[Solved] Wireless client brdged to VLAN - how to?

EDITED to add my solution.

Since my first question worked so well (sarcasm), here's my second problem.

ISP's equipment is in my living room. I have a router (Nanopi R5s running OpenWRT 22.03.3; it works great) and a Mikrotik smart switch. A cat-7 wire goes to my office. Here I have a dumb switch and some other stuff.

My neighbor allows me to use his wifi in case my ISP goes down. So naturally, I'm experimenting with mwan3. But his wifi signal is very weak in the living room but extremely strong around my office.

So I thought I'd use my old WNDR3700v1 router as a wifi client and bridge the interface to my router via a VLAN.

My WNDR3700v1 is running OpenWRT v19 - it's old, and wifi drivers don't work reliably with later versions.

My thinking: WWAN gets IP from my neighbor's wifi, I bridge it to VLAN21, and on the other end, I just create an 'unmanaged' interface and use it for failover routing with mwan3.

Step 1: set up my WNDR370v1 as a wifi client. It works. I get an IP address via DHCP.

Step 2: create a VLAN21 (in the Network -> Switch menu).

Step 3: bridge WWAN with this new VLAN.

Step 3 breaks everything.

What am I missing?


Thanks to the comments, I realized that it's not possible to bridge an access point in client mode to a VLAN. So I'll just set it up as a dumb AP and use a smart switch to tag it with the VLAN id I need.

Put your wwan on the WNDR3700v1 into the wan firewall zone.
This will then be routed to a lan on that unit... send that lan (as a VLAN) over to your main router and you can use mwan3 on the main router to handle failover.

Let's see your config... first on the WNDR3700v1

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like

A wifi STA (client of an ordinary AP) can't be in a bridge. It has to be a standalone interface that you route to. So you'd set up the 3700 as a regular lan->wan router, then connect the lan network to be the backup wan of the main router.

This is double NAT, which usually isn't a big issue as a backup Internet connection. A slightly more sophisticated solution would be to install symmetric routing between your lan and the neighbor's lan, reducing the number of NAT stages. The completely developed implementation of this requires the neighbor to install a route in their router.


This is a bog standard 8/64 ath79 device with AR9220+AR9223 wifi, there is no reason why it can't use 22.03.x or newer. ath9k is a mature driver, if there are bugs, they would be known and are likely to be fixable/ fixed.

The only reason not to use this, would be if your neighbour had an 802.11ac/ ax wifi, as you would be losing performance with an old(er) 802.11n like yours in this situation (as the difference between 802.11n and 802.11ac is really significant on 5 GHz).

1 Like

Thanks for your reply! I'd rather avoid double NAT and tag the VLAN id with a hardware switch.

Thank you for the explanation! I'll use a hardware switch to do the tagging.

I tried 23.03.3, but with a heavy load on wifi, the device just reboots. After downgrading to 19.x this stopped. Maybe I'll make another go at it.

Thank you!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.