So I got my EdgeRouter Lite last week and tried hooking it up, My ISP would not give it a IP no matter what was done so I turned Bridge mode off on the MODEM and then things worked fine. I need to set this up though with the Modem in bridge mode in order to get VPN to work. So today I turned the modem back to bridge mode and was able to get a Public IP on eth0. The issue I am having though is when I go to a browser(does not matter which one) every site I go to, times out. HOWEVER, if I ping or nslookup the site, they come resolve without issue. I am very stumped by this as I can't seem to figure out why the browsers are having issues but in cmd interface everything is resolving instantly. Any suggestions or thoughts?
↧
EdgeRouter Lite behind bridged Modem
↧
Site2Site vpn with 2 dynamic IP
Hi,
Is it possible to configure a site2site vpn with 2 edgemax routers with dynamic wan ip on each site?
i've try the clin with some guides found and also he GUI, but it dosen't seems to work.
Maybe someone have an example?
Regards,
↧
↧
Edgerouter X - Connected D-Link Switch Rebooting Itself When New Device Is Plugged In
Hi all,
I'm totally stumped on this one. ER-X (1.9.1)
I am having an issue with a home network (diagram below) i'm trying to build. I have a basic WAN+2LAN2 setup. I am having issues with a D-Link Managed Switch connected to the 192.168.1.X side. The switch is rebooting itself when I plug in certain device combinations into the switch's ports
Not sure whether to attribute this issue to my EdgeRouter or my D-Link Switch. Though I suspect that it has something to do with the DHCP. I can see on the EdgeOS router logs that the interface is shutting itself down and coming back up. The switch is actually rebooting itself and there is no logging option on it. I have tried all different ports, cables, statically configured addresses on router and devices. I have tried turning off the firewall and disabled dhcp and cleared dhcp. Ive tried enabling/disabling every setting on the switch as well and still the problem persists. I cannot think of anything else to try.
eth0 - WAN
eth1 - LAN1 192.168.2.X
eth2 - LAN2 192.168.1.X
eth3 - LAN2 192.168.1.X
eth4 - LAN2 192.168.1.X
Everything is on same VLAN
Certain Combinations Cause the Reset
Any One Device No Reset
RasPi + Any One Other Device No Reset
Laptop + Desktop Reset
Laptop + ESXI Server Reset
Desktop + ESXI Server Reset
Ubiquiti Config:
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
address 192.168.2.1/24
description "Local 2"
duplex auto
speed auto
}
ethernet eth2 {
description Local
duplex auto
speed auto
}
ethernet eth3 {
description Local
duplex auto
speed auto
}
ethernet eth4 {
description Local
duplex auto
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.1.1/24
description Local
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
}
}
}
port-forward {
auto-firewall enable
hairpin-nat disable
rule 1 {
description OVPN-1194
forward-to {
address 192.168.1.40
port 1194
}
original-port 1194
protocol udp
}
wan-interface eth0
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN1 {
authoritative enable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 192.168.2.1
lease 86400
start 192.168.2.38 {
stop 192.168.2.243
}
}
}
shared-network-name LAN2 {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.38 {
stop 192.168.1.243
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth1
listen-on switch0
}
}
gui {
https-port 443
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
host-name ubnt
login {
user ubnt-admin {
authentication {
encrypted-password ****************
}
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone America/New_York
traffic-analysis {
dpi enable
export enable
}
}
D-Link Switch Info:
ER-X Log:
My Network:
Any help is much appreciated!
↧
VLAN Bandwidth Dashboard Stats
I'm trying to make some sense of the VLAN bandwidth stats on the dashboard...
Here is an example of my dashboard. The bandwidth that is on MGMT (15mbps) is supposed to be on LAN. Is this because this is the ethernet port associated with the traffic? In the DPI stats I see the correct device getting the traffic.
If this is correct, what are the stats actually showing? Traffic to and from the router?
Thanks for your help.
↧
Edge Router ER-X
Hello ,
I buy a new router the edge er-x but i cant configure it because the connection is still on initialization and after that it says that is a unknown network.
What i have to do?
Thanks
↧
↧
Different Bandwidth priorities for Server-Apps and Desktop-Clients (QoS)
Hello,
I´d like to use a shaper on my Edge Router Pro to prioritize my Servers over my Desktop and other clients.
