Trying to bridge two subnets on the same interface (no separate LAN interfaces)

Here's my situation: I have an openwrt installed on the TL-WR1043ND v2 (the wifi is turned off). the router is connected to the 24 port switch with just a single LAN port. the WAN port is connected to the internet modem. what I also have is tp-link deco, configured in router mode. it's also connected to the same switch. the main deco unit can be seen in openwrt's dhcp client's list with a LAN IP address (i.e. 10.0.0.X)

the internal wifi's network subnet is 192.168.68.0/24
my internal LAN subnet is 10.0.0.0/24

what I want to be able is to make some sort of a bridge between 10.0.0.0 to 192.168.68.0 by using the registered deco's IP address as a gateway.

what I've tried so far:

  • created a static route: Network -> Static routes -> Add:
uci set network.@route[-1].interface='lan'
uci set network.@route[-1].target='192.168.68.0/24'
uci set network.@route[-1].gateway='10.0.0.192'
  • created an additional VLAN, then went to the firewall page and tried to create rules between LAN and the VLAN, however that was way too complicated for me

is what I'm trying to do even possible? Or should I rather connect the deco's main device to a separate router's port (like eth2)?

sorry, I don't quite understand. Are you saying that I should use some special setting inside Static routes? So far I've tried unicast, local and anycast settings. And I should not create any firewall rules at all? Sorry for all these questions but networking isn't something I'm proficient in

You can't bridge two different subnets, you must route them - and can set permissive firewall settings for that (basically no filtering at all).

ok, but how can I do that in openwrt ? again, sorry if this question is quite dumb but I am not a network expert by any means.

so far, I've created a virtual interface in openwrt (I've named it wifi_bridge) with the following properties:

ip address - static - 192.168.68.1/24
gateway - 10.0.0.1
netmask - 255.255.255.0

then I tried to create a static route ( network / static routes ):

interface - lan
target - 192.168.68.0/24
ip4 gateway - 10.0.0.192

but this does not seem to be working.

Your gateways don't really make a lot of sense... do you have multiple upstream routers/networks?

I hope that this diagram will clarify it somehow.

so basically I only have a single source of the internet - which is my modem. then there's a connection between the modem and the WAN port of the openwrt router. router then goes to switch. I have used thee same switch to connect tp-link deco wifi system. openwrt router has DHCP server running with the subnet 10.0.0.0/24. the tp-link deco is running in router mode which makes it create another subnet for all the wifi connections: 192.168.68.0/24 (it also has it's own DHCP server). the main unit of deco can be pinged from openwrt, but what I would like to do now is to use this connection (10.0.0.192) to be able to access a device that has an IP address from the wifi subnet from within a LAN subnet. so essentially I'd like to create a connection between the PC (10.0.0.10) and anything on the wifi (192.168.68.0/24)

wow.. I was just able to do it, a lot of trial and error. here's how I achieved it.

step 1: I created an additional VLAN. network -> switch, clicked on the button "add vlan", then selected "cpu (eth1)" to "tagged" (the same as my main LAN) and a free port (without any wire) to "untagged". I left all the other options as "off".
step 2: network -> interfaces -> add new interface. I created a new interface named "wifi_bridge". protocol set to "static ip address", ip4 address set to "192.168.68.1", netmask "255.255.255.0", on the advanced settings I unchecked "use the default gateway", on the "firewall settings" I created a new zone "wifi_bridge"
step 3: network -> firewall. in the zones section I edited the lan so that it is allowed to forward to and from "wifi_bridge"

and voila! :smiley: this was really hard but I'm very happy it worked in the end. Thank you very much for the insight!

Ain’t it easier and more network functional proof to run the TP-Link Deco as a access point (that is what you have drawn but with a dhcp server) for the mobile devices instead of having two DHCP servers pointing towards each other?
Or run the Deco with a firewall and masq (or similar) if you really want two dhcp servers?

yes, I have been running the deco in AP mode previously. and then each wifi device would also receive an IP address from the same 10... subnet but the problem then was that the router (openwrt) was struggling very much (i noticed that during my video call when I would get disconnected frequently) (even though I am connected via the wire and have a static dhcp lease). I suppose I had too many devices or something. as soon as I moved to the double router setup, all problems went away. the way I understand it is that my router was simply underpowered to handle so many connections simultaneously

But the first router handles everything anyway since it own the ISP connection so it isn’t underpowered.

How many 100 or 1000 devices do you have in your network?
I have about 15 devices from time to time connected online and the OpenWRT (dhcp server) never ever gets overwhelmed.

I would rather bet in this case the Deco has a underdeveloped firmware that really doesn’t want to be a slave under another router if you have those problem you describe. Or maybe a switch config problem.

yes I know, it's quite strange. I think I definetely have less than 100 devices however more than 15. 20-ish. If I would get kicked out of wi-fi then I would understand this, but I was getting disconnections on the video-call while being connected via the ethernet cable. That's why I thought that maybe it's just too much traffic that's being talked trough the openwrt routing table and that's why it resolved itself once I moved the wifi traffic over to deco. as I understand it, this way deco routes all necesary traffic by itself and openwrt deals just with the LAN traffic. previously, it's CPU usage was quite high on the charts, now it has calmed down. Unfortunetely because deco is closed source, I cannot know exactly what is happening there :confused: I even thought of purchasing a different router (and still going with the AP mode) but the irony is that all of the routers come bundled with the AP antennas which I don't use anyway - and the more powerful they get the more antennas they get

I still don’t believe the fault was in the openwrt router, it sounds very much like some kind of network conflict between two routers connected to each other

Since you alredy have a switch your simplest and cheapest technical solution for this would be to buy a real access point like TP-Link EAP model or maybe a Uniquinti AP without any other functions than access point.

