Repeater Bridge

From DD-WRT Wiki

Current revision

Wiki Path: DD-WRT Wiki Main / Tutorials / Linking Routers / Repeater Bridge

[edit] Introduction

A wireless bridge connects two LAN segments with a wireless link. The two segments are in the same subnet and look like two Ethernet switches connected by a cable to all computers on the subnet. Since the computers are on the same subnet, broadcasts reach all machines. DHCP clients in one segment can get their addresses from a DHCP server in the other segment.

Use a wireless bridge to transparently connect computers in one room to computers in a different room when you cannot—or don't want to—run an Ethernet cable between the two rooms.

[edit] Difference between Station Bridge and Repeater Bridge

A standard wireless bridge (Station Bridge) connects wired clients to a secondary router as if they were connected to your main router with a cable. Secondary clients share the bandwidth of a wireless connection back to your main router. Of course, you can still connect clients to your main router using either a cable connection or a wireless connection.

The limitation with standard bridging is that it only allows wired clients to connect to your secondary router. Wireless clients cannot connect to your secondary router configured as a standard bridge. Repeater Bridge allows wireless AND wired clients to connect to a the Repeater Bridge router, and through that device wireless to a primary router. You can still use this mode if you only need to bridge wired clients; the extra wireless repeater capability comes along for free; however, you are not required to use it.

Reference Image

In the case in which we are interested, a secondary router running DD-WRT v24 is configured as a Repeater Bridge between a Primary wireless router (of any make/brand/FW) allowing the above configuration.

[edit] Assumptions

Primary router is configured in a 192.168.1.X subnet and leases DHCP address in the same pool. Secondary router is running DD-WRT.

If using a multi-band router, do not set more than one band to RB. The other radio(s) would normally be set as AP. For example, the 2.4GHz radio can a CB while the 5GHz is an AP, or vice versa.

Note: If you are unsure of what you are doing, it is advisable to practice by setting up the router first in Station Bridge mode and get it working correctly. Station Bridge mode is simpler, but most of the settings are the same. Once you understand how to set up a Station bridge and have it working, then proceed to setting up Repeater Bridge

[edit] Broadcom

This is a simple step-by-step guide to connect a router running current (2017) firmware in Repeater Bridge (RB) Mode. You do not need DD-WRT on the primary router for this to work, however, your primary router must be able to support encryption that works with DD-WRT (use WPA2-AES, not TKIP).

• Read and understand the Firmware FAQ and (especially for MIPS) Peacock announcement before doing anything else.
• Repeater Bridge with WPA2-AES is broken for k2.6 builds after 25974, though some models might work through 26125
• Broadcom dhd driver models (e.g. AC5300 routers) cannot support RB (nor Station Bridge) modes since the driver is controlled by wireless firmware internal to the chipset. This makes it impossible to implement fake bridge modes, and is not fixable. While it can sometimes work without encryption, there is no guarantee nor official support. The driver will usually crash in these modes.

This mode is for a wireless bridge, where the SSID is repeated and the second router's ethernet ports provide wired connections to the main router, as if plugged into the main router.

For a secondary router running DD-WRT, the wireless mode must be configured as Repeater Bridge. It will connect to a primary router in AP mode (DD-WRT default) with DHCP Server enabled. Any type of VAP (Virtual Access Point) on the host should work, including a WDS-AP (Atheros) or any VAP including on another RB, but can depend on the host router.

[edit] Instructions

Make sure to click Save and not Apply between steps, as Save will commit the changes to NVRAM withough activating them (which Apply does), to prevent access problems, such as changing the IP address.