WAN-Port: eth1
LAN-Ports: eth0 with several VLANs (eth0.10, eth0.20, ...)
The guide I more or less followed:
- What I did so far, is creating 2 shapers, one for downstream, one for upstream.
- I set "out" policy of eth1 to my downstream shaper (No idea why, but I have to do this to regulate download. Tried it out.)
- Created new input Interface ifb1
- Set redirect of eth1 to ifb1
- Set "out" policy of ifb1 to my upstream shaper.
- Set IP matches in shapers for my server address range.
What works:
- I can regulate both downstream and upstream.
- Matches dont apply. Servers also use default class.
Can u help me please?
And I´m not very familiar with EdgeMax CLI. So if needed, please also give me the necessary commands.
Thank you.
↧
Edgerouter - future software versions
On Edgerouter it would be great to have:
1) definiton for NTP source interface (IP address)
2) ping with source defined address should work with "ip source-validation strict" command
3) lldp-med option (for IP phones to learn voice VLAN trough lldp message)
4) vrf support... i am still waiting next software
5) mac filtering based on mac + wilcard mask (or OUI prefix)
↧
Setup advice - Building network with multiple clients (network diagrams included)
Hi,
I have been a happy user of the EdgeRouter X for one of my clients.
Recently, one of the neighbors was having difficulties with his network provider and I offered to share ours with them.
--
My initial setup - with only client Sun - was to put the ERx as the Building router, connect the WAN to eth2, create the needed vlan eth2.516, add Sun's external IP to it (1.1.1.65/29), create the LAN on eth3 (192.168.0.1/24). That works.
To add client Moon, I created a new LAN on eth4, 10.0.66.1/24.
However, then client Moon goes out to the Internet with Sun's IP 1.1.1.65.
--
Here is what I would like to have:
1. Moon to manage his own connection: I give him the IP details and he sets up his own router.
2. Moon has his own IP: 1.1.1.66
How should I proceed?
Should I remove the IPs from eth2.516? Do I then put the IPs on eth3 for Sun and eth4 for Moon?
Or not even, should I put the ERx in L2 switch mode?
Am I using the wrong tool for the job, ERx?
---
ps: I have learned quite a bit about networking in the past year from this forum, various YouTube videos, and the like. General unstructured learning. That is to say that please question any of my ideas here. I might have missed some blatantly obvious basic concept.
↧
QOS Question
Working with QOS for the first time, with a ERL on 9.1 I am following the guide linked below and I have a couple of questions.
Now the bandwidth command specifies the max bandwidth in the direction, although you would not want to place the maximum bandwidth I would assume?
The class bandwith is a percentage of the bandwidth listed above?
The class ceiling would allow the device to burst to a specified percentage if available?
The default bandwidth and ceiling are for devices that travel across the specified interface but are not specified in a class?
My final question, thank you for bearing with me has to do with setting the policy to an interface. I understand the out direction being used for the upstream, but I am confused as to why you wouldn't want the downstream placed on the inside direction? Honestly I am confused how that would even work to limit the download speeds.
Aaron
↧
↧
DHCPv6-PD w/ PPPoE + /60 (late night pebcak but may be helpful)
I've got 2x Edgerouters at seperate locations. My personal Edgerouter runs no problems with the following configuration and generates it's /etc/radvd.conf file totally fine which means IPv6 works no problems on my network.
