DD-WRT:Wireless Bridge

'''This is an older page on how to set up a client bridge. It is being kept as there might be info that some find useful, but a more complete and up to date guide to do the same thing can be found here:'''

Client Bridged

Wireless Bridging is used to connect two LAN segments via a wireless link. The two segments will be in the same subnet and look like two Ethernet switches connected by a cable to all computers on the subnet. Since the computers are on the same subnet, broadcasts will reach all machines, allowing DHCP clients in one segment to get their addresses from a DHCP server in a different segment. You could use a Wireless Bridge to transparently connect computer(s) in one room to computer(s) in a different room when you could not, or did not want to run an Ethernet cable between the rooms. Contrast this with Client Mode Wireless, where the local wireless device running DD-WRT connects to the remote router as a client, creating two separate subnets. Since the computers within the different subnets cannot see each other directly, this requires the enabling of NAT between the wireless and the wired ports, and setting up port forwarding for the computers behind the local wireless device. Segments connected via Client Mode Wireless cannot share a DHCP server.

In the case in which we are interested, a wireless device running DD-WRT such as a WRT54G is configured as a Wireless Bridge between a remote wireless router (of any make/brand) and the Ethernet ports on the WRT54G.

Instructions
(Editorial Note: Also see Example further down this page for a better documented but lengthier procedure with some unnecessary steps.)

To enable wireless bridging between two WRT54Gs, one WRT54G has to be in AP-Mode (Wireless > Basic Settings). The following assumes it has the default IP address 192.168.1.1. Let's call this WRT54G the primary. The other WRT54G is connecting to the primary in "Client-Bridged" mode. Let's call that WRT54G the secondary.

Instructions update for V24: DHCP does not work between the DHCP server in the primary and the DHCP clients in computers connected to the secondary in this configuration with V24. You will have to assign static IP addresses like 192.168.1.10x to the computers connected to the secondary, a different one for each computer of course. Then it works fine. Annoying! -- This doesn't seem to be a problem with the currently recommended V24 SVN builds as of 2/22/09.


 * 1) Give your PC the possibility of having a static address. In Windows, open Network connections, select your LAN card, change settings, Internet Protocol (TCP/IP), properties, on the General tab choose obtain an IP address automatically, then on the Alternate Configuration tab click user configured and enter 192.168.1.100 or something similar, default gateway to 192.168.1.1 and the DNS server IP addresses of your ISP. If you don't know those, any DNS server IP addresses will work. e.g. 204.101.251.1 and 205.151.222.251. Click OK and close. Now your PC will try to run the DHCP client, but if it fails (as it will with V24 in the following scenario), it will use the Alternate Configuration, static address 192.168.1.100 instead.
 * 2) If you are using MAC filtering, add the WLAN MAC-Address of the secondary WRT54G to the permitted list on the primary.
 * 3) Connect a PC to LAN port 1 (not the WAN port) on your secondary with a LAN cable and enter 192.168.1.1 in a browser.
 * 4) Administration > Factory Defaults: Restore factory defaults yes. Username=root, password=admin when asked. Click apply settings. Listen to soothing music while the secondary resets and reboots.
 * 5) Setup > Basic Setup: Local IP address 192.168.1.2, subnet mask 255.255.255.0, gateway 192.168.1.1, local DNS 192.168.1.1, assign WAN port to switch checked. Click save then apply. After a minute, change the address in your browser to 192.168.1.2 and enter.
 * 6) Wireless > Wireless Security: Enable Wireless Security and configure it as used in your local network. Click save then apply.
 * 7) Wireless > Basic Settings: choose "Client-Bridged" as Wireless Mode and set SSID, Wireless channel and Network Mode to same values as your primary. (Note: it is better to use network mode G-only on both primary and secondary, otherwise everything slows down to B if there is even one B device anywhere.). Click save then apply.
 * 8) Status > wireless: scroll down and click site survey, then click join the desired network, then continue, then save, then apply.
 * 9) Unplug the power from the secondary for 10 seconds then plug it back in.
 * 10) Go to an Internet URL in your browser, e.g. google.com
 * 11) Be patient. It takes a while to connect everything, maybe 30 – 45 seconds. Click reload on the browswer if it says page not found too soon. Wait at least two minutes before thinking it ain't working.

That's all.

You can now access the primary at 192.168.1.1 or the secondary at 192.168.1.2 if you want to configure either of them. -ECNY 2008-10-09

Important: If you want to use WPA encryption on your client bridge, make sure your key is no longer than 63 characters, even if you are using a HEX key. Not all IEEE 802.11 devices support long keys; older ones, in particular, are limited to short keys. In order for all devices in your network to communicate, they must not use a key longer than the least capable device in the network supports.

Instruction for dd-wrt v24 sp1
Don't use SP1. It has DHCP throughput issues. Use one of the Beta builds. Svn11296 is a reliable build for G routers.

[The following instructions only worked for me if the Setup/Advanced Routing was changed from gateway to router]

1. Router hard reset
While the router is on, press the reset button for 30 seconds, then unplug the power supply for thirty seconds, continuing to hold the reset button, and then plug the power supply in for 30 seconds, continuing to hold the reset button.

2. Assign a static IP to you computer
Network connection configuration (Windows XP sp 3) Plug the network cable in the client router and into your computer.
 * General Tab:
 * Obtain an IP address automatically
 * Obtain DNS server automatically
 * Alternate configuration
 * User configured
 * IP address: 192.168.1.49 [your computer IP]
 * Subnet mask 255.255.255.0
 * Default gateway 192.168.1.1 [Default IP address of the client router]
 * Preferred DNS server 192.168.1.1 [Default IP address of the client router]

3. Access the client router configuration
In Firefox or Explorer, type 192.168.1.1 in the address bar. (If form data is not saved correctly in Firefox, try another browser.)

4. Change the default IP address of the router and setup networking parameters
Note: The default IP address of the client router is most likely the same as the host router (192.168.1.1), so it needs to be changed, usually to 192.168.1.2

> Note that if you give the router an IP of 192.168.1.2 it may cause IP conflicts if the primary router "sees" another item, such as a computer, connected to it before it sees your bridged router 192.168.1.2. It will assign the first thing it sees the first allowable IP address (this range is set in your primary router admin page). If this range starts right at 192.168.1.2, it will assign the first thing it sees 192.168.1.2, which would thus make connecting to the bridged router impossible. Thus you should set secondary/tertiary routers to something NOT near the beginning of the allocatable IP address range of your primary router, such as 192.168.1.50. Or just simply use an IP outside of the primary router's assignable range. It is possible that all routers default to start assigning IP's at 192.168.1.100, which mine actually did originally but I thought I needed to sync up that range with the other routers - it would have prevented many problems for me by leaving well enough alone.
 * Setup/basic setup/network setup/router IP
 * Local IP address 192.168.1.2 [Give the client router an IP that will not conflict with the host router]
 * Subnet mask 255.255.255.0
 * Gateway 192.168.1.1 [192.168.1.254 on Thompson ST780 host router]
 * Local DNS 192.168.1.1 [192.168.1.254 on Thompson ST780 host router ]
 * Click on Apply. The router will reboot.

Important note: You will now need to type “192.168.1.2” in the address bar to access the client router.

5. Change wireless parameters

 * Wireless/basic settings/wireless physical interface/physical interface
 * Wireless mode: Client bridge
 * Wireless Network mode Same as host router
 * SSID Same as host router -Check spelling carefully!
 * Network configuration Bridged
 * Click on Apply

6. Check wireless security

 * Wireless/wireless security/physical interface
 * Security mode/passphrase put same as host router
 * Click Apply
 * Click Apply

If your router does not connect, disable security on both the primary router and the client router and try again. If you are able to connect with no security, check your settings. This is a common problem.

6. On the computer hooked-up to that client router
Network connection configuration (Windows XP sp 3) Plug the network cable into the computer. It will detect the “network”, connect to the client router and obtain an IP address. Try accessing the web from your computer. It should now work
 * General Tab:
 * Obtain an IP address automatically
 * Obtain DNS server automatically
 * Alternate configuration
 * User configured
 * IP address: 192.168.1.49 [your compter IP]
 * Subnet mask 255.255.255.0
 * Default gateway 192.168.1.1 [IP address of the primary router]
 * Preferred DNS server 192.168.1.1 [IP address of the primary router]

7. Other stuff
To see your new IP address: To confirm that your are hooked up to the wireless network
 * 1) Windows Start menu/execute/cmd
 * 2) Type ipconfig /all
 * 1) Type the IP address of the client router in Firefox or Explorer (The default IP of the client router is 192.168.1.1 but we changed it to 192.168.1.2 to prevent conflicts with the default address of the HOST router
 * 2) Status/wireless/wireless nodes/acess points.
 * 3) *The wireless connection should be listed.

Example
I personally found all of these instructions confusing, so I've compiled an exact list of what I did to get the "Client Bridge" working with the "V23 SP1" version of the firmware.

Instructions update for V24: DHCP does not work between the DHCP server in the "main" AP and the DHCP clients in computers connected to the secondary "client-bridged" WRT54G in this configuration with V24. You will have to assign static IP addresses like 192.168.1.10x to the computers connected to the "client-bridged" WRT54G, a different one for each computer of course. Then it works fine. Annoying!

My motivation: I wanted to get my XBox online (and on-LAN) from another room, without running Ethernet to it. WDS was out of the question unfortunately because one of my routers was a late-model WRT54G and as such wasn't (at the time) easily modified. I had an extra WRT54G lying around that could run DD-WRT. Alternatively I could have bought a proper Linksys or Microsoft solution to connect the XBox to the existing WiFi, but what's the fun in that?

My network is as such:


 * Primary Router (Internet Connection): WRT54G V5 &mdash; stock Linksys firmware &mdash; 192.168.1.1
 * Secondary Router (For the Bridge): WRT54G V3 &mdash; DD-WRT V23 SP1 Firmware &mdash; 192.168.1.1 &mdash; which I changed to 192.168.1.2 in my setup

(I'm guessing that the Primary Router could be any make and model of wireless router as we're not doing anything to it!)

Slambert71 adds: I set this up today using a Linksys WRT54G V.3 with DD-WRT V23 SP2 firmware as the secondary, and a D-Link DI-624 with factory firmware as the primary and it works great.

My Primary Router has 128bit WEP Encryption enabled. It does NOT have Wireless MAC Address Filtering enabled. We will assume you want your Secondary Router to become 192.168.1.2.

Mailmanx adds: It worked successful for me with 2 WRT54GL Routers (Router with original firmware, Client Bridge with DD-WRT v23 SP2). WPA-PSK with AES enabled AND MAC Address Filtering (Be sure to set the the correct MAC address! The router provides a LAN, WAN and the needed Wireless MAC address of the Bridge). The MAC addresse can be found on the Status->Sysinfo tab of the DD-WRT webinterface.

Jerrytown adds (Sept. 28, 2008): I followed all the steps below and DHCP and DNS did not work. When I installed v23 SP2 (which is quite old at this writing) on the secondary router everything worked fine. Primary: WRT-54G2, Secondary: WRT-54GL.

I have my Secondary Router in another room, connected only to my laptop via an Ethernet cable to Port 1. The laptop has an IP from the Secondary Router's DHCP to begin with. Neither the laptop nor the Secondary Router are connected to anything but each other. I will be doing all of my setup from this laptop. If you have problems with DHCP or losing your IP address in the midst of these instructions, you may need to statically assign an IP to your Ethernet card. (I was running Knoppix Linux on the laptop and I didn't have to do that, but YMMV!)

Setup

 * 1) Log into the Secondary Router. (We will only be altering the Secondary Router!)
 * 2) Administration Tab &mdash; Factory Defaults Subtab
 * 3) Restore Factory Defaults: Yes
 * 4) Click "Save Settings" &mdash; triggers reboot. (DaveK - I'm using V24 with a Buffalo WHR-G125 router and had to click "Apply" after "Save" in order to trigger the reboot)
 * 5) Router's IP will now be 192.168.1.1 if it wasn't already. This was a very important step. I have run this process 3 times now as a trial, and the instructions are written assuming you have a "clean" router.
 * 6) Setup Tab &mdash; Basic Setup Subtab
 * 7) Connection Type: Disable
 * 8) STP: Disable
 * 9) Local IP: 192.168.1.2 (it was initially 192.168.1.1) (Appears that it must/should be a valid IP in your Wireless Subnet) ***See notes in Section 4 above about potential IP conflicts using a bridged router IP address too close to the beginning of the allowable IP range of the primary router. I suggest using instead something like 192.168.1.50.***
 * 10) Gateway: 192.168.1.1 (ip address of your primary router)
 * 11) Local DNS: 192.168.1.1 (ip address of your primary router, normally it will forward your request to DNS server)
 * 12) Assign WAN Port To Switch: Checked
 * 13) DHCP Server: Disable
 * 14) Click "Apply Settings" &mdash; triggers reboot. I had an error along the lines of "Can't connect to 192.168.1.1" &mdash; This is because it's now 192.168.1.2 &mdash; close and restart the browser to avoid authentification problems and connect to the new IP address and retype your username and password. (Aside from changing the local IP address, the above steps are unnecessary because putting the router in client-bridged mode takes care of these settings automatically) NOTE: If you change the IP and disable DHCP and then disconnect the network for some reason you will need to set a static IP in the same subnet on your windows TCP/IP settings in order to connect to the router again at the new IP
 * 15) Security Tab &mdash; Firewall Subtab
 * 16) SPI Firewall: Disable
 * 17) Click "Save Settings"
 * 18) Wireless Tab &mdash; Basic Settings Subtab
 * 19) Wireless Mode: Client Bridge
 * 20) Wireless Network Mode: Match your primary router.
 * 21) Wireless Network Name (SSID): Match your primary router. (case matters!)
 * 22) Wireless Channel is not relevant in Client Bridge mode.
 * 23) Wireless SSID Broadcast is not relevant in Client Bridge mode.
 * 24) Click "Save Settings". The router will now be in Client Bridge mode.
 * 25) Wireless Tab &mdash; Wireless Security Subtab
 * 26) Security Mode: Match your primary router, I used WEP (I have not tried anything but 128bit WEP!) note: WPA-PSK works as well -guyonphone; note: WPA-PSK even works if original router is WPA2 mixed -mcoope3; note: v2.3_sp2 in client bridge mode currently doesn't support WPA2-PSK, but only WPA2-PSK mixed mode, so the AP has to be set to mixed and not WPA2-only mode (it can be either AES or TKIP).-zevnik note: To put it simple, WPA2 doesn't work in Bridge Mode currently (dd-wrt v23 sp2)- darthn note: WPA2 Personal does work in v24SP1. bobxnc note: WPA2 Personal works fine using v24sp1 on a Netgear WNDR 3300 teekay note: WPA Personal works great with an Apple Airport Extreme wireless router too. Select "WPA/WPA2 Personal" on the Extreme and "WPA Personal (TKIP)" on the bridge. Enter the same shared key on both of course. -gsosa70; Router: Linksys WAG 325N, org. firmware, bridge WRT54Gl (dd-wrt v24): WPA2 didn't work initially. So I set up the bridge in WEP. Tried WPA and WPA 2 later (just changed it back on router & bridge, no reconnecting or anything: Worked flawlessly. -onkl note: Please do not forget to change your MAC addresses (or at least Wireless MAC) if you are trying to create bridge between two DD-WRT devices. with same Wireless MAC addesses it worked only in WEP mode. -TEHb
 * 27) Encryption: Match your primary router.
 * 28) Key 1: Match your primary router. Make sure your key is not too long under WPA2 Personal or else it will not connect routers together.
 * 29) Click "Save Settings"
 * 30) Wireless Tab &mdash; Advanced Settings Subtab
 * 31) Authentication Type: Shared Key
 * 32) Click "Save Settings" This seems like a VERY important step &mdash; it DID NOT work until I did this! note: worked for me on auto, when using WEP -cheesetoast. note: it worked for me as described when using WEP, but it didn't work using WPA-PSK - neither TKIP, AES, TKIP+AES. In any of these modes, after successful Join, the MAC of the primary router didn't appear on the Status screen and the "Transmitted (TX)" error counter in Status-->Wireless-->Wireless Packet Info was constantly incremented every few seconds. It finally connected and worked OK only when I changed "Shared Key" to "Auto" on both the primary and the secondary router. Just as a side note, it reported a successful join even if the connection was obviously broken (e.g. WEP on the primary router and WPA on the secondary). Using dd-wrt v23 sp2 vpn on the primary router and v23 sp2 voip on the secondary one. vbrindus, 2008-01-05
 * Be sure to also sync the Beacon Interval through RTS Threshold numbers to those on the primary router, or you may experience longer delays in connecting after power cycling one of the routers.
 * 1) Status Tab &mdash; Wireless Subtab
 * 2) Click Site Survey, and Join the appropriate wireless network. Access Point table should show the MAC address of your Primary Router, along with signal strength. (SSID Broadcast MUST be enabled on your primary router) At this point it was working 100% for me. If that worked, then:
 * 3) Administration Tab &mdash; Backup Subtab
 * 4) Click "Backup" (SAVE this config before doing anything else to your router, just in case!)

I've done this procedure three times to test it, and I've reset the router to Factory Defaults every time. It may not be the optimal way of accomplishing the task, but it did work for me and I was able to repeat it with the same results each time!

walterg74: I tried this with success. My config is> Primary: old DI-524, client router DIR-300. Worked fine as is, and also, DHCP enabled on the PC worked perfectly for me.

djshorty: These instructions did not work using Buffalo WHR-HP-G54 as the host, WRT54GS v2.1 as the client, and v24. It only worked when I used v24 SP1 on both routers. As a side note, my Authentication Type is set to Auto.

lrp note: I did setup the wireless security mode to "disabled" in the "Wireless Tab &mdash; Wireless Security Subtab", I had NOTHING to change in the "Wireless Tab &mdash; Advanced Settings Subtab" for this setup to work (DD-WRT v23 SP2 (09/15/06) std). lrp

darthn note: I connected an Asus WL500W and a WRT54GL v1.1 together with WPA2 Personal and it works flawlessly. The only problem I ran into is password length. I used 64 Random Hexidecimal and it failed. I retried with about a 25 character password and it works now.