1. Reset to Factory Defaults on secondary DD-WRT router
   • Optional (but suggested if having issues): Perform a hard reset
     • DO NOT 30-30-30 ARM routers. See your model wiki; some reset using the WPS button at power-up
     • Hold the reset button until lights flash (10-30sec) or 30-30-30 if appropriate for your router
2. Hook up to the secondary router with an ethernet cable or as a wireless client.
   • The dd-wrt default wireless SSID is "dd-wrt"
3. Open the GUI address http://192.168.1.1 in your web browser
4. Open the Wireless -> Basic Settings tab
   • Physical Interface Section (for multi-band routers, only use Repeater on one radio)
     • Wireless Mode: Repeater Bridge
     • Wireless Network Mode: Match Primary Router
       • Usually N*-Mixed (or G-Only for pre-N routers), as Mixed may not work)
     • Wireless Network Name SSID: Must Match Primary Router EXACTLY including case
       • Note: some devices may not properly handle special characters, spaces, etc.
     • Wireless Channel: Usually leave at Auto for DD-WRT to determine the channel
     • Sensitivity Range (ACK Timing): 0 is recommended (this setting is not available for all routers)
     • Save (not Apply)
   • Virtual Interfaces Section: Click "Add"
     • Wireless Network Name(SSID): Same as Primary SSID. If having problems, try a different one.
       • k2.4 (broadcom folder) builds may require using a different SSID from the Primary
     • Save (not Apply)
5. Open the Wireless -> Wireless Security tab
   • Physical Interface section (WPA2-AES strongly advised)
     • Security Mode, WPA Algorithms & Shared Key: Must Match Primary Router
   • Virtual Interfaces Section
     • Security Mode, WPA Algorithms & Shared Key: Must Match Physical Interface for k2.4
       1. WPA2-AES should be able to use a different password on k2.6 and newer
       2. WEP (with any password) or Open (disabled) should work on any kernel
     • Save (not Apply)
6. Open the Security -> Firewall tab
   • Uncheck all boxes...except Filter Multicast (see why here)
   • Disable SPI Firewall (workaround for issues)
     • Save (not Apply)
7. Open the Services -> Services tab: disable DNSMasq, then Save (not Apply)
8. Open the Setup -> Basic Setup tab
   • WAN Connection Type: Disabled
   • IP Address: 192.168.1.2 (if not in use and assuming Primary Router IP is 192.168.1.1)
   • Mask: 255.255.255.0
   • Gateway: 192.168.1.1 (or Primary Router IP if not 192.168.1.1)
   • DHCP Server: Disable
   • Local DNS: 192.168.1.1 (or Primary Router IP if not 192.168.1.1)
   • Assign WAN Port to Switch: use WAN port as another LAN port (also allows access after a reset)
   • Change the Router Name (e.g. "DD-RB1") and set the Time Zone
     • Save (not Apply)
9. Go to the (Setup ->) Advanced Routing tab: Change the Mode to Router
   • Save and then APPLY settings: allow router to reboot
10. Log back into the router GUI at its new IP address: http://192.168.1.2 (or the chosen IP Address above)
11. Check internet connectivity: try to ping the second router from a client plugged into the ethernet port, then try to ping the primary router, and finally try the internet.
12. Reboot the router if not working

You should now be able to connect wired and wireless clients to the newly configured Secondary Router. It will receive IP addresses from the Primary Router via DHCP, and access the internet connection through it's gateway.

NOTES:

• All repeaters including Repeater Bridge mode will sacrifice half of the bandwidth available from the primary router for clients wirelessly connected to the repeater. This is a result of the repeater talking in turn to the Primary Router and client, relaying the traffic between them. As long as your internet bandwidth requirements are within this halved bandwidth there will be little observed reduction in speed.
• Repeater Bridge on Broadcom [also Atheros Station Bridge (routed)] is generally not a good solution, as it is not a true bridge (BS from the .de forum). It should be fine for internet access with few clients, but more clients or more complicated networking is likely to cause trouble, since MAC addresses will not transverse its bridge. In contrast, WDS is a transparent bridge and useful for these things. Also, the primary host router's log can be full of arp spoofing attempts if it has ARP Spoofing Protection enabled in its security. Repeater (Broadcom) [or Client (QCA/Atheros)] is much more suitable to use for extending wireless; if WDS is not available.

[edit] Troubleshooting

Encryption type and key must be the same on both the primary and secondary router. The first thing to do when running into problems is to remove all encryption and see if the routers can connect. This is the single most common reason that bridged routers don't work

• Wireless Clients cannot connect to Repeater:

Disable security and try again. Delete and recreate your profile on the wireless computer. Check to make sure you have set security properly and that the key you used matches the key in the primary router. If one security type doesn't work try another on all routers. eg. try WEP or WPA2-AES [Mera Pakistan]

• NAT: Open the Setup->Advanced Routing tab and change the mode to "router" instead of "gateway".

• Wireless Clients have no Internet:

Ensure the Gateway IP is specified in the repeater bridge router, and that it is the primary router's address.

