| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
| docs:guide-user:network:wifi:atheroswds [2018/03/03 20:24] – ↷ Links adapted because of a move operation | docs:guide-user:network:wifi:atheroswds [2024/02/15 05:28] – [Wireless Repeater (Wireless Extender)] add relayd as alternative. bill888 |
|---|
| ====== Atheros and MAC80211 WDS to implement a wireless network bridge (wireless repeater) ====== | ====== Wireless Repeater (Wireless Extender) ====== |
| |
| Most OpenWrt supported wireless drivers support since kernel 2.6 the AP-to-STA WDS mode to connect two or more devices using wireless bridging to form one common broadcast domain. | This network setup consists of a wireless access point and a wireless repeater. The access point is the device that connects to the main network using a wired connection and enables access to the internet. The repeater connects wirelessly to the access point as a station or client device. Once connected, it acts as a "bridge" or more accurately a point to point link, to provide access to that main network and to the internet for any wireless and wired client devices connected to the repeater. This setup is useful to extend the reach of your network, such as the Wi-Fi coverage on your location. |
| |
| With this configuration you will be able to wirelessly connect a remote wireless OpenWrt device (acting as the wireless station) to a local wireless OpenWrt point (acting as the wireless access point) and the wired devices connected to both devices will be on the same network and broadcast domain. Other wireless client devices can continue to connect to the wireless access point as before. | The method described in this article results in a backhaul link at layer 2 in the OSI model. All broadcast packets, such as DHCP requests, are sent in both directions over the link. The original source MAC address of the network devices on both sides are preserved over the bridge. |
| |
| The method below is a layer 2 transparent bridge. All broadcast packets (such as DHCP requests) will be sent in both directions over the wireless bridge and the original source MAC address of the wired devices on both sides are preserved even over the bridge. The wiki article [[doc/howto/clientmode]] has technical background on how this is accomplished. | The client devices connected to the upstream access point and those connected to the repeater will be on the same subnet. In other words, they will be visible to each other and, therefore, enable the use of discovery and configuration protocols such as zeroconf. The upstream access point and the repeater remain accessible over the network. |
| |
| ===== Configuration ===== | Two wireless protocols can be used to achieve this, "WDS" and "802.11s-mesh" |
| |
| * Tested with OpenWrt 12.09 using a TP-LINK TL-WR1043ND as the local wireless access point device and a Rosewill RNX-N300RT as the remote wireless client bridge device | This document will describe the use of WDS. |
| * Tested with OpenWrt 15.05 using two TP-LINK TL-WR1043ND | For 802.11s mesh see: [[:docs:guide-user:network:wifi:mesh:80211s]] |
| * Tested with OpenWrt 15.05.1 using a Netgear WNDR3700v4 as the access point and a Nexx WT3020 as the client bridge device. | |
| |
| With both [[docs:guide-user:base-system:uci|uci]] and [[docs:guide-user:luci:luci.essentials-tomerge|luci]] the configuration of the network is split in two sections: the AP section and the STA section. It is important to follow the order of the steps as failure to do so could render the routers inoperable. | The wireless distribution system technology (WDS mode) is required to create a network connection over a wireless link between the access point and the repeater device. The IEEE 802.11-1999 standard defines WDS as a mechanism for constructing 802.11 frames using a 4-address format, however, it does not define how to implement it or how stations interact to arrange for exchanging frames of this format ((https://www.ieee802.org/1/files/public/802_architecture_group/802-11/4-address-format.doc)). This may lead to problems when using WDS between network devices from different chipset and firmware vendors, so **it is advisable to use OpenWrt both on the access point and on the repeater** to use a shared implementation of this technology and increase your chances to make it work fine. Most wireless drivers in OpenWrt support the WDS mode. |
| |
| ==== Using SSH ==== | If you are unable to use WDS or 802.11s mesh due to limiations of the Access Point, then you may wish to consider using [[:docs:guide-user:network:wifi:relay_configuration|Relayd - Wireless Repeater/Extender]] or [[:docs:guide-user:network:wifi:connect_client_wifi|simple wireless client]] |
