Menu
What's new
By:
Filters Better Search

Product-review: Ubiquiti EdgeRouter Lite

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

v1.4.0 software release

Just as a follow up, I wanted to mention that a few days ago we released our latest software v1.4.0 for all four models of EdgeMAX routers. The release notes can be seen at - EdgeMAX release v1.4.0.

I think the software has come a long way since Tim's review. We now have basic SOHO setup wizard, a port forward wizard that automatically opens the firewall ports and a checkbox for NAT hairpin, and in this latest version we have added a dual WAN load-balance with automatic fail over feature.

Tim do you plan to review the 8 port EdgeRouter Pro which is more than twice as fast as the EdgeRouter Lite.
 
stig said:
Tim do you plan to review the 8 port EdgeRouter Pro which is more than twice as fast as the EdgeRouter Lite.
Click to expand...
Hi Stig,
I haven't had anyone from Ubiquiti contact me for review. So, no, no plans for review.

As far as "twice as fast as the EdgeRouter Lite", what's the point? That little guy already had wire-speed Gigabit routing. Since the Pro doesn't have VPN, what's all that extra horsepower doing?
 
thiggins said:
Hi Stig,
I haven't had anyone from Ubiquiti contact me for review. So, no, no plans for review.

As far as "twice as fast as the EdgeRouter Lite", what's the point? That little guy already had wire-speed Gigabit routing. Since the Pro doesn't have VPN, what's all that extra horsepower doing?
Click to expand...
All 4 models of EdgeMAX have VPN (ipsec, openvpn, pptp, l2tp). Of those ipsec is the fastest since there is hw offload support for that. Maybe you mean there's no VPN in the GUI yet? We did add pptp to the GUI and more are coming.

Probably the biggest demand for the Pro model was for more ports (8), SFP ports (2) and more DRAM (2GB sodimm) so they could run things like BGP with full Internet routing tables. I guess maybe BGP is beyond the score of what small net builders do?
 
stig said:
All 4 models of EdgeMAX have VPN (ipsec, openvpn, pptp, l2tp). Of those ipsec is the fastest since there is hw offload support for that. Maybe you mean there's no VPN in the GUI yet? We did add pptp to the GUI and more are coming.
Click to expand...
Thanks for setting me straight. Didn't realize the VPN was in there.

stig said:
Probably the biggest demand for the Pro model was for more ports (8), SFP ports (2) and more DRAM (2GB sodimm) so they could run things like BGP with full Internet routing tables. I guess maybe BGP is beyond the score of what small net builders do?
Click to expand...
BGP isn't exactly small net, no. But might be interesting to look at VPN performance and dual-WAN.

I'll ping my Ubiquiti contact to see if they want to submit one for review and also check with Doug Reid, who does all my VPN / biz router reviews, to see if he wants to wrassle with the CLI.
 
L&LD said:
Tim and stig,

most of this discussion is going way over my head, but would this product get me to where I want here:

http://forums.smallnetbuilder.com/showthread.php?p=100747#post100747


possibly with a few routers/AP's for WiFi as indicated in the post?
:(
Click to expand...
L&LD, most of your question seem wifi related and the EdgeMAX line of router don't have built-in wifi. Obviously Ubiquiti does have the UniFi wifi product line, but to tell you the truth I don't know much about UniFi. What I can tell you is that we use a EdgeRouter Pro as our corporate router/firewall and (no surprise) UniFi for our wireless. We have 3 SSIDs (production, testing, guest) and UniFi tags them each with a different VLAN. This is convenient because on the router I can configure those VLAN each to have a different subnet and their own dhcp-server. Then I can add firewall rules such the the guest network only has access to Internet, the testing network has access to Internet and some shared resources such as printers and NAS, and the production network has no restrictions.

The UniFi APs are power via PoE, so depending on how many APs you have the 5 port EdgeRouter-PoE might be able to suit your needs and power the APs.

I believe UniFi can do the other things you asked, but we should probably find someone more UniFi knowledgeable than me. I'm an engineer, not a marketing guy :D
 
stig,

Thank you for your reply. Very encouraged!

Now, I'll have to learn a new language it seems (engineer) though...

Btw, your marketing dialect was very convincing! :)
 
stig said:
and in this latest version we have added a dual WAN load-balance with automatic fail over feature.
Click to expand...