[edit] Ralink

Many in the forums were having issues with getting this to work with v24-sp2 on the DIR-615 rev D4.

1. Restore Factory Defaults on Secondary (DD-WRT) Router
2. Do a proper HARD 30-30-30 Reset on the router.
3. Go to 192.168.1.1 and log in.
4. Go to the wireless tab.
   • Choose Repeater Bridge under wireless mode.
   • Match your SSID and channel settings exactly to the main router you will be connecting to.
   • Make sure bridged is selected.
   • Click Save.
5. Go to the Wireless Security tab.
   • Match these settings to your main router exactly.
   • Click Save.
6. Go to setup>basic setup.
   • Choose a local IP in the same subnet that is not being used as your main router. If your main router is 192.168.1.1 then as long as it is not in use 192.168.1.2 will work. Assuming your ip is in this range the subnet will be 255.255.255.0 and the gateway and local dns will be 192.168.1.1.
   • Click Save
7. Click Apply
8. Check that the wireless is extended, and also with working LAN ports and internet

[edit] Qualcomm Atheros

Use build 32170 or newer. Do not follow the Broadcom instruction, as Qualcomm Atheros units set up a Repeater Bridge by using Station Bridge (Routed) with an added VAP.

1. Follow the instructions in the Station Bridge (Routed) wiki to set up the station bridge, then follow the steps for adding a VAP below.

• If you only have devices connected to the repeater via ethernet, click apply settings now. If you have both ethernet & wireless, or just wireless clients, continue below.

1. Open the Wireless -> Basic Settings tab
2. Go to Virtual Interfaces (ath0.1, ath1.1, etc.)
3. Click Add Virtual AP
   • Wireless Network Mode: AP
   • Wireless Network Name (SSID): Same as the host router if you want a repeater, or different from the host router if you want your own separate network or for other advanced configurations.
   • Wireless SSID Broadcast: Enable
4. Click Save
5. Open the Wireless -> Wireless Security tab
   • All parameters must match the host router, exactly including capitals & security algorithm. EX: host using WPA2 Personal AES will still work if the repeater is set to WPA2 Personal Mixed AES, as it includes the algorithm in use (WPA2-AES).
6. Click Save
   • Network Configuration: Bridged if you want a repeater to extend the current network of the host router.
7. Click Apply Settings

[edit] Notes

[edit] SSIDs

Under "Wireless -> Basic Settings", you must use only the primary router's SSID for the physical interface to connect wireless clients and create a new SSID for the virtual interface. You will be able to tell which you are connected to as the two ssids MUST be different. (The only way to have one seamless network with the same ssid is to use WDS which almost always requires routers to support WDS AND have at least the same chipsets)

[edit] The "half bandwidth" misunderstanding

Too many people make a big deal out of the half bandwidth oversimplification of the repeater bridge setup. It's not that big of a deal, and not that complicated. A router can only talk to one device at a time. So if the router is set up as a repeater bridge AND it has active clients, the repeater bridge router must talk to two devices- the client computer and then to the primary router. This will effectively half the bandwidth available to the client computer, but it is no different than having two computers on a single primary router. The router can only talk to one at a time, so if both are active, it will only be able to talk to one at a time, effectively cutting the available bandwidth in half. So it really is no big deal. I see people all the time who are concerned about the "half bandwidth" issue, but are not at all concerned when there are two devices on their network. It's the same thing. And only matters at all when the device is active (transferring data to or from the wan).

[edit] Security

Dd-wrt will often not work unless BOTH the primary router and the secondary router use wpa2-aes security ONLY. Wep will also often work, but it is not secure.

Keep in mind any security settings will need to be configured including MAC filtering in order for the Secondary Router to connect to the Primary Router and also for clients connecting to the Secondary Router to gain full access to the connectivity of the Primary Router. There are some factors to consider when setting up Security for Station Bridge mode that may or may not be factors when setting up Repeater Bridge mode. I simply have not experimented with this.

[NOTE {Montrealmike}]Also when your adding WEP,WPA,WPA2 etc... between the AP and the repeater bridge you have to start with the AP first; then the repeater bridge.When you enable security on the repeater click save not apply, then click on the administration tab scroll down to the bottom and click apply settings. You will then have to power cycle the repeater twice ( unplug and plug back in twice ) in order for the repeater bridge and AP to synchronize. This has worked for four repeater bridges for me.

