by: General

Specifications:

  • Operating system: EdgeOS (Debian Based – 7.0. Wheezy)
  • Processor: Dual-Core (4 threads) 880 MHz, MIPS1004Kc
  • RAM: 256 MB DDR3
  • Code storage: 256 MB NAND
  • Ethernet speed: 1 Gbps

Popular features:

  • PoE Input and Passthrough
  • Loadbalancer / Failover / VRRP
  • VLAN (VPLS) / MPLS
  • QoS
  • RIP(ng) / OSPF(V3) / (E+I)BGP
  • IPSec Site-to-Site
  • SNMP Client
  • Traffic Analysis

WebGUI and SSH:

  • IP from the factory: 192.168.1.1
  • Default user and password: ubnt

TIPS

Routing speed out the box with the basic configuration using a 1000 DL / 750 UL fiber optic internet:

If you do not need to use QoS because your internet connection is excellent or because you do not have VoIP phones or similar applications:

Enabling Hardware Offload for NAT via CLI:

configure
set system offload hwnat enable
commit
save
show system offload

The same can be done for other features:

set system offload ipsec enable
set system offload ipv4 forwarding enable
set system offload ipv4 gre enable
set system offload ipv4 pppoe enable
set system offload ipv4 vlan enable
set system offload ipv4 bonding enable

Rebooting is not required.

This will remove the load from the main CPU for executing those tasks.

Speed test with Hardware Offload for NAT enabled using a 1000 DL / 750 UL fiber optic internet:

Changing the hostname:

configure
set system host-name newhostname
commit ; save

Creating a new user:

set system login user newuser authentication plaintext-password newpassword
set system login user newuser level admin

Deleting the default user ubnt:

configure
delete system login user ubnt
commit ; save

Adding an SSH public key:

configure
vi ssh_key.pub
loadkey newuser ssh_key.pub
set service ssh disable-password-authentication
commit ; save
show system login user newuser

To re-allow the password on SSH login:

configure
delete service ssh disable-password-authentication
commit
save

Configuring Radius authentication:

configure
set system login radius-server 10.0.0.1 secret radius_key
commit ; save

Configuring interfaces:

set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description WAN
set interfaces ethernet eth1 address 192.168.0.1/24
set interfaces ethernet eth2 vif 1 address 192.168.1.1/24
set interfaces ethernet eth2 vif 1 description "Sub-Interface 1"

Port Forwarding:

set port-forward rule 1 description "SSH"
set port-forward rule 1 forward-to address 192.168.1.99
set port-forward rule 1 forward-to port 22
set port-forward rule 1 original-port 22
set port-forward rule 1 protocol tcp

Installing NANO file editor:

configure
set system package repository stretch components 'main contrib non-free' 
set system package repository stretch distribution stretch
set system package repository stretch url http://http.us.debian.org/debian
commit; save; exit
sudo apt update
sudo apt install nano
sudo rm -R /var/lib/apt/lists
sudo rm -R /var/cache/apt/archives
configure
delete system package repository stretch
commit; save; exit

Setting up OpenVPN client:

configure
set interfaces openvpn vtun0 config-file /config/edge.ovpn
commit ; save

Speed test through the OpenVPN using a 1000 DL / 750 UL fiber optic internet:

If you don’t want to have the OpenVPN connection as the default route to the internet but just get access to a remote network add the following line in the .ovpn file before importing it:

pull-filter ignore "redirect-gateway"

MODES

  • user@hostname#
    • Operational Mode
  • user@hostname:~$
    • Configuration Mode

CONFIGURATION SETS

  • Boot/Startup Config
    • Saved configuration that loads on boot (/config/config.boot).
  • Active/Running Config
    • Running configuration not saved to the boot/startup configuration yet.
  • Working/Draft Config
    • Non-active configuration with changes that were committed yet.

CONFIGURATION COMMANDS

  • set
  • delete
  • commit
  • commit-confirm
  • save
  • compare
  • discard

RUNNING SCRIPT ON BOOT

Just place the bash script in directory /config/scripts/post-config.d/ and mark them as executable.

LINUX COMMANDS

Do not use apt upgrade nor apt dist-upgrade.

  • cd
  • ls
  • ip
  • vi
  • apt-get
  • sudo
  • su
  • ping
  • traceroute
  • reboot
  • shutdown
  • ssh
  • ln
  • cat
  • chmod
  • chown
  • cp
  • mv
  • dd
  • df
  • echo
  • grep
  • sed
  • gzip
  • gunzip
  • tar
  • touch
  • hostname
  • systemctl
  • journalctl
  • kill
  • top
  • ps
  • less
  • ln
  • mkdir
  • rm
  • more
  • mount
  • umount
  • netstat
  • pwd
  • whoami

For more information read the official documentation at [Link].

USEFUL COMMANDS FOR UNIFI-AP

help
set-default
set-inform http://10.0.30.150:8080/inform
tail -f /var/log/messages