From DD-WRT Wiki
A router in Client Mode connects to another wireless Access Point (the host router). It uses its wireless connection as the WAN interface, and shares the internet connection only to the LAN ports. It is not seen as an access point by laptops or other computers scanning for AP's and does not accept wireless connections from client devices. The AP is not required to be running DD-WRT firmware.
The main router and secondary router (DD-WRT client mode) are on separate subnets. NAT is used between the routers. Thus, when port forwarding is needed it must be configured at both routers — not just on the main (host) router.
The router in Client Mode must use its own DHCP server to give out IP numbers, Gateway and DNS server to the devices connected to its LAN ports.
To have computers connected to both routers (main and secondary) and co-exist in the same subnet, set up DD-WRT as a Client Bridge, Repeater Bridge or use WDS. Further explanation of bridging modes is in the Glossary.
Client Mode Setup
Previously there were overly complex instructions that have been removed. If you would like to see them then use the wiki's page history. This new guide is simpler also fits the needs on devices with only 1 LAN port (e.g. EOC-, Fonera, NS/PS, ...) which would lose connectivity when hit apply with the wrong settings. That is why we hit "save" and not "apply" most of the time!
The Router/AP that you are trying to connect to is the primary router. The Router you are configuring is the client router. You don't need to worry about the primary router as long as you set your client LAN IP address to a different subnet. What this means is, if the primary router has an IP of 192.168.A.x, you need to set the client router to an IP of 192.168.B.x. Most primary routers will be at 192.168.1.1, or 192.168.0.1. So, when you are configuring your client router, set it to 192.168.2.x.
With that in mind, here is how to configure it:
- Download the current recommended build for your router. Check the forum for your chipset to find recommended builds and general information related to your hardware. If you are using a Broadcom based router, read the peacock thread prior to starting.
- Do a HARD reset on your router.
- Connect a cable from your computer to the LAN port on your router.
- Set your computer to a static IP address of e.g. 192.168.1.7
- Open a web browser and connect to 192.168.1.1 to view the DD-WRT GUI.
- You should be asked to change your password and username. Carefully type these in. If you aren't asked for a password and username, do a hard reset, this time doing it properly! Hit change password.
- Go FIRST to wireless -> wireless security and enter the security type and key that matches your primary router.
- Hit SAVE (not apply)
- Go to the wireless basic settings page and change the wireless mode to Client.
- Set the wireless network name to exactly the same as your primary router. Make sure spelling and capitalization match.
- (Optional) Set the correct ack timing in meters.
- Hit SAVE (not apply)
- Go to Setup -> Basic Setup and set the WAN port protocol to what you need for the AP (mostly static, dhcp or pppoe). This is the setting that is bonded to the Wifi interface. Fill in the needed info provided by your ISP if this AP is externally managed.
- (Optional) Set Static DNS servers in the Network Address Server Settings section if your WAN type does not provide them or you want to use different ones than the AP provides.
- Change the router LAN IP to 192.168.2.1 (Your LAN subnet MUST differ from the WAN subnet!).
- (Optional) Check "Assign Wan" port to a switch if you want to be able to use it as another LAN port.
- (Recommended) Change your Time Zone and DST to match where you are.
- (Optional) Set a NTP server address (it will use a hidden default server if you leave it blank).
- Hit SAVE (not apply)
- (Optional) Go to Security -> Firewall. Disable the SPI firewall if you do not need to worry about security between the AP and Client router.
- Hit Apply.
- Set your computer back to auto IP and auto DNS if you like. You will get a DHCP address from the router.
You are done and the Client router should connect to the AP within a minute or so. After you ensure that it does connect and work properly then you may configure any other settings you wish to.
- ROUTER refers to a linksys wrt54g with stock/original firmware. Any other should work as well.
- ROUTER internal ip = 192.168.1.1
- ROUTER subnet mask = 255.255.255.0
- ROUTER DNS Server 1 = aaa.bbb.ccc.ddd (replace by actual ip)
- ROUTER DNS Server 2 = aaa.bbb.ccc.eee (replace by actual ip)
- ROUTER has wireless enabled with SSID = SUBSTITUTE_YOUR_ROUTER_SSID
- ROUTER as security enabled using 64 bit WEP encryption with key = SUBSTITUTE_YOUR_ROUTER_WEP_KEY
- CLIENT refers to a router with dd-wrt firmware.
