1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WET mode - have internet but unable to ping clients on main router

Discussion in 'Tomato Firmware' started by Nite, Nov 12, 2013.

  1. Nite

    Nite Addicted to LI Member

    Hi everyone,

    I'm currently using Shibby build 114 on my Asus AC66U. I have two AC66us and I configured one of them as a Wireless Ethernet Bridge to connect my media area to the rest of my network.

    All clients have unfettered internet access with no issues (including the bridged clients). Clients on the main router can ping any clients on the second router. The problem is, clients on the second router cannot ping clients on the main router. This causes issues with media streaming from my NAS and PC.

    I am unable to identify what is causing the issue, but my configuration is as follows:

    Main router is set as 10.0.1.1. Second router is set as 10.0.1.2.

    I have the second router's default gateway set to 10.0.1.1 and static DNS set to 10.0.1.1. If I remove the static DNS entry nothing changes. The second router is connected over 5GHz with WPA2. Finally, the second router routing option is set to "Router", not Gateway.

    Thanks for your time and any help would be much appreciated!
     
  2. Wapcaplet

    Wapcaplet Reformed Router Member

  3. Nite

    Nite Addicted to LI Member

  4. Mercjoe

    Mercjoe Network Guru Member

    If I may, set up the network as WDS.

    It you search my post history, I did a LOT of experimentation on the differences between WET and WDS.

    To put it in short, WDS is MUCH more coherent network wise than WET. That is why you can not ping across the bridge.
     
  5. Nite

    Nite Addicted to LI Member

    Thanks for the tip Mercjoe, I'm going to give it a try. However - I heard there are issues with WDS like dropouts and also the bandwidth is cut as compared to WET. What has been your experience?
     
  6. Mercjoe

    Mercjoe Network Guru Member

    You do have a slight loss in throughput. No question about it. I gauged it to be about 8-10% and that is with WPA2 +AES encryption enabled on a 'G' only link between a WNR3500L and a WRT54G v2.2. The endpoint is NOT the fastest of hardware. The link is about 60 feet away through 2 walls. I hold a steady 48-54 link between them. Your hardware should provide a lot more throughput.

    As for dropouts? My home server (a windows 2008r2 machine) is on the other end of the WDS link. According to the logs, I have never lost the link that I can not account for (such as fiddling with the main router).
     
  7. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Over a year of continuous WDS uptime for me with the exception of power failure in the house. Not suitable for a remote site, though, because re-establishing the connection after power loss doesn't always happen without some fiddling (radio off/on at the same time, simultaneous reboot, or simultaneous save on the Basic settings page). WET is faster and more reliable when it works.
     
  8. Mercjoe

    Mercjoe Network Guru Member

    Marcel,

    In Basic -> Network, at the WDS at the bottom use Automatic instead of Link With.. Just make sure that BOTH sides of the WDS are set up this way. If either end drops out it will reconnect as soon as it detects the correct network. I did power off drop tests a while ago and as soon as the router comes up the WDS comes up as well in a minute or so.

    I agree, WEB is faster, but I would not say more reliable and it is less secure in my testing.
     
  9. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Good advice - usually works for me too, but I have had to arrange a couple of reboot parties. Not sure how "lazy WDS" is more secure than WET though. Specifying MAC addresses seems more secure, though.
     
  10. Mercjoe

    Mercjoe Network Guru Member


    Mac address's can be changed very easily. So what matter that you are specifying what MAC address that you connect to if I can easily mimic it. Just use good encryption and a strong password for the network connection. Everything else is security theatre.

    The less secure part is on the REMOTE end of the bridge. Have you tried to use access controls or ANYTHING that requires MAC address but the computer is on the other side of the link? They do not work. You will not get any error messages. Everything seems to work ok, but you get no actual controls. They only work for computers that are connected to the main router.

    With WDS the network is more coherent and things that are MAC dependent such as MAC based access controls or ARP binding actually work. The network behavior is consistent regardless of which router you are connected to.

    I discovered this the hard way. I used WEB due to the faster speed, and found out that my kids had unfettered access to the internet. Access restrictions limiting internet access availability were enabled but not enforced for all the machines on the remote router. When I shifted to WDS all access restrictions worked as intended.

    I gave up trying to figure out the reason why once I understood what was going on. I just changed to WDS and never looked back.
     
  11. mvsgeek

    mvsgeek Addicted to LI Member

    I've found that WDS reliability is inversely proportional to number of WDS secondary (or tertiary) routers. Also, with disparate hardware, e.g RT-N16 and WRT54GL's, WPA is more predictable than WPA2.

    Despite its shortcomings, I prefer WDS for its better network status reporting. e.g. the Device List page.
     

Share This Page