This blog post is part of a series on EdgeRouter Lite. You may want to check them all out!
| Date | Title | Description |
| 03/13/16 | My Home Router – EdgeRouter Lite | Quick introduction to EdgeRouter Lite |
| 05/01/16 | How to configure EdgeRouter Lite via CLI – Part 1 | EdgeOS configuration guide for CLI junkies |
| 05/01/16 | How to configure EdgeRouter Lite via CLI – Part 2 | EdgeOS configuration guide for CLI junkies |
| 12/03/16 | Hardening EdgeRouter Lite – Part 1 | Basic management hardening |
| 12/04/16 | Hardening EdgeRouter Lite – Part 2 | EdgeOS with two-factor authentication |
| 12/05/16 | Hardening EdgeRouter Lite – Part 3 | Management ACL |
| 12/06/16 | Hardening EdgeRouter Lite – Part 4 | Remote Access VPN with two-factor authentication |
Introduction
I talked about EdgeRouter Lite in my previous blog here but I did not talk about the Web UI or CLI at all. In this blog post, I will share the basic use of the EdgeOS command line interface (CLI).
The Network Operating System (NOS) used by Ubiquiti on their EdgeRouter series is called EdgeOS – a fork and port of Vyatta Core 6.3. In fact, one of the developers of EdgeOS came from Vyatta that worked closely with the VyOS main developer, which is another fork of Vyatta Core.
I’ve never touched Vyatta so I am still a newbie with EdgeOS. I am, however, familiar with Junos OS and EdgeOS has that similar look and feel to it. The set and show commands are very similar to Junos OS. Any users who are only familiar with IOS/NX-OS might feel a little lost but ? is helpful, just like in Cisco.
Accessing CLI
There are three ways on how to access the CLI on EdgeRouter series. The first one is by using the console port. The console port is set differently than a lot of networking devices that I’ve used so one shouldn’t expect that their saved console profile used for Cisco would work on EdgeRouter series. The key difference is the baud rate which is set to 115200.
The second way of accessing the CLI is by using the Web UI, as shown below. Personally, I do not like accessing it via the Web UI because I cannot copy and paste configurations and I have to log in twice just to access the CLI.
The third way of accessing the CLI is by using SSH – enabled by default. This is the most common and preferred way of accessing networking devices.
Note: My Mac mini has an alias called rtr that I use to connect to my router, which makes it easier to type than ssh [email protected] command.
Mac-mini:~ Andrew$ rtr
********************************************************************
* *
* * * * NETWORKJUTSU * * * *
* * * * WARNING NOTICE: * * * *
* This system is restricted solely to NetworkJutsu authorized *
* users for legitimate business purposes only. The actual or *
* attempted unauthorized access, use, or modification of this *
* system is strictly prohibited by NetworkJutsu. Unauthorized *
* users are subject to disciplinary proceedings and/or *
* criminal and civil penalties under state, federal, or other *
* domestic and foreign laws. The use of this system may be *
* monitored and recorded for administrative and security reasons *
* Anyone accessing this system expressly consents to such *
* monitoring and is advised that if monitoring reveals possible *
* evidence of criminal activity, NetworkJutsu may provide the *
* evidence of such activity to law enformencent officials. All *
* users must comply with NetworkJutsu instructions regarding the *
* protection of NetworkJutsu information assets. *
* *
********************************************************************
[email protected]'s password:
Linux rtr 3.10.20-UBNT #1 SMP Fri Jan 29 20:11:31 PST 2016 mips64
Welcome to EdgeOS
Last login: Sat Apr 9 13:50:05 2016 from 192.168.1.200
[email protected]:~$Command Modes
When a user first logs in to the router, he/she is in operational mode. The dollar sign prompt is an indicator that the user is in operational mode. For the people who are only familiar with Cisco IOS, the operational mode is essentially the User EXEC mode. It provides access to operational commands for showing and clearing information, enabling or disabling debug commands, configuring terminal settings, loading and saving configuration, and restarting the router. The example below shows the commands available in operational mode.
[email protected]:~$ ?
