Wireless access point

From DD-WRT Wiki

(Redirected from Wireless Access Point)
Jump to: navigation, search

You are here: DD-WRT wiki mainpage / Linking Routers / Wireless Access Point



Contents

[edit] Introduction

If you have a large network, for which DD-WRT is not a suitable core router you will probably want to have wireless clients be a part of the larger network. In this case, clients would get DHCP configuration from some other DHCP server, and could be accessed by other clients on the network.

Linking routers by ethernet cables does not require dd-wrt on any router. All routers can be linked by ethernet cable and it will work. However, some more advanced settings are available in dd-wrt.

As an example, some colleges that still allow students to have their own wireless access points (WAPs) require that the WAPs not hand out private IP addresses (as many routers with DHCP/NAT do by default) because it makes it difficult to track down which client is causing problems (eg. virus infections, worms, etc.)

Typically, vendors such as Linksys charge more for devices which work as standalone WAPs because routers are typically used by home users and WAPs are more popular for businesses. With DD-WRT you can buy a device marketed as a router and use it as a WAP.

If you want a secondary router to be on a separate subnet from the primary, all you have to do is do a hard reset on your router. Set the router IP to 192.168.5.1 on the basic setup page. Set security and ssid on the wireless tab. Hit save before changing pages and hit apply when you are done. Plug the Lan cable from your primary to the WAN of the second router. You are done. If you want it on the same subnet, so all computers on your network can access each other, follow the instructions below:

[edit] Installation

[edit] Simple Version

  • Disable DHCP
  • Connect a LAN port to the main network / to the main Router's LAN port

Now you have an AccesPoint only setup, where clients are served IP details from your main network or main Router.

[edit] Short Version

Do a hard reset on the second router.

If you want to connect two routers with an ethernet cable, so that all devices connected to either of them can communicate with each other, plug an ethernet cable into the LAN (Not WAN) port of each router, set the IP to the second router to the same LAN IP address as the first router PLUS ONE (eg. 192.168.1.2), disable dhcp on the second router, and set it to a different channel as the first.

If you want to connect two routers with an ethernet cable so that the clients on one router are isolated from those on the other you need to use IP table rules to do this fully. However, you can do rudimentary isolation by plugging the ethernet cable from the first router's LAN port to the second router's WAN port, set the IP of the second router to a DIFFERENT Subnet, (eg 192.168.2.1 - Plus one to third octet if using 255.255.255.0 as subnet mask) and leave dhcp enabled on the second router.

[edit] Long Version

Here's how to create a Wireless Access Point using dd-wrt v24. Please pay special attention to the Review section of this article, especially if you are using an older version.

  1. Hard reset or 30/30/30 the router to dd-wrt default settings
  2. Connect to the router @ http://192.168.1.1
    • Note: If this router is wired to another router, there may be conflicts (both routers could have the same IP address). For the time being, disconnect this router from the main one.
  3. Open the Setup -> Basic Setup tab
    • WAN Connection Type : Disabled
    • Local IP Address: 192.168.1.2 (i.e. different from primary router and out of primary router's DHCP pool)
    • Subnet Mask: 255.255.255.0 (i.e. same as primary router)
    • DHCP Server: Disable (also uncheck DNSmasq options)
    • (Recommended) Gateway/Local DNS: IP address of primary router (many things will fail without this as your router will not be able to access the internet or another network without it)
    • (Optional) Assign WAN Port to Switch (visible only with WAN Connection Type set to disabled): Enable this if you want to use WAN port as a switch port
    • (Optional) NTP Client: Enable/Disable (if Enabled, specify Gateway/Local DNS above) Help
    • Save
  4. Open the Setup -> Advanced Routing tab
    • (Optional) Change operating mode to: Router
    • Save
  5. Open the Wireless -> Basic Settings tab
    • Wireless Network Name (SSID): YourNetworkNameHere
    • (Optional) Sensitivity Range: The max distance (in meters) to clients x2
    • Save
  6. Open the Wireless -> Wireless Security tab
    • Note: Security is optional, but recommended! Clients must support whatever mode you select here.
    • (Recommended) Security Mode: WPA2
    • (Recommended) WPA Algorithm: AES
    • (Recommended) WPA Shared Key: >8 characters
    • Save
  7. Open the Services -> Services tab
    • (Optional) DNSMasq: Disable (enable if you use additional DNSMasq settings)
    • (Optional) ttraff Daemon: Disable
    • Save
  8. Open the Security -> Firewall tab
    • Uncheck all boxes except Filter Multicast
    • Save
    • Disable SPI firewall
    • Save
  9. Open the Administration -> Management tab
    • (Recommended) Info Site Password Protection: Enable
    • (Recommended) Routing: Disabled (enable if you need to route between interfaces)
    • Apply Settings and connect Ethernet cable to main router via LAN-to-LAN uplink*
    • Reboot router to be sure all settings have been applied.
    • You may have to reboot your own PC or do "ipconfig /release" + "ipconfig /renew" from the Windows command line.


