WDS Linked router network
From DD-WRT Wiki
WDS between different chip vendors (atheros, broadcom, ralink) will not work most of the time since it's INCOMPATIBLE and no we will NOT fix it. WDS (Wireless Distribution Service) creates a wireless backbone link between multiple access points that are part of the same wireless network. This allows a wireless network to be expanded using multiple access points without the need for a wired backbone to link them, as is traditionally required. The WDS-enabled access points can accept wireless clients (e.g. wireless laptop users) just as traditional APs would.
Also take note of the fact that all repeaters, including this WDS Repeater mode, will sacrifice half of the bandwidth available from the primary router for clients wirelessly connected to the repeater. This is a result of the repeater taking turns talking to not just one partner, but to two, and having to relay the traffic between them. As long as your bandwidth requirements are within this halved bandwidth amount there will be little or no reduction in "speed".
 Important Note:
Be aware that WDS is NOT a certified standard of the IEEE and that every vendor that provides WDS is doing so via its own implementation. In general, this results in incompatibility between different HW vendors devices e.g. Ralink, Atheros, Broadcom. In other words, this result in much trouble connecting units, even of the same OEM, when they use different HW. So, this is not a bug in DD-WRT. Its just a design problem and we're not responsible for it.
Please see List of confirmed working Broadcom WDS devices
If your needs are not specifically tied to WDS, another way to wirelessly link two routers is by setting up the repeater in either Client Mode or as a Client Bridge. You may even find that these set-ups increase speed compared to a WDS. You can read more about these in the sections Wlan Repeater and Repeating Mode Comparisons.
 Atheros SoC Based Devices and ATH WIFI card based Devices
There is not much to know. just a few facts to follow since it works different from other WDS stuff!
 General FAQ
- WDS between different chip vendors (atheros, broadcom, ralink) will not work most of the time since it's INCOMPATIBLE and no we will NOT fix it
. (However, if you are really desperate to give it a try, users in the forum have documented that this may work for certain hardware. Try at the peril of your sanity.)
- An Atheros-based WDS Station will not work as a wireless access point out of the box, i.e. won't allow clients to connect to the repeated signal. A solution is to have clients connect either to the WDS station's wired RJ45 port, or to set up a Virtual Access Point (see more under Multiple WLANs).
- In plain language, once the WDS Station is set-up, and your terminal can get internet access through the WDS Station LAN Ethernet port, you need to add an (virtual) AP on the WDS Station, with the same SSID and Encryption (password, WPA2AES) as the WDS AP and WDS Station. - S2s2 23:15, 14 August 2015 (CEST)
- Don't set MACs to the WDS-Table. This always causes trouble so stay away from it. It won't work.
- Bing all devices to the latest build or at leatst all devices to the same build.
 Change an existing DD-WRT setup to DD-WRT WDS
- NO WDS support for connecting DD-WRT MadWIFI <-> DD-WRT ath9k/DD-WRT MadWIFI-N (legacy/old driver)
- NO WDS support for connecting current DD-WRT MadWIFI <-> DD-WRT MadWIFI-N <-> DD-WRT ath9k
- Set the router/AP Type to "WDS AP" and the all the client stations to "WDS Station". All on the same SSID and and same encryption - Either NONE or WPA2AES. (Wireless N only supports those two)
- On the WDS tab, make note of the AP Mac address. You will need to enter it into the WDS Station. (Type LAN, not bridge)
- WDS Station: Under Basic Setup ---> Network Setup ----> Local IP Address, use an IP in the same subnet as the WDS AP router but outside the WDS AP router's DHCP range.
- Make note of the MAC on the WDS Station WDS tab. You will need to enter it on the WDS AP. (LAN, not bridge)
- Disable DHCP server on the WDS STATION.
- Important Write down the WDS AP's IP as the gateway and DNS on the WDS STATION.
- S2s2 23:49, 14 August 2015 (CEST) The above step does not seem to be needed on currect 27506 builds.
Save and Apply Settings
- How to setup an Atheros WDS AP and one or more WDS Stations: (build 27506, 2015/7/9, atheros radios) S2s2 23:49, 14 August 2015 (CEST)
- This includes the setup where the WLAN/Wireless is separated from the LAN, a typical business/guest setup. And how to extend the Guest WLAN network with WDS. You can skip those additional steps if you want.
- First of all, your WDS Station will not have internet connectivity through the Wireless portion to wireless clients (smartphones, tablets etc) until you make a virtual AP with the same SSID and Encryption as the AP/STA. This is mentioned before in this page and elsewhere, it bears repeating. Keep that in mind.
- Your first radio needs to be changed from an AP to a WDS AP. Your encryption SHOULD be WPA2AES or NONE. So if your Guest WiFi was called Guest, change the type setting from AP to WDS AP.
- Suggested to fix the radio channel here, and set the same fixed channel on the WDS Stations, although it may not matter. Try it either way, first with fixed channel then auto-channel. The WDS Station should 'lock' to the WDS AP channel automatically.
- Click on WDS and enter the MAC of the WDS Station for each WDS Station.
- Now, if you have already followed guides to separate WLAN from the rest of the router (well documented), set your unbridged WLAN back to Default (bridged). We will change this later. So the Guest WPA AP should be set normally. Leave your additional DHCP range alone. Here I will use the example 192.168.240.x for Guests/WLAN, with a LAN router range of 192.168.0.x, based on actual experience.
- Create a bridge, br1. Name it Guests-Bridge. Name the Guests ath0 (WLAN) GuestsWiFi. Name the ath0.wdsx to GuestsWDS. All of these need to be added to the br1 bridge, which will remove them from the br0 default bridge. They are NOT unbridged in their individual settings. Adding them to br1 will move them to br1 and remove them from br0. Set the IP for br1 to be 192.168.240.1 255.255.255.0. (Or whatever your old Guest subnet range was before you started making these modifications).
- Again, a major key to getting the Guest WiFi WDS working is to make sure the ath0.wdsx is part of the br1.
- ath0.wds0 appears when you begin choosing LAN and filling out the MAC field under WDS tab in Wireless.
- Likewise an ath0.wds1 will appear if you input a second WDS Station on the WDS tab in Wireless. That should also be added under the br1.
- Any ath0.stax that appear as the actual WDS Stations connect, will automatically fall under the same bridge as the ath0.wdsx they are associated with. You do not need to worry about these. You can see the results under this bridging page once the WDS Station is connected.
These commands had to be added to the firewall in order for the br1 to work:
#Allow guest bridge access to Internet iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu #Block access between br0 and br1 and vs vs #I added the next line in hopes br0 could reach br1. It's just a guess... iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j ACCEPT #These next two specifically block traffic between br1 and br0 #iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP #NAT to make Internet work iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr` #Enable NAT on the WAN port to correct a bug in builds over 17000 iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr` #Deny access to local router services from Guest (240.x br1) network iptables -I INPUT -i br1 -p tcp --dport telnet -j REJECT --reject-with tcp-reset iptables -I INPUT -i br1 -p tcp --dport ssh -j REJECT --reject-with tcp-reset #iptables -I INPUT -i br1 -p tcp --dport www -j REJECT --reject-with tcp-reset iptables -I INPUT -i br1 -p tcp --dport https -j REJECT --reject-with tcp-reset
Note the hashtag in front of the last iptables command. I need to temporarily access the Webpage on the WDS AP. If you want the Guests to have NO access to the main router webpage (which you should block for security purposes in production), remove the hashtag.
Also there is a hashtag where the br0 LAN business network can access the br1, not visa versa. Again, this is for testing purposes. I left it in so you could see how to do it. In production you might remove the hashtag.
 DD-WRT MadWIFI to Ubiquiti WDS
- AirOS <=3.X <-> DD-WRT (madwifi): set AirOS to WDS-AP <-> DD-WRT v.24 (or higher) to WDS-Sta. Put all on the same SSID and set your prefered wireless encryption.
- NO WDS support for connecting current AirOS 3.x <-> DD-WRT ath9k and AirOS 5.X <-> DD-WRT MadWIFI/DD-WRT ath9k
 DD-WRT MadWIFI to MTik WDS
- Connect as DD-WRT WDS-Sta to an MTik AP. Set DD-WRT MTik compability to on. The other way round should work, too. Put all on the same SSID and set your prefered wireless encryption.
 Broadcom to Atheros WDS Configuration (Unsupported)
For the best WDS stability and performance, you should use the same wireless chipset on both sides, ie: Broadcom-to-Broadcom or Atheros-to-Atheros. That being said, multi-vendor WDS interoperability is possible but not necessarily guaranteed to work.
Note: there are configuration differences between DD-WRT builds & different platforms. If you don't see the exact configuration items below on your router, you may need to look for it on a different configuration page.
- Wireless / Basic Settings: Wireless Mode = G-only
- Wireless / Basic Settings: Network Name (SSID) = dd-wrt (modify to your liking)
- Wireless / Wireless Security: Security Mode = WEP
- Wireless / Wireless Security: Default Transmission Key = 1
- Wireless / Wireless Security: Encryption = 64 or 128 bits (either works)
- Wireless / Wireless Security: Passphrase = (blank)
- Wireless / Wireless Security: Key 1 = 10 or 26-digit encryption key (modify to your liking)
- Wireless / Basic Settings: Wireless Mode = AP
- Wireless / Basic Settings: Wireless Channel = (pick something suitable for your environment)
- Wireless / Advanced Settings: Preamble = Short
- Wireless / WDS: Enter MAC address of Atheros device and select "LAN" in the drop-down box
- Wireless / Basic Settings: Wireless Mode = "WDS Station"
- Wireless / Basic Settings / Advanced Tickbox / Short Preamble = Enable
- Wireless / WDS: Enter MAC address of Broadcom device and select "LAN" in the drop-down
- Note: Wireless Channel will be automatically selected based on the Broadcom configuration
The above example was minimally tested using the following hardware / firmware on 1/12/2011:
- Broadcom BCM4704 (v9): Netgear WNDR3300 '(dd-wrt.v24-15508_NEWD-2_std-nokaid_nohotspot_nostor.bin)'
- Atheros AR2315: Engenius / Senao EOC-2610 '(v24 preSP2 [Beta] Build: 14896)'
Do NOT use this as a firmware recommendation for these devices! Please see the Atheros and Broadcom wiki's and forums for official firmware recommendations.
In this configuration, combinations of WPA/TKIP and WPA2/AES were unsuccessful. "AP" and "WDS AP" modes on the Atheros didn't work in this configuration either.
If you are having difficulty getting the WDS link up, disable security on both sides and try again:
- Wireless / Wireless Security: Security Mode = Disabled
 Broadcom Based Devices
In regards to integration with DD-WRT, it is confirmed working with WEP, WPA, and WPA2.
 Setup/Configuration for Broadcom Based Devices
Standard terminology for a two router setup:
- The host router is the router is connected to the internet. Its connection will be shared with clients.
- The client router is the router not connected to the internet. It will connect to the host router.
 Setup for two or more of the aforementioned Broadcomcompatible Routers
- (Recommended) On both routers, save the current configurations: Administration -> Backup. Click the Backup button and follow prompts so save NVRAM backup files, i.e. nvram_host.bin, and nvram_client.bin. These configurations can be restored if the new setup doesn't work and you need to quickly revert to the previous (working) configuration.
- On the client router, reset to its factory default state to eliminate the potential of conflict from other settings. Either use the router's reset button or reset via the GUI: Administration -> Factory Defaults -> Reset router settings -> Restore Factory Defaults - select Yes (radio button), then click Apply Settings button and wait for the router to reboot. (Optional) On the host router, unless it is impractical (e.g. the host is part of a working network) reset to its factory default state, too, to simplify debugging the new setup.
- On the client router, change the WAN Connection Type to Disabled. Setup -> Basic Setup -> WAN Setup -> WAN Connection Type . Also enable STP.
- On the client router, set the Local IP Address to one in the same subnet as the host router (e.g. 192.168.1.1 (host/internet gateway) and 192.168.1.2 (client router)). If the host router has been reset, set its Local IP Address as well. On the client, set the Gateway and Local DNS IP addresses to the Local IP Address of the host. Setup -> Basic Setup -> Network Setup -> Router IP
- On the client, disable the DHCP server. This allows the host to perform DHCP services. There can only be one DHCP server on any subnet (network) for reliable operation. Setup -> Basic Setup -> Network Address Server Settings (DHCP) . Also Uncheck the Three boxes below the DHCP Server.
- On the client router, Navigate to Setup > Advanced Routing. In the dropdown box for Operating Mode, Select Router. Click Save
- Again, client router; Navigate to Services. Disable DNSMasq as well as WAN Traffic Counter. Click Save
- On the client, disable the firewall. Security -> Firewall -> Firewall Protection -> SPI Firewall. First Uncheck everything BUT Filter Multicast, click Save. Now Disable the SPI Firewall and click Save.
- On both the host and client, set the Wireless Mode to AP and make sure the Wireless Channel is the same. For Wireless Network Mode, you can select Mixed , G-Only , NG-Mixed, or N-Only. Set the Wireless Network Name (SSID) to your liking as long as it is exactly the same on both routers. If running N or NG-Mixed , WPA2 + AES is the only form of encryption that can be used.
- On both routers, disable wireless security (this should already be done if you reset both routers to factory defaults). Security can be re-enabled after all other steps are complete, but in order to minimize troubleshooting, it's best to get things set up with no security active. If this is impractical, e.g. the host is part of a working network, make certain that all security settings on the client match those of the host exactly. Wireless -> Wireless Security -> Wireless Security wl0
- Important: On the host, disable MAC address filtering
- On both routers, open the WDS configuration page/Tab. For each router, you will see its wireless MAC address (Wireless MAC) at the top of the page. Note that this MAC address is different from the one that may be printed on the case. In the first open row of the table, select LAN from the dropdown list (The router will pause for a second) and enter each router's wireless MAC address into the table of the other router. It is not necessary to enable Lazy WDS or WDS Subnet on either router. If necessary, consult WDS - configuration for more than two routers for some helpful info. Wireless -> WDS -> WDS Settings
- (Optional, but not recommended) On the client router, configure static routing (Setup -> Advanced Routing) for Destination LAN NET and enter the IP address of the host router. Use the same settings for Subnet Mask and Gateway that are used by host router. For Interface, select LAN & WLAN. This step ensures that the bridge is given a static IP route. Setup > Advanced Routing -> Static Routing
- On both routers, check the wireless status page to see that the other is present in the WDS Nodes section. Make sure signal strength for each is not zero. Status -> Wireless -> Wireless Nodes -> WDS Nodes. If it is 0%, and there are no indication of the router transmitting or receiving packets, Unplug the client router for ~10 seconds , then re-insert power. Give it no more than 3 minutes to boot and obtain the WDS link from the host router.
- Test that you can ping the host from the client. Note that it may take a short amount of time for the WDS link to be established, and you may need to reboot either the client or host router (or both).
- If disabled, enable wireless security now (highly recommended). First enable it on the Client router, wait 5 seconds, then enable it on the Host router. Watch the Wireless LED's on the host router, if they are blinking, you're in business. If they're solid, power cycle the client router.
- If you set the SSID of the client router to be different from that of the host router, you need to make them the same in order to enable WPA/WPA2 encryption security. Using WPA/WPA2 encryption also requires STP to be enabled on all routers for a reliable link.
I decided that the amount of information can be intimidating for some novice users, therefore I have added screenshots of the process with examples of the respected configurations in the best order as outlined by the Wiki text.
 Multiple router setup
 Apple Airport Express
Verified with DD-WRT v2.3 (12/25/05) and AirPort Express v6.20 [1-21-2006]
Information updated for AirPort Express v6.3 and AirPort Utility v5.3.1 [3-16-2008]
DD-WRT (Save settings after each step)
- Wireless -> Basic Settings" Set the channel on the DD-WRT to 1.
- Wireless -> WDS: Select "LAN" option and enter the Airport Express's "AirPort ID" (can be found on the underside of the AirPort Express itself - be careful not to choose the "Ethernet ID").