- X > Y = Click on first level menu on the top labelled X and then click on submenu or tab labelled Y
- A.B = Value of a field labelled B in the section labelled A on a page. Section names appear vertically on the left of the page with black background.
- Validate or obtain the above information about the ROUTER. As long as you have access to it one way or another it shouldn't be an issue, e.g. on windows, you can run a ipconfig /all command in the command prompt to obtain the info above. Whatever the values, please use those values instead of the above.
- Also figure out an ip address on the ROUTER that is outside the dynamic ip address assignment range. Most routers come pre-configured with dynamic ip assignments starting from *.*.*.100 or *.*.*.50 onwards. So a low ip like 192.168.1.2 should work in our scenario. This will be used to assign the ROUTER facing ip to the CLIENT later on.
- These steps assume that you are starting with a clean slate. So if you have messed around with the settings, undo it by restoring the defaults. Any settings not outlined in the steps are to remain at the default values!
If you are not able to ping the ROUTER from a computer connected to the CLIENT, then you may have MAC address filtering enabled on the ROUTER and your security settings may be incorrect. For the former problem, make sure that you add the MAC address of the CLIENT as well as the MAC address of the computer connected to the CLIENT to the MAC filter list. In fact, the best thing to do right now is to temporarily turn off MAC address filtering.
- Do not use the MAC Address located on the bottom of the unit. Connect to the CLIENT, Goto Status>Router and use the MAC Address provided here.
Also, at this stage since the CLIENT and all devices/computers hooked up to it are on the 192.168.2.* subnet while your ROUTER is on the 192.168.1.* subnet, you will most likely not be able to ping the CLIENT or any computer connected to the CLIENT. In order to fix that, you need to setup a static route to the 192.168.2.* network so your ROUTER knows how to forward traffic to that network.
- Connect to the ROUTER's admin app, 192.168.1.1 typically
- Select Setup > Advanced Routing
- Set Advanced Routing.Operating Mode = Gateway
- Set Advanced Routing.Select Set Number = 1
- Set Advanced Routing.Enter Route Name = BRIDGE (or any name you fancy)
- Set Advanced Routing.Destination LAN IP = 192.168.2.0 (the last octet must be 0 and the third octet must be the same as your CLIENT's local IP's third octet)
- Set Advanced Routing.Subnet Mask = 255.255.255.0
- Set Advanced Routing.Default Gateway = 192.168.1.2 (same as your CLIENT's ROUTER facing IP, i.e. Client setup Step 3, #3 above)
- Set Advanced Routing.Interface = LAN & WLAN
- Click Save Settings button
- Click on Show Routing Table button and it should look something like:
Destination LAN IP, Subnet Mask, Gateway, Interface YOUR_EXT_IP, 255.255.255.255, 0.0.0.0, WAN (Internet) 192.168.2.0, 255.255.255.0, 192.168.1.2, LAN & Wireless 192.168.1.0, 255.255.255.0, 0.0.0.0, LAN & Wireless 0.0.0.0, 0.0.0.0, YOUR_EXT_IP, WAN (Internet)
- Select Wireless > Basic Settings tab
- Set Wireless Network.Wireless Mode = Client
- Set Wireless Network.Wireless Network Mode = Mixed (or if all your cards and ROUTER support G, then set it to G-Only)
- Set Wireless Network.Wireless Network Name (SSID) = SUBSTITUTE_YOUR_ROUTER_SSID
- Click Save Setting button
The settings in this tab will vary depending on what security settings are configured on the ROUTER. Basically it is the same as you enter when connecting a laptop or any other wireless device with the ROUTER. I will use the example of WEP based encryption with a 64 bit hex key. If your ROUTER doesn't have any security settings, then this step can be skipped.