Hi stig,

I've finally bought the EdgeRouter Lite to replace the Asus RT-AC68U and everything's working great.

v.1.4.0 is just awesome and without a lot of trouble, I managed to get it configured like what I did with the Asus (i.e. port forwarding, PPTP server, static routing, Firewall rules, change MAC address (for WAN), etc.)

However, I'm currently 'stuck' with the implementation of the new WAN failover feature despite spending a lot of hours trying to Google for information. If possible, I'd appreciate if you can help me with the CLI commands to achieve this rather 'simple' requirement of mine :

WAN Failover with Failback but without Load Balancing :

Eg.
- no ping response, switch from eth1 to eth2
- ping is restored, switch from eth2 to eth1

Here's my ERL set-up :
- eth0 LAN
- eth1 (Primary WAN - DHCP)
- eth2 (Back WAN - DHCP)

Thank you in advance for your help. :)
 
elpibe10 said:
Hi stig,

I've finally bought the EdgeRouter Lite to replace the Asus RT-AC68U and everything's working great.

v.1.4.0 is just awesome and without a lot of trouble, I managed to get it configured like what I did with the Asus (i.e. port forwarding, PPTP server, static routing, Firewall rules, change MAC address (for WAN), etc.)

However, I'm currently 'stuck' with the implementation of the new WAN failover feature despite spending a lot of hours trying to Google for information. If possible, I'd appreciate if you can help me with the CLI commands to achieve this rather 'simple' requirement of mine :

WAN Failover with Failback but without Load Balancing :

Eg.
- no ping response, switch from eth1 to eth2
- ping is restored, switch from eth2 to eth1

Here's my ERL set-up :
- eth0 LAN
- eth1 (Primary WAN - DHCP)
- eth2 (Back WAN - DHCP)

Thank you in advance for your help. :)
Click to expand...

Hi elpibe10, I wrote that feature so I should be able to help you. I see you also posted the question on our forum, so I'll help you there.
 
Hi,

A yeay ago Tim Higgins did a review of the Ubiquiti Edgemax Edge router lite.

At the the time, there was only the edgerouter Lite, wich is the small version of it. Now there is the Edgerouter PoE, Edgerouter and Edgerouter PRO.

At the time, on firmware 1.0.2, the device looked scary for begginners since you had to manually configure everything in the router.

But since then, there had many updates on the firmware, and a LOT of improvements. They are very active with the community and takes suggestions very seriously.

Now we are on Firmware 1.4.0 and here is what has been added.

Statup Wizard to :
Bind your WAN an LAN interfaces. (192.168.1.0/24 on the LAN ans DHCP on WAN)
Configure a starting firewall configuration.

Block Everything IN on the WAN interface.
Accept Established and related connections IN on the WAN interface
Block everything to the router on the WAN interface

Start your DHCP Service (192.168.1.20-192.168.1.240 on LAN)
Start your DNS Cache service on your LAN interface.

A wizart to add port forwardings :

By default port fowarding will also take care of opening ports in the firewall.
There is an option to activate NAT Reflection (Loopback) on your Port fowarding rules.

Also, they added dual WAN with automatic fail-over in the CLI, nice feature for buisnesses out there.

So all in all, it became a fairly simple device to get working on basics.
You get crazy performance and stability
You still have room to do very advanced configuration.

Lite : 1 million packets per second, 3 Interfaces. 99$

PoE : 1 million packets per second, 3 Interfaces : 3 ports switched with PoE on the 3rd interface. 175$

Edgerouter : 2 Millions packets per seconds, 8 interfaces 329$

Edgerouter Pro : 2 millions packets per second, 8 interfaces (of witch, 2 of them are combo RJ-45/SFP ports) 369$
 
Thanks a lot for this post! I was considering Mikrotik, but now I'm actually considering the EdgeRouter Lite, as the implemented features are the ones which I was looking for especially!
 
Is the Edgerouter Lite configurable from the GUI now for a basic configuration? I am thinking about getting one of them to replace my current wireless router due to performance issues.

All I would be doing with it would be setting up one port for the incoming connection from my cable modem, one port going out to a gigabit switch, and one port going out to an AP like the Unifi. Probably would want the firewall on too and a bit of port forwarding for a minecraft server. I am a bit scared of command line and that was the only thing keeping me from it when it released.
 
I picked one up a few weeks ago and am quite impressed. Performance is ridiculous for the money!

