Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


4948 posts

Uber Geek
+1 received by user: 2007


Topic # 150617 28-Jul-2014 17:04
Send private message

Over the weekend I installed a NetGear WN_2500_RP WiFi extender, connecting it wirelessly to my router (Netgear WNDR3700).

I use a wireless card access list on my router

With the access list in use, devices connected to the extender wirelessly of physically have no internet access.

If I turn off the access list devices physically or wirelessly connected to the extender have internet access.

I want to keep using the access list so I'm looking for a solution.  All suggestions appreciated

What I'm Doing: -

I am plugging three devices that require physical network connections into the Ethernet ports on the repeater.

This is the cheapest way to connect these devices to the router as the house lacks network wiring.


What I Did: -

I turned off the access card list on the router and was able to connect the extender to the router's 5GHz SSID via the extender's set up wizard.

I gave the extender's SSIDs different names to the router's SSIDs.

The physically connected devices (network AV receiver, BD player) were able to access the internet and function as normal.

I was able to connect my computer to the extender's SSIDs and access the internet.

The extender has two MAC addresses.  One shows up as 2500RP, the other has no name.  The router detected both and I added both to the access list, giving each MAC a locally unique name.

I then applied the access list, the router rebooted and both of the extender's MAC addresses were included in the access list. However, devices connected physically or wirelessly to the extender could no longer access the internet or the router interface.

Direct access to the routers SSIDs is working as normal.




Mike

Filter this topic showing only the reply marked as answer Create new topic
26922 posts

Uber Geek
+1 received by user: 6358

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1097278 28-Jul-2014 18:03
2 people support this post
Send private message

How it's working is exactly as it's designed - a repeater works at layer2 and isn't necessarily transparent so will merely masquerade the MAC address of the repeater. They're also a horrible solution that immediately halves your WiFi throughput and should only be used in circumstances where there are no other options.

If you insist on an ACL you'll need to look at what you're trying to achieve with an ACL, and how to engineer your network with an additional AP that's not a repeater.

In your situation your best solution is a bridge - not a repeater.






21382 posts

Uber Geek
+1 received by user: 4333

Trusted
Subscriber

  Reply # 1097294 28-Jul-2014 18:23
Send private message

You need to look at what the first router sees those devices mac address as, sometimes they are all as the repeaters address, sometimes they get a bastardised randomish one based on the first connected device to connect to the repeater.

if the latter then you cannot use mac address filtering on the main router. If the former then just put the mac address of the repeater in on the router.

Be aware it will not be the mac address that shows in the dhcp table of the router in most cases as the repeater will relay that so that things get the same ip address when on the repeater or on the router directly.




Richard rich.ms

3224 posts

Uber Geek
+1 received by user: 624

Trusted

  Reply # 1097645 29-Jul-2014 08:48
Send private message

Move away from using an ACL
They provide no extra security - I can get into an ACL protected router faster than I can get into a WEP protected one.




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here






4948 posts

Uber Geek
+1 received by user: 2007


  Reply # 1097743 29-Jul-2014 10:39
Send private message

The router sees the repeater as the two MAC addresses printed on stickers on the repeater.  These two MAC addresses that are entered in the access list.

richms: You need to look at what the first router sees those devices mac address as, sometimes they are all as the repeaters address, sometimes they get a bastardised randomish one based on the first connected device to connect to the repeater.

if the latter then you cannot use mac address filtering on the main router. If the former then just put the mac address of the repeater in on the router.

Be aware it will not be the mac address that shows in the dhcp table of the router in most cases as the repeater will relay that so that things get the same ip address when on the repeater or on the router directly.




Mike



4948 posts

Uber Geek
+1 received by user: 2007


  Reply # 1097758 29-Jul-2014 10:50
Send private message

raytaylor: Move away from using an ACL
They provide no extra security - I can get into an ACL protected router faster than I can get into a WEP protected one.


I'm using: -

WPA2;
A complex key; and
An ACL.

Only I have the admin password required to add people to the list.

My intention with the ACL is to limit use to family and adult guests.

If the ACL list is a waste of time for this purpose , I'd be happy to ditch it (one less thing to maintain).




Mike

3224 posts

Uber Geek
+1 received by user: 624

Trusted

  Reply # 1097820 29-Jul-2014 12:17
Send private message

It is pretty much a waste of time.
All you really need is the WPA or WPA2 passkey.

If you have kids that want to access it temporarily, then just switch on/off the guest wifi box inside the router admin and have a different password on the guest SSID




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here






4948 posts

Uber Geek
+1 received by user: 2007


  Reply # 1098544 30-Jul-2014 12:41
Send private message

Out of curiosity, if I know the key, how do I bypass the ACL?




