WDS Linked router network

From DD-WRT Wiki

Jump to: navigation, search

You are here: DD-WRT wiki mainpage / Linking Routers / WDS Linked router network


[edit] Basic Definitions

WDS – Wireless Distribution System, connects one or more routers to a central main router to wirelessly share internet, allows roaming between routers subnet – for the purpose of this article, means 192.168.X.Y, the X is the subnet, note subnet mask should be set to unless you know what you are doing

WDS AP – the main router, the one connected to the Internet, only on Qualcomm Atheros routers

WDS Station – the secondary router, no direct connection to the internet, only on Qualcomm Atheros routers

WDS AP VAP – a virtual access point created on the WDS Station to extend the WDS AP’s wireless network, required on Qualcomm Atheros routers only, (see more under Multiple WLANs). host router – the router is connected to the internet. Its connection will be shared with clients. client router – the router not connected to the internet. It will connect to the host router. Can have several client routers

MAC address – device specific address, not easily changeable. Usually written in the format XX:XX:XX:XX:XX:XX, X can be 0-9 and A-F

[edit] Qualcomm Atheros, Broadcom, or Ralink (Must be running dd-wrt)

The first step is to know what chipset your routers use, specifically the manufacturer. For WDS to work reliably the routers must be all the same chip manufacturer. A good way to determine the chip manufacturer is to go to the Status page and read what CPU Model it has. Another method is to go to https://wikidevi.com and look up the model number and specific hardware revision. Ex: TP-Link 1043nd v3

[edit] Note about WDS and different chip manufacturers

WDS between different chip vendors (qualcomm atheros, broadcom, ralink) will not work most of the time since it's INCOMPATIBLE and no we will NOT fix it. There is an unsupported, unsecure (no wireless security or WEP) method to connect a Broadcom (main router) with a Qualcomm Atheros (secondary router). This will be discussed further down.

[edit] Qualcomm Atheros Based Devices

Step 1: First set a static IP in the same subnet as the WDS AP and WDS Station. Use any number outside of the DHCP range (default range is to It is easier to have hardwired access to both routers when setting this up.

Step 1 a): (Optional, but advised) Reset to default all of the routers if possible. Do not restore settings, you can make a backup if you wish. Change the filename of the back up to match the router and record the build revision.

Step 2: Log in to the WDS AP.

Step 3: On the Setup → Basic Setup page change the following settings

  • STP – Enabled
  • Click Save (at the bottom)

Step 4: On the Wireless → Basic Settings page change the following settings

  • Change Wireless mode to WDS AP
  • Make sure Wireless SSID Broadcast is enabled
  • Make a note of the other settings (not advanced settings) on that page, you will need them for the WDS Station later
  • Check the Advanced Tickbox
  • Enable Short Preamble
  • Enable Short GI
  • Click Save

Step 4 a): Go to the Wireless → ath0-WDS page (Wireless → WDS page for single band routers)

  • Make a note of the MAC addresses listed on the top of the page
  • If there is a Wireless →ath1-WDS page, make a note of that MAC address as well

Step 5: On the Wireless → Wireless Security page make a note of all of the settings:

  • password
  • encryption type (WPA2 – AES is recommended for Wireless-N or higher speeds), etc
  • Click Apply, wait for the page to reload (Don’t close the page)

Step 6: Log in to the WDS Station.

Step 7: On the Setup → Basic Setup page change the following settings

  • Change WAN Connection Type to Disabled
  • STP – Enabled
  • Local IP address must be in the same subnet as the WDS AP but outside of its DHCP range (Ex:, if using the default range)
  • (Optional) Assign WAN Port to switch – Enable (This provides another LAN port on the WDS Station)
  • Change the Default Gateway and Local DNS (default is for both) to the IP address of the WDS AP
  • Click Save
  • Uncheck all of the check boxes under DHCP
  • Disable the DHCP Server
  • Click Save (at the bottom)

Step 8: Go to the Security → Firewall page

  • Uncheck all of the boxes except Filter Multicast
  • Click Save
  • Check the Disable button at the top
  • Click Save

