Chateau 5g AX - Simple use as Wifi Hotspot

Kudum · October 28, 2025, 5:57pm

Hello,

I’m building an Innovation Lab at work and wired most of the devices I’m using.

But I also need a wifi network to be used outside of the corporate domain. I got a Chateau 5G router that I would like to use as a simple Wifi hotspot. (I cannot use the corporate wifi networks)

Basically a bridge mode : I’d like to use an ethernet connection facing the outside plugged on one of the LAN ports of the router and create a wifi network using its connection (No Sim card)

As you already understood, I’m far from a network expert and don’t know exactly what is the type of config behind the internet connection they gave me
All I know is that this connection is facing the internet without all the corporate domain, port blocking and firewall constraints.

But I suppose putting a router behind a router is not supposed to work.

I just need a configuration to create a Wifi hotspot based on an Ethernet LAN connection (So I suppose not WAN).

I tried multiple configs unsuccessfully (including creating an WAN interface config on ETHx instead of LTE) and also by disabling some features such as Firewall router, NAT… (Obviously not DHCP as needed for the wifi devices to connect)…

I don’t know if I’m clear…
Could you please help me, I’ve got an important visit in the lab tomorrow

Thanks !!!

anav · October 28, 2025, 6:07pm

I am no hotspot or chateau expert, but if there is any routing involved then the chateau will require to be acting like a router. If it was as simple as guiding users from the chateau like a simple AP/Switch through a vlan to a hotspot on the main router, then the chateau need not be a router.

Kudum · October 28, 2025, 6:26pm

Hi,
Thank you for your reply !
OK for the router but then, but how can I set the Chateau like : The internet connection is coming from ETH port 2, use this connection on the wifi networks generated.

Right now I manage to connect on the wifi network of the Chateau but no internet connection.

Thanks !

jaclaz · October 28, 2025, 6:29pm

Tell the visitors that your Wifi was working but that you wanted to update the device to latest software release for security and accidentally the router was bricked and now you need to perform a netinstall, which is a very complex procedure.

Once having thus moved the deadline to next week, post an export of your current configuration, following these instructions:

And someone will be able to give you some advice.

Generally speaking (though having an unused LTE modem is a waste of money) the Chateau 5 G router can be configured as router, switch or access point, so it is possible to use it for what you want to achieve.

Setting up a hotspot (with authentication of users, etc.) is however fairly complex, and besides that it isn't (IMHO) the best idea to add a Wi-fi connection to a business/corporate network without being d@mn sure that you are not introducing vulnerabilities to the existing network.

Conceptually you could have set it up as router (so with NAT, that will become double NAT counting the corporate router) with firewall rules that prevent access to existing network addresses.

Kudum · October 28, 2025, 8:46pm

Hi Jaclaz,

Thanks for your reply.

First next week is clearly not possible as these people are market heads coming from all around the world. And they leave tomorrow evening.

I am damn sure that it will not introduce vulnerabilities as this LAN as been designed to be completely independant from the corporate network.

That's basically a home connection. The only thing is that I don’t know what is the config of the primary router.

An wifi access point is exactly what I need.

Only a few devices will have access to it, no complex auth apart from the wpa key, and SSID hidden (and completely separated from corp. Network)

IT and security teams are totally fine with it.

Is there a simple way to do it ?

Amm0 · October 28, 2025, 9:08pm

The default should already do this, and the QuickSet that appears should let you set the Wi-Fi name/password. ether1 should be a WAN port in most defaults.

Now, it's possible all the ports are LAN (thus ether1 is not a WAN port) since the since is an LTE device and it's default don't assume a WAN port. So what you may need do is

remove ether1 item from Bridges>Ports in winbox/webfig (while connected to either Wi-Fi shown on label or via ethernet to PC).
add a new IP>DHCP Client using ether1 as interface (assuming internet source has DHCP).
add ether1 to WAN interface-list in Interfaces>Lists (which will then allow NAT from the LAN ports ether2-5 and default Wi-Fi

anav · October 28, 2025, 9:52pm

post a config here and I can tune it properly.
Assuming there is a managment vlan or at least independent vlan, assigned for the use of this non-corporate network. On the main router this vlan should only have access to the internet and NO access to any other vlans.

For your access I would make one of the ports on the Chateau and OffBridge port so that you can at least plug your laptop into it and make config changes securely..........

/export file=anynameyouwish (minus device serial number, any public WANIP information, keys etc.

BartoszP · October 28, 2025, 10:29pm

Really? You are not prepared in advance a week earlier? No tests? No backup? No knowledge what to do?

Simply: living on the edge,