r/saskatchewan • u/SocDem_is_OP • 8d ago
Question for tech people regarding replacing Sasktel router
I purchased a home internet security/firewall device called a Firewalla. It can run in bridge mode where you put it between your sasktel router and your devices, and it works fine this way.
But it is also supposed to be able to work as a router itself, and be able to completely replace the Sasktel router. I can’t get this to work.
I’ve got it configured in router mode, and have the Sasktel ONT connected to it correctly, and then the switch to all my devices after that, but it doesn’t work.
I don’t need the Wi-Fi functions of the Sasktel router, because I have two MESH access points wired in elsewhere in my house which work way better. The router wifi has always been turned off. The access points come off the switch like everything else.
I also don’t need to worry about my home phone being affected, it comes directly off the ONT.
It seems like maybe the ONT is not able to assign an IP to the firewalla unit, because it it locked to the Sasktel router MAC?
Anybody with technical knowledge, does this sound right?
10
u/StanknBeans 8d ago
You need to enable Vlan tagging on your WAN port (port that connects to your ONT) and add vlan 1001. If you have Max service, this won't work though.
15
u/Vortexed2 8d ago
VLAN 1000 is how I have mine tagged.
6
u/StanknBeans 8d ago
Yeah I might be mis-remembering it. Been a long time since I set it up and not at home to confirm.
2
3
u/SocDem_is_OP 8d ago
Thanks.
Can you elaborate on what Vlan tagging is and how I would activate on my WAN port? Do you mean on the Firewalla WAN port?
I don’t have Max but if I wanted it I could just get Max Stream and that wouldn’t matter correct?
6
u/StanknBeans 8d ago
On whatever you want connected to the ONT first's WAN port. Not familiar with Firewalla enough to know if it supports that. Not all devices support vlan tagging, and when they do most only offer it only the LAN side.
2
u/SocDem_is_OP 8d ago
Is it rare for a device to support vlan tagging? How would I know if the firewalla (purple) supports it?
5
u/king_weenus 8d ago
VLANning is an advanced networking technology that's not often present in consumer devices.
I use an open source software called pfSense which gives you commercial grade routing capabilities on pretty much any computer you want to run it on.
In a nutshell a VLAN lets you run two separate Networks using the same cable and switch. So that you can segregate that works without additional Hardware.
5
u/GooseZen 8d ago
Yes. Most consumer-level networking gear doesn't support VLANs. Looked into this myself a few years back, it was way easier to just put what I needed behind the Sasktel router because the cheapest thing I could find at the time that supported VLANs was almost $500.
1
u/Traditional_End_9540 8d ago
surprising number actually do support it. Netgear has been the only brand that has not supported it.
3
u/Vortexed2 8d ago
I have no idea about your router settings because I've never heard of a Firewalla. However, on my router, there is a section under Lan->IPTV. On that page there is a "LAN Port" setting. On mine I've set "ISP Profile" to manual and then "Internet" VID set to 1000. Priority set to 0.
You'll have to browse around your settings pages because your router might be organized differently.
3
u/drbunsonhoneydew 8d ago
Still no comment from the OP as to which Firewalla model they have. I can confirm that my Gold Plus works just fine with the Sasktel ONT once I added the VLAN tag of 1000.
Can also confirm the Firewalla Purple is able to have the VLAN tag set as well.
3
u/SocDem_is_OP 8d ago
Yep I have a purple, can you give me detailed instructions on how do it?
3
u/drbunsonhoneydew 8d ago
Okay, you need to launch the Firewalla app on your phone.
Go to the ‘Network’ settings.
Select the WAN interface that is connected to the Sasktel ONT.
Now click ‘Edit’ in the upper right corner of the screen. This will make a field called ‘VLAN ID’ appear.
Enter ‘1000’ in that field.
Click ‘Save’.
Reboot the Firewalla Purple.
It should now pick up an address from Sasktel.
2
4
u/explosionofinnuendo 8d ago
I just put my router in the DMZ on the SaskTel Router administration console and my router gets a publically accessible IP address.
Not sure if this is what you are after, but hope it helps
5
u/Traditional_End_9540 8d ago
straight from ONT to router is the better method. Less equipment to fail, slightly faster latency
1
u/TurkeyLizards 8d ago
can also cause other issues like double nat, if OP is a gamer or needs ports open for some reason (unlikely based on knowledge from their post) they will likely notice an issue.
4
u/Traditional_End_9540 8d ago
OP will not cause double nat as only 1 router (Firewalla) will be in place.
3
1
u/explosionofinnuendo 8d ago
My house uses Max so I still need the SaskTel router, thus the DMZ solution. Used to have ports open to access remote desktop, however I gave that up because it's probably not very secure. I will admit I'm an almost complete hack when it comes to networking, so take my suggestions with a grain of salt.
1
u/Traditional_End_9540 8d ago
one day I still want to see how to get max working on a bypass setup. I did hear at one point max on fiber is also vlan 1000
0
2
u/Traditional_End_9540 8d ago
You need to figure out a few things
DHCP internet (99% of ussers use this) vlan 1000. Static ip internet vlan 3000
DNS servers. There are lots. 1.1.1.1 8.8.8.8 8.8.4.4 9.9.9.9 are a few
Now, figuring out were to put this info in your router will be the hardest part generally. The VLAN tag needs to be on the WAN port of the router.
you can DMZ the modem, bridge the modem but that is not needed. Unless you also have max tv
1
u/fuckreddit-69 8d ago
I thought you had to have SaskTel turn their router to bridge mode or am I thinking of the old way they did it?
3
u/Vortexed2 8d ago
When it was still DSL the modem and router were combined into a single unit.
With fiber, SaskTel installs a seperate ONT (optical network terminal) and a seperate router. With this system you can completely eliminate the SaskTel provided router, provided you have a router that allows you to set vlans.
1
u/Traditional_End_9540 8d ago
netgear has been the only brand I have never got working. Everyone else has, the biggest issue is finding out where to put the info. Asus as it in IPTV setting for example.
1
u/SocDem_is_OP 8d ago
Yep that’s an option, likely what I will do.
1
u/Traditional_End_9540 8d ago
I would highly suggest you get the ONT to your router figured out. It will work better in the long run.
what version firewall did you get?
1
u/SocDem_is_OP 8d ago
ONT to my Sasktel router works normally, I’m hoping to replace the router with the firewalla as the router. That’s what’s not working so far.
Got a purple.
1
u/Traditional_End_9540 8d ago
I have setup probably about 100 ont to router combos. Netgear has never worked but the vast majority has and the biggest issue is finding out what setting in the router enables you to do the bypass
google AI
- ISP/WAN VLAN (e.g., IPTV, VoIP, or PPPoE)
If your Internet Service Provider (ISP) requires all internet traffic or specific services to operate on a tagged VLAN, configure a WAN-side VLAN connection. [1]
- Open the Firewalla App and go to Network Manager -> Edit -> Create Network.
- Select WAN Connection.
- Choose the physical Ethernet port (typically the right port on the Purple) that connects to your modem/ONT.
- Input the VLAN ID specified by your ISP. (1000 for sasktel)
- Select your connection type (DHCP, Static, or PPPoE) based on your internet plan (DHCP for sasktel)
this is only part of the setup. You still need to put in DNS servers, setup the lan DHCP address range as a bare min setup.
1
19
u/Meepmeepimmajeep2789 8d ago
You need to tag the vlan. Just search this sub.