Step 9: Go to the Wireless → Basic Wireless page

  • Put in the exact same settings as on the WDS AP
  • Change the Wireless Mode to WDS Station
  • Check the Advanced check box
  • Enable Short Preamble
  • Enable Short GI
  • Click Save
  • Under Virtual Interfaces, Click Add
  • Change the Wireless Mode of the Virtual Interface to WDS AP
  • Type in the SSID for the Virtual Interface exactly (same capitalization) as it is on the WDS AP (main router)
  • Click Save
  • If you have a dual-band WDS Station and WDS AP then you will have to repeat this step

Step 10: Go to the Wireless → Wireless Security page

  • Put in the same Security Mode (WPA vs WPA2), WPA Algorithms (AES vs TKIP), and WPA shared password.
  • Click Save

Step 11: Go to the Wireless → Ath0-WDS page (Wireless → WDS page for single band routers)

  • Change one of the drop-down boxes to LAN
  • Put in the WDS AP MAC in the boxes on the same row
  • Put in a user recognizable name in the large box next to the MAC (Does not have to be the actual name of the router)
  • Repeat this step for adding other Stations to connect to this station.
  • Make sure Lazy WDS and WDS subnet are Disabled
  • Click Save
  • Repeat this step on the Wireless – Ath1-WDS page for dual band routers
  • Click Apply, wait until the page reloads

Step 12: Go back to the WDS AP (main router)

Step 13: Go to the Wireless → Ath0-WDS page (Wireless → WDS page for single band routers)

  • Change one of the drop-down boxes to LAN
  • Put in the WDS Station’s MAC in the boxes on the same row.
  • Put in a user recognizable name in the large box next to the MAC (Does not have to be the actual name of the router). This only helps in identifying if the routers are connected as seen on the Status – Wireless page
  • Repeat this step for adding other WDS Stations to connect to this station.
  • Make sure Lazy WDS and WDS Subnet are Disabled
  • Click Save
  • Repeat this step on the Wireless – Ath1-WDS page for dual band routers
  • Click Apply, wait until the page reloads

Step 14: Go back to the WDS Station

Step 15: Go to the Administration → Keep Alive page

  • Enable the WDS Connection watchdog
  • Put in the IP address of the WDS AP
  • Put in an interval such as 300 (5 min) or 1000 seconds.
  • This will reboot the WDS Station if it can’t find the WDS AP
  • This means that if you have to reboot the WDS AP, you don’t have to manually reboot all of the WDS Stations

Step 16: Test the setup, move the routers apart and test with various wireless devices.

[edit] Broadcom Based Devices

In regards to integration with DD-WRT, it is confirmed working with WEP, WPA, and WPA2.

Setup/Configuration for Broadcom Based Devices

Setup for two or more of the aforementioned Broad comcompatible Routers

1. (Recommended) On both routers, save the current configurations: Administration -> Backup. Click the Backup button and follow prompts so save NVRAM backup files, i.e. nvram_host.bin, and nvram_client.bin. These configurations can be restored if the new setup doesn't work and you need to quickly revert to the previous (working) configuration.

2.On the client router, reset to its factory default state to eliminate the potential of conflict from other settings. Either use the router's reset button or reset via the GUI: Administration -> Factory Defaults -> Reset router settings -> Restore Factory Defaults - select Yes (radio button), then click Apply Settings button and wait for the router to reboot. (Optional) On the host router, unless it is impractical (e.g. the host is part of a working network) reset to its factory default state, too, to simplify debugging the new setup.

3. On the client router, change the WAN Connection Type to Disabled. Setup -> Basic Setup -> WAN Setup -> WAN Connection Type . Also enable STP.

4. On the client router, set the Local IP Address to one in the same subnet as the host router (e.g. (host/internet gateway) and (client router)). If the host router has been reset, set its Local IP Address as well. On the client, set the Gateway and Local DNS IP addresses to the Local IP Address of the host. Setup -> Basic Setup -> Network Setup -> Router IP

5. On the client, disable the DHCP server. This allows the host to perform DHCP services. There can only be one DHCP server on any subnet (network) for reliable operation. Setup -> Basic Setup -> Network Address Server Settings (DHCP) . Also Uncheck the Three boxes below the DHCP Server.