I followed the "practical example" instructions and when I attempted to connect to the primary router, it would not connect. I followed the instructions at the top and those worked. This "practical example" set of instructions is overly superfluous. There's no need to turn off DHCP or disable STP, etc, because when you set the router to client-bridge, those options automatically go away. That being said, the basic instructions are to just set the IP address of the client router to something different than the host router, set the router to client-bridge mode and set the SSID, encryption and password all the same. If you want to connect to the internet, set the gateway and Local DNS IPs to your main router (setting the WAN port to switch and turning off the firewall are also good). For the record, I used a WRT54GL v1.1 as the host and a WRT54GS v2.0 as the client. Both were using DD-WRT v24 w/ sp1 Kakomu 17:30, 15 August 2008 (CEST)

I seconded these settings. Tried it on 2 WRT54G with v23SP2 and they work.

I third these settings. I succesfully linked a Dlink DI-524 (primary, not dd-wrt) and a Buffalo WHR-G125 (secondary, with dd-wrt). The secret here is that you need to change the firewall settings in the Dlink to allow all traffic from the source (ie 192.168.1.2) to all destinations (in the Dlink webbased router setup under advanced-->firewall) -dapple

These settings verified working on a WRT54Gv8. I couldn't ping my gateway before (on the far end router). I'm curious if a factory reset is what did it. Setting the auth type between shared and auto seems to make no difference. --IamBren 07:40, 28 December 2007 (CET)

Verified working with two WRT54Gs (v2 with DD-WRT as the secondary; v5 with Linksys as the primary) with 128-bit WEP and MAC address filtering. It didn't work at first, because I forgot to add the DD-WRT's wireless MAC to my filter list. After I did that, it worked perfectly. I have two devices plugged into the secondary - one is an HP LaserJet with JetDirect and a static IP; the other is a machine with DHCP, and both appear to work fine. I'm going to assume SSID broacast is required for this to work, which is unfortunate... ---shifuimam 2008-05-09

If you have an apostrophe in your SSID you will not be able to click the "Join" button on the "Site Survey" page. I also needed to switch from gateway to router in the Setup->Advanced Routing tab before it finally connected (DD-WRT v23 SP2 (09/15/06) std).

These instructions were perfect! I have a Linksys WRT54GL as the primary and a Motorola WR850G v3 as the secondary both with DD-WRT v24 Beta (05/02/07) std. I can now access both routers' configuration and files behind both routers. The only addition to the instructions is that you need to disconnect the cable for 10 seconds after the last step and reconnect to fully access all features. - PeterE 8 March 2008

This worked perfect for me with a Motorola/Netopia 3347W as primary router. However for some reason I had to force the wireless mode to G only on the WRT (I kept "mixed mode" on the Netopia). WPA is working fine but WPA2 support would be nice. Also DHCP messages do not reach the primary router. Using DD-WRT v24RC6.2 - Googleg 29/Mar/2008

''Edit: I could not get v24 RC6 or RC7 to pull DHCP, but manual IP worked. Flashed with v23 SP2, got DHCP on the first try. WRT54G v3.'' After joining the wireless network, DD-WRT took me back to the Wireless tab (where Mode selection is) and I had to click Apply Changes to actually get online. Other than that, flawless instructions. 4/25/08 - CK

Second on DHCP not working with v24 release. Also DNS is not available. Works fine if I manually configure both (using primary as the DNS server). WRT54Gv8, 128-bit WEP - diginorm 16-Jul-08

WPA2 is working fine for me using v24 RC7 on both the client and the access point. - stlpaul 5/17/08

I've tried this procedure on a ASUS WL-520GU using v24-SP1 as the secondary router, and connecting to a Planex router with unmodified firmware as primary. The PC connected to my secondary router could not obtain an DHCP from my primary router. After I assigned an IP to my PC, the clinet bridge worked smoothly. It is not a big problem for me to assign an IP manually to my device, so far, I am happy with my v24-sp1 on ASUS. - barry chum 9/22/08

