It’s shaping up to be a wet and gloomy Labour Day (yes, we spell it with a “u” up here) weekend here in my corner of Manitoba, so I made plans to finally get my home lab server up and running with ESXi. That part is done, and I should get Windows Server 2012 R2 and Kali Linux VMs running as well. I wanted to do this before getting too into my studies for CWSP (Certified Wireless Security Professional).
One road block I hit was that in my current home, there is no wired network access in my fungeon (Fun-dungeon. It’s a play on words – get it?) where my gear currently resides, disconnected and forgotten. What good is a server that you can’t access from your comfy couch? No good, I tells ya. We’re currently renting, so I’m not about to run cables. I thought about using one of my Aerohive, Meraki, or Aruba APs as a workgroup bridge, but didn’t for a few reasons:
- Aruba stuff is still in the box (hope to change that shortly).
- Not sure a Meraki MR34 is capable of such a thing (can anyone confirm?).
- Aerohive AP230 is currently my main AP for the home network, sure didn’t want to spend all day revamping that.
- All of the above are high-end enterprise access points to be used for testing and education, not for sitting on a desk dedicated to a task I can do with pretty much anything.
I had an old TP-Link WR1043ND router stuffed in a closet and decided to see what I could do with it. It’s a 2.4 GHz-only, 2 spatial stream device with 4 gigabit LAN ports; won’t be a rocket but it will move some bits around. I’ll be looking at my RF environment to consider a 40 MHz channel…Note to any seasoned wi-fi pros who may be in the audience: this is definitely not an overly technical post. I’ll cover:
- Benefits of workgroup bridges,
- Flashing your device to DD-WRT, and
- Configuring your new DD-WRT device as a workgroup bridge by setting up a management IP address and the wireless interface.
Workgroup bridges (WGBs), called client bridges in DD-WRT, are used to connect wired clients to the network in areas where only wireless access is available. The WGB connects to an access point, the wired clients can plug into the WGB’s Ethernet ports, and voila! Switch-like wireless connectivity…HA I’m just keeeeeding. What you get is a transparent bridge. Just keep in mind that any clients you wire up to the WGB are sharing airtime amongst each other AND any other clients connected to the AP with the WGB. And here I am using one to connect a server…in 2.4 GHz…smashing, Basil! (disclaimer: it’s a rainy long weekend, I’m Canadian, I MIGHT be drinking and blogging).
WGBs are a handy weapon to have in your quiver. We recently had a school under renovation for most of the year, and temporary classrooms were constructed in one of the gymnasiums. The photocopier was plunked right in the middle; how to connect it? Drumroll please…enter the workgroup bridge! They’re also great for locations where running cable isn’t feasible, such as historic sites or old buildings riddled with asbestos (made in Canada, dontcha know eh?). Of course, there’s always a USB adapter or PCIe card; let your requirements/OS/budget/users/horoscope/Ouija board be your guide.
It took me about 5 minutes to determine that the stock TP-Link firmware wouldn’t work for me. It has an option for WDS bridge, but still broadcasts its own SSID (didn’t want that), and so the next option was DD-WRT. This really is a very simple process. The steps should be very similar for most SOHO routers supported by DD-WRT. You can check if your device is supported at their DD-WRT’s router database page.
I should note one gotcha for the WR1043ND: if the serial number starts with 12, you’ll need to perform an additional step before flashing DD-WRT. If you don’t, the WAN port will shut down. You can read about that at this post written by Joey Iodice. He actually covers the entire flashing process as well. I skipped that step because 1) my s/n starts with 11, and 2) I don’t need the WAN port. I’d suggest a quick Google search on flashing your model with any aftermarket firmware beforehand, just in case there are some little details such as this that might effect your outcome.
If you have some router laying around and can’t remember the IP address or login credentials, reset it to factory default. This can be done on the TP-Link by pushing the reset button with a paperclip for 5 seconds and waiting for it to reboot. Google your device’s make and model number to find the user guide, and it should tell you how to reset it. You’ll also want to determine the default IP address, username, and password so you can login after it finishes resetting. Download and save the manual so you can access it offline. Reset the device now, and then you can come back to it in a few minutes.
If you didn’t visit the link for the router database above, you will need to now in order to download the correct version of DD-WRT for your device. So head there, and then type in WR1043 (or the first few characters of your router’s model number). The page should auto-search as you type. You should see something like this next image.
Click on the line that matches your device, and you’ll get something like this page.
If you’re going from factory firmware to DD-WRT, click on the “factory-to-ddwrt.bin” file name to download and save it somewhere easy to remember, such as your desktop. When the download completes, connect to your device with an Ethernet cable. Your computer should pull an IP address via DHCP, as this is the default configuration for most routers. At this point you may want to disable your wi-fi adapter to avoid confusion. You can then browse to the default IP address by typing it into the address bar in your web browser. For the TP-Link, this is 192.168.1.1, and the username/password is admin/admin. If you’re using a different device, check your user guide for the default login credentials.
Once you’re logged in, you’ll want to look at the menu on the left-hand side and select System Tools and below that, Firmware Upgrade. For other routers you may be looking for a menu like Maintenance or Administration. Your user manual that you found on Google should tell you how to update the firmware.
Click Browse, select the “factory-to-ddwrt.bin” file that you downloaded earlier, and hit Upgrade. You’ll have to wait a minute or two for the upgrade to complete, and for the device to reboot. After reboot, the DD-WRT web GUI can be accessed at 192.168.11.1 (in my case; yours may be different). You may need to change your computer’s IP address to something on the 192.168.11.0/24 subnet (192.168.11.2 with subnet mask 255.255.255.0, don’t need a default gateway for now) if you don’t get one assigned via DHCP, but I believe DHCP is enabled by default. If you got an address by DHCP, you can check your default gateway; this should be the new address of your device. So, browse to 192.168.11.1 (or whatever you determined your device’s address to be) and you should see this page.
Set your username and password to whatever you’d like and click Change Password. You might have to refresh your browser or clear the “/apply.cgi” from the address bar afterwards. Either way, you should now be at the System Information screen.
Click the Setup tab and you’ll be taken to the Basic Setup screen. I did the following:
- disable the WAN port.
- set a LAN IP address for management, as well as the subnet mask, default gateway and DNS for my network.
- disable the DHCP server.
You can also set up NTP if you care. I did not, so it’s cut out of the image below. At the bottom of the screen there will be an Apply Settings button; click it to apply and save your settings. You do not need to hit the Save button if you click Apply Settings. If you disabled the DHCP server, you’ll now have to assign your computer an IP address on the same subnet that you configured your device for.
Once you’ve reconnected using the new IP address, click on the Wireless tab (second from left) and then Basic Settings. You’ll need to configure the Wireless Mode as Client Bridge (Routed). The rest of the settings will depend on your device and network. You’ll need to specify the SSID that you want to connect to, but you can leave the Channel at Auto. Hopefully if you’re using 2.4 GHz, you’re being a good neighbour (yep, the “u” again) and using 20 MHz channels (unless you have no neighbours, which will be my situation in a few months). Selecting the Client Bridge mode will disable the SSID Broadcast option after you hit Apply Settings to apply and save your configuration.
After your settings have been applied and saved, your next task is to set up the wireless security settings (assuming you have some!?). Click on the Wireless Security tab and configure your (hopefully) WPA2 preshared key and click Apply Settings. If you’re using WEP or TKIP, well…I’m not mad; I’m just disappointed.
Once the spinning wheel goes away, you should be good to go. You can test by opening a command prompt or terminal and pinging your router, default gateway, or any other device on your network that is on the other side of your new wireless bridge. Your next step is to configure your computer for DHCP or complete its manual IP configuration, if you didn’t before, with a default gateway and DNS server(s). Make sure you are NOT connected to your own wi-fi (disabling your adapter works), but are connected via Ethernet to your new workgroup bridge, and then open a browser and try to visit some web sites or run a speed test.
DD-WRT makes this a pretty simple exercise, and a workgroup bridge can be a handy thing to have around the house, especially for printers. Thanks for reading! Please comment if you have any questions or suggestions.