Gen2 L3 Ubiquiti

javabean · September 11, 2020, 2:20pm

I know the the L3 routing is in “alpha” for the Gen2 switches but I cannot seem to get this to work with a non Unifi Firewall in a test environment.

FW
LAN Trusted interface 10.0.254.254

Gen2
Port1 LAN
Port5 Vlan5 10.0.5.254 (GW set as Gen2 Sw w/DHCP running)
Port10 Vlan10 10.0.10.254 (GW set as Gen2 sw w/DHCP running)

LAN Network Config in the Unifi settings as
10.0.254.254/24 Gateway
No DHCP

Switch IP 10.0.254.1

Current

Device A plugged into port 5 Gen2
Gets DHCP address 10.0.5.6 gw 10.0.5.254

Device B plugged into port 10 Gen2
Gets DHCP address 10.0.10.6 gw 10.0.10.254

Device A ping results
10.0.5.254 success
10.0.10.254 success
10.0.10.6 success
10.0.254.254 FAIL

Device B ping results
10.0.10.254 success
10.0.5.254 success
10.0.5.6 success
10.0.254.254 FAIL

In the Cisco world I’d need to tell port 1 “no switchport” and assign it an IP and would be good to go. How is this possible with the GEN2 ? A bit lost atm.

brwainer · September 11, 2020, 2:39pm

WHen you enable the Layer 3 routing feature, the switch automatically creates a new hidden VLAN and IP address, and expects the gateway to be on another IP within that VLAN (which would normally be set up hidden on the Unifi gateway device). The switch has its default route set to the gateway IP in the hidden VLAN, and the gateway has routes added for the subnets now handled by the L3 switch. You need to figure out what this VLAN and IP is, and add it to your router. Ubiquiti doesn’t have it documented, I think I saw it either in the community forums or on Discord.

Edit: I believe if you SSH into the switch you should be able to get from it all of its VLANs, IPs, and routes. Once you log in, it should be the same syntax as an EdgeSwitch.

javabean · September 11, 2020, 2:53pm

Wow…Its always the most obvious.

It creates a Inter-Vlan network automatically (shown undernetworks)…Need to set your gateway and VLAN to mirror that on the Edge device. Thanks much !

brwainer · September 11, 2020, 3:07pm

Oh good to know its not actually hidden! I don’t have one and I haven’t seen a lot of people using it with a non-Unifi gateway.

javabean · September 11, 2020, 3:48pm

Yup, the only missing link that wasn’t obvious was the IP of the Inter-Vlan routing GW in the Gen2 switch itself.

Ran a network scan of that subnet to find it…After that, some simple routes in the FW and I was flowing traffic as expected.