WAN port does not work with ISP (BT Home Hub 5.0)

Hello everyone.
I just bought my first OpenWrt device, and faced some confusion how it actually works. It has recent version flashed.

I have mikrotik connected to ISP, authorized by mac address.
It works just fine.
And when I connect my device's WAN port to the mikrotik - I have internet working just fine.

But if I connect it directly to ISP cable - it can't establish connection with ISP. Even with the MAC overriden to those that mikrotik have. When I call to ISP they are saying that can't see traffic from my device. And on the web intefrace I see that TX / some packets. RX / 0 on WAN interface.

config
root@OpenWrt:~# cat /etc/config/network; cat /etc/config/firewall ; cat /etc/config/dhcp

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdfa:ac28:45a0::/48'

config atm-bridge 'atm'
	option vpi '1'
	option vci '32'
	option encaps 'llc'
	option payload 'bridged'
	option nameprefix 'dsl'

config dsl 'dsl'
	option annex 'a'
	option tone 'av'
	option ds_snr_offset '0'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device 'lan_eth0_1_dev'
	option name 'eth0.1'
	option macaddr 'c8:XX:XX:XX:XX:42'

config interface 'wan'
	option proto 'dhcp'
	option ifname 'eth0.2'
	option macaddr '4c:XX:XX:XX:XX:41'
	option delegate '0'

config device 'wan_dsl0_dev'
	option name 'dsl0'
	option macaddr 'c8:XX:XX:XX:XX:43'

config interface 'wan6'
	option ifname '@wan'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '5 6t'

config defaults
	option syn_flood	1
	option input		ACCEPT
	option output		ACCEPT
	option forward		REJECT
# Uncomment this line to disable ipv6 rules
#	option disable_ipv6	1

config zone
	option name		lan
	list   network		'lan'
	option input		ACCEPT
	option output		ACCEPT
	option forward		ACCEPT

config zone
	option name		wan
	list   network		'wan'
	list   network		'wan6'
	option input		REJECT
	option output		ACCEPT
	option forward		REJECT
	option masq		1
	option mtu_fix		1

config forwarding
	option src		lan
	option dest		wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
	option name		Allow-DHCP-Renew
	option src		wan
	option proto		udp
	option dest_port	68
	option target		ACCEPT
	option family		ipv4

# Allow IPv4 ping
config rule
	option name		Allow-Ping
	option src		wan
	option proto		icmp
	option icmp_type	echo-request
	option family		ipv4
	option target		ACCEPT

config rule
	option name		Allow-IGMP
	option src		wan
	option proto		igmp
	option family		ipv4
	option target		ACCEPT

# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
	option name		Allow-DHCPv6
	option src		wan
	option proto		udp
	option src_ip		fc00::/6
	option dest_ip		fc00::/6
	option dest_port	546
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-MLD
	option src		wan
	option proto		icmp
	option src_ip		fe80::/10
	list icmp_type		'130/0'
	list icmp_type		'131/0'
	list icmp_type		'132/0'
	list icmp_type		'143/0'
	option family		ipv6
	option target		ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
	option name		Allow-ICMPv6-Input
	option src		wan
	option proto	icmp
	list icmp_type		echo-request
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	list icmp_type		router-solicitation
	list icmp_type		neighbour-solicitation
	list icmp_type		router-advertisement
	list icmp_type		neighbour-advertisement
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
	option name		Allow-ICMPv6-Forward
	option src		wan
	option dest		*
	option proto		icmp
	list icmp_type		echo-request
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-IPSec-ESP
	option src		wan
	option dest		lan
	option proto		esp
	option target		ACCEPT

config rule
	option name		Allow-ISAKMP
	option src		wan
	option dest		lan
	option dest_port	500
	option proto		udp
	option target		ACCEPT

# include a file with users custom iptables rules
config include
	option path /etc/firewall.user


### EXAMPLE CONFIG SECTIONS
### deleted

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'
Mikrotik connected to WAN
ip -4 addr ; ip -4 ro ; ip -4 ru

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
8: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
14: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.100.44/24 brd 192.168.100.255 scope global eth0.2
       valid_lft forever preferred_lft forever
default via 192.168.100.1 dev eth0.2  src 192.168.100.44 
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1 
192.168.100.0/24 dev eth0.2 scope link  src 192.168.100.44 
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default
ISP connected to WAN

isp-dhcp

ip -4 addr ; ip -4 ro ; ip -4 ru

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
8: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1 
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default

Any advise ? What to do?

which ISP, and what kind of connection ?

1 Like

make sure under the interface tab that the mac address for the WAN
is really what you are trying to set it to

1 Like

I copied the proper mac directly from the ISP authorization page. Obviously it is the same.

Local ISP in Ukraine, Ethernet connection.
Mikrotik is working just fine with it.

sometime the override won't work & it still shows the original mac address
as long as the correct one is reported back
next is to check if there is any vlan tagging required

1 Like

Even if it didn't change the original mac - I can ask ISP to work with the current one. But they report that the router is not reporting the mac at all.

what do you mean?

some ISP's here in Australia require the traffic to be tagged with VLAN ID: 2
have a look is the setting of you ISP's router

how you add thus to your router if needed depends on you router
let is if it is needed 1st

I don't have a router from ISP.
I have a mikrotik which is working just fine without any specific settings.

I just figured that IF i connect ISP wan to mikrotik LAN bridge port (not mikrotik WAN) - than I'm able to get a proper IP from ISP on my OpenWrt WAN port, which is connected to same bridge.
But without mikrotik it's failing.
I wonder what it can be.. I link thru mikrotik is working, but fail directly connected..

I didn't think it mattered with gigabit but almost sounds like you cable may be a crossover cable
did you try another cable

when you connect the HH5A directly to the ISP, what does dmesg in openwrt say ?

Incoming WAN have classical contacts order, not crossed. As well as my cable that I use to connect Mikrotik with OpenWrt device on both sides.
I think nowadays all routers can auto-detect pairs..

-- unplugging link to Mikrotik
[10034.605072] lantiq,xrx200-net 1e108000.eth eth0: port 5 lost link
[10034.612423] br-lan: port 1(eth0.1) entered disabled state

-- plugging WAN cable.
[10050.988789] lantiq,xrx200-net 1e108000.eth eth0: port 5 got link
[10050.994233] br-lan: port 1(eth0.1) entered blocking state
[10050.998843] br-lan: port 1(eth0.1) entered forwarding state
[10076.189174] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.

-- internet connection lost so I moving back on Mikrotik
[10153.386887] lantiq,xrx200-net 1e108000.eth eth0: port 5 lost link
[10153.394035] br-lan: port 1(eth0.1) entered disabled state
[10166.698302] lantiq,xrx200-net 1e108000.eth eth0: port 5 got link
[10166.705067] br-lan: port 1(eth0.1) entered blocking state
[10166.709132] br-lan: port 1(eth0.1) entered forwarding state

It looks like you have the wan port in br-lan (eth0.1) instead of wan (eth0.2). What is the switch config in /etc/config/network? The actual switch can be read with swconfig dev switch0 show. Also according to the device page the hh5a has some strange switch features.

Is your ISP a cable modem which gives the first router connected to it a public IP?

1 Like

Donno,m switch has defaults settings

/etc/config/network settings is in my 1st message

swconfig dev switch0 show

Global attributes:
enable_vlan: 1
Port 0:
uvr: 0
vsr: 0
vinr: 0
tvm: 0
pvid: 1
link: port:0 link:down
Port 1:
uvr: 0
vsr: 0
vinr: 0
tvm: 0
pvid: 1
link: port:1 link:down
Port 2:
uvr: 0
vsr: 0
vinr: 0
tvm: 0
pvid: 1
link: port:2 link:down
Port 3:
uvr: 0
vsr: 0
vinr: 0
tvm: 0
pvid: 1
link: port:3 link:down
Port 4:
uvr: 0
vsr: 0
vinr: 0
tvm: 0
pvid: 1
link: port:4 link:down
Port 5:
uvr: 0
vsr: 0
vinr: 0
tvm: 0
pvid: 2
link: port:5 link:up speed:1000baseT full-duplex auto
Port 6:
uvr: 0
vsr: 0
vinr: 0
tvm: 0
pvid: 1
link: port:6 link:up speed:1000baseT full-duplex auto
VLAN 1:
vid: 1
enable: 1
ports: 0 1 2 4 6t
VLAN 2:
vid: 2
enable: 1
ports: 5 6t

My ISP offers me ethernet connection. No cable modem etc. I using another router for testing, and it works just fine.
I feel there is some bug in core ethernet behavior. But not sure how to troubleshoot it.

as this device can have a working DSL interface
the WAN interface could be default connected to that
I think mk24 is on the right track
you need to make sure the WAN port is configured to be separate to the LAN ports
and in a wan port configuration (switch setup)
as the WAN interface could be by default attached to the DSL interface
you will need someone experience with this specific device
as it's not your typical openwrt device

It's really odd that you don't even have an eth0.2 interface when connected directly to the wall, but you do when connected to another router with the same configuration.

Do you have an unmanaged switch that you could connect between the wall Ethernet and the HH5A? Nothing else should be connected to the switch.

Since you're not using the internal DSL modem, you can remove all DSL-related configs to reduce clutter.

As I mentioned, I don't have problems with DHCP from my router.
Please, can you check the configs I provide. I think they describing my setup.
I am sure that this is not about switch. I also tried everything before posting here.
Again, please, take a look at the variants:
a) Incoming rj45 (ISP) -> my mikrotik as switch -> openwrt. OpenWrt device receiving dhcp from ISP
b) Incoming rj45 (ISP) -> openwrt. Device not receiving anything. RX 0 - no data coming from the ISP port.
c) Incoming rj45 (ISP) -> my mikrotik got dhcp from ISP and behave as dhcp server for inner lan -> openwrt. OpenWrt device got dhcp from mikrotik.

So in case a, c - everything is working with the exactly same settings.
Only when I want to take of mikrotik - direct connection for some reason can't be established.

it seems the the devices Nway or auto config is not working
maybe you require a gigabit loop back cable
as MK24 has stated would be good to double check
by using a dumb switch as it seems you routers NWay is not working
you would be using the dump switches NWay
there may even be a speed problem as in 100M to 1000M

Auto-crossover is a required feature of the gigabit Ethernet standard. Crossover cables are never necessary for gigabit. (Gigabit sends data in both directions on each twisted pair, 250 Mb on each pair then recombined to a total of 1 GB, full duplex. The concept of which is transmitting and which is receiving doesn't apply.)

One thing I have seen is when all 4 pairs in the cable are not connected(*), and the ports are gigabit on both ends, results will vary. Some equipment will fall back gracefully and operate at 100 Mb, while others will not connect at all or will "flap". Since the HH doesn't have link lights this can be hard to diagnose.

(*) either unintentionally, because the building wiring is faulty, or intentionally, because 10/100 service only requires two pairs, and some installations are set up that way then inadvertently upgraded to gigabit.

2 Likes