🛠️ Adding a Wi-Fi Access Point to Your SD-WAN Edge Using the Cudy WU1400

Ronald BartelsRonald Bartels
4 min read

As more SD-WAN edge devices are being deployed in remote and field environments, adding wireless access directly to the edge becomes a compelling use case. Whether you're trying to provide AP functionality for engineers on site, local devices, or simply as a backup access path—this guide is your one-stop resource for turning a Cudy WU1400 USB adapter into a full-fledged Access Point (AP) using Debian Bookworm.

📦 1. Prepare Your Virtualisation Environment

Before creating your NFV instance, make sure your Debian host system has libvirt and related packages installed.

sudo apt update
sudo apt upgrade
sudo apt install -y qemu-kvm libvirt-daemon-system libvirt-clients virtinst cpu-checker libguestfs-tools libosinfo-bin

Then remove the conflicting dnsmasq-base package:

sudo apt remove dnsmasq-base

Disable the default network to avoid collisions:

sudo virsh net-autostart --disable default

🐧 2. Install Debian Bookworm as a Headless NFV

Create a virtual machine using virt-install. You’ll be installing Debian Bookworm directly via the serial console:

sudo virt-install \
  --name debian \
  --ram 1024 \
  --vcpus 1 \
  --disk path=/var/lib/libvirt/images/debian12.qcow2,size=4 \
  --os-variant debian10 \
  --network bridge=br0,model=virtio \
  --console pty,target_type=serial \
  --extra-args="console=ttyS0,115200n8" \
  --graphics none \
  --location 'http://deb.debian.org/debian/dists/bookworm/main/installer-amd64/'

📝 Note: Make sure you’re using a bridge (br0) that has Internet access.

📥 3. Update Kernel & Install Firmware

Once Debian is installed and running:

sudo apt install -t bookworm-backports linux-image-amd64
sudo apt install firmware-realtek

This ensures proper driver support for your Cudy USB adapter (based on Realtek RTL88x2BU chipset).

🔌 4. Attach the Cudy WU1400 to the NFV

Plug the Wi-Fi dongle into your host and identify it using:

lsusb

You should see something like:

Bus 001 Device 002: ID 0bda:b812 Realtek Semiconductor Corp. RTL88x2bu

Attach it to your VM:

virsh attach-device debian --file <(cat <<EOF
<hostdev mode='subsystem' type='usb' managed='yes'>
  <source>
    <vendor id='0x0bda'/>
    <product id='0xb812'/>
  </source>
</hostdev>
EOF
)

📡 5. Install Required Software Inside the VM

Once the device is visible inside your VM (lsusb inside the guest should show it), install:

sudo apt update
sudo apt install -y hostapd dnsmasq nftables iw

Enable hostapd to start on boot:

sudo systemctl unmask hostapd
sudo systemctl enable hostapd

⚙️ 6. Configure hostapd (Wi-Fi AP)

Create the configuration file:

sudo nano /etc/hostapd/hostapd.conf

Paste the following (adjust SSID and password as needed):

interface=wlx80afcaa8d523
driver=nl80211
ssid=debian
hw_mode=a
channel=36
ieee80211d=1
country_code=ZA
ieee80211n=1
ht_capab=[HT40+][SHORT-GI-20][SHORT-GI-40]
ieee80211ac=1
vht_capab=[SHORT-GI-80]
wmm_enabled=1
auth_algs=1
wpa=2
wpa_passphrase=0836457154
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP

Then point hostapd to the config:

sudo nano /etc/default/hostapd

Set:

DAEMON_CONF="/etc/hostapd/hostapd.conf"

📡 7. Configure dnsmasq for DHCP

Edit the dnsmasq configuration:

sudo nano /etc/dnsmasq.conf

Add:

interface=wlx80afcaa8d523
dhcp-range=192.168.99.10,192.168.99.100,12h

Then restart:

sudo systemctl restart dnsmasq

🔀 8. Enable IP Forwarding

sudo nano /etc/sysctl.conf

Uncomment or add:

net.ipv4.ip_forward=1

Apply:

sudo sysctl -p

🔒 9. Set Up NAT with nftables

Create your NAT rules:

sudo nano /etc/nftables.conf

Insert:

table inet nat {
    chain postrouting {
        type nat hook postrouting priority 100;
        oifname "enp1s0" masquerade
    }
}

Apply and enable:

sudo nft -f /etc/nftables.conf
sudo systemctl enable nftables

🚀 10. Start the Access Point

sudo systemctl start hostapd

Check the status:

sudo systemctl status hostapd

🧪 11. Test Your SD-WAN Edge AP

  • Scan for SSID: debian from a nearby device 📱

  • Connect using the password 0836457154 🔐

  • Test Internet connectivity 🌐

🧠 Why Add an AP to SD-WAN?

✅ Local Wi-Fi for on-site teams
✅ Backup access to SD-WAN interface
✅ Enables IoT or mobile device integration
✅ Useful in remote setups like kiosks or retail edge sites

🧩 Final Notes

💡 The Cudy WU1400 is a great, compact, and affordable USB adapter with support for 802.11ac (Wi-Fi 5).
📡 It transforms your NFV or SD-WAN edge into a connectivity hub with a few simple steps.
🔧 Everything is standard Debian—no vendor lock-in, no proprietary tools.

Need help troubleshooting or integrating with your SD-WAN platform? Drop your questions below, and let's level up your edge connectivity game! 💬🛜

10
Subscribe to my newsletter

Read articles from Ronald Bartels directly inside your inbox. Subscribe to the newsletter, and don't miss out.

wifiLinux

Written by

Ronald Bartels
Ronald Bartels

Driving SD-WAN Adoption in South Africa