For those of you that are using MAC filtering (on the primary router), it will work, but you need to add the MAC addresses (from the second router) for the Router, LAN, and wireless (these will be consecutive hex numbers). - HT 12/26/08

I was successful with this setup using WRT54GS (v1) running v24sp2 mated with an Actiontec MI424-WR (FIOS router). The single caveat I had was that I could not make it work with WPA2. It will work with WEP & WPA, but not WPA2. - uSlackr 12/28/09

I was successful with the setup using WRT54GS2 running v24sp2 after switching to WPA Personal on the FIOS Actiontec MI424-WR. Could not get WEP to work. William with sabaitechnology.com 02/21/10

Accessing Both Routers?
With this setup, I have full access to both routers &mdash; which runs contrary to a lot of the notes concerning Client Bridge mode. One router is http://192.168.1.1, and the other is http://192.168.1.2. I can access both from either side of the bridge. There is no need to change any settings or IP addresses or the like with this setup in order to do so! Note: if you want to be able to access the Client Bridge router externally, you need to set its gateway address to point to the address of the router that has external access (192.168.1.1 in this example).

Unmatched Routers?
If you don't have a matched pair of routers like I did, I would recommend changing step 3.3 from 192.168.1.2 to an unused IP that matches your Primary Router. For example, if your primary router was set to 10.0.0.1, set this to 10.0.0.2 (assuming 10.0.0.2 is not already in use!). This way everything should be on the same subnet with unique IP addresses &mdash; and both routers should be accessible for configuration from anywhere on your network.

Addendum
I was unaware at the time of writing this of any easy way of flashing a WRT54G V5 (and above) router with DD-WRT. This is not the case anymore, but there may still be lots of reasons to go with this setup rather than WDS. While WDS allows both ends of the connection to accept wireless clients, there is less bandwidth to go around, and there could be more latency. I'm guessing that this setup is still the best way to attach Ethernet devices to a wireless network with DD-WRT.

LRP note: I used this setup because I could not use WDS anymore (My initial setup was WAG54G-WDS-WRT54Gs ... I had to replace my broken WAG54G by a WAG200G, my setting became then: WAG200G-wirelessbridge-WRT54GS). At first, I attributed the speed increase to the ADSL2 capability ... I was really amazed when I could reduce a file transfer in between a wired machine behind the WRT54GS and a wired machine behind the WAG200G from about 55 minutes to 26 minutes (more than twice as fast). The only difference was the absence of WDS and the updated firmware. LRP

Limitations
Please note that there are technical limitations to wireless bridges, but that you can connect multiple clients to a bridged router and they will have both lan and wan access. The average user will not likely notice any of these limitations.

BrainSlayer Forum Answer : "Client Bridge mode will only recognize one mac address on the bridged setup, due a limitation in the 802.11 protocol, even if there are multiple clients (with multiple mac addresses) connected to the client router. If you want to bridge a full LAN you must use WDS. The problem is that the 802.11 protocol just supports one MAC address, but in a LAN there is the possibility for more than one MAC address. It may cause ARP table problems, if you connect more than one computer on the far end of a Client Bridge mode setup. You will not be able to, for example, block mac addresses of client of the bridged routers or set access restrictions based on mac addresses in the bridged router.

bobn: Multiple devices on the wireless bridge seem to work fine, including using DHCP to the 'server' AP. Although multiple devices on the client bridge (wireless bridge) appear to have the same MAC address in the arp tables of devices on the 'server' AP, something in the wireless bridge translates that MAC address on return traffic back to the correct one for a given device's IP address behind the bridge. (I suspect that there is enough of the routing function still turned on in the client bridge mode to maintain an arp table local to the client bridge and make the translations.) Most protocols (ICMP, UDP, TCP) seem to work fine for multiple devices on the bridge, based on some quick testing. I would not want to count on multiple devices using non-IP protocols, and would be suspicious of things using special MAC addresses such as multicast addresses (eg OSPF routers, multicast apps).

smalldrummer2: If your primary router is running with SSID broadcast disabled, be sure to get the correct information about the network name and key everywhere else. You may have to go back and forth between "Auto" and "Shared" key in the Wireless/Advanced Settings tab. Once everything is set correctly, hit the "Site Survey" button on the Status/Wireless page and then exit. After a few seconds, the SSID broadcast disable network will show up as what you are connected to. The signal strength meter will also appear and light up. (Note that I did this with WPA-Personal encryption only.)

The following thread goes furhter more in detail concerning this discussion

WaS:DD-WRT's "client bridge" mode" is not a transparent bridge. Only one single ethernet device is properly supported behind the router running in "client bridge" mode. (It should have been baptized "client adapter mode" instead!) In the old forum we already had endless discussions about this subject. Note that this is a technical limitation of the 802.11 standard, rather than a deficiency of DD-WRT. To create a true transparent bridge, with multiple ethernet devices at both sides, use WDS.

tlj2:My opinion is that DD-WRT does not properly support even a single device on behing the DD-WRT "client bridge" mode radio. Here is my reason for my opinion:

1) Every network (subnet) should have unique IP addresses. All IPs in the network (subnet) should have a unique MAC address.

2) In a network (subnet), all devices talk directly to eacy other and do not use the gateway (default route). Each network card in the local network actually talks MAC address to MAC address - not IP address to IP address.

3) When you place a DD-WRT "client bridge" mode radio in the local network (subnet), a unique IP address and unique MAC address is added into the network (no devices connected behind the DD-WRT "client bridge" mode radio yet). At this time, every device in the network still has a unique IP address and a unique MAC address. Everything works and all devices in the local network (subnet) can talk to all devices in the network (without using a gateway or default route).

4) When you place a device behind the DD-WRT "client bridge" mode radio, the network infront of the DD-WRT "client bridge" mode radio sees the new device behind the DD-WRT "client bridge" mode radio as having the same MAC address of the DD-WRT "client bridge" mode radio. Every MAC address passing throught the remote DD-WRT "client bridge" mode radio is re-written to the MAC address of the DD-WRT "client bridge" radio. - - - - - Here are some steps you can perform to confirm what I am stating. A) On your PC computer, go into the DOS CMD (or COMMAND) prompt. ((START - RUN - CMD)).

B) Ping devices in your local subnet. Do not ping devices outside of your subnet. Also, ping devices behind your remote located DD-WRT "client bridge" mode radio and also ping the radios.

C) Still in your CMD window, type in "arp -a". You will get an output like the one I show below:

C:\>arp -a Internet Address Physical Address Type 192.168.10.1 00-14-1b-e6-78-f0 dynamic 192.168.10.2 00-0d-56-ba-36-a1 dynamic 192.168.10.3 00-0d-56-ba-36-b2 dynamic 192.168.10.4 00-0f-1f-66-ca-c3 dynamic 192.168.10.10 00-a0-c9-fc-14-d4 dynamic 192.168.10.89 00-01-e6-a6-6d-e5 dynamic 192.168.10.150 00-10-83-73-53-96 dynamic 192.168.10.254 00-11-21-64-3c-87 dynamic

D) Note that every unique IP address has a unique MAC physical address.

E) If you have a DD-WRT "client bridge" radio, ping your radio and ping any remote devices behind your DD-WRT "client bridge" radio. Now type in "arp -a". You may get an output like what I am showing below:

C:\>arp -a Internet Address Physical Address Type 192.168.10.1 00-14-1b-e6-78-f0 dynamic 192.168.10.2 00-0d-56-ba-36-a1 dynamic 192.168.10.3 00-0d-56-ba-36-b2 dynamic 192.168.10.4 00-0f-1f-66-ca-c3 dynamic 192.168.10.5 00-0f-1f-66-ca-c3 dynamic 192.168.10.6 00-0f-1f-66-ca-c3 dynamic 192.168.10.7 00-0f-1f-66-ca-c3 dynamic 192.168.10.10 00-a0-c9-fc-14-d4 dynamic 192.168.10.89 00-01-e6-a6-6d-e5 dynamic 192.168.10.150 00-10-83-73-53-96 dynamic 192.168.10.254 00-11-21-64-3c-87 dynamic

F) Note that you have duplicate MAC addresses showing up in your "arp -a" output. (your mac addresses and IP addresses will not be exactly the same as my sample above). The duplicate MAC address are the clients behind the DD-WRT "client bridge" radio. And these duplicate MAC addresses will be the same MAC address as your DD-WRT "client bridge" radio. - - - Summing up Although DD-WRT "client bridge" radio connected devices may talk through the bridge, it is not reliable for all traffic and protocols. For those who are using DD-WRT "client bridge" radios. Try this simple test while your network is active and passing traffic. Have all devices in your network perform a "ping -t a.b.c.d" to all devices in your network. Include the ping to your radio. If you have 10 devices in your network, open up 9 CMD screens on each computer and have each screen "ping -t" the other 9 devices. While the "ping -t" is running, every device is forced to know the current MAC address and IP address of all other devices in your local network (subnet). Test and see if things still work. If you are running an advanced network which includes routing through the bridge, things go wrong pretty quick. Cisco CDP and Spanning Tree gets confused. Routers on both sides of the bridge fail to route to each other. There are large delays in the network. UDP traffic starts get lost. I really do like and use DD-WRT "client bridge" radio configurations. I just suggest that anybody using this bridge mode have a grasp on potential issues. If the remote network behind your remote DD-WRT "client bridge" radio is simple, you may not ever encounter a problem.