6. On the client router, Navigate to Setup > Advanced Routing. In the dropdown box for Operating Mode, Select Router. Click Save

7. Again, client router; Navigate to Services. Disable DNSMasq as well as WAN Traffic Counter. Click Save

8. On the client, disable the firewall. Security -> Firewall -> Firewall Protection -> SPI Firewall. First Uncheck everything BUT Filter Multicast, click Save. Now Disable the SPI Firewall and click Save.

9. On both the host and client, set the Wireless Mode to AP and make sure the Wireless Channel is the same. For Wireless Network Mode, you can select Mixed , G-Only , NG-Mixed, or N-Only. Set the Wireless Network Name (SSID) to your liking as long as it is exactly the same on both routers. If running N or NG-Mixed , WPA2 + AES is the only form of encryption that can be used.

10. On both routers, disable wireless security (this should already be done if you reset both routers to factory defaults). Security can be re-enabled after all other steps are complete, but in order to minimize troubleshooting, it's best to get things set up with no security active. If this is impractical, e.g. the host is part of a working network, make certain that all security settings on the client match those of the host exactly. Wireless -> Wireless Security -> Wireless Security wl0

11. Important: On the host, disable MAC address filtering

12. On both routers, open the WDS configuration page/Tab. For each router, you will see its wireless MAC address (Wireless MAC) at the top of the page. Note that this MAC address is different from the one that may be printed on the case. In the first open row of the table, select LAN from the dropdown list (The router will pause for a second) and enter each router's wireless MAC address into the table of the other router. It is not necessary to enable Lazy WDS or WDS Subnet on either router. If necessary, consult WDS - configuration for more than two routers for some helpful info. Wireless -> WDS -> WDS Settings

13. (Optional, but not recommended) On the client router, configure static routing (Setup -> Advanced Routing) for Destination LAN NET and enter the IP address of the host router. Use the same settings for Subnet Mask and Gateway that are used by host router. For Interface, select LAN & WLAN. This step ensures that the bridge is given a static IP route. Setup > Advanced Routing -> Static Routing

14. On both routers, check the wireless status page to see that the other is present in the WDS Nodes section. Make sure signal strength for each is not zero. Status -> Wireless -> Wireless Nodes -> WDS Nodes. If it is 0%, and there are no indication of the router transmitting or receiving packets, Unplug the client router for ~10 seconds , then re-insert power. Give it no more than 3 minutes to boot and obtain the WDS link from the host router.

15. Test that you can ping the host from the client. Note that it may take a short amount of time for the WDS link to be established, and you may need to reboot either the client or host router (or both).

16. If disabled, enable wireless security now (highly recommended). First enable it on the Client router, wait 5 seconds, then enable it on the Host router. Watch the Wireless LED's on the host router, if they are blinking, you're in business. If they're solid, power cycle the client router.

17. If you set the SSID of the client router to be different from that of the host router, you need to make them the same in order to enable WPA/WPA2 encryption security. Using WPA/WPA2 encryption also requires STP to be enabled on all routers for a reliable link.

I decided that the amount of information can be intimidating for some novice users, therefore I have added screenshots of the process with examples of the respected configurations in the best order as outlined by the Wiki text.









[edit] Ralink Based Devices

Ralink to Ralink Devices

  • Wireless → WDS → WDS Settings → Select LAN, enter MAC address of the routers you wish to connect, enter a note so you know which router the MAC refers to. i.e. UpstairsRouter.
  • Extra Options→ Disable – Easy WDS,
  • Click Save, then Apply Settings

May have to add the physical interface to the bridged network: To do this, go to Setup => Networking => Assign to Bridge => Add => Select "br0", Interface "ra0" => Apply Settings Tested on D-Link DIR-615 D4/D2 dd-wrt build 15778, Do NOT use this as a firmware recommendation for these devices! Please see the Qualcomm Atheros and Broadcom forums for official firmware recommendations. You can find the latest builds here: ftp://ftp.dd-wrt.com/betas/

Ralink to Qualcomm Atheros

Ralink to Qualcomm Atheros WDS connection works but only with WEP or Unsecured. Qualcomm Atheros WDS AP to Ralink Client Mode can use WPA or WPA2 but it is no longer a WDS bridge.

