1. Home
    2. /
  2. Manuals
    3. /
  3. Ubiquiti
    4. /
  4. EdgeRouter
    5. /
  5. 10
Page 46 / 58 Scroll up to view Page 41 - 45
43
Appendix A: Command Line Interface
EdgeRouter
Lite User Guide
Ubiquiti Networks, Inc.
Press the
?
or
tab
key to display options for the specified
edit level.
ubnt@ubnt# set
action
disable
ipsec
p2p
source time
description fragment limit
protocol state
destination icmp
log
recent
tcp
[edit firewall name TEST rule 10]
ubnt@ubnt# set description “allow icmp”
[edit firewall name TEST rule 10]
ubnt@ubnt# set action accept
[edit firewall name TEST rule 10]
ubnt@ubnt# set protocol icmp
[edit firewall name TEST rule 10]
To show changes within the edit level, use the
compare
command:
ubnt@ubnt# compare
[edit firewall name TEST rule 10]
+action accept
+description “allow icmp”
+protocol icmp
[edit firewall name TEST rule 10]
To move up an edit level, use the
up
command:
ubnt@ubnt#up
[edit firewall name TEST]
ubnt@ubnt# compare
[edit firewall name TEST]
+default-action drop
+enable-default-log
+rule 10 {
+
action accept
+
description “allow icmp”
+
protocol icmp
+}
[edit firewall name TEST]
ubnt@ubnt# up
[edit firewall]
ubnt@ubnt# compare
[edit firewall]
+name TEST {
+
default-action drop
+
enable-default-log
+
rule 10 {
+
action accept
+
description “allow icmp”
+
protocol icmp
+
}
+}
[edit firewall]
To return to the top edit level, use the
top
command:
ubnt@ubnt# top
[edit]
ubnt@ubnt# compare
[edit firewall]
+name TEST{
+
default-action drop
+
enable-default-log
+
rule 10 {
+
action accept
+
description “allow icmp”
+
protocol icmp
+
}
+}
[edit]
To display the existing firewall rule, use the
show firewall
command:
ubnt@ubnt# show firewall
name WAN1_LOCAL {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action drop
state {
invalid enable
}
}
rule 30 {
action accept
destination {
port 22
}
protocol tcp
}
}
[edit]
Page 47 / 58
44
Appendix A: Command Line Interface
EdgeRouter
Lite User Guide
Ubiquiti Networks, Inc.
To create a new firewall rule from an existing firewall rule,
use the
copy
command.
ubnt@ubnt# edit firewall
[edit firewall]
ubnt@ubnt# copy name WAN1_LOCAL to name WAN2_LOCAL
[edit firewall]
ubnt@ubnt# commit
[edit firewall]
ubnt@ubnt#top
[edit]
ubnt@ubnt#show firewall
name WAN1_LOCAL {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action drop
state {
invalid enable
}
}
rule 30 {
action accept
destination {
port 22
}
protocol tcp
}
}
name WAN2_LOCAL {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action drop
state {
invalid enable
}
}
rule 30 {
action accept
destination {
port 22
}
protocol tcp
}
}
[edit]
To change the name of the new firewall rule, use the
rename
command.
ubnt@ubnt# edit firewall
[edit firewall]
ubnt@ubnt# rename name W[TAB]
WAN1_LOCAL
WAN2_LOCAL
[edit firewall]
ubnt@ubnt# rename name WAN2_LOCAL to name WAN2_IN
[edit firewall]
ubnt@ubnt# commit
[edit firewall]
ubnt@ubnt#top
[edit]
ubnt@ubnt# show firewall name
name WAN1_LOCAL {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action drop
state {
invalid enable
}
}
rule 30 {
action accept
destination {
port 22
}
protocol tcp
}
}
name WAN2_IN {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action drop
state {
invalid enable
}
}
rule 30 {
action accept
destination {
port 22
}
protocol tcp
}
}
[edit]
ubnt@ubnt#
Page 48 / 58
45
Appendix A: Command Line Interface
EdgeRouter
Lite User Guide
Ubiquiti Networks, Inc.
Manage the Configuration File
Typically, you use the
save
command to save the active
configuration to disk (
‘config/config.boot’
); however, you
can also save the active configuration to a different file or
remote server.
Enter
save
and press the
?
key.
ubnt@RTR# save
Possible completions:
<Enter>
Save to system
config file
<file>
Save to file on
local machine
scp://<user>:<passwd>@<host>/<file>
Save to file on
remote machine
ftp://<user>:<passwd>@<host>/<file>
Save to file on
remote machine
tftp://<host>/<file>
Save to file on
remote machine
[edit]
Saving configuration to
############################################### 100.0%
Done
[edit]
Scenario: In the midst of the administrator changing an
IPsec tunnel into an OpenVPN tunnel, the administrator
had to revert the EdgeRouter to its previous configuration
with the IPsec tunnel.
1.
Before making changes, the administrator saved a
backup configuration file with a working IPsec tunnel
configuration:
ubnt@RTR# save config.boot-ipsec
Saving configuration to ‘/config/config.boot-ipsec’...
Done
[edit]
Note:
This is a backup; if the EdgeRouter were
rebooted, it would still boot from the default file:
/config/config.boot’
2.
After the administrator deleted the IPsec configuration
and was configuring of the OpenVPN tunnel,
circumstances changed so that the IPsec tunnel was
required again. Consequently, the administrator
reverted the EdgeRouter to its previous configuration
with the IPsec tunnel.
ubnt@RTR# load config.boot-ipsec
Loading configuration from
‘/config/config.boot-ipsec’...
Load complete. Use ‘commit’ to make changes active.
[edit]
ubnt@RTR# commit
[edit]
ubnt@RTR# save; exit
Saving configuration to ‘/config/config.boot’...
Done
exit
ubnt@RTR:~$
To automatically make a remote backup after every
commit, use the
commit-archive
configuration option,
enter
location
, and press the
?
key.
ubnt@RTR# set system config-management commit-archive
location
Possible completions:
<url>
Uniform Resource Identifier
Detailed information:
“scp://<user>:<passwd>@<host>/<dir>”
“ftp://<user>:<passwd>@<host>/<dir>”
“tftp://<host>/<dir>”
ubnt@RTR# set system config-management commit-archive
[edit]
ubnt@RTR# commit
Archiving config...
OK
[edit]
On the remote tftp server, a copy with the hostname and
date is saved for each commit.
admin2@server://tftpboot/RTR$ ls -l
total 8
-rw------- 1 nobody nogroup 908 Aug 17 17:19
config.boot-RTR.20120817_171932
-rw------- 1 nobody nogroup 874 Aug 17 17:20
config.boot-RTR.20120818_002046
You can also keep a specified number of revisions
of the configuration file on the local disk. Use the
commit-revisions
configuration option.
ubnt@RTR# set system config-management commit-revisions
50
[edit]
ubnt@RTR# commit
[edit]
Here is an example that uses the
commit-revisions
command:
ubnt@RTR# set system login user joe authentication
plaintext-password secret
[edit]
ubnt@RTR# commit
[edit]
ubnt@RTR# save; exit
Saving configuration to ‘/config/config.boot’...
Done
exit
ubnt@RTR:~$ show system commit
0
2012-08-17 18:32:13 by ubnt via cli commit
1
2012-08-17 18:31:52 by ubnt via cli commit
2
2012-08-17 18:31:51 by root via init commit
Page 49 / 58
46
Appendix A: Command Line Interface
EdgeRouter
Lite User Guide
Ubiquiti Networks, Inc.
Note:
The following commands require that the
configuration option,
commit-revisions
, be set first.
show system commit diff
commit-confirm
show system commit file
confirm
show system commit
rollback
commit comment
For details on the
commit-revisions
option, go to
“Manage the Configuration File” on page 45
.
To display the changes in revision 0, use the
show system
commit diff
command.
ubnt@RTR:~$ show system commit diff 0
[edit system login]
+user joe
{
+
authentication {
+
encrypted-password
$1$CWVzYggs$NyJXxC3S572rfm6pY8ZMO.
+
plaintext-password ““
+
}
+
level admin
+}
To display the entire configuration file for revision 0, use
the
show system commit file
command.
ubnt@RTR:~$ show system commit file 0
To add a comment to the commit, use the
comment
command.
ubnt@RTR# set system login user joe level operator
[edit]
ubnt@RTR# commit comment “change joe from admin to op”
[edit]
ubnt@RTR# save; exit
Saving configuration to ‘/config/config.boot’...
Done
exit
Now you will see the comment when you use the
show
system commit
command.
ubnt@RTR:~$ show system commit
0
2012-08-17 18:44:41 by ubnt via cli change joe
from admin to op
1
2012-08-17 18:34:01 by ubnt via cli commit
2
2012-08-17 18:32:13 by ubnt via cli commit
3
2012-08-17 18:31:52 by ubnt via cli commit
4
2012-08-17 18:31:51 by root via init commit
When you work on a remote router, certain changes,
such as a firewall or NAT rule, can cut off access to the
remote router, so you then have to visit the remote router
and reboot it. To avoid such issues when you make risky
changes, use the
commit-confirm
command first. Then
use the
confirm
command to save your changes.
ubnt@RTR:~$ configure
[edit]
ubnt@RTR# set firewall name WAN_IN rule 50 action drop
[edit]
ubnt@RTR# set firewall name WAN_IN rule 50 destination
address 172.16.0.0/16
[edit]
ubnt@RTR# commit-confirm
commit confirm will be automatically reboot in
10 minutes unless confirmed
Proceed? [confirm][y]
[edit]
After you verify that the changes should be saved, use the
confirm
command.
ubnt@RTR# confirm
[edit]
You can also specify the number of minutes to wait, but
you must remember to also use the
confirm
command.
Otherwise, if you forget, then you can be surprised by the
EdgeRouter’s reboot to its previous configuration.
ubnt@RTR# commit-confirm 1
commit confirm will be automatically reboot in 1 minutes
unless confirmed
Proceed? [confirm][y]
[edit]
ubnt@RTR#
Broadcast message from root@RTR (Mon Aug 20 14:00:06
2012):
The system is going down for reboot NOW!
INIT: Switching to runlevel: 6
INIT: Stopping routing services...zebra...done.
Removing all Quagga Routes.
[SNIP]
To roll back to an earlier commit, use the
show system
commit
and
rollback
commands.
ubnt@RTR:~$ show system commit
0
2012-08-21 14:46:41 by admin_5 via cli
fix bgp policy maps
1
2012-08-21 14:45:59 by admin_5 via cli
commit
2
2012-08-21 14:45:33 by admin_5 via cli
fix port forwarding
3
2012-08-21 14:45:15 by admin_5 via cli
fix firewall
4
2012-08-21 14:44:29 by ubnt via cli
commit
5
2012-08-21 14:21:15 by ubnt via cli
add port forward for port 2222 to build-server
6
2012-08-21 14:20:24 by ubnt via cli
add dmz interface to eth2
7
2012-08-21 14:19:53 by ubnt via cli
add ipsec tunnel to office_exchange
8
2012-08-21 14:07:18 by ubnt via cli
add firewall for WAN_IN
9
2012-08-21 14:06:37 by ubnt via cli
add user first_last
10
2012-08-21 14:04:47 by ubnt via cli
commit
11
2012-08-21 14:04:46 by root via init
commit
After viewing the history of system commits,
you decide
to discard the last four commits by
admin_5
. Roll back the
system configuration file to commit 4:
ubnt@RTR# rollback 4
Proceed with reboot? [confirm] [y]
Broadcast message from root@RTR (ttyS0) (Mon Aug 21
15:09:12 2012):
The system is going down for reboot NOW!
Page 50 / 58
47
Appendix B: Specifications
EdgeRouter
Lite User Guide
Ubiquiti Networks, Inc.
Appendix B: Specifications
EdgeRouter Lite
Dimensions
197.52 x 91 x 28 mm
Weight
289.2 g
Power Input
12VDC, 1A Power Adapter (Included)
9 to 24V (Supported Voltage Range)
Button
Reset
Processor
Dual-Core 500 MHz, MIPS64
with Hardware Acceleration
for Packet Processing
System Memory
512 MB DDR2 RAM
Onboard Flash Storage
2 GB
Certifications
CE, FCC, IC
Wall-Mount
Yes
Operating Temperature
-10 to 45°C
Operating Humidity
90% Non-Condensing
Layer 3 Forwarding Performance
Packet Size: 64 Bytes
1,000,000 pps
Packet Size: 512 Bytes or Larger
3 Gbps (Line Rate)
LEDs Per Port
Serial Console Port
Power
Data Ports
Speed/Link/Activity
Networking Interfaces
Serial Console Port
(1) RJ45 Serial Port
Data Ports
(3) 10/100/1000 Ethernet Ports

Rate

4.5 / 5 based on 2 votes.

Popular Ubiquiti Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top