WAN configuration for ISP providing RAT

my ISP offers a static IPv4.
I’m instructed to use this network:
This means my static IPv4 is, broadcast is and gateway

The IP is actually displayed in the router provided by ISP (FRITZ!Box Cable) and in my understanding the router with VyOS is using the FRITZ!Box as a modem.

What is the correct configuration for WAN on eth0?
Must I configure a default route (with command set protocols static route next-hop
Or is the default route the IP of LAN ( on eth1?

Any advice is appreciated.


if you plan to use fritzbox than you need to setup route via

Just to make clear:
FRITZ!Box provides modem service to the router.
The network is not available with the FRITZ!Box.

So Fritzbox is in bridged mode?

Well, yes… kind of.

The webUI of FRITZ!Box allows me to configure a port which allows me to use the public static IP.

so if you plug your pc there and configure static ip, it will work like that?
If so, you can do as you wrote initially - do default route vi

Correct… it should work like that.
But it don’t!
I was investigating everything on my side, and this includes opening this post, but couldn’t connect to the internet.
But today, after a call with ISP support, I was told that my public IP is blacklisted at BARRACUDA.
Once I’m whitelisted there I’ll try again.

very depends on ISP - they can use VLAN or PPPoE type of connection
so setup it as interface will not work
What ISP you use?

unitymedia business (GER)

So, you need to set MAC on VyOS that allowed by them, and configure interface for dhcp

Actually it’s RAT.
There’s no mapping MAC - IP and no DHCP… it’s a real static IP.

I think you mixing things
you can have static ip via dhcp
That is just one of way how you handle it.

I maybe wrong ofcourse.
Just set interface address and route should be enough
but if it not works like that, likely some MAC based security in place
Can you also clarify on that with your ISP? (sorry my German heavily depends on google translate :slight_smile: )

I can jump in, but I don’t live in Germany anymore since almost 10 ys.
They have a subpage which ‘converts’ the MAC address, they basically generate a ID.
For 9c:c7:a6:a3::28:3b it would be 9cc7a6a32837, you gotta setup that ID in the service center. (they state on the website it would be the IP, which tells me already a lot about the ISP).
Anyway, once done, setup and try to ping, if it doesn’t work, call you ISP.
If it works, try to ping it from outside (make sure you are not filtering icmp echo req/resp away.

That should be it.