- Select Wireless > Security tab
- Set Wireless Security.Security Mode = WEP
- Set Wireless Security.Default Transmit Key = 1 (or which ever your ROUTER is configured to use)
- Set Wireless Security.WEP Encryption = 64 bits 10 hex digits
- Set Wireless Security.Passphrase = Leave blank if you manually entered your key when setting up router otherwise enter the passphrase and click generate
- Set Wireless Security.Key 1 = SUBSTITUTE_YOUR_ROUTER_WEP_KEY assuming you didnt enter a passphrase and hit generate in the previous step
- Repeat #6 for the rest of the keys to set them to what ever was configured on the ROUTER.
- Click Save Setting button
- Select Setup > Basic Setup tab
- Set Setup.Internet Connection Type = Static IP - page will now present additional space to enter these settings.
- Set Setup.Internet IP Address = 192.168.1.2 (or whatever ip address you identified in step 2 of preperation)
- Set Setup.Subnet Mask = 255.255.255.0 (same as assumption #3)
- Set Setup.Gateway = 192.168.1.1 (Same as assumption #2)
- Set Setup.Static DNS 1 = 192.168.1.1 (Same as assumption #2)
- Set Setup.Static DNS 2 = aaa.bbb.ccc.ddd (Same as assumption #4)
- Set Setup.Static DNS 3 = aaa.bbb.ccc.eee (Same as assumption #5)
- Set Setup.Router Name = BRIDGE (doesn't matter what you name it)
- Set Setup.Host Name = BRIDGE (doesn't matter what you name it)
- Set Setup.Domain Name = Blank (unless you have a reason to enter it)
- Set Setup.MTU = Auto
- Set Network Setup.Local IP Address = 192.168.2.2 (increment the 3rd octet of the Wireless Setup.Internet IP Address field by 1, e.g 192.168.1+1.2. So now 192.168.1.2 is your ROUTER facing IP and 192.168.2.2 is your CLIENT network facing IP.
- Set Network Setup.Subnet Mask = 255.255.255.0 (Same as assumption #3)
- Set Network Setup.Gateway = 192.168.2.2 (Same as #13 above) (see Troubleshooting note "Resolving DNS lookup Problems")
- Set Network Setup.Local DNS = 192.168.1.1 (Same as #6 above) (see Troubleshooting note "Resolving DNS lookup Problems")
- Set Network Setup.DHCP Server = Enabled (To let the CLIENT issue dynamic IPs to the devices hooked up to it)
- Set Network Setup.Starting IP Address = 192.168.2.100 (You may have to click on Save Settings button before you see 192.168.2 written in this field. If you do, make sure you connect back to the CLIENT using the ip address is #13 above)
- Set Network Setup.WINS = 0.0.0.0
- Click on Save Settings button. Notice that after this configuration, your CLIENT bridge/router has a different IP address for administration. So if you are not automatically redirected to the new IP, you may have to connect to the administration web page by typing 192.168.2.2 yourself. Also note that at this stage, you may not be able to connect to the new IP unless you are using a computer hooked up to one of the LAN ports of the CLIENT itself. And you may need to temporarily setup your computer's TCP/IP config to use a static IP in the 192.168.2.* subnet.
These steps are temporary so that you don't run into any issues during setup. Once you have everything working, you can undo these settings one by one as long as your setup keeps working. Theoretically speaking, you shouldn't need to because your internal network is protected by the firewall of your ROUTER from the internet anyway. But if you are security conscious then you may want to undo these.
- Select Security > Firewall
- Set Firewall.Firewall Protection = Disabled
- Set Firewall.Block Anonymous Internet Requests = unchecked
- Click Save Settings button
At this point, you should be able to Click on Status > Wireless tab and see that you are connected to the ROUTER. You should also be able to hook up a device or computer to one of the four LAN ports of the CLIENT and notice that it obtains a dynamic IP like 192.168.2.100 or some number greater than 100. You should also be able to ping your ROUTER, i.e. ping 192.168.1.1. You should also be able to ping the internet, e.g. ping www.yahoo.com. If you are not successful, then retry after restarting the device/computer connected to the CLIENT. You may want to reboot the CLIENT and ROUTER as well.