mmurphy@charmander# show interfaces ethernet eth0 vif 10
address dhcp
description "BigPipe IPoE"
dhcpv6-pd {
no-dns
pd 0 {
interface eth1 {
host-address ::1
prefix-id :1
service slaac
}
interface eth1.20 {
host-address ::1
prefix-id :2
service slaac
}
prefix-length /60
}
rapid-commit enable
}
firewall {
in {
ipv6-name WANv6_IN
name WAN_IN
}
local {
ipv6-name WANv6_LOCAL
name WAN_LOCAL
}
}
mtu 1508However when I replicate the same sort of configuration on another Edgerouter (same ISP (BigPipe NZ)) I find the /etc/radvd.conf file never gets generated causing no IPv6:
mmurphy@edgerouter:~$ cat /etc/radvd.conf mmurphy@edgerouter:~$
The full configuration of this is as follows:
mmurphy@edgerouter# show interfaces ethernet eth1 pppoe 0
default-route auto
dhcpv6-pd {
no-dns
pd 0 {
interface eth0 {
host-address ::1
prefix-id :0
service slaac
}
interface eth1 {
host-address ::1
prefix-id :1
service slaac
}
prefix-length /60
}
rapid-commit enable
}
firewall {
in {
ipv6-name WAN6_IN
name WAN_IN
}
local {
ipv6-name WAN6_LOCAL
name WAN_LOCAL
}
}
ipv6 {
dup-addr-detect-transmits 1
enable {
}
}
mtu 1500
name-server auto
password bigpipe
user-id bigpipeNow, if I do this:
mmurphy@edgerouter# edit interfaces ethernet eth1 pppoe 0 dhcpv6-pd
[edit interfaces ethernet eth1 pppoe 0 dhcpv6-pd]
mmurphy@edgerouter# show
no-dns
pd 0 {
interface eth0 {
host-address ::1
prefix-id :0
service slaac
}
interface eth1 {
host-address ::1
prefix-id :1
service slaac
}
prefix-length /60
}
rapid-commit enable
mmurphy@edgerouter# delete pd 0 interface eth1
[edit interfaces ethernet eth1 pppoe 0 dhcpv6-pd]
mmurphy@edgerouter# delete pd 0 prefix-length
[edit interfaces ethernet eth1 pppoe 0 dhcpv6-pd]
mmurphy@edgerouter# set pd 0 prefix-length /64
[edit interfaces ethernet eth1 pppoe 0 dhcpv6-pd]
mmurphy@edgerouter# commit
[ interfaces ethernet eth1 pppoe 0 dhcpv6-pd ]
Starting new daemon...
[edit interfaces ethernet eth1 pppoe 0 dhcpv6-pd]
mmurphy@edgerouter# save
Saving configuration to '/config/config.boot'...
Done
[edit]
mmurphy@edgerouter# cat /etc/radvd.conf
mmurphy@edgerouter# it doesn't regenerate /etc/radvd.conf - so lets reboot this sucker and still (you guessed it)... Nothing. I had the router running successfully with IPv6 once with a prefix-length of /64 however my ISP hands out /60 subnets making it rather useful for more than one Ethernet interface - when I changed the prefix-length to /60 thats when all hell broke loose with not being able to successfully get the router to generate the radvd.conf file.
So as a test I set this up on the LAN interface:
set interfaces ethernet eth0 ipv6 router-advert prefix ::/64
Verified that /etc/radvd.conf was there (it was) then refreshed the interface:
mmurphy@edgerouter:~$ release dhcpv6-pd interface pppoe0 DHCPv6 client is already released on interface pppoe0. mmurphy@edgerouter:~$ delete dhcpv6-pd duid mmurphy@edgerouter:~$ renew dhcpv6-pd interface pppoe0
Then the radvd.conf file got cleared, the router did not successfully get IPv6, didn't successfully pass go. After a reboot it did generate the file however as we know this wouldn't work since from what I recall ipv6 rules can't coexist if we have slaac running.
So, I've tried reloading different varents of the configuration with zero success. I've also done a file-diff on the /opt/vyatta/sbin/vyatta_gen_radvd.pl with the Edgerouter that is working (IPoE) with the router that was working and now is refusing to (PPPoE). We're running the same firmware, same ISP etc. Since I am doing the configuration on the 2nd Edgerouter remotely I don't have the luxury of just wiping its configuration however I have verified the file still doesn't generate if I fully match the configuration of the Edgerouter that works and I have further confirmed I am able to replicate this on the Edgerouter that does work on a fresh install of EdgeOS 1.9.1 (another USB drive).
mmurphy@charmander:~$ show version Version: v1.9.1 Build ID: 4939093 Build on: 12/14/16 07:05 Copyright: 2012-2016 Ubiquiti Networks, Inc. HW model: EdgeRouter Lite 3-Port HW S/N: 0418D6F17314 Uptime: 03:02:54 up 2:21, 1 user, load average: 0.08, 0.06, 0.13
So, either I am missing something (I am pretty sure I have covered everything) or this is still a valid bug (there are other threads here and elsewhere indicating the latter). Let me know if I can try anything else.
↧
Dedicate WAN to Vlan/Eth Interface
I have an EdgeRouter Pro setup in an office with multiple smaller suites in it. We have eth0 as WAN, eth1 as LAN1, eth2 as LAN2, and eth3 as LAN3. Each one of those goes to a single Edgeswitch where we break out the LANs into vlans to the appropriate switches.
Recently one of the clients has requested they get their own dedicated WAN connection. This one client has LAN2 and LAN3 going to their office. Is it possible with Edgemax to add a WAN connection to eth4 and dedicate all traffic from eth2 & 3 through it? If so what steps would I need to take?
↧
EdgeMax Pro Advance Queue QOS
Hey Guys,
Need some quick help if someone can take a second look at this so I am trying to setup a single QOS rule to guarantee one of my VLANs 50Mbps, via my unifi AP’s
breakdown of my setup
2 WANs (eth0 & eth1) Failover on each of them to drop back to each other in case of outage
Unifi UAP AC
EdgeRouter Pro fibre carrying 5 vif's (6.1 - 6.2 - 6.10 - 6.50 - 6.20) to 48p 750 EdgeSwitche
Unifi UAP in question have a SSID Network setup tagged with VLAN 20
on my Edge Router I am using GUI and trying to use Advance queue to get vif/VLAN 20 50Mbps dedicated bandwidth out of my 100Mbps line
what I have tried:
Global & eth0 > leaf with 50 bandwidth and 100 ceiling and source IP of my VLAN 20 (10.0.0.0/23)
Global & eth0 > leaf with 50 bandwidth and 100 ceiling to destination IP of my VLAN 20 (10.0.0.0/23)
Does not seem to work.
↧
EP-R8 Bridge Limitations Question
If i were to Bridge two interfaces on a EP-R8 what exactly are the throughput limitatins?
↧
↧
EdgeRouter X - block question
Hi guys,
Could someone help me with a simple firewall rule - I have install edgeroute x - my wan port is eth5/sfp, my first lan is on eth0 192.168.2.0/24, my second lan is 192.168.3.0/24 on eth2,3,4
1.
I have some users in my 2.0 net. I want to block a specific user let say 192.168.2.5 to NOT have internet on his PC but to have access to all other users in the lan
2. I want to make net 192.168.2.0 and 192.168.3.0 to not see each other
AlI these settings I want to do it with the GUI
↧
DHCP not working correctly
The other night I was just playing around with VLANs on my Edgerouter X was going to create a seperate lan for a guest network and failed at it. Anyway I deleted my changes and noticed late the next day some things would no longer pull an IP either via DHCP or static lease. So I reset and it works fine, UNTIL I start adding static leases and all the sudden half of my devices NO longer connect or can pull an IP.
Any idea whats going on? I have reset the device, reloaded the latest firmware no go.. Its like my resets are not fully reseting? maybe? When I first reset it still had a list of DHCP leases even though ONLY 1 device was connected.
Any ideas? I have about 12 hours to get this back working correctly or I'll have to make a temp setup with something different while I am out of state.
Thanks 
↧
Port Forwarding 443 not working
Hey everyone..
So I've got a ER-X all setup and running, works great, except I can't for the life of me get port 443 forwarding to work. I've already browsed the dozens of discussion threads on the forum about this topic, and tried various solutions, but nothing seems to work.
Here's the details:
eth0 - WAN, public IP (not double-nat'd)
eth1 - Servers (web server resides here)
Ideally: WAN port 443 -> Internal IP (on eth1), port 8123.
The port forward for Plex (below) works fine.
Relevant current config:
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth1
rule 1 {
description Plex
forward-to {
address 192.168.2.7
port 32400
}
original-port 32400
protocol tcp_udp
}
rule 2 {
description WebServer
forward-to {
address 192.168.2.8
port 8123
}
original-port 443
protocol tcp_udp
}
wan-interface eth0
}
Following another post, I've already changed the web-gui port to 4443:
gui {
https-port 4443
older-ciphers enable
}I haven't touched the firewall rules yet, in hopes that the "Enable auto firewall" would work, but here's the config anyways:
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}Suggestions? Thanks.
