Zyxel AP Unable to handle a simple bridge
khanh
Posts: 2
Hi,
I would like to point an issue that we were able to identify on two different Zyxel AP series (NAP102 and NWA5123) and probably exists on all Zyxel AP
Here is how you can reproduce the bug :
- Create a bridge on a router. It doesn't need to be a Zyxel one. We use an OpenWRT router for our test.
- Put in 3 interfaces (eth0.2, eth0.5 and eth0.6) and plug a wan to eth0.2
- Verify that everything is working when connecting to eth0.5 and eth0.6. No Zyxel involve at this point.
- Now create 2 SSID (VLAN5 and VLAN6) and wire your Zyxel AP to a trunk port on the router.
- Wait a few seconds and you should see one of the following :
* You might be able to connect to one ssid but not the other one.
* You can't see any SSID, its like the process responsible for broadcasting ssid is dead.
* You are correctly connected to one ssid but disconnected every few seconds or minute
From our observations, broadcast requests (e.g ARP) (and maybe multicast requests?) are not well-isolated within the access point causing arp requests to go out on vlan 6 when initially being sent from VLAN5 which is not normal. It is a very simple bridge setup that is working with any other AP manufacturers except for Zyxel.
We have built and offer a solution that can be implemented on top of existing wifi infrastructure but unfortunately for now we can't advice to our clients nor add Zyxel to the list of compatible devices because of this bug.
I would like to point an issue that we were able to identify on two different Zyxel AP series (NAP102 and NWA5123) and probably exists on all Zyxel AP
Here is how you can reproduce the bug :
- Create a bridge on a router. It doesn't need to be a Zyxel one. We use an OpenWRT router for our test.
- Put in 3 interfaces (eth0.2, eth0.5 and eth0.6) and plug a wan to eth0.2
- Verify that everything is working when connecting to eth0.5 and eth0.6. No Zyxel involve at this point.
- Now create 2 SSID (VLAN5 and VLAN6) and wire your Zyxel AP to a trunk port on the router.
- Wait a few seconds and you should see one of the following :
* You might be able to connect to one ssid but not the other one.
* You can't see any SSID, its like the process responsible for broadcasting ssid is dead.
* You are correctly connected to one ssid but disconnected every few seconds or minute
From our observations, broadcast requests (e.g ARP) (and maybe multicast requests?) are not well-isolated within the access point causing arp requests to go out on vlan 6 when initially being sent from VLAN5 which is not normal. It is a very simple bridge setup that is working with any other AP manufacturers except for Zyxel.
We have built and offer a solution that can be implemented on top of existing wifi infrastructure but unfortunately for now we can't advice to our clients nor add Zyxel to the list of compatible devices because of this bug.
0
Categories
- 8.1K All Categories
- 1.6K Nebula
- 60 Nebula Ideas
- 54 Nebula Status and Incidents
- 4.4K Security
- 224 Security Ideas
- 965 Switch
- 45 Switch Ideas
- 868 WirelessLAN
- 20 WLAN Ideas
- 5.2K Consumer Product
- 139 Service & License
- 268 News and Release
- 53 Security Advisories
- 12 Education Center
- 573 FAQ
- 273 Nebula FAQ
- 132 Security FAQ
- 73 Switch FAQ
- 72 WirelessLAN FAQ
- 7 Consumer Product FAQ
- Documents
- 34 Nebula Monthly Express
- 71 About Community
- 44 Security Highlight
