WAX630E: VLANs Not Behaving Correctly

Ashkaan · ‎2023-02-23

Hi there,

I'm having an issue with WAX630E units at a site. VLANs are correctly configured but behaving oddly. Here are some verified facts.

Connect WiFi to VLAN A SSID = Get VLAN A DHCP (good)
Connect WiFi to VLAN B SSID = Get VLAN B DHCP (good)
Connect CAT cable to VLAN A + Ping Printer on VLAN B = works (good - there's a firewall rule allowing this)
Connect CAT cable to VLAN A + Print to Printer on VLAN B = works (good)
Connect WiFi to VLAN A SSID + Ping Printer on VLAN B = works (good)
Connect WiFi to VLAN A SSID + Print to Printer on VLAN B = does not work! (bad)

What the heck? Everything on the physical network operates as expected.

I think I'm running these APs with mostly default settings with each SSID in bridge mode. What could be causing this?

Ashkaan · ‎2023-02-27

Does anyone have any ideas or questions?

abacqdghfth · ‎2023-03-09

Here are some thoughts ?

AP tags packets from wireless (802.11) to wired 802.3 with VLAN A

and expects packets from wired to wireless to also reach AP VLAN A

Connect Wired PC to VLAN A SSID + Print to Printer on VLAN B = Good - Static Route configured.

Connect WiFi to VLAN A SSID + Print to Printer on VLAN B = does not work! (bad)

1) What is port config where AP is connected ?

2) What is port config where PC was connected directly on wired side ?

3) who (switch or router) is converting control packets from printer that come tagged with VLAN B to VLAN A before it reaches the AP ?

Port where AP is connected should be a trunk port and static route configured on switch or gateway should make sure packets to clients in this SSID

WAX630A will tag VLAN A SSID packets from wireless clients as VLAN A.

for the reverse direction, who will convert VLAN B (printer control packets) to VLAN A ?

Ashkaan · ‎2023-03-09

Thanks for the response!

1) The port is configured as a trunk. VLAN A is untagged and VLAN B is tagged.

2) It was untagged VLAN A. No direct access to VLAN B. Just a firewall rule allowing this type of traffic between A and B.

3) All firewall rules are in the firewall (pfsense). However, the pfsense is not aware of the difference between WiFi and hard-wired. Again, the hard wire on VLAN A works, but the WiFi on VLAN A doesn't.

There are no static routes (other than what the pfsense creates by default when making the firewall rules). They are not necessary for the packets to land where they are supposed to (as demonstrated by the hard-wire test).

Ashkaan · ‎2023-03-16

Any ideas?

Karthik_ · ‎2023-03-23

Hi @Ashkaan

1. Are you facing the issue only when the printer and the laptop is connected to the same Access Point but with different VLAN SSIDs ?

2. Try connecting the printer and laptop to two different Access Points if you have one.

3. And check whether the firmware is upto date V10.4.0.5

https://www.netgear.com/support/product/wax630e#download

Ashkaan · ‎2023-03-24

Hi @Karthik_,

1) Yes, when I plug the laptop into VLAN A hardwired, everything works. When I have the laptop on WiFi VLAN A, it does not.

2) Yes, I have gone to another AP and tested, and it's the same result. We have 2x APs in our home identically configured.

3) So weird, the units kept saying there was no update, but it was out of date! I just updated it and still have the exact same problem.

Thanks

WAX630E: VLANs Not Behaving Correctly

WAX630E: VLANs Not Behaving Correctly

Re: WAX630E: VLANs Not Behaving Correctly

Re: WAX630E: VLANs Not Behaving Correctly

Re: WAX630E: VLANs Not Behaving Correctly

Re: WAX630E: VLANs Not Behaving Correctly

Re: WAX630E: VLANs Not Behaving Correctly

Re: WAX630E: VLANs Not Behaving Correctly