Wireless access point

From DD-WRT Wiki

Revision as of 06:13, 24 September 2011 by Geetek (Talk | contribs)
Jump to: navigation, search

You are here: DD-WRT wiki mainpage / Linking Routers / Wireless Access Point



If you have a large network, for which DD-WRT is not a suitable core router you will probably want to have wireless clients be a part of the larger network. In this case, clients would get DHCP configuration from some other DHCP server, and could be accessed by other clients on the network.

As an example, some colleges that still allow students to have their own wireless access points (WAPs) require that the WAPs not hand out private IP addresses (as many routers with DHCP/NAT do by default) because it makes it difficult to track down which client is causing problems (eg. virus infections, worms, etc.)

Typically, vendors such as Linksys charge more for devices which work as standalone WAPs because routers are typically used by home users and WAPs are more popular for businesses. With DD-WRT you can buy a device marketed as a router and use it as a WAP.

If you want a secondary router to be on a separate subnet from the primary, all you have to do is do a hard reset on your router. Set the router IP to on the basic setup page. Set security and ssid on the wireless tab. Hit save before changing pages and hit apply when you are done. Plug the Lan cable from your primary to the WAN of the second router. You are done. If you want it on the same subnet, so all computers on your network can access each other, follow the instructions below:


Here's how to create a Wireless Access Point using dd-wrt v24. Please pay special attention to the Review section of this article, especially if you are using an older version.

  1. Hard reset or 30/30/30 the router to dd-wrt default settings
  2. Connect to the router @
    • Note: If this router is wired to another router, there may be conflicts (both routers could have the same IP address). For the time being, disconnect this router from the main one.
  3. Open the Setup -> Basic Setup tab
    • WAN Connection Type : Disabled
    • Local IP Address: (i.e. different from primary router and out of DHCP pool)
    • Subnet Mask: (i.e. same as primary router)
    • DHCP Server: Disable (also uncheck DNSmasq options)
    • (Recommended) Gateway/Local DNS: IP address of primary router (many things will fail without this)
    • (Optional) Assign WAN Port to Switch (visible only with WAN Connection Type set to disabled): Enable this if you want to use WAN port as a switch port
    • (Optional) NTP Client: Enable/Disable (if Enabled, specify Gateway/Local DNS above)
    • Save
  4. Open the Setup -> Advanced Routing tab
    • (Optional) Change operating mode to: Router
    • Save
  5. Open the Wireless -> Basic Settings tab
    • Wireless Network Name (SSID): YourNetworkNameHere
    • (Optional) Sensitivity Range: The max distance (in meters) to clients x2
    • Save
  6. Open the Wireless -> Wireless Security tab
    • Note: Security is optional, but recommended! Clients must support whatever mode you select here.
    • (Recommended) Security Mode: WPA2
    • (Recommended) WPA Algorithm: AES
    • (Recommended) WPA Shared Key: >8 characters
    • Save
  7. Open the Services -> Services tab
    • (Optional) DNSMasq: Disable (enable if you use additional DNSMasq settings)
    • (Optional) ttraff Daemon: Disable
    • Save
  8. Open the Security -> Firewall tab
    • Uncheck all boxes except Filter Multicast
    • Save
    • Disable SPI firewall
    • Save
  9. Open the Administration -> Management tab
    • (Recommended) Info Site Password Protection: Enable
    • (Recommended) Routing: Disabled (enable if you need to route between interfaces)
    • Apply Settings and connect Ethernet cable to main router via LAN-to-LAN uplink*

  • Notes:
    1. To connect the WAP to the main router, you can probably use either a patch cable, straight-thru, or a crossover cable. Most DD-WRT capable devices can do auto-sensing so the cable type doesn't usually matter.
    2. You can connect the WAP to the main router via LAN-to-WAN so long as you have assigned the WAN port to switch (see step 3).


There were three basic configuration changes you made to set up your router as a wireless access point.

Turn Off DHCP

If you did not turn off DHCP, when you plug your router into the network (after configuration), your WAP may provide IP addresses to clients on the wired network, and this may be inappropriate. Tracking down problems caused by multiple DHCP servers can be time-consuming and difficult.

Because its so important, it is worth repeating: Turn off DHCP before you continue!

