Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t

travisdh1

@ccwtech What is the reason for a VLAN between the modem and firewall/router? That's the most likely culprit with the internet connection. Also, absolutely no reason for a VLAN when only 2 devices are connected to said network.

I recognize that interface. Do you have any option for none or VLAN 0 in the VLAN ID Setting?

Forget the VPN for now and just get internet connection working.

CCWTech

@travisdh1 said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

@ccwtech What is the reason for a VLAN between the modem and firewall/router? That's the most likely culprit with the internet connection. Also, absolutely no reason for a VLAN when only 2 devices are connected to said network.

I recognize that interface. Do you have any option for none or VLAN 0 in the VLAN ID Setting?

Forget the VPN for now and just get internet connection working.

The C2100T will not let you select untagged. You can select it and hit save but it goes back to 201. The Centurylink L IV tech said that the reason that untagged is locked out is that with that modem no traffic will pass if it's not VLAN tagged. I have run across this before with other Centurylink modems and different routers behind them.

So no other option there. Internet is working (with DHCP on the USG and the USG in DMZ mode, just trying to work on VPN.)

travisdh1

@ccwtech said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

@travisdh1 said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

@ccwtech What is the reason for a VLAN between the modem and firewall/router? That's the most likely culprit with the internet connection. Also, absolutely no reason for a VLAN when only 2 devices are connected to said network.

I recognize that interface. Do you have any option for none or VLAN 0 in the VLAN ID Setting?

Forget the VPN for now and just get internet connection working.

The C2100T will not let you select untagged. You can select it and hit save but it goes back to 201. The Centurylink L IV tech said that the reason that untagged is locked out is that with that modem no traffic will pass if it's not VLAN tagged. I have run across this before with other Centurylink modems and different routers behind them.

So no other option there. Internet is working (with DHCP on the USG and the USG in DMZ mode, just trying to work on VPN.)

Of course, because CenturyLink. My new swear word is CenturyLink. Thanks for the heads up, I may be running into this stupid soon myself.

CCWTech

Should remote VPN be able to reach the USG if it's just in DMZ mode or do I need to forward ports from the Centurylink to the USG?

JaredBusch

@travisdh1 said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

@ccwtech What is the reason for a VLAN between the modem and firewall/router? That's the most likely culprit with the internet connection. Also, absolutely no reason for a VLAN when only 2 devices are connected to said network.

This is a standard thing in Fiber hand off from a lot of places.

That fact that you even ask this shows that you are severely out of touch with common ISP practices.

JaredBusch

@ccwtech Do you not have anything that is NOT a USG to work with? I've helped people do this on ERL with no issues.

CCWTech

@jaredbusch said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

@ccwtech Do you not have anything that is NOT a USG to work with? I've helped people do this on ERL with no issues.

I could bring a Netgear nighthawk, I think I have one somewhere, but I don't have any spare non-USG gear.

CCWTech

@jaredbusch said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

That fact that you even ask this shows that you are severely out of touch with common ISP practices.

@JaredBusch will this even work with the USG in DMZ mode instead of bridged? If it's in DMZ do I just need to port forward the VPN ports from the Centurylink to the USG?

travisdh1

@jaredbusch said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

@travisdh1 said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

@ccwtech What is the reason for a VLAN between the modem and firewall/router? That's the most likely culprit with the internet connection. Also, absolutely no reason for a VLAN when only 2 devices are connected to said network.

This is a standard thing in Fiber hand off from a lot of places.

That fact that you even ask this shows that you are severely out of touch with common ISP practices.

I've lived in BFE for so long, I only dream about fiber.

JaredBusch

@ccwtech said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

@jaredbusch said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

That fact that you even ask this shows that you are severely out of touch with common ISP practices.

@JaredBusch will this even work with the USG in DMZ mode instead of bridged? If it's in DMZ do I just need to port forward the VPN ports from the Centurylink to the USG?

I have no idea. The USG is so limited by the UniFi firmware. I only have a single one in the field. I swore never to waste money on another one after that.

JaredBusch

It should "just work" but I know that PPPoE has long had various issues on EdgeOS. I doubt it works well on UniFi.

In theory, you just need the VLAN here, but technically, under the hood in EdgeOS, a PPPoE connection is another interface and I think you set the VLAN there. I would have no idea how to make it work in UniFi.

JaredBusch

Yup, in EdgeOS, you set the vif (VLAN) and then set PPPoE inside it..
Here is a non VLAN PPPoE i have in the field, from Century Link in fact. DSL, not fiber.

jbusch@durabilt# show interfaces ethernet     
 ethernet eth0 {
     description "Internet (PPPoE)"
     duplex auto
     pppoe 0 {
         default-route auto
         firewall {
             in {
                 name WAN_IN
             }
             local {
                 name WAN_LOCAL
             }
         }
         mtu 1492
         name-server none
         password <snip>
         user-id <snip>
     }
     speed auto
 }

JaredBusch

To use that same connection on VLAN 201, it would look like this.

The entire pppoe block is inside the vif block.

I just cannot see how the UniFi will handle that, because there is no real specifications in the GUI.

jbusch@durabilt# show interfaces ethernet     
 ethernet eth0 {
     vif 201 {
        description "Internet (PPPoE)"
        duplex auto
        pppoe 0 {
            default-route auto
            firewall {
                in {
                    name WAN_IN
                }
                local {
                    name WAN_LOCAL
                }
            }
            mtu 1492
            name-server none
            password <snip>
            user-id <snip>
        }
     }
     speed auto
 }

CCWTech

@jaredbusch Since it's Fiber, do I even need the CenturyLink C2100T?

@scottalanmiller

travisdh1

@ccwtech said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

@jaredbusch Since it's Fiber, do I even need the CenturyLink C2100T?

@scottalanmiller

They're probably using one of the point to multipoint protocols, I forget what the standard(s) is called off hand. It's not a normal network fiber connection.

Dashrender

Why does your gear need to be in bridge mode? In my experience it’s the ISPs router that has to be in bridge mode passing all the traffic directly onto your firewall which is in normal mode.

Jared of course will tell me I’m wrong if I am.

JaredBusch

@dashrender said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

Why does your gear need to be in bridge mode? In my experience it’s the ISPs router that has to be in bridge mode passing all the traffic directly onto your firewall which is in normal mode.

Jared of course will tell me I’m wrong if I am.

The C2100T is from the ISP. So you are misunderstanding something here.

JaredBusch

@ccwtech said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

@jaredbusch Since it's Fiber, do I even need the CenturyLink C2100T?

@scottalanmiller

That depends on the actual handoff. Is it simply Ethernet? Then no, you don't need it most likely.

I did look at your first post agian, and if the WAN side of the C2100T is handling the tagged VLAN on 201, are you sure that the LAN side is tagged still?

CCWTech

@jaredbusch said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

@ccwtech said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

@jaredbusch Since it's Fiber, do I even need the CenturyLink C2100T?

@scottalanmiller

That depends on the actual handoff. Is it simply Ethernet? Then no, you don't need it most likely.

I did look at your first post agian, and if the WAN side of the C2100T is handling the tagged VLAN on 201, are you sure that the LAN side is tagged still?

Pretty sure it's not. I didn't know you had to tag the LAN side. Do I need to tag ports in the switch as well?

JaredBusch

@ccwtech said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

@jaredbusch said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

@ccwtech said in Ubiquity USG 3 Port with Centurylink Tecnicolor C-2100t:

@jaredbusch Since it's Fiber, do I even need the CenturyLink C2100T?

@scottalanmiller

That depends on the actual handoff. Is it simply Ethernet? Then no, you don't need it most likely.

I did look at your first post agian, and if the WAN side of the C2100T is handling the tagged VLAN on 201, are you sure that the LAN side is tagged still?

Pretty sure it's not. I didn't know you had to tag the LAN side. Do I need to tag ports in the switch as well?

My point was depending on what the thing is actually doing to "bridge" the traffic, you may or may not need to have your USG tagged to VLAN 201.

The C2100 WAN is certianly tagged 201. But that doe snot mean the LAN port is.