Mike

21382 posts

Uber Geek
+1 received by user: 4333

Trusted
Subscriber

  Reply # 1098675 30-Jul-2014 16:02
One person supports this post
Send private message

Clone the mac address of a user that is on the list.




Richard rich.ms

3224 posts

Uber Geek
+1 received by user: 624

Trusted

  Reply # 1098947 31-Jul-2014 04:47
Send private message

richms: Clone the mac address of a user that is on the list.


To clarify - you just run netstumbler, which lists the client devices attached to an AP
Then you just set your wireless card in your laptop to use the same mac address as one already attached to the AP.

It can be a little patchy to use with half the packets not arriving to you straight away, but allows you to get in for the most part, and works perfectly fine when the device of the mac address you cloned gets switched off.




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here






4948 posts

Uber Geek
+1 received by user: 2007


  Reply # 1100106 1-Aug-2014 15:37
Send private message

OK thanks.  I'd still appreciate suggestions for getting the ACL to recognise the wireless extender though.  Bugs me that it doesn't work, when it should.




Mike

3224 posts

Uber Geek
+1 received by user: 624

Trusted

  Reply # 1100405 2-Aug-2014 02:46
Send private message

Wireless extenders use a protocol called WDS which is an extension to the general Wifi protocol.

I dont think WDS was ever standardised - there are a few rules that different manufacturers follow, but there are some other parts of it that manufacturers set by themselves.
Historically if you had a dlink router, you couldnt use a netgear repeater.
This has changed now so that many 'repeaters' are compatible with multiple different brands - i would guesstimate around 80% now where it used to be closer to 50%

Anyhow, it seems to be that you have found part of the WDS specification that isnt compatible and I personally doubt it can be solved.
The repeater manufacturer or the router manufacturer dont necessarily need to make the features like ACL's compatible with the WDS add-on specifications.

Its sort of like two dialects of the same language - they can generally understand each other, but there are little pieces that dont quite match up.




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




26922 posts

Uber Geek
+1 received by user: 6358

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1100460 2-Aug-2014 08:29
Send private message

MikeAqua: OK thanks.  I'd still appreciate suggestions for getting the ACL to recognise the wireless extender though.  Bugs me that it doesn't work, when it should.


As explained above, it's obviously not transparent. This means the MAC address of devices behind it are being masquerared by the repeater which will simply shot it's own mac address.

Use the correct piece of kit for your application (a bridge than supports full layer 2 bridging which 99% do) and the problem will go away.




21382 posts

Uber Geek
+1 received by user: 4333

Trusted
Subscriber

  Reply # 1100487 2-Aug-2014 09:52
Send private message

A wireless bridge won't help unless you want to put the access list on both devices.

Not many repeaters do was. They all do the mac address spoofing since that is virtually 100% compatible since the ap just sees it as a single wireless client. In either case the access list on the router will only apply to its directly connected clients.




Richard rich.ms



4948 posts

Uber Geek
+1 received by user: 2007


  Reply # 1101707 4-Aug-2014 13:56
Send private message

Thanks for your replies, I just want to double check I have correctly explained the problem I am having.

I am not trying to connect any wireless devices (e.g. phone, tablet) to the wireless router via the repeater. 

I am physically connecting wired devices (Onkyo Network Receiver, Samsung Smart Hub BD, Dish Freeview Satellite Receiver) to the repeater and connecting the repeater wirelessly to the router.  It's a work around for a lack of network to a location where it's now impossible to run cabling to.  I am happy with the performance of this connection for Spotify, TVNZ OD, streaming audio.

Some questions  that occurred to me: -
- Would those physically connected devices have MACs?
- If they do and their MACs are forwarded by the repeater, might they appear to the wireless router to be wireless MACs?
- Should I try adding them to the ACL on the router?

I'm still struggling to understand if the wireless router detects the repeater or it detects the devices physically connected to it.  It seems to be the former.

I can take the repeater back for a refund as I very clearly asked about all this when I bought it.





Mike



4948 posts

Uber Geek
+1 received by user: 2007


  Reply # 1138247 26-Sep-2014 13:52
Send private message

I've solved this problem.  Adding the MAC addresses for the AV receiver, sat box and BD player into the router list did the trick.

They were being forwarded to the wireless router by the repeater, so to the router they appeared to be wireless devices that weren't in the approved list.




Mike

Filter this topic showing only the reply marked as answer Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.