Until recently I was using the dodgy BeBox supplied by my Internet access provider as both a DSL modem and wireless router. The ST585v6 could create a wireless distribution system (WDS) to extend my home LAN to the attic iMac, but only over insecure WEP. So we bought a new dual-band (2.4 and 5GHz, 802.11b/g/n) Apple Time Capsule, thinking it would simplify connecting to an AirPort Express and at the same time provide wireless Time Machine backups with shared network-attached storage (NAS). In the event fully integrating this new device consumed hours, with victory arriving only after the discovery of occult keystroke trickery—not at all the Apple experience I have come to expect.
Bridging WAN and LAN
The first step was to get my BeBox working in bridge mode, functioning as a DSL modem only and handing over my public IP address to the Time Capsule. For the record (in case I need to repeat the exercise), Be sent me this advice:
If you would like to, you could switch the BeBox into bridged mode, it would then behave entirely as a modem without routing function. To do this, please follow this procedure:
- Access the SpeedTouch configuration page by opening a web browser and typing in the Address Bar 192.168.1.254;
- Click on SpeedTouch > Set up;
- Click Next, then choose Multi IP 3 Data Ports;
- Click Next, then Start.
After that your BeBox will no longer be accessible through the web interface and telnet server. This will set your be box in bridge mode.
Things actually proved more complicated since, given my use of unapproved but stable firmware I first needed to restore the ST585v6 to Be spec (it didn't work without the Be-specific templates). This done the next task was to configure the Time Machine to take over routing via DHCP and perform network address translation (NAT) for firewalling.
Create and extend or extend and allow?
When used with Time Capsule the Wireless pane in AirPort Utility 5.4.1 includes a drop-down menu option to Create a wireless network in conjunction with a checkbox to Allow this network to be extended. The alternative wireless mode to Extend a wireless network introduces a checkbox to Allow wireless clients. What's the difference?
Duane on Apple Discussions explains:
"WDS" is 802.11g's way of wirelessly extending a network. Each WDS link cuts the available bandwidth in half.
"Extend a network" is 802.11n's way of wirelessly extending a network. It works only between two 802.11n base stations. It imposes a bandwidth penalty but not nearly as severe as WDS.
The "extend" network feature only works between two base stations. If you added another you would need to use WDS or connect that one via Ethernet.
If you use a laptop/ MacBook make sure Allow wireless clients is checked or the Time Capsule will support wired Ethernet connections only.
WDS and network bridging
If like me you lack a second 802.11n base station, but you do have the original (802.11g) AirPort Express, and the aim is to bridge a computer wired to the WAN port on the Express to your existing wireless network, then a WDS set-up seems like your only option (see here, but also see below).
It's not just the bandwidth hit, however, that you need to be mindful of. According to Somi data sent over WDS networks are not encrypted, even though access to the network itself can be (e.g. via WPA2). I remain unconvinced this is a practical concern.
How do I configure a WDS network?
It should be a simple case of using the AirPort Utility Wizard—but the reality may be somewhat different depending on your equipment, and certainly caused me hours of frustration.
By default when you configure the 802.11n Time Capsule (TC) there is no visible WDS option. Indeed, the current Time Capsule Setup Guide doesn't mention WDS even once. The current Apple AirPort Networks document mentions WDS once—in relation to n-n connections—whereas the previous edition made multiple mention.
There were two choices only, either to Create a wireless network (+/- extend):
...or to Extend a wireless network (+/- allow clients):
And who, pray, would have guessed that you need to hold down the option key when accessing the Wireless Mode drop-down menu in order to reveal two additional modes? One key makes all the difference between "Where the frack is it?" and "Ah, that's pretty obvious!":
The TC can now be configured as a WDS main node, and the MAC address of the WDS remote node (here an AirPort Express) can be entered:
With the main node configured we can proceed to set up the AirPort Express (AX) to participate in the same WDS network:
This time we enter the MAC address of the TC main node:
Note: In the Summary pane of the TC manual configuration screen you will see 3 MAC addresses—one for Ethernet, and one for each of the 2.4 GHz and 5 GHz wireless interfaces. When connecting to an original AX choose the 2.4 GHZ ID.