| |
| === The Access Point === | ===== Configuration ===== |
| | * Tested with OpenWrt 12.09 using a TP-Link TL-WR1043ND as the upstream wireless access point and a Rosewill RNX-N300RT as the repeater. |
| | * Tested with OpenWrt 15.05 using two TP-Link TL-WR1043ND. |
| | * Tested with OpenWrt 15.05.1 using a Netgear WNDR3700v4 as the upstream access point and a Nexx WT3020 as the repeater. |
| | * Tested with OpenWrt 19.07.2 to 19.07.6 using a Netgear R6220 as the upstream access point and a Wavlink WL-WN575A3 as the repeater. There were some glitches in 19.07.5 on the R6220, but seemingly not related to WDS. |
| | * Tested with OpenWrt 21.02.1 with both a TP-Link EAP235-Wall V1 and a Netgear R6800 as upstream wireless access point, and D-Link DIR-878 A1 as the repeater (all MediaTek 802.11ac devices). |
| | * Tested with OpenWrt 21.02.3 with Linksys WRT1900ACS v2 as upstream wireless access point, and Linksys EA8500 as the repeater. |
| | * Tested with OpenWrt 22.03.2 with Banana PI BPI-R64 as upstream wireless access point, and Banana PI BPI-R2 as the repeater (AsiaRF AW7915-NP1 cards on both sides). |
| | The network configuration process may be performed both via the command line (with [[docs:guide-user:base-system:uci|uci]] and SSH) and via a GUI (with [[docs:guide-user:luci:luci.essentials|luci]] and a web browser). It is split in two sections: |
| | - The access point or AP. |
| | - The station or STA. |
| |
| Connect to the router that will serve as the wireless access point over SSH. This is the device that connects to the internet or the main network using a wired connection. Ensure that the device is already set up as a normal wireless access point with a SSID, channel selection, WPA2 encryption as desired, etc. and that normal wireless clients can connect to it fine. | It is important to follow the order of the steps as failure to do so could render the routers inoperable. |
| |
| Only one change is needed from a normal wireless access point configuration. | ==== Using the command line over SSH ==== |
| |
| Once logged in, edit the [[docs:guide-user:network:wifi:basic|/etc/config/wireless]] file. In the existing ''wifi-iface'' section that is being used, add a line with ''option wds '1'''. Note that there may be multiple ''wifi-iface'' sections in this file, especially if the router is a dual band device, in which case you need to ensure that you're editing the correct section. | === The upstream access point === |
| | Open a terminal and connect to this device over SSH. Make sure that this router has already been set up as a regular wireless access point and that wireless clients can connect to it fine. The procedure to do so is described at [[docs:guide-quick-start:basic_wifi|Enabling a Wi-Fi access point on OpenWrt]]. |
| |
| Once that is done, save the file and reboot the device to restart all settings. | Now, open the [[docs:guide-user:network:wifi:basic|/etc/config/wireless]] configuration file and add the following line to the ''wifi-iface'' section in use by the access point for operational network functionality: |
| | <code>option wds '1'</code> |
| |
| Normal wireless clients should be able to connect to the wireless access point exactly as they did before and access the Internet. | Note that there may be multiple ''wifi-iface'' sections in this file, especially if the router is a dual-band device, in which case you need to ensure that you are editing the correct section. |
| |
| This is an example from /etc/config/wireless on the access point device: | This is an example of the [[docs:guide-user:network:wifi:basic|/etc/config/wireless]] file on an access point for the 2.4 GHz band: |
| |
| | /etc/config/wireless |
| <code> | <code> |
| config wifi-device 'radio0' | config wifi-device 'radio0' |
| option type 'mac80211' | option type 'mac80211' |
| option macaddr 'unique device MAC address here' | option path 'platform/ahb/18100000.wmac' |
| option hwmode '11ng' | option band '2g' |
| option htmode 'HT20' | option country 'US' |
| list ht_capab 'SHORT-GI-40' | |
| list ht_capab 'DSSS_CCK-40' | |
| option txpower '27' | |
| option channel '1' | |
| option country 'CA' | |
| |
| config wifi-iface | config wifi-iface 'wifinet1' |
| option device 'radio0' | option device 'radio0' |
| option network 'lan' | option network 'lan' |
| option ssid 'my-wireless-ssid' | option mode 'ap' |
| option encryption 'psk2' | option ssid 'My WiFi' |
| option key 'wireless-secret-password' | option encryption 'psk2' |