Now if I could only find reasonably priced 802.11ac WAPs I would be extremely happy!



Sent from my SCH-I605 using Tapatalk
 
I've just jumped into the Ubiquiti camp as well.

I'm looking forward to the 1.5 firmware and the VPN GUI that goes along with it.

But what I am really anticipating is the hinted QOS + GUI rewrite that is supposedly somewhere in the pipe after the new VPN gui framework is up and running.

That said, Small net builder should just start updating their Edgerouter review yearly as long as something worth reporting has been added.

They may want to consider performing a update for the UNIFI 3.0 firmware when it gets out of beta. (been a long time coming)
 
Contributed by a reader. Config file changes to block traffic between subnets for the two LAN configuration.


set firewall name DMZ_IN default-action drop
set firewall name DMZ_IN description 'packets from DMZ'
set firewall name DMZ_IN rule 1 action accept
set firewall name DMZ_IN rule 1 description 'allow established connections'
set firewall name DMZ_IN rule 1 log disable
set firewall name DMZ_IN rule 1 protocol all
set firewall name DMZ_IN rule 1 state established enable
set firewall name DMZ_IN rule 1 state invalid disable
set firewall name DMZ_IN rule 1 state new disable
set firewall name DMZ_IN rule 1 state related enable
set firewall name DMZ_IN rule 2 action drop
set firewall name DMZ_IN rule 2 description 'drop invalid state'
set firewall name DMZ_IN rule 2 log disable
set firewall name DMZ_IN rule 2 protocol all
set firewall name DMZ_IN rule 2 state established disable
set firewall name DMZ_IN rule 2 state invalid enable
set firewall name DMZ_IN rule 2 state new disable
set firewall name DMZ_IN rule 2 state related disable
set firewall name DMZ_IN rule 3 action drop
set firewall name DMZ_IN rule 3 description 'drop DMZ to INTERNAL 10.0.0.0/8 subnet'
set firewall name DMZ_IN rule 3 destination address '10.0.0.0/8'
set firewall name DMZ_IN rule 3 log disable
set firewall name DMZ_IN rule 3 protocol all
set firewall name DMZ_IN rule 3 state
set firewall name DMZ_IN rule 4 action drop
set firewall name DMZ_IN rule 4 description 'drop DMZ to INTERNAL 192.168.0.0/16 subnet'
set firewall name DMZ_IN rule 4 destination address '192.168.0.0/16'
set firewall name DMZ_IN rule 4 log disable
set firewall name DMZ_IN rule 4 protocol all
set firewall name DMZ_IN rule 4 state
set firewall name DMZ_IN rule 100 action accept
set firewall name DMZ_IN rule 100 description 'catch all for DMZ to WORLD for REMAINING SUBNETS'
set firewall name DMZ_IN rule 100 log disable
set firewall name DMZ_IN rule 100 protocol all
set firewall name DMZ_IN rule 100 state

All you need to do is apply this to both the ETH1 and ETH2 rule_in and voila!! traffic is routed as it should, but it will not allow traffic on ETH1 or ETH2 to traverse each other
 
There are a few more rules that need to be made if you use the 172.16.0.0/12 range
 
Guys! You should retest this little devil! Tons improvement since the last test. (metal case, hw offload, user friendly gui with wizzards, etc...) Lot of ppl use your charts for chosing router, and after reading your test they dont believe this stuff how much changed in a positive way since then.

Lot of isp with optical network uses pppoe. Since 1.5 its hardware accelerated. Very happy with mine on 1000Mbit/200Mbit line. I get around 900Mbit without problem. :) (Same as without router so I think the stuff can handle more)
 
Last edited:
You must log in or register to reply here.

Similar threads

C
OpenWRT on EdgeRouter Lite 3
Replies
5
Views
390
sfx2000
sfx2000
S
Outdoor-rated Ethernet to Wi-Fi (without breaking the bank)
Replies
3
Views
722
drinkingbird
drinkingbird
B
Secure standalone router, Ubiquiti EdgeRouter ER-X?
Replies
11
Views
2K
ddaenen1
ddaenen1
J
Connecting AX 58 to a device with LAN port
Replies
1
Views
1K
jgruizinga
J
U
Hotspot to WAN Port Wired Connection
Replies
2
Views
244
Tech9
Tech9

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 995 (members: 14, guests: 981)
Top