Configuring a second router as a WiFi access point using Tomato by Shibby

I wanted to add a second router to my home network such that:

  • Devices that connect to it get put on the main LAN network
  • No double NAT
  • A single DHCP server doling out IP addresses
  • The administration panels of all routers are accessible

I spent some time looking into “bridge mode” and “routing tables” before figuring out that the way to accomplish this is to configure the second router as an “access point”. Here is a network diagram with the second router highlighted.

Here are detailed instructions for configuring that router when it is running Tomato firmware by Shibby. These instructions assume that the router is reset to its default settings. You have connected a single ethernet cable connected to your computer and you can access the web interface of the router you are setting up at

“Basic” – “Network” configuration

  1. Disable the WAN
  2. Choose a new IP address for the router that is not currently in use on your network. (I’m assigning it to
  3. Disable DHCP
  4. Set the Gateway to the address of your main router
  5. Set the DNS to the address of your main router
  6. Enable Wireless
  7. Set the SSID, security, and password for Wifi to match the settings on your main router
  8. Save your changes

Reconnect to your router

Your router will now have a new address and you will need to switch to it. It will take a couple minutes for the router to come back up with these new settings.

Now that the DHCP server isn’t running, you probably need to configure your computer to use a static address temporarily.

“Advanced” – “DHCP/DNS” Configuration

  1. Disable the DNS and DHCP server
  2. Choose to use your gateway for a disabled WAN
  3. Save your changes

Plug this router into your network

The WAN port has been disabled, so don’t try to use it. Plug both your upstream gateway and wired clients into the LAN ports. This allows this new router to act more like a switch than a router.

On your gateway, configure the the IP address you used ( to be “reserved” or “static”. On a Tomato gateway, this can be done by following the “[static]” link in the device list for that IP address. It can also be configured manually from the “Basic” – “Static DHCP/ARP/IPT” page.

That’s it!

Your access point router is ready to use.


Leave a comment

Your email address will not be published. Required fields are marked *

3 thoughts on “Configuring a second router as a WiFi access point using Tomato by Shibby

  • Robert

    Great write-up on configuring a second router as an access point using Tomato by Shibby. Exactly what I was looking for as your sample network architecture is very similar to mine. I made one small change at the very after all other modifications, and thought you might like to know about it.

    One thing that troubled me was the loss of the wan port. For one I would prefer to have all five ports available. And second, all other wifi routers that I have configured in this way supported a simple “bridge” mode to accomplish the task. Such routers allow the wan side to be connected to the larger network, regardless of bridge or nat configuration.

    I learned that this router supports the use of the wan port under your “bridge-like” configuration example. In fact it is shown in your picture of the wan settings where you have shown how to disable the wan. Two settings below it you will find “Bridge WAN port to primary LAN (br0)”. I checked this, and then attached to it my primary network cable that connects to the gateway. For me works great, and shows as 1000M Full port speed.

    • dru

      While enabling the “Bridge WAN port to primary LAN” option does give the desired effect, I prefer altering the VLAN settings instead – if the router’s internal connections support it. The advantage is that you’re using the internal switch hardware only, and not troubling the Linux side to do the bridging.

      I’m using an old WRT54G, which internally has only two network interfaces from the Linux side: eth0 (all wired ports) and eth1 (wireless). There’s in internal managed 6-port switch (1 for eth0, 1 for WAN, 4 for LAN). By default, the WRT54G is configured to use VLANs on eth0 to separate the WAN and LAN traffic, but you can alter that in the Advanced->VLAN page. By removing the “WAN Port” checkmark from VLAN1 and adding it to VLAN0, I put all 5 external ports on the same VLAN. Now Linux only has to handle traffic that gets bridged across to the wireless side of things.

  • Bruce

    Worked perfectly with my E2500 V3 (Tomato Firmware 1.28.0000 MIPSR2-3.5-140 K26 USB Mega-VPN). My stock firmware would lock up every few weeks, so I’m hoping this won’t or at least I can set it to reboot once a week like my router (E2000 with DD-WRT). It does show my WAN port is in use and my four LAN ports are unplugged. However, I don’t have anything plugged into my WAN port! I would test it by plugging into my actual WAN port but I got everything working and decided to fight the urge to start tweaking. After it has been working for some time, I might do that. Thanks.