Then you get rid of the pole antennas mounted on home routers, I agree that there are to many meaningless antennas on routers and there are pointless. They are only there for show.

Your switch (if it’s a smart manageable one!) should actually do the routing and switching per interface you say the Deco device do so only the data destined for internet should generally be routed to the router.

I did had a tp-link eap :slight_smile: I think the exact model was eap 245 or something like that (I took the one with 5ghz since 2.4ghz is very, very crowded in my area), It was mounted on the ceiling. the problem with it was that I could never get a proper range in the whole apartment (my walls are really thick, brick walls). that's why I went with deco since it provides the mesh wifi. I have an ethernet socket in each of the rooms and I connect deco units via ethernet ports on the opposite sides of the apartment and they do the switch automatically. again, I would like to stress it out that my experience with networking is almost non-existent, the nice thing about deco was that it "just worked". I could check again but I'm pretty sure that when deco was connected in the AP mode (that is - all the wifi clients would receive an IP address from openwrt) when I would look on the realtime graphs, the load was insanely high. it all went away as soon as I switched to router mode on deco

1 Like

Your router is pretty low CPU and RAM and it doesn't surprise me you had issues with it. I suggest to go with a wired only router running OpenWrt, and put the deco in AP mode, and simplify your network while upgrading capacity. The current king of wired routers is the RPi4 with a UE300 USB ethernet. Since you're wiring in the deco units its not doing mesh. You could just as easily have wired a few more EAP devices.

1 Like

hmm correct me if I'm wrong but I was pretty sure (at least from reading up the specs from tp-link) that the deco units connect with themselves via a dedicated wifi channel, but you can also use wires which would make the whole process more stable (that's why each unit has 2 ethernet ports - one for talking with other units and another one for providing an ethernet output). Also, the deco app shows me that the clients are connected to different deco units and when I move between rooms they do switch transparently (at least I hope so, I'll have to do a further check :D). I do agree that the router is not powerful, though on the other hand I don't even have 50 devices connected to it. I went with it since I purchased it a while ago and like I explained before it didn't made sense to me to invest in a more powerful router which wouldn't even use builtin wifi.

This really makes no sense. The proper way to route symmetrically between two networks is to turn off the NAT in the second router, so that packets from the 192.168.68.0 network reach the 10.0.0.0 network retaining their 192.168 origin (and return) IP. Then install a route on the 10.0.0.1 main router 192.168.68.0/24 via 10.X.X.X where X is the IP of the second router on the 10.0.0.0 network. (It isn't necessary to install an additional route in the second router since it has already configured its default route to be the first router).

hm I'd have to check whether deco exposes functionality to disable NAT (that's the problem with running closed-source stuff). the setup that I had yesterday did work until everything simply crashed and I had to revert to AP mode (which again increases load on the "main" router (i.e. 10.0.0.1)

one other frustrating thing that I also did observe was the fact that sometimes (especially after the whole network crashes) deco decides that it's a default gateway and so my PC that should receive ip address from 10.0 network would instead receive it from 192.168 subnet

@mk24 where should I install the route you're talking about? is it in network -> static routes ? should I leave the type as unicast?

The load is the same through your main router regardless of the mode of those Deco devices. Think of it like plumbing -- assuming properly sized pipes, the it doesn't matter if your 2nd floor plumbing joins together into one pipe running downstairs, or if each individual fixture has its own connection down to the main sewer connection -- either way, the total amount of effluent into the sewer is the same.

It is possible that an underpowered router has difficulty handling a large NAT table (which is how the system ensures that traffic returning from the internet gets to the correct end device within your network), which could explain part of your issue. If this is the case, the reason your Deco system in NAT mode appears to help is simply that all of the devices connected to the Deco behave as a singular device from the perspective of your main router.

All of that said, I agree with the other posts where people have suggested getting a more modern main router and to configure your wifi devices to operate as dumb-APs (bridge devices) rather than having NAT functions enabled.

1 Like

You're confusing meshing with (fast) roaming.

Meshing allows APs to create a network between themselves over wireless connections, rather than wired. I don't know whether the Deco units keep a mesh active when plugged into a wired network, but I'd suspect it'd only ever be used if there was a failure in the wired network.

Fast roaming allows devices to move seamlessly between APs as you move around with the aim of always being connected to the AP with the best signal. This is what you're seeing with your current setup.

1 Like

Yes, that's probably correct. Either they connect to each other via wifi, or if they are connected by wires then they don't need to connect via wifi. Since you are connecting via wired, the traffic should be wired. Whether the clients roam properly from one to another is completely a separate question from how the deco units themselves connect to the network...