Trouble with VLAN config on E400

Greerings, fellows.

I have test bench with couple of Cambium equipment. My goal now is to test scenario with last mile on ePMP and E400 as home routers. So, what I've done:

1. I have border router with VLAN 10 for management (both for ePMP and E400) and VLAN 20 for client traffic. VLAN20 is behind NAT on border router, VLAN10 has no routes in other subnets, no DHCP in both VLANs. 

2. I have generic ePMP link between border router and E400. Nothing to tell about it — management IP is in VLAN 10, everything else is bridging through link with no tagging.

3. I have E400. And now I don't get it. I need to take client wireless traffic from SSID and push it through NAT in VLAN20. I know how to make NAT on E400 (, but how could I masquerade to VLAN ID?

Thanks in regard for your support.


        I've come up with below topology from the explanation.Border Router  ------  EPMP ------   E400   Clients (VLAN20) 

The requrement is to send the client traffic (tagged as VLAN 20) all the way to the boarder router. We can enable trunk on E400 and boarder router ( tagging VLAN20 and marking native VLAN as 10) and allow VLAN 20 traffic all the way to boarder router.

Let me know if this helps.



Yeah, thanks, AV, this is working solution, but is there any guide or exaple how to masquerade wireless clients in VLAN with only E400? This is typical solution for some cases. 

I think that I should add some info.

Target is not just to send client traffic through ePMP segment — but also to make local subnet on E400. We can think about E400 as about typical home router — at this point there must be different subnet. So, the point is to masquerade local subnet on E400 wireless interface into VLAN and manage E400 through other VLAN just from wired port.

The steps you mentioned in your original post will work. Follow the steps here to assign the clients to a new VLAN (say, VLAN 30) - create an interface VLAN 30 on the AP and assign it a static IP address, enable NAT on it, and create a DHCP pool for VLAN 30. This will be your local subnet.

Assuming you have created a VLAN 20 on the AP and there is a gateway on this VLAN that can route to the general Internet, the AP will NAT all wireless client traffic and hide it behind its VLAN20 IP address before routing it to the gateway.


1 Like