  • Notes:
    1. To connect the WAP to the main router, you can probably use either a patch cable, straight-thru, or a crossover cable. Most DD-WRT capable devices can do auto-sensing so the cable type doesn't usually matter.
    2. You can connect the WAP to the main router via LAN-to-WAN so long as you have assigned the WAN port to switch (see step 3).

[edit] Review

There were three basic configuration changes you made to set up your router as a wireless access point.

[edit] Turn Off DHCP

If you did not turn off DHCP, when you plug your router into the network (after configuration), your WAP may provide IP addresses to clients on the wired network, and this may be inappropriate. Tracking down problems caused by multiple DHCP servers can be time-consuming and difficult.

Because its so important, it is worth repeating: Turn off DHCP before you continue!

[edit] Set the IP address of the LAN Interface

Immediately after turning off DHCP, while your PC still has the IP address the WAP gave you, set the LAN interface of the WAP to the IP address you want it to use, eg. if host router is 192.168.1.1, give WAP an IP of 192.168.1.2. Alternatively, you can use the instructions below to set the WAPs IP address via DHCP.

If you cannot connect to the WAP in order to set the LAN interface's IP address, it is probably because your computer no longer has an IP address on the same subnet. To get past this issue, simply set your computer's IP address and subnet to 192.168.1.8 and 255.255.255.0 respectively. (This assumes you are still using the default settings. If not, change the IP address and subnet as appropriate) You should now be able to point your browser at 192.168.1.1 (again assuming default settings).

[edit] LAN Uplink

There are two ways to connect your WAP to the LAN. You can either Uplink through one of the router's LAN ports, or use the WAN port that is normally connected to the cable/DSL modem.

[edit] LAN Uplink Through LAN Port

To complete the link between the two routers, connect a LAN port on the central router, to a LAN port on Linksys router (to be used as your WAP). You may need a crossover cable to do this, although many modern routers have an automatic polarity sensing. To test this, connect a standard ethernet cable between the two routers. If the LAN light comes on, the router has automatically switched the polarity and a crossover cable is not required.

[edit] LAN Uplink Through WAN Port

If you use your DD-WRT router as a WAP only, you may use your DD-WRT router's WAN port to connect it to your existing LAN. To do this, you need to disable the Internet Connection and "Assign WAN Port to Switch".

Normally, the router does Layer 3 IP routing. but by "Assigning WAN Port to Switch," your DD-WRT router will bypass that functionality and just pass on the Layer 2 ethernet packets from your wired network to the wireless network and vice versa.

Alternatively, if you have a router that supports assigning the WAN port to the switch:
Setup -> Basic Setup -> Internet Connection Type -> Connection Type = Disabled
Setup -> Basic Setup -> Network Setup -> WAN Port -> Assign WAN Port to Switch
you can connect the WAN port as your uplink to your main router. All this really buys you is an extra port (4 available instead of 3), but why not?

[edit] Roaming access

If you are installing additional Access Points to cover a broader area with Wi-Fi access, it is possible to allow clients to roam freely between them. The common method is to use the same SSID and Security settings on each access point.

Use a different channel on each AP. e.g. if you are in the US and installed two access points, use channels #1 and #11. Or if three access points, then use channels #1, #6, and #11 (setting the channels at least 5 apart should help keep interference between APs to a minimum). If you have a residential gateway with wireless turned on, and just one AP, then the same applies: each gets a different channel.

When using multiple Access Points, each one should be connected by LAN to LAN uplink as described above. They can even be attached to different switches within the same organization.

[edit] How To Use DHCP to Set the WAP's IP Address

Note: This step is optional. It is not required to set the WAP's IP address via DHCP. It can be made static, as shown above.

