Wi-Fi as WAN


RansNet SD-Branch routers (HSA and UA series) can connect to Wide Area Network (WAN) using multiple backhaul technologies, such as 4G/5G, fiber broadband, MPLS, PPPoE, etc.

One of the useful features is “Wi-Fi as WAN”, meaning our routers can connect to an upstream wireless access point (AP) as a Wi-Fi client, and use that Wi-Fi connection as WAN backhaul for devices behind our routers. Each RansNet router comes with dual-band Wi-Fi radios (2.4Ghz and 5Ghz), we can configure the one radio (wifi0) as a Wi-Fi client to upstream AP, and at the same time configure the other radio (wifi1) as Wi-Fi AP to devices behind our router if needed.

Refer to below overall RansNet SD-Branch/SD-WAN topology, “Wi-Fi as WAN” can be a primary or backup of other WAN connections, or run active/active together.

In the below configuration example, the upstream AP (or wireless router) broadcasts SSID mbox_wifiaswan and provides Internet/WAN connectivity. Our UA/HSA will connect to SSID mbox_wifiaswan from an upstream AP, and use it as a WAN connection to connect to the Internet (and optionally establish the secure VPN connection to our SD-WAN gateway). At the same time, UA/HSA broadcasts SSID (mbox_internal) to internal wireless clients, which share the same “Wi-Fi WAN” as their upstream Internet/WAN connection.

Steps to Configure the Wi-Fi as WAN

Step 1: set Wi-Fi radio settings

Step 2: Configure Radio0 (wifi0) as Wi-Fi client to upstream AP using SSID: mbox_wifiaswan


1. Select “STA mode”, – eg. operate in Wi-Fi client mode.

2. The SSID and password (pre-shared key) must match the upstream AP/WLC setting.

3. Once the router associates to upstream AP successfully, it will create an interface named ath0 and use DHCP to get an IP address from the upstream WLAN network. By default, ath0 will have the lowest route metric, eg. highest priority for WAN connection. If you have other WAN connections (eg. fiber or 4G/5G), they will become backup to this Wi-Fi WAN connection. If you want this Wi-Fi WAN as a backup to another WAN connection instead, you can set the “Route Metric” to be higher than other primary WAN.

Step 3: Configure Radio1 (wifi1) in AP mode to broadcast SSID: mbox_internal. This step is only required if you’re connecting other wireless devices (as wireless clients) to your router.

Summary view of Wi-Fi settings

Step 4: Configure firewall rules to permit outbound access via Wi-Fi WAN connection. Note: ath0 is now a WAN interface.

Below is a snip of the CLI config for above Wi-Fi settings:

interface ath0
  ip address dhcp
interface wifi 0
  country SG
  ssid mbox_wifiaswan
    encryption WPA1/WPA2-PSK key Letmein99
    client station
interface wifi 1
  country SG
  ssid mbox_internal
    encryption WPA1/WPA2-PSK key secure123
firewall-access 200 permit outbound ath0
firewall-snat 200 overload outbound ath0