EdgeSwitches currently support/use several standard MIBs, however there are some OIDs that are unique/proprietary to EdgeSwitches and are not defined elsewhere.
Observium and others apparently have obtained a set of EdgeSwitch MIBs, included as part of their (3rd-party) monitoring solution distributions but not otherwise available from UBNT directly. The last count has almost 40 separate MIB files for EdgeSwitches.
There are now a pair of UniFi MIBs available and referenced in the release notes for current releases, but there do not seem to be any other MIBs available.
It seems most are searching for and using these 3rd-party references, but ideally UBNT should be providing these directly. Perhaps another section on the product download pages for 'SNMP MIBS" in addition to the existing "Firmware" and "Documentation" sections could be added with this content?
When the next update for the ERL is prepared:
- Please add the newer version of Strongswan than 5.3.2 (preferably the current release 5.5.1). the currently included version in the ERL (5.2.2) does not play nice with IOS. Dead Peer Detection and MOBIKE lead to dropped connections. (https://wiki.strongswan.org/issues/2126).
- Please update the OpenVPN version as the current server only supports TLS 1.0)
it should not be too dificult as these updated packages are already avaialble for Debian..
EdgeRouter Pro can and are often used as mission-critical routers in networks. It is a nice piece of hardware and the software make it a very viable alternative. It would be great to make the next generation of EdgeRouter Pro series power-redundant, so they can be connected to two power feeds at the same time.
This will help design fully-redundant networks, with both failure tolerance in case of one internal PSU failure as well as redundant and avoid SPoF design from a power perspective.
Many thanks and keep up the good work!
Would be nice to be able to see the PPPoE connection uptime. My old router running OpenWRT/LEDE firmware had this implemented. Any word on when we could see this on the EdgeOS platform?
New to this forum and I believe I posted in the wrong place originally.
HERE is my original post with some progress on a simple PPPoE uptime script.
It would be nice to see something like AirControl or UniFi for managing / viewing multiple edge routers (centralized configuration backups, mass firmware updates, etc). Anything like this in the works? Maybe call it EdgeControl and mimic the functionality of AirControl?
I'd really love to see an NTP server built into the EdgeMax router software. I currently syncronise my router to a Stratum 1 server and would like the ability to create a "local" Stratum 2 server for all client devices.
In addition, I'd love the option of a Radius server built into the router to handle 802.1X authentication without having to rely on a Windows server for such a basic task.
There are a couple of issues I have with the way EdgeOS handles groups. My company uses both EdgeRouters and Cisco ASA devices. Cisco seems way more advanced in group handling compared to EdgeOS. You can specify single host devices, subnets and ranges. Whenever something in the network changes, be it subnets, host IPs or whatever, I almost never touch the firewall / NAT rules manually on Cisco devices. The only thing I do is modifying a subnet object or a host object - rules where these object are used, will be updated automatically. Sometimes I edit a rule and simply add or remove a new/old object with very few clicks because Cisco allows multiple selections. EdgeOS is different and groups in EdgeOS are not quite the same as network objects in Cisco environments.
First and foremost there is nothing like a single host object in EdgeOS. Address groups are .. well groups and can't be entered as translation target in a nat rule or similar even if the adress group contains only a single IP. As soon as a server is moved in the network, one would have to modify each and every rule where the server is used - manually, because the translation address is an IP, not a variable like a Cisco host object.
Second is that it's not allowed to select multiple groups (e.g. network groups). It's a single drop down list and as soon as a rule has to match more than one group, the rule has to be copied and modified to match every network group. Cisco can have several network groups in one rule. Yes, I could create a big network group containing all subnets in the other groups, but then it's unwanted redundancy again. As soon as one subnet changes, one would have to modify both the original network group and every other group where this subnet is being used. Nesting groups could be a solution, like a parent group containing several network groups - one change would be adopted by all groups where this specific sub-group is used.
Third: When doing a DNAT with subnets (e.g. 192.168.2.0/24 to 192.168.1.0/24) I can't select a network group as translation target as discussed above. But I can't even use a network group (with a single subnet in it) as destination match either. EdgeOS tells me to explicetly use destination subnets when translation to another subnet. Again, hardcoded IP addresses/subnets contrary to Cisco simply using a subnet object.
Most of the time it's no big deal to do the changes manually. But there is always the risk of a typo or simply missed rules. When firewall and nat rules are configured with subnet and host objects like Cisco does, then it's just a matter to change this object ONCE. In EdgeOS you might have to touch each and every rule as "groups" aren't allowed or can't be used in some situations.
Even though Cisco isn't beyond all doubt either, there's a lot Ubiquiti can learn of.
To use EdgeRouters in my company was my idea because they are a affordable and highly reliable. My colleagues at our headquarters were suspicous when I introduced them to the ER. The HQ uses Cisco only (money doesn't matter) but they were quite impressed of the capabilities of this nice piece of hardware and started to use it in small applications as well. Anyways, the GUI seems underwhelming and lacks lots of advanced functions that make things easier to handle. Unfortunately the above issues can't be solved via CLI either, same restrictions.
