Wireless Client and Access Point?

Discussion in 'Tomato Firmware' started by Kyusaku, Jul 30, 2010.

  1. Kyusaku

    Kyusaku Network Guru Member

    So I have an unusual situation, I doing something for a non-profit. They are set up in a building with wifi but no ethernet jacks work. And the IT department have been unresponsive to requests about trying to activate the building ethernet ports in the office.(I've tested them) So I was wondering if it's possible to make the router act as a client on the building wifi, while creating a private wireless network for the non-profit organization computers?
  2. Kyusaku

    Kyusaku Network Guru Member

    I'm starting to realize that maybe this is not possible with one router. Let's say I have 2 Tomato routers. Do I set one as a Wireless Ethernet Bridge and one as an Access Point for the organization's private network? Or do I use one as Wireless Client mode and the other as Access Point? I should note that the building wireless assigns public IPs, not private IPs.(I've double checked they're public. not private)
  3. greenythebeast

    greenythebeast LI Guru Member

    I assume you'd have to get access to the router that is providing the building's wifi before you could do anything.
  4. RonWessels

    RonWessels Network Guru Member

    Let me make sure I understand what you're looking for. You have a building with WiFi that you have the security information (password, SSID, etc) for and can connect to with a laptop. You want the router to act as a client on that network (call it 192.168.1.X) and provide a separate firewalled network for your purposes (say 192.168.2.X).

    Yes, that's easy. What you want is "Wireless Client" mode. That will use the existing WiFi network as the WAN connection and provide a local network as per configuration. Make sure the network address of your local network is different from the network address of the WiFi network. Note that this will only provide wired interfaces into your new network - the router's radio is busy being a client and therefore cannot provide access point service. If you want your own WLAN, you will need a second router or OpenWRT rather than Tomato.

    And no, this does not require access to any of the existing hardware. To the existing WiFi network, this looks like just another wireless client.
  5. Kyusaku

    Kyusaku Network Guru Member

    Thanks for the confirmation. Yeah, I have the building wifi SSID and WPA password, and would probably hardwire a second router to act as a wifi router of the office. Why would I need OpenWRT instead of Tomato?

    Also I read on the boards that using Wireless Client mode would double NAT the network, and that Wireless Ethernet Bridge should be used instead. Or am I confusing that for some other procedure?
  6. rhester72

    rhester72 Network Guru Member

    Tomato does not (yet) support multiple BSSIDs.

  7. Dagger

    Dagger Networkin' Nut Member

    You don't need multiple SSID's...

    You are correct in that you want one device to act as a client/bridge... which will provide the WAN connection for a second device providing NAT. You will not use the WAN interface on the client/bridge device. The WAN interface on the NAT device will connect to any of the LAN interfaces on the client/bridge device.

    What you are describing is the typical "CPE" configuration used by many WISPs (Wireless ISPs). The difference is that they generally use a purpose-specific device for the client/bridge such as Ubiquity NanoStations...
  8. RonWessels

    RonWessels Network Guru Member

    Actually, if you want a "local" WiFi network, you do want a second SSID. If you don't, wireless clients cannot distinguish between your local WLAN and the building-supplied WLAN.

    Yes, this configuration will double-NAT (assuming that your building's Internet access also goes through a NAT). This is why I was confirming your requirements. Using NAT is a significant component of the firewall protection provided by your router. Specifically, very important to this setup is whether you want your own non-profit network firewalled from the building WiFi network. I was assuming "yes". Using Wireless Ethernet Bridge mode will place anything connected to that router directly on the building's WiFi network with no protection from anyone else on your building's WiFi network.

    In your original request, you indicated that your only access to the building network is via WiFi. Hence the requirement for your router to be in Wireless Client mode. Now you indicate that you have the option of hard-wiring into the building router. In that case, run a cable from the building router to the WAN port of your router and set up your router as you would for any other wired Internet access. Including providing your own WLAN if you want.
  9. Dagger

    Dagger Networkin' Nut Member

    No... read his question carefully. He was asking if he needed to have two SSIDs using Tomato. He only needs to have ONE SSID with Tomato. The originating SSID is coming from the building...not Tomato. And he wasn't saying he has the ability to hardware to the building now... he was talking about hardwiring between two of his own routers... which is what he needs to do.

