Cannot WDS two routers in WPA/WPA2 TKIP/AES Mode

Discussion in 'Tomato Firmware' started by Aquafire, Dec 12, 2010.

  1. Aquafire

    Aquafire LI Guru Member

    Hello All,

    I have two routers:

    Linksys WRTSL54GS running Tomato Firmware v1.28.8752 ND USB vpn3.6 acting as the main router connected to the internet via DSL modem on the WAN port. IP Address DHCP enabled.

    Router in is Access Point + WDS mode.

    ASUS WL520GU running Tomato Firmware v1.27.8747 ND USB vpn3.6 acting as a extension router to extend the wireless network range. IP Address DHCP Disabled (get all IP addresses from the main router's DHCP).

    The WAN side is disabled and the IP address for router 1 is entered as the Gateway.

    Router in is Access Point + WDS mode.


    The MAC address of both routers are entered in each other's configuration so they can Link in WDS mode. The SSID on both routers is kept different to know how many people are connected internally and externally.

    This setup works fine in the WEP security mode with a 64-bit key used. Since WEP is old and unsecure I wanted to move to WPA/WPA2 with any encryption.

    However whenever I choose anything else than WEP, router number 2 (or maybe 1) fails to bind to the main router in wireless mode and hence I can only connect to router 1 (via wired network) and cannot reach the interface of router 2 (via wireless). I do keep the same network key on both the routers in WPA mode ( i dont generate random key and enter my own). Alternatively if I connect directly to router 2 SSID then I can only see its interface and cannot browse internet, since it is not binding with router 1.

    I have tried many combinations of WPA/WPA 2 (Personal) and AES/TKIP , however nothing seems to work.

    The routers only bind and make a WDS when both are in WEP mode with the same key entered.

    Is it some limitation of this setup or am I doing something wrong.

    Any guidance would be appreciated.
  2. wouter

    wouter Addicted to LI Member

    I believe with WPA and WPA2, both routers must use the same SSID in WDS mode.
  3. TT76

    TT76 Networkin' Nut Member

    try the same ssid,the same key, and the same channel
  4. Aquafire

    Aquafire LI Guru Member

    Well network key and channel is the same , only SSID is different on both the routers.

    Sounds kinda strange. Will try it. But seems like it is not possible that an early and obsolete method like WEP is doing the job with different SSID, same channel and same key


    a newer and secure method like WPA/WPA2 limits itself to have the same SSID, key and channel.

    Has anyone already tried it to share the results.

  5. wouter

    wouter Addicted to LI Member

  6. roadkill

    roadkill Super Moderator Staff Member Member

  7. Aquafire

    Aquafire LI Guru Member

    So what is your final conclusion based on your adventures. Can I use two routers with tomato in WDS+AP mode , with same key same channel and different SSID with WPA/WPA2 as the security with AES/TKIP as encryption ....or not.? Or do I have to AES only for encryption.

    Thanks for your feedback.

    Thanks for your support. So if using the WET method has it really proven to be successful and realiable. If it is working without any glitch then maybe I can try switching to WET mode.

    If I want to add more routers to the network, then all additional routers should be in WET mode ? Whether or not they are able to be in the wireless range of the main router (the only one in AP) mode ? Any elaboration on that would be appreciated.
  8. TT76

    TT76 Networkin' Nut Member

    the answers of your questions are all yes, and you've got to use a wire connection between you computer and WET router. if you use dd-wrt , you can create a viitual ssid for your pc, then you can use a wireless connection, but tomato cannot do it.
  9. kpucci

    kpucci Networkin' Nut Member

    I have tried this setup as outlined in the Tomatoe FAQ using 2 WRT54G and it does not work for me. I can see the network strength switch as I move from one AP to the other (via inSSIDer) but my laptop does not make the transistion to the AP with stronger signal. If I manually try to connect to the stronger AP, I will get a limited connection error in Windows.

    I have not tried the WET method...mainly because this WDS should work.
  10. Azuse

    Azuse LI Guru Member

    You've enabled stp haven't you? Surprising how many people have failed to make WDS work without it but then, it's surprising how picky tomatos WDS is.
  11. kpucci

    kpucci Networkin' Nut Member

    I have STP on primary router but I will need to confirm on the secondary. Thanks for the hint. Perhaps someone should flip the developer an email noting that his FAQ should include that item.

    Should the router or gateway mode be used on the secondary?

    UPDATE: So I think I got this working, however my windows clients do not seem to auto-choose the strongest of the AP's.

    I have to manually disconnect, then it will find the stronger of the 2 and connect.

    If I then remove the stronger AP, it will go back to the weaker one...but upon re-activation of the stronger AP , it will not auto switch back.
  12. kpucci

    kpucci Networkin' Nut Member

    seems to be stable...but my laptops still will not auto-choose the stronger router/ap.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice