Hi guys,

Please i am a newbie in the network, i would like to ask if Edgerouter X can handle this network?

Theoretically (WANs will be max 100Mbit -> in total)

Switches are ofc 1 Gbit/s.

Thanks for suggestions.

Hi,

I have strange sytuation with openvpn which is client on the EdgeRouter lite.

Connection betwen server (pfsense) and client has been established but i can't connect to any addresses between both sites.

From client ping works only when I set output interface /bin/ping x.x.x.x -I vtun1.

Default ping doesnt work. NAT doesn't help. Firewall is allowed. What can by wrong with this?

Does anyon hace a CLI example for prioritizing UDP/TCP 5060 and 5062 for QoS? I am seeing many traditional QoS using dscp examples, but none using UDP/TCP 5060-5062.

I have Bandwidth at 80MBps Down and 17MBps Up.

I'm told that the (12) IP Phones will need to reserve at least 100 Kbps up/download for each phone and at least 300 Kbps up/download for all other devices on the network (I am assuming (1) fax connection device(?)).

Good morning,

I've been trying for a few days now to get my Edge-Router-X to run a python script I wrote that forwards broadcast packets:

#!/usr/bin/python
from socket import *
import time

time.sleep(120)
external_socket=socket(AF_INET, SOCK_DGRAM)
external_socket.bind(('255.255.255.255',30303))
internal_socket=socket(AF_INET, SOCK_DGRAM)
internal_socket.bind(('123.123.123.1',30303))
internal_socket.setsockopt(SOL_SOCKET, SO_BROADCAST, 1)
while True:

	m, ip=external_socket.recvfrom(1024)
	print m
	internal_socket=socket(AF_INET, SOCK_DGRAM)
	internal_socket.bind(('123.123.123.1',30303))
	internal_socket.setsockopt(SOL_SOCKET, SO_BROADCAST, 1)
	internal_socket.sendto(m[0],('255.255.255.255',30303))

	l, a=internal_socket.recvfrom(1024,0)
	print l, a

	external_socket.sendto(l,(ip))
	m, ip=external_socket.recvfrom(1024)

This script is saved as the file "broadcast" in /config/scripts/ and set to executable (I can run from ssh just by pathing to the file, and it works as intended.)

Given this file and a few others like it I have written, I need it to run continuously and wait for a specific event, so I cannot place it in post-config.d or it will prevent the router from starting up. (is there any way to recover from this short of a factory reset, by any chance?)

My task scheduler configuration is as follows:

         task Broadcast {
             crontab-spec @reboot
             executable {
                 path /config/scripts/broadcast
             }
         }
     }

and my /etc/cron.d/vyatta-crontab file reads as follows:

### Added by /opt/vyatta/sbin/vyatta-update-crontab.pl ###
@reboot root /config/scripts/broadcast 

According to what I've read, this script should now run after reboot, wait 2 minutes, and then work as intended.

However,  in actuality,  I have seen no evidence of the script being run at all, or even an attempt. I can't seem to find any log that indicates an error with running the script, or that the script has even been started.

Any input on this situation would be greatly appreciated.

I have an understanding of VLANs and have a network that runs good, but I am looking to upgrade to support a gigabit connection a little better.  I am upgrading from an EdgeRouter X SFP to an EdgeRouter 4 and I have a question around VLANs on the ER4.  On the ERX, since it has a built in switch, I setup the PVID and VID for each LAN port through the Switch0 interface.  Since the ER4 does not have a built in switch, I realize my setup will be different.

On the ER4, eth0 will go to my cable modem and eth1 will go to a TP-LINK TL-SG1016DE. I use 4 different VLANS - 10, 20, 30, and 40.  So I will create the same VLANs on the ER4 as I did on the ERX, except they will be eth1.10, eth1.20, etc. vs switch0.10, switch0.20, etc. 

1) If I assign an IP subnet to eth1 (in addition to the created VLANs) of say 192.168.1.1/24, will this essentially be the PVID for eth1? So the TP Link switch would essentially be part of the eth1 subnet and pass tagged traffic on the the ER4 which would fall into the respective VLAN?

2) For any devices connected to the switch like my UAPs or another managed switch, if I assign them a PVID of 1 (on the switch), will this put them on the eth1 subnet?

I didn't really segregate the network devices before (they wwere just lumped into the trusted network), so I'd like to have some sort of management type VLAN this go around. Just want to make sure this is a correct way to do this.

Thanks.