    If you have one device in client/bridge mode it will not implement NAT or any firewall, it will just bridge the Wireless interface with the LAN ports. Take a second device in normal AP mode and connect the WAN port to one of the LAN ports on the client/bridge device. Only the second device needs to provide NAT/Firewall.
  10. RonWessels

    RonWessels Network Guru Member

    Actually, if you read his original question, he wanted to make the router act as a client on the building WiFi. That means you need to set the SSID to the building's WiFi. Which means that if you want a local WLAN, you need a second SSID for your access point. He implied strongly in his first email that he could not get a wired connection to his router. So, responding to his _first_ posting, you need two SSID's. And yes, as I mentioned, given you can wire-connect from the building network, it _can_ be done in Tomato.
  11. Dagger

    Dagger Networkin' Nut Member

    When you configure a device to act as a client, you simply tell it the SSID of the network you want it to connect to. The client does not instantiate or host a wireless SSID. So if you have two devices with one acting as a client/bridge to the building wireless and the other device hosting the bridged connection via a Wireless AP... then you only have one SSID instantiated.

    It's the same as when you configure your laptop to connect to a wireless network... your laptop is not hosting the SSID.
  12. RonWessels

    RonWessels Network Guru Member

    Ok, perhaps my wording was not precisely correct. Let me try again.

    Tomato does not support simultaneously acting as a client on a wireless network and acting as an access point for another wireless network (with a different SSID). For that functionality, you must use OpenWRT.
  13. Kyusaku

    Kyusaku Network Guru Member

    I'm sorry if my situation might have caused any confusion. I really appreciate the clarifications. I just got a tomato router working as a Wireless client on the building wifi.

    However I have a question now for best form of practice. I've heard that Wireless Ethernet Bridge can also bridge a wireless connection to a wired connection. (For example Router1 is using building WIFI for access to the internet, while I pass an Ethernet connection to Router2, to piggyback on that to connect to the internet.

    Do I stick with Wireless Client mode, and have Router1 handle DHCP for our office network, and have router2 serve as an access point for the office(with DHCP disabled). Or disable DHCP on Router1 and have Router2 handle DHCP client.

    Or do I attempt using Wireless Ethernet Bridge? (only ask this because I heard that using Wireless client mode can cause double NATing while Wireless Ethernet Bridge avoids this) I'm honestly still a bit confused on setting up Wireless Ethernet Bridge mode, I heard that if you set it up it can become completely transparent(which can cause some issues with trying to support the router).
  14. Dagger

    Dagger Networkin' Nut Member

    There are two ways to do it.

    1) Router 1 connects to building's wifi as a client... then connect Router 2 to Router 1 LAN port to LAN port. Basically, the wireless interface on Router 1 will be the WAN port and Router 1 will provide NAT/DHCP... Router 2 will only be an AP (because the wireless interface is still bridged with it's LAN prots).

    2) Router 1 connects to building's wifi as a client/bridge... then connect Router 2's WAN port to Router 1's LAN port. Router 2 will provide NAT/DHCP/AP services the way a normal residential router would.

    I all boils down to which way works best for you... there are no real benefits one way or the other.

    I use UBNT client/bridges with 5 TP-Link routers daisy chained from it as AP's... but setting up a client/bridge with a UBNT radio is easy... I'm not sure how the configuration goes with Tomato.
  15. Kyusaku

    Kyusaku Network Guru Member

    Thanks so much Dagger, very informative and appreciate the background information. I kind of wish I could deal with extensive hardware like that. But this is a very small non-profit organization, that needs minimal support. I wish I didn't even need to pose this question, but the IT support that handles the building this organization hasn't be at all responsive so I needed to come up with some kind of solution. Currently the office staff have been dealing with filesharing over email as well as physically connecting their laptops to a central printer, that has be a bit of a pain. (I have already tested the printing support on the router and works with the printer they are using so I think I am set.)
  16. RonWessels

    RonWessels Network Guru Member

    I agree with Dagger that those are your two options using Tomato. As I mentioned, you do have a third option to switch to OpenWRT to have the same router perform both client and access point functionality.

    Regardless of which option you take, you going to double-NAT. You really can't get around that if you want an isolated private network - it must NAT to the building WiFi, which then presumably also NAT's to the Internet.

    Assuming you stick with Tomato, the choice of Wireless Client vs Wireless Ethernet Bridge can be essentially whatever you want. There may be some differences in the wireless security supported by both modes, so select whichever supports the building WiFi. If both do, I would stick with the Wireless Client and separate access point, essentially to maximize the number of wired ports available for your private network. With Wireless Ethernet Bridge mode, the wired ports are on the building's network, and only the LAN ports on your second router support your private network. With Wireless Client, the LAN ports on your first router are your private network as are the other LAN ports on your second router (acting as an access point).
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice