2009
11.10

Using Tomato to create a secure WDS network with multiple (3) WRT54GL routers

Category: Uncategorized / Tag:  / Add Comment

A Wireless Distribution System (WDS) is a system that enables the wireless interconnection of access points in an IEEE 802.11 network. It allows a wireless network to be expanded using multiple access points without the need for a wired backbone to link them, as is traditionally required. The notable advantage of WDS over other solutions is that it preserves the MAC addresses of client packets across links between access points.

An access point can be either a main, relay or remote base station. A main base station is typically connected to the wired Ethernet. A relay base station relays data between remote base stations, wireless clients or other relay stations to either a main or another relay base station. A remote base station accepts connections from wireless clients and passes them on to relay or main stations. Connections between “clients” are made using MAC addresses rather than by specifying IP assignments. All base stations in a Wireless Distribution System must be configured to use the same radio channel, method of encryption (none, WEP, or WPA) and encryption keys. They can be configured to different service set identifiers. WDS also requires that every base station be configured to forward to others in the system.

WDS may also be referred to as repeater mode because it appears to bridge and accept wireless clients at the same time (unlike traditional bridging). It should be noted, however, that throughput in this method is halved for all clients connected wirelessly.

This is how I set it up:

accesspoint 1 (The WAN port of this router is connected to the Internet)
hostname ap01 (screenshot)
mac 00:23:69:94:17:B2
ip (lan) 192.168.16.1
dhcp server enabled (192.168.16.100 – 192.168.16.199)
link with 00:23:69:94:A1:B2, 00:23:69:94:11:82
accesspoint 2
 (The WAN port of this router is not used)
hostname ap02 (screenshot)
mac 00:23:69:94:A1:B2
ip (lan) 192.168.16.2
gateway 192.168.16.1
dns server 192.168.16.1
dhcp server disabled
link with 00:23:69:94:17:B2
accesspoint 3
 (The WAN port of this router is not used)
hostname ap03 (screenshot)
mac 00:23:69:94:11:82
ip (lan) 192.168.16.3
gateway 192.168.16.1
dns server 192.168.16.1
dhcp server disabled
link with 00:23:69:94:17:B2

This results in a situation like this:

 internet
    |
    |
    #ap01
   /  \
  /    \
 #ap02  #ap03

To see if everything is working you could of course just grab your laptop and walk through your house / office and see how it behaves. A better way might be to check first if the accesspoint are connected (to each other, and the internet) at all. You can do this at the “Device List” page of Tomato. It chould display something like this: ap01, ap02, ap03. After that, if everything is working like it should, (re)connect your clients and check if they appear in the “Device List” page (of ap01). Have fun!

References:

9 comments so far

Add Your Comment
  1. Anthony Schaefer
    Anthony Schaefer said: 2010.04.27 06:00

    Thanks for the article. I have a similar setup with 2 routers. First one is ap01 is running tomato, and ap02 is running dd-wrt. And I couldnt get wireless to work when connecting to ap01. I was missing the static DNS on ap01. Just thought I would say thanks 🙂

  2. tersmitten
    tersmitten said: 2010.04.27 09:55

    No problem. That’s why I wrote it. Why the choice of dd-wrt for the second access point?

  3. Anthony Schaefer
    Anthony Schaefer said: 2010.04.28 03:20

    I couldnt run tomato on the model I bought for the second AP

  4. tersmitten
    tersmitten said: 2010.04.30 11:19

    What kind of device is it? A N-series? I would like to run Tomato on that!

  5. Fred
    Fred said: 2010.08.31 20:15

    I have managed to set up WDS without issue. I would also like to enable remote access to both routers from an outside adderess. I am able to connect to the primary router using SSL but I am not able to connect to the second router which is currently set up to use port 8080 for remote access. Are there any tricks I should be aware of. I have also tried to port forward 8080 from the main router to the second router without any luck.

  6. tersmitten
    tersmitten said: 2010.09.01 10:01

    What I do is enable SSH on ap01 (key based) and then login via SSH and forward port 80 on ap01, ap02 and ap03. Like this:

    Type  Port  To Host To Port
local 10081 ap01    80
local 10082 ap02    80
local 10083 ap03    80
 

    Then you can securely login on the three of them.

    http://127.0.0.1:10081
http://127.0.0.1:10082
http://127.0.0.1:10083
 

    PS; if you’re on Linux use gSTM to configure tunnels

  7. Fred
    Fred said: 2010.09.06 16:48

    Thanks for your response. Unfortunatley I am not able to connect from work using SSH.

  8. Josh
    Josh said: 2012.01.05 12:30

    This was really great. I just got this working. Many thanks dude!

  9. ricky
    ricky said: 2012.05.01 06:00

    i follow this to the letter however the third router its not connecting to the internet but it shows on the device list of the first one but i dont have tx/rx rate thanks in advance

Your Comment