Zyxel AP Unable to handle a simple bridge
khanh
Posts: 2
Hi,
I would like to point an issue that we were able to identify on two different Zyxel AP series (NAP102 and NWA5123) and probably exists on all Zyxel AP
Here is how you can reproduce the bug :
- Create a bridge on a router. It doesn't need to be a Zyxel one. We use an OpenWRT router for our test.
- Put in 3 interfaces (eth0.2, eth0.5 and eth0.6) and plug a wan to eth0.2
- Verify that everything is working when connecting to eth0.5 and eth0.6. No Zyxel involve at this point.
- Now create 2 SSID (VLAN5 and VLAN6) and wire your Zyxel AP to a trunk port on the router.
- Wait a few seconds and you should see one of the following :
* You might be able to connect to one ssid but not the other one.
* You can't see any SSID, its like the process responsible for broadcasting ssid is dead.
* You are correctly connected to one ssid but disconnected every few seconds or minute
From our observations, broadcast requests (e.g ARP) (and maybe multicast requests?) are not well-isolated within the access point causing arp requests to go out on vlan 6 when initially being sent from VLAN5 which is not normal. It is a very simple bridge setup that is working with any other AP manufacturers except for Zyxel.
We have built and offer a solution that can be implemented on top of existing wifi infrastructure but unfortunately for now we can't advice to our clients nor add Zyxel to the list of compatible devices because of this bug.
I would like to point an issue that we were able to identify on two different Zyxel AP series (NAP102 and NWA5123) and probably exists on all Zyxel AP
Here is how you can reproduce the bug :
- Create a bridge on a router. It doesn't need to be a Zyxel one. We use an OpenWRT router for our test.
- Put in 3 interfaces (eth0.2, eth0.5 and eth0.6) and plug a wan to eth0.2
- Verify that everything is working when connecting to eth0.5 and eth0.6. No Zyxel involve at this point.
- Now create 2 SSID (VLAN5 and VLAN6) and wire your Zyxel AP to a trunk port on the router.
- Wait a few seconds and you should see one of the following :
* You might be able to connect to one ssid but not the other one.
* You can't see any SSID, its like the process responsible for broadcasting ssid is dead.
* You are correctly connected to one ssid but disconnected every few seconds or minute
From our observations, broadcast requests (e.g ARP) (and maybe multicast requests?) are not well-isolated within the access point causing arp requests to go out on vlan 6 when initially being sent from VLAN5 which is not normal. It is a very simple bridge setup that is working with any other AP manufacturers except for Zyxel.
We have built and offer a solution that can be implemented on top of existing wifi infrastructure but unfortunately for now we can't advice to our clients nor add Zyxel to the list of compatible devices because of this bug.
0
Categories
- All Categories
- 187 Beta Program
- 1.7K Nebula
- 91 Nebula Ideas
- 63 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 51 Switch Ideas
- 917 WirelessLAN
- 27 WLAN Ideas
- 5.4K Consumer Product
- 173 Service & License
- 296 News and Release
- 65 Security Advisories
- 14 Education Center
- 1K FAQ
- 452 Nebula FAQ
- 256 Security FAQ
- 100 Switch FAQ
- 115 WirelessLAN FAQ
- 22 Consumer Product FAQ
- 67 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 52 Security Highlight