Set the IP address of the LAN Interface

Immediately after turning off DHCP, while your PC still has the IP address the WAP gave you, set the LAN interface of the WAP to the IP address you want it to use, eg. if host router is, give WAP an IP of Alternatively, you can use the instructions below to set the WAPs IP address via DHCP.

If you cannot connect to the WAP in order to set the LAN interface's IP address, it is probably because your computer no longer has an IP address on the same subnet. To get past this issue, simply set your computer's IP address and subnet to and respectively. (This assumes you are still using the default settings. If not, change the IP address and subnet as appropriate) You should now be able to point your browser at (again assuming default settings).

LAN Uplink

There are two ways to connect your WAP to the LAN. You can either Uplink through one of the router's LAN ports, or use the WAN port that is normally connected to the cable/DSL modem.

LAN Uplink Through LAN Port

To complete the link between the two routers, connect a LAN port on the central router, to a LAN port on Linksys router (to be used as your WAP). You may need a crossover cable to do this, although many modern routers have an automatic polarity sensing. To test this, connect a standard ethernet cable between the two routers. If the LAN light comes on, the router has automatically switched the polarity and a crossover cable is not required.

LAN Uplink Through WAN Port

If you use your DD-WRT router as a WAP only, you may use your DD-WRT router's WAN port to connect it to your existing LAN. To do this, you need to disable the Internet Connection and "Assign WAN Port to Switch".

Normally, the router does Layer 3 IP routing. but by "Assigning WAN Port to Switch," your DD-WRT router will bypass that functionality and just pass on the Layer 2 ethernet packets from your wired network to the wireless network and vice versa.

Alternatively, if you have a router that supports assigning the WAN port to the switch:
Setup -> Basic Setup -> Internet Connection Type -> Connection Type = Disabled
Setup -> Basic Setup -> Network Setup -> WAN Port -> Assign WAN Port to Switch
you can connect the WAN port as your uplink to your main router. All this really buys you is an extra port (4 available instead of 3), but why not?

Roaming access

If you are installing additional Access Points to cover a broader area with Wi-Fi access, it is possible to allow clients to roam freely between them. The common method is to use the same SSID and Security settings on each access point.

Use a different channel on each AP. e.g. if you are in the US and installed two access points, use channels #1 and #11. Or if three access points, then use channels #1, #6, and #11 (setting the channels at least 5 apart should help keep interference between APs to a minimum). If you have a residential gateway with wireless turned on, and just one AP, then the same applies: each gets a different channel.

When using multiple Access Points, each one should be connected by LAN to LAN uplink as described above. They can even be attached to different switches within the same organization.

How To Use DHCP to Set the WAP's IP Address

Note: This step is optional. It is not required to set the WAP's IP address via DHCP. It can be made static, as shown above.

It is not possible to set the LAN interface to get its IP address via DHCP using the web configuration interface. You can, however, set your startup script to obtain an IP address.

Simply set your IP address to:

udhcpc -i br0 -p /var/run/udhcpc.pid -s /tmp/udhcpc -H test-wrt-wireless
hostname `nslookup \`ifconfig br0 | grep 'inet addr' |cut -f 2 -d ':'\` | grep 'Name:' | awk '{print $2;}' | cut -f 1 -d '.'`
if test `hostname` != `nvram get wan_hostname`; then 
     nvram set wan_hostname=`hostname`;
     nvram set router_name=`hostname`;
     nvram commit;

Only the first line is required if you don't want your WAP to set its name based on the IP address it gets. However, if you want to save a configuration file which will apply to several WAPs, that can be a handy feature.

It seems that in some cases, the /tmp/udhcpc link doesn't exist. in that case, prepend:

ln -s /sbin/rc /tmp/udhcpc

to your startup script.

EDIT 2011/06/25: If you leave the "Local DNS" GUI field to, then the WAP will use the DNS supplied by dhcp. To be functional, this requires the "Gateway" is set too. You may wish the gateway to be assigned by dhcp too. You do it appending

route add default gw `nvram get wan_gateway`
nvram set wds_watchdog_ips="`nvram get wan_gateway`"

after the udhcpc command in the script. You can also leave the "Gateway" GUI field to, or set it to a backup/fallback gateway IP that will be overriden when the dhcp server offers a lease on startup run.

The second line is optional: you just need to enable the WDS/Connection Watchdog and set the wanted delay to have the WAP monitor the connection to the gateway.


Related Forum links

Secure remote management for a WAP