DDWRT Repeater with different subnet difficulties

[etb464]

I am trying to set up a repeater bridge to an AP that is connected to my primary router(connected to internet) via ethernet cable. I can set up the repeater bridge on the same subnet as my main router without a problem. My question is how can I set up the repeaters on a different sub net from my main router. I used the ddwrt wiki instructions but they do not seem to work with my setup.

routers wrt54gl's ddwrt v24 sp2

 

[bill001g]

To use a different subnet you must be running as router not as a AP. It greatly depends on your design if you want to run the second device with NAT or if both your devices run ddwrt and can route the second subnet without nat.

It gets hard to guess when you have ture routers like dd-wrt gives you since you can even run advanced configurations like having the second device run as a AP using vlans on the main router.

 

[etb464]

Thanks for the response billoo1g. Right now I have the main router in my office connected to the modem and a cable connected wireless ap on the second story. I'm thinking I can run a second cable from the ap to the modem and change the ap to the main router and the main router to a switch in my office. Will I then be able to have the main router and office switch on a different sub net than the repeaters?

 

[bill001g]

You can do it...not sure why but.

All you do is assign the wan ip of what you calling a AP in the main routers subnet and the lan in a different one. This is running as a router a AP by definition would be in the same subnet. With dd-wrt you have 2 choices. You can run like most consumer routers and let your "ap" nat the second subnet to the single address it obtained out of the main subnet. You other option is to let it actually route...which dd-wrt can do. In this case you would need to set your main router to statical route the new subnet to the ip address the second router obtained on its wan port. The only difference is you are not doing NAT on the second router.

Still there is little to no advantage to running a second subnet in a configuration like this.

 

[etb464]

The current wireless ap and four repeaters are for a vacation rental next door to my house and also for a neighbor who shares my connection. I want my home network to be better isolated from any clients on this wireless network. From what I have read clients connected to repeaters with one sub net can not see computers or clients on another sub net. Better security for my home network is what my goal is.

 

[bill001g]

You have it completely backwards. Their networks can access yours but not the other way around.

You are going to need a even more advanced configuration to make what you need work. The only way to safely do it is to filter the traffic on a central firewall.

You can do it but it is all going to be done on your main router. The remote device become dumb switches and/or AP. What you do is assign different vlans to each port of your router and connect these remote devices. You would have the main router give out IP to the device at the remote locations in different networks. You would then put in rules that only allow traffic to flow from these vlans to the internet vlan/port

 

[etb464]

Thanks for the help, and patience. I learned a few things even if I was going about it all backwards. Off to learn about vlans now.

 

[etb464]

Ok, I'm back. I have isolated port 4 on my router. It now has IP of 192.168.2.1. I have tested it by connecting my computer to port 4. I gives an ip address to the computer of 192.168.2.101 and I get internet access. The problem is when I connect my wireless access point to port 4 I do not get internet access. Do I need to change settings on the wap to get it to work? or do I need to change settings on my router? I used these instructions to set up my router. Any help would be appreciated.

1) Install the v.23 dd-wrt SP1 final, SP2 beta or v.24 alpha version of firmware available HERE -- Instructions for installing DD-WRT are available HERE

2) Telnet to your router and enter the username of root and your administrative password.

3) Copy the following script and paste on the command line.

------------------- Copy starting below this line. -------------------

nvram set vlan0ports="1 2 3 5*"

nvram set vlan2ports="4 5*"

nvram set rc_startup='

#!/bin/ash

PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"

ifconfig vlan2 192.168.2.1 netmask 255.255.255.0

ifconfig vlan2 up

'

nvram set rc_firewall='

iptables -I INPUT -i vlan2 -j ACCEPT
iptables -I FORWARD -i vlan2 -o vlan1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan2 -o ppp0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j logdrop

'

nvram commit


--------------- Stop here when selecting text to copy --------------------------

4) Back to the web management interface in DD-WRT. Select the Setup tab and the select the VLAN sub-tab.

5) On port 4 de-select VLAN 0 and select VLAN 2.

DD-WRT Sep VLANS

6) Click the Save Settings button at the bottom of the page.





7) Select the Administration tab and then the Management sub-tab.

8) Scroll down until you find the DNS MASQ section of the Management tab.

9) In the Additional DNS Options box paste the following:

------------------- Copy starting below this line. -------------------
interface=vlan2
dhcp-range=192.168.2.100,192.168.2.149,255.255.255.0,1440m

--------------- Stop here when selecting text to copy --------------------------


DNSMASQ Configuration

10) Click the Save Settings button at the bottom of the page.

11) Back to the telnet window. At the prompt type reboot and hit <enter>

You should now have a WRT54G/S/L running DD-WRT with port 4 on its own VLAN/Network with access to the internet.

 

[bill001g]

The wireless AP should be completely transparent. I would hook the AP up and then plug into the AP ethernet port with your PC. This is a simple switch at this point. Since the AP at this point is acting pretty much as a cable splice I would hope this would work. Only thing I can think of that you have a IP conflict between the AP and maybe the router...The AP technically does not need a IP since it is only used to manage it and once you have it setup you would only need it to change the config.

In the long run I think you are going to have to remove the IPTABLES entry that says to allow vlan 2 to access vlan1. IPTABLES always gives me a bad headache so I am not 100% sure without rereading the iptables doc.

 

[etb464]

I can connect to the wap via a laptop but cannot access the admin page of the wap (192.168.1.3). Wierd thing is I can access the admin page of the router(192.168.1.2) from the laptop connected to the wap.

Router IP

Local IP Address 192.168.1.3 ((also tried 192.168.2.2)
Subnet Mask 255.255.255.0
Gateway 192.168.1.2 (also tried 192.168.2.1)
Local DNS 192.168.1.2 (also tried 192.168.2.1)