Help Please: Adding WiFi Repeater to Router Wifi Card List

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Help Please: Adding WiFi Repeater to Router Wifi Card List

MikeAqua

7608 posts

Uber Geek

#150617 28-Jul-2014 17:04

Over the weekend I installed a NetGear WN_2500_RP WiFi extender, connecting it wirelessly to my router (Netgear WNDR3700).

I use a wireless card access list on my router

With the access list in use, devices connected to the extender wirelessly of physically have no internet access.

If I turn off the access list devices physically or wirelessly connected to the extender have internet access.

I want to keep using the access list so I'm looking for a solution. All suggestions appreciated

What I'm Doing: -

I am plugging three devices that require physical network connections into the Ethernet ports on the repeater.

This is the cheapest way to connect these devices to the router as the house lacks network wiring.

What I Did: -

I turned off the access card list on the router and was able to connect the extender to the router's 5GHz SSID via the extender's set up wizard.

I gave the extender's SSIDs different names to the router's SSIDs.

The physically connected devices (network AV receiver, BD player) were able to access the internet and function as normal.

I was able to connect my computer to the extender's SSIDs and access the internet.

The extender has two MAC addresses. One shows up as 2500RP, the other has no name. The router detected both and I added both to the access list, giving each MAC a locally unique name.

I then applied the access list, the router rebooted and both of the extender's MAC addresses were included in the access list. However, devices connected physically or wirelessly to the extender could no longer access the internet or the router interface.

Direct access to the routers SSIDs is working as normal.

Mike

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1097278 28-Jul-2014 18:03

How it's working is exactly as it's designed - a repeater works at layer2 and isn't necessarily transparent so will merely masquerade the MAC address of the repeater. They're also a horrible solution that immediately halves your WiFi throughput and should only be used in circumstances where there are no other options.

If you insist on an ACL you'll need to look at what you're trying to achieve with an ACL, and how to engineer your network with an additional AP that's not a repeater.

In your situation your best solution is a bridge - not a repeater.

Lenovo

Lenovo computer and accessories deals (affiliate link).

richms

26382 posts

Uber Geek

Trusted

Subscriber

#1097294 28-Jul-2014 18:23

You need to look at what the first router sees those devices mac address as, sometimes they are all as the repeaters address, sometimes they get a bastardised randomish one based on the first connected device to connect to the repeater.

if the latter then you cannot use mac address filtering on the main router. If the former then just put the mac address of the repeater in on the router.

Be aware it will not be the mac address that shows in the dhcp table of the router in most cases as the repeater will relay that so that things get the same ip address when on the repeater or on the router directly.

Richard rich.ms

raytaylor

3833 posts

Uber Geek

Trusted

#1097645 29-Jul-2014 08:48

Move away from using an ACL
They provide no extra security - I can get into an ACL protected router faster than I can get into a WEP protected one.

Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

MikeAqua

7608 posts

Uber Geek

#1097743 29-Jul-2014 10:39

The router sees the repeater as the two MAC addresses printed on stickers on the repeater. These two MAC addresses that are entered in the access list.

richms: You need to look at what the first router sees those devices mac address as, sometimes they are all as the repeaters address, sometimes they get a bastardised randomish one based on the first connected device to connect to the repeater.

if the latter then you cannot use mac address filtering on the main router. If the former then just put the mac address of the repeater in on the router.

Be aware it will not be the mac address that shows in the dhcp table of the router in most cases as the repeater will relay that so that things get the same ip address when on the repeater or on the router directly.

Mike

MikeAqua

7608 posts

Uber Geek

#1097758 29-Jul-2014 10:50

raytaylor: Move away from using an ACL
They provide no extra security - I can get into an ACL protected router faster than I can get into a WEP protected one.

I'm using: -

WPA2;
A complex key; and
An ACL.

Only I have the admin password required to add people to the list.

My intention with the ACL is to limit use to family and adult guests.

If the ACL list is a waste of time for this purpose , I'd be happy to ditch it (one less thing to maintain).

Mike

raytaylor

3833 posts

Uber Geek

Trusted

#1097820 29-Jul-2014 12:17

It is pretty much a waste of time.
All you really need is the WPA or WPA2 passkey.

If you have kids that want to access it temporarily, then just switch on/off the guest wifi box inside the router admin and have a different password on the guest SSID

Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

MikeAqua

7608 posts

Uber Geek

#1098544 30-Jul-2014 12:41

Out of curiosity, if I know the key, how do I bypass the ACL?

Mike

richms

26382 posts

Uber Geek

Trusted

Subscriber

#1098675 30-Jul-2014 16:02

Clone the mac address of a user that is on the list.

Richard rich.ms

raytaylor

3833 posts

Uber Geek

Trusted

#1098947 31-Jul-2014 04:47

richms: Clone the mac address of a user that is on the list.

To clarify - you just run netstumbler, which lists the client devices attached to an AP
Then you just set your wireless card in your laptop to use the same mac address as one already attached to the AP.

It can be a little patchy to use with half the packets not arriving to you straight away, but allows you to get in for the most part, and works perfectly fine when the device of the mac address you cloned gets switched off.

Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

MikeAqua

7608 posts

Uber Geek

#1100106 1-Aug-2014 15:37

OK thanks. I'd still appreciate suggestions for getting the ACL to recognise the wireless extender though. Bugs me that it doesn't work, when it should.

Mike

raytaylor

3833 posts

Uber Geek

Trusted

#1100405 2-Aug-2014 02:46

Wireless extenders use a protocol called WDS which is an extension to the general Wifi protocol.

I dont think WDS was ever standardised - there are a few rules that different manufacturers follow, but there are some other parts of it that manufacturers set by themselves.
Historically if you had a dlink router, you couldnt use a netgear repeater.
This has changed now so that many 'repeaters' are compatible with multiple different brands - i would guesstimate around 80% now where it used to be closer to 50%

Anyhow, it seems to be that you have found part of the WDS specification that isnt compatible and I personally doubt it can be solved.
The repeater manufacturer or the router manufacturer dont necessarily need to make the features like ACL's compatible with the WDS add-on specifications.

Its sort of like two dialects of the same language - they can generally understand each other, but there are little pieces that dont quite match up.

Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1100460 2-Aug-2014 08:29

MikeAqua: OK thanks. I'd still appreciate suggestions for getting the ACL to recognise the wireless extender though. Bugs me that it doesn't work, when it should.

As explained above, it's obviously not transparent. This means the MAC address of devices behind it are being masquerared by the repeater which will simply shot it's own mac address.

Use the correct piece of kit for your application (a bridge than supports full layer 2 bridging which 99% do) and the problem will go away.

richms

26382 posts

Uber Geek

Trusted

Subscriber

#1100487 2-Aug-2014 09:52

A wireless bridge won't help unless you want to put the access list on both devices.

Not many repeaters do was. They all do the mac address spoofing since that is virtually 100% compatible since the ap just sees it as a single wireless client. In either case the access list on the router will only apply to its directly connected clients.

Richard rich.ms

MikeAqua

7608 posts

Uber Geek

#1101707 4-Aug-2014 13:56

Thanks for your replies, I just want to double check I have correctly explained the problem I am having.

I am not trying to connect any wireless devices (e.g. phone, tablet) to the wireless router via the repeater.

I am physically connecting wired devices (Onkyo Network Receiver, Samsung Smart Hub BD, Dish Freeview Satellite Receiver) to the repeater and connecting the repeater wirelessly to the router. It's a work around for a lack of network to a location where it's now impossible to run cabling to. I am happy with the performance of this connection for Spotify, TVNZ OD, streaming audio.

Some questions that occurred to me: -
- Would those physically connected devices have MACs?
- If they do and their MACs are forwarded by the repeater, might they appear to the wireless router to be wireless MACs?
- Should I try adding them to the ACL on the router?

I'm still struggling to understand if the wireless router detects the repeater or it detects the devices physically connected to it. It seems to be the former.

I can take the repeater back for a refund as I very clearly asked about all this when I bought it.

Mike

MikeAqua

7608 posts

Uber Geek

#1138247 26-Sep-2014 13:52

I've solved this problem. Adding the MAC addresses for the AV receiver, sat box and BD player into the router list did the trick.

They were being forwarded to the wireless router by the repeater, so to the router they appeared to be wireless devices that weren't in the approved list.

Mike