Well, at least Ubiquiti added the group names to the NAT overview since v1.7 or v1.8 I think, in v1.6 nothing was shown in the rule header when a group was used and that was a real pain in the ..... with lots of NAT rules without any source/destination shown..
Maybe Ubiquiti reconsiders the groups and gets some inspiration from my request.
In 2013, there have been an increase in IPv6 deployments by ISPs globally. In the country where I resides in, all FTTH (Fiber-to-the-Home) ISPs/RSPs have deployed IPv6.
I believe it is becoming more and more important for routers to support IPv6, and likely to be essential in 2014. I would like to strongly suggest and request Ubiquiti team to look into having IPv6 Support in GUI as part of the 2014 roadmap.
EdgeMax Router Lite and POE are great routers in terms of performance and affordability. It is a pity that the shortfalls in GUI is keeping some not-as-savvy (knowledgeable but not good with CLIs) consumers away.
For a lot of customers we use the security gateway for some basic network setup. The main reason we choose for the SGW is because we can easily monitor the connection with a remote hosted unifi controller.
Now that the ER-X-SFP is here we would love to use that device to power the AP's at our customers.
Is it possible to add the posibility to register an edgemax router with the unifi controller to show up in the Network Health of the unifi controller. Preferrable with the speedtest function.
Some of my ASUS consumer routers have a feature that I like:
When I hover over a MAC address (say in the DHCP table lookup), it does a simple MAC address lookup and tells me the manufacturer's name. This has saved countless trouble because it's easy to identify the ROKU box from the AMAZON box.
It does seem pretty simple: http://www.macvendors.com
Copying here from https://community.ubnt.com/t5/EdgeMAX/Bandwith-control/m-p/1642193, as per jjonsson's suggestion.
Broadband Internet connections with monthly quotas (be it download or download+upload) are common in many countries. When such connection is shared by multiple users, it may be necessary to enforce fairness. An ability to split an overall quota between multiple users would be very useful in these circumstances, such as:
- Multi-tenant dwellings sharing a common Internet feed
- Families with children who have their own computers / devices
- Small communities
- Small scale remote operations
With the above in mind, here is a requirement brief:
1) Router should support a list of "users", each of whom can have one or more device
2) Devices should be identified by their SRC MAC address
3) It should be possible to add a "user" to one or more existing DHCP static mapping config(s), e.g., "set service dhcp-server shared-network-name Pool1 subnet 172.16.0.0/24 static-mapping Bobs-PC user Bob"
4) It should be possible to assign a quota number, in MB/GB/TB, to each user.
- This amount will be shared across all user's devices, i.e., Bob could have a PC and an iPad, and 10GB quota that he could draw from either or both devices.
5) It should be possible to choose whether the number in (4) applies to Upload, Donwload, or Upload+Download
6) It shoud be possible to choose what action to take once the user's quota has been reached, per user:
- Redirect user to a URL
- Block their network access to the external destinations
- Apply rate-limit to their connections (applied to all of their matching MACs)
7) It should be possible to specify how often the quota is reset: Each day, week, or month
- Router reboot must not lose more than 5 minutes worth of the accounting info.
- Reboot caused by the operator must flush the accounting info immediately before rebooting.
8) It should be possible for a user to connect to the router's http server from the LAN subnet without logging in and to see their quota status:
- What type of quota they have (Up/Down/Up+Down);
- How much is their allotment in MB/GB/TB is and what is their accounting period;
- How far they are from the next reset;
- How much % they have consumed;
- What is the action when they exceed the quota
- Whether this action is currently enforced
9) User for (8) above should be identified by their SRC MAC (yes, they must be on directly connected subnet)
- For non-directly connected users, there MAY be an option to log in to view the stats in (8).
Ethernet Port negotiatio
- pazza3564 on: PPPoE uptime
- waterside on: Please publish SNMP MIBs
- Aaarrrgggh on: Redundant power supply on EdgeRouter Pro series
- eurodj on: Simple MAC address blocking
Send DPI statistics to UniFi controller
- ZPrime on: ARm 7+ processor in edge hardware?
- fpb on: Support Safari on Mac/iOS for EdgeMax
- zfa on: Support Cloudflare DDNS.
- more/other Traffic Analysis
- Support of STARTTLS and RFC 6409 - submission
- Syslog TLS Encryption
- PPPoE Server IPV6 support
Data Centre Bridging/P
riority Flow Control and RoCE v2 Support for EdgeSwitch 16 XG
Ethernet Port negotiatio
Add tagged bridge to another bridge-gro
up ( EdgeRouter ER-8 )
- PPPoE uptime
Please add SNMP support for EdgeSwitch environmen
t sensor names