[Solved] Dual WAN mode - sfp1 and eth1

Hi,

I bought rb3011, awesome router a bit tricky to configure compared to usual home routers but finally I configured most of the services I wanted - firewall, static dns, port forwarding, ddns.

I have fiber optics in my home, and also some cable connection that is basically included in the rent, which I would like to use as a backup connection (manually switched on, not an automatic failover).

First I need to understand the naming convention - rb3011 has 10 ethernet interfaces + sfp:
ether1-gateway
ether2-master-local
ether6-master-local
3-5 are slaves of 2
7-10 are slaves of 6
So I ether2 and ether6 are groups to identify two switches. I don’t understand the meaning of ether1-gateway. If sfp1 is used, this should simply be in the first switch group (e.g. slave of eth2).

I have also one bridge which consists of following ports: ether1-gateway, ether2-master-local, ether6-master-local (question: sfp1 is listed gray in the bridge list, why?)

Initially I configured my router on a quick setup page, where I’ve chosen sfp1 as my wan link, masquerade, dhcp client and other settings were automatically configured then.

In order to use backup connection, I connected cable modem to eth1, added IP->DHCP Client to that interface, set Default Route Distance to 5, so that sfp1 has priority is used by default. Then my IP->Routes were updated.

So far so good.

but I cannot make it working:

First attempt:
I opened bridge configuration and disabled eth1 (so eth2-master and eth6-master were left, sfp1 and eth1 were disabled)… and it completely broke connectivity (DHCP server stopped assigning IPs, fixed that by connecting cable to eth1 and setting ip manually). Why did it happen? DHCP server is configured on a bridge interface so it should work for eth2 - eth10.. is eth1 some kind of special interface?

Second attempt:
Changed Default routing distance so that eth1 routing distance < sfp1 routing distance - I lost internet connectivity. My guess it happened because of lack of masquerade rules for eth1 (they exist for sfp1 only) - but I cannot add them for eth1, error message says that eth1 is in a slave mode (but it doesn’t have master port set in Interfaces menu).

So at this point I am stuck.

Intended behaviour is following: eth1 routing distance is less than sfp1 routing distance, and the cable modem is switched off for all the time. When internet connectivity is lost (which happens very rarely) the only thing needed to be done is to is switch on the cable modem, and when DHCP client is assigned an IP it will automatically update routes with shorter distance entry.

You probably have made a tiny mistake that you have not mentioned above, as this approach is basically the
correct one. Take ether1 out of the bridge, put DHCP client on it, configure a somewhat higher distance value
for the default route in this DHCP client (e.g. 10), add another masquerade rule in the NAT table for the new
public interface, add a filter rule in the Filter table to keep out traffic from internet in the input and forward chain,
and you should be good to go.

OK, I will try again this evening.
Should removing eth1 from bridge be safe operation to do? Maybe I have made some more steps, but I cannot really recall this now. So I will start with simply removing eth1 from the bridge - that should not break anything right?

So I verified the behaviour and removing the eth1 from bridge breaks the connectivity. But it happens because router is automatically reconfiguring some other settings (on Quick Set page it is changing port from sfp1 to eth1, making dhcp pool inactive etc).

I think it is because the initial settings were done automatically. How can I stop the router from modifying quick set data?

The problem was with IP->Addresses - 10.1.1.1 address that was previously assigned to a bridge, was not changed to be assigned to eth1 and bridge interface didn’t have any address.