule
	option name		Allow-ICMPv6-Forward
	option src		wan
	option dest		*
	option proto		icmp
	list icmp_type		echo-request
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT
config rule
	option name		Allow-IPSec-ESP
	option src		wan
	option dest		lan
	option proto		esp
	option target		ACCEPT
config rule
	option name		Allow-ISAKMP
	option src		wan
	option dest		lan
	option dest_port	500
	option proto		udp
	option target		ACCEPT

Are these being used for anything?

And also, can I trouble you to show the config again with the cat command instead of the awk command you are using. The reason is that the cat method will maintain the extra line feed/carriage returns which makes the configs much more readable.

1 Like

Hi,

My apolgies for the awk. My brain works the other way around. The spaces and indentation are a distraction for me :slight_smile:
Here it is catted.

{
	"kernel": "5.15.162",
	"hostname": "OpenWrt",
	"system": "MediaTek MT7620A ver:2 eco:6",
	"model": "TP-Link Archer MR200",
	"board_name": "tplink,archer-mr200",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.4",
		"revision": "r24012-d8dd03c46f",
		"target": "ramips/mt7620",
		"description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
	}
}

Network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd0e:84f5:96b7::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'usb0'
	option macaddr '18:d6:xx:xx:xx:xx'

config interface 'wan'
	option device 'usb0'
	option proto 'dhcp'

config interface 'wan6'
	option device 'usb0'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 6t'

Wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option disabled '1'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/10180000.wmac'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option disabled '1'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

DHCP

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

Firewall

config defaults
	option syn_flood	1
	option input		REJECT
	option output		ACCEPT
	option forward		REJECT

config zone
	option name		lan
	list   network		'lan'
	option input		ACCEPT
	option output		ACCEPT
	option forward		ACCEPT

config zone
	option name		wan
	list   network		'wan'
	list   network		'wan6'
	option input		REJECT
	option output		ACCEPT
	option forward		REJECT
	option masq		1
	option mtu_fix		1

config forwarding
	option src		lan
	option dest		wan

config rule
	option name		Allow-DHCP-Renew
	option src		wan
	option proto		udp
	option dest_port	68
	option target		ACCEPT
	option family		ipv4

config rule
	option name		Allow-Ping
	option src		wan
	option proto		icmp
	option icmp_type	echo-request
	option family		ipv4
	option target		ACCEPT

config rule
	option name		Allow-IGMP
	option src		wan
	option proto		igmp
	option family		ipv4
	option target		ACCEPT

config rule
	option name		Allow-DHCPv6
	option src		wan
	option proto		udp
	option dest_port	546
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-MLD
	option src		wan
	option proto		icmp
	option src_ip		fe80::/10
	list icmp_type		'130/0'
	list icmp_type		'131/0'
	list icmp_type		'132/0'
	list icmp_type		'143/0'
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-ICMPv6-Input
	option src		wan
	option proto	icmp
	list icmp_type		echo-request
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	list icmp_type		router-solicitation
	list icmp_type		neighbour-solicitation
	list icmp_type		router-advertisement
	list icmp_type		neighbour-advertisement
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-ICMPv6-Forward
	option src		wan
	option dest		*
	option proto		icmp
	list icmp_type		echo-request
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-IPSec-ESP
	option src		wan
	option dest		lan
	option proto		esp
	option target		ACCEPT

config rule
	option name		Allow-ISAKMP
	option src		wan
	option dest		lan
	option dest_port	500
	option proto		udp
	option target		ACCEPT

I hope to use the LTE modems some day when I have figured the modem out and got a working Sim card. When this happens I hope to have a failover when the ISP internet link is down after 60 seconds.

Is everything just the one VLAN at this point (VLAN 100) or are there others currently configured on the upstream?

1 Like

There are other vlans upsteam ( 200 300 400 ), but I do not intend to have these on the MR200 at this point.

Ok. So vlan 100 only. Is it untagged coming into the mr200?

1 Like

Yes, 100 is native/untagged/pvid. ( I don't know what the correct terminology is ).

If that's the case, you don't need to do much at all... the following are the edits required:

change the address of the lan interface:

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '10.210.10.4'
	option netmask '255.255.255.0'
	option ip6assign '60'

And disable the DHCP server:

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option ignore '1'

That is all that is required. If you do want to change it to be VLAN 100 (even though it doesn't matter in this situation), you can make these optional changes:

Edit VLAN 1 by adding vid 100:

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '100'
	option ports '0 1 2 3 6t'

And then edit br-lan to use eth0.100:

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.100'

That's it. The rest will just work.

1 Like

Morning Peter,

Does this but need a default route and dns for the mr200 to get pkg updates?

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '10.210.10.4'
	option netmask '255.255.255.0'
	option ip6assign '60'

Yes, if you plan to install packages on the mr200, you need to specify the gateway and dns in the lan interface.

What are you thinking you’ll be installing/doing with the device?

1 Like

Nothing, yet. Planning for the future.

Is there a simple way to add a weight to the usb0 lte modems to allow failover?

e.g

this for the lte (usb)

option metric '20'

and this for the wan (rj45)

option metric '10'

What is the intent of the failover? Is this to failover should the other/main internet connection fail, or is it if the ER-X goes down? Those are two very different scenarios.

Assuming the former situation is the case, the best way to implement failover is to setup for multi-wan failover on the ER-X, and send the USB LTE network via a VLAN back to the ER-X. I don't know the nuances of using a USB LTE adapter, but I suspect you'll need to have it route to an RFC1918 network which is then treated as the second wan on the ER-X.

1 Like

Hi,

The configuration you provided worked well.Very happy. Thank-you. Oddly I cannot get to the 10.210.10.4 from the untagged management port eth1.

Ref LTE usb modem. In fact it's any scenario where the upstream connection is lost. This could be the ER-X failing, or the link to ISP failing. The LTE modem will only be used by the Archer MR200.

These are really distinctly different setups... if you want automatic failover, your MR200 needs to be in routing mode, which means that all devices connected to it will necessarily be on a different subnet than the usptream ER-X.

An alternative is that you could setup a second subnet + SSID for the LTE connection. If stuff goes offline upstream, just connect to the other SSID.

1 Like

This could be a simple solution. Because the LTE backup would only for my own use when working from home so that I could continue to work.