TechInfoDepot:DD-WRT/Linking Routers/Repeater Bridge

A wireless bridge connects two LAN segments with a wireless link. The two segments are in the same subnet and look like two Ethernet switches connected by a cable to all computers on the subnet. Since the computers are on the same subnet, broadcasts reach all machines. DHCP clients in one segment can get their addresses from a DHCP server in the other segment.

Use a wireless bridge to transparently connect computers in one room to computers in a different room when you cannot—or don't want to—run an Ethernet cable between the two rooms.

A standard wireless bridge (client bridge) connects wired clients to a secondary router as if they were connected to your main router with a cable. Secondary clients share the bandwidth of a wireless connection back to your main router. Of course, you can still connect clients to your main router using either a cable connection or a wireless connection.

The limitation with standard bridging is that it only allows wired clients to connect to your secondary router. Wireless clients cannot connect to your secondary router configured as a standard bridge.

New in DD-WRT v24 is Repeater Bridge mode. This extends your primary LAN via secondary router (bridge router) and also allows wireless clients to connect to your secondary router. This extends the range of your wireless network while simultaneously allowing wired clients to connect to your secondary router.



In the case in which we are interested, a secondary router running DD-WRT v24 is configured as a Repeater Bridge between a Primary wireless router (of any make/brand/FW) allowing the above configuration.

Assumptions:

Primary router is configured in a 192.168.1.X subnet and leases DHCP address in the same pool. Secondary router is running DD-WRT v24

No security setup will be covered in this Wiki. It will be up to the user to setup security between the Primary and Secondary routers

Note: If you are unsure of what you are doing, is advisable to practice by setting up the router first in client bridge mode and get it working correctly. Client bridge mode is simpler but most of the settings are the same. Once you understand how to set up a client bridge and have it working, then proceed to setting up repeater bridge

Setup
Set you wlan to client_bridge and connect to the to be repeated AP Add virtual interface and set it as AP

SSIDs
Under "Wireless -> Basic Settings", you must use the primary router's SSID for the physical interface and a new SSID for the virtual interface. Some people argue the physical interface can also be the same in order to support roaming (see Repeating Mode Comparisons)

Security
Keep in mind any security settings will need to be configured including MAC filtering in order for the Secondary Router to connect to the Primary Router and also for clients connecting to the Secondary Router to gain full access to the connectivity of the Primary Router. There are some factors to consider when setting up Security for Client Bridge mode that may or may not be factors when setting up Repeater Bridge mode. I simply have not experimented with this.

[NOTE {Montrealmike}]Also when your adding WEP,WPA,WPA2 etc... between the AP and the repeater bridge you have to start with the AP first; then the repeater bridge.When you enable security on the repeater click save not apply, then click on the administration tab scroll down to the bottom and click apply settings. You will then have to power cycle the repeater twice ( unplug and plug back in twice ) in order for the repeater bridge and AP to synchronize. This has worked for four repeater bridges for me.

Edit - Altair - In my experience the above advice of power cycling the router has been confirmed. I spent 20 minutes trying different things to no avail before I finally gave in and tried power cycling it twice (I honestly didn't believe it would do anything). After the power cycle it has been working flawlessly.

Edit - pmiller - I can also confirm the power cycling to sync the repeater to the AP. You can confirm that the repeater has synchronized with the AP by going to the Status>Wireless tab on the AP and viewing the MAC address of the repeater with some % signal quality value. Before doing 2 power cycles on the repeater, the MAC address would display on the AP's Status>Wireless tab, but with 0% signal quality. After the power cycles the % quality displayed around 30%. I played around with other security settings later on the AP and found the 2 power cycles to be unnecessary after the 2 had originally sync'ed- no idea why this would work, but it did. I had some difficulty at first because I had security enabled on the AP as WPA2-Personal Mixed, which is basically WPA2-AES or WPA-TKIP simultaneously. The repeater is unable to connect with the AP in this mixed mode; rather you must choose between WPA2-AES or WPA-TKIP. I have now switched both my wireless security settings to WPA-TKIP (physical and virtual) just for simplicity, though in theory the virtual need not match the physical. Your security is as good as the weakest link. For those having trouble, I would turn off all security and turn on SSID broadcast first, then once you get a good sync turn on security on the AP first, then the repeater.

Edit - aselvan - I have this setup on identical hardware (i.e. Linksys wrt310n) for AP and repeater running identical DDWRT (v24 standard generic). However, I can't get the WPA2 working between the repeater unit and AP no matter what combination I tried-- the repeater and AP can't connect, however, WEP and WAP works. Anyone have any idea?

Edit - crandler - WPA2 personal mixed with Linksys WAG160N as DSL uplink with original firmware and WRT160N with dd-wrt v24 std in repeater bridge mode does not function. Had do switch both devices to WPA2 personal.

Edit - ytal - Using encryption for the bridged connection only works if I either use the same encryption data (incl. ESSID) on the other (virtual) interface or do not use any encryption on the virtual interface at all. If set differently, the wireless link to the base station fails. Base station is a Speedport W500V / Targa WR 500 VoIP (http://forum.openwrt.org/viewtopic.php?id=5774) with the original Telekom firmware.

Edit - Andy - Running v24-sp1, I am also unable to have different WPA2-Personal (AES) key's between the physical and virtual interface. The security and keys must match. Upon saving and cycling the power, the status page on the AP shows signal to the repeaters, but no ping responses or network traffic exists. Also, the Repeater Bridge function fails if I turn broadcast off on the AP.

Edit -PeterMartin, RFShop - Avoid using the passphrase generator with WEP. You can’t overtype the key codes later. (Or rather you can and they do work but the old ones are the ones that remain visible. Very Difficult to erase.) Instead type in the key codes directly. Or better still copy and paste from a text file, which you need to keep for reference, as they are not visible once typed in. Agree that encryption has to be the same for both secondary and primary network. Same keys too. Same bugs seem to be present on Universal Repeater Mode.

Edit - RamonBuckland - I found that setting the security to off worked first. But WPA2 Personal did not. I then lowered the key refresh to 15 seconds (same Wireless Security settings tab) on both routers and applied. They then found each other. One would figure if I were patient enough (to wait 3600 seconds, 1 hour) then it would have worked. So .. I think the key renewal is what throws them. I have it now working WPA2 Personal (AES) with a key renewal of 15 seconds. Perhaps upping it now to an hour and walking away (from the house) they will work :-) logically. Good work peoples.

Edit - MikeMaven - I'd just like to add my own confirmation. I was having problems with WPA2 at first. I think it was a result of the key refresh not occuring. I set it to 15 seconds, reconnected, and everything seems to be working great! For the record, I'm connecting to a 2wire AP using WPA2-Personal and the same key on both the physical and virtual interface.

Accessing Both Routers?
With this setup, I have full access to both routers — which runs contrary to a lot of the notes concerning Client Bridge mode. One router is http://192.168.1.1, and the other is http://192.168.1.2. I can access both from either side of the bridge. There is no need to change any settings or IP addresses or the like with this setup in order to do so!

Unfortunately I had no luck accessing both my WRT54GS routers. One was 192.168.1.1 - gateway the other was 192.168.1.2 - the repeater. As soon as I added the 192.168,1.2 to my network the DD-WRT web mgt interface kept giving me intermittent page not found errors. These errors did not occur when I added one OR the other to the network. Both were on 255.255.255.0 Edit - Ottoxgam - When setting up the 2nd router in Repeater Bridge mode, on the Setup tab under the Network Setup in the Router IP section, The Gateway and Local DNS boxes should be left at 0.0.0.0. This provides access to both routers via the web interface. The problem seems to be when something is entered in the Local Dns box.

MAC Filtering
For those of you who have enabled MAC filtering on your Primary router, you need to add the WLAN MAC address of your Secondary router to the permitted MAC filter list of the Primary router. This is different than the MAC address printed on the bottom of the case, you can find it by going to Status->Wireless and the top line will list the internal MAC address. Of course, you will want to add the MAC filter list to the Secondary router. This should be setup prior configuring your WPA, WPA2, etc. settings otherwise you will spend some time pondering why the bridge isn't working.

[EDIT - Redhawk] - The wording here was a little confusing. Once I used the Wireless MAC address then all worked correctly....the MAC filter address on the Primary router needs to be the "Wireless MAC" address listed on the Router Status page and not the LAN MAC address. (Use Router MAC +2) - Yes...I know it says WLAN but for an noob doing this procedure it could be confused.

Special thanks to Griminal for providing a basic graphic which I modified for this Wiki Entry.

IF YOUR ROUTER WIRELESS KEEP DISCONNECTING PLEASE CHOSE REPEATER AND NOT REPEATER BRIDGE

Instructions
Use Eko build 11296, with the milworm exploit patch, BS build 12533 or EKO 12548 builds to create a wireless bridge. DO NOT USE SP1 OR THE MAY 24 08 BUILD.

To enable bridge mode between two routers, the primary router must be in AP mode (default) with DHCP Server enabled. The secondary router running DD-WRT v24 will be configured as the Repeater Bridge.


 * 1) Restore Factory Defaults on Secondary (DD-WRT) Router
 * 2) Do a proper HARD 30-30-30 Reset on the router.
 * 3) Set your computer to a static IP of 192.168.1.9
 * 4) Connect to the secondary router via wired or wireless client keeping in mind the dd-wrt default settings for dhcp pool and ssid
 * 5) Open the Wireless -> Basic Settings tab
 * 6) *Physical Interface Section
 * 7) **Wireless Mode : Repeater Bridge
 * 8) **Wireless Network Mode : Must Match Primary Router
 * 9) **Wireless Network Name(SSID) : Must Match Primary Router - Make sure you spell this correctly
 * 10) **Wireless Channel : Must Match Primary Router (This will disappear once you put it in RB mode, and isn't needed)
 * 11) **Wireless SSID Broadcast : Enable
 * 12) **Network Configuration : Bridged
 * 13) **Save
 * 14) *Virtual Interfaces Section
 * 15) **Add
 * 16) **Wireless Network Name(SSID) : Different from Primary Router
 * 17) ***[NOTE] - You CAN try using the same SSID but many have had random disconnects and/or no connection if the SSID's are the same. If using the same ssid doesn't work for you, use a different ssid from the primary router
 * 18) **Wireless SSID Broadcast : Enable
 * 19) **AP Isolation : Disable
 * 20) **Network Configuration : Bridged
 * 21) **Save
 * 22) Open the Wireless -> Wireless Security tab
 * 23) *Physical Interface Section
 * 24) **Security Mode : Must Match Primary Router
 * 25) **WPA Algorithms : Must Match Primary Router
 * 26) **WPA Shared Key : Must Match Primary Router
 * 27) **Key Renewal Interval (in seconds) : Leave default
 * 28) *Virtual Interfaces Section (note if you don't see this section your firmware should be atleast v24-sp1)
 * 29) **Security Mode : Must Match Physical Interface
 * 30) **WPA Algorithms : Must Match Physical Interface
 * 31) **WPA Shared Key : Must Match Physical Interface
 * 32) **Key Renewal Interval (in seconds) : Leave default
 * 33) **Save
 * 34) Open the Setup -> Basic Setup tab
 * 35) *Connection Type will be: Disabled
 * 36) *Set STP for Disabled (Enabled sometimes can cause connection problems) redhawk
 * 37) *IP Address : 192.168.1.2 (Assuming Primary Router IP is 192.168.1.1)
 * 38) *Mask : 255.255.255.0
 * 39) *Gateway: 192.168.1.1 (again assuming Primary Router IP is 192.168.1.1)
 * 40) *DHCP Server: Disable (Not an available setting in newer builds)
 * 41) *Local DNS: 192.168.1.1 (if IP of Primary Router is 192.168.1.1)
 * 42) *Assign WAN Port to Switch : Optionally enable this to use the WAN port as another LAN port.
 * 43) *Save
 * 44) Open Setup -> Advanced Routing tab
 * 45) *Set Operating mode to "Router"
 * 46) *Save
 * 47) Open Services
 * 48) *Disable Dnsmasq
 * 49) *Save
 * 50) Open the Security -> Firewall tab
 * 51) *Uncheck all boxes...except Filter Multicast
 * 52) *Disable SPI firewall
 * 53) *APPLY Settings
 * 54) Reboot the router.
 * 55) Once you have it working, go to the wireless security tab, and set the same type of security AND key for both the primary and the repeater ssids and hit apply.
 * 56) SET YOUR COMPUTER BACK TO AUTO IP AND AUTO DNS.

You should now be able to connect wired clients and wireless clients to the newly configured Secondary router. They will receive IP Addresses from the Primary Router and will be able to use the Internet connection supplied by the Primary Router.

Also take note of the fact that all repeaters, including this Repeater Bridge mode, will sacrifice half of the bandwidth available from the primary router for clients wirelessly connected to the repeater. This is a result of the repeater taking turns talking to not just one partner, but to two, and having to relay the traffic between them. As long as your internet bandwidth requirements are within this halved bandwidth amount there will be little or no reduction in "speed".

Troubleshooting
Encryption type and key must be the same on both the primary and secondary router.

Wireless Clients cannot connect to Repeater
Disable security and try again. Delete and re-create your profile on the wireless computer. Check to make sure you have set security properly and that the key you used matches the key in the primary router. If one security type doesn't work try another on all routers. eg. try WEP, WPA, and WPA2-AES

At Point 7 I didn't find the possibilty to disable DHCP-Server so I ignored this setting. After this I resetted the linksys-router and started setup again and inserted a Point 4a)

4a) Open the Setup -> Basic Setup tab DHCP-Server: Disable

Then I continued with point 5 After this I didn't have any problems to connect wireless client to the repeater --Haidi 15:20, 4 May 2010 (CEST)

NAT
Open the Set-up -> Advanced Routing tab and change the mode to "router" instead of "gateway".

Wireless Clients have no Internet
Make sure you have a gateway specified in the repeater bridge router, and that the address there is the primary router.

Linksys
(tested on WRT54G v3 on v24 sp2 10/10/09 standard build)

The instructions are the same as for the broadcom above except for a couple of changes:

1. For this router you will want to do the basic settings tab first (setting IP address of router, subnet, etc...)

2. Make sure to check "assign WAN port to switch" and apply settings or internet may not work off the repeater.

After this make sure your new subnet/ip address settings are working well on your router. If you try to do the wireless bridging first without making sure that your router isn't on the same ip address as the primary and is on the same subnet your router may become unresponsive. A 30-30-30 reset will fix this problem.

Finally, once and ONLY AFTER you are connected to your host AP, as the final step you will want to go to Setup > Advanced routing tab and change the setting from Gateway to Router. Then enable dynamic routing for both Lan & Wlan and apply your settings.

The other steps and procedures listed above for broadcom should work perfectly. I advise using a wired connection as it verifies the connection to the host AP best, then you can test wireless capability. Mine worked beautifully with WPA2 encryption and SSID's being the same.

Make sure that you click save, not apply between each step, as when you click apply, you will activate all changes, which may make accessing the router difficult.

Ralink
Source

router A = router connected to internet, with wireless capability (a normal AP). router B = dd-wrt installed router...tested with build 14311

note: "Firefox" could be any web browser.


 * 1) Check the IP of router A by connecting to it by a cable (not wifi)... for me this would be 192.168.0.1, a friend has it set at 192.168.1.254... whatever it is, connect to it with Firefox...we will presume it's 192.168.1.254 here.
 * 2) Check the range of DHCP, I will presume it's 192.168.1.100 to 192.168.1.199 (max 100 clients)...the reason we check this is so that we can avoid this range when setting a static IP to our laptop/computer later.
 * 3) Disable wireless security on router A (this will be re-enabled later). Note: This may not always be required, but apparently it is...and you're reading this guide so perhaps you should!)
 * 4) Ensure SSID is NOT hidden (again this can be changed later).
 * 5) Give yourself (laptop/computer) a static IP of (for example) 192.168.1.99, with Gateway and DNS set to 192.168.1.254...
 * 6) Now connect laptop/computer to router B instead.
 * 7) Ensure everything is reset to default. For the dir-615 I suggest once it's turned on and booted up, hold down the reset button for 5-7 seconds. This will also default the router to 192.168.1.1 with the dd-wrt firmware installed. Note: the wiki suggests a 30/30/30 reset, well that was less efficient for me, and of course just took me to the emergency room on stage 3...perhaps something "deep" was reset in the first 2 stages?
 * 8) Change router B to an IP of 192.168.1.253, Gateway and Local DNS to 192.168.1.254...click APPLY. (note: these numbers are a bit backwards IMO, I prefer: A at .0.1, B at .0.2, and me at .0.3 but hey!)
 * 9) Login to router B again at the new IP from (8).
 * 10) Before we start setting up the repeater bridge, you might want to check that router B can see router A... you can do this in any mode except for Repeater Bridge (lol), so just go to Status/Wireless, down the bottom of the screen you will see a button labeled "Site Survey"...click it, wait, you should see the SSID and channel number for router A ... along with a bunch of random neighbors.
 * 11) Start setting up your (soon to be) repeater bridge by going in the Basic tab: WAN, Connection type: Disable Router name: whatever Local IP: 192.168.1.253 Subnet: 255.255.255.0 Gateway 192.168.1.254 Local DNS: 192.168.1.254 WAN Port: Assign WAN Port to Switch: tick this Time Settings: whatever
 * 12) Click SAVE only - note, we apply the settings later so only click save for now... notice how DHCP dissapears from the menu, this is because we can get DHCP from router A if we so please.
 * 13) Go to the Wireless/Basic Settings tab (note how we skipped the rest of "Setup" tabs for now): Wireless Mode: Repeater Bridge Wireless Network Mode: I use mixed because I know both routers can handle b,g,n (802.11) SSID: must be the SAME as router A Channel: must be the SAME as router A Channel Width: 20 MHz SSID Broadcast: Enabled (disable later if you want) Network Configuration: Bridged Click Save
 * 14) Go next to Wireless/Wireless Security Security Mode: Disabled (we will enable it on both routers later) Click Save
 * 15) Go to Services/Services Disable DNSMasq Click Save
 * 16) Go to Security/Firewall First UNcheck everything except Filter Multicast Now on SPI Firewall, set it to Disable Click Save
 * 17) Go to Administration/Management At the bottom of the page click Apply Settings

That's it, you should now be able to connect to router A and the Internet, from router B, without a cable. If you want to connect to router B over wifi, you will have to add a Virtual Interface...easy enough in the Wireless tab.

You can now re-apply security to router A, then router B. You might need to power down router B once or twice for it to sync up correctly...though I didn't have to, just heard it's possible.

Remember: Most people leave their router's IP at default...so router A would be 192.168.1.1, router B would be 192.168.1.2, and the PCs would either use DHCP or start at for example 192.168.1.3

Hope this helps someone...it can seem like it "just doesn't work", and I had that too for a couple of days...just hang in there and go for it.

Edit: almost forgot, once all done we can continue with (11)... Go to Setup/Advanced Routing Operating Mode: Router Interface: LAN & WLAN

You can also hide both SSIDs now btw.