1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
I've used both China Unicom and China Telecom in the past, and both use
the PPPoE protocol to authenticate Internet connections. The first thing
I do after deploying the network is configure the ONT (Optical Network
Terminal) into bridge mode. I want the device to have the single
responsibility of translating rapid pulses of light from the fiber optic
cable into electrical signals, while a dedicated router handles DHCP and
gives me more control over the internal network.
That brings us to my Ubiquiti EdgeRouter X (ER-X-SFP), a small,
lightweight, power-efficient (5W) Linux box based on the MIPS
architecture. I've installed it inside the structured media enclosure,
and it has been running fairly stably. Overall, I am pretty satisfied
with the device.
There are two modes in EdgeOS—the operating system running on the
hardware: operational mode and configuration mode. When you SSH into the
system, you are in operational mode by default, which can be identified
by the dollar sign `$`. To switch to configuration mode, use the
`configure` command. Configuration mode can be identified by the hashtag
`#`. To leave configuration mode and return to operational mode, use the
`exit` command.
user@ubnt:~$ configure
[edit]
user@ubnt:#
Convention
----------
The commands shown in this article are prefixed with either operational
mode or configuration mode so that you can easily identify which mode
the command should be executed in.
Whenever you want to apply changes made to the router, use the `commit`
command. After confirming everything works as expected, you can persist
the changes with the `save` command, which writes the configuration to a
file.
# commit
# save
I am currently running firmware version `v2.0.9-hotfix.7`. You can check
your version with:
$ show version
Set up the Internet connection
------------------------------
Assuming we already have the credentials on hand, we can configure the
PPPoE connection on the `eth0` interface in configuration mode. Replace
the username and password placeholders with your actual credentials.
# edit interfaces ethernet eth0
# set description "Internet (PPPoE)"
# set pppoe 0 user-id <PPPoE Username>
# set pppoe 0 password <PPPoE Password>
Once the connection is established, we can check the IP addresses
allocated by the ISP.
$ show interfaces
The following commands are handy when you want to reconnect to the
Internet manually, especially since some ISPs forcefully terminate
connections every seven days. By reconnecting during your own chosen
hours, you can avoid unexpected interruptions during something critical,
such as debugging a production issue.
$ disconnect interface pppoe0
$ connect interface pppoe0
Assign a CIDR block to the LAN
------------------------------
You may want to customize your local network using the CIDR block
`192.168.10.0/24`. In this subnet, `192.168.10.0` is the network address
and `192.168.10.255` is the broadcast address, leaving `192.168.10.1`
through `192.168.10.254` as usable host addresses.
However, not all usable addresses need to be assigned dynamically by
DHCP. In my setup, I reserve `192.168.10.1` for the router itself and
configure the DHCP pool to allocate addresses only from `192.168.10.100`
to `192.168.10.199`. The remaining addresses stay available for manually
assigned devices or future network expansion. Feel free to adjust the
subnet to suit your needs.
# set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 default-router 192.168.10.1
# set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 dns-server 192.168.10.1
# set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 start 192.168.10.100 stop 192.168.10.199
# set interfaces switch switch0 address 192.168.10.1/24
You can always inspect DHCP leases with the following commands:
$ show dhcp leases
$ show dhcp leases pool LAN
If you want static DHCP bindings, all you need is the desired IP address
and the device's MAC address. Here, I bind my Raspberry Pi to
`192.168.10.2`. `pi` is simply a descriptive name for the mapping.
# set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping pi ip-address 192.168.10.2
# set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping pi mac-address 01:23:45:ab:cd
One more thing worth mentioning is the `switch-port` setting, which
defines which physical Ethernet ports belong to the `switch0` interface.
Ports assigned to the switch share the same Layer 2 broadcast domain,
meaning devices connected to those ports are part of the same LAN.
I have another purpose for the `eth1` port, so I removed it from the
switch:
# delete interfaces switch switch0 switch-port interface eth1
Hardware offloading
-------------------
The EdgeRouter X includes dedicated hardware acceleration for NAT and
routing, so enabling hardware offloading allows the device to make full
use of its capabilities.
According to the official documentation, enabling hardware offloading
increases IPv4 routing throughput from roughly 300 Mbps to around 950
Mbps—more than a 3x improvement.
# set system offload hwnat enable
# set system offload ipsec enable
Disable the Web GUI
-------------------
I enjoy managing my home network through the terminal, and I rarely use
the Web GUI, so disabling it does not affect my workflow. Once the
router is configured, there is usually little need to change the
settings anyway. It may also reduce memory usage slightly.
# delete service gui
Backup and restore
------------------
We have a `save` command for backing up the configuration, but
unfortunately it is broken in my current firmware version. That is not a
big deal since it uses `scp` underneath, and we can simply do it
manually instead. Don't forget to configure SSH keys beforehand. The
backup filename below includes a datetime suffix.
$ scp /config/config.boot <user>@<host>:/path/to/config.boot.$(date +%Y%m%d%H%M%S)
To restore from a backup, use the `load` command. Compare the changes
against the current configuration before applying them. Once everything
looks correct, commit and save the configuration permanently.
# load scp://<user>@<host>:/path/to/config.boot
# compare
Useful links
------------
Help Center — EdgeRouter
https://help.ui.com/hc/en-us/sections/360008075214-EdgeRouter
EdgeRouter X Datasheet
https://dl.ubnt.com/datasheets/edgemax/EdgeRouter_X_DS.pdf
|
