I wanted to add a second router to my home network such that:
- Devices that connect to it get put on the main LAN network
- No double NAT
- A single DHCP server doling out IP addresses
- The administration panels of all routers are accessible
I ended up buying a Netgear Nighthawk router. It is powerful enough for wired gigabit speeds and has multiple antennas for wifi coverage.
I spent some time looking into "bridge mode" and "routing tables" before figuring out that the way to accomplish this is to configure the second router as an "access point". Here is a network diagram with the second router highlighted.
Here are detailed instructions for configuring that router when it is running Tomato firmware by Shibby. These instructions assume that the router is reset to its default settings. You have connected a single ethernet cable connected to your computer and you can access the web interface of the router you are setting up at http://192.168.1.1.
"Basic" - "Network" configuration
- Disable the WAN
- Check "Bridge WAN port to primary LAN"
- Choose a new IP address for the router that is not currently in use on your network. (I'm assigning it to 192.168.1.77.)
- Disable DHCP
- Set the Gateway to the address of your main router (192.168.1.1 in my case)
- Set the DNS to the address of your main router (192.168.1.1 in my case)
- Enable Wireless
- Set the SSID, security, and password for Wifi to match the settings on your main router
- Save your changes
Reconnect to your new router
Your new router will now have a new address and you will need to switch to it. It will take a couple minutes for the router to come back up with these new settings.
Now that the DHCP server isn't running, you probably need to configure your computer to use a static address temporarily.
"Advanced" - "DHCP/DNS" Configuration
- Disable the DNS and DHCP server
- Choose to use your gateway for a disabled WAN
- Save your changes
Plug this router into your network
Because the WAN port is bridged, all the ports on the router act exactly the same. You can use any port on this router to plug it into the main router and you can use any port on this router (including the WAN port) for other devices.
On your gateway, configure the the IP address you used (192.168.1.77) to be "reserved" or "static". On a Tomato gateway, this can be done by following the "[static]" link in the device list for that IP address. It can also be configured manually from the "Basic" - "Static DHCP/ARP/IPT" page.
That's it!
Your access point router is ready to use.
Sources
- Adapted from instructions by ToastMan
- Network diagram created using draw.io
- Tomato by Shibby
9 thoughts on “Configuring a second router as a WiFi access point using Tomato by Shibby”
Great write-up on configuring a second router as an access point using Tomato by Shibby. Exactly what I was looking for as your sample network architecture is very similar to mine. I made one small change at the very after all other modifications, and thought you might like to know about it.
One thing that troubled me was the loss of the wan port. For one I would prefer to have all five ports available. And second, all other wifi routers that I have configured in this way supported a simple “bridge” mode to accomplish the task. Such routers allow the wan side to be connected to the larger network, regardless of bridge or nat configuration.
I learned that this router supports the use of the wan port under your “bridge-like” configuration example. In fact it is shown in your picture of the wan settings where you have shown how to disable the wan. Two settings below it you will find “Bridge WAN port to primary LAN (br0)”. I checked this, and then attached to it my primary network cable that connects to the gateway. For me works great, and shows as 1000M Full port speed.
While enabling the “Bridge WAN port to primary LAN” option does give the desired effect, I prefer altering the VLAN settings instead – if the router’s internal connections support it. The advantage is that you’re using the internal switch hardware only, and not troubling the Linux side to do the bridging.
I’m using an old WRT54G, which internally has only two network interfaces from the Linux side: eth0 (all wired ports) and eth1 (wireless). There’s in internal managed 6-port switch (1 for eth0, 1 for WAN, 4 for LAN). By default, the WRT54G is configured to use VLANs on eth0 to separate the WAN and LAN traffic, but you can alter that in the Advanced->VLAN page. By removing the “WAN Port” checkmark from VLAN1 and adding it to VLAN0, I put all 5 external ports on the same VLAN. Now Linux only has to handle traffic that gets bridged across to the wireless side of things.
Worked perfectly with my E2500 V3 (Tomato Firmware 1.28.0000 MIPSR2-3.5-140 K26 USB Mega-VPN). My stock firmware would lock up every few weeks, so I’m hoping this won’t or at least I can set it to reboot once a week like my router (E2000 with DD-WRT). It does show my WAN port is in use and my four LAN ports are unplugged. However, I don’t have anything plugged into my WAN port! I would test it by plugging into my actual WAN port but I got everything working and decided to fight the urge to start tweaking. After it has been working for some time, I might do that. Thanks.
Thanks for the detailed tutorial, it helped me to solve exactly that case. Works fine on ASUS RT-N66U with tomato!
I got this working fine. All devices can connect to gateway or access points, and access external IPS, without problem. My only problem is that the access point was not getting a day/time. I think this is because the AP itself cannot talk to the outside, hence cannot talk to the NTP servers. What I mean is that if open a terminal and telnet to the AP, I cannot ping any outside server like e.g. google.com. I have the same HW for both the gateway and the AP. If I connect to the gateway, I can ping any external server. They must be some setting that I need to enable on the AP so that it can reach outside.
Hey, Stephen great write up! I achieve AP with the WAN port.
Basic Settings – WAN section
1. Disable the WAN – Type: Disabled
2. Check “Bridge WAN port to primary LAN (br0)
Basic Settings – LAN section
3. Choose a new IP address for the router that is not currently in use on your network. (I’m assigning it to 192.168.1.77.)
3. Disable DHCP
4. Set the Gateway to the address of your main router
5. Set the DNS to the address of your main router
6. Enable Wireless
7. Set the SSID, security, and password for Wifi to match the settings on your main router
8. Save your changes
Skip the advanced stuff. Use the wan port.
In this setup, the WAN port gets plugged into the upstream router?
Hi
Thanks for doing this. I am about to add my
Linksys 54g to my main Netgear network.
I will keep looking at this and for it becomes more clear by using a pc to read it
It would be very helpful if you designated your gateway as ,say, ROUTER G, and the new unit ROUTER T , so each of your sections is never ambiguous.
That is,
“Your router will now have a new address..”
Is which router? G or T?
For those of us who are less knowledgeable..this would be nice.
I added the word “new” to “new router” in a couple places. Hopefully that makes it a bit clearer.