Moving from previous configuration
If you are moving from a previously configured WDS setting to Client Mode Wireless, it is Extremely Important to note that if the MAC address of CLIENT was in the WDS configuration for ROUTER, and is marked as "disabled", it will fail, regardless of how well you set up CLIENT.
Also, make sure the WDS settings are completely clear in CLIENT as well.
As an example, if ROUTER and CLIENT were both WDS nodes, and their MAC addresses were in the WDS settings for each other, this setup will FAIL unless you remove the MAC address of CLIENT from ROUTER's WDS configuration. Just disabling it will not be enough.
If you still can't connect wirelessly to your wireless access point router in CLIENT MODE and your access point has an early firmware version more than 1 year old, you may have to upgrade the accesss point's firmware.
Port forwarding to the client subnet
When port forwarding is needed, it will need to be configured at both routers, not just the host router - this is not my experience (v23sp2). The only way I could get port forwarding to work both internally and externally was to configure it only on the host router and running the following command:
- iptables -t nat -R POSTROUTING 3 -s 192.168.0.0/16 -d 192.168.0.0/16 -j MASQUERADE
Without this iptables command, it would only work externally. I got this tip in the forums, but received no real explanation as to why it was needed.
Resolving DNS lookup Problems
The above instructions didn't work for me as far as routing my traffic off of the client router. In other words, I could continue to hit the DD-WRT router and even ping the remote router (at 192.168.1.1) but I couldn't ping any external addresses. I had to make the following changes in the Setup > Basic Setup tab:
Wireless Setup.Disable STP (not sure if this is actually necessary, but my working config has it disabled)
Step 3.15 Network Setup.Gateway = 192.168.1.1 (Same as assumption #2)
- CONFIRMED to work on a WRT54G v3 Apr 6, 2009 ***
Step 3.16 Network Setup.Local DNS = 192.168.1.1 (Same as assumption #2)
As soon as I made these changes everything worked.
Note that this setup enables Xbox 360 to retrieve a DHCP address and access Live servers (other DD-WRT setups for "bridging" don't seem to work as they fail in relaying DHCP and DNS servers).
You shouldn't have to make the changes suggested in the next section, "Destination Host Unreachable", if you stick to the main steps and the tweaks listed here.
"Destination Host Unreachable" when pinging internet hosts
I followed the exact setup steps here, using a Linksys WRT54G v8 router with DD-WRT v24 RC-4 Micro. After setting up, when I had a computer just connected to the CLIENT, I could successfully ping and connect to the ROUTER and the CLIENT, and could get DNS resolution for internet addresses (e.g. www.yahoo.com), but trying to ping them from a windows command line would give "Destination Host Unreachable" from the CLIENT.
After a lot of trial and error, the fix that worked for me was to disable all the VLAN's on the CLIENT (setup > VLANs > uncheck all the checkboxes in Row VLAN 0 (which had 1/2/3/4 checked) and VLAN 1 (which had W checked). This immediately fixed the problem. Note this caused me to lose the ability to connect to the box and required a reset to recover.
I am not a routing or DD-WRT expert by any means, so if doing this has some gruesome side effect, please note it here! I saw in the forums that several other people experienced the same symptom, but saw no posted solutions anywhere for it. Hopefully this helps some people.
I had a similar problem when trying to get any kind of encryption to work (worked fine without). I would lose the ability to ping my primary router, though I could "join" the site. I'm working with a D-Link DI-624 primary router provided by Verizon (FIOS), and a WRT54G as a client. Note the D-Link is modified so you can't update the firmware. I FINALLY got WEP encryption working after setting Wireless>Advanced Settings>CTS Protection Mode from Disable to Auto (this was the setting on the primary router). Still couldn't get WPA-PSK working though.
I tried the tip above and set the CTS Protection mode on both the Actiontec MI424-WR provided by Verizon FIOS and my WRT54GS2 running v24sp2 micro. Couldn't get it to work using WEP with or without CTS enabled. Moved to WPA Personal - AES and connected on the first try using standard client bridge settings. William with sabaitechnology.com 02/21/10
http://forum.bsr-clan.de/ftopic694.html Old forum discussion on topic
http://www.wi-fiplanet.com/tutorials/article.php/3639271 graphical representation