Situation: Setting up VPN tunnel between client and client vendor - requires client server IP to have NAT address.

Client Network:

Edge Lite Router v 1.9.0

192.168.0.0 Subnet

192.168.0.50 Server IP

11.11.11.12 Server NAT IP (given by client vendor)

Client Vendor Network

10.0.0.0 Subnet

(Don't control this side)

Tunnel connects without issue but does not pass traffic using the NAT address but can ping NAT locally (client side) with DNAT rule of destination 11.11.11.12 address and translation 192.168.0.50.

Have attempted to use SNAT rule masq to ETH0 (WAN) and ETH1 (LAN) with destination set to 11.11.11.12 - source 192.168.0.50, vice versa.

I appreciate the assistance, if any can be given.

Thank you

NAT is something that I've always found difficult, so my wording / terminology may be off. 

I have an edgerouter on my LAN which uses the custom dynamic dns service to update google domains. I recently installed a second internet circuit and I want to use a different interface to send the traffic. I'm familiar with policy based routing but I can't seem to get it to affect the local traffic.

I've referenced the two following posts but I've not had success and the dynamic dns traffic is still following the main routing table.

https://community.ubnt.com/t5/EdgeRouter/Ping-quot-bouncing-quot-between-interfaces/m-p/977691#U977691

https://community.ubnt.com/t5/EdgeRouter/PBR-for-local-router-traffic/m-p/937033#M37275

I saw that these are old articles and I am wondering if this is now configurable from the CLI in current versions.

Hi All,

1 question, 1 note; 

Note:  The power brick provided with the EP-R6, when used with other devices, resets them to defaults.  This happened on a unifi Mesh AP and a AP Lite. 

Question;  

Is there power protection (diodes) on the POE out ports?  If we plug a power brick into say eth3, will it damage the port?  Once the port has passive POE enabled, can it be used to power the unit (once the unit is powered up).  I'm loooking for a redundant power solution for a roof top mounted unit,  

Hello Everyone here.

I need help from you guys please.

I have set a dhcp service in the edge router and it is issuing out IP addresses fine. But i want to MAC filter. I want my DHCP server to issue ip addresses to only certain mac addresses. Any MAC address that is not in that list should not have an ip address from the dhcp server .

Thank you

Ok so to start off with I am new to EdgeOS.  I typically have a good understanding of networking but this project has pushed me to my edge.  I like it but I just need some help.  Here is the configuration:

peer1 - A.A.A.A
peer2 - L.L.L.L
eth0 - B.B.B.B, I.I.I.I, H.H.H.H
eth1 - C.C.C.0/28
vti0 - D.D.D.0/30
vti0local - D.D.D.1
vti0remote - D.D.D.2
vti1 - D.D.D.4/30
vti1local - D.D.D.5
vti1remote - D.D.D.6
REMOTE LANs via BGP -
192.168.17.0/24
192.168.18.0/24
192.168.19.0/24
local asn - 65000
peer asn - 2XXXX

This is my config:

set vpn ipsec auto-firewall-nat-exclude enable
set vpn ipsec ike-group FOO0 key-exchange ikev1
set vpn ipsec ike-group FOO0 lifetime 28800
set vpn ipsec ike-group FOO0 proposal 1 dh-group 2
set vpn ipsec ike-group FOO0 proposal 1 encryption aes256
set vpn ipsec ike-group FOO0 proposal 1 hash sha1
set vpn ipsec ike-group FOO0 dead-peer-detection action restart
set vpn ipsec ike-group FOO0 dead-peer-detection interval 15
set vpn ipsec ike-group FOO0 dead-peer-detection timeout 30
set vpn ipsec esp-group FOO0 lifetime 3600
set vpn ipsec esp-group FOO0 proposal 1 encryption aes256
set vpn ipsec esp-group FOO0 proposal 1 hash sha1
set vpn ipsec site-to-site peer A.A.A.A authentication mode pre-shared-secret
set vpn ipsec site-to-site peer A.A.A.A authentication pre-shared-secret <SECRET>
set vpn ipsec site-to-site peer A.A.A.A connection-type initiate
set vpn ipsec site-to-site peer A.A.A.A description att-primary
set vpn ipsec site-to-site peer A.A.A.A local-address B.B.B.B
set vpn ipsec site-to-site peer A.A.A.A ike-group FOO0
set vpn ipsec site-to-site peer A.A.A.A vti bind vti0
set vpn ipsec site-to-site peer A.A.A.A vti esp-group FOO0

