2D Fibre and WAN Routed via VLAN. (Unifi)

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › 2D Fibre and WAN Routed via VLAN. (Unifi)

Thanassos

4 posts

Wannabe Geek

#311615 1-Feb-2024 12:32

Hi there, have recently moved property and signed up with 2d Fibre. (Moving from Orcon)

ONT was installed yesterday, everything went well - however my configuration which had previously worked now refuses to.

For various reason (Mostly aesthetics for the wife) I run the ONT into a Unifi 8 Port Switch that then connects to a UDM Pro.

VLAN 10 Network (VLAN Only/Third Party Network) created.

ONT is connected to Port 7 of the 8 port switch with:

VLAN 10 set as native on Port 7.
VLAN 10 Blocked on all other ports except Port 8.
Port 8 is Native Default LAN (1) + Allows VLAN 10.

Port 8 then connects to the UDM Pro Port 8. (Set to Native VLAN 1 + Allowing VLAN 10 - acting as a trunk)
Port 7 on the UDM is set to Native VLAN 10 and connected to WAN1 on the UDM.
VLAN 10 is blocked on all other ports on the UDM.

Essentially this creates a virtual cable/tunnel for the WAN Traffic to flow through into the Router. This setup worked on Orcon no worries.

With 2d however this doesn't appear to work - so I'm a little stumped. Is there something unique to 2d that would prevent such a set up working?

In the meantime I've moved the UDM Pro to where the ONT is located and it naturally works connected directly without any issues, however as expected I've already got the Wife asking when it'll be moved back into the network rack!

Thanks for any assistance!

pchs

187 posts

Master Geek
+1 received by user: 46

#3189264 1-Feb-2024 14:24

I can confirm this should work, my UDM pro is about 4 switches downstream from my ONT with 2d ex Snap

I just gave both ports setup facing the ONT and UDM as custom vlan10 on a ‘default’ network, remember the ONT port is a ‘Vlan tagged’ port not just a native Vlan10 access port

richms

29098 posts

Uber Geek
+1 received by user: 10207

Trusted

Lifetime subscriber

#3189267 1-Feb-2024 14:31

I did this before but with a draytek VSDL modem to get it to the location where the ONT was when it was the secondary connection into WAN2. I found it mostly worked but there were times when a switch was restarted and it would not come up till I unplugged and replugged the WAN2 on the USG that was where the vlan10 thru the internal switches was ending up at the other end.

Also what was said about it being a tagged vlan10 needs to happen.

Richard rich.ms

bagheera

544 posts

Ultimate Geek
+1 received by user: 189

#3189271 1-Feb-2024 14:44

I would create a vlan 2 native with vlan 10 tag group, set all "wan" side port to this group, and set all other ports to vlan 1 only.

pchs

187 posts

Master Geek
+1 received by user: 46

#3189274 1-Feb-2024 14:51

bagheera:
I would create a vlan 2 native with vlan 10 tag group, set all "wan" side port to this group, and set all other ports to vlan 1 only.

Agree! Actually reminds me I need to tidy up my config..

Thanassos

4 posts

Wannabe Geek

#3189283 1-Feb-2024 15:07

bagheera:

I would create a vlan 2 native with vlan 10 tag group, set all "wan" side port to this group, and set all other ports to vlan 1 only.

Thanks for jumping in!

Right, so create a second (VLAN Only?) network and make that the native VLAN + Tag 10. Something like:

Won't non-WAN Traffic (VLAN 1) then be blocked between two the switches? (Only have one cable to carry WAN and LAN thanks to house wiring).

I swear something is subtly off in this Unifi Interface since I last set it up. Or... I'm just getting old!

Cheers,

bagheera

544 posts

Ultimate Geek
+1 received by user: 189

#3189286 1-Feb-2024 15:15

if it is only one cable, then create vlan 1, vlan 10, vlan 20, on this trunk all vlan, set all "lan" ports to vlan 20, this way, vlan 1 and 10 can be used for the wan, vlan 20 for all other traffic, (all trunk port should be set to 1 native, 10 & 20 tag allowed)

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

Thanassos

4 posts

Wannabe Geek

#3189305 1-Feb-2024 15:53

Been thinking of re-doing the network scheme and this will certainly be the kick to make it happen.

Will configure everything and give it a crack. Worth a shot.

Cheers,

Thanassos

4 posts

Wannabe Geek

#3189553 2-Feb-2024 09:02

bagheera:

if it is only one cable, then create vlan 1, vlan 10, vlan 20, on this trunk all vlan, set all "lan" ports to vlan 20, this way, vlan 1 and 10 can be used for the wan, vlan 20 for all other traffic, (all trunk port should be set to 1 native, 10 & 20 tag allowed)

Went through and finally setup different VLANs for Wifi/Cameras/Servers/Devices/Management along with the Tunnel for 10.

All worked out perfectly. Thanks for your assistance.

The specific issue I was having which I just wasn't picking up however was previously in the Unifi Interface you would Create the VLAN Only network - then apply that as a "port profile" which Tagged that network.

In the new UI configuration has to be done differently, instead you create the VLAN then leave the ports native VLAN on default or whatever you change it to - then tag just the WAN VLAN. I was, as per the above snips creating the VLAN and then making that the native which duh as mentioned above create an access port instead.

Thanks all.