New Member
Posts: 6
Registered: ‎06-24-2014

Setting up Dual ISP EdgeMax EdgeRouter Lite

Greetings to the community.  I have a EdgeMax EdgeRouter Lite that I purchased but has not arrived.  All I want to accomplish is to put a CableOne ISP router and a AT&T Uverse router (both have static IP addresses) on the router with the primary ISP being CableOne.  This will be used all the time UNLESS there is a failure of that circuit and then I want to have it auto switch to the AT&T Uverse router and go back to CableOne when service is restored.  Can someone point me to specific community links that explain in as much detail as possible how to do this.  I am not really interested (even if possible) to piggy back one service on top of the other to gain speed improvement.  I am fair with routers but have a good friend that lives in the world of "routers & IP".

Established Member
Posts: 1,700
Registered: ‎02-24-2012
Kudos: 437
Solutions: 60

Re: Setting up Dual ISP EdgeMax EdgeRouter Lite

I think there is a fairly good setup Wizard on the latest firmware that will guide you through load-balancing with fail-over from the GUI on initial setup. You mention you don't want load-balancing (I think this is what you mean) so what you could do is set up via the gui, and then change the ratio of load balancing to 95% on the primary link and 5% on the secondary link. This is perhaps not the best solution, but will give the majority of your traffic routing to the main link, and give you failover should first link stop for any reason.

The command to do this from the CLI is as below, once you have done the basic setup for load-balancing via the GUI.

Configure [ENTER}

set load-balance group wlb interface eth0 weight 95 [ENTER]

where eth0 is your primary link and 95 is what you want it set to. I am never sure if you have to then set the second link to 5, or if it works it out, but command would be the same:

set load-balance group wlb interface eth1 weight 5 [ENTER]

then you need to commit and save changes and exit config section:

commit [ENTER]

save [ENTER]

exit [ENTER]

There is also a command I note that you can do fail-over only, which is perhaps more what you want, but I haven't tried it. The command is:

set load-balance group wlb interface eth0 failover-only [ENTER]

again, where eth0 is the interface you want as fail-over only, and remember to commit, save and exit.

 

Established Member
Posts: 1,700
Registered: ‎02-24-2012
Kudos: 437
Solutions: 60

Re: Setting up Dual ISP EdgeMax EdgeRouter Lite

Post Number 2 from UBNT's Stig here confirms that if one link is down, weighting on the load-balancing setup will automatically default 100% to the running link. 

Highlighted
New Member
Posts: 6
Registered: ‎06-24-2014

Re: Setting up Dual ISP EdgeMax EdgeRouter Lite

So it sounds like I want a 95/5 balanced setup and then if the 95 side fails it will switch to the 5 side.  Can that all be setup with the software?  I notice a lot of what appear to be command lines issued?  All UI from software?

Established Member
Posts: 1,700
Registered: ‎02-24-2012
Kudos: 437
Solutions: 60

Re: Setting up Dual ISP EdgeMax EdgeRouter Lite

I think you will still need to do some fine tuning from the CLI but not a huge amount. I was pretty new to this before I started with the load-balancing, but there is good support here and it's not as daunting as it perhaps first seems. Get ready to use the show configuration command and copy/paste the text for full support.
New Member
Posts: 6
Registered: ‎06-24-2014

Re: Setting up Dual ISP EdgeMax EdgeRouter Lite

Router arrives Monday so I will hopefully further understand after looking at the software and manual.  I'm sure I will be asking more questions!  Thank you for all your replies!!!

New Member
Posts: 6
Registered: ‎06-24-2014

Re: Setting up Dual ISP EdgeMax EdgeRouter Lite

Router arrived today.  My CableOne Router will be my main source and it has a static IP and then assigns IP's to my office computers via DHCP.  The Uverse router is basically setup to provide a voice phone line and at the present does not serve any computers.  If I try to put both of these routers through the new EdgeRouter LTE and load balance 95 to CableOne andd 5 to Uverse, do I need to turn off DHCP on both of them and let the EdgeRouter do all the assignment of computer IP's within the office?

Member
Posts: 124
Registered: ‎02-09-2013
Kudos: 31
Solutions: 1

Re: Setting up Dual ISP EdgeMax EdgeRouter Lite


@AggieBQ72 wrote:

Router arrived today.  My CableOne Router will be my main source and it has a static IP and then assigns IP's to my office computers via DHCP.  The Uverse router is basically setup to provide a voice phone line and at the present does not serve any computers.  If I try to put both of these routers through the new EdgeRouter LTE and load balance 95 to CableOne andd 5 to Uverse, do I need to turn off DHCP on both of them and let the EdgeRouter do all the assignment of computer IP's within the office?


Correct, if both of your ISP's provide you with a static IP, you may disable the DHCP server in your ISP's CPE gear.

Your ERL should handle all DHCP and NAT, your clients shouldn't notice the failover.

