This article will provide instructions on how to get Internet connectivity using an EdgeRouter once you open the box and plug power into it. It will also provide details and extra steps to get the best functionality and performance possible for your environment.
There are many different environments where specific adjustments may need to be made in some situations, but not others. This article will give common setup steps, but it is not an inclusive article for all the possibilities EdgeRouter is capable of providing.
In this guide we will use an ER-X-SFP.
|Notes & Requirements|
|- Firmware Version Applicable: EdgeOS 1.4.0 and higher includes Wizards for Configuration
- Device Models Applicable: all EdgeRouter Models
- Requirements: Setup wizards were added to the User Interface starting in version 1.4.0. It is highly recommend to upgrade to the most current firmware before following this guide.
Table of Contents
Step 1: Establish Initial Connectivity
1.1 Connect an Ethernet cable from a computer to eth0 of the EdgeRouter.
1.2 Change the IP address of your computer to an address in the 192.168.1.0/24 range, such as 192.168.1.11.
1.3 Open a Web Browser and enter 192.168.1.1 in the address bar.
1.4 Log into the router using the default username and password: ubnt/ubnt
Note: If a wireless adapter is enabled and connected to a network it could conflict with the connection to the EdgeRouter. Disable the wireless adapter if necessary.
Using this Update Firmware Guide, upgrade firmware to the latest version if the EdgeRouter is not already on the latest version.
Step 2: Run Wizard
The latest addition to the Wizard's tab is the “Basic Setup” wizard which will accomplish all the necessary tasks to allow your router to connect to the Internet, enable a default firewall, setup a LAN network, and hand out DHCP request. Each item is explained below.
- DHCP: The default setting for the wizard. If your ISP distributes your IP using DHCP this option will need to be used.
- Static: Some ISPs provide a static address and gateway, if your ISP has supplied this information you will enter that information here.
- PPPoE: This is another method ISPs use to deliver and authenticate your connection. If your provider assigns PPPoE information, you will enter your PPPoE account name and password here.
- It is becoming more common that ISPs are providing FTTH (Fiber to the Home) and requiring that the Internet be distributed using a VLAN to separate Internet from IPTV services. This checkbox will allow you to easily tag the Internet connection to a VLAN ID.
Note: If your ISP provides a public IP it is best practice to configure an ISP supplied modem/router into bridge mode so that the public IP is sent to the WAN interface of the EdgeRouter rather than the modem/router combo device sending a private IP to the EdgeRouter. This can alleviate buffering and VPN connectivity issues.
Checking the “Enable the Default Firewall” checkbox will create two firewall rulesets on the WAN interface: one for the local direction and one for the in direction. These rulesets have a default action to drop all traffic and the default rules accept only established and related traffic, and will drop all invalid traffic. In more simple terms, this protects the EdgeRouter itself by blocking all traffic initiated to the router and devices behind the router, but still allows traffic that is requested by the router or devices behind the router to receive requested packet flows (established and related packet flows).
For example, if on a remote network you test the connectivity to your EdgeRouter by pinging the WAN address (Public IP), ICMP traffic will be blocked. If you wish to accept ICMP traffic you would create a new accept rule on the WAN_LOCAL ruleset which is shown in the image below. This is only an example of adding a new firewall rule in the GUI after applying the wizard and is not something that is included in the wizard.
Choosing to enable IPv6 functionality in the wizard will allow you to configure the router to be “Dual Stack” meaning that IPv4 and IPv6 are both implemented. If your ISP supports IPv6 you will need to assign the given Prefix length, enable the default IPv6 firewall and list the LAN interfaces that will need IPv6 connectivity.
It is generally discouraged to enable bridging because traffic which is bridged is not hardware-offloaded, and will cause a decrease in performance. It is highly advised to use a dedicated switch connected to one of the LAN interfaces to allow for multiple ports of connectivity to the LAN rather than bridging.
e. Local Area Network
The wizard automatically enables LAN on eth1 with the default network of 192.168.1.1/24 and DHCP is enabled by default.
When configuring an ER-X-SFP as in this example, each port is a part of an integrated switch chip that allows for all ports to be a part from the switch0 interface if necessary. There is no performance decrease by having switch0 as LAN and each device will have full line-rate speed.
It is optional to configure a second LAN with a different subnet on one of the other ports.
For example: an ER-X-SFP could have eth0 as WAN, eth 2-5 as switch0 with 192.168.1.1/24 and eth1 as 192.168.2.1/24.
If using the EdgeRouter Lite it would be possible to have eth0 as WAN, eth1 as LAN1 (192.168.1.1/24), and eth2 as LAN2 (192.168.2.1/24).
Note: Any private IP address range can be used for these Local Area Networks including:
f. Create Users
It is highly advised for best security to change the default ubnt/ubnt credentials to a username and password of your choosing. Although the default firewall rules block all external access to the router from the Internet, changing default credentials is an important security consideration.
g. Apply Configuration
After making the necessary selections above for your network environment, you will click Apply at the bottom of the configuration page and confirm by clicking to Reboot your EdgeRouter.
Although there are no adjustment settings displayed in the Wizard, the wizard will automatically include configuration for NAT Masquerade and DNS forwarding.
Important: You will now need to physically connect your ISP modem/router to eth0 on the EdgeRouter and then connect your LAN devices to the ports you configured as LAN. If enabling DHCP remained checked as it is by default in the wizard, changing your Ethernet interface on your device to obtain an address with DHCP will then receive an address from the DHCP pool created by the wizard.
These steps allow the router to function with Internet access for connected LAN devices.
Step 3: Enable Performance Features
Hardware offloading is discussed in more detail in this article <Coming Next Week>. Offloading is not enabled by default because it was not an available feature in earlier firmware versions. Our firmware upgrades allow for new features, but do not change the configuration just by installing the upgrade.
Below are available commands to enable offloading and increase performance:
a. For ER-X, ER-X-SFP, and EP-R6
set system offload hwnat enable
set system offload ipsec enable
b. For all other ER models
set system offload ipv4 forwarding enable
set system offload ipv4 gre enable
set system offload ipv4 pppoe enable
set system offload ipv4 vlan enable
set system offload ipv6 forwarding enable
set system offload ipv6 pppoe enable
set system offload ipv6 vlan enable
set system offload ipsec enable
Note: hwnat offloading is only available for the ER-X platform and ipv4 and ipv6 offloading is only for all other models. An invalid command will show if entering these commands on an unsupported platform.
The steps above provide a fully functional EdgeRouter configuration with a WAN interface, LAN interface, default firewall, dns forwarding, NAT, and more.