manualshive.com logo in svg

Ubiquiti ERLite-3, User Manual

The Ubiquiti ERLite-3 is a powerful router designed for small to medium-sized businesses. For a quick setup, download the free Quick Start Manual from our website. This manual provides detailed instructions on setting up and configuring the ERLite-3 for optimal performance. Get your manual at manualshive.com today.

Share
Download
background image

27

Chapter 6: Security Tab

EdgeRouter

 Lite User Guide

 Ubiquiti Networks, Inc.

• 

Translations 

Complete the following:

 

-

Address 

Enter the IP address that will replace the 

destination IP address of the incoming packet.

 

-

Port 

Enter the port number that will replace the 

destination port number of the incoming packet.

• 

Exclude from NAT 

Check the box to exclude packets 

that match this rule from NAT.

• 

Enable Logging 

Check this box to log instances when 

the rule is matched.

• 

Protocol

 

-

All protocols 

Match packets of all protocols.

 

-

Both TCP and UDP 

Match TCP and UDP packets.

 

-

Choose a protocol by name 

Select the protocol from 

the drop-down list. Match packets of this protocol.

• 

Match all protocols except for this 

Match packets 

of all protocols except for the selected protocol.

 

-

Enter a protocol number 

Enter the port number of 

the protocol. Match packets of this protocol.

• 

Match all protocols except for this 

Match packets 

of all protocols except for the selected protocol.

• 

Src Address 

Enter the IP address or network address of 

the source. You can also enter a range of IP addresses; 
one of them will be used.

Note:

 If you enter a network address, enter the IP 

address and subnet mask using slash notation: 

<network_IP_address>

/

<subnet_mask_number>

 

(example: 

192.0.2.0/24

).

• 

Src Port 

Enter the port name or number of the source. 

You can also enter a range of port numbers; one of them 
will be used.

• 

Dest. Address 

Enter the IP address or network address 

of the destination. You can also enter a range of IP 
addresses; one of them will be used.

Note:

 If you enter a network address, enter the IP 

address and subnet mask using slash notation: 

<network_IP_address>

/

<subnet_mask_number>

 

(example: 

192.0.2.0/24

).

• 

Dest. Port 

Enter the port name or number of the 

destination. You can also enter a range of port numbers; 
one of them will be used.

Click

 Save

 to apply your changes, or click 

Cancel

.

VPN

A common type of VPN uses PPTP (Point-to-Point 
Tunneling Protocol). The EdgeRouter can function as a 
PPTP VPN server so a remote VPN client can access the 
LAN using a PPTP VPN tunnel over the Internet.

PPTP Server

Client IP pool range start 

The client IP pool is the pool 

of IP addresses that remote VPN clients will use. Enter the 
starting IP address of the range (this address must in a /24 
subnet).

Client IP pool range stop 

Enter the last IP address of the 

range.

Server outside address 

Enter the IP address that VPN 

clients will connect to; this is the outside or external 
address of the PPTP server.

RADIUS server IP address 

The RADIUS (Remote Access 

Dial-In User Service) server provides authentication to 
help secure VPN tunnels. Enter the IP address of the 
RADIUS server.

RADIUS server key 

Enter the key shared with the RADIUS 

server.

MTU 

Enter the MTU for the PPTP VPN connection.

DNS 1 

Enter the IP address of the primary remote access 

DNS server that your VPN client will use.

DNS 2 

Enter the IP address of the secondary remote 

access DNS server.

Click

 Save

 to apply your changes, or click 

Cancel

.

Summary of Contents for ERLite-3

Page 1: ...3 Port Router...

Page 2: ...allation of the EdgeRouter Lite 2 Typical Deployment Scenarios 3 Chapter 3 Using EdgeOS 5 Ports and Status Information 5 Navigation 5 Common Interface Options 6 Chapter 4 Dashboard Tab 10 Services 10...

Page 3: ...CLI 38 CLI Modes 40 Appendix B Specifications 47 Appendix C Safety Notices 49 Electrical Safety Information 49 Appendix D Warranty 50 General Warranty 50 Appendix E Compliance Information 51 FCC 51 In...