set vpn ipsec site-to-site peer L.L.L.L authentication mode pre-shared-secret
set vpn ipsec site-to-site peer L.L.L.L authentication pre-shared-secret <SECRET>
set vpn ipsec site-to-site peer L.L.L.L connection-type initiate
set vpn ipsec site-to-site peer L.L.L.L description att-secondary
set vpn ipsec site-to-site peer L.L.L.L local-address F.F.F.F
set vpn ipsec site-to-site peer L.L.L.L ike-group FOO0
set vpn ipsec site-to-site peer L.L.L.L vti bind vti1
set vpn ipsec site-to-site peer L.L.L.L vti esp-group FOO0

set interfaces vti vti0 address D.D.D.2/30
set interfaces vti vti1 address D.D.D.6/30 

set firewall options mss-clamp interface-type vti
set firewall options mss-clamp mss 1379

set policy prefix-list BGP rule 10 action deny
set policy prefix-list BGP rule 10 description 'deny local wan'
set policy prefix-list BGP rule 10 prefix B.B.B.0/28

set policy prefix-list BGP rule 20 action deny
set policy prefix-list BGP rule 20 description 'deny ATT Peer 1'
set policy prefix-list BGP rule 20 prefix A.A.A.A/32

set policy prefix-list BGP rule 30 action deny
set policy prefix-list BGP rule 30 description 'deny ATT Peer 2'
set policy prefix-list BGP rule 30 prefix L.L.L.L/32

set policy prefix-list BGP rule 40 action deny
set policy prefix-list BGP rule 40 description 'deny ATT Peer 3'
set policy prefix-list BGP rule 40 prefix M.M.M.M/32

set policy prefix-list BGP rule 100 action permit
set policy prefix-list BGP rule 100 description 'permit local lan'
set policy prefix-list BGP rule 100 prefix C.C.C.0/28

set policy prefix-list BGP rule 110 action permit
set policy prefix-list BGP rule 110 description 'permit apn1'
set policy prefix-list BGP rule 110 prefix 192.168.19.0/24

set policy prefix-list BGP rule 120 action permit
set policy prefix-list BGP rule 120 description 'permit apn2'
set policy prefix-list BGP rule 120 prefix 192.168.18.0/24

set policy prefix-list BGP rule 130 action permit
set policy prefix-list BGP rule 130 description 'permit apn3'
set policy prefix-list BGP rule 130 prefix 192.168.17.0/24

set protocols bgp 65000 timers holdtime 30
set protocols bgp 65000 timers keepalive 10
set protocols bgp 65000 network C.C.C.0/28

set protocols bgp 65000 neighbor D.D.D.1 prefix-list export BGP
set protocols bgp 65000 neighbor D.D.D.1 prefix-list import BGP
set protocols bgp 65000 neighbor D.D.D.1 remote-as 2XXXX
set protocols bgp 65000 neighbor D.D.D.1 soft-reconfiguration inbound

set protocols bgp 65000 neighbor D.D.D.5 prefix-list export BGP
set protocols bgp 65000 neighbor D.D.D.5 prefix-list import BGP
set protocols bgp 65000 neighbor D.D.D.5 remote-as 2XXXX
set protocols bgp 65000 neighbor D.D.D.5 soft-reconfiguration inbound

set protocols bgp 65000 network C.C.C.0/28

My issue is the following:

When I run 

sudo ipsec status

Both of my tunnels show ESTABLISHED however, if I run 

show ip ipsec status

I get: 0 Active IPsec Tunnels

Also, none of my BGPs are propagating this is the output of: show ip bgp neighbors

BGP neighbor is D.D.D.1, remote AS 2XXXX, local AS 65000, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
Last read , hold time is 180, keepalive interval is 60 seconds
Configured hold time is 30, keepalive interval is 10 seconds
Received 0 messages, 0 notifications, 0 in queue
Sent 0 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
BGP table version 2, neighbor version 0
Index 1, Offset 0, Mask 0x2
Inbound soft reconfiguration allowed
Community attribute sent to this neighbor (both)
Inbound path policy configured
Outbound path policy configured
Incoming update prefix filter list is *BGP
Outgoing update prefix filter list is *BGP
0 accepted prefixes
0 announced prefixes

Connections established 0; dropped 0
Next connect timer due in 17 seconds

BGP neighbor is D.D.D.5, remote AS 2XXXX, local AS 65000, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
Last read , hold time is 180, keepalive interval is 60 seconds
Configured hold time is 30, keepalive interval is 10 seconds
Received 0 messages, 0 notifications, 0 in queue
Sent 0 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
BGP table version 2, neighbor version 0
Index 2, Offset 0, Mask 0x4
Inbound soft reconfiguration allowed
Community attribute sent to this neighbor (both)
Inbound path policy configured
Outbound path policy configured
Incoming update prefix filter list is *BGP
Outgoing update prefix filter list is *BGP
0 accepted prefixes
0 announced prefixes

Connections established 0; dropped 0
Next connect timer due in 51 seconds

I really am not sure what to make of this at all.  Thanks everyone for your assistance.

We recently purchased an Edgerouter Infinity to replace a loaner Cisco 3560x along with Edgeswitch 16Gs for four buildings to provide inter-vlan routing for each site. Before, they were using a single /16 flat network for all four buildings. We have a 1g wan connection to our isd for internet connectivity. When the 3560x was in place, we were getting ~900mbps down and up. Now, with the edgerouter infinity, we only get 96mbps down and  2mbps up. I was wondering what is wrong with the config? Our isd handles the Cisco asa and iBoss content filter, so the edgerouter doesn't need to do any filtering or nat. It just has to provide lan to wan connectivity.

Also, I can't ping any outside devices from the edgerouter (i.e., google.com).

Hi,

I have been using a EdgeRouter Lite I bought 4 years ago as my main router. However I moved and my ISP now offers a downlink of 220mbits and it seems when QoS is enabled the CPU can't keep up and it reduces my WLAN to around 80mbits~

What device would allow me to QoS 220mbit on the download? With the EdgeRouter 4 allow it?

Hi,

I've got an EdgeRouter Lite 3 port v1.10.5 that has two LAN VLANs and two WAN connections. I want to have each VLAN have its traffic go in/out one of the WAN connections. 

My initial searches led me to investigate policy based routing. I don't think I can use policy based routing in this situation because the two WAN connections are from the same provider and have the same default gateway.

Since both of the WAN connections use the same default gateway, I thought that I could try applying failover load-balancing to each of the interfaces. So traffic from eth1.200 would go out eth0, failing over to eth2, and traffic from eth 1.300 would go out eth2, failing over to eth0.

I got my config running, but the load balancing doesn't appear to be working. Traffic from both VLANs goes out one interface, and occasionally switches between the two interfaces, but both LANs always go out the same interface. If I uplug one WAN interface, it does fail over, but perhaps my policies are set wrong for sending the traffic out each of the respective load balance groups.

Attached is the running config which I've cleaned up. I'm admittedly not the most familiar with how the load balancing policies work, but if anyone has any insights, I'm open to any questions or suggestions. If there's an easier way to do this, I'm all ears.

Device: EdgeRouter X
ISP: Comcast

Pi-hole is a network ad blocker/DNS sinkhole.

Pi-hole recommends a ULA address to configure a static address for the Pihole host- this is to avoid issues when the ISP changes your assigned IPV6 GUA block.

In order to continue using IPv6, a GUA address is still desired via dhcpv6-pd assigned to each host.

My configuration below receives GUA addresses via dhcpv6-pd & slaac, but also configures an additional ULA address range (in this case: fdee:eeee:eeee:0::1/64) and hands out addresses via dhcpv6-server.

I'm not sure this configuration is particularly wise- it appears both the GUA and ULA addresses are "global" scope...

The end goal is to be able to have a static IPv6 address assigned to the Pi-hole device, and still be able to use the GUA addresses from the ISP.

I'm looking for any recommendations or guidance from soneone with a bit more IPv6 experience if you're out there!

