Posted: Fri Aug 19, 2022 10:48 Post subject: setting up wireless access point (WAP) on WRT1900ACSv2
I am having trouble finding information about how to set up a wireless access point on my Linksys WRT1900ACSv2. Here's what I'm trying to do:
I have a Netgear r7000 running DD-WRT v3.0-r49567 std (07/27/22) which connects to my ISP. I've run an ethernet cable to another part of my house where the wifi signal is weak. I'd like to connect this cable to the WAN port on my WRT1900ACSv2 so that the WAN port acts as just another LAN port. The WRT1900ACSv2 would broadcast the same SSID as the r7000.
Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Posted: Fri Aug 19, 2022 10:56 Post subject:
For one if you do not need the WAN port do not use it, for some routers the WAN is alwasy routed via the CPU and is slower and or you can have problems with VLANS's
I use port 4 as connecting port
Setting up a WAP is fairly simple, this is the way I do it:
A Wireless Access Point is a secondary router connected wired LAN<>LAN on the same subnet as the primary router:
• WAN disabled
• DHCP server Disabled (=off and NOT set as Forwarder!)
• Local IP address in subnet of primary router but outside DHCP scope, make sure the used IP address is unique on your network you cannot have duplicates.
You can run udhcpc to give the WAP a static lease but because you can it doesn't mean you should
• Gateway and Local DNS pointing to primary router
• DNSMasq enabled
• Router kept in the default Gateway mode (the wiki says Router mode but do not do that, either it does not matter (this case) or break things)
• Connect LAN <> LAN (do not use the WAN port unless you really need that extra port, for most routers traffic still must use the CPU so performance is lacklustre )
• I do not change the Firewall settings although you do not want a firewall, the Firewall is automatically disabled as there is no WAN, but it does not hurt to follow the wiki and Disable the Firewall anyway.
If setup you have to add the following rule to the firewall in order to get internet access from unbridged interfaces e.g. an ubridged VAP or Bridge.
In the web-interface of the router (the WAP): Administration/Commands save Firewall:
#Always necessary (alternatively set static route on main router and NAT traffic from VAP/Bridge out via WAN):
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)
#Replace with the appropriate interface of your VAP, e.g. wl0.1, wlan0.1 etc:
GUEST_IF="wlan1.1"
#Net Isolation does not work on a WAP so keep it disabled, add for isolating VAP/Bridge from main network:
iptables -I FORWARD -i $GUEST_IF -d $(nvram get lan_ipaddr)/$(nvram get lan_netmask) -m state --state NEW -j REJECT