Ubiquiti Edgerouter notes
Show MAC address table
#### Show MAC address table for switched interfaces:
sudo /sbin/switch dumpIPv6 router advertisements to clients (staticly assigned)
#### Manually assign interface address, and set RA to advertise slaac configuration
interfaces {
ethernet eth0 {
address 2001:db8::1/64
address 192.168.10.1/24
duplex auto
ipv6 {
router-advert {
prefix 2001:db8::/64 {
autonomous-flag true
}
}
}
speed auto
}
}
IPv6 firewall rules
Firewall rules are the same for v4 and v6, however v6 rules do not show up in the web interface. Also, the web interface will not load via v6.
In this example we will limit access to the local device from the wan to one trusted network
firewall {
group {
ipv6-network-group mgmnt_networks_6 {
ipv6-network 2002:db8::/48
}
ipv6-name WAN_LOCAL_6 {
default-action drop
rule 10 {
action accept
description "Allow established/related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 20 {
action accept
description allow_icmp
log disable
protocol icmp
state {
established enable
invalid disable
new enable
related enable
}
}
rule 30 {
action accept
description allow_trusted
log disable
protocol all
source {
group {
ipv6-network-group mgmnt_networks_6
}
}
state {
established enable
invalid disable
new enable
related enable
}
}
}
}
}
interfaces {
ethernet eth0 {
address 2001:db8::1/64
address 192.168.10.1/24
duplex auto
firewall {
local {
ipv6-name WAN_LOCAL_6
name WAN_LOCAL
}
}
ipv6 {
router-advert {
prefix 2001:db8::/64 {
autonomous-flag true
}
}
}
speed auto
}
}
IPv6-PD client
#### Aquiring IPv6 addressing using prefix delegation
#Setup interface
set interfaces ethernet eth0 ipv6 address autoconfset interfaces ethernet eth0 ipv6 dup-addr-detect-transmits 1#Enable prefix delegation to switch0
set interfaces ethernet eth0 dhcpv6-pd pd 0 interface switch0 host-address '::1'set interfaces ethernet eth0 dhcpv6-pd pd 0 interface switch0 service dhcpv6-statelessset interfaces ethernet eth0 dhcpv6-pd pd 0 prefix-length /64set interfaces ethernet eth0 dhcpv6-pd rapid-commit enableComplete config example
interfaces {
ethernet eth0 {
address dhcp
dhcpv6-pd {
pd 1 {
interface switch0 {
host-address ::1
service dhcpv6-stateless
}
prefix-length /64
}
rapid-commit enable
}
duplex auto
ipv6 {
address {
autoconf
}
dup-addr-detect-transmits 1
}
speed auto
}
ethernet eth1 {
duplex auto
speed auto
}
ethernet eth2 {
duplex auto
speed auto
}
ethernet eth3 {
duplex auto
speed auto
}
ethernet eth4 {
duplex auto
poe {
output off
}
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.50.1/23
mtu 1500
switch-port {
interface eth1 {
}
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
IPv6-PD server
Usefull commands
#### Start tcpdump and save to file
sudo tcpdump -i eth0 -w output.pcap#### tftp tcpdump back off device
tftp -p -l output.pcap -r output.pcap [IPv4 address]