7MS #217: Installing Ubiquiti EdgeRouter X and AP - Part 2

Be sure to scroll down and view the whole post as there is both audio and video coverage of today's episode!

Today is part 2 on our series about setting up a Ubiquiti EdgeRouter X and access point. The audio portion of this episode covers the following topics:

Audio:

1. Getting started

Plugging everything in and getting your Internet connection active is pretty simple. Just hit the Wizards tab and choose the appropriate config (I chose WAN + 2LAN and all I had to do was tell the router which interface I was going to use for Internet) and reboot the device. The appropriate firewall rules will be created automatically and a virtual switch called switch0 will be created that bonds ports eth2-eth4 as part of the 192.168.2.x network.

2. Setting up DHCP subnets and their associated VLANs

Start by clicking the DHCP menu and then click Add DHCP Server. I wanted to create a 192.168.7.x network for my "Internet of Things" network, so I set it up like this:

Then, go back to the Interfaces menu, and add a corresponding VLAN to switch0:

Finally, I made sure that the switch0 was "VLAN aware" so that I could eventually pass this VLAN out of eth4 where my AP is connected:

In part 3 of this series we'll go into how to get the VLANs assigned to SSIDs on the Ubiquiti wireless access point, but for now I wanted to show you how quick and easy it is to setup a DHCP server + VLAN combo!

3. Configuring QoS

It couldn't be more simple! First, run an Internet speed test (I recommend doing it while your network is very "quiet") so you know your max upload/download speeds. Then click the QoS tab and enter those values. For me, my max upload is 6mbit and my max download is 60mbit, so I entered the values as such:

That's it! Now the router will automatically balance the load! You could go nuts with more specific QoS rules from here, but this starter rule will get you going!

4. Setup Xbox One NAT

This one took me a while to figure out, but thanks to this post I figured out the correct commands (see below). The one important prerequisite is to set your Xbox up with a static IP address - in the example below I used 192.168.7.77.

configure
set service upnp2 listen-on switch0.7
set service upnp2 nat-pmp enable
set service upnp2 secure-mode enable
set service upnp2 wan eth1
set service upnp2 acl rule 10 action deny
set service upnp2 acl rule 10 description "Block default Xbox Live port 3074"
set service upnp2 acl rule 10 external-port 3074
set service upnp2 acl rule 10 local-port 0-65535
set service upnp2 acl rule 10 subnet 192.168.7.0/24
set service upnp2 acl rule 20 action allow
set service upnp2 acl rule 20 description "Allow XBOX-1"
set service upnp2 acl rule 20 external-port 1024-65535
set service upnp2 acl rule 20 local-port 0-65535
set service upnp2 acl rule 20 subnet 192.168.7.77/32

Also(!) if you use the OpenDNS be sure to whitelist the following domains in order for your Xbox Live and game-playing to work correctly:

  • live.com
  • microsoft.com
  • ubi.com
  • ubisoft.com
  • xbox.com
  • xboxlive.com

Also also (!) after you've made the NAT and/or OpenDNS whitelisting, be sure to do a full power down and reboot of the Xbox. I found a snag where my power saving setup wasn't actually doing a full reboot, so my network changes were still wonky.

Stay tuned for part 3, where we'll cover how to setup the Ubiquiti wireless access point and finish the creation of our "ioT" VLAN, as well as setup a segmented guest network with a voucher system!

Video:

Here's the complementary video content for today's audio podcast:

7 Minute Security #217: Installing Ubiquiti EdgeRouter X and AP - Part 2 from Brian J on Vimeo.