Possible completions:
add Add an object to a service
clear Clear system information
configure Enter configure mode
connect Establish a connection
copy Copy data
debug Enable debugging of specified routing protocol
delete Delete a file
disconnect Take down a connection
generate Generate an object
initial-setup Enter initial configuration dialog
no Disable or reset operational variable
ping Send Internet Control Message Protocol (ICMP) echo request
ping6 Send IPv6 Internet Control Message Protocol (ICMP) echo request
reboot Reboot the system
release Release specified variable
rename Re-name something.
renew Renew specified variable
reset Reset a service
restart Restart a service
set Set system or shell options
show Show system information
shutdown Shutdown the system
telnet Telnet to <hostname|IPv4 address>
terminal Control terminal behaviors
traceroute Track network path to <hostname|IPv4 address>
traceroute6 Track network path to <hostname|IPv6 address>
update Run an update commandTo enter configuration mode, enter configure command. To exit the configuration mode, enter exit command.
[email protected]:~$ configure
[edit]
[email protected]# exit
exit
[email protected]:~$For users who are familiar with Junos OS, I would assume that they noticed the [edit] prompt section. That prompt indicates where the user is at in the hierarchical configuration tree. The example below shows the commands available in the configuration mode.
[email protected]# ?
Possible completions:
confirm Confirm prior commit-confirm
comment Add comment to this configuration element
commit Commit the current set of changes
commit-confirm
Commit the current set of changes with 'confirm' required
compare Compare configuration revisions
copy Copy a configuration element
delete Delete a configuration element
discard Discard uncommitted changes
edit Edit a sub-element
exit Exit from this configuration level
load Load configuration from a file and replace running configuration
loadkey Load user SSH key from a file
merge Load configuration from a file and merge running configuration
rename Rename a configuration element
rollback Rollback to a prior config revision (requires reboot)
run Run an operational-mode command
save Save configuration to a file
set Set the value of a parameter or create a new element
show Show the configuration (default values may be suppressed)Command Completion
Majority, if not all, of the NOS out there provide command completion feature to save keystrokes. However, in Cisco IOS/NX-OS, typing the first few characters of a command is fine as long as it does not match any other commands. In EdgeOS, it will give an error message to the user when the command is not fully spelled out. I find this very annoying because I am so used to just typing the first few characters of the commands without hitting Tab key in Cisco IOS/NX-OS.
[email protected]:~$ sh conf
sh: conf: No such file or directory
[email protected]:~$ show config
Possible completions:
configuration Show running configurationViewing Configuration
Displaying the configuration on EdgeOS can be done in both operational and configuration mode. The difference between the two are the available options. In the operational mode, viewing just a section of configuration tree is not as easy compared to the configuration mode because the user has to know the commands. In configuration mode, the Tab or ? key is available to guide the users on what command they are looking for.
What is nice about viewing the configuration in operational mode is the option to see the configuration in a set format compared to tree structure format. This doesn’t seem like it is available in configuration mode. In Junos OS, this can be accomplished easily by using the show | display set command. By displaying the set format, it makes it easy to save a text file for template purposes.
[email protected]:~# run show configuration
firewall {
all-ping enable
broadcast-ping disable
group {
network-group BOGON {
network 0.0.0.0/8
<-- Output omitted for brevity -->
[email protected]:~# run show configuration commands | match "firewall group network-group BOGON"
set firewall group network-group BOGON network 0.0.0.0/8
<-- Output omitted for brevity -->Notice that the command was ran under the configuration mode but with the run command in front of the operational mode commands. EdgeOS allows the users to issue operational mode commands under configuration mode if they do not wish to exit out of it. This is the same as the do command in Cisco IOS.
The example below shows how to display the whole configuration and by section using in the configuration mode.
[email protected]# show
firewall {
all-ping enable
broadcast-ping disable
group {
network-group BOGON {
network 0.0.0.0/8
<-- Output omitted for brevity -->
[email protected]# show firewall group network-group BOGON
network 0.0.0.0/8
<-- Output omitted for brevity -->Adding or Modifying Configuration
Adding and/or modifying configuration changes to the router is done by issuing the set command in configuration mode. Though, I also noticed that there are a couple of configurable items in operational mode as well.
