Repeater Bridge

From DD-WRT Wiki

Revision as of 10:18, 25 July 2009 by RFShop (Talk | contribs)
Jump to: navigation, search

You are here: DD-WRT wiki mainpage / Linking Routers / Repeater Bridge

A wireless bridge connects two LAN segments with a wireless link. The two segments are in the same subnet and look like two ethernet switches connected by a cable to all computers on the subnet. Since the computers are on the same subnet, broadcasts reach all machines. DHCP clients in one segment can get their addresses from a DHCP server in the other segment.

Use a wireless bridge to transparently connect computers in one room to computers in a different room when you cannot—or don't want to—run an ethernet cable between the two rooms.

A standard wireless bridge (client bridge) connects wired clients to a secondary router as if they were connected to your main router with a cable. Secondary clients share the bandwidth of a wireless connection back to your main router. Of course, you can still connect clients to your main router using either a cable connection or a wireless connection.



The limitation with standard bridging is that it only allows wired clients to connect to your secondary router. Wireless clients cannot connect to your secondary router configured as a standard bridge.

New in DD-WRT v24 is Repeater Bridge mode. This extends your primary LAN via secondary router (bridge router) and also allows wireless clients to connect to your secondary router. This extends the range of your wireless network while simultaneously allowing wired clients to connect to your secondary router.

Reference Image
Reference Image


In the case in which we are interested, a secondary router running DD-WRT v24 is configured as a Repeater Bridge between a Primary wireless router (of any make/brand/FW) allowing the above configuration.

Assumptions:

Primary router is configured in a 192.168.1.X subnet and leases DHCP address in the same pool. Secondary router is running DD-WRT v24

No security setup will be covered in this Wiki. It will be up to the user to setup security between the Primary and Secondary routers

Note , it is advisable to set the router first in client bridge mode and get it working correctly , once client bridge works , then proceed to setting up repeater bridge

Contents

Broadcom

Instructions

A very simple step-by-step description to connect a Router running selected DD-WRTV24 firmware in Repeater Bridge Mode.

We are currently experiencing Client Bridge and Repeater Bridge problems when the host is a non-Linux based router. If you are experiencing problem or would like to report a non-linux router as a problem please post in this thread. We are trying to keep this list up to date. Client Bridge is said to be working with the old V23 SP2 build...but not the newest V24 builds. Repeater Bridge is said to be working with old V24 RC7+ build...but varying reports with the newest V24 final or SP1 builds. Pre-SP2 builds seem to be working best. The ganging of RB units (pass-thru of DHCP) is also working again after 10431 build.


Confirmed working/non-working V24 firmwares:

  • RC5 - works
  • RC6.2 - does not work - Confirmed - redhawk
  • RC7+ - works
  • Final, VINT-final - works
  • SP1 - works - please note above statement for reporting DHCP issues.
  • TNG - Pre-SP2 - works - except 11288 build (pulled)...fixed in 11296.

To enable bridge mode between two routers, the primary router must be in AP mode (default) with DHCP Server enabled. The secondary router running DD-WRT v24 will be configured as the Repeater Bridge.

  1. Restore Factory Defaults on Secondary (DD-WRT) Router
  2. Connect to the secondary router via wired or wireless client keeping in mind the dd-wrt default settings for dhcp pool and ssid
  3. Open the Wireless -> Basic Settings tab
    • Wireless Physical Interface Section
      • Wireless Mode : Repeater Bridge
      • Wireless Network Mode : Match Primary Router
      • Wireless Network Name(SSID) : Match Primary Router
      • Wireless Channel : Match Primary Router
      • Wireless SSID Broadcast : Enable
      • Network Configuration : Bridged
      • Save
    • Virtual Interfaces Section
      • Add
      • Wireless Network Name(SSID) : Different from Primary Router
        • [NOTE] - being a bridged setup and all DHCP is being done by the host AP - it is possible to use the same SSID as the Host AP for this Virtual SSID name. This will allow roaming hand-offs between the 2 units. redhawk Confirmed --ChuckMcB 00:34, 31 March 2008 (CEST)
        • [NOTE2] - Many have had random disconnects and/or no connection if the SSID's are the same. If one way doesn't work for you...try the other
      • Wireless SSID Broadcast : Enable
      • AP Isolation : Disable
      • Network Configuration : Bridged
      • Save
  4. Open the Setup -> Basic Setup tab
    • Connection Type will be: Disabled
    • Set STP for Disabled (Enabled sometimes can cause connection problems) redhawk
    • IP Address : 192.168.1.2 (Assuming Primary Router IP is 192.168.1.1)
    • Mask : 255.255.255.0
    • Gateway: 192.168.1.1 (again assuming Primary Router IP is 192.168.1.1)
    • Assign WAN Port to Switch : Checked or Unchecked - your choice
    • Save
  5. Open the Security -> Firewall tab
    • Uncheck all boxes...except Filter Multicast
    • Disable SPI firewall
    • Save
  6. Open the Administration tab
    • APPLY Settings (In V24 after 07/04/07...use Save for previous versions)