It is not possible to set the LAN interface to get its IP address via DHCP using the web configuration interface. You can, however, set your startup script to obtain an IP address.

Simply set your IP address to:

udhcpc -i br0 -p /var/run/udhcpc.pid -s /tmp/udhcpc -H test-wrt-wireless
hostname `nslookup \`ifconfig br0 | grep 'inet addr' |cut -f 2 -d ':'\` | grep 'Name:' | awk '{print $2;}' | cut -f 1 -d '.'`
if test `hostname` != `nvram get wan_hostname`; then 
     nvram set wan_hostname=`hostname`;
     nvram set router_name=`hostname`;
     nvram commit;
fi

Only the first line is required if you don't want your WAP to set its name based on the IP address it gets. However, if you want to save a configuration file which will apply to several WAPs, that can be a handy feature.

It seems that in some cases, the /tmp/udhcpc link doesn't exist. in that case, prepend:

ln -s /sbin/rc /tmp/udhcpc

to your startup script.

EDIT 2013/09/19: If you leave the "Local DNS" GUI field to 0.0.0.0, then the WAP will use the DNS supplied by dhcp. To be functional, this requires the "Gateway" is set too. So, you also wish the gateway to be assigned by dhcp too. You do it appending

route add default gw `nvram get wan_gateway`

after the udhcpc command in the script. You will leave the unused Basic/Network Setup/"Gateway" GUI field to 0.0.0.0, or, to get a GUI feedback of the currently assigned wan_gateway nvram value, have this field filled by the value of the nvram lan_gateway value by setting this last the same way as the one bellow for wds_watchdog_ips.

Then you may want the optional WDS/Connection Watchdog ping the gateway it just got from dhcp: just enable the watchdog in the GUI, set the wanted delay to have the WAP monitor the connection to the gateway, leave the IPs field blank, append the following 4 lines after the route add ... command above, so that they will fill it for you and the watchdog will help your WAP to follow any change of the gateway IP address (as long as the previous gateway IP is no more used. You can workaround the case when the previous IP is reused for another purpose with a reboot on URL ping failure custom script plus the cron job that triggers it in the GUI Management tab, but if the gateway looses its WAN connection, the WAP's wireless clients may loose their wireless connection at the same rythme the WAP reboots. To prevent this, think to ping both external(s) URL(s) and internal IP(s) and make the custom script to reboot the WAP when all pings fail - this will preserve internal connections in the case the Internet is lost at the gateway WAN side).

The if tests below are just here to preserve the nvram service life with no rewrite when not needed on boot. Even the WAP's ip will survive over reboots thanks to a static lease - this applies to other scripts.

GW=`route -n|grep UG|awk '{print $2;}'`
if [ "`nvram get wds_watchdog_ips`" != "$GW" ]; then
nvram set wds_watchdog_ips="$GW"
nvram commit
fi


If you have manually set the router name, the dhcp startup script would look like this:

ln -s /sbin/rc /tmp/udhcpc
udhcpc -i br0 -p /var/run/udhcpc.pid -s /tmp/udhcpc -H `nvram get wan_hostname`
route add default gw `nvram get wan_gateway`
GW=`route -n|grep UG|awk '{print $2;}'`
IP_LAN=`ifconfig br0 | grep inet | cut -d: -f2 | cut -d' ' -f1`
MSK=`ifconfig br0 | grep inet | cut -d: -f4`
NC=0
if [ "`nvram get lan_ipaddr`" != "$IP_LAN" ]; then nvram set lan_ipaddr="$IP_LAN"; NC=1; fi
if [ "`nvram get lan_netmask`" != "$MSK" ]; then nvram set lan_netmask="$MSK"; NC=1; fi
if [ "`nvram get lan_gateway`" != "$GW" ]; then nvram set lan_gateway="$GW"; NC=1; fi
if [ "`nvram get wds_watchdog_ips`" != "$GW" ]; then nvram set wds_watchdog_ips="$GW"; NC=1; fi
if [ "$NC" = 1 ]; then nvram commit; fi
NC=0

The whole ip/mask/gateway will show correctly in the Settings web GUI page. Maybe NC=0 statements are not required (for me = belt plus braces). Guru scripters, please feel free to remove them.

--Bib

[edit] Related Forum links

Secure remote management for a WAP