diff --git a/machines/vault01/networking.nix b/machines/vault01/networking.nix
index 595d6f3..3e7f472 100644
--- a/machines/vault01/networking.nix
+++ b/machines/vault01/networking.nix
@@ -2,6 +2,7 @@ let
   vlanName = "vlan-uplink-cri";
   vlanAdmin = "vlan-admin";
   vlanAP = "vlan-admin-ap";
+  vlanAP-apro = "vlan-apro";
 
   linkIp = "10.120.33.250";
   linkPrefix = "30";
@@ -22,6 +23,7 @@ in
             vlanName
             vlanAdmin
             vlanAP
+            vlanAP-apro
           ];
 
           LinkLocalAddressing = false;
@@ -51,6 +53,11 @@ in
         name = vlanAP;
         address = [ "fd26:baf9:d250:8010::1/60" ];
       };
+      "10-${vlanAP-apro}" = {
+        name = vlanAP-apro;
+        address = [ "10.0.255.1/24" ];
+        networkConfig.DHCPServer = "yes";
+      };
     };
     netdevs = {
       "10-${vlanName}" = {
@@ -80,6 +87,16 @@ in
           Id = 3001;
         };
       };
+      "10-${vlanAP-apro}" = {
+        netdevConfig = {
+          Name = vlanAP-apro;
+          Kind = "vlan";
+        };
+        vlanConfig = {
+          Id = 2000;
+        };
+      };
     };
   };
+  networking.firewall.allowedUDPPorts = [ 67 ];
 }