Page 4: ...ity at 10 100 Mbps Green Link Established at 1000 Mbps Green Flashing Link Activity at 1000 Mbps Chapter 1 Overview Introduction Thank you for purchasing the Ubiquiti Networks EdgeRouter Lite model ER...

Page 5: ...ors the EdgeRouter Lite itself should be housed inside a protective enclosure Terms of Use All Ethernet cabling runs must use CAT5 or above It is the customer s responsibility to follow local country...

Page 6: ...arios that are possible this section highlights a couple of typical deployments Service Provider Deployment Corporate Deployment Service Provider Deployment This scenario uses six EdgeRouter devices 1...

Page 7: ...faces connect to the following Internet DMZ LAN Internet DMZ LAN Firewall Policies Here are the typical steps to follow 1 Configure the appropriate settings on the System tab see System on page 6 for...

Page 8: ...e 33 Change the default password of the ubnt login on the Users Local tab For details go to Configure the User on page 34 Ports and Status Information The Ports image displays the active connections A...

Page 9: ...d Line Interface on page 38 for more information Toolbox At the top right of the screen click the Toolbox button The following network administration and monitoring tools are available Ping on page 35...

Page 10: ...on the Internet holds these mappings in its respective DNS database System name server Enter the IP address of your DNS server example 192 0 2 1 for IPv4 or 2001 db8 1 for IPv6 Click Add New to add ad...

Page 11: ...hat warrant attention The EdgeRouter contains an SNMP agent which does the following Provides an interface for device monitoring using SNMP Communicates with SNMP management applications for network p...

Page 12: ...stem image To update the EdgeRouter with new firmware click Upload a file and locate the new firmware file Then click Choose Please be patient as the firmware update routine can take three to seven mi...

Page 13: ...order Gateway Protocol IBGP Interior Border Gateway Protocol The number of each route type and the total number of routes are displayed Click Routes to display the Routing Routes tab Go to Routes on p...

Page 14: ...eatea New VLAN screen appears VLAN ID The VLAN ID is a unique value assigned to each VLAN at a single device every VLAN ID represents a different VLAN The VLAN ID range is 2 to 4094 Interface Select t...

Page 15: ...quires network settings from a DHCPv4 server Click the Renew button to acquire fresh network settings Use DHCP for IPv6 The interface acquires network settings from a DHCPv6 server Manually define IP...

Page 16: ...n Refer to Name Server on page 7 Dashboard VLAN configuration Refer to Add VLAN on page 11 Dashboard Interface configuration Refer to Configure the Interface on page 12 For IPv6 addresses the EdgeOS C...

Page 17: ...utes from different sources such as static RIP or OSPF the EdgeRouter compares the routes and uses the route with the lowest distance Enable Check the box to enable the route Click Save to apply your...

Page 18: ...tions Click the Actions button to access the following options Config To configure the route click Config Go to the Configure the Static Route section below Delete Delete the route its configuration w...

Page 19: ...ncompatible metrics It must reconcile information from multiple protocols to determine which route to use for a specific destination network You can change the metrics of the distributed protocol to c...

Page 20: ...more network addresses Click Save to apply your changes A table displays the following information about each OSPF Area Click a column heading to sort by that heading Area ID The identification number...

Page 21: ...ssign a cost to the interface Click Save to apply your changes A table displays the following information about each OSPF Interface Click a column heading to sort by that heading Interface The name of...

Page 22: ...ork Address Translation To create a firewall policy 1 Click the Firewall Groups tab and create the applicable firewall groups See Firewall Groups on page 23 for more information 2 Click the Firewall P...

Page 23: ...ancel Delete Policy Remove the policy Configure the Firewall Policy The Ruleset Configuration for _ screen appears You have four tabs available Rules see below Configuration on page 23 Interfaces on p...

Page 24: ...tch packets of all protocols except for the selected protocol Enter a protocol number Enter the port number of the protocol Match packets of this protocol Match all protocols except for this Match pac...

Page 25: ...the appropriate group s you can specify up to two groups maximum in these combinations An address group and port group A network group and port group The packets must match both groups to apply the r...

Page 26: ...he order specified The number of the rule in this order is displayed Packets The number of packets that triggered this rule is displayed Bytes The number of bytes that triggered this rule is displayed...

Page 27: ...oup is displayed Description Enter keywords to describe this group Network Enter the IP address and subnet mask using slash notation network_IP_address subnet_mask_number example 192 0 2 0 24 Click Ad...

Page 28: ...guration screen appears Description Enter keywords to describe this rule Enable Check the box to enable this rule Outbound Interface Select the interface through which the outgoing packets exit the Ed...

Page 29: ...nation NAT Rulesection Save Rule Order To change the rule order click and drag a rule up or down the sequence and then release the rule When you are finished click Save Rule Order Search Allows you to...

Page 30: ...t Address Enter the IP address or network address of the destination You can also enter a range of IP addresses one of them will be used Note If you enter a network address enter the IP address and su...

Page 31: ...ervers to assign IP ranges in different subnets on the different interfaces Add DHCP Server To create a new DHCP server click Add DHCP Server The CreateDHCP Server screen appears Complete the followin...

Page 32: ...ils Go to Details on page 31 Delete Delete the DHCP server its configuration will be removed Disable Disable the DHCP server while keeping its configuration Configure the DHCP Server The DHCPServer sc...

Page 33: ...DHCP clients route all packets to this IP address which is the EdgeRouter s own IP address in most cases DNS The IP address of the DNS server is displayed Status The Enabled Disabled status of the DHC...

Page 34: ...Range Start Enter the starting IP address of the range Range Stop Enter the last IP address of the range Router Enter the default route of the DHCP clients The DHCP clients route all packets to this I...

Page 35: ...Dial In User Service server provides authentication to help secure PPPoE connections Enter the IP address of the RADIUS server RADIUS server key Enter the key shared with the RADIUS server MTU Enter...

Page 36: ...e Select the appropriate permission level Admin The user can make changes to the EdgeRouter configuration Operator The user can view the EdgeRouter configuration but cannot make changes Click Save to...

Page 37: ...Allows you to search for specific text Begin typing there is no need to press enter The results are filtered in real time as soon as you type two or more characters PPTP L2TP PPPOE All Click the appro...

Page 38: ...Packet Capture Log Monitor Ping You can ping other devices on the network directly from the EdgeRouter The Ping tool uses ICMP packets to check the preliminary link quality and packet latency estimati...

Page 39: ...ed to the device is displayed Product Name The Ubiquiti name of the device is displayed IP Address The IP address of the device is displayed You can click it to access the device s configuration throu...

Page 40: ...d Packet descriptions Log Monitor The Log Monitor is a log displaying live updates Click the pause button to stop the live updates Click the play button to resume the live updates The System log messa...

Page 41: ...e cable also known as a rollover cable to connect the Console port of the EdgeRouter to your computer If your computer does not have a DB9 port then you will also need a DB9 adapter Computer Console 2...

Page 42: ...For details go to Remove the Default User Account on page 42 Change the default password of the ubnt login Use the set command as detailed in Remove the Default User Account on page 42 Access Using T...

Page 43: ...new user account preferred option For details go to Remove the Default User Account on page 42 Change the default password of the ubnt login Use the set command as detailed in Remove the Default User...

Page 44: ...of the boot configuration until you save the changes to the boot configuration Boot When the EdgeRouter reboots it loads the boot configuration for use The following scenarios cover some of the most...

Page 45: ...ommands The plaintext password that you entered is converted to an encrypted password Create a Firewall Rule To create a firewall rule use the set or edit commands both methods are described below In...

Page 46: ...s the or tab key to display options for the specified edit level To show changes within the edit level use the compare command To move up an edit level use the up command To return to the top edit lev...

Page 47: ...mand Line Interface EdgeRouter Lite User Guide Ubiquiti Networks Inc To create a new firewall rule from an existing firewall rule use the copy command To change the name of the new firewall rule use t...

Page 48: ...l configuration Note This is a backup if the EdgeRouter were rebooted it would still boot from the default file config config boot 2 After the administrator deleted the IPsec configuration and was con...

Page 49: ...er certain changes such as a firewall or NAT rule can cut off access to the remote router so you then have to visit the remote router and reboot it To avoid such issues when you make risky changes use...

