Cloud Gateways WiFi Switching Camera Security Door Access New Integrations Accessory Tech Identity
UISP
Support Dropdown arrow
Store
User
Help Center UniFi Help Articles UISP Help Articles Community UniFi Design Center UISP Design Center Contact Support Tech Specs Large Project Assistance Professional Phone Support
Sign Up UniFi Site Manager
Ubiquiti Logo Ubiquiti Logo
User User
Sign Up UniFi Site Manager
Cloud Gateways WiFi Switching Cameras & Security Door Access New Integrations Accessory Tech Identity UISP Store

Support

Help Center UniFi Help Articles UISP Help Articles Community Contact Support Tech Specs Large Project Assistance Professional Phone Support

Social

Facebook Twitter Youtube Instagram

Company

Careers Contact Us Investors

Training

Courses Calendar Trainers Become a Trainer

Tools

WiFiman UniFi Design Center UISP Design Center
  1. Ubiquiti Support and Help Center
  2. UniFi
  3. Network
  4. Advanced
Help Center
Back to Top

UniFi Switch - Layer 3 Routing

2023-12-01 22:23:19 UTC

Layer 3 Routing allows a UniFi Switch to route traffic between VLANs and to other destinations using static routes. It is possible use L3 Routing with a UniFi Gateway or third-party gateway.

Requirements

Note: When using a third-party gateway, it needs to support VLAN tagging and manual configuration of static routes.

How does it work?

Layer 3 Routing is enabled by setting the Router option on a new or existing Virtual Network to the UniFi Switch. Afterwards, an additional network is automatically created with the Inter-VLAN routing name. This network has the following characteristics: 

  • Subnet - The 10.255.253.0/24 IP address range is used by default but it can be changed.
  • VLAN - Fixed to VLAN ID 4040.
  • UniFi Gateway - If present, the UniFi Gateway will use the 10.255.253.1 IP address.
  • UniFi Switch - The first UniFi Switch that L3 Routing is enabled on will use the 10.255.253.2 IP address. Additional L3 UniFi Switches will use the 10.255.253.3 IP address and so on.
  • Default Gateway - The L3 UniFi Switches use 10.255.253.1 as the default gateway to the internet (default route).

In addition to routing traffic between VLANs, L3 UniFi Switches provide the below features:

  • Static Routing - Create a static route to a next-hop IP address or interface.
  • DHCP Server - Provide DHCP assigned IP addresses to devices.
  • DHCP Relay - Forward DHCP requests to another DHCP server.

Using a Third-Party Gateway

When using a third-party gateway, it needs to match the configuration used by UniFi. The required steps are outlined below. Please refer to the documentation of the third-party manufacturer for more information.

  • Configure a VLAN Virtual Interface (VIF) on the third-party gateway and tag VLAN4040 on an interface that connects to the UniFi switch. This will be the uplink port of the switch.
  • Ensure that the UniFi switch tags VLAN4040 on the uplink port to the third-party gateway.
  • Assign the 10.255.253.1/24 IP address to the interface of the third-party gateway.
  • Create a static route on the third-party gateway that matches the subnet of the network configured in UniFi (for example 192.168.2.0/24) and use 10.255.253.2 as the next-hop. 
  • If more than one network is configured in UniFi, add additional static routes.
  • If there are other L3 UniFi switches using different IP addresses, add additional routes.

Configuration Example and Testing

Below is an example configuration that can be used on an EdgeRouter. The eth1 interface connects to the Layer 3 UniFi Switch.

configure
set interfaces ethernet eth1 vif 4040 address 10.255.253.1/24
set protocols static route 192.168.2.0/24 next-hop 10.255.253.2
commit ; save

Afterwards, test if the UniFi Switch is reachable on both networks:

ping 10.255.253.2
ping 192.168.2.1

Frequently Asked Questions

1. Which UniFi Switches support Layer 3 Routing?
Layer 3 Routing is available on select models. Refer to the store for more information.
2. Is it possible to use a different IP address range on the Inter-VLAN Routing network?
Yes, the subnet can be changed.
3. It it possible to use a different VLAN ID besides 4040?
No, the VLAN ID cannot be changed.
4. My third-party gateway does not support VLANs and static routes, can I still use it with UniFi Layer 3 routing?
No, it is a requirement that the gateway can communicate with the UniFi Switch using VLAN4040 and static routes.
5. Does the Layer 3 UniFi Switch translate traffic using NAT?
No, traffic is forwarded without translation.
Was this article helpful?
258 out of 514 found this helpful