↧
BGP 4 and BGP 6 to Juniper router
I am trying to setup a new IPv6 BGP session with my internet provider. They have a juniper router and the IPv6 BGP session won't establish. They are seeing the following error:
Mar 28 13:42:09.460539 bgp_process_caps: mismatch NLRI with 0000:6000:0:8::f:211 (External AS 40aaa): peer: <inet-unicast>(1) us: <inet6-unicast>(16) Mar 28 13:42:09.460560 bgp_process_caps:2692: NOTIFICATION sent to 0000:6000:0:8::f:211 (External AS 40aaa): code 2 (Open Message Error) subcode 7 (unsupported capability) value 16
My BGP settings are as follows:
protocols {
bgp 40aaa {
neighbor 71.aa.bb.cc {
description "Time Warner Fiber"
remote-as 11bbb
neighbor 0000:6000:0:8::f:210 {
description "Spectrum IPv6 Link"
remote-as 11bbb
}
network 198.cc.bb.0/22 {
}
parameters {
router-id 198.cc.bb.1
}
}I'm hoping someone has already run into this problem and is willing to share the solution.
↧
↧
1.9.1 Firmware Random Reboots
Is this a known issue with the 1.9.1 firmware? I have noticed when making remote config changes the router will sometimes unexpectedly reboot for no known reason. I have EdgeRouters spread out across multiple sites in North America, and only a few on the 1.9.1 firmware. Every router on this particular firmware appears to have this particular issue and I don't have this problem on any of my other EdgeRouters on older firmware.
↧
ERX WAN DHCP issue
I have a cable model which periodically requires a reboot. When this happens, the cable modem issues an initial address of 192.168.100.11/24 to my WAN interface (DHCP). My issue is in most cases I am required to manually "renew" the IP on the ER to get the modem to issue a proper public IP as the modem does not do a traditional up/down. Does anyone else have an issue similar to this? Is there a potential fix? I've had to purchase a unit which forces a power cycle on my modem in case I'm away at the office to get the Internet back online but it may take the ER a long time to "figure out" the WAN IP is actually a temporary IP.
↧
Advanced queue problems
So I finally decided to give advanced queue a try since it's so highly spoke of and I am running into a problem. I followed the steps here to get a basic understanding and applied them to my ERL-3 where i have a 50/10 cabel connection that speed tests closer to 7/12.5 on a regular basis. So here is what I came up with but for some reason my download speeds are being severly limited as I'll show below.
uname@edge:~$ show version Version: v1.9.1 Build ID: 4939093 Build on: 12/14/16 07:05 Copyright: 2012-2016 Ubiquiti Networks, Inc. HW model: EdgeRouter Lite 3-Port HW S/N: 802AA84C98EA
(I don't have a speed test from before advanced queue
Speed test after first applying advanced queue:
Speed test after advanced queue established (usually less then 5 minutes)
Advanced-Queue config:
uname@edge# show traffic-control
advanced-queue {
branch {
queue 100 {
bandwidth 12mbit
description Upload
parent 1
}
queue 200 {
bandwidth 50mbit
description Download
parent 1
}
}
filters {
match 100 {
attach-to 1
description "WAN upload"
ip {
source {
address 192.168.2.0/24
}
}
target 100
}
match 199 {
attach-to 100
description Default
target 199
}
match 200 {
attach-to 1
description "WAN download"
ip {
destination {
address 192.168.2.0/24
}
}
target 200
}
match 299 {
attach-to 200
description Default
target 299
}
}
leaf {
queue 199 {
bandwidth 12mbit
description Default
parent 100
queue-type FQCODEL_UP
}
queue 299 {
bandwidth 50mbit
description Default
parent 200
queue-type FQCODEL_DOWN
}
}
queue-type {
fq-codel FQCODEL_DOWN {
}
fq-codel FQCODEL_UP {
}
}
root {
queue 1 {
attach-to global
bandwidth 62mbit
}
}
}Now those speed results were after a fresh reboot, but after a couple hours of the ERL-3 running I've gotten longer pings like this so i rebooted and retried: (I am not sure where the destination server was on this test so that could be the reason)
Either way I am pretty sure the ERL-3 should be able to handle a 50/12 bandwidth queue.
Any thoughts on getting this working correctly are apreciated.
↧