interfaces {
    ethernet eth0 {
        address dhcp
        description "WAN / Internet"
        dhcpv6-pd {
            pd 0 {
                interface switch0 {
                    host-address ::1
                    no-dns
                    prefix-id :1
                    service slaac
                }
                prefix-length 60
            }
            rapid-commit enable
        }
        duplex auto
        firewall {
            in {
                ipv6-name WANv6_IN
                name WAN_IN
            }
            local {
                ipv6-name WANv6_LOCAL
                name WAN_LOCAL
            }
        }
        ipv6 {
            dup-addr-detect-transmits 1
        }
        speed auto
    }
    ethernet eth1 {
        description Local
        duplex auto
        speed auto
    }
    ethernet eth2 {
        description Local
        duplex auto
        speed auto
    }
    ethernet eth3 {
        description Local
        duplex auto
        speed auto
    }
    ethernet eth4 {
        description Local
        duplex auto
        speed auto
    }
    loopback lo {
    }
    switch switch0 {
        address 192.168.1.1/24
        address fdee:eeee:eeee:0::1/64
        description LAN
        ipv6 {
            address {
            } auto
            dup-addr-detect-transmits 1
            router-advert {
                cur-hop-limit 64
                default-preference high
                link-mtu 01/24
                managed-flag true
                max-interval 600
                name-server fe80::20c:29ff:fe36:1a38
                other-config-flag false
                prefix ::/64 {
                    autonomous-flag true
                    on-link-flag true
                    valid-lifetime 2592000
                }
                reachable-time 0
                retrans-timer 0
                send-advert true
            }
        }
        mtu 1500
        switch-port {
            interface eth1 {
            }
            interface eth2 {
            }
            interface eth3 {
            }
            interface eth4 {
            }
            vlan-aware disable
        }
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update enable
        shared-network-name LAN {
            authoritative disable
            subnet 192.168.1.0/24 {
                default-router 192.168.1.1
                dns-server 192.168.1.2
                lease 86400
                start 192.168.1.200 {
                    stop 192.168.1.254
                }
            }
        }
        static-arp disable
        use-dnsmasq disable
    }
    dhcpv6-server {
        shared-network-name LAN {
            subnet fdee:eeee:eeee:0::/64 {
                address-range {
                    start fdee:eeee:eeee:0::1000 {
                        stop fdee:eeee:eeee:0::1fff
                    }
                }
                lease-time {
                    default 86400
                }
                name-server fdee:eeee:eeee::2
            }
        }
    }
    dns {
        forwarding {
            cache-size 150
            listen-on switch0
            system
        }
    }
}

Hi all,

I am in need of some advice to accomplish the following: putting L2TP VPN users in a seperate VLAN.

I have setup a new L2TP VPN server on my ERL3, following the UBNT help article. Everything is working just fine.

What I would like to do next, if possible, is to create a new VLAN where these VPN clients will sit in.

Only thing they are then allowed to, is browse the internet. They should not be able to access any devices on the LAN (which is currently possible). I have searched the community on possible answers, but did not found threads that match my question.

My setup is as follows:

eth0 - WAN, DHCP assigned address

eth1 - LAN, DHCP range 192.168.10.0/24, eth1.20, DHCP range 192.168.20.0/24

VPN IP scope: 192.168.200.1 - 192.168.200.10

Any help would be greatly appreciated.

Brother MFC9340CDW Printer Firewall rules

Having issues setting the rules

I am able to ping th printer and have set the firewall rules for the printer IP and have also tried the respective portss added to the rule and I am still not able to access/

Hi,

I have been trying to establish an IPv4 over IPv6 GRE tunnel using ip6gre encapsulation between 2x ER-6Ps. It seems the tunnel works fine once it is set up but then it always stops passing through packets once either side of the router is rebooted, though the config tree just looks fine. If I remove the tunnel and re-add one, it works again.

I just checked the packets on eth0 (WAN) using Wireshark and and it seems the packets is kinda corruped once the router is rebooted, since it shows "wrong" ip version and just series of padding data following to it.

ping packet captured after setting up the tunnel

ping packet captured after rebooting the router

I'm not faimilir with Vyatta/Linux so I'm not sure what are the other things I can do to dig deeper but please let me know if you need any extra logs etc which may help identify the root cause.

Here is the tunnel I set up. The config looks identical before/after rebooting the router. This is trial so I didn't use IPsec to protect the tunnel.

    ipv6-tunnel v6tun0 {
        address 192.168.131.1/30
        encapsulation ip6gre
        local-ip 2001:558:6045:XXXX:XXXX:XXXX:XXXX:XXXX
        mtu 1332
        multicast disable
        remote-ip 240b:11:20e0:XXXX:XXXX:XXXX:XXXX:XXXX
        ttl 64
    }


    ipv6-tunnel v6tun0 {
        address 192.168.131.2/30
        encapsulation ip6gre
        local-ip 240b:11:20e0:XXXX:XXXX:XXXX:XXXX:XXXX
        mtu 1332
        multicast disable
        remote-ip 2001:558:6045:XXXX:XXXX:XXXX:XXXX:XXXX
        ttl 64
    }

Here is the cat /var/log/vyatta/vyatta-commit.log after rebooting.

Warning: priority inversion [interfaces ipv6-tunnel v6tun0 mtu](381) <= [interfaces ipv6-tunnel v6tun0](460)
         changing [interfaces ipv6-tunnel v6tun0 mtu] to (461)

[ service nat rule 5002 outbound-interface pppoe0 ]
NAT configuration warning: interface pppoe0 does not exist on this system

[ service nat rule 5003 outbound-interface tun0 ]
NAT configuration warning: interface tun0 does not exist on this system

[ service nat rule 5004 outbound-interface v6tun0 ]
NAT configuration warning: interface v6tun0 does not exist on this system

[ interfaces ethernet eth3 bridge-group ]
Adding interface eth3 to bridge br0

[ system ntp ]
Stopping NTP server: ntpd.
Starting NTP server: ntpd.

[ interfaces ethernet eth0 ipv6 address autoconf ]
Enabling address auto-configuration for eth0

[ interfaces l2tpv3 l2tpeth0 bridge-group ]
Adding interface l2tpeth0 to bridge br0

[ service ssh ]
The SSH service will be started after commit. Check /var/log/messages.

[ service gui ]
The GUI service will be started after commit. Check /var/log/messages.

[ vpn ]
conntrack v0.9.14 (conntrack-tools): connection tracking table has been emptied.

[ service dhcp-server ]
Starting DHCP server daemon...

[ service upnp2 ]
The UPNP2 service will be started after commit. Check /var/log/messages.

Please let me know if you have any questions.

Thanks,

I have separated two Sonos Connect (Sonos 1 and Sonos 2) with two Subnetworks (192.168.10.1 and 192.168.20.1) and using firwall rules, that they can't find each other. This solution helps me, that the users of Sonos 1 only can control Sonos 1 and not Sonos 1 and 2.

Now i want to control Sonos 1 and Sonos 2 with a windows computer with the ip 192.168.1.117 with Sonos Desktop. But Sonos Desktop can't find the Sonos 1 and Sonos 2. Does someoen know, what i need to do do solve this issue?

Network draft:

My firwall rules:

Ruleconfiguration 1

Default Action: Drop

Interface: "eth1" Direction: "in"

Ruleset: Drop /

Destination Adress 192.168.20.0/24

Ruleconfiguration 2

Default Action: Drop

Interface: "eth2" Direction: "in"

Ruleset: Drop /

Destination Adress 192.168.10.0/24

Hey guys, I know similar thing had been discussed multiple times here, but seems Ive got slightly different issue. First symptom was noticed by client as "no internet", as usual - after I got onsite with the serial cable, expecting to at least have some command-line accessibility to ERPoE, I'm getting this on reboot / factory restore:

Looking for valid bootloader image....
Jumping to start of image at address 0xbfc80000


U-Boot 1.1.1 (UBNT Build ID: 4670715-gbd7e2d7) (Build time: May 27 2014 - 11:15:                                                                                                                                                             15)

BIST check passed.
UBNT_E100 r1:1, r2:27, f:8/135, serial #: 802AA88EA031
MPR 13-00290-27
Core clock: 500 MHz, DDR clock: 266 MHz (532 Mhz data rate)
DRAM:  512 MB
Clearing DRAM....... done
Flash:  8 MB
Net:   octeth0, octeth1, octeth2

USB:   (port 0) scanning bus for devices... 1 USB Devices found
       scanning bus for storage devices...
  Device 0: Vendor:          Prod.: USB DISK 2.0     Rev: PMAP
            Type: Removable Hard Disk
            Capacity: 3824.0 MB = 3.7 GB (7831552 x 512)
Reset pressed ...0...1...2...3...Confirmed
Starting with factory-default config...
reading vmlinux.64
..................................

