- Power up, connect to eth0
- Wait for cold boot sequence; can be up to 2 minutes
- Access:
- Via web interface at 192.168.1.1, UN/PW both
ubnt ssh ubnt@192.168.1.1
- Add admin user, log in as admin user, delete default user
configureedit system loginset user daveset user dave level adminset user dave plaintext-password {something}commitsave- Log out, log in as new user
configuredelete system login user ubnt- Commit and save
- Set system name servers: 1.1.1.1, 8.8.8.8
set system name-server 1.1.1.1set system name-server 8.8.8.8
- Update system image to latest revision of firmware (instructions)
- From non-configure prompt:
add system image {url to image} - Or, from host, scp image into /home/{username} then
add system image {image filename} - Verify new image is set as boot default:
show system image reboot
- Set system host name ("EdgeRouterX"?)
set system host-name {something}
This section assumes that the router's WAN interface is connected to eth0, so that passive PoE can be injected and passed through to eth4 to power a UniFi access point.
- Set eth0 as Internet / WAN connection:
- Reassign eth0 IP address to 192.168.x.3/24, log in at that address
- Set IP address for switch0 to manual, 192.168.x.1/24
- Set eth0 as DHCP: * dhcp-options default-route update * dhcp-options default-route-distance 210 * dhcp-options name-server update
- Set eth1 through eth4 as LAN, attach to switch
- Enable PoE on eth4
- Enable hairpin NAT:
- WAN interface: eth0
- LAN interface: switch0
- Add port forwarding rules, if required
- Add firewall rulesets and rules
- WAN_IN (Traffic from WAN to LAN, eth0 to in):
- Allow established/related
- Drop invalid state
- WAN_LOCAL (Traffic to WAN to Router, eth0 to local)
- Allow established/related
- Drop invalid state
- Add Source NAT rule:
- Outbound interface eth0
- Use Masquerade
- All protocols
- Add DHCP server
- Add Subnet 192.168.x.0/24
- Set Range
- Router is 192.168.x.1 (the EdgeRouter's address)
- Set DNS resolvers served to DHCP clients
- Set DHCP server as authoritative