{"id":2196,"date":"2021-06-09T01:00:12","date_gmt":"2021-06-09T01:00:12","guid":{"rendered":"https:\/\/dft.wiki\/?p=2196"},"modified":"2021-08-20T13:35:21","modified_gmt":"2021-08-20T13:35:21","slug":"ubiquiti-edgerouterx-cheat-sheet","status":"publish","type":"post","link":"https:\/\/dft.wiki\/?p=2196","title":{"rendered":"Ubiquiti EdgeOS (ER-X) Tips and Cheat Sheet"},"content":{"rendered":"<p><strong>Specifications:<\/strong><\/p>\n<ul>\n<li>Operating system: <strong>EdgeOS (Debian Based &#8211; 7.0. Wheezy)<\/strong><\/li>\n<li>Processor: <strong>Dual-Core (4 threads) 880 MHz, MIPS1004Kc<\/strong><\/li>\n<li>RAM: <strong>256 MB DDR3<\/strong><\/li>\n<li>Code storage: <strong>256 MB NAND<\/strong><\/li>\n<li>Ethernet speed: <strong>1 Gbps<\/strong><\/li>\n<\/ul>\n<p><strong>Popular features:<\/strong><\/p>\n<ul>\n<li>PoE Input and Passthrough<\/li>\n<li>Loadbalancer \/ Failover \/ VRRP<\/li>\n<li>VLAN (VPLS) \/ MPLS<\/li>\n<li>QoS<\/li>\n<li>RIP(ng) \/ OSPF(V3) \/ (E+I)BGP<\/li>\n<li>IPSec Site-to-Site<\/li>\n<li>SNMP Client<\/li>\n<li>Traffic Analysis<\/li>\n<\/ul>\n<p><strong>WebGUI and SSH:<\/strong><\/p>\n<ul>\n<li>IP from the factory: <strong>192.168.1.1<\/strong><\/li>\n<li>Default user and password: <strong>ubnt<\/strong><\/li>\n<\/ul>\n<hr \/>\n<p><strong>TIPS<\/strong><\/p>\n<p>Routing speed out the box with the basic configuration using a 1000 DL \/ 750 UL fiber optic internet:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2198\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/06\/Screenshot_2021-06-08_19-34-05.png\" alt=\"\" width=\"731\" height=\"140\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/06\/Screenshot_2021-06-08_19-34-05.png 731w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/06\/Screenshot_2021-06-08_19-34-05-300x57.png 300w\" sizes=\"auto, (max-width: 731px) 100vw, 731px\" \/><\/p>\n<p>If you do not need to use QoS because your internet connection is excellent or because you do not have VoIP phones or similar applications:<\/p>\n<p>Enabling Hardware Offload for NAT via CLI:<\/p>\n<pre class=\"copyable\">configure\r\nset system offload <strong>hwnat<\/strong> enable\r\ncommit\r\nsave\r\nshow system offload<\/pre>\n<p>The same can be done for other features:<\/p>\n<pre>set system offload ipsec enable\r\nset system offload ipv4 forwarding enable\r\nset system offload ipv4 gre enable\r\nset system offload ipv4 pppoe enable\r\nset system offload ipv4 vlan enable\r\nset system offload ipv4 bonding enable<\/pre>\n<p>Rebooting is not required.<\/p>\n<p>This will remove the load from the main CPU for executing those tasks.<\/p>\n<p>Speed test with Hardware Offload for NAT enabled using a 1000 DL \/ 750 UL fiber optic internet:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2199\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/06\/Screenshot_2021-06-08_20-14-51.png\" alt=\"\" width=\"731\" height=\"138\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/06\/Screenshot_2021-06-08_20-14-51.png 731w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/06\/Screenshot_2021-06-08_20-14-51-300x57.png 300w\" sizes=\"auto, (max-width: 731px) 100vw, 731px\" \/><\/p>\n<p>Changing the hostname:<\/p>\n<pre>configure\r\nset system host-name <strong>newhostname<\/strong>\r\ncommit ; save<\/pre>\n<p>Creating a new user:<\/p>\n<pre>set system login user <strong>newuser<\/strong> authentication plaintext-password <strong>newpassword<\/strong>\r\nset system login user <strong>newuser<\/strong> level admin<\/pre>\n<p>Deleting the default user <strong>ubnt<\/strong>:<\/p>\n<pre>configure\r\ndelete system login user <strong>ubnt<\/strong>\r\ncommit ; save<\/pre>\n<p>Adding an SSH public key:<\/p>\n<pre>configure\r\nvi <strong>ssh_key.pub<\/strong>\r\nloadkey <strong>newuser<\/strong> ssh_key.pub\r\nset service ssh disable-password-authentication\r\ncommit ; save\r\nshow system login user <strong>newuser<\/strong><\/pre>\n<p>To re-allow the password on SSH login:<\/p>\n<pre>configure\r\ndelete service ssh disable-password-authentication\r\ncommit\r\nsave<\/pre>\n<p>Configuring Radius authentication:<\/p>\n<pre>configure\r\nset system login radius-server <strong>10.0.0.1<\/strong> secret <strong>radius_key<\/strong>\r\ncommit ; save<\/pre>\n<p>Configuring interfaces:<\/p>\n<pre>set interfaces ethernet eth0 address dhcp\r\nset interfaces ethernet eth0 description WAN\r\nset interfaces ethernet eth1 address 192.168.0.1\/24\r\nset interfaces ethernet eth2 vif 1 address 192.168.1.1\/24\r\nset interfaces ethernet eth2 vif 1 description \"Sub-Interface 1\"<\/pre>\n<p>Port Forwarding:<\/p>\n<pre>set port-forward rule 1 description \"SSH\"\r\nset port-forward rule 1 forward-to address 192.168.1.99\r\nset port-forward rule 1 forward-to port 22\r\nset port-forward rule 1 original-port 22\r\nset port-forward rule 1 protocol tcp<\/pre>\n<p>Installing NANO file editor:<\/p>\n<pre>configure\r\nset system package repository stretch components 'main contrib non-free' \r\nset system package repository stretch distribution stretch\r\nset system package repository stretch url http:\/\/http.us.debian.org\/debian\r\ncommit; save; exit\r\nsudo apt update\r\nsudo apt install <strong>nano<\/strong>\r\nsudo rm -R \/var\/lib\/apt\/lists\r\nsudo rm -R \/var\/cache\/apt\/archives\r\nconfigure\r\ndelete system package repository stretch\r\ncommit; save; exit<\/pre>\n<p>Setting up OpenVPN client:<\/p>\n<pre>configure\r\nset interfaces openvpn vtun0 config-file \/config\/edge.ovpn\r\ncommit ; save<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2210\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/06\/Screenshot_2021-06-10_18-58-27.png\" alt=\"\" width=\"912\" height=\"924\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/06\/Screenshot_2021-06-10_18-58-27.png 912w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/06\/Screenshot_2021-06-10_18-58-27-296x300.png 296w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/06\/Screenshot_2021-06-10_18-58-27-768x778.png 768w\" sizes=\"auto, (max-width: 912px) 100vw, 912px\" \/><\/p>\n<p>Speed test through the OpenVPN using a 1000 DL \/ 750 UL fiber optic internet:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2211\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/06\/Screenshot_2021-06-10_18-56-37.png\" alt=\"\" width=\"730\" height=\"139\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/06\/Screenshot_2021-06-10_18-56-37.png 730w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/06\/Screenshot_2021-06-10_18-56-37-300x57.png 300w\" sizes=\"auto, (max-width: 730px) 100vw, 730px\" \/><\/p>\n<p>If you don&#8217;t want to have the OpenVPN connection as the default route to the internet but just get access to a remote network add the following line in the .ovpn file before importing it:<\/p>\n<pre>pull-filter ignore \"redirect-gateway\"<\/pre>\n<hr \/>\n<p><strong>MODES<\/strong><\/p>\n<ul>\n<li>user@hostname<strong>#<\/strong>\n<ul>\n<li><strong>Operational<\/strong> Mode<\/li>\n<\/ul>\n<\/li>\n<li>user@hostname<strong>:~$<\/strong>\n<ul>\n<li><strong>Configuration<\/strong> Mode<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2204\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/06\/Screenshot_2021-06-09_19-13-50.png\" alt=\"\" width=\"517\" height=\"405\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/06\/Screenshot_2021-06-09_19-13-50.png 517w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/06\/Screenshot_2021-06-09_19-13-50-300x235.png 300w\" sizes=\"auto, (max-width: 517px) 100vw, 517px\" \/><\/p>\n<hr \/>\n<p><strong>CONFIGURATION SETS<\/strong><\/p>\n<ul>\n<li>Boot\/Startup Config\n<ul>\n<li>Saved configuration that loads on boot (\/config\/config.boot).<\/li>\n<\/ul>\n<\/li>\n<li>Active\/Running Config\n<ul>\n<li>Running configuration not saved to the boot\/startup configuration yet.<\/li>\n<\/ul>\n<\/li>\n<li>Working\/Draft Config\n<ul>\n<li>Non-active configuration with changes that were committed yet.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<hr \/>\n<p><strong>CONFIGURATION COMMANDS<\/strong><\/p>\n<ul>\n<li>set<\/li>\n<li>delete<\/li>\n<li>commit<\/li>\n<li>commit-confirm<\/li>\n<li>save<\/li>\n<li>compare<\/li>\n<li>discard<\/li>\n<\/ul>\n<hr \/>\n<p><strong>RUNNING SCRIPT ON BOOT<\/strong><\/p>\n<p>Just place the bash script in directory <strong>\/config\/scripts\/post-config.d\/<\/strong> and mark them as <strong>executable<\/strong>.<\/p>\n<hr \/>\n<p><strong>LINUX COMMANDS<\/strong><\/p>\n<p><span style=\"color: #ff0000;\"><strong>Do not<\/strong><\/span> use <strong>apt upgrade<\/strong> nor <strong>apt dist-upgrade.<\/strong><\/p>\n<ul>\n<li>cd<\/li>\n<li>ls<\/li>\n<li>ip<\/li>\n<li>vi<\/li>\n<li>apt-get<\/li>\n<li>sudo<\/li>\n<li>su<\/li>\n<li>ping<\/li>\n<li>traceroute<\/li>\n<li>reboot<\/li>\n<li>shutdown<\/li>\n<li>ssh<\/li>\n<li>ln<\/li>\n<li>cat<\/li>\n<li>chmod<\/li>\n<li>chown<\/li>\n<li>cp<\/li>\n<li>mv<\/li>\n<li>dd<\/li>\n<li>df<\/li>\n<li>echo<\/li>\n<li>grep<\/li>\n<li>sed<\/li>\n<li>gzip<\/li>\n<li>gunzip<\/li>\n<li>tar<\/li>\n<li>touch<\/li>\n<li>hostname<\/li>\n<li>systemctl<\/li>\n<li>journalctl<\/li>\n<li>kill<\/li>\n<li>top<\/li>\n<li>ps<\/li>\n<li>less<\/li>\n<li>ln<\/li>\n<li>mkdir<\/li>\n<li>rm<\/li>\n<li>more<\/li>\n<li>mount<\/li>\n<li>umount<\/li>\n<li>netstat<\/li>\n<li>pwd<\/li>\n<li>whoami<\/li>\n<li>&#8230;<\/li>\n<\/ul>\n<hr \/>\n<p>For more information read the official documentation at [<a href=\"https:\/\/dl.ubnt.com\/guides\/edgemax\/EdgeSwitch_CLI_Command_Reference_UG.pdf\">Link<\/a>].<\/p>\n<hr \/>\n<p><strong>USEFUL COMMANDS FOR UNIFI-AP<\/strong><\/p>\n<pre>help\r\nset-default\r\nset-inform http:\/\/10.0.30.150:8080\/inform\r\ntail -f \/var\/log\/messages<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Specifications: Operating system: EdgeOS (Debian Based &#8211; 7.0. Wheezy) Processor: Dual-Core (4 threads) 880 MHz, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2196","post","type-post","status-publish","format-standard","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/2196","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2196"}],"version-history":[{"count":15,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/2196\/revisions"}],"predecessor-version":[{"id":2337,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/2196\/revisions\/2337"}],"wp:attachment":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2196"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2196"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2196"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}