A few weeks ago, I bought myself an Ubiquiti EdgeRouter Lite. (ERL) You can find it at several shops for just below €100. It is a powerful peace of equipment and Ubiquiti boasts its price/performance ratio.

The goal I had was to replace the ExperiaBox (v8) that came with my Telfort Glasvezel subscription. The WiFi of the device is quite poor, the DHCP server had strange quirks and I had regular freezes of the box altogether. I read several stories about KPN customers that successfully used it to replace their ExperiaBox. Although I knew Telfort has made some different choices in their network, I thought it wouldn’t be that difficult to adjust it for Telfort.

First of all, I had some big help from a blog from a guy called Kriegsman, It is a very detailed description how to configure the ERL for KPN. There are however some things which are KPN specific and different from Telfot, like:

  • KPN uses PPPoE, whereas Telfort doesn’t
  • VLANs used by KPN & Telfort differ
  • VoIP VLAN is not used

So I searched for a Telfort specific one and found something on a website called Kerkhoven Automatisering. This looked promising, but I quickly noticed that the script was probably adapted from Kriegsman, but not tested as it contains several errors in the commands (in section 3.). However, it did get me on the right track. The problem  is in VLAN 34 (internet). It misses the DHCP statement and sets the MTU twice.

However, this still didn’t result in a working config. TV was working, but my internet VLAN didn’t get an IP address. There is a lot of debate about this on the Telfort forum. This is what I found out:

  • Telfort has two solutions for its Glasvezel product, one is called SNI-F and the other is WB-A.
  • Difference is in the infrastructure used which is important in one area: DHCP. For WBA, you get a public IP address on a per device basis. If you connect another router, you get another IP address. If you reconnect the old router, it gets its previous IP address. This is NOT the case with SNI-F. Here you get a fixed IP address which is linked to your connection. You get the same IP address independent of the router connected. Furthermore, you can see in your ExperiaBox that you get an IP address with a lease time of 600 seconds (=10 minutes). After 5 minutes, the ExperiaBox request the IP again.

Now, here comes the clue (as far as I can see):

  • the ExperiaBox has multiple MAC addresses (one for WAN, one for IPTV and one for LAN)
  • most routers and also the ERL have only one
  • So, the Telfort sees the same MAC address ask for two IP addresses: one for Internet and one for IPTV. This doesn’t seem to work on SNI-F
  • Whatever I did, I only got one of the two IP addresses.
  • As soon as I spoofed the MAC address of my ExperiaBox for Internet, I got two and everything started working.

So, if you use the configuration of Kriegsman and substitute the section with “YOUR SET LINE FOR USER-ID” with the piece below, it should work fine. Please note to adjust your MAC address (the XX below).

configure

delete interfaces ethernet eth0 address
set interfaces ethernet eth0 description "eth0 - FTTH"
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth0 mtu 1512

set interfaces ethernet eth0 vif 34 address dhcp
set interfaces ethernet eth0 vif 34 description "eth0.34 - Internet"
set interfaces ethernet eth0 vif 34 dhcp-options default-route no-update
set interfaces ethernet eth0 vif 34 dhcp-options name-server update
set interfaces ethernet eth0 vif 34 mtu 1500
set interfaces ethernet eth0 vif 34 mac XX:XX:XX:XX:XX:XX

set interfaces ethernet eth0 vif 34 firewall in name WAN_IN
set interfaces ethernet eth0 vif 34 firewall local name WAN_LOCAL

set system name-server 8.8.8.8
set system name-server 8.8.4.4

set system offload ipv4 vlan enable
set system offload ipv4 forwarding enable

commit
save
exit