6882440 bytes read
argv[2]: coremask=0x3
argv[3]: root=/dev/sda2
argv[4]: rootdelay=15
argv[5]: rw
argv[6]: rootsqimg=squashfs.img
argv[7]: rootsqwdir=w
argv[8]: mtdparts=phys_mapped_flash:512k(boot0),512k(boot1),64k@1024k(eeprom)
argv[9]: resetsqimg
ELF file is 64 bit
Allocating memory for mapped kernel segment, alignment: 0x400000
Allocated memory for ELF segment: addr: 0x400000, size 0x7de180
Processing PHDR 0
  Loading 68ee80 bytes at 400000
  Clearing 14f300 bytes at a8ee80
## Loading Linux kernel with entry point: 0x008ec220 ...
Bootloader: Done loading app on coremask: 0x3
Linux version 3.10.20-UBNT (root@ubnt-builder2) (gcc version 4.7.0 (Cavium Inc.                                                                                                                                                              Version: SDK_3_1_0_p2 build 34) ) #1 SMP Sat Apr 22 07:51:46 PDT 2017
CVMSEG size: 2 cache lines (256 bytes)
Cavium Inc. SDK-3.1
bootconsole [early0] enabled
CPU revision is: 000d0601 (Cavium Octeon+)
Checking for the multiply/shift bug... no.
Checking for the daddiu bug... no.
Determined physical RAM map:
 memory: 0000000007400000 @ 0000000000c00000 (usable)
 memory: 0000000007c00000 @ 0000000008200000 (usable)
 memory: 000000000fc00000 @ 0000000410000000 (usable)
 memory: 000000000064c000 @ 0000000000400000 (usable)
 memory: 0000000000044000 @ 0000000000a4c000 (usable after init)
Wasting 57344 bytes for tracking 1024 unused pages
software IO TLB [mem 0x01707000-0x01747000] (0MB) mapped at [8000000001707000-80                                                                                                                                                             00000001746fff]
Zone ranges:
  DMA32    [mem 0x00400000-0xefffffff]
  Normal   [mem 0xf0000000-0x41fbfffff]
Movable zone start for each node
Early memory node ranges
  node   0: [mem 0x00400000-0x00a8ffff]
  node   0: [mem 0x00c00000-0x07ffffff]
  node   0: [mem 0x08200000-0x0fdfffff]
  node   0: [mem 0x410000000-0x41fbfffff]
Primary instruction cache 32kB, virtually tagged, 4 way, 64 sets, linesize 128 b                                                                                                                                                             ytes.
Primary data cache 16kB, 64-way, 2 sets, linesize 128 bytes.
Secondary unified cache 128kB, 8-way, 128 sets, linesize 128 bytes.
PERCPU: Embedded 10 pages/cpu @8000000001784000 s11904 r8192 d20864 u40960
Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 125887
Kernel command line:  bootoctlinux $loadaddr coremask=0x3 root=/dev/sda2 rootdel                                                                                                                                                             ay=15 rw rootsqimg=squashfs.img rootsqwdir=w mtdparts=phys_mapped_flash:512k(boo                                                                                                                                                             t0),512k(boot1),64k@1024k(eeprom) resetsqimg console=ttyS0,115200
PID hash table entries: 2048 (order: 2, 16384 bytes)
Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)
Inode-cache hash table entries: 32768 (order: 6, 262144 bytes)
Memory: 495244k/510528k available (5091k kernel code, 15284k reserved, 1354k dat                                                                                                                                                             a, 272k init, 0k highmem)
Hierarchical RCU implementation.
        Additional per-CPU info printed with stalls.
NR_IRQS:255
Calibrating delay loop (skipped) preset value.. 1000.00 BogoMIPS (lpj=5000000)
pid_max: default: 32768 minimum: 501
Security Framework initialized
Mount-cache hash table entries: 256
Checking for the daddi bug... no.
SMP: Booting CPU01 (CoreId  1)...
CPU revision is: 000d0601 (Cavium Octeon+)
Brought up 2 CPUs
NET: Registered protocol family 16
bio: create slab <bio-0> at 0
SCSI subsystem initialized
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
Switching to clocksource OCTEON_CVMCOUNT
NET: Registered protocol family 2
TCP established hash table entries: 4096 (order: 4, 65536 bytes)
TCP bind hash table entries: 4096 (order: 4, 65536 bytes)
TCP: Hash tables configured (established 4096 bind 4096)
TCP: reno registered
UDP hash table entries: 256 (order: 1, 8192 bytes)
UDP-Lite hash table entries: 256 (order: 1, 8192 bytes)
NET: Registered protocol family 1
octeon_pci_console: Console not created.
/proc/octeon_perf: Octeon performance counter interface loaded
HugeTLB registered 2 MB page size, pre-allocated 0 pages
squashfs: version 4.0 (2009/01/31) Phillip Lougher
Registering unionfs 2.5.13 (for 3.10.34)
msgmni has been set to 967
io scheduler noop registered
io scheduler cfq registered (default)
Serial: 8250/16550 driver, 6 ports, IRQ sharing disabled
1180000000800.serial: ttyS0 at MMIO 0x1180000000800 (irq = 34) is a OCTEON
console [ttyS0] enabled, bootconsole disabled
console [ttyS0] enabled, bootconsole disabled
1180000000c00.serial: ttyS1 at MMIO 0x1180000000c00 (irq = 35) is a OCTEON
loop: module loaded
ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
OcteonUSB 16f0010000000.usbc: Octeon Host Controller
OcteonUSB 16f0010000000.usbc: new USB bus registered, assigned bus number 1
OcteonUSB 16f0010000000.usbc: irq 56, io mem 0x00000000
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
OcteonUSB: Registered HCD for port 0 on irq 56
usbcore: registered new interface driver usb-storage
octeon_wdt: Initial granularity 5 Sec
TCP: cubic registered
NET: Registered protocol family 17
NET: Registered protocol family 15
Bootbus flash: Setting flash for 8MB flash at 0x1f400000
phys_mapped_flash: Found 1 x16 devices at 0x0 in 8-bit bank. Manufacturer ID 0x0                                                                                                                                                             000c2 Chip ID 0x0000c9
Amd/Fujitsu Extended Query Table at 0x0040
  Amd/Fujitsu Extended Query version 1.1.
phys_mapped_flash: Swapping erase regions for top-boot CFI table.
number of CFI chips: 1
3 cmdlinepart partitions found on MTD device phys_mapped_flash
Creating 3 MTD partitions on "phys_mapped_flash":
0x000000000000-0x000000080000 : "boot0"
0x000000080000-0x000000100000 : "boot1"
0x000000100000-0x000000110000 : "eeprom"
Waiting 15sec before mounting root device...
usb 1-1: new high-speed USB device number 2 using OcteonUSB
usb-storage 1-1:1.0: USB Mass Storage device detected
scsi0 : usb-storage 1-1:1.0
scsi 0:0:0:0: Direct-Access              USB DISK 2.0     PMAP PQ: 0 ANSI: 6
sd 0:0:0:0: [sda] 7831552 512-byte logical blocks: (4.00 GB/3.73 GiB)
sd 0:0:0:0: [sda] Write Protect is off
sd 0:0:0:0: [sda] No Caching mode page found
sd 0:0:0:0: [sda] Assuming drive cache: write through
sd 0:0:0:0: [sda] No Caching mode page found
sd 0:0:0:0: [sda] Assuming drive cache: write through
 sda: sda1 sda2
sd 0:0:0:0: [sda] No Caching mode page found
sd 0:0:0:0: [sda] Assuming drive cache: write through
sd 0:0:0:0: [sda] Attached SCSI removable disk
kjournald starting.  Commit interval 3 seconds
EXT3-fs (sda2): using internal journal
EXT3-fs (sda2): recovery complete
EXT3-fs (sda2): mounted filesystem with journal data mode
VFS: Mounted root (unionfs filesystem) on device 0:11.
Freeing unused kernel memory: 272K (ffffffffc064c000 - ffffffffc0690000)
Algorithmics/MIPS FPU Emulator v1.5
INIT: version 2.88 booting