Ralink to Broadcom

Ralink to Broadcom WDS connection works but only Unsecured or WEP.

[edit] Broadcom to Qualcomm Atheros WDS Configuration (Unsupported)

For the best WDS stability and performance, you should use the same wireless chipset on both sides, ie: Broadcom-to-Broadcom or Qualcomm Atheros-to-Qualcomm Atheros. That being said, multi-vendor WDS interoperability is possible but not necessarily guaranteed to work. Note: there are configuration differences between DD-WRT builds & different platforms. If you don't see the exact configuration items below on your router, you may need to look for it on a different configuration page.


  • Wireless / Basic Settings: Wireless Mode = G-only or NG-Mixed
  • Wireless / Basic Settings: Network Name (SSID) = dd-wrt (modify to your liking)
  • Wireless / Wireless Security: Security Mode = WEP or Unsecured
  • Wireless / Wireless Security: Default Transmission Key = 1
  • Wireless / Wireless Security: Encryption = 64 or 128 bits (either works)
  • Wireless / Wireless Security: Passphrase = (blank)
  • Wireless / Wireless Security: Key 1 = 10 or 26-digit encryption key (modify to your liking)


  • Wireless / Basic Settings: Wireless Mode = AP
  • Wireless / Basic Settings: Wireless Channel = (pick something suitable for your environment)
  • Wireless / Advanced Settings: Preamble = Short
  • Wireless / WDS: Enter MAC address of Atheros device and select "LAN" in the drop-down box


  • Wireless / Basic Settings: Wireless Mode = "WDS Station"
  • Wireless / Basic Settings / Advanced Tickbox / Short Preamble = Enable
  • Wireless / WDS: Enter MAC address of Broadcom device and select "LAN" in the drop-down
  • Note: Wireless Channel will be automatically selected based on the Broadcom configuration

The above examples were minimally tested using the following hardware / firmware on 1/12/2011:

  • Broadcom BCM4704 (v9): Netgear WNDR3300 '(dd-wrt.v24-15508_NEWD-2_std-nokaid_nohotspot_nostor.bin)'
  • Atheros AR2315: Engenius / Senao EOC-2610 '(v24 preSP2 [Beta] Build: 14896)'

Do NOT use this as a firmware recommendation for these devices! Please see the Qualcomm Atheros and Broadcom forums for official firmware recommendations. You can find the latest builds here: ftp://ftp.dd-wrt.com/betas/ In this configuration, combinations of WPA/TKIP and WPA2/AES were unsuccessful. "AP" and "WDS AP" modes on the Qualcomm Atheros didn't work in this configuration either.

If you are having difficulty getting the WDS link up, disable security on both sides and try again:

  • Wireless / Wireless Security: Security Mode = Disabled

[edit] DD-WRT to other router firmwares

DD-WRT MadWIFI to Ubiquiti WDS

  • AirOS <=3.X <-> DD-WRT (madwifi): set AirOS to WDS-AP <-> DD-WRT v.24 (or higher) to WDS-Sta. Put all on the same SSID and set your prefered wireless encryption.
  • NO WDS support for connecting current AirOS 3.x <-> DD-WRT ath9k and AirOS 5.X <-> DD-WRT MadWIFI/DD-WRT ath9k


  • Connect as DD-WRT WDS-Sta to an MTik AP. Set DD-WRT MTik compability to on. The other way round should work, too. Put all on the same SSID and set your prefered wireless encryption.

DD-WRT to Apple Airport Express (Broadcom only) Verified with DD-WRT v2.3 (12/25/05) and AirPort Express v6.20 [1-21-2006]

Information updated for AirPort Express v6.3 and AirPort Utility v5.3.1 [3-16-2008]

Warning: This guide does not work for Qualcomm Atheros-based DD-WRT routers, such as the D-Link DIR-300. Airport Express will not be able to participate in the WDS network.

