Cloud Gateways Switching WiFi Camera Security Door Access Integrations Accessory Tech Identity
User
Sign Up UniFi Site Manager
Help Center Help Articles Professional Support Professional Integrators Community RMA & Warranty Downloads Tech Specs
User
Sign Up UniFi Site Manager
Help Center Help Articles Professional Phone Support Professional Integrators Community RMA & Warranty Downloads Tech Specs
Cloud Gateways Switching WiFi Camera Security Door Access Integrations Accessory Tech Identity

Social

Facebook Twitter Youtube Instagram

Company

Careers Contact Us Investors

Training

Courses Calendar Trainers Become a Trainer

Tools

WiFiman UISP Design Center
  1. Ubiquiti Help Center
  2. UniFi
  3. Network
  4. Advanced

Layer 3 Routing

Layer 3 Routing allows a UniFi Switch to route traffic between VLANs and to other destinations using static routes. It is possible use L3 Routing with a UniFi Gateway or third-party gateway.

Note: Traffic Identification and features that rely on it are not supported on networks managed by an L3 switch. If you depend on these features, we recommend using a UniFi Cloud Gateway or standalone UniFi Gateway for full functionality and seamless integration.

Requirements

Note: When using a third-party gateway, it needs to support VLAN tagging and manual configuration of static routes.

How does it work?

Layer 3 Routing is enabled by setting the Router option on a new or existing Virtual Network to the UniFi Switch. Afterwards, an additional network is automatically created with the Inter-VLAN routing name. This network has the following characteristics: 

  • Subnet - The 10.255.253.0/24 IP address range is used by default but it can be changed.
  • VLAN - Fixed to VLAN ID 4040.
  • UniFi Gateway - If present, the UniFi Gateway will use the 10.255.253.1 IP address.
  • UniFi Switch - The first UniFi Switch that L3 Routing is enabled on will use the 10.255.253.2 IP address. Additional L3 UniFi Switches will use the 10.255.253.3 IP address and so on.
  • Default Gateway - The L3 UniFi Switches use 10.255.253.1 as the default gateway to the internet (default route).

In addition to routing traffic between VLANs, L3 UniFi Switches provide the below features:

  • Static Routing - Create a static route to a next-hop IP address or interface.
  • DHCP Server - Provide DHCP assigned IP addresses to devices.
  • DHCP Relay - Forward DHCP requests to another DHCP server.

Using a Third-Party Gateway

When using a third-party gateway, it needs to match the configuration used by UniFi. The required steps are outlined below. Please refer to the documentation of the third-party manufacturer for more information.

  • Configure a VLAN Virtual Interface (VIF) on the third-party gateway and tag VLAN4040 on an interface that connects to the UniFi switch. This will be the uplink port of the switch.
  • Ensure that the UniFi switch tags VLAN4040 on the uplink port to the third-party gateway.
  • Assign the 10.255.253.1/24 IP address to the interface of the third-party gateway.
  • Create a static route on the third-party gateway that matches the subnet of the network configured in UniFi (for example 192.168.2.0/24) and use 10.255.253.2 as the next-hop. 
  • If more than one network is configured in UniFi, add additional static routes.
  • If there are other L3 UniFi switches using different IP addresses, add additional routes.

Configuration Example and Testing

Below is an example configuration that can be used on an EdgeRouter. The eth1 interface connects to the Layer 3 UniFi Switch.

configure
set interfaces ethernet eth1 vif 4040 address 10.255.253.1/24
set protocols static route 192.168.2.0/24 next-hop 10.255.253.2
commit ; save

Afterwards, test if the UniFi Switch is reachable on both networks:

ping 10.255.253.2
ping 192.168.2.1

Frequently Asked Questions

1. Which UniFi Switches support Layer 3 Routing?
Layer 3 Routing is available on select models. Refer to the store for more information.
2. Is it possible to use a different IP address range on the Inter-VLAN Routing network?
Yes, the subnet can be changed.
3. It it possible to use a different VLAN ID besides 4040?
No, the VLAN ID cannot be changed.
4. My third-party gateway does not support VLANs and static routes, can I still use it with UniFi Layer 3 routing?
No, it is a requirement that the gateway can communicate with the UniFi Switch using VLAN4040 and static routes.
5. Does the Layer 3 UniFi Switch translate traffic using NAT?
No, traffic is forwarded without translation.
Was this article helpful?