[email protected]:~$ set
Possible completions:
<OPTION> Bash builtin set command
date Set date and time
system Set system operational parameters
[email protected]#
Possible completions:
confirm Confirm prior commit-confirm
comment Add comment to this configuration element
commit Commit the current set of changes
commit-confirm
Commit the current set of changes with 'confirm' required
compare Compare configuration revisions
copy Copy a configuration element
delete Delete a configuration element
discard Discard uncommitted changes
edit Edit a sub-element
exit Exit from this configuration level
load Load configuration from a file and replace running configuration
loadkey Load user SSH key from a file
merge Load configuration from a file and merge running configuration
rename Rename a configuration element
rollback Rollback to a prior config revision (requires reboot)
run Run an operational-mode command
save Save configuration to a file
set Set the value of a parameter or create a new element
show Show the configuration (default values may be suppressed)
[edit]If the user wants to view the configuration changes made so far then this can be done in two ways: using the show and compare command. Personally, I would use the latter command especially when I’ve done a lot of configuration changes because using the previous command requires to either show the whole configuration or specific configuration tree.
[email protected]# set system host-name EdgeRouterLite
[edit]
[email protected]# show system host-name
>host-name EdgeRouterLite
[edit]
[email protected]# compare
[edit service]
+lldp {
+}
[edit system]
>host-name EdgeRouterLite
[edit]As one may have noticed, the plus sign (+) next to the lldp means that this statement has been added to the configuration, but the configuration change hasn’t been committed yet. The right angle bracket (>) means that a running configuration statement was modified. In this case, the host name was changed from rtr to EdgeRouterLite.
Deleting Configuration
In Cisco IOS and NX-OS, the no command is how to negate the configuration statement(s). In EdgeOS, the delete command is used to negate the configuration statement(s).
[email protected]# delete interfaces ethernet eth1 address 192.168.0.1/24
[edit]
[email protected]# compare
[edit interfaces ethernet eth1]
-address 192.168.0.1/24
[edit]The minus sign (-) next to the address means that the statement has been deleted from the configuration, but the configuration change hasn’t been committed yet.
Discarding Configuration
Let’s say the user made a mistake and needed to back out of the changes quick. For example, the user incorrectly made changes to a wrong router and quickly realized it. The user could use the delete command but may take few minutes to type all of the commands. Luckily, EdgeOS provides a way to discard all of the uncommitted changes.
[email protected]# exit
Cannot exit: configuration modified.
Use 'exit discard' to discard the changes and exit.
[edit]
[email protected]# exit discard
exit
[email protected]:~$Another way of discarding changes without exiting is by using the discard command.
[email protected]# compare
[edit system]
>host-name Router
[edit]
[email protected]# discard
Changes have been discarded
[edit]Committing Configuration Changes
One of the differences between Junos OS and Cisco IOS/NX-OS is that changes made on the latter takes effect right away. In Junos OS, or any NOS that is similar to it, any configuration changes do not take effect until the user issue the commit command.
[email protected]# commit
[ service lldp ]
Starting lldpd...
[edit]Saving Configuration
If one wants to keep all of the configuration changes even after reboot then use the save command. By default, the configuration is saved to /config directory. The example below shows how to commit and save the configuration in one line.
[email protected]# delete service lldp
[edit]
[email protected]# commit;save
[ service lldp ]
Stopping lldpd...
Saving configuration to '/config/config.boot'...
Done
[edit]Thoughts
It is understandable that a user would feel intimidated configuring a device on CLI if he/she is unfamiliar with the command syntax. While EdgeOS’ Web UI has come a long way, a lot of the features are still only configurable under CLI so one should get comfortable using it. I am sure that Ubiquiti has plans to keep adding features that are configurable using the Web UI but it is probably safe to assume that it won’t be for quite some time.
Are you ready to improve your network security?
Let us answer more questions by contacting us. We’re here to listen and provide solutions that are right for you.
Disclosure
NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.
