Specifications:
- Operating system: EdgeOS (Debian Based – 7.0 Wheezy)
- Processor: Dual-Core (4 threads) 880 MHz, MIPS1004Kc
- RAM: 256 MB DDR3
- Code storage: 256 MB NAND
- Ethernet speed: 1 Gbps
Popular features:
- PoE Input and Passthrough
- Load Balancer / Failover / VRRP
- VLAN (VPLS) / MPLS
- QoS
- RIP(ng) / OSPF(V3) / (E+I)BGP
- IPSec Site-to-Site
- SNMP Client
- Traffic Analysis
WebGUI and SSH:
- Default IP address: 192.168.1.1
- Default username and password: ubnt
TIPS
Routing speed out of the box with a basic configuration using a 1000 DL / 750 UL fiber optic connection:

If you do not need QoS because your internet connection is reliable or because you have no VoIP phones or similar applications, you can offload tasks from the main CPU using Hardware Offload.
Enabling Hardware Offload for NAT via CLI:
configure set system offload hwnat enable commit save show system offload
The same can be done for other features:
set system offload ipsec enable set system offload ipv4 forwarding enable set system offload ipv4 gre enable set system offload ipv4 pppoe enable set system offload ipv4 vlan enable set system offload ipv4 bonding enable
A reboot is not required.
Speed test with Hardware Offload for NAT enabled using a 1000 DL / 750 UL fiber optic connection:

Changing the hostname:
configure set system host-name newhostname commit ; save
Creating a new user:
set system login user newuser authentication plaintext-password newpassword set system login user newuser level admin
Deleting the default user ubnt:
configure delete system login user ubnt commit ; save
Adding an SSH public key:
configure vi ssh_key.pub loadkey newuser ssh_key.pub set service ssh disable-password-authentication commit ; save show system login user newuser
To re-enable password authentication for SSH:
configure delete service ssh disable-password-authentication commit save
Configuring RADIUS authentication:
configure set system login radius-server 10.0.0.1 secret radius_key commit ; save
Configuring interfaces:
set interfaces ethernet eth0 address dhcp set interfaces ethernet eth0 description WAN set interfaces ethernet eth1 address 192.168.0.1/24 set interfaces ethernet eth2 vif 1 address 192.168.1.1/24 set interfaces ethernet eth2 vif 1 description "Sub-Interface 1"
Port forwarding:
set port-forward rule 1 description "SSH" set port-forward rule 1 forward-to address 192.168.1.99 set port-forward rule 1 forward-to port 22 set port-forward rule 1 original-port 22 set port-forward rule 1 protocol tcp
Installing the nano text editor:
configure set system package repository stretch components 'main contrib non-free' set system package repository stretch distribution stretch set system package repository stretch url http://http.us.debian.org/debian commit; save; exit sudo apt update sudo apt install nano sudo rm -R /var/lib/apt/lists sudo rm -R /var/cache/apt/archives configure delete system package repository stretch commit; save; exit
Setting up an OpenVPN client:
configure set interfaces openvpn vtun0 config-file /config/edge.ovpn commit ; save

Speed test through OpenVPN using a 1000 DL / 750 UL fiber optic connection:

If you do not want OpenVPN to be the default internet route but only need access to a remote network, add the following line to your .ovpn file before importing it:
pull-filter ignore "redirect-gateway"
MODES
- user@hostname#
- Operational Mode
- user@hostname:~$
- Configuration Mode

CONFIGURATION SETS
- Boot/Startup Config
- Saved configuration that loads on boot (
/config/config.boot).
- Saved configuration that loads on boot (
- Active/Running Config
- The running configuration that has not yet been saved to the boot/startup config.
- Working/Draft Config
- A non-active configuration with changes that have not yet been committed.
CONFIGURATION COMMANDS
- set
- delete
- commit
- commit-confirm
- save
- compare
- discard
RUNNING A SCRIPT ON BOOT
Place the bash script in /config/scripts/post-config.d/ and mark it as executable.
LINUX COMMANDS
Do not use apt upgrade or apt dist-upgrade.
- cd
- ls
- ip
- vi
- apt-get
- sudo
- su
- ping
- traceroute
- reboot
- shutdown
- ssh
- ln
- cat
- chmod
- chown
- cp
- mv
- dd
- df
- echo
- grep
- sed
- gzip
- gunzip
- tar
- touch
- hostname
- systemctl
- journalctl
- kill
- top
- ps
- less
- mkdir
- rm
- more
- mount
- umount
- netstat
- pwd
- whoami
- …
For more information, see the official documentation at [Link].
USEFUL COMMANDS FOR UNIFI AP
help set-default set-inform http://10.0.30.150:8080/inform tail -f /var/log/messages
48 Replies to “Ubiquiti EdgeOS (ER-X) Tips and Cheat Sheet”
Comments are closed.