I’ve been running an Ap-One Rugged for a while, it’s been working great in bridge mode, with a LAN IP for admin access. All it’s doing is being a bridge to the WiFi, all other networks stuff, like DHCP, is handled by a couple of Balance 20X units the other side of a switch.
The Ap-One has several SSIDs, some of which attach to specific VLANs. There’s also an SSID specifically for the Ap-One, so I can always connect to it, no matter what happens to the rest of the network.
Just because it’s a good idea, I decided to move all management interfaces on the network to a specific admin VLAN. That worked fine on the Balance 20X’s and the switches. Each of the Balance 20X units also had their own SSID for connecting directly to each unit, those became connections to the admin VLAN.
I tried the same thing with the Ap-One, and everything works, except one thing. I defined an a new VLAN for the Ap-One, for the admin VLAN. I can connect over the wire with that VLAN to the Ap-One’s admin interface. I can even lock down the admin interface to only connect to that specific VLAN.
What I can’t do is connect the Ap-One’s SSID to the admin VLAN.
If I try that, the SSID fails completely, it can’t attach to anything. On the wire I see DHCP requests from the attached device going to the rest of the network, and DHCP relies coming back, but the Ap-One packet capture does not see the DHCP replies.
If I set the VLAN for the SSID to anything other than the admin VLAN, everything works fine. I have several SSIDs which are like that. I currently have the unit’s SSID set to the untagged LAN, and the management interface available to any LAN, so I can connect via the admin LAN, and via the SSID. I’d like to eliminate the Any LAN bit.
Anyone configured their Ap-One to use an admin VLAN? And been able to attach an SSID to it?
A side question.
I’m a bit confused by the model the AP-One uses for its connections. There are 3 ports on the machine, none of them are marked either WAN or LAN. The software has a concept of WAN and LAN, but there are only two entries for port status, like there’s a hidden thing which decides if a port is a WAN or a LAN.
The LAN defined to get a LAN IP address does not have anyway to specify a gateway, which is somewhat weird. It’s never been a problem up til now, I only need to connect to the LAN IP for management. It’s now an issue as I trie to turn on remote assistance, and it fails, presumably because it has no route out of the LAN.
I trie configuring the WAN back again, to allow a connection, but that’s giving a status of “No cable detected.” There’s only the one cable, the LAN is happily using. There’s that hidden WAN/LAN distinction again., There’s no obvious way to configure this so remote assistance will work.