DD-WRT (Save settings after each step)

1. Wireless -> Basic Settings" Set the channel on the DD-WRT to 1 or the same as the AirPort Express.

1. Wireless -> WDS: Select "LAN" option and enter the Airport Express's "AirPort ID" (can be found on the underside of the AirPort Express itself - be careful not to choose the "Ethernet ID").

2. Set Lazy WDS and WDS subnet to disable

2. Administration -> Management: Set Loopback to disable.

3. Security -> Firewall: Turn off "Block Anonymous Internet Requests."

AirPort Express

1. Open AirPort Utility (found in /Applications/Utilities), select your AirPort Express from the left panel, and click "Manual Setup"

2. In the "AirPort" section:

1. Select "Wireless" tab

1. Select "Participate in WDS network"

2. Set Network name to your wireless SSID name

3. Set the wireless channel to 1, or the same as the dd-wrt compatible router

4. Choose your security (only WEP will work wirelessly - if you want WPA/WPA2 on your network, you're going to have to connect the AirPort via an ethernet cable)

2. Select "WDS" tab

1. Set "WDS mode" as "WDS remote"

2. In the Main Aiport ID section enter your DD-WRT wireless MAC (can get this in Status -> Wireless)

3. In the "Music" section (if you want to use AirTunes):

1. Make sure "Enable AirTunes" is selected

2. Name and password-protect your speakers

4. Click "update"

If it works then there will be a solid green light (may take a couple of minutes). If it does not work, you should connect Airport Express and dd-wrt compatible router using an Ethernet cable and set up it. It might work. This information is from AirTunes, AirPort Express, and the WRT54G at ryanschwartz.net - and has since been edited to update information. Encryption: The above method works with: No encryption, WEP, and WPA2 Troubleshooting: Make sure that you disable the "AP Watchdog" daemon. If you have a wireless endpoint (like a laptop) which connects to the Airport station (because you use WDS) then the Linksys does not see any clients connected and restarts the wireless network over and over. You also could change other channel apart from 1, if you're having problems and you don't have to disable loopback.


  • If you're using encryption, remember to configure it on all routers!
  • Set encryption after you got a running WDS
  • On the main Status page and the Wireless Status you can see the signal strength for any other routers in the WDS. If they are showing 0 then you're not connecting to them for some reason (wrong MAC address or, for WPA links, wrong SSID).
  • NOTE: Some security works with some dd-wrt and not with others. Lately (2010) the only security that has worked reliably is WEP and WPA2-AES. WPA2-AES is the ONLY security that should be used with N routers if you wish to have N speed.
  • If you want to use more than 2 repeaters with WDS and define multiple WDS paths for redundancy then you MUST enable STP or the network will loop back on itself and destroy all functionality.

[edit] Troubleshooting

Same LAN MAC Address Problem

If you are using two WRT54G V5V6 with same firmware version, you may end up on that both router use exactly same MAC address on its LAN, WAN, Wireless. Although you can change WAN and Wireless MAC address at WEB interface, it is hard to change LAN MAC address.

If both router use same LAN MAC address on WDS, you will see that: you can Ping any computer on both router, but you can NOT ping either router's IP, it will show "Destination Host Unreachable".

To fix this, please refer thread: https://www.dd-wrt.com/phpBB2/viewtopic.php?p=174925&highlight=&sid=4b806e3de8e572f678c8526ccf9ae5f6

I have to revert one of my router back to Linksys version, then flash it again with custom build killer file. Info by Victor

Don’t see the other router (or Status list shows 0%)

If you don’t see the other router and you can’t ping either one. Reboot both. If that does not work, disable encryption on both the client (WDS Station) and main router (WDS AP). If it still does not work, make sure the Firewall on the client (WDS Station) is disabled. Check if STP is enabled on both routers.

[edit] External Links

Wikipedia's WDS entry