| option mode 'ap' | option key 'MyWiFiPassword' |
| option wds '1' | option wds '1' |
| </code> | </code> |
| |
| After rebooting, the "ifconfig" command should show a new device named something like "wlan.staN" (where N is a number) in addition to the base "wlan0" wireless interface device. (**Note:** when tested on Barrier Breaker, there was no new interface created, neither on the AP nor on the STA, despite WDS working properly.) | Once that is done, save the file and reboot the device to apply the new network settings. Make sure that wireless clients are able to connect to this wireless access point and access the internet as well as they did with the old network configuration. |
| |
| The new wlan.staN interface WILL NOT be bridged by default with the originating wlan interface if that interface is not itself part of a bridge, | The ''ip address'' command should display a new network interface whose name is in the form of: "wlan.sta**N**"; where **N** is a number. This new interface must exist alongside the base "wlan**N**" wireless network interface. For example, if you get the "wlan.sta1" network interface, the base interface is "wlan1". |
| If in your setup the AP interface is not already part of a bridge you will need to create a new bridge interface and associate only the AP wlan interface to it. In this case hostapd will automatically add any new wlan.staN interface to the bridge. | |
| |
| === The remote wireless station === | **Note:** when tested on Barrier Breaker, there was no new interface created, neither on the AP nor on the STA, despite WDS working properly. |
| |
| Initially connect to the router that will server as remote wireless station using an Ethernet cable. If you haven't already done so, [[docs:guide-user:installation:generic.flashing|install openwrt]] and [[doc:howto:firstlogin|setup the password]]. SSH into the station. | **Note:** The new wlan.staN interface will **not** be bridged by default with the originating WLAN interface if that interface is not itself part of a bridge. To correct this problem, you will need to create a new bridge interface in the wireless access point and associate only its WLAN interface to it. |
| |
| The first step is preparing the device for the bridging. | === The repeater === |
| | Initially, you might need to use an Ethernet cable to connect directly to the repeater and configure it. Open a terminal and connect to this device over SSH. |
| |
| If this is a new OpenWrt setup, a DHCP server is enabled on the lan interface of the device by default. This needs to be disabled before the device is connected to the production network (assuming the production network already has DHCP set up). To do so, edit the [[docs:guide-user:base-system:dhcp|/etc/config/dhcp]] file. Find the ''config dhcp 'lan''' section and add the line ''option ignore '1''' to this section. This will disable the DHCP server on the lan interface. (The lan DHCP section will look like the wan DHCP section, as the DHCP server is already disabled on the wan interface by default.)[On Chaos Calmer 15.05 / LuCI (git-15.248.30277-3836b45), I had to disable the DHCP6 server as well, by changing ''option dhcpv6 'server''' to ''option dhcpv6 'disabled'''. MariusMatutiae] | There are some important settings on the repeater to take into account before creating the wireless link between the repeater and the access point. For starters, the repeater must have its DHCP server disabled (assuming there is already a different DHCP server working on the network). On fresh-installs of OpenWrt, the DHCP server is usually enabled by default on the LAN interface, so to disable it you need to change the network settings of the repeater. |
| |
| Following this, reconfigure the lan interface to have another address than the default static IP assignment of 192.168.1.1. Edit the [[docs:guide-user:network:basics|/etc/config/network]] file. Set the IP to an another address from the same subnet. For example 192.168.1.2. After rebooting the router, remember to access the console & config via the new IP addess. [Now that I rebooted the router with its dhcp server disabled, I had to temporarily set my PC's IP manually in order to access the router and continue this setup process. --Steve Newcomb] | Open the [[docs:guide-user:base-system:dhcp|/etc/config/dhcp]] file and add the following line to the ''config dhcp <nowiki>'lan'</nowiki>'' section: |
| | <code>option ignore '1'</code> |
| |
| Alternatively, you may try to let the router itself to fetch an IP address via DHCP from the AP, but that may leave router inaccessible if the WDS connection does not work and that STA router does not reach the AP with DHCP. If you want to try that: in the ''lan'' section, remove the static IP configuration and reconfigure the interface to use DHCP. This is an example: | This line will disable the DHCP server on the LAN interface. The DHCP server should be already disabled on the WLAN interface, so save and close the file. |
| |
| | **Note:** On Chaos Calmer 15.05 / LuCI (git-15.248.30277-3836b45), the DHCP6 server had to be disabled as well, by changing ''option dhcpv6 <nowiki>'server'</nowiki>'' to ''option dhcpv6 <nowiki>'disabled'</nowiki>''. |
| | |
| | Now, you need to assign a network address other than the default static IP assignment of 192.168.1.1/24 to the LAN interface, if it is already being used by a different device on your network. Open the [[docs:guide-user:base-system:basic-networking|/etc/config/network]] file and change the IP address to one from the same subnet. For example, to 192.168.1.2/24. |
| | This is an example of the configuration file: |
| | |
| | /etc/config/network |
| <code> | <code> |
| | config device |
| | option name 'br-lan' |
| | option type 'bridge' |
| | list ports 'eth0.1' |
| | |
| config interface 'lan' | config interface 'lan' |
| option ifname 'eth0' | option device 'br-lan' |
| option type 'bridge' | option proto 'static' |
| option proto 'dhcp' | option ipaddr '192.168.1.2' |
| | option netmask '255.255.255.0' |
| </code> | </code> |
| |
| __**NOTE:**__ LAN interface can stay static ip but need to disable dhcp server for LAN interface. If set LAN interface to get ip from dhcp server then you have to search remote router ip each time you reboot it. | Alternatively, you may want to configure the repeater to fetch an IP address via DHCP from the access point, but that may leave the repeater inaccessible if the WDS connection does not work and it becomes unable to configure its network settings with DHCP. You would need to set the interface protocol to DHCP: |
| |
| Once those steps are completed, we can setup the actual wireless link. | /etc/config/network |
| | <code> |
| | config device |
| | option name 'br-lan' |
| | option type 'bridge' |
| | list ports 'eth0.1' |
| |
| Edit the [[docs:guide-user:network:wifi:basic|/etc/config/wireless]] file. In the ''radio0'' section, make sure that the wireless settings match the values in the access point. | config interface 'lan' |
| | option device 'br-lan' |
| | option proto 'dhcp' |
| | </code> |
| | |
| | Reboot the repeater to apply the new network settings. After it has restarted, remember to reconnect to the repeater via SSH on its new IP address. Keep in mind that the DHCP server is now disabled on its LAN network interface, so you might need to set a static IP address and subnet mask on the device you are using to configure the repeater. |
| | |
| | **Note:** If you have set the LAN interface to use a dynamic IP address (DHCP client), you will need to search for the repeater's IP address every time you reboot it. |
| | |
| | It is time to setup the actual wireless link. Open the [[docs:guide-user:network:wifi:basic|/etc/config/wireless]] file and make sure the corresponding settings in the ''radio**N**'' section (where **N** is a number) match the values in the same file of the access point. For example, to use the same band and country code. |
| | |
| | Additionally, in this file, modify the ''wifi-iface'' section to set it in "sta" (client) mode, include the desired SSID to which to connect (the one broadcasted by the access point) and ensure WDS is enabled by setting this value to 1. The specific options may be different depending on the hardware but the SSID, channel, encryption type and password must match the access point, and WDS mode must be turned on. |
| | |
| | **If you want to enable wireless access** to the repeater and, therefore, **to the main network and the Internet**, which you might want to do if your use case is **expanding the Wi-Fi coverage on your location, an additional wireless interface (''wifi-iface'') is required in this file**. Copy over the previous wifi-iface and: |
| | * Change the mode from ''sta'' to ''ap''. |
| | * Remove the ''option wds <nowiki>'1'</nowiki>'' line. |
| |
| Further down in the same file, modify the ''wifi-iface'' section to include the desired SSID to which to connect (the same one as on the access point) and ensure WDS is enabled by setting this value to 1. | In this new Wi-Fi interface on the repeater, the SSID and the secret key may be the same as the access points to allow transparent roaming, but they can also be different. As long as you connect this new interface to the LAN network, which is the default, your other wireless devices connecting through this AP will also be seen as part of the big network. |