Page 50: ...4 with Hardware Acceleration for Packet Processing System Memory 512 MB DDR2 RAM Onboard Flash Storage 2 GB CE FCC IC Wall Mount Yes Operating Temperature 10 to 45 C Operating Humidity 90 Non Condensi...

Page 51: ...ACL Based Firewall Zone Based Firewall NAT VPN IPSec Site to Site and Remote Access OpenVPN Site to Site and Remote Access PPTP Remote Access L2TP Remote Access PPTP Client Services DHCP DHCPv6 Serve...

Page 52: ...ts inside this equipment Service should be provided only by a qualified service technician 3 This equipment is provided with a detachable power cord which has an integral safety ground wire intended f...

Page 53: ...returned without an RMA number will not be processed and will be returned freight collect or subject to disposal Information on the RMA process and obtaining an RMA number can be found at www ubnt com...

Page 54: ...tates and provinces do not allow the exclusion or limitation of liability for incidental or consequential damages so the above limitation may not apply to you EXCEPT TO THE EXTENT ALLOWED BY LOCAL LAW...

Page 55: ...on this product represents the product is in compliance with all directives that are applicable to it RoHS WEEE Compliance Statement English European Directive 2002 96 EC requires that the equipment...

Page 56: ...votre responsabilit de jeter ce mat riel ainsi que tout autre mat riel lectrique ou lectronique par les moyens de collecte indiqu s par le gouvernement et les pouvoirs publics des collectivit s terri...

Page 57: ...54 Appendix F Declaration of Conformity EdgeRouter Lite User Guide Ubiquiti Networks Inc Appendix F Declaration of Conformity...

Page 58: ...hardware compatibility or field issues as quickly as possible We strive to respond to support inquiries within a 24 hour period Online Resources Support support ubnt com Wiki Page wiki ubnt com Suppor...

Reviews:

No comments

Related manuals for ERLite-3

N-Tron 7018 User Manual & Installation Manual preview
7018
Brand: N-Tron Pages: 138
Clavister NetWall W20A Getting Started Manual preview
NetWall W20A
Brand: Clavister Pages: 89
process-informatik CONNECT Series Operation Quick Start Manual preview
CONNECT Series
Brand: process-informatik Pages: 8
4G Systems XSBox MOVE Quick Start Manual preview
XSBox MOVE
Brand: 4G Systems Pages: 2
3Com 3C8567 - SuperStack II NETBuilder SI 567... Datasheet preview
3C8567 - SuperStack II NETBuilder SI 567...
Brand: 3Com Pages: 6
AMX NXF Dimensional Drawing preview
NXF
Brand: AMX Pages: 1
DIGIWEB Box 7360 Quick Setup Manual preview
Box 7360
Brand: DIGIWEB Pages: 16
Fluke Network Tester User Manual preview
Network Tester
Brand: Fluke Pages: 102
Echelon i.LON SmartServer Hardware Manual preview
i.LON SmartServer
Brand: Echelon Pages: 34
Firetide HotPort 3103 User Manual preview
HotPort 3103
Brand: Firetide Pages: 32
Teldat H2 RAIL Installation Manual preview
H2 RAIL
Brand: Teldat Pages: 47
Planet VR-300 Series User Manual preview
VR-300 Series
Brand: Planet Pages: 136
INFRALAN SECURITY ILR-16POE Quick Manual preview
ILR-16POE
Brand: INFRALAN SECURITY Pages: 15
Craftsman 315.175040 Owner'S Manual preview
315.175040
Brand: Craftsman Pages: 28
Johnson Controls ZFR1831 Pro Series Installation Manual preview
ZFR1831 Pro Series
Brand: Johnson Controls Pages: 12
Crestron DigitalMedia DM-RPP-K24 Manual preview
DigitalMedia DM-RPP-K24
Brand: Crestron Pages: 2
Edimax AR-7064+ Quick Installation Manual preview
AR-7064+
Brand: Edimax Pages: 77
Texas Instruments TLV320AIC3107 User Manual preview
TLV320AIC3107
Brand: Texas Instruments Pages: 55

Brands by name

Popular brands

Load more brands