You are here

Setting up an EdgeRouter X for AREDN use

11 posts / 0 new
Last post
AE6XE
AE6XE's picture
Setting up an EdgeRouter X for AREDN use

I put together tho following instructions to configure a Ubiquiti EdgeRouter X for AREDN typical deployment.  Would appreciate others helping to proof read and validate these instructions.  Any EdgeRouter's out there?  

https://drive.google.com/file/d/0B2bEy75HhwWhMFY0SXRkczV4eDQ/view?usp=sh...

Joe AE6XE

AA5KD
AA5KD's picture
I have an Edgerouter POE. But

I have an Edgerouter POE. But am I missing something, you go from EdgeMax configuring to reboot and now it has AREDN on it. Where do you put an AREDN image on the router?

AE6XE
AE6XE's picture
AA5KD,  The instructions

AA5KD,  The instructions configure EdgeMax firmware with various configuration options of vlans to work collaboratively with AREDN mesh nodes.   I could add some notes in the document better describing the big picture to avoid any confusion.   While AREDN firmware could be ported to install on this device, there isn't a plan (or compelling benefit  beyond existing capabilities) to do so.   

Joe AE6XE

AA5KD
AA5KD's picture
Ok, I understand. Thanks

Ok, I understand. Thanks

WU2S
WU2S's picture
EdgeRouter X configuration page on main menu

The EdgeRouter X configuration page supplied by Joe AE6XE can be found on the main menu bar dropdown list Software --> Edgerouter X

W4DCE
W4DCE's picture
EdgeRouter X working for me. Thanks!

Thanks for posting these directions for configuring the EdgeRouterX.  They're easy to follow and work well for me.  

VE7TFM
VE7TFM's picture
Re: EdgeRouter X for AREDN

Hi Joe,  Thank You for all the support you give us users.  We would struggle with out you.
I have a question about the vid you suggest for the second, third and fourth nodes.  
vid 1 connects the port to the wan port traffic on packets tagged 1
vid 2 connects the port to the dtd traffic on packets tagged 2
My question is, for example, if node A and Node B both connect to the wan port (vid 1)they both will try and get an IP address from the DHCP server.
with the netgear 105 and the dd-wrt vlan switches the extra nodes do not get vid 1.  I has been a bit of a struggle upgrading from a dd-wrt switch to the EdgeRouter-X as there is only one IP available from the ISP DHCP for the account it is connected to.  Behind my firewall/router here for setup I didn't realize that Node A, B and C had all grabbed IP addresses from my router DHCP.
The setup we are running now at the node site is pvid 11 and 12 are only connected to vid 2.  Node A on pvid 10 is connected to vid 1 and 2.
have I got this right or have I totally missed the boat.  It is working. but could it work better.  I could turn off the wan port in node B and C.  Is this a better choice?

Thanks a bunch.
Ted  VE7TFM

AE6XE
AE6XE's picture
Your ISP only provides 1 IP

Your ISP only provides 1 IP address, this is common.   There is a home wifi-router which gets this one address.      Your home devices and the mesh nodes each receive an IP address from your home router, typically a 192.168.1.x internal address -- you have ~252 addresses to allocate and use on your home network.  These 252 addresses are hidden when communicating to other internet services.   Your home router replaces (masquerades and hides) your internal 192.168.1.x address with the 1 internet known address to communicate with other internet serveries.    This is typical behavior in everyone's QTH setup.  

If you 'disable' the WAN on node B and C or remove vlan 1 from these nodes, then any LAN devices on these nodes would then route traffic through node A to get to the internet.  It works, but it is optimal if you do not disable the WAN on these nodes, then the traffic does not have to go though A, rather direct to your home router and on to the internet.   It's not a problem for each mesh node to receive an IP address from your home router, unless you have more than 252 devices on your home network and not enough IP addresses to go around.

Joe AE6XE

VE7TFM
VE7TFM's picture
Re: EdgeRouter X for AREDN

Thanks Joe.  your answer clarifies my question.  but, are you suggestion that all nodes should be behind some kind of router for firewall protection?  is the node not capable of being it's own firewall?
There are no lan devices on node B and C.  any wan traffic arriving on node B or C is routed to node A as node A is the wan gateway.
The vlan switch wan port is directly connected to the isp modem. the isp dhcp server will issue an ip address to the first device that asks for one. if nodes B and C are given wan access in the vlan switch, node B or C might be the one to get the one ip address available.  so i must either, install a router to do nat,  not give node B and C wan access in the vlan switch or disable the wan port in node B and C.

AE6XE
AE6XE's picture
got it, there is no home

got it, there is no home network, it's truly only the 1 IP address on the cable modem.   Of the 3 options, my preference is to not have special settings on the mesh node.   It's easy to forget the setting if using the node elsewhere and something doesn't work when expected. 

Access to the mesh node is protected with limited ports open on all the interfaces/networks.   A password is required to get in.  The mesh node is a NAT firewall to the network attached on its WAN interface and protects incoming threats, nothing is forwarded into the mesh network.  Thus, all is good, no additional firewall is necessary, unless multiple layers is desired.
 

VE7TFM
VE7TFM's picture
vlan settings.

These sites are part of a mesh network we are building in support of the local valley ECOM network.  We are building the core carrier sites that will provide connectivity between mesh segments.  There are 4 high profile sites with multiple nodes connecting each other and providing sector based access to the bulk of the Alberni Valley.  I like the idea of not modifying specific nodes.  The vlan switch will manage who gets what wan access,  
Thanks again for your help.
Ted VE7TFM
 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer