Wireless Bridge
From DD-WRT Wiki
| Revision as of 17:14, 24 July 2007 (edit) 167.83.10.20 (Talk) (→Setup) ← Previous diff |
Revision as of 22:55, 9 August 2007 (edit) (undo) Eblot (Talk | contribs) (→WPA-Personal) Next diff → |
||
| Line 132: | Line 132: | ||
| <br>6. Undo the TCP/IP setup to connect to the router (assuming you set the IP manually, you need to undo this) | <br>6. Undo the TCP/IP setup to connect to the router (assuming you set the IP manually, you need to undo this) | ||
| <br>7. Plug in the Ethernet connection and let it refresh! It should work! | <br>7. Plug in the Ethernet connection and let it refresh! It should work! | ||
| + | |||
| + | ==== WPA & WPA2 ==== | ||
| + | |||
| + | Do not choose mixed mode (WPA+WPA2) on the Client-Bridge: the AP and the bridge would not be able to auto-negociate an encryption scheme, the bridge would not be able to connect to the AP. | ||
| + | |||
| + | Pick up one scheme (WPA '''or''' WPA2) on the bridge side: both schemes work nice - as long as the AP is configured for -, but you cannot let the bridge to make the decision. | ||
| == MAC Filter == | == MAC Filter == | ||
Revision as of 22:55, 9 August 2007
Wireless Bridging is used to connect two LAN segments via a wireless link. The two segments will be in the same subnet and look like two Ethernet switches connected by a cable to all computers on the subnet. Since the computers are on the same subnet, broadcasts will reach all machines, allowing DHCP clients in one segment to get their addresses from a DHCP server in a different segment. You could use a Wireless Bridge to transparently connect computer(s) in one room to computer(s) in a different room when you could not, or did not want to run an Ethernet cable between the rooms. Contrast this with Client Mode Wireless, where the local wireless device running DD-WRT connects to the remote router as a client, creating two separate subnets. Since the computers within the different subnets cannot see each other directly, this requires the enabling of NAT between the wireless and the wired ports, and setting up port forwarding for the computers behind the local wireless device. Segments connected via Client Mode Wireless cannot share a DHCP server.
In the case in which we are interested, a wireless device running DD-WRT such as a WRT54G is configured as a Wireless Bridge between a remote wireless router (of any make/brand) and the Ethernet ports on the WRT54G.
Contents |
Instructions
(Editorial Note: These instructions are incomplete and misleading. Please see A Practical Example further down this page for a better working, better documented procedure.)
A very simple step-by-step description to connect a WRT54G running DD-WRTV23:
To enable Brige-Mode between two WRT54G, one WRT54G has to be in AP-Mode in Wireless/Basic Setup. The other one is joining the first WRT54G as "Client-Bridged"
- Add WAN MAC-Address of WRT54G to your MAC filter list on your base station. (This ASSUMES you ARE using Wireless MAC Address Filtering on your base station! If you are NOT using, skip this step!)
- Connect to your non-base-station WRT54G (normally 192.168.1.1) by wire which should act as client bridge.
- Enable Wireless Security (in Wireless/Wireless Security) as used, e.g. WEP and configure it as used in your local network.
- In Wireless/Basic Settings choose "Client-Bridged" as Wireless Mode and set SSID, Wireless channel and Network Mode can be set to same values as your Base Station, normally Auto / Mixed.
That's all. On next wired connect to your WRT54G you should get an IP address from your network.
If you want to configure your new WRT54G bridge again, set a static IP address of 192.168.1.x network to your client and you can reach the WRT54G as 192.168.1.1 by wire.
Important: If you want to use WPA encryption on your client bridge, make sure your key is no longer than 63 characters, even if you are using a HEX key. Not all IEEE 802.11 devices support long keys; older ones, in particular, are limited to short keys. In order for all devices in your network to communicate, they must not use a key longer than the least capable device in the network supports.
Example
I personally found all of these instructions confusing, so I've compiled an exact list of what I did to get the "Client Bridge" working with the "V23 SP1" version of the firmware.
My motivation: I wanted to get my XBox online (and on-LAN) from another room, without running Ethernet to it. WDS was out of the question unfortunately because one of my routers was a late-model WRT54G and as such wasn't (at the time) easily modified. I had an extra WRT54G lying around that could run DD-WRT. Alternatively I could have bought a proper Linksys or Microsoft solution to connect the XBox to the existing WiFi, but what's the fun in that?
My network is as such:
- Primary Router (Internet Connection): WRT54G V5 — stock Linksys firmware — 192.168.1.1
- Secondary Router (For the Bridge): WRT54G V3 — DD-WRT V23 SP1 Firmware — 192.168.1.1 — which I changed to 192.168.1.2 in my setup
(I'm guessing that the Primary Router could be any make and model of wireless router as we're not doing anything to it!)
Slambert71 adds: I set this up today using a Linksys WRT54G V.3 with DD-WRT V23 SP2 firmware as the secondary, and a D-Link DI-624 with factory firmware as the primary and it works great.
My Primary Router has 128bit WEP Encryption enabled. It does NOT have Wireless MAC Address Filtering enabled. We will assume you want your Secondary Router to become 192.168.1.2.
I have my Secondary Router in another room, connected only to my laptop via an Ethernet cable to Port 1. The laptop has an IP from the Secondary Router's DHCP to begin with. Neither the laptop nor the Secondary Router are connected to anything but each other. I will be doing all of my setup from this laptop. If you have problems with DHCP or losing your IP address in the midst of these instructions, you may need to statically assign an IP to your Ethernet card. (I was running Knoppix Linux on the laptop and I didn't have to do that, but YMMV!)
Setup
- Log into the Secondary Router. (We will only be altering the Secondary Router!)
- Administration Tab — Factory Defaults Subtab
- Restore Factory Defaults: Yes
- Click "Save Settings" — triggers reboot.
- Router's IP will now be 192.168.1.1 if it wasn't already.
This was a very important step. I have run this process 3 times now as a trial, and the instructions are written assuming you have a "clean" router.
- Setup Tab — Basic Setup Subtab
- Connection Type: Disable
- STP: Disable
- Local IP: 192.168.1.2 (it was initially 192.168.1.1)
- Assign WAN Port To Switch: Checked
- DHCP Server: Disable
- Click "Save Settings" — triggers reboot.
I had an error along the lines of "Can't connect to 192.168.1.1" — This is because it's now 192.168.1.2 — close and restart the browser to avoid authentification problems and connect to the new IP address and retype your username and password.
(Aside from changing the local IP address, the above steps are unnecessary because putting the router in client-bridged mode takes care of these settings automatically)
- Security Tab — Firewall Subtab
- SPI Firewall: Disable
- Click "Save Settings"
- Wireless Tab — Basic Settings Subtab
- Wireless Mode: Client Bridge
- Wireless Network Mode: Match your primary router.
- Wireless Network Name (SSID): Match your primary router. (case matters!)
- Wireless Channel is not relevant in Client Bridge mode.
- Wireless SSID Broadcast is not relevant in Client Bridge mode.
- Click "Save Settings". The router will now be in Client Bridge mode.
- Wireless Tab — Wireless Security Subtab
- Security Mode: Match your primary router, I used WEP (I have not tried anything but 128bit WEP!) WPA-PSK works as well -guyonphone; WPA-PSK even works if original router is WPA2 mixed -mcoope3; v2.3_sp2 in client bridge mode currently doesn't support WPA2-PSK, but only WPA2-PSK mixed mode, so the AP has to be set to mixed and not WPA2-only mode (it can be either AES or TKIP).-zevnik
To put it simple, WPA2 doesn't work in Bridge Mode currently (dd-wrt v23 sp2)-teekay - Encryption: Match your primary router.
- Key 1: Match your primary router.
