In this article, we look at two practical network topologies for VLAN transmission over a wireless bridge using access points with one port. Our goal is to make sure that the end device gets an IP address from the required VLAN, even when there is a wireless segment.
It is also important to understand how the access point works in repeater mode. In this mode, its uplink port becomes a LAN port. This affects how VLAN traffic is passed and requires correct configuration on both the switches and the access points.
In our example, we use the NWA110BE and NWA55AX access points, and all configurations are done in the Zyxel Nebula cloud.
We will look at two options:
- In the first case, a switch is connected to the repeater access point and distributes the VLAN further.
- In the second case, the end device is connected directly to the repeater.
Scenario 1: End Device Connected via Switch Behind the Repeater
Step 1: Configure VLAN on the Firewall
- Go to:
Site-wide → Configure → Firewall → Port & Interface - Click Add and configure:
- Name: VLAN23
- VLAN ID: 23
- Zone: LAN
-
IPv4 Address:
192.168.23.1/24
- Enable DHCP Server:
- Mode: DHCP Server
-
Start IP:
192.168.23.100 - Pool size: as required
- Default gateway: Interface IP
Step 2: Allowed VLANs on Repeater AP
- Go to:
Site-wide → Configure → Access points → AP & port settings - Set:
- Allowed VLANs: 1, 23 on Repeater AP
Step 3: Configure Remote Switch Port
- Go to:
Site-wide → Configure → Switches → Switch ports - Select the port connected to the Repeater AP.
- Configure:
- Type: Trunk
- PVID: 23
- Allowed VLANs: All
- Mgmt VLAN Control: Enabled
Scenario 2: End Device Connected Directly to the Repeater
In this scenario, the end device connects directly to the repeater (AP operating in Wireless Bridge mode).
Traffic is bridged over the wireless link and must correctly pass VLAN configuration from the firewall through the switch and APs.
Note: Before proceeding to configure the VLAN, enable Smart Mesh and Wireless Bridge (For more information on how to set up a wireless bridge, see the link).
Step 1: Configure VLAN on the Firewall
- Go to:
Site-wide → Configure → Firewall → Port & Interface - Click Add and configure:
- Name: VLAN23
- VLAN ID: 23
- Zone: LAN
-
IPv4 Address:
192.168.23.1/24
- Enable DHCP Server:
- Mode: DHCP Server
-
Start IP:
192.168.23.100 - Pool size: as required
- Default gateway: Interface IP
Step 2: Configure Switch Port (Trunk Configuration)
- Go to:
Site-wide → Configure → Switches → Switch ports - Select the port connected to the AP.
- Configure:
- Type: Trunk
- PVID: 23
- Allowed VLANs: All
- Mgmt VLAN Control: Enabled
Step 3: Allowed VLANs on Root AP and Repeater AP
- Go to:
Site-wide → Configure → Access points → AP & port settings - Set:
- Allowed VLANs: 1, 23 on Root AP and Repeater AP
Step 4: Configure Repeater AP (Management VLAN)
Note: The repeater AP is configured first, followed by the root AP, to avoid permanent disconnection. When you change the Management VLAN on the repeater, it will temporarily lose connection to the root AP. This is expected behavior. After applying the corresponding VLAN settings on the root AP, the wireless bridge will be restored automatically.
⏳The bridge reconnection may take up to ~7 minutes. Please wait after applying the settings.
- Go to:
Site-wide → Configure → Access points → AP & port settings - In Set IP Address:
- IP Type: DHCP
- Management VLAN ID: 23
- Mode: Untagged
Step 5: Configure Root AP (Management VLAN)
- Open the repeater AP settings
- In Set IP Address:
- IP Type: DHCP
- Management VLAN ID: 23
- Mode: Untagged
Expected Result
- The repeater operates in Wireless Bridge mode
- VLAN 23 is correctly propagated across:
- Firewall → Switch → Root AP → Repeater
- Devices connected to the repeater receive IP addresses from VLAN 23 and have full network connectivit
Comments
0 commentsPlease sign in to leave a comment.