The issue is that in either 'Bridge' or 'Passthrouigh' modes we have to connect RUT LAN port to the 'WAN IN' on the main router, (I use LAN1), so far so good, main router has WAN IP from ISP.
Now we wish to manage the RUT950. The main router DHCP hands out local address's to all devices on the same subnet as the RUT850 and main router, but RUT950 is not accessible. Try this in your lab, the WEB UI is not accessible from the main router. If I connected my PC direct to RUT950 LAN2 port I would be able to connect to WEB UI, but then that PC would not have internet.
In real situations when using Bridge or Pasthrough we connect our devices to the downstream router and RUT950 is just 'modem', but we still want to manage it.
Now add patch lead from RUT950 LAN2 port to switch on our subnet, we can now ping the RUT950 and manage it with the WEB UI, but there are problems and subnet soon locks up, I think there are conflicts. DHCP is only enabled on the main router but something isn't right and no devices can connect, is this flooding or looping? I don't know but the subnet quickly becomes locked.
I have found a solution using VLAN. I created a new LAN and isolated the LAN1 port. See screenshot. I can now manage the the RUT950 through WEB UI on the newly created 'lan2', and no confilcts.
LAN1 port still is the WAN out for main router and LAN2 port goes to a switch on downstream subnet and any PC can browse to the WEB UI, 'lan' and 'lan2' are isolated and so there are no conflicts I can also manage WEB UI via WiFi.
This is a permanent solution for me. RUT950 works as modem, downstream main router has WAN IP from ISP and I can now also manage the RUT950 from the downstream subnet without conflicts.