Zyxel AP Unable to handle a simple bridge
Freshman Member
Hi,
I would like to point an issue that we were able to identify on two different Zyxel AP series (NAP102 and NWA5123) and probably exists on all Zyxel AP
Here is how you can reproduce the bug :
- Create a bridge on a router. It doesn't need to be a Zyxel one. We use an OpenWRT router for our test.
- Put in 3 interfaces (eth0.2, eth0.5 and eth0.6) and plug a wan to eth0.2
- Verify that everything is working when connecting to eth0.5 and eth0.6. No Zyxel involve at this point.
- Now create 2 SSID (VLAN5 and VLAN6) and wire your Zyxel AP to a trunk port on the router.
- Wait a few seconds and you should see one of the following :
* You might be able to connect to one ssid but not the other one.
* You can't see any SSID, its like the process responsible for broadcasting ssid is dead.
* You are correctly connected to one ssid but disconnected every few seconds or minute
From our observations, broadcast requests (e.g ARP) (and maybe multicast requests?) are not well-isolated within the access point causing arp requests to go out on vlan 6 when initially being sent from VLAN5 which is not normal. It is a very simple bridge setup that is working with any other AP manufacturers except for Zyxel.
We have built and offer a solution that can be implemented on top of existing wifi infrastructure but unfortunately for now we can't advice to our clients nor add Zyxel to the list of compatible devices because of this bug.
I would like to point an issue that we were able to identify on two different Zyxel AP series (NAP102 and NWA5123) and probably exists on all Zyxel AP
Here is how you can reproduce the bug :
- Create a bridge on a router. It doesn't need to be a Zyxel one. We use an OpenWRT router for our test.
- Put in 3 interfaces (eth0.2, eth0.5 and eth0.6) and plug a wan to eth0.2
- Verify that everything is working when connecting to eth0.5 and eth0.6. No Zyxel involve at this point.
- Now create 2 SSID (VLAN5 and VLAN6) and wire your Zyxel AP to a trunk port on the router.
- Wait a few seconds and you should see one of the following :
* You might be able to connect to one ssid but not the other one.
* You can't see any SSID, its like the process responsible for broadcasting ssid is dead.
* You are correctly connected to one ssid but disconnected every few seconds or minute
From our observations, broadcast requests (e.g ARP) (and maybe multicast requests?) are not well-isolated within the access point causing arp requests to go out on vlan 6 when initially being sent from VLAN5 which is not normal. It is a very simple bridge setup that is working with any other AP manufacturers except for Zyxel.
We have built and offer a solution that can be implemented on top of existing wifi infrastructure but unfortunately for now we can't advice to our clients nor add Zyxel to the list of compatible devices because of this bug.
0
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 164 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 364 USG FLEX H Series
- 292 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 262 Service & License
- 407 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight
