Ubiquiti’s EdgeOS CLI Introduction

This blog post is part of a series on EdgeRouter Lite. You may want to check them all out!

Introduction

I talked about EdgeRouter Lite in my previous blog here but I did not talk about the Web UI or CLI at all. In this blog post, I will share the basic use of the EdgeOS command line interface (CLI).

The Network Operating System (NOS) used by Ubiquiti on their EdgeRouter series is called EdgeOS – a fork and port of Vyatta Core 6.3. In fact, one of the developers of EdgeOS came from Vyatta that worked closely with the VyOS main developer, which is another fork of Vyatta Core.

I’ve never touched Vyatta so I am still a newbie with EdgeOS. I am, however, familiar with Junos OS and EdgeOS has that similar look and feel to it. The set and show commands are very similar to Junos OS. Any users who are only familiar with IOS/NX-OS might feel a little lost but ? is helpful, just like in Cisco.

Accessing CLI

There are three ways on how to access the CLI on EdgeRouter series. The first one is by using the console port. The console port is set differently than a lot of networking devices that I’ve used so one shouldn’t expect that their saved console profile used for Cisco would work on EdgeRouter series. The key difference is the baud rate which is set to 115200.

The second way of accessing the CLI is by using the Web UI, as shown below. Personally, I do not like accessing it via the Web UI because I cannot copy and paste configurations and I have to log in twice just to access the CLI.

The third way of accessing the CLI is by using SSH – enabled by default. This is the most common and preferred way of accessing networking devices.

Note: My Mac mini has an alias called rtr that I use to connect to my router, which makes it easier to type than ssh networkjutsu@rtr command.

Mac-mini:~ Andrew$ rtr
********************************************************************
*                                                                  *
* * * *                    NETWORKJUTSU                      * * * *
* * * *                   WARNING NOTICE:                    * * * *
*   This system is restricted solely to NetworkJutsu authorized    *
*   users for legitimate business purposes only. The actual or     *
*   attempted unauthorized access, use, or modification of this    *
*   system is strictly prohibited by NetworkJutsu. Unauthorized    *
*   users are subject to disciplinary proceedings and/or           *
*   criminal and civil penalties under state, federal, or other    *
*   domestic and foreign laws. The use of this system may be       *
*   monitored and recorded for administrative and security reasons *
*   Anyone accessing this system expressly consents to such        *
*   monitoring and is advised that if monitoring reveals possible  *
*   evidence of criminal activity, NetworkJutsu may provide the    *
*   evidence of such activity to law enformencent officials. All   *
*   users must comply with NetworkJutsu instructions regarding the *
*   protection of NetworkJutsu information assets.                 *
*                                                                  *
********************************************************************
networkjutsu@rtr.networkjutsu.local's password:
Linux rtr 3.10.20-UBNT #1 SMP Fri Jan 29 20:11:31 PST 2016 mips64
Welcome to EdgeOS
Last login: Sat Apr  9 13:50:05 2016 from 192.168.1.200
networkjutsu@rtr:~$

Command Modes

When a user first logs in to the router, he/she is in operational mode. The dollar sign prompt is an indicator that the user is in operational mode. For the people who are only familiar with Cisco IOS, the operational mode is essentially the User EXEC mode. It provides access to operational commands for showing and clearing information, enabling or disabling debug commands, configuring terminal settings, loading and saving configuration, and restarting the router. The example below shows the commands available in operational mode.

networkjutsu@rtr:~$ ?
Possible completions:
  add           Add an object to a service
  clear         Clear system information
  configure     Enter configure mode
  connect       Establish a connection
  copy          Copy data
  debug         Enable debugging of specified routing protocol
  delete        Delete a file
  disconnect    Take down a connection
  generate      Generate an object
  initial-setup Enter initial configuration dialog
  no            Disable or reset operational variable
  ping          Send Internet Control Message Protocol (ICMP) echo request
  ping6         Send IPv6 Internet Control Message Protocol (ICMP) echo request
  reboot        Reboot the system
  release       Release specified variable
  rename        Re-name something.
  renew         Renew specified variable
  reset         Reset a service
  restart       Restart a service
  set           Set system or shell options
  show          Show system information
  shutdown      Shutdown the system
  telnet        Telnet to <hostname|IPv4 address>
  terminal      Control terminal behaviors
  traceroute    Track network path to <hostname|IPv4 address>
  traceroute6   Track network path to <hostname|IPv6 address>
  update        Run an update command

To enter configuration mode, enter configure command. To exit the configuration mode, enter exit command.

networkjutsu@rtr:~$ configure
[edit]
networkjutsu@rtr# exit
exit
networkjutsu@rtr:~$

For users who are familiar with Junos OS, I would assume that they noticed the [edit] prompt section. That prompt indicates where the user is at in the hierarchical configuration tree. The example below shows the commands available in the configuration mode.

networkjutsu@rtr# ?
Possible completions:
  confirm       Confirm prior commit-confirm
  comment       Add comment to this configuration element
  commit        Commit the current set of changes
  commit-confirm
                Commit the current set of changes with 'confirm' required
  compare       Compare configuration revisions
  copy          Copy a configuration element
  delete        Delete a configuration element
  discard       Discard uncommitted changes
  edit          Edit a sub-element
  exit          Exit from this configuration level
  load          Load configuration from a file and replace running configuration
  loadkey       Load user SSH key from a file
  merge         Load configuration from a file and merge running configuration
  rename        Rename a configuration element
  rollback      Rollback to a prior config revision (requires reboot)
  run           Run an operational-mode command
  save          Save configuration to a file
  set           Set the value of a parameter or create a new element
  show          Show the configuration (default values may be suppressed)

Command Completion

Majority, if not all, of the NOS out there provide command completion feature to save keystrokes. However, in Cisco IOS/NX-OS, typing the first few characters of a command is fine as long as it does not match any other commands. In EdgeOS, it will give an error message to the user when the command is not fully spelled out. I find this very annoying because I am so used to just typing the first few characters of the commands without hitting Tab key in Cisco IOS/NX-OS.

networkjutsu@rtr:~$ sh conf
sh: conf: No such file or directory
networkjutsu@rtr:~$ show config
Possible completions:
 configuration Show running configuration

Viewing Configuration

Displaying the configuration on EdgeOS can be done in both operational and configuration mode. The difference between the two are the available options. In the operational mode, viewing just a section of configuration tree is not as easy compared to the configuration mode because the user has to know the commands. In configuration mode, the Tab or ? key is available to guide the users on what command they are looking for.

What is nice about viewing the configuration in operational mode is the option to see the configuration in a set format compared to tree structure format. This doesn’t seem like it is available in configuration mode. In Junos OS, this can be accomplished easily by using the show | display set command. By displaying the set format, it makes it easy to save a text file for template purposes.

networkjutsu@rtr:~# run show configuration
firewall {
    all-ping enable
    broadcast-ping disable
    group {
        network-group BOGON {
            network 0.0.0.0/8
<-- Output omitted for brevity -->

networkjutsu@rtr:~# run show configuration commands | match "firewall group network-group BOGON"
set firewall group network-group BOGON network 0.0.0.0/8
<-- Output omitted for brevity -->

Notice that the command was ran under the configuration mode but with the run command in front of the operational mode commands. EdgeOS allows the users to issue operational mode commands under configuration mode if they do not wish to exit out of it. This is the same as the do command in Cisco IOS.

The example below shows how to display the whole configuration and by section using in the configuration mode.

networkjutsu@rtr# show
 firewall {
     all-ping enable
     broadcast-ping disable
     group {
         network-group BOGON {
             network 0.0.0.0/8
<-- Output omitted for brevity -->

networkjutsu@rtr# show firewall group network-group BOGON
 network 0.0.0.0/8
<-- Output omitted for brevity -->

Adding or Modifying Configuration

Adding and/or modifying configuration changes to the router is done by issuing the set command in configuration mode. Though, I also noticed that there are a couple of configurable items in operational mode as well.

networkjutsu@rtr:~$ set
Possible completions:
  <OPTION>      Bash builtin set command
  date          Set date and time
  system        Set system operational parameters

networkjutsu@rtr#
Possible completions:
  confirm	Confirm prior commit-confirm
  comment	Add comment to this configuration element
  commit	Commit the current set of changes
  commit-confirm
  		Commit the current set of changes with 'confirm' required
  compare	Compare configuration revisions
  copy		Copy a configuration element
  delete	Delete a configuration element
  discard	Discard uncommitted changes
  edit		Edit a sub-element
  exit		Exit from this configuration level
  load		Load configuration from a file and replace running configuration
  loadkey	Load user SSH key from a file
  merge		Load configuration from a file and merge running configuration
  rename	Rename a configuration element
  rollback	Rollback to a prior config revision (requires reboot)
  run		Run an operational-mode command
  save		Save configuration to a file
  set		Set the value of a parameter or create a new element
  show		Show the configuration (default values may be suppressed)

[edit]

If the user wants to view the configuration changes made so far then this can be done in two ways: using the show and compare command. Personally, I would use the latter command especially when I’ve done a lot of configuration changes because using the previous command requires to either show the whole configuration or specific configuration tree.

networkjutsu@rtr# set system host-name EdgeRouterLite
[edit]
networkjutsu@rtr# show system host-name
>host-name EdgeRouterLite
[edit]
networkjutsu@rtr# compare
[edit service]
+lldp {
+}
[edit system]
>host-name EdgeRouterLite
[edit]

As one may have noticed, the plus sign (+) next to the lldp means that this statement has been added to the configuration, but the configuration change hasn’t been committed yet. The right angle bracket (>) means that a running configuration statement was modified. In this case, the host name was changed from rtr to EdgeRouterLite.

Deleting Configuration

In Cisco IOS and NX-OS, the no command is how to negate the configuration statement(s). In EdgeOS, the delete command is used to negate the configuration statement(s).

networkjutsu@rtr# delete interfaces ethernet eth1 address 192.168.0.1/24
[edit]
networkjutsu@rtr# compare
[edit interfaces ethernet eth1]
-address 192.168.0.1/24
[edit]

The minus sign (-) next to the address means that the statement has been deleted from the configuration, but the configuration change hasn’t been committed yet.

Discarding Configuration

Let’s say the user made a mistake and needed to back out of the changes quick. For example, the user incorrectly made changes to a wrong router and quickly realized it. The user could use the delete command but may take few minutes to type all of the commands. Luckily, EdgeOS provides a way to discard all of the uncommitted changes.

networkjutsu@rtr# exit
Cannot exit: configuration modified.
Use 'exit discard' to discard the changes and exit.
[edit]
networkjutsu@rtr# exit discard
exit
networkjutsu@rtr:~$

Another way of discarding changes without exiting is by using the discard command.

networkjutsu@rtr# compare
[edit system]
>host-name Router
[edit]
networkjutsu@rtr# discard
Changes have been discarded
[edit]

Committing Configuration Changes

One of the differences between Junos OS and Cisco IOS/NX-OS is that changes made on the latter takes effect right away. In Junos OS, or any NOS that is similar to it, any configuration changes do not take effect until the user issue the commit command.

networkjutsu@rtr# commit
[ service lldp ]
Starting lldpd...

[edit]

Saving Configuration

If one wants to keep all of the configuration changes even after reboot then use the save command. By default, the configuration is saved to /config directory. The example below shows how to commit and save the configuration in one line.

networkjutsu@rtr# delete service lldp
[edit]
networkjutsu@rtr# commit;save
[ service lldp ]
Stopping lldpd...

Saving configuration to '/config/config.boot'...
Done
[edit]

Thoughts

It is understandable that a user would feel intimidated configuring a device on CLI if he/she is unfamiliar with the command syntax. While EdgeOS’ Web UI has come a long way, a lot of the features are still only configurable under CLI so one should get comfortable using it. I am sure that Ubiquiti has plans to keep adding features that are configurable using the Web UI but it is probably safe to assume that it won’t be for quite some time.

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.