I’ve been happily using my Tomato router with a guest wireless VLAN isolated from my main wired LAN. I described the setup here. Now, I want to bridge a second router using the Wireless Distribution System (WDS). Setting up a Netgear WGT624v3 as the bridged router was a challenge in itself, so I wrote that up here. But once I got bridge mode working, I was somewhat alarmed to find that the bridged router was getting IP addresses from the main (supposedly secure, wired) LAN, not from the wireless VLAN, even though it was connected wirelessly! Especially considering that bridged mode on the Netgear only works with WEP security, I definitely needed to get the bridged router off the main VLAN and onto the guest wireless VLAN.
With the help of the author of Tomato’s VLAN GUI, I was able to move the WDS bridge interface from VLAN 1 (my main LAN) to the VLAN 3 (my guest VLAN).
For the record, these steps apply to Tomato Firmware v1.28.4407 MIPSR2-Toastman-VLAN-RT K26 VPN. Use at your own risk!
Short Answer
In the Tomato UI, go to Administration > Scripts, click on the Firewall tab, and add the following commands:
# Delete WDS bridge interface from br0
brctl delif br0 wds0.1
# Add WDS bridge interface to br1
brctl addif br1 wds0.1
Reboot the Tomato router and the bridged router and confirm that the latter is now connected to the wireless VLAN.
Long Answer
If you want to understand what is going on (and it’s not as complicated as it sounds at first), you can execute some commands from the Tools > System menu, or connect to the router using Telnet. (I use Putty as a Telnet client under Windows 7.)
Here the commands I ran (each command is preceded by a #) and their output.
Before Enabling WDS (Wireless Mode = “Access Point”)
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.c0c1c0767376 no vlan1
br1 8000.c0c1c0767376 no vlan3
eth1
After Enabling WDS (Wireless Mode = “Access Point + WDS”, Link With = other router’s MAC address)
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.c0c1c0767376 no vlan1
wds0.1
br1 8000.c0c1c0767376 no vlan3
eth1
Note that wds0.1 is connected to br0, which is VLAN 1 (see the original article). That’s the problem! We need wds0.1 to be connected to br1, i.e. VLAN 3.
brctl Commands
# brctl -h
Usage: brctl [commands]
commands:
addbr <bridge> add bridge
delbr <bridge> delete bridge
addif <bridge> <device> add interface to bridge
delif <bridge> <device> delete interface from bridge
setageing <bridge> <time> set ageing time
setbridgeprio <bridge> <prio> set bridge priority
setfd <bridge> <time> set bridge forward delay
sethello <bridge> <time> set hello time
setmaxage <bridge> <time> set max message age
setpathcost <bridge> <port> <cost> set path cost
setportprio <bridge> <port> <prio> set port priority
show show a list of bridges
showmacs <bridge> show a list of mac addrs
showstp <bridge> show bridge stp info
stp <bridge> {on|off} turn stp on/off
The delif and addif commands look promising…
Move wds0.1 from VLAN 1 (br0) to VLAN 3 (br1)
# brctl delif br0 wds0.1
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.c0c1c0767376 no vlan1
br1 8000.c0c1c0767376 no vlan3
eth1
# brctl addif br1 wds0.1
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.c0c1c0767376 no vlan1
br1 8000.c0c1c0767376 no vlan3
eth1
wds0.1
Voila! wds0.1 is now hanging off the br1 interface. Without a reboot of the Tomato router, after restarting my bridged router, machines connected to the bridged router get IP addresses from the same VLAN as the wireless and are not able to access machines on the wired VLAN.
All that remains is to put those delif and addif commands in a startup script as described in the “Short Answer” above.
Pingback: Use a Netgear WGT624v3 as a Bridge | MCB Systems