| |
| This is an example from /etc/config/wireless on the wireless client bridge device. The specific options may be different depending on the hardware but the SSID, channel, encryption type and password must match the access point, and WDS mode must be turned on. | This is an example of the [[docs:guide-user:network:wifi:basic|/etc/config/wireless]] configuration file on a repeater for the 2.4 GHz band. |
| |
| | /etc/config/wireless |
| <code> | <code> |
| config wifi-device 'radio0' | config wifi-device 'radio0' |
| option type 'mac80211' | option type 'mac80211' |
| option macaddr 'unique device MAC address here -- NOT the same one as used in the access point configuration file' | option path 'platform/ahb/18100000.wmac' |
| option hwmode '11ng' | option band '2g' |
| option htmode 'HT20' | option country 'US' |
| list ht_capab 'SHORT-GI-20' | |
| list ht_capab 'SHORT-GI-40' | |
| list ht_capab 'TX-STBC' | |
| list ht_capab 'RX-STBC1' | |
| list ht_capab 'DSSS_CCK-40' | |
| option txpower '27' | |
| option country 'CA' | |
| option channel '1' | |
| option disabled '0' | |
| |
| config wifi-iface | config wifi-iface 'wifinet1' |
| option device 'radio0' | option device 'radio0' |
| option network 'lan' | option network 'lan' |
| option mode 'sta' | option mode 'sta' |
| option wds '1' | option ssid 'My WiFi' |
| option ssid 'my-wireless-ssid' | option encryption 'psk2' |
| option encryption 'psk2' | option key 'MyWiFiPassword' |
| option key 'wireless-secret-password' | option wds '1' |
| | |
| | config wifi-iface 'wifinet2' |
| | option device 'radio0' |
| | option network 'lan' |
| | option mode 'ap' |
| | option ssid 'My WiFi' |
| | option encryption 'psk2' |
| | option key 'MyWiFiPassword' |
| </code> | </code> |
| |
| See the [[doc:uci:wireless#common.options1|configuration options]] for pointer on how to specify encryption and keys. | See the [[docs:guide-user:network:wifi:encryption|Configure Wi-Fi encryption]] wiki page for a reference on how to specify encryption and keys. |
| |
| Disconnect the device from the wired network and reboot the device without any wired connection. | Disconnect the repeater from the wired network and reboot it, for example, by using its power button. |
| |
| The device should boot and automatically connect wirelessly to the access point. **Wait until the client bridge device associates with the access point. This can take 1-2 minutes for the association to happen.** Once this has happened, the **wired interface (e.g. eth0)** should succeed in getting a DHCP address through the new wireless bridge connection. Note that the wireless interface itself on the remote client bridge device does not get an IP address as it is now acting as a transparent bridge. | The repeater should boot and connect automatically to the access point wirelessly via WDS. It may take a few minutes for the repeater to associate and connect to the access point. Once this has happened, and if you decided to enable the DHCP client on the LAN interface (dynamic address), the wired interface of the repeater should succeed in getting a DHCP address through the new wireless backhaul connection. The wireless interface on the repeater does not get an IP address as it is now acting as a transparent bridge. |
| |
| Any //wired devices// connected via Ethernet to the LAN ports on the remote client bridge device should now be transparently bridged into the main network over the wireless link. | Any client devices connected to the repeater via an Ethernet cable (wired clients) should now be transparently connected into the main network over the wireless (WDS) link. |
| | |
| **For wireless connection, one additional step is required:** | |
| | |
| Create a //new wireless interface//. You can simply add it in LuCi -> WiFi, or create a new //wifi-iface// section in /etc/config/wireless. Copy all the values from the existing interface, but make two changes: use mode 'ap' instead of 'sta' and leave out the WDS option or set it to 0. SSID and key may be the same as with the host SSID for transparent roaming, but they can also be different. As long as you connect this new interface to //lan//, which is the default, your other wireless devices connecting through this AP will also be seen as part of the big network. | |
| |
| ==== LuCI ==== | ==== LuCI ==== |
| |
| Everything shown in the manual SSH configuration section above should be possible using LuCI in OpenWrt 12.09. | Everything shown in the command-line configuration with SSH section should be reproducible using LuCI in OpenWrt. |
| | |
| | === The upstream access point === |
| |
| === The Access Point === | |
| For the wireless access point, just set the wireless mode to "Access Point (WDS)" ([[http://i.imgur.com/pzj2KFY.png|screenshot]]) | For the wireless access point, just set the wireless mode to "Access Point (WDS)" ([[http://i.imgur.com/pzj2KFY.png|screenshot]]) |
| |
| === The remote wireless station === | === The repeater === |
| | |
| | On the LAN network interface of the repeater, change the default IP to a different one from the same subnet and disable the DHCP server. |
| | ([[http://i.imgur.com/21pJD9E.png|screenshot]]) |
| | |
| | For a wireless interface working on the same frequency band as the access point, click **Scan**, join the previously created wireless network and when asked, set the firewall zone to ''lan''. |
| | |
| | The wireless mode should be ''Client (WDS)'' and the **Network** in **Interface Configuration** has to be changed from ''wwan'' to ''lan''. |
| | ([[http://i.imgur.com/cx8dAae.png|screenshot]]) |
| |
| On the LAN Interface, change the default IP to a different one within the target subnet and disable the DHCP server. ([[http://i.imgur.com/21pJD9E.png|screenshot]]) | Go to **Network**, **DHCP and DNS**. Set ''DNS forwardings'' to the IP address of the access point. |
| |
| | Go to **Network**, **Interfaces**, **Lan**, **Edit**. Set ''IPv4 gateway'' to the IP address of the access point. |
| |
| Join the previously created wireless network and when asked, set the firewall zone to "lan", | Go to **Network**, **Interfaces**, **Devices** tab, **Configure...** on br-lan, **Advanced device options** and enable ''STP''. Failing to do so can allow a network loop to form that will take down all routers. |
| |
| For the remote wireless bridge device, the wireless mode should be "Client (WDS)" and the **Network** in **Interface Configuration** has to be changed from ''wwan'' to ''lan''. ([[http://i.imgur.com/cx8dAae.png|screenshot]]) | Finally, add a new Wi-Fi network if you want to enable wireless access to the network. It can have the same name (SSID), password and settings than the access point, to allow transparent roaming, or they can be different. When creating the new Wi-Fi network, under **General Setup**, ensure that **Mode** is ''Access Point'' and **Network** is set to ''lan''. |
| |
| ===== Old Stuff ===== | ===== Old Stuff ===== |
| |
| * [[docs:guide-user:network:wifi:basic|/etc/config/wireless]] | * [[docs:guide-user:network:wifi:basic|/etc/config/wireless]] |
| * [[docs:guide-user:firewall:firewall_configuration|/etc/config/firewall]] | * [[docs:guide-user:firewall:start|/etc/config/firewall]] |
| * [[docs:guide-user:base-system:dhcp|/etc/config/dhcp]] | * [[docs:guide-user:base-system:dhcp|/etc/config/dhcp]] |
| |
| Multiple //WDS Stations// can connect to a single //WDS Access Point//. | Multiple //WDS Stations// can connect to a single //WDS Access Point//. |
| |
| * On the Access Point, add ''option wds 1'' to the existing ''wifi-iface'' section and proceed with configuring SSID, channel, encryption etc. | * On the access point, add ''option wds <nowiki>'1'</nowiki>'' to the existing ''wifi-iface'' section and proceed with configuring SSID, channel, encryption etc. |
| * On the Client, set ''option mode'' to ''sta'' and add ''option wds 1'' to the ''wifi-iface'' section. Disable the DHCP server, e.g. by adding ''option ignore 1'' for LAN interface in /etc/config/dhcp. | * On the client, set ''option mode <nowiki>'sta'</nowiki> and add ''option wds <nowiki>'1'</nowiki>'' to the ''wifi-iface'' section. Disable the DHCP server by adding ''option ignore <nowiki>'1'</nowiki>'' for the LAN interface in /etc/config/dhcp. |
| *To create a repeater, add a WDS Access Point along with the WDS Station on the client,(with the same ssid and key, or not). Don't forget to add the newly created AP to the LAN firewall Zone. | * To create a repeater, add a WDS access point along with the WDS station on the client (with the same ssid and key, or not). Do not forget to add the newly created AP to the LAN firewall Zone. |
| |
| On MAC80211 OpenWRT use 4 address (option wds 1) (with ap or sta mode) and not repeater mode. See also [[http://linuxwireless.org/en/users/Documentation/iw#Setting_up_a_WDS_peer]] | On MAC80211, OpenWrt uses 4 address (option wds 1) (with ap or sta mode) and not repeater mode. |
| |