DAP140 (Master) not reachable via LAN – only accessible again after factory reset

Networking Solutions
1

Hello everyone,

I am using two Teltonika DAP140 devices configured as a WLAN bridge (Point-to-Point) setup.
One device is configured as an Access Point (Master) and the other as a Client (Slave).
The goal is to establish a transparent LAN-to-LAN connection (Layer 2 bridge).

The system generally worked, but I repeatedly encountered an issue where the Master (Access Point) became unreachable via LAN after some time:

  • No access to the web interface

  • No response to ping requests

  • Power LED off, LAN LEDs permanently on

A reboot did not resolve the issue.
Only a factory reset restored access to the device.

Question to the Support Team:

What could cause this behavior?
Could it be related to the DAP14X_R_00.07.18 firmware or to a configuration issue in bridge mode?

3

Greetings,

We are currently working on your issue and we will get back to you as soon as possible.

Best Regards,
Justinas

4

Greetings,

I would like to clarify a few things. Could you please share the topology of the setup and what is the current configuration exactly? Please don’t include any private information.

You could try setting up a wireless distribution system bridge after a factory reset as well and see if that solves the issues, here you can find some more information about it: Wireless distribution system (WDS) - Teltonika Networks Wiki

Best Regards,
Justinas

5
  1. Two logically isolated networks (WLAN ↔ LAN) that do not have unrestricted access to each other
  2. Targeted access control: Only the device with IP 192.168.3.23 is allowed to communicate on port 63000 (TCP/UDP)
  3. All other communication between VLANs is blocked
  4. Static routes ensure that ping and data traffic work correctly in both directions
  5. Firewall zones provide network isolation and protection
  6. The WLAN bridge operates stably and transparently as the link between both sides

Unbenannt
Unbenannt1525×553 10.7 KB

The Bluetooth connection is intended exclusively for the Profient protocol.
Since no corresponding settings can be made in the Profient device itself, the configuration must be carried out in the DAP140.

There are currently disruptions in the network, particularly within the ring connection. These disruptions are having a negative impact on data transfer.
I would therefore like to block all other data transfers and only allow data traffic that is to be transferred via WLAN.

6

Greetings,

Thank you for sharing the topology.
Here’s my understanding of your setup:

You have two DAP140 devices — one configured as a WiFi access point (Master) and the other as a client (Slave) connected to it. Your goal is to enable Layer 2 communication within the 192.168.3.0 subnet, while allowing only the device with IP 192.168.3.23 to access the 192.168.1.0 subnet through port 63000.

This can be achieved by using VXLAN for Layer 2 tunneling and traffic rules for access control.

You can find additional information in the following articles: VXLAN Configuration Example - Teltonika Networks Wiki
Firewall traffic rules - Teltonika Networks Wiki

If I misunderstood something, please let me know, however if that is what you want to achieve, follow these instructions.

The DAP140 Master should have the wifi set up like an access point.

image
image887×574 23.6 KB

The DAP140 Slave should connect to the access point as a client (WiFi WAN example - Teltonika Networks Wiki)

image
image713×441 25.2 KB

Once connected, a new WAN interface will appear. Configure this interface as shown in the image.

image
image904×625 16 KB

Then go to Network → LAN and click edit on the LAN interface, configure it as shown in the picture.

image
image1166×629 17.9 KB

Coming back to the Master configuration, go to Network → LAN and configure the LAN interface as shown in the picture

image
image1168×635 27.2 KB

Then you need to create a VLAN on the Master (for this example, we’ll use Port-Based VLANs), navigate to Network → VLAN → Port Based, click Add, and select the ports that should belong to the 192.168.3.0 subnet as Untagged.
Here is how it would look if LAN ports 1 and 2 had the 192.168.1.0 subnet and ports 3 and 4 the 192.168.3.0 subnet.

image
image1535×428 21.7 KB

Then go to Network → LAN and add a new interface, configure it like shown in the pictures.

image
image1200×599 26.3 KB

image
image1186×446 19.5 KB

Now we will configure the VXLAN. Go to System → Package Manager, select VXLAN, and install it. Once installed, restart the network when prompted.

Next, on the master device, go to Network → Devices and add a new VXLAN. Configure it as shown in the picture.

image
image1183×648 21.9 KB

Repeat the same process on the Slave device, adjusting the addresses accordingly.

image
image1147×622 14.6 KB

Now we need to apply the VXLAN, on the master device go to Network → LAN, select the newly created, go to physical settings and add the vxlan interface.

image
image1176×409 19.9 KB

Do the same for the LAN interface on the slave device

image
image1173×409 13.2 KB

To isolate the WLAN and LAN networks and only allow traffic from 192.168.3.23 to the 192.168.1.0 subnet on port 63000, create specific firewall rules on both devices (same 4 rules on both devices).

Go to Network → Firewall → Traffic Rules, create the rules as shown in the pictures, make sure the rules are placed at the top in the correct priority order.

image
image1451×537 46.8 KB

Here are the rules:

image
image604×583 24.1 KB

image
image549×475 17.9 KB

image
image581×555 24 KB

image
image556×481 18.3 KB

Best Regards,
Justinas

7

This topic was automatically closed after 60 days. New replies are no longer allowed.