- Set Lazy WDS and WDS subnet to disable
- Administration -> Management: Set Loopback to disable.
- Security -> Firewall: Turn off "Block Anonymous Internet Requests."
- Open AirPort Utility (found in /Applications/Utilities), select your AirPort Express from the left panel, and click "Manual Setup"
- In the "AirPort" section:
- Select "Wireless" tab
- Select "Participate in WDS network"
- Set Network name to your wireless SSID name
- Set the wireless channel to 1
- Choose your security (only WEP will work wirelessly - if you want WPA on your network, you're going to have to connect the AirPort via an ethernet cable)
- Select "WDS" tab
- Set "WDS mode" as "WDS remote"
- In the Main Aiport ID section enter your DD-WRT wireless MAC (can get this in Status -> Wireless)
- Select "Wireless" tab
- In the "Music" section (if you want to use AirTunes):
- Make sure "Enable AirTunes" is selected
- Name and password-protect your speakers
- Click "update"
If it works then there will be a solid green light (may take a couple of minutes) . If it does not work, you should connect Airport Express and WRT54G/GS using a CAT-5 cable and set up it. It might work.
Also note that the above configuration with the Airport Express works with either no encryption or WEP encryption. When using WEP encryption, make sure you enter your WEP key into the Airport Express exactly how it is entered into the WRT54G, but add a
$ to the beginning of the key. $ key is meant for hex (WEP). If you're not using hex, then you can leave it blank as normal.
In addition, also note that the wireless channel does not need to be 1, but it must be the same for both the DD-WRT and Airport Express. I have both units set to channel 11 and WDS works perfectly.
WPA/WPA2 encryption does not appear to work over WDS (but will work when the Airport Express is configured in client mode - but in client mode, the RJ45 connection is not usable). The error that the WRT54G reports back when the Airport Express is trying to associate via WPA over WDS is:
eapol_sup_dispatch wds0.49153: unknown EPOL type 3 . EPOL has to do with WPA, so perhaps if this issue can be resolved, then the two devices could associate. [EDIT: WPA2 seems to work just fine with the above configuration, as of March 16 2008.]
Warning: This guide does not work for Atheros-based DD-WRT routers, such as the D-Link DIR-300. Airport Express will not be able to participate in the WDS network.
Troubleshooting: Make sure that you disable the "AP Watchdog" daemon. If you have a wireless endpoint (like a laptop) which connects to the Airport station (because you use WDS) then the Linksys does not see any clients connected and restarts the wireless network over and over. You also could change other channel apart from 1, if you're having problems and you don't have to disable loopback.
- In some cases it may help to put the IP of the client router as a DMZ'd machine in the host router. Of course, this only works with a WDS between 2 routers.
- The source material for this list comes primarily from the following DD-WRT forum posts:
- If you're using encryption, remember to configure it on all routers!
- Set encryption after you got a running WDS.
- On the main Status page and the Wireless Status you can see the signal strength for any other routers in the WDS. If they are showing 0 then you're not connecting to them for some reason (wrong MAC address or, for WPA links, wrong SSID).
- NOTE: Some security works with some dd-wrt and not with others. Lately (2010) the only security that has worked reliably is WEP and WPA2-AES. WPA2-AES is the ONLY security that should be used with N routers if you wish to have N speed.
- If you want to use more than 2 repeaters with WDS and define multiple WDS paths for redundancy then you MUST enable STP or the network will loop back on itself and destroy all functionality. [Quote from GeeTek]
- Make sure you use a proper forum recommended build for broadcom. See the announcements in the broadcom forum and read this thread: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=51486
 WDS Bridging without Access Point Function
(NOTE: This appears to be broke with v24 Final. It will brick a WAP54G v3.1.)
Sometimes you just want to bridge two points together. WDS has the advantage of correctly passing MAC addresses so either end could be the host (Internet connection on the LAN side).
- Set up your WDS routers as you wish
- Turn off the AP function using the following commands in the shell
nvram set wl0_mode=wds nvram commit reboot
You may also need to issue an additional command of
nvram set wl_mode=wds
to turn off the AP.
- After it reboots you'll have a WDS bridge which doesn't allow wireless clients.