Click thumbnail to enlarge image
A working WDS network
More optional secrets
WDS configuration is not all that AirPort Utility 5.4.1 and Time Capsule firmware 7.4.1 are conspiring to hide. According to the updated (early 2009) Apple Airport Networks document (p.21):
Note: If you don't want to use an 802.11n radio mode, hold down the Option key and chose a radio mode that doesn't include 802.11n.
Sure enough doing so transforms this:
...into this:
Likewise, if your preference (or need) is for WEP "insecurity" (p.22):
Hold the Option key on your keyboard while clicking the Wireless Security pop-up menu to use WEP (Transitional Security Netowrk).
Go from this:
...to this:
Unfortunately the Apple AirPort Networks document does not ship with the TC box, so it's a bit of a mystery as to why Apple chose to be so secretive about these options. A little over-paternalistic of them in choosing for us maybe?
An alternative to WDS
If you aren't too concerned about bridging a computer wired to the WAN port on the Express to your existing wireless network, but merely want to share your Internet connection (and Time Capsule disk) to that computer, you can do so using a second or "adjunct" wireless network.
This is what I had working pending discovery of the secret Option keystroke to enable WDS configuration. The Ethernet port of the WET11 connected the iMac in our attic via a new WEP-based wireless network to the AX, itself linked to the TC router by wired means. The WET11 (which only supports WEP) was set to clone the MAC address of the attached iMac. I thus ended up with 3 SSIDs (wireless network names) representing 3 inter-linked home WLANs:
- The high-speed main network with full LAN access (WPA2 protected and MAC filtered);
- A high-speed guest network with WAN-only access (WPA/WPA2 protected);
- A low-speed adjunct network (WET protected and MAC filtered).
Click thumbnail to enlarge image
A WET network spliced to non-WDS WPA networks
Active roaming, a third way
Stidiboxi suggests an active roaming network as described by Apple here. All very fine and well if you don't mind drilling holes through walls and ceiling to lay Ethernet cable.
Speed tests
So which is faster—a 802.11g network with WDS bandwidth throttling, or an 802.11b network with no throttling? For reference the DSL modem itself reports a download data rate of around 17 Mbps.
Enabling WDS (bottom of the pair) made little difference to the result using a MacBook connected wirelessly to the thinkbroadband.com speed test (13.1 Mbps downstream without, cf. 11.8 Mbps downstream with WDS):
It was a different story on the attic iMac when it came to comparing WDS (top graph) with the WET11-based dual network solution (10 Mbps downstream with WDS via 802.11g, cf. 2.6 Mbps via 802.11b):
WDS is good to go then, so bring on the networking nirvana ;-)
![[Photo of Bruce McKenzie]](data:image/jpeg;base64,/9j/4AAQSkZJRgABAgAAZABkAAD/7ABXRHVja3kAAQAEAAAAPAACAEIAAAAfAE8ATABZAE0AUABVAFMAIABEAEkARwBJAFQAQQBMACAAQwBBAE0ARQBSAEEAIAAgACAAIAAgACAAIAAgACAAAP/uAA5BZG9iZQBkwAAAAAH/2wCEAAYEBAQFBAYFBQYJBgUGCQsIBgYICwwKCgsKCgwQDAwMDAwMEAwODxAPDgwTExQUExMcGxsbHB8fHx8fHx8fHx8BBwcHDQwNGBAQGBoVERUaHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fH//AABEIAEAAQAMBEQACEQEDEQH/xABwAAACAgMBAQAAAAAAAAAAAAAGBwAFAwQIAQIBAQAAAAAAAAAAAAAAAAAAAAAQAAIBAwIEBAQEBwAAAAAAAAECAwARBCEFMVESBkGBEwdhoSIUccFCUrHRMsIjJAgRAQAAAAAAAAAAAAAAAAAAAAD/2gAMAwEAAhEDEQA/AHPQeEgAsxAUC5J0AA8TQL3uz3s7W2RjBiE7llai0WkYI5t4+VAusr/obumRy0GNBCtzZAoI46XLdRoLLaP+is5ZIxuuFHJGTaUxAqQOYIP9tA3+2u6tm7jwvu9smEgFvViNutCeY/Ogt6CUEoFV70d45eJiy7JgN0ExhsuQG1y4uqX5AfUeegoEVJ27uYhaf0y1h1FT/WeZtQVrI6sVZSGHEEEEUHzQE/Znce79o79iZwDxQTFfWibRZImNjpQdZYuTDlY0WVA3VDOiyRtzVhcUGWglAhvcTGiye98+aYdRgk6Y1PAfQlj8qAlxNuwYsRYliRkdAJGsD16cSfjQDnc20YGIsbwx2E5ZXjOosB4X53oBqPatsjUhMWIA6n6QfG/E0Gj3ThtkbYZEF5MdvU+PTazfzoH/AO12YcvsXa3LdTIjRsePBif4GgK6CUCV91448Hup5mFhmpCyAeLH/GfmtBaifH23b4RlSgCNFS/EsQP0jiaAW7g37btxnhixJlkEQYnWxLHjpx0tQUO4bljYMQkmJu2iIvFiKCt2/fmzswwSrHFjyKVCkkuSRw5a0Dl9hpHHZ+RhuSWxMyRLHwHC3yoGTQSgVfvttwl2/CzVjLzwmyOOICnqI86Cr3zAz9z2zFOOQUCJIQukhJXWxOnCgEcPYA+4qIgy5ILfS7WsbWIN9dOVBk7r2TDkyDDKTHHCFkDpbQFR1c9NKDXw8TFhiT0bMlgUbQ+YsLedA1fZmJl2/dn6elHyVsbaEhTc0DFoJQV2+7RHumA2OyqzcVDcDfQg0CqO45Ox4Yws6EvmY8smOy3AACWKknW46WHCgAW7u9Tc5Z44HmdX9RSgvc3uTblyoMO9d0bnuAZ0w3glZemSQrcBQNbAigqdh3DIhzIscPfHlbpaM8BfxHKg6d9vMcQ9n7f9PSZA8jfHqc6nyoCOglBKBVe8uGmDJi70b/bTkQ5VhfpkUWRz+K6eVAqNuxMeKFpmROgsZYpiBcKdRflYUGtvW4PE6x+lFLG69Ss120+I0FBq4O2Ty5GLIzCObJlX0lFgFUMCzn9oUUHWu1LhptuNHhkHFjjVIiOSi1BtUEoJQA/us0c+xfYlOsveZ9LgKhVTr8eugRxwN0wAww1+6x/0xPo6fh+6gpTtG8ySSN9o69VyVsALHWwvQEW27dNj4K+ov+50MOu2q9WoW9A9vbOCeHtPGE5PW31WPhcX/OgK6D//2Q==)
Congratulations for ending your quest successfully, Bruce! And thanks for sharing the knowledge: it might come in handy when upgrading to a full Apple-enabled WLAN @home.
What software are the 2 network-flowcharts made with?
OmniGraffle Pro 5. The master copy includes things line WAN/ LAN gateway/ subnet etc, client IPs, device passwords, MAC addresses, SSIDs, wireless channels, VPNs and so on—but for obvious reasons I left all that out here. Nice thing is you can re-arrange the network/ add or drop components and OmniGraffle automatically redraws your network diagram (use the Group command to keep related tidbits together).
Very nice article, Bruce, and congrats on the upgraded network.
That secret hold the Option key thing with the pulldown menu ... my god!
Whoever came up with that one?
Maybe we should hold down the option key more often, might find some easter egg ;) I mean other secret settings.
PS: Like BOK said, excellent work on those flow charts. Had skimmed over them at first. Really slick and inspiring. :)
Any idea how to switch from the main WDS base station to the relay (Airport Express) without dropping the connection? I can't seem to put the settings in the one while I put the settings in the other.
@Quinn I believe any time you make changes to a device, whether the base station or relay, it must restart to apply them thereby breaking the connection. You could try connecting to the devices over Ethernet to make the changes.
Thanks for the awesome voodoo reveal.
I actually *have* long ago undertaken drilling the requisite holes in the walls to run ethernet to far-flung parts of the house, and now with my acquisition of a second Airport Extreme I was hoping to set up what you have here described under "Active roaming, a third way."
Sadly, you can't use NAT if the backbone is a wired network. I can't for the life of me figure out why you can extend the single network wirelessly with WDS (allowing the main WDS node to serve DHCP and provide NAT) but if you want to do it with a wire you can't use NAT anymore. I fear it dooms me to either slower WDS or faster, but separate, networks at either end of the house.