Posted: Sun Aug 18, 2013 15:40 Post subject: Repeater Bridge woes printer & chromecast RT-AC66U
Basically, here's my setup. All my routers are Asus RT-AC66U with build 22118. I've got 3 of them and I'm trying to do a repeater bridges between the three. Before I get to far into it, here's my setup.
So the issue, everything appears to work great. I get WAN on all devices and my speeds are great (bridge over AC). But here comes the problem, I can't access my printer or chromecast from the other side of the bridge. If the device is connected to the same AP as either device it works fine, but across the bridge I can't setup / use either. I can ping them both from the other side of the bridge. Chromecast setup suggested enabling UPnP on the primary so I tried that with no luck (still enabled if that could be affecting it let me know). If you need more setup photos, let me know and I can provide. I will confirm that all of the wi-fi security passphrases match and besides the issues stated above the bridge is working. Thanks!
Last edited by sir_clydes on Mon Aug 19, 2013 14:27; edited 1 time in total
Unchecking filter multicast did nothing for anything. Also noticed, my DLNA server is undetectable across the bridges as well. So basically nothing in my home network is working.
Also tried Kong's build 22200 with no luck.
Going back to stock or Merlin isn't really an option (tried but I'd rather not, since I'd have to use WEP), tried tomato and it didn't have 5Ghz radios up even though it said it would. Plus, it'd have to be over WDS on tomato and I'd rather avoid that because I've had issues getting it to work with WPA2 Personal on tomato.
Going back to stock or Merlin isn't really an option (tried but I'd rather not, since I'd have to use WEP),
I wonder why they still do this in this day and age. It can't be a hardware limitation since DDWRT supports bridging with WPA2. Strange.
Sorry I wasn't much help.
By design, WDS requires an encryption scheme that does not rotate its key. WPA2, by default, will rotate your key every 3600 seconds. So if DD-WRT supports WPA or WPA2, I assume they don't rotate your key, which has the effect of reducing security at the same time.
Your main AP has physical wireless interfaces available.
Why do you need two extra virtual ones?
I would repeat the main APs wireless interface to the second link, than create a vap interface and connect the third link to the second's vap interface, on the third link create a vap interface to use as an AP if necessary.
Are they linked in a chain one after the other or in a sort of circle?
The goal is to do the bridges in a tree (root and two children linked to it). It was mostly for organization purposes, basically so bridges are always linked via aug-bride-*, and any other devices through aug-wireless / aug-wireless-5G. I suppose I could do it with one VAP, but I don't see how that would fix the problem I'm having but I'll give it a shot when I get home later. If it does, I'll report back and find a way to buy you a beer.
Edit: Actually there is a reason for those two VAP, basically, I was doing it to avoid the bridge from having the same name as my public 5G wireless access point, so I could have the VAPs on my two bridged routers be the same as my main 5G WAP and therefor have seemless handoffs betweet the APs. The wiki documentation said avoid having the same SSID on your VAPs as with your bridged SSID, so this is what I did to avoid that and get the functionality that I wanted.
Going back to stock or Merlin isn't really an option (tried but I'd rather not, since I'd have to use WEP),
I wonder why they still do this in this day and age. It can't be a hardware limitation since DDWRT supports bridging with WPA2. Strange.
Sorry I wasn't much help.
By design, WDS requires an encryption scheme that does not rotate its key. WPA2, by default, will rotate your key every 3600 seconds. So if DD-WRT supports WPA or WPA2, I assume they don't rotate your key, which has the effect of reducing security at the same time.
Not sure how it works on dd-wrt to tell you the truth. When setting up security for the ap's and vap's in repeater bridge mode there is a default key renewal setting of 3600 seconds so maybe they do rotate in this mode? Not sure about WDS mode though.
Did you ever have any luck with this? I'm having essentially the same issue using a pair of RT-AC66U (one AP, one client bridge on 5GHZ + AP on 2.4GHz).
I think it comes down to the client bridge not forwarding multicast packets, but I'm not sure how to fix that. (The best suggestion I've gotten so far is to use WDS instead of a Client Bridge, but that doesn't seem to work with any kind of wireless security.)
Did you ever have any luck with this? I'm having essentially the same issue using a pair of RT-AC66U (one AP, one client bridge on 5GHZ + AP on 2.4GHz).
I think it comes down to the client bridge not forwarding multicast packets, but I'm not sure how to fix that. (The best suggestion I've gotten so far is to use WDS instead of a Client Bridge, but that doesn't seem to work with any kind of wireless security.)
WDS with security is corrently broken on dual radio units if wl1 is enabled. If just wl0 is used wds with encryption will work. We are going to rewrite broadcoms auth daemon in order to support wds for dual radio units. _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
I got my DLNA servers working by turning off all devices on the network. Then I brought up the main router, let that boot up, followed by the repeaters doing the same, and then powered on all my devices. That seemed to do the trick (knock on wood) for DLNA.
It appears I'm still having issues with Chromecast and my printer though. It's really intermittent it seems. I'll test and make sure I'm connected across a bridge and it will work, and then I'll try 10 minutes later and it won't.
Did you ever have any luck with this? I'm having essentially the same issue using a pair of RT-AC66U (one AP, one client bridge on 5GHZ + AP on 2.4GHz).
I think it comes down to the client bridge not forwarding multicast packets, but I'm not sure how to fix that. (The best suggestion I've gotten so far is to use WDS instead of a Client Bridge, but that doesn't seem to work with any kind of wireless security.)
WDS with security is corrently broken on dual radio units if wl1 is enabled. If just wl0 is used wds with encryption will work. We are going to rewrite broadcoms auth daemon in order to support wds for dual radio units.