EdgeRouter X - bridge mode
-
I have a client with a EdgeRouter X. They have a phone system that the phone system vendor needs to be able to remote in to once in a while, and they will need to access from the LAN once in a while. They were out of ports on their switch, so I told them to plug in to eth2 and I would configure from there.
eth0 is their LAN, so I figured I just needed to bridge eth0 and eth2. Is that correct? I did that and I can't ping the IP address I told him to use from the LAN so I don't know if my config is wrong, or if he didn't put the IP in correctly.
Here is my config:
ubnt@ubnt:~$ show configuration firewall { all-ping enable broadcast-ping disable ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name WAN_IN { default-action drop description "WAN to internal" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 1 { action accept description "Allow established/related" state { established enable related enable } } rule 2 { action accept description "allow ssh config" destination { port 22 } log disable protocol tcp source { } } rule 3 { action drop description "Drop invalid state" state { invalid enable } } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { bridge br0 { address 192.168.1.1/24 } ethernet eth0 { bridge-group { bridge br0 } description "Local 2" duplex auto speed auto } ethernet eth1 { address dhcp description Internet duplex auto firewall { in { name WAN_IN } local { name WAN_LOCAL } } speed auto } ethernet eth2 { bridge-group { bridge br0 } description Local duplex auto speed auto } ethernet eth3 { description Local duplex auto speed auto } ethernet eth4 { description Local duplex auto speed auto } loopback lo { } switch switch0 { address 192.168.2.1/24 description Local mtu 1500 switch-port { interface eth2 interface eth3 interface eth4 } } } service { dns { forwarding { cache-size 150 listen-on eth0 listen-on switch0 } } gui { https-port 443 } nat { rule 5010 { outbound-interface eth1 type masquerade } } ssh { port 22 protocol-version v2 } } system { host-name ubnt login { user ubnt { authentication { encrypted-password **************** plaintext-password **************** } full-name "" level admin } } name-server 8.8.8.8 ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org { } server 2.ubnt.pool.ntp.org { } server 3.ubnt.pool.ntp.org { } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone America/New_York }BTW, I know ssh is allowed on the external interface. I had to do that since I was working remote and had to remove the address off eth0 so I could assign it the bridge group. I realize now it may have been easier to give him an IP in another subnet and then just add a route between the subnets, but if I'm going to do that, I'll still need to get him on from the outside so he can change the config.
-
I'm probably talking out of my ass so why not put a switch between ports 0 + 2?
Similar to Ports 3 4 and 5 -
- Update the firmware to 1.9.1, also apply the bootloader patch if never done.
- Is this an ER-X or an ERL? there is a huge difference in what can be done. I assume it is and ER-X since you have up to eth4 in the config.
- Of course you can create a bridge, but see below.
- You don't need SSH open on the WAN, but if you are going to do that, at least lock it down to your IP. If you are on residential and change a lot, you can still at least lock it down to your ISP's owned block. Check that at arin.net.
- Your problem is you have eth2 on both switch0 and br0. I am surprised it even let you commit that.
- This config is non-standard. UBNT standards are WAN on eth0 and then go from there.
- I hope this a very redacted config. If not, then go on site and run the first setup wizard again (may not have existed when deployed originally).
- If you don't do anything I said, then delete the bridge and put eth0 on switch0 along with everything else. Don't forget to change the IP on switch0 to be what you had on eth0 before you made it br0.
-
I would recommend that you wipe and start over using standard port layout.
You can easily reprogram everything by grabbing the output from
show configuration commands -
@JaredBusch said in EdgeRouter X - bridge mode:
I would recommend that you wipe and start over using standard port layout.
You can easily reprogram everything by grabbing the output from
show configuration commandsI'm headed in... Any reason not to run the WAN+2LAN2 wizard?
-
Is this an ER-X or a ER-L?
-
@Dashrender ER-X
-
If they don't have a WAN + Switch0, then yeah I'd go for your option, then I'd look at the config, hopefully it put eth1 and eth2 on the switch, then you can add eth3 and eth4 to the switch as well, and have an outside and 4 insides.
-
@Mike-Davis said in EdgeRouter X - bridge mode:
@JaredBusch said in EdgeRouter X - bridge mode:
I would recommend that you wipe and start over using standard port layout.
You can easily reprogram everything by grabbing the output from
show configuration commandsI'm headed in... Any reason not to run the WAN+2LAN2 wizard?
Yes, there is a reason not to. That reason is, there is a new 'first run' or something like that on the wizard page. I do not have a ER-X handy to log into to show you the exact name. Assuming you are on the current firmware.
-
Thanks @JaredBusch
I went on site and ran the wizard and it was a quick process to fix things. The relevant part of the new config looks like:
interfaces { ethernet eth0 { address dhcp description Internet duplex auto firewall { in { name WAN_IN } local { name WAN_LOCAL } } speed auto } ethernet eth1 { description Local duplex auto speed auto } ethernet eth2 { description Local duplex auto speed auto } ethernet eth3 { description Local duplex auto speed auto } ethernet eth4 { description Local duplex auto speed auto } loopback lo { } switch switch0 { address 192.168.1.1/24 description Local switch-port { interface eth1 { } interface eth2 { } interface eth3 { } interface eth4 { } } } } port-forward { auto-firewall enable hairpin-nat enable lan-interface switch0 wan-interface eth0 }
