Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
New Idea

DHCP Option 82

Submitted by -
Status: New Idea

Would be really nice to have DHCP Option 82 support in EdgeOS CLI

Time based traffic policy

Submitted by -
Status: New Idea

Time of a day based traffic/QoS policy. 

0 Kudos

network-group and address-group import from a text file in CIDR notation

Submitted by -
Status: New Idea

As the name says, it would be cool if you could import network ranges and hosts like this:

set firewall group network-group ADS import /path/to/file.txt

 Where file.txt would contain networks in CIDR notation or addresses (one per line).

Improve stateless DHCPv6 configuration

Submitted by -
Status: New Idea

1. When the configuration file is invalid, commit or /etc/init.d/dhcpdv6 restart should show the configuration error as above rather than silently saying the server started. The current behavior makes it really hard to diagnose problems.

2. Improve the CLI configuration syntax for stateless DHCPv6. For example, the configuration you have for DNS forwarding is nice:

forwarding {
    listen-on eth0
}

It would be great to support the same for the DHCPv6 server:

 shared-network-name PickAName {
     listen-on eth0
     listen-on eth1
     name-server <IPv6 address for DNS server 1>
     name-server <IPv6 address for DNS server 1>
 }

 There are two things I'd want listen-on to control:

First, regardless of stateful vs. stateless, it should control the interface list passed to dhcpd3 on the command line. Based on the current config script, I suspect it isn't passing any such list today, prompting dhcpd3 to attempt to listen on all interfaces (if a corresponding subnet[6] statement happens to appear, which triggers a warnings for interfaces that don't have any such statement).

Second, to help the stateless case, generate the subnet6 /128 statements for each listen-on interface (except maybe unless the CLI configuration has a similar/conflicting subnet specified).

In general, a big advantage of the CLI configuration system is that it provides a higher-level syntax, shielding the user from the nitty gritty implemntation details of exact configuration flavor for each piece. However, in this case, the current CLI config syntax for DHCPv6 stateless is still fairly low-level. It'd be much nicer to specify listen-on interfaces, automatically supporting stateless clients, and then only require specific subnet configuration when actually using the statefull/address allocation options.

(Added from a forum post.)

Better OSPF support for the PPPoE server

Submitted by -
Status: New Idea

At the moment it is not possible to specify OSPF parameters for pppoes interfaces, let alone per-user.

Supporting OSPF properly on dynamic interface names is rather difficult, and most likely not commonly used but does have some unique use cases. I am currently forced to use it to work around limitations of AirOS to segment traffic properly.

My suggestion is for when local-authentication is used (although perhaps could be extended to allow RADIUS auth as well in the future with some custom radius attributes although I'm not sure if setting the ospf configuration each time a user logs on is a good idea, perhaps specify ospf parameters per interface using CLI configuration with only the username to interface name mappings defined by radius) to specify a fixed interface name for a specific user, and along with it ospf parameters.

Example configuration:

ubnt@MtStuartRouter# show
 authentication {
     local-users {
         username fancyuser {
             password supersecret
             static-ip 192.168.50.60
             interface pppoesfancyuser
         }
     }
     mode local
 }
 interface pppoesfancyuser {
     ip {
         ospf {
             cost 10
         }
     }
 }
...
[edit service pppoe-server]

The reason service pppoe-server interface is used rather than nesting inside authentication local-users is for future flexibility if RADIUS support is extended to be able to specify a fixed interface name for a user. This could be moved under "set interfaces pppoe-server" depending on what sort of consistency is desired vs desire for everything to be in one place under service pppoe-server.

A more general solution for defining interface information like this could be "set interface other pppoesfancyuser ip ospf ..." which could then be used for other non-vyatta controlled interfaces as well to apply routing configuration. Likewise this can be extended to allow adding of firewall rules to arbitrary interfaces as well!

With fixed interface names, if a client connects that is already connected, the old session would have to be terminated to allow the interface name to be used. This new-session-kicks-off-old-session behaviour would also solve an issue when static ips are used and a client connects twice.

Balanceo de carga ToughSwitch ubnt

Submitted by -
Status: Duplicate

El ToughSwitch tiene alguna opción para el balanceo de carga como traer algunos modelos de Cisco swicht? Últimas procesos como CEF (Cisco Express Forwarding) de conmutación le permiten hacer un rollo por destino y paquetería más rápido, sino que significa que usamos más recursos para mantener y CEF adjacencias entradas.

podría  agregarle  esa  función  al arios  si  el  hardware  lo  permite  sería  un éxito  así  podríamos  sacar  mucho más  provecho 

Hardware Monitor

Submitted by -
Status: New Idea

It would be nice to have a hardware monitor:

 

Which includes temp monitor & fan monitor

 

Notifications if the temp goes over a certain level and if the fan's stop working.

Freeradius GUI on edgemax

Submitted by -
Status: Duplicate
What are chances of getting a GUI were you can load users from the GUI with limits and if possible accounting as well...maybe for a start just total data used? This would make the setup 1000times easier and would be better than using radius manager or usermanger from mikrotik.

Change source-validation (uRPF, rp_filter) to be interface specific

Submitted by -
Status: New Idea

Currently, to enable rp_filter (Unicast Reverse Path Forwarding) there is only a system-wide option under the firewall configuration section:

set firewall source-validation strict

This all-or-nothing approach is basicly unusable in a non-trivial network (e.g. multiple paths) as applying rp_filter on uplink interfaces would break forwarding.

rp_filter should be a per-interface configuration option, e.g.

set interfaces ethernet eth1 ip source-validation strict
set interfaces ethernet eth1 ipv6 source-validation strict

This could be implimented leaving the global option in place for the firewall, but adding the interface-level configuration as an option (to avoid breaking configurations).

On the kernel side, this would be implimented as:

# Default Values
echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
# Enable rp_filter for eth1:
echo 1 > /proc/sys/net/ipv4/conf/eth1/rp_filter

This is a pretty quick change that would be VERY helpful for those of us making use of public IP addressing with the ER.

With recent NTP reflection attacks, we really find the use uRPF to be mandatory.  More information on the need for uRPF and BCP38 is available at: http://www.bcp38.info/index.php/Main_Page

 

Tilera Based EdgeMax Router

Submitted by -
Status: Invalid

I would like to see a routing platform based off of the tilera platform. I was really hoping to see some use of the tilera platform in previous products. Any chance UBIQUITI will develope a router based on the Tilera Platform?

0 Kudos

Add EIGRP

Submitted by -
Status: New Idea

Since Cisco is open sourcing EIGRP it would be nice if this routing protocal were implemented.

Add DHCP client option to ignore NTP name servers

Submitted by -
Status: New Idea

Some providers supply NTP servers via DHCP, and those are used by EdgeMax regardless of the NTP configuration. This is the case with my Internet/IPTV/VoIP provider: it uses three VLANs for each service, and it supplies a NTP server via the VoIP VLAN, which is not suitable for reliable time synchonization.

 

This same issue was tackled in this thread. Apparently a solution is in the TODO list, but it has not been implemented yet. My proposal is a new client dhcp-option "ntp-server" with possible settings "update" (default) and "no-update". In this way the DHCP-supplied NTP server could be ignored using

 

  set dhcp-options ntp-server no-update

 

in a similar way as name servers and default route.

 

 

EdgeRouter Shutdown L2

Submitted by -
Status: Implemented

When I disable a port in the ERL/ER-POE, I would like it to fully shutdown on Layer 2, like shutting down on a switch -- is this possible to include? More than just a ip link ethX down, I need the connected device to physically shut down the port.

DynDNS GUI

Submitted by -
Status: Implemented

Allow DYnDNS configuration form the GUI.

The CLI setup for DynDNS is simple enough. But it seems simple enough that it could be included it in the GUI for those uneasy about CLI.

 

DHCP server won't start if pool on an additional interface IP

Submitted by -
Status: New Idea

High UBNT team, thank you for good product!

I've just spent 2 hours to take DHCP server on ERL up, it has very simple but very unclean problem:

admin@ubnt# show interfaces 
 ethernet eth0 {
     address 192.168.1.1/24
     firewall {
         out {
             name LANtoWAN
         }
     }
     vif 1002 {
         address 192.168.10.194/26
         description KRAG_INET_UPLINK
         firewall {
             out {
                 name LANtoWAN
             }
         }
         mtu 1500
     }
 }
 ethernet eth1 {
     address 10.10.194.1/24
     address 10.14.21.1/24
     description NELSON_LAN
     firewall {
         in {
             name LANtoWAN
         }
     }
 }
 ethernet eth2 {
 }
 loopback lo {
 }
[edit]
admin@ubnt# show service    
dhcp-server  gui          ssh          
[edit]
admin@ubnt# show service dhcp-server 
 shared-network-name lan {
     subnet 10.10.194.0/24 {
         default-router 10.10.194.1
         dns-server 31.130.161.4
         dns-server 31.130.161.62
         start 10.10.194.150 {
             stop 10.10.194.199
         }
     }
 }
[edit]

 on eth1 i've 2 IP addresses from different networks, in DHCP server i've a one network defined where i need dynamic leases. In case when first ( "primary" ) IP adress is not in DHCP network - DHCP server simply will not start. So, the idea is - slightly change syntax of CLI and UI code to exactly define address as secondary:

....
ethernet eth1 {
     address 10.10.194.1/24
     address 10.14.21.1/24 secondary
     description NELSON_LAN
...

 

admin@ubnt# set interfaces ethernet eth1 10.14.21.1/24 secondary

or at least - configuration of DHCP in Web UI or in CLI should control interface settings and show a warning if it will take to situation like this. It could take off some head-ache i think.

Thank alot.

IGMP Snooping

Submitted by -
Status: New Idea

Title says it al (:

Redundant power supply on EdgeRouter Pro series

Submitted by -
Status: New Idea

Hi,

EdgeRouter Pro can and are often used as mission-critical routers in networks. It is a nice piece of hardware and the software make it a very viable alternative. It would be great to make the next generation of EdgeRouter Pro series power-redundant, so they can be connected to two power feeds at the same time.

This will help design fully-redundant networks, with both failure tolerance in case of one internal PSU failure as well as redundant and avoid SPoF design from a power perspective.

 

Many thanks and keep up the good work!

Better DNS GUI interface

Submitted by -
Status: New Idea

Manage DNS via GUI instead of CLI. Meaning I want the router to use OpenDNS, and I add it to the system DNS, however it still uses the DNS from my ISP, until I use CLI to tell it otherwise.

0 Kudos

IGMP Forking

Submitted by -
Status: New Idea

(Adding my list to the Feature Requests system)

This is a bit of an obscure one...

BT's multicast implmentation delivers internet over a PPPoE session while delivering Multicast over the raw Ethernet interface. The BT home gateway (HomeHub) forks the IGMP requests so it is sent up both interfaces, this is done so the BRAS is able to shape the PPPoE session down and eases congestion in the access network.
It would be nice to be able to do this with my ERL.