cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

NEED SOME HELP?

We’re here 24/7. 365 days a year.
Ask questions. Find your answers. Connect.

3rd Party Router

ONTnonotagain
Team Player
Private Message
Message 46 of 46

Hi 1st post, 💬

 

I've been trying to get a 3rd party router to work direct from the ONT a CF one, having spent hours reading I know the issue is the inability to turn on the Vlan ID to 0 *zero*.

 

So I use the chat function to discuss turning off the Vlan as mine only works enabled on the Sagefast, after going through the motions with what I assume was really Ai with a human name? I get first to ap my 3rd party, then I get told that to switch off the Vlan will make my connection unstable before getting hit with the ultimate confidence booster "Could you explain what a Vlan ID is" 👀 it disconnected after my last reply which was polite enough and not one of those slam the phone down ones.

 

From all of this I deduct that TT doesn't want me to use a different router, 😡 so is it possible to turn off the Vlan or not at their end as suggested has happened with other users? If I'm stuck like this it looks like I'll be looking elsewhere when the contract ends, I didn't have any of this when I was on copper and if they insist on us having to use their equipment I find that poor as all ISP equipment is like anything free...functional, I've also noticed the bungled FW update recently where the limited advanced options have vanished which is another reason why I prefer my own gear. 🤗

 

It's also fair to say I've been with this company through 3 incantations that I can remember for a very long time and this is the first time I've had cause to have to have a moan. 

 

Any further help appreciated,

 

Onta. 

0 Likes
45 REPLIES 45

Message 21 of 46

A re-boot or even a full off at the wall flushes the router that's why I do it regardless of whether it upsets the ISP, on copper I believe it used to set off a learning phase which could affect speeds down, I never saw that as I constantly got the 12 I was on and at one time it was peaking at 17 but this fell away back to the 12/15 mark after a while. My last 3 all had the re-boot schedule.

 

Regarding my bad security would you care to enlighten (no pun)? I'm asking because I'm always on the look out for better ways. As far as I'm aware cleansing & not exposing in the first place were always the way to go.

 

I've been looking into the UDR a bit more, spec wise it's more than enough for me but it's been mentioned it's noisy, hot, slow to boot and freezes up, have you had any of those things happen with yours? 

 

Onta.

 

 

0 Likes

Message 22 of 46

Why do you think routers don’t have the ability to do a scheduled reboot.

 

Simple because it’s not required. On ADSL/VDSL circuits constantly rebooting the router is the last thing you should be doing. It less of an issue on FTTP but still not advisable. All you do is upset the ISP and it does zero for your own security.

 

I’ll leave the discussion there as clearly you have your own take on dealing with security some ok some very bad. 

0 Likes

Message 23 of 46

I can't go into it on an open forum about the phones but I can assure you there are reasons why it would be taken and also be able to be used again, I'll have to leave that one there at that point.

 

If you use a PC etc as a personal diary then you are correct, if you use it as portal to the net in it's own isolation package the only thing at risk is the O/S itself, if you dedicate one hdd & O/S to being the front line with limited duties while using another hdd offline to do workloads it's never exposed.

 

My ability to counter things is based on my own maintenance schedules not whether there is a breach, most basic tip I can give others is auto re-boot the router regularly again something this Sagecom thing lacks as well.

 

Checking your mail addies is also a crucial thing to do, I found two of mine in the past on pwned guess what era they got compromised in? ISP D-Link.

 

Onta.

0 Likes

Message 24 of 46

I'm sorry you feel that way but I also believe that you believe that by not having cloud service you are immune from having your data being made pubic. In many ways this is already out of your hands.

 

Check your email address online and see how many times it may have appeared in a data leak. Have you then changed your email address because of that. 

 

Your ability to counter any 'hole' discovered by a company isn't how fast you can do it but how fast the company informs you of the breach. Many breaches happen months previously so your reaction time is directly linked to the time after you have been informed of the data leak, not at the time of the breach itself. Then what do you do, change your email address of just your password or both.

 

I still don't get your analogy of the phone. Your secure yourself against potential theft by locking it. Absolutely doesn't stop a thief taking it, but locking it stop access, and believe it or not having cloud access to that phone would allow you to remote wipe that phone and even potentially find its location.

 

I've already done that for a neighbour who lost her phone and was able to track to where she lost it.

 

 

0 Likes

Message 25 of 46

Hi Mr W,

 

I'm afraid it's the nature of the beast to have to focus on the negatives to be able to enjoy the positives, nothing is ever going to be foolproof tbh but it's how companies react when a hole is discovered and my ability to counter it fast. That D-link modem that was issued to me was probably the worst piece of IT equipment I've ever experienced & expected to last forever without any updates, when I asked for a new router because I could see the D-Link was past it's sell by date the answer was no which led me to return to using my own. That thing helped put me where I am today with things as although I didn't know what one was at the time it was constantly being attacked through denial of service attacks & a few other things I won't go into which led me to going back to my own router again. The Sagecom units I've been sent since are better maintained but lack even the most basic ways of preventing interference from both inside & outside of the home config wise.

 

The phone would still not be there when you got back even if you'd turned it off and in the old days removed the battery & simply by (not giving ppl ideas)  would dismiss any sort of chance of tracking it or getting it back.

 

On a positive I wouldn't have considered the Ubi equipment had you not mentioned it, you've piqued my interest in one now but I won't be getting one until I've done some more background on it but atm it looks the most feature rich unit out there at the price point & head & shoulders above the usual suspects, what is the wifi range like on them btw?

 

The reason I don't like cloud apps isn't because I feel the cloud isn't maintained properly it's simply because I don't want things like my family pictures, utility bills etc etc in any other hands other than my own even if they are allegedly encrypted, same applies with social media. You have to remember for every lock invented there had to be an inventor and that means physical or digital it's always going to have a way to pick it or reverse engineer it, the digital one is only practical because of the time it takes to pick it currently assuming the digits selected by the end user are also up to a good standard. Time will change this once the next gen computer chips that can crunch many times faster are on the market, Quantum?

 

 

All I'm looking for right now is the ability to not be locked into one router in particular, if Chris comes back with "it can't be done" then I'll have to weigh up the options and go from there and that doesn't mean toys out of the pram and leave but had I known I'd be getting a locked ONT I would've stayed on copper for now as I don't need fast BB to do what I use the net for, the pages take the same time to load and the only real upside I can see is updates are faster and the bandwidth for others in the home better for streaming tv channels, myself I didn't really need it as the contention on my copper line  wasn't high so I got the max speed it was able to deliver most of the day anyway.

 

Onta.

 

 

 

 

0 Likes

Message 26 of 46

You like focusing on the negatives. As I’ve said cloud is entirely optional.

 

There was a lot of bad press about a data leak at UI but as you have mentioned this was a rogue employee holding the company to ransom. He got his comeuppance.  You would probably not have been aware of this story had I not mentioned Unifi.

 

Every single company is vulnerable to rogue employees, banks, shops, even your utilities company leaking personal data.

Your analogy of leaving a phone on a bar is only true if you choose not to secure your phone when you leave it and to be honest ridiculous. You don’t leave your house or car unlocked when you leave it do you.

 

Much of our life is now cloud based, as long as the correct security is in place the risks can be mitigated. If you start opening ports for port forwarding or managing a router remotely the risks are there.

 

Would businesses be using such devices if it was considered that the cloud options where any more vulnerable than any other cloud service. DrayTek, Cisco, Huawei all have had vulnerabilities in the past. Back in 2022 Cisco got hacked. These devices are used in multimillion pound corporations, do you see them throwing out the kit.

I’ve assisted where I can so will leave you to make a decision based on your findings. I hope you find a solution.

Message 27 of 46

Hi Chris,

 

No dice I'm afraid nothing changed at all,

 

Tried non invasive measures first simply turning off the Vlan ID on the Sagefast, webpages stopped loading.

Tried to add to the 3rd party config & it still wouldn't connect.

Tried a factory restore on the 3rd party and used the wizard for set up, then tried the vlan settings's, iptv, ipv6, slack, stateless, QoS, DHCP etc etc etc still no joy, I did find an option in Routing to select either Lan/Wan or Wan but these are internal to the router not web facing options by the looks of things.

 

Look forward to your input/news on Monday when you're back behind the desk, enjoy the weekend.

 

Onta.

0 Likes

Message 28 of 46

Cheers, configuration doesn't worry me it's anything cloud based as imo you might as well ask a stranger to mind your phone at the bar while you go somewhere else for a few minutes as proven by Ubi themselves when a staff member went rogue a couple of years ago, another convenience idea not thought out properly and no consideration to what can and does go wrong.

 

I'll tee up my options on it soon and decide which way to go unless Chris comes up with a worker next week, it might be for good reason that they want us to stick with their stuff but an explanation why would be nice.

 

Onta.

0 Likes

Message 29 of 46

Cloud or remote access has been around since these devices were launched but it’s entirely optional and can be disabled. Either way you have full local access to configuration. From an admin point of view the cloud access is great because I don’t have to go to site to change settings. 

Note these are prosumer units and not plug and play so require a level of interaction to configure properly. That said most good routers should also provide options to customise all aspects of a network. 

Note the screenshot I post was from local access not cloud access.

Message 30 of 46

I'm just going on what I'm finding as I go along tbh & the article that said about the cloud was an early report so maybe they've since adjusted things, I'll continue to read up on it & thanks for your help on it anyway.

 

Onta.

0 Likes

Message 31 of 46

Sorry but you are wrong. The UDR and UDM series are fully configurable locally. The cloud is a valuable option allowing full Config remotely. You need to do much more research on these devices. If you don’t want to use the cloud option you can turn off remote access and fully configure locally. Believe I have 6 of these installed privately and for business clients. They are all local access and configuration. There are other devices called cloud keys etc but never used those and don’t intend too. 

0 Likes

Message 32 of 46

Hi Mr W,

 

I posted it to give you a head start for potential future issues, I wasn't sure which of their products has been altered to strike off the Vlan 0 but thought you'd appreciate the news anyway.

 

I've done some more hard looking at it and I'm going to have to say it's not for me mainly due to the enforced cloud account to be able to fully configure it, it's a shame as the more I looked at it the more it became an option but with the potential that they may turn the 0 function off at a later date and the cloud thing it's just too much to spend on something that could be no more connectable than what I currently have but thank you for pointing it out to me anyway.

 

I'm guessing Chris is done for the weekend so it looks like Monday before this can progress.

 

Onta.

0 Likes

Message 33 of 46

Was trying to upgrade from 7.4.92 to 7.5.156 and it no longer allows VLAN 0 in either the new or "legacy" interface. This breaks the ATT bypass which requires VLAN 0 to talk to the ATT gateway.

 

Well that’s interesting because 7.5.156 does not exist, but 7.4.156 does I’ve been running it and in fact now running 7.4.162 and it still has VLAN ID 0.

 

VLAN IDVLAN ID

The post refers to a USG which is a different device. 7.5 Will be another release in the future but nobody knows what it will contain or change and that can be said for every single firmware release for any device.

0 Likes

ONTnonotagain
Team Player
Private Message
Message 34 of 46

Hi Chris,

 

Update is this,

 

I haven't experienced any loss of service or disconnects today, I've tried twice turning off the Vlan Tagging at 4 hour intervals on the sagefast which then loses the connection until enabled again, it doesn't appear that anything has been changed for me tbh. 

 

I've not tried to set the 3rd party up as a direct to the ONT as it means resetting it and I know it isn't going to work as it currently is because if it was going to work it would also work with the Sage tagging disabled?

--------------------------------------------------------------------------

 

@ Mr Wrighty,

 

I was doing some looking and I stumbled upon this, it's on reddit btw,

 

Unifi Network Application no longer allows VLAN 0 - breaks ATT bypass

Basically the title. Was trying to upgrade from 7.4.92 to 7.5.156 and it no longer allows VLAN 0 in either the new or "legacy" interface. This breaks the ATT bypass which requires VLAN 0 to talk to the ATT gateway.

 

Up until I saw that I was going to wax the trigger finger on one having had a good gander at the dashboard of it, there's a Tube user called Willie Howe and he's done lots of helpful config video's about the tic tac.

 

This is the google for it as I don't know if linking is ok here or not..

 

Unifi Network Application no longer allows VLAN 0

 

Onta.

0 Likes

Message 35 of 46

The UDR is their latest incarnation of the Dream Machine series but refer to it as the Dream Router instead. It is the same shape and size as the UDMBase unit (A Large Tictac).

 

If you are interested in these get on the community.ui.com forum and read about them and the support you get. These devices tend to be cheaper than the competition because support is generally through the community, support direct with Unifi is hit and miss. If you want 24/7 telephone support this costs businesses big money. 

0 Likes

Message 36 of 46

Thx MrW.

 

 

That's a plus for Ubi that they continue to support the UDR series rather than have abandoned it like most other's do, it's a balance of buy expensive and it may do 6 years service with support or buy cheap and bin it 2 years later knowing support will be sporadic at best, as things move fast sometimes it's better to go the cheap route just to be able to not worry about chipset vulnerabilities which can't be fixed with a patch etc plus that shop that buys things gives something back out of the overall cost if you can't be bothered to sell it yourself from home.

 

I'll see what Chris has come up with today and update how it went later as I hate reading threads where there's a solution but the OP didn't bother to say what it was, oh yeah I got it working doesn't cut it for me, having read you in the past I think you're of the same opinion?

 

Onta.

0 Likes

Message 37 of 46

Have a look at UK sellers such as 4gon.co.uk or NetXL.co.uk. They sell all Ubiquiti kit including the UDR and UDM. If cost is important then the UDR will fit the bill. It has POE, Wifi6 built in ethernet and storage for protect cameras. The UDR is no good for 1Gbps internet speeds, you don't say what speed you have. the UDR will max out at around 700mbps with not protection services enabled and around 550mbps with IDS/IPS enabled. The UDM series UDM, UDMPro and UDMSE and all more powerful and cost more. the UDM is the entry level device but does not include Wifi6 (Do you need it) and no POE or internal storage but good for 1gbps services. The UDMSE is big bucks and can handle much faster internet speeds.

 

Warning DO NOY BUY FROM AMAZON, they are not resellers and are not warrantied. Buy from a UK reseller or the UK UI site if in stock. The only caveat is the UK resellers only give a 1 year warranty where was buying from UI direct you get 2 years. Bear in mind this kit is prosumer, not plug and play.

Message 38 of 46

Hi Mr W,

 

Yeah the problem I had was that most of the ones you can configure were either too expensive or not very secure or a combo of both, I had the AX82U in mind but Asus are constantly having to issue CVE patches plus it's always out of stock, the Vigor is just too much for what it is & after finding one of your old posts I had a look at the Ubiquiti but they're out of stock & Ubi seem to like to retain control of the unit more than other makers. Nothing is 100% but some of the names you'd assume would be on the ball really aren't. Asus I think suffers through popularity.

 

My journey into 3rd parties started when the D-Link that was supplied many years ago was like leaving a window open & I found out the hard way that simply plugging it in and relying on the isp to regularly update or configure was a bad idea. If anyone is interested in configuration etc search for RouterSecurity.org, it's an American fella who covers the lot Michael Horowitz on his own site, very focused & also his site & those he sends you off to to do tests are clean & clear of nasties & trackers. *edit if you have to admin*

 

I originally bought the AX when the install completed but took it back as it wouldn't connect, I then decided to buy it again for AP purposes plus it had dropped in price by 25% by then. I'm hoping simply turning off the Vlan fixes things as that means anything will work with it in future, if this becomes the case I'm off out to get a better unit & the one I have will be on Gummy soon.

 

Onta.

0 Likes

mrwrighty
Enlightened One
Private Message TalkTalk
Message 39 of 46

I've used many routers with TT so there is no restriction from TT on using your own router, this was particularly true for ADSL/VDSL services. However with FTTP Fibre services the VLAN ID is important. The fact you have a router than does not allow a VLAN ID of 0 is not the fault of TT but more a fact that the router you have purchased is not fully compatible with the FTTP service. 

 

If TT can change the VLAN ID that is great for you, but if not then you will have no choice but to find a compatible router. 

 

I'm currently using a Unifi UDM router with TT Full fibre and all is good. The VLAN ID can be set to zero.