How to configure a TL-WR340GD or TL-WR-642G or or TL-WR720N or TL-WR1043ND (the D stands for Detachable antenna) wireless router (manufactured by TP-LINK) to become a secondary wireless WiFi Access Point. You can do similar configuration with Linksys WRT54G that has DD-WRT firmware.
Typically if you have a wireless router in the home or office (just behind a cabled modem or DSL modem, see this diagram), the wireless router should be configured as a router (factory default configuration). However, you may want to add another wireless device to expand or improve your WiFi wireless coverage (see this diagram), it is sometimes better to configure the secondary wireless device as an "Access Point" instead of a "router behind a router". Reason: all your internal computers and peripherals (e.g. network printers, network share drivers, etc) are now on the same IP network (geeks terminology: "they are on the same subnet") so they can share resources and communicate with each other as if they were connected directly by CAT-5 wiring on the same hub/switches.
Why not use the "wireless bridge mode"
Because the bridge mode available in early generation TP-LINK can only support WEP encryption. The master encryption key in WEP can be recovered easily using well known BackTrack hacking software. With this article, you can configure your wireless AP to use the safer WPA2 encryption. You also get much better over-the-air data throughput using AP in stead of using bridge mode.
- A CAT-5 cable run connecting the primary and secondary AP, see this diagram.
- Find out your local area network IP
address range - on a networked PCs, pop a "cmd"
For Windows XP, type (case sensitive) ipconfig | find "Address" to get an idea of what it might be.
For Windows 7, type (case sensitive) ipconfig | find "IPv4" to get an idea of what it might be.
For Windows 8, press the key and "R" key simultaneously, the "RUN" screen comes up, type cmd, a black screen pops up, type ipconfig | find "IPv4" to get an idea of what IP address you are using.
- Find out, from your primary wireless router, which wireless encryption scheme is used. Commonly used encryption schemes are NONE, WEP, WPA, WPA2.
- Unless you have obsolete devices that
need to connect with broken encryption scheme, there is no reason
to use NONE, WEP, WPA any more.
- WPA2 is the current encryption
- For Wi-Fi encryption, the acronym
"PSK" stands for Pre Shared Key. It is equivalent to saying "use
password". This is the most common method for consumers and small
businesses. For large corporations, university campuses and
government installations, they typically use "Enterprise" or
"Radius" authentication which requires a Radius Server which is
not commonly found in households or small businesses.
- As usual, you need to choose a strong password (non-dictionary word) consists of upper and lower case letters, numbers and special characters to prevent "dictionary attacks".
suggestion: since you are configuring the WR-340G or WR-642G to be
an Access Point, the WAN port (blue port) will not be used, plug
it with tape to avoid confusion and accidents.
- Connect a CAT-5 cable from a
laptop to one of the LAN ports (yellow port) on the WR-340G or
WR-642G. See this diagram.
- Reboot the laptop.- On the laptop, invoke a web browser: http://192.168.1.1/ user name is admin, password is admin
- Go to DHCP Settings, select "Disable DHCP Server". See this diagram. Click Save.
- Go to Network Settings, select "LAN",
change the "IP Address" to an un-occupied static IP address within
your local area network (e.g. I use 10.5.1.30). Your LAN IP
address range is likely to be different than 10.5.1.xx, it is
determined or influenced by your primary router's DHCP settings.
See this diagram. Click Save.
- Once you click Save, the WR-340G will reboot itself and your laptop will loose connection to the WR-340GPhase 2
Reconfigure your system as follows:
- Connect a live CAT-5 cable from your primary router (or LAN switch or hub) to the LAN port (yellow port) of the secondary Access Point (i.e., the WR-340G or WR-642G). See this diagram.
- Reconnect the laptop to your
primary wireless router Access Point. See this diagram.
- Reboot the laptop.
- Invoke a web browser: e.g. http://10.5.1.30/ (your IP address is likely different than mine) user name is admin, password is admin
- You now re-establish connection to
your secondary Access Point (AP)
- Set the wireless SSID of the secondary AP be the same as your primary AP SSID (or you can use different SSID if you choose)
- Select an appropriate wireless channel on the secondary AP (avoid using the same channel as your primary AP; also avoid using your neighbours wireless channels).
on wireless channel selection:
- most WiFi routers for North American market are (factory) default to use Channel 1 or 6 or 11, it is a good idea to avoid using these channels.
- If you have an Android Smart Phone, install an Android APPS called "WiFi Analyzer (farproc)" from Google PLAY. This app shows the channels and signal strength of your WiFi surrounding.
- If you have a Blackberry phone, you can find out your WiFi surrounding. I leave it as a brain exercise for you to find this "hidden treasure" on your BB.
- In theory, you can set the secondary AP to use "auto" wireless channel, but I found that seldom works as expected.
- I set my secondary AP to use "manual" wireless channel and choose an unused wireless channel based on my WiFi surrounding.
- If you live in a downtown building, probably all 11 channels are being used, choose a channel to crash onto a weaker channel, i.e., avoid crashing into strong wireless channels.
- If you crash into a strong wireless channel, it will work but you will degrade your own wireless network (and your neighbor).
- Enable wireless security (in
Wireless Settings, choose WPA2-PSK in the Security Type drop down
- Use the same encryption protocol and password for all your access points.
- If you set the same SSID, encryption protocol and password for all your access points, you can "roam" within your house from one AP to another AP seamlessly [like a university campus].
-Optional: change the admin password of the secondary wireless AP to use a more secure password.
You now have added a low cost, high
- If you live in a big house or own a large property that needs extensive WiFi coverage, you can daisy chain several Access Points. See this diagram.
- e.g., inside La Quinta Inn in South Padre Island, Texas, the hotel installed WiFi AP every 35 feet (using EnGenius Wireless http://www.engeniustech.com )
- Free WiFi can be added to cheap
motels to catch up with "high-end hotels" offering "Free Wireless Internet Access".
You can increase WiFi signal strength (increase the number of "bars" on the signal meter) by replacing TP-LINK's original 5 dBi omni antenna with a 7 dBi or 9 dBi omni antenna (with RP-SMA connector) or a wall-mounted Patch Antenna, or mast-mounted Yagi, or a cheap home made near cookware parabolic or home made dog dish parabolic or an ultimate professional 24 dBi long range grid parabolic antenna. For an auditorium/gym size or concert hall size room, a high gain corner-antenna (e.g. Hawking Technology HAI15SC should do a good job of providing good WiFi coverage). Below are some sample websites where you can find high gain 2.4 GHz WiFi frequency band antennae:
www.superpass.com (Waterloo, Ontario)
Note: for omni antenna (aka rubber duck antenna), the increase in signal is in the "horizontal direction", in another word, on the same floor. Basically these antenna refocus the energy and concentrate them in the horizontal direction (assuming the tip of the rubber duck is pointing up). High gain omni will reduce radiation energy to the upper and lower floors, but will increase radiation energy on the same floor. Antennae do not create energy, they just redirect and refocus energy.
In the above configuration, the WAN
port is constantly trying to obtain an IP address adding
unnecessary load to the router's CPU.
Configure the WAN to use "static IP" to reduce this annoyance:
Network settings, WAN, use "Static IP", IP address (see RFC1918).
Choose an IP that you'll never use, e.g. 10.99.99.99, and subnet mask 255.255.255.0, click Save. See this diagram.
© 2016 Nicholas Fong
Last revised: 2016 January 05