Configure Access Point Network Interface Settings
Applies To: WatchGuard Cloud-managed Access Points (AP130, AP230W, AP330, AP332CR, AP430CR, AP432)
Some access point models have additional Ethernet network interfaces for wired connectivity to connect additional devices. For these access point models, you can view and configure access point network interface settings from the Network Settings widget. You can also configure network interface settings for multiple access points in an Access Point Site.
The ability to configure access point network interfaces requires access point firmware v2.4 or higher.
You cannot configure the LAN/Uplink interface from an Access Point Site. If you disable an interface in an Access Point Site configuration, you cannot enable the interface at the device level.
To monitor the status of network interfaces, select Monitor > Devices > Live Status > Interfaces. For more information, go to Monitor Access Point Network Interfaces.
About Access Point LAN Ports
The additional LAN ports on the device are intended to connect devices and peripherals such as an IP-based phones, cameras, printers, wired computers, and similar devices.
- The LAN ports are bridged.
- Any IP address assignments are from the uplink network to which the access point is connected.
- For any tagged VLAN assignments you configure for the interfaces, the network traffic is only tagged as it leaves the access point to the upstream device. The traffic is untagged internally.
- If the LAN ports are assigned a mix of different tagged VLANs or configured as untagged, clients on different LAN ports and wireless clients can still connect to each other based on the configuration and rules of the upstream device, with the exception of wireless clients when client isolation is enabled on an SSID.
- If a wireless SSID has a captive portal enabled, devices connected to the LAN ports are not assigned a captive portal NAT IP address and do not connect through the portal. LAN port devices cannot connect to wireless clients on the SSID.
- If a wireless SSID is configured with an Access Point VPN to a Firebox, devices connected to the LAN ports can connect to the upstream network, but do not traverse the VPN and cannot access the Firebox internal network.
- If a wireless SSID is configured with Network Access Enforcement, devices connected to the LAN ports do not require Network Access Enforcement validation.
For more information, go to About the AP230W network Interface LAN ports in the Knowledge Base.
Configure Access Point Network Interfaces
To configure network interface settings for an access point with additional network interfaces:
- Select Configure > Devices.
- Select an access point device that has additional network interfaces.
The Network Settings configuration does not appear for access point models that do not have additional network interfaces.
For an access point site, you must select the specific device model you want to configure from the Device drop-down list.
- Select Network Settings.
The Network Settings page for the access point opens.
- Click Configure for a specific network interface to configure the interface settings.
- For the LAN/Uplink network interface that connects the access point to your wired network, configure these settings:
You cannot configure LAN/Uplink settings in an Access Point Site.
- IP Address Configuration — From the drop-down list, select DHCP IP Address to obtain an IP address automatically from DHCP, or Static IP Address to manually configure an IP address.
You cannot configure a static IP address in this network: 169.254.0.0 255.255.0.0
- Enable Management VLAN — Select this option if you want to use a VLAN for management traffic for the LAN/Uplink network interface. In the VLAN ID text box, configure the VLAN ID for the management VLAN.
If you enable VLAN tagging, you must also enable VLANs on the network switch, Firebox, or other gateway device that the access point connects to.
- For the LAN network interfaces where you connect additional devices, configure these settings:
Device Level
- Enable Interface — Select the check box to enable the network interface.
- VLAN — From the VLAN drop-down list, select if you want to assign an Untagged VLAN or a Tagged VLAN.
- VLAN ID — If you selected Tagged VLAN, select a VLAN ID for this network interface.
Traffic between the access point and the devices connected to the LAN ports are untagged. The traffic is tagged between the LAN/Uplink interface and the upstream network. If you enable VLAN tagging, you must also enable VLANs on the network switch, Firebox, or other gateway device that the access point connects to.
Access Point Site Configuration
From the drop-down list, select one of these options:
- Enabled — Enable the network interface. If the interface is enabled in the Access Point Site configuration, you cannot disable the interface at the device-level configuration.
- VLAN — From the VLAN drop-down list, select if you want to assign an Untagged VLAN or a Tagged VLAN.
- VLAN ID — If you selected Tagged VLAN, select a VLAN ID for this network interface.
- Disabled — Disable the network interface. If the interface is disabled in the Access Point Site configuration, you cannot enable the interface at the device-level configuration.
- Use device configuration — The interface remains unconfigured in the Access Point Site configuration. This enables you to configure the interface and assign an untagged or tagged VLAN in the device-level configuration.
- Click Save.
- Deploy the configuration to the access point.
Monitor Access Point Network Interfaces
Manage the Access Point Device Configuration