- Click "Save Settings"
- Security Mode: Match your primary router, I used WEP (I have not tried anything but 128bit WEP!) WPA-PSK works as well -guyonphone; WPA-PSK even works if original router is WPA2 mixed -mcoope3; v2.3_sp2 in client bridge mode currently doesn't support WPA2-PSK, but only WPA2-PSK mixed mode, so the AP has to be set to mixed and not WPA2-only mode (it can be either AES or TKIP).-zevnik
- Wireless Tab — Advanced Settings Subtab
- Authentication Type: Shared Key
- Click "Save Settings"
This seems like a VERY important step — it DID NOT work until I did this! (worked for me on auto, when using WEP -cheesetoast)
- Status Tab — Wireless Subtab
- Click Site Survey and join the appropriate wireless network. Access Point table should show the MAC address of your Primary Router, along with signal strength. (SSID Broadcast MUST be enabled on your primary router) At this point it was working 100% for me.
If that worked, then:
- Click Site Survey and join the appropriate wireless network. Access Point table should show the MAC address of your Primary Router, along with signal strength. (SSID Broadcast MUST be enabled on your primary router) At this point it was working 100% for me.
- Administration Tab — Backup Subtab
- Click "Backup"
(SAVE this config before doing anything else to your router, just in case!)
- Click "Backup"
I've done this procedure three times to test it, and I've reset the router to Factory Defaults every time. It may not be the optimal way of accomplishing the task, but it did work for me and I was able to repeat it with the same results each time!
lrp note: I did setup the wireless security mode to "disabled" in the "Wireless Tab — Wireless Security Subtab", I had NOTHING to change in the "Wireless Tab — Advanced Settings Subtab" for this setup to work (DD-WRT v23 SP2 (09/15/06) std). lrp
I seconded these settings. Tried it on 2 WRT54G with v23SP2 and they work.
Accessing Both Routers?
With this setup, I have full access to both routers — which runs contrary to a lot of the notes concerning Client Bridge mode. One router is http://192.168.1.1, and the other is http://192.168.1.2. I can access both from either side of the bridge. There is no need to change any settings or IP addresses or the like with this setup in order to do so! Note: if you want to be able to access the Client Bridge router externally, you need to set its gateway address to point to the address of the router that has external access (192.168.1.1 in this example).
Unmatched Routers?
If you don't have a matched pair of routers like I did, I would recommend changing step 3.3 from 192.168.1.2 to an unused IP that matches your Primary Router. For example, if your primary router was set to 10.0.0.1, set this to 10.0.0.2 (assuming 10.0.0.2 is not already in use!). This way everything should be on the same subnet with unique IP addresses — and both routers should be accessible for configuration from anywhere on your network.
Addendum
I was unaware at the time of writing this of any easy way of flashing a WRT54G V5 (and above) router with DD-WRT. This is not the case anymore, but there may still be lots of reasons to go with this setup rather than WDS. While WDS allows both ends of the connection to accept wireless clients, there is less bandwidth to go around, and there could be more latency. I'm guessing that this setup is still the best way to attach Ethernet devices to a wireless network with DD-WRT.
LRP note: I used this setup because I could not use WDS anymore (My initial setup was WAG54G-WDS-WRT54Gs ... I had to replace my broken WAG54G by a WAG200G, my setting became then: WAG200G-wirelessbridge-WRT54GS). At first, I attributed the speed increase to the ADSL2 capability ... I was really amazed when I could reduce a file transfer in between a wired machine behind the WRT54GS and a wired machine behind the WAG200G from about 55 minutes to 26 minutes (more than twice as fast). The only difference was the absence of WDS and the updated firmware. LRP
BrainSlayer Forum Answer [1] (edited to enhance): Client Bridge mode will only work well with just one connected computer on the far end, due a limitation in the 802.11 protocol. If you want to bridge a full LAN you must use WDS. The problem is that the 802.11 protocol just supports one MAC address, but in a LAN there is the possibility for more than one MAC address. It may cause ARP table problems, if you connect more than one computer on the far end of a Client Bridge mode setup. Use standard AP mode, if using WDS.
bobn: Multiple devices on the wireless bridge seem to work fine, including using DHCP to the 'server' AP. Although multiple devices on the client bridge (wireless bridge) appear to have the same MAC address in the arp tables of devices on the 'server' AP, something in the wireless bridge translates that MAC address on return traffic back to the correct one for a given device's IP address behind the bridge. (I suspect that there is enough of the routing function still turned on in the client bridge mode to maintain an arp table local to the client bridge and make the translations.) Most protocols (ICMP, UDP, TCP) seem to work fine for multiple devices on the bridge, based on some quick testing. I would not want to count on multiple devices using non-IP protocols, and would be suspicious of things using special MAC addresses such as multicast addresses (eg OSPF routers, multicast apps).
V23 Firmware
In the V23 firmware, you can set up the bridge from the Wireless->Wireless Mode menu. Just select "Client Bridged". This will automatically turn off DHCP. Note that only the Network Mode (b/g) and SSID settings are used in Client Bridged mode.
See notes on a 2.3 attempt at Client Bridged with a Belkin A/G AP in Bridge Install
I am also linking these in Client Bridged
New to Client Bridging?
Here's some extra information about client bridging and some, perhaps unexpected, side effects. (If you're a wireless networking wizard, you'll know this already.)
When you've switched to Client Bridge mode you won't be accessing the remote AP until your IP changes unless your box and the remote network are on the same subnet. For example, say you have:
Linksys box IP: 192.168.1.1 Your computer: 192.168.1.100 Remote network gateway: 10.0.0.1
Once you've made the configuration changes in your router, you'll need to get a new address to access the remote network. A simple way to do this with most computers is to unplug the network cable, count to 10, and plug it in again. When the cable is plugged in again, it will get a new lease, but this time from the remote computer. For example, it will get an address in the 10.0.0.x range, e.g., 10.0.0.100. Now you'll be able to use the Internet over the wireless link as you expect.
However, you won't be able to access your Linksys to administer it. The solution is to turn off DHCP and use a static IP (e.g., 192.168.1.99), or, alternatively, assign an address for your Linksys from the remote subnet (e.g., 10.0.0.2). Be careful, however, not to pick an address already in use.
(Editorial Note: According to the introduction, "Wireless Bridging is used to connect two LAN segments via a wireless link. The two segments will be in the same subnet and looks like two Ethernet switches connected by a cable, to all computers on the subnet." From this info we can gather that you should be assigning an unused, unique IP address to your bridge router from your remote subnet, otherwise your bridging router will become inaccessible, and that's not optimal! Please see A Practical Example for a fully documented example of making this work.)
WPA-Personal
So I just bought a WRT54GL Ver 1.1 and I'm new. Anyhow, so I was trying and trying for two days straight to get Client-Bridge setup to work in V23sp2, followed the instructions as set out above in the practical example. However a lot of people have posted that WPA-Personal Security Protocol has not been able to work, not true, because I've done it by God's amazing grace! So here's the HOWTO
1. Follow the above practical example
2. Set Wireless Security > Security as WPA-Shared Key > TKIP
3. Enter the shared key ID
4. Go to Status > Wireless > Site Survey > Should probably find your 1st router and then click join, the next thing you should see is that its MAC address will appear on the Wireless AP at the bottom of the Wireless Status page.
5. Unplug your Ethernet connection from your PC and wait 20 seconds
6. Undo the TCP/IP setup to connect to the router (assuming you set the IP manually, you need to undo this)
7. Plug in the Ethernet connection and let it refresh! It should work!
WPA & WPA2
Do not choose mixed mode (WPA+WPA2) on the Client-Bridge: the AP and the bridge would not be able to auto-negociate an encryption scheme, the bridge would not be able to connect to the AP.
Pick up one scheme (WPA or WPA2) on the bridge side: both schemes work nice - as long as the AP is configured for -, but you cannot let the bridge to make the decision.
MAC Filter
For those of you who also want to enable MAC filtering on your main router, you need to add the INTERNAL MAC address of your bridge to your permitted list. This is different than the MAC address printed on the bottom of the case, you can find it by going to Status->Wireless and the top line will list the internal MAC address.