WDS between DD-WRT v23 and DD-WRT v24 is imposible, thats a broadcom driver issue! by Meex info by BrainSlayer
 Same LAN MAC Address Problem
If you are using two WRT54G V5V6 with same firmware version, you may end up on that both router use exactly same MAC address on its LAN, WAN, Wireless. Although you can change WAN and Wireless MAC address at WEB interface, it is hard to change LAN MAC address.
If both router use same LAN MAC address on WDS, you will see that: you can Ping any computer on both router, but you can NOT ping either router's IP, it will show "Destination Host Unreachable".
To fix this, please refer thread:
I have to revert one of my router back to Linksys version, then flash it again with custom build killer file.
Info by Victor
 Constantly losing connection to Samba/Shared folder
If you notice that you constantly lose connection to your machine while streaming a video or transferring a file from a Samba/Shared folder over your WDS, you might want try underclocking your routers to the same CPU speed. Some Linksys WRT54G/GS are set as 216mhz (factory default), even after flashing dd-wrt. Try underclocking them to 200mhz under Administration -> Management -> Overclocking, in the dd-wrt administrative console. For a detailed list of which versions of Linksys WRT54G/GS run at what speed, please check the Wikipedia link to Linksys WRT54G Series
Note: This may not be necessary, if you experience this problem it might be worth trying but don't do it unless you have a problem. Changing the clock speed is somewhat of a risk and could damage your router.
 Ralink Based Devices
--This section could use some work--
DIR-600 b1 to DIR-600 b2: Use encryption and the wlan WDS table freely.
Also, Atheros <-> Ralink and Broadcom <-> Ralink works in WDS (not use wpa/wpa2 between Atheros and Ralink, it does't work); (Ralink to Broadcom works but only "open", until you use Kernel 2.6 in broadcom -Ralink is k2.6-).
Also (maybe it's not to be mentiond here, but someone have's to write it...):
Atheros at WDS AP -> Ralink in Client Mode (not bridged), works using wpa/wpa2 Mix/g/ng-mix/n-only. I only get G Speeds, but any encryption worked. Just set NG-Mix / 40 Mhz and turn short preamble on at atheros, and set Ralink to mixed or N-Only, 40 mhz and turn short preamble on. Use any encryption you desire.
 Working Ralink Based Devices
- Buffalo WHR-G300N^
^This does not work through the Physical interface (wireless), BUT it does work through the Virtual interface (for me anyway - Just followed all the other instructions as written, and added a virtual Interface). Perhaps someone with more network savy can explain why and avoid the extra SSID. The other router used was a non-buffalo/non-dd-wrt router, the WDS mode set to "Repeater Mode". Obviously I hid the extra SSID. Hope this helps someone. So Can't be sure it works with other Buffalo WHR-G300N routers (I only have one).
- D-Link DIR-615^
^As with the Buffalo, you have to create a virtual wireless interface on the client, too. In my setup, I was using 2 DIR-615.
Note: 01/12/2010: The above information is not entirely correct
I've got it working on multiple DIR-615's without needing to use the virtual interface. However, if using the "physical" interface, you will need to manually add the wireless interface (ra0) to the network bridge. Even though it claims ra0 is already part of the bridge, you still need to add it again, otherwise you will have no connectivity when connecting to it (which may be the problem the two users above describe). This seems to be a bug as of build 14929.
To do this, go to Setup => Networking => Assign to Bridge => Add => Select "br0", Interface "ra0" => Apply Settings
With the DIR-615's WDS works in full 300 mbps mode up to and including build 14929 (after this, 40Mhz (HT) breaks). You can get at least 160mbps throughput under good conditions.
With DIR-615 (D4/D2 tested), Firmware 15778, Wireless => WDS => WDS Settings => Select LAN, enter MAC address of the routers you wish to connect, enter a note so you know which router the MAC refers to. i.e. UpstairsRouter. => Extra Options => Disable - Eazy WDS, Save, then Apply Settings,
DIR-615 (D4/D2 tested), Firmware 15778 works in 300Mbps mode. With 1 Host (Gateway) and 2 Client routers.