Looking for valid bootloader image....
Jumping to start of image at address 0xbfc80000


U-Boot 1.1.1 (UBNT Build ID: 4670715-gbd7e2d7) (Build time: May 27 2014 - 11:15:15)

BIST check passed.
UBNT_E100 r1:1, r2:27, f:8/135, serial #: 802AA88EA031
MPR 13-00290-27
Core clock: 500 MHz, DDR clock: 266 MHz (532 Mhz data rate)
DRAM:  512 MB

And that's it...

Don't see common USB read errors, or anything like that here; just hangs on secondary boot.

Any ideas, apart from throwing it in the trash?

Hi,

Apologies in advance if this question has already been answered elsewhere, I tried searching for a solution but without success. I would like to create a custom timetable of parental restrictions using OpenDNS categories and my Netgear router is not currently able to handle the level of granularity I need.

I would like to purchase an EdgeRouterX to handle my custom timetable of parental controls. The dimensions are day of week, time of day, Ports Blocked, and 'OpenDNS Home' filtering categories blocked. I prefer to use OpenDNS from opendns.com.

The parental control timetable I would like to employ is below:

Other Notes:

• Must use opendns.com filtering capabilities
• I'm happy to code something up, but need guidance
• I currently have a cable modem, a Unifi AC-Lite

The purpose of the above is so that the kids are not playing Steam games during the week and have limited access to Youtube.

Questions:

1. Can the above be achieved using an EdgeRouterX?
2. I'm assuming I will need multiple OpenDNS accounts and DNSs. How do I implement a scheme where I switch between multiple OpenDNS accounts on the above timetable basis? If that's not the way to go, what's an alternative solution?

Cheers.