Edit - pmiller - I can also confirm the power cycling to sync the repeater to the AP. You can confirm that the repeater has syncronized with the AP by going to the Status>Wireless tab on the AP and viewing the MAC address of the repeater with some % signal quality value. Before doing 2 power cycles on the repeater, the MAC address would display on the AP's Status>Wireless tab, but with 0% signal quality. After the power cycles the % quality displayed around 30%. I played around with other security settings later on the AP and found the 2 power cycles to be unnecessary after the 2 had originally sync'ed- no idea why this would work, but it did. I had some difficulty at first because I had security enabled on the AP as WPA2-Personal Mixed, which is basically WPA2-AES or WPA-TKIP simultaneously. The repeater is unable to connect with the AP in this mixed mode; rather you must choose between WPA2-AES or WPA-TKIP . I have now switched both my wireless security settings to WPA-TKIP (physical and virtual) just for simplicity, though in theory the virtual need not match the physical. Your security is as good as the weakest link. For those having trouble, I would turn off all security and turn on SSID broadcast first, then once you get a good sync turn on security on the AP first, then

Edit - crandler - WPA2 personal mixed with Linksys WAG160N as DSL uplink with original firmware and WRT160N with dd-wrt v24 std in repeater bridge mode does not function. Had do switch both devices to WPA2 personal.

Edit - ytal - Using encryption for the bridged connection only works if I either use the same encryption data (incl. ESSID) on the other (virtual) interface or do not use any encryption on the virtual interface at all. If set differently, the wireless link to the base station fails. Base station is a Speedport W500V / Targa WR 500 VoIP (http://forum.openwrt.org/viewtopic.php?id=5774) with the original Telekom firmware.

Edit - RamonBuckland - I found that setting the security to off worked first. But WPA2 Personal did not. I then lowered the key refresh to 15 seconds (same Wireless Security settings tab) on both routers and applied. They then found each other. One would figure if I were patient enough (to wait 3600 seconds, 1 hour) then it would have worked. So .. I think the key renewal is what throws them. I have it now working WPA2 Personal (AES) with a key renewal of 15 seconds. Perhaps upping it now to an hour and walking away (from the house) they will work :-) logically. Good work peoples.

Edit - MikeMaven - I'd just like to add my own confirmation. I was having problems with WPA2 at first. I think it was a result of the key refresh not occuring. I set it to 15 seconds, reconnected, and everything seems to be working great! For the record, I'm connecting to a 2wire AP using WPA2-Personal and the same key on both the physical and virtual interface.

[edit] Accessing Both Routers?

Since all routers are on the same subnet, you will be able to access both of the routers when connected to either of them.

[edit] MAC Filtering

For those of you who have enabled MAC filtering on your Primary router, you need to add the WLAN MAC address of your Secondary router to the permitted MAC filter list of the Primary router. This is different than the MAC address printed on the bottom of the case, you can find it by going to Status->Wireless and the top line will list the internal MAC address. Of course, you will want to add the MAC filter list to the Secondary router. This should be setup prior configuring your WPA, WPA2, etc. settings otherwise you will spend some time pondering why the bridge isn't working.

[EDIT - Redhawk] - The wording here was a little confusing. Once I used the Wireless MAC address then all worked correctly....the MAC filter address on the Primary router needs to be the "Wireless MAC" address listed on the Router Status page and not the LAN MAC address . (Use Router MAC +2) - Yes...I know it says WLAN but for an noob doing this procedure it could be confused.

Special thanks to Griminal for providing a basic graphic which I modified for this Wiki Entry.

IF YOUR ROUTER WIRELESS KEEPS DISCONNECTING PLEASE CHOOSE REPEATER AND NOT REPEATER BRIDGE

[edit] Site Survey Adjustment

Site Survey does NOT create any connection. It only fills in the name of the primary router, which you must save for site survey to have any use. You can fill in the primary SSID simply by typing it in on the secondary router instead of using site survey to type it for you.

You can verify that the Bridge is using correct settings by looking at the Status -> Wireless page on the Bridge where it will show details of the SSID, channel, and encryption in use. The real indicator of proper association is on the Access Point, where the Bridge's MAC should appear on AP's list of active clients (also Status -> Wireless if the AP is running dd-wrt).

[edit] See Also