V23 Firmware
In the V23 firmware, you can set up the bridge from the Wireless->Wireless Mode menu. Just select "Client Bridged". This will automatically turn off DHCP. Note that only the Network Mode (b/g) and SSID settings are used in Client Bridged mode.

See notes on a 2.3 attempt at Client Bridged with a Belkin A/G AP in Bridge Install

I am also linking these in Client Bridged - updated for V24-Final redhawk

New to Client Bridging?
Here's some extra information about client bridging and some, perhaps unexpected, side effects. (If you're a wireless networking wizard, you'll know this already.)

When you've switched to Client Bridge mode you won't be accessing the remote AP until your IP changes unless your box and the remote network are on the same subnet. For example, say you have:

Linksys box IP:        192.168.1.1 Your computer:         192.168.1.100 Remote network gateway: 10.0.0.1

Once you've made the configuration changes in your router, you'll need to get a new address to access the remote network. A simple way to do this with most computers is to unplug the network cable, count to 10, and plug it in again. When the cable is plugged in again, it will get a new lease, but this time from the remote computer. For example, it will get an address in the 10.0.0.x range, e.g., 10.0.0.100. Now you'll be able to use the Internet over the wireless link as you expect.

However, you won't be able to access your Linksys to administer it. The solution is to turn off DHCP and use a static IP (e.g., 192.168.1.99), or, alternatively, assign an address for your Linksys from the remote subnet (e.g., 10.0.0.2). Be careful, however, not to pick an address already in use.

(Editorial Note: According to the introduction, "Wireless Bridging is used to connect two LAN segments via a wireless link. The two segments will be in the same subnet and looks like two Ethernet switches connected by a cable, to all computers on the subnet." From this info we can gather that you should be assigning an unused, unique IP address to your bridge router from your remote subnet, otherwise your bridging router will become inaccessible, and that's not optimal! Please see A Practical Example for a fully documented example of making this work.)

WPA-Personal
So I just bought a WRT54GL Ver 1.1 and I'm new. Anyhow, so I was trying and trying for two days straight to get Client-Bridge setup to work in V23sp2, followed the instructions as set out above in the practical example. However a lot of people have posted that WPA-Personal Security Protocol has not been able to work, not true, because I've done it by God's amazing grace! So here's the HOWTO 1. Follow the above practical example 2. Set Wireless Security > Security as WPA-Shared Key > TKIP 3. Enter the shared key ID 4. Go to Status > Wireless > Site Survey > Should probably find your 1st router and then click join, the next thing you should see is that its MAC address will appear on the Wireless AP at the bottom of the Wireless Status page. 5. Unplug your Ethernet connection from your PC and wait 20 seconds 6. Undo the TCP/IP setup to connect to the router (assuming you set the IP manually, you need to undo this) 7. Plug in the Ethernet connection and let it refresh! It should work!

WPA & WPA2
Do not choose mixed mode (WPA+WPA2) on the Client-Bridge: the AP and the bridge would not be able to auto-negociate an encryption scheme, the bridge would not be able to connect to the AP.

Pick up one scheme (WPA or WPA2) on the bridge side: both schemes work nice - as long as the AP is configured for -, but you cannot let the bridge to make the decision.

Additional
I had a difference experience, I used a buffalo AP as a client bridge to a Linksys WAG60N. I was trying to use it to connect my Xbox360 (as well as other devices). If I set the security to WPA or WPA2 personal I would get about 6 packets through before the connection hung for a couple of minutes. If I set the security to WPA Mixed on BOTH DEVICES the connection works fine.

As a side note the Linksys management software looks like it's just a re-branded DD-WRT.

MAC Filtering
For those of you who have enabled MAC filtering on your Primary router, you need to add the WLAN MAC address of your Secondary router to the permitted MAC filter list of the Primary router. This is different than the MAC address printed on the bottom of the case, you can find it by going to Status->Wireless and the top line will list the internal MAC address. Of course, you will want to add the MAC filter list to the Secondary router. This should be setup prior configuring your WPA, WPA2, etc. settings otherwise you will spend some time pondering why the bridge isn't working.

Reference
Wireless Bridging Forum Post by kkennedy070790