You should now be able to connect wired clients and wireless clients to the newly configured Secondary router. They will receive IP Addresses from the Primary Router and will be able to use the Internet connection supplied by the Primary Router.

Also take note of the fact that all repeaters, including this Repeater Bridge mode, will sacrifice half of the bandwidth available from the primary router for clients wirelessly connected to the repeater. This is a result of the repeater taking turns talking to not just one partner, but to two, and having to relay the traffic between them. As long as your internet bandwidth requirements are within this halved bandwidth amount there will be little or no reduction in "speed".

Troubleshooting

Note: i have noticed that in almost every case that going from factory default ap mode to repeater bridge mode will fail without first setting up the router for client bridge mode first , so i suggest you setup client bridge or wireless bridge first , then continue on to change the router to repeater bridge

http://www.dd-wrt.com/wiki/index.php/Wireless_Bridge

Edit-PigSnack: The above instructions don't mention that you must actually connect the bridge to an AP. Status>Wireless>Site Survey and then "join" to the AP for the primary router. The client bridge mode instructions include this step and I think this may be part the problem. Every time the bridge is reboot or power cycled it requires joining to the AP primary router.

Wireless Clients cannot connect to Repeater

  • Problem: LAN clients can connect to the repeater, but wireless clients can't connect at all.
  • Solution: Repeater-bridge is broken in early versions of RC6, try downloads/others/eko/RC6-8733 or higher
  • * For the case of connecting a LinkSys WRT54G V8 repeater to a Vonage/Motorola VT2542 host, the WRT54G repeater would not connect with WEP or WPA2 security enabled. The solution was to set VT2542 to use WPA (1), and do the same with WRT54G using AES. Despite power cycling both units, it still would not connect unless I manually told the repeater to join the Host (VT2542) network, via: Status -> Wireless -> Site Survey -> Join [host network]. Over time, it would occasionally lose its connection, and I would have to repeat this step.

NAT

  • Problem: On v24RC4, packets go through NAT in the direction to the gateway.
  • Solution: To disable this, go under the Advanced Routing tab in set-up and change the mode to "router" instead of "gateway". Also have routing disabled under the Admin tab. (TODO: Confirm).


I tried this with DD-WRT on two WRT54GS, but not much luck. When the two were both connected to the network , the repeater-bridge WRT kept dropping off the wired network

Wireless Clients have no Internet

  • Problem: Wireless clients can connect to the AP, however they can't connect to the internet.
  • Solution 1 : Followed the instructions listed above and had to do the following: My host wireless router had the SPI firewall enabled (running dd-wrt 23SP2) and my wireless AP (running dd-wrt 24RC3) had the SPI firewall enabled. Per the instructions above I disabled the AP router SPI firewall but also had to disable the host routers SPI firewall. Once I did this the clients attaching to the AP could get to the internet (external access). Additional note: In my case my the host wireless router is directly cabled to the ISP hardware router which does have the firewall enabled.
  • Solution 2 : The instructions on this page worked great for me, i just set up 3 Asus 520GU as wireless repeaters connecting to a standard netgear wireless AP. Once i setup dd-wrt as wireless repeaters on the asus routers i was able to access the internet via the LAN, not wirelessly. my computer would connect but with limited or no connectivity giving me some really strange IP address. to solve this issue of no internet via the wireless connection i did the following (windows xp pro)
  1. network connections
  2. right click wireless adapter, click properties
  3. scroll down to tcp/ip, highlight, then click properties
  4. manually add all ip/subnet/gateway/dns information

example 

ip: 192.168.1.6
subnet: 255.255.255.0
gateway: 192.168.1.1    (this is the netgears ip address. its the DHCP server)
DNS: 192.168.0.1     (this is the main router's address directly connected to the ISP.

good luck, i hope this helps!

Wireless Clients DO have wireless access

What the ENTIRE article fails to mention is that one only needs to connect another router to one of the end points. Just plug a crossover cable to the WAN ports.

Client Bridge works, Repeater Bridge doesn't / Only one network can be encrypted

Edit: Seems to apply to all dd-wrt versions I've tried, starting at RC7+ up to and including v24-sp1

  • Problem Clients on LAN can connect while Client Bridge is selected, but fail when the setup for Repeater Bridge is complete
  • (Observation Test client on LAN can connect to internet as long as there is no Wireless Security on the virtual wireless interface, but fail as soon as the security is configured.)
  • Solution 1: Use encryption (in my case: WPA2) only on one of the interfaces (in my case: hardware), and noencryption at all on the other.
  • Solution 2: Use the same encryption (eg.: WPA2, same password, same ESSID) on both interfaces. - Worked fine on my WRTG54GL v1.1 and v24-sp1 (no encryption and wep is no real option ...)
  • Side note: The actual problems might be:
    • a software bug in dd-wrt. Could it be that the software actually only supports one key/one encryption type at a time? ie: I have seen the password of the hardware interface change to a random string of garbage as soon as I set up the wireless encryption on the virtual interface.
    • the "Speedport W500V" internet router used on the other side, which has a few nasty bugs of its own. (edit: No, problem exists also with other internet routers)

edit by knk: Another solution to this that seems to work well in my combination of a WL520GU and a WL500GP is to use only WEP encryption on the repeater. I'm running tomato firmware on the WL500GP and dd-wrt v24sp1 on the wl520GU. This is convenient when you set up different QoS rules for those on the repeater and thus need certain users to not have access to it.

edit by maxpowered: A connection between WAG200G (Linksys Firmware 1.01.05) as a gateway router and WRT54GL (DD-WRT v24 SP1) as a repeater bridge works with "WPA2 shared" enabled on the WAG and "WPA TKIP" on the WRT. I use the same keys for both WLAN interfaces of the WRT. WPA2 doesn't work at all for this configuration. It lasted several hours to figure this out :(

Cannot establish a connection when authenticating against Windows 2003 IAS Radius Server

  • Problem: When you associate with the accesspoint the connection established fine, but when you associate with the repeater bridge the authentication fails.
  • Solution: Roaming cannot be used in this setup. You have to set the SSID of the virtual interface of the accesspoint different from the SSID of the virtual interface of the repeater bridge.

Atheros

Setup

Set you wlan to client_bridge and connect to the to be repeated AP
Add virtual interface and set it as AP

SSIDs

Under "Wireless -> Basic Settings", you must use the primary router's SSID for the physical interface and a new SSID for the virtual interface. Some people argue the physical interface can also be the same in order to support roaming (see Repeating Mode Comparisons)

Security

Keep in mind any security settings will need to be configured including MAC filtering in order for the Secondary Router to connect to the Primary Router and also for clients connecting to the Secondary Router to gain full access to the connectivity of the Primary Router. There are some factors to consider when setting up Security for Client Bridge mode that may or may not be factors when setting up Repeater Bridge mode. I simply have not experimented with this.

[NOTE {Montrealmike}]Also when your adding WEP,WPA,WPA2 etc... between the AP and the repeater bridge you have to start with the AP first; then the repeater bridge.When you enable security on the repeater click save not apply, then click on the administration tab scroll down to the bottom and click apply settings. You will then have to power cycle the repeater twice ( unplug and plug back in twice ) in order for the repeater bridge and AP to synchronize. This has worked for four repeater bridges for me.

Edit - Altair - In my experience the above advice of power cycling the router has been confirmed. I spent 20 minutes trying different things to no avail before I finally gave in and tried power cycling it twice (I honestly didn't believe it would do anything). After the power cycle it has been working flawlessly.

Edit - pmiller - I can also confirm the power cycling to sync the repeater to the AP. You can confirm that the repeater has syncronized with the AP by going to the Status>Wireless tab on the AP and viewing the MAC address of the repeater with some % signal quality value. Before doing 2 power cycles on the repeater, the MAC address would display on the AP's Status>Wireless tab, but with 0% signal quality. After the power cycles the % quality displayed around 30%. I played around with other security settings later on the AP and found the 2 power cycles to be unnecessary after the 2 had originally sync'ed- no idea why this would work, but it did. I had some difficulty at first because I had security enabled on the AP as WPA2-Personal Mixed, which is basically WPA2-AES or WPA-TKIP simultaneously. The repeater is unable to connect with the AP in this mixed mode; rather you must choose between WPA2-AES or WPA-TKIP . I have now switched both my wireless security settings to WPA-TKIP (physical and virtual) just for simplicity, though in theory the virtual need not match the physical. Your security is as good as the weakest link. For those having trouble, I would turn off all security and turn on SSID broadcast first, then once you get a good sync turn on security on the AP first, then the repeater.

Edit - aselvan - I have this setup on identical hardware (i.e. Linksys wrt310n) for AP and repeater running identical DDWRT (v24 standard generic). However, I can't get the WPA2 working between the repeater unit and AP no matter what combination I tried-- the repeater and AP can't connect, however, WEP and WAP works. Anyone have any idea?

Edit - crandler - WPA2 personal mixed with Linksys WAG160N as DSL uplink with original firmware and WRT160N with dd-wrt v24 std in repeater bridge mode does not function. Had do switch both devices to WPA2 personal.

Edit - ytal - Using encryption for the bridged connection only works if I either use the same encryption data (incl. ESSID) on the other (virtual) interface or do not use any encryption on the virtual interface at all. If set differently, the wireless link to the base station fails. Base station is a Speedport W500V / Targa WR 500 VoIP (http://forum.openwrt.org/viewtopic.php?id=5774) with the original Telekom firmware.

Edit - Andy - Running v24-sp1, I am also unable to have different WPA2-Personal (AES) key's between the physical and virtual interface. The security and keys must match. Upon saving and cycling the power, the status page on the AP shows signal to the repeaters, but no ping responses or network traffic exists. Also, the Repeater Bridge function fails if I turn broadcast off on the AP.

Edit -PeterMartin, RFShop - Avoid using the passphrase generator with WEP. You can’t overtype the key codes later. (Or rather you can and they do work but the old ones are the ones that remain visible. Very Difficult to erase.) Instead type in the key codes directly. Or better still copy and paste from a text file, which you need to keep for reference, as they are not visible once typed in. Agree that encryption has to be the same for both secondary and primary network. Same keys too. Same bugs seem to be present on Universal Repeater Mode.

Accessing Both Routers?

With this setup, I have full access to both routers — which runs contrary to a lot of the notes concerning Client Bridge mode. One router is http://192.168.1.1, and the other is http://192.168.1.2. I can access both from either side of the bridge. There is no need to change any settings or IP addresses or the like with this setup in order to do so!

Unfortunately I had no luck accessing both my WRT54GS routers. One was 192.168.1.1 - gateway the other was 192.168.1.2 - the repeater. As soon as I added the 192.168,1.2 to my network the DD-WRT web mgt interface kept giving me intermitttent page not found errors. These errors did not occur when I added one OR the other to the network. Both were on 255.255.255.0

Edit - Ottoxgam - When setting up the 2nd router in Repeater Bridge mode, on the Setup tab under the Network Setup in the Router IP section, The Gateway and Local DNS boxes should be left at 0.0.0.0. This provides access to both routers via the web interface. The problem seems to be when something is entered in the Local Dns box.

MAC Filtering

For those of you who have enabled MAC filtering on your Primary router, you need to add the WLAN MAC address of your Secondary router to the permitted MAC filter list of the Primary router. This is different than the MAC address printed on the bottom of the case, you can find it by going to Status->Wireless and the top line will list the internal MAC address. Of course, you will want to add the MAC filter list to the Secondary router. This should be setup prior configuring your WPA, WPA2, etc. settings otherwise you will spend some time pondering why the bridge isn't working.

[EDIT - Redhawk] - The wording here was a little confusing. Once I used the Wireless MAC address then all worked correctly....the MAC filter address on the Primary router needs to be the "Wireless MAC" address listed on the Router Status page and not the LAN MAC address . (Use Router MAC +2) - Yes...I know it says WLAN but for an noob doing this procedure it could be confused.


Special thanks to Griminal for providing a basic graphic which I modified for this Wiki Entry.

See Also

Retrieved from "http://forum.dd-wrt.com/wiki/index.php/Repeater_Bridge"