 

 

Have a look at the below config:

Configure your interfaces:

set interfaces ethernet eth0 address 23.23.23.23/29
set interfaces ethernet eth0 description 'CableOne'
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth1 address 24.24.24.24/29
set interfaces ethernet eth1 description 'AT&T UVerse'
set interfaces ethernet eth1 duplex auto
set interfaces ethernet eth1 speed auto
set interfaces ethernet eth2 address 192.168.100.1/24
set interfaces ethernet eth2 description 'LAN'
set interfaces ethernet eth2 duplex auto
set interfaces ethernet eth2 firewall in modify LAN_WLB

 

Set firewall modify rules for the load balance. In this case, I exclude a bunch of stuff from load balancing, and sending it to a failover scenario only. If it matches the rules 20-23, failover only.

set firewall modify LAN_WLB rule 10 action modify
set firewall modify LAN_WLB rule 10 destination group network-group LAN_NETS
set firewall modify LAN_WLB rule 10 modify table main
set firewall modify LAN_WLB rule 20 action modify
set firewall modify LAN_WLB rule 20 destination group port-group xLB_WAN0_ports
set firewall modify LAN_WLB rule 20 modify lb-group Static_WAN0
set firewall modify LAN_WLB rule 21 action modify
set firewall modify LAN_WLB rule 21 destination group address-group xLB_WAN0_Address
set firewall modify LAN_WLB rule 21 modify lb-group Static_WAN0
set firewall modify LAN_WLB rule 22 action accept
set firewall modify LAN_WLB rule 22 destination group network-group xVPN_NETS
set firewall modify LAN_WLB rule 23 action modify
set firewall modify LAN_WLB rule 23 modify lb-group Static_WAN0
set firewall modify LAN_WLB rule 23 source group address-group xLB_LAN2_Address
set firewall modify LAN_WLB rule 100 action modify
set firewall modify LAN_WLB rule 100 modify lb-group WAN_WLB

 

Set the load balance groups, one for sending traffic via WAN0 w/ failover, the other for load balance 95/5:

set load-balance group Static_WAN0 interface eth0 route table 1
set load-balance group Static_WAN0 interface eth1 failover-only
set load-balance group WAN_WLB interface eth0 weight 95
set load-balance group WAN_WLB interface eth1 weight 5

 

Now the firewall groups, to match destination ports, destination networks, destination  IP's etc. You may find that you need to bind your SSH management traffic to the source IP of CableOne due to remote firewall rules.
Also when in SSL sessions, I find bounding between IP's ofen causes issues.

set firewall group address-group xLB_LAN2_Address description 'Source IPs to force via WAN0'
set firewall group address-group xLB_LAN2_Address address 192.168.100.99

set firewall group address-group xLB_WAN0_Address description 'Destination IPs to force via WAN0'
set firewall group address-group xLB_WAN0_Address address 12.12.12.12

set firewall group network-group LAN_NETS description 'Local Subnets'
set firewall group network-group LAN_NETS network 10.3.0.0/24
set firewall group network-group LAN_NETS network 10.4.0.0/24
set firewall group network-group LAN_NETS network 10.6.0.0/24
set firewall group network-group LAN_NETS network 192.168.199.0/24
set firewall group network-group LAN_NETS network 192.168.255.0/24

set firewall group network-group xVPN_NETS description 'Remote VPN Subnets'
set firewall group network-group xVPN_NETS network 192.168.33.0/24
set firewall group network-group xVPN_NETS network 10.3.1.0/24
set firewall group network-group xVPN_NETS network 192.168.99.0/24
set firewall group network-group xVPN_NETS network 10.1.2.0/24

set firewall group port-group xLB_WAN0_ports description 'destination ports to force to WAN0'
set firewall group port-group xLB_WAN0_ports port 443
set firewall group port-group xLB_WAN0_ports port 21
set firewall group port-group xLB_WAN0_ports port 22
set firewall group port-group xLB_WAN0_ports port 5060
set firewall group port-group xLB_WAN0_ports port 2087
set firewakk group port-group xLB-WAN0_ports port 3389
set firewall group port-group xLB_WAN0_ports port 2083

 

 

 

New Member
Posts: 6
Registered: ‎06-24-2014

Re: Setting up Dual ISP EdgeMax EdgeRouter Lite

Actually a mistake in previous post on who is giving out DHCP IP addresses.

Present configuration:  CableOne Internet modem (C1) is connected to a router provided by my dental software company (Cisco ASA 5505).  The Cisco router gives out internal addresses of 10.61.247.xx to office computers.  The IP of the C1 is 24.117.238.33

If I place the ERL in between the C1 and the Cisco and turn off DHCP on the ERL that should allow the Cisco router to continue handing out 10.61.247.xx addresses.  That would then maintain exactly what I have now except with the ERL, correct?  Later to add a second internet modem (ATT U-Verse) to the ERL and load balance with failover to the U-Verse if C1 circuit goes down.  Tiny steps at a time.

Regular Member
Posts: 747
Registered: ‎11-06-2013
Kudos: 231
Solutions: 26

Re: Setting up Dual ISP EdgeMax EdgeRouter Lite

You would be better served hiring a consultant to do this for you. It would likely take less time (and thus money) to setup.

What you are trying to do can work, but you have 4 routers involved in this and unless everything is setup exactly right, you WILL have problems.