• Jul 9, 2015

    Review: Ubiquiti Networks EdgeRouter Lite

    Earlier this year I started to have problems with my Internet connection. As most people do, I blamed my cable company. I filed a trouble ticket and a technician came out. He checked the signals, replaced a few connectors and called it good. After he came out, I still experienced blips where I completely lost connectivity for up to 30 seconds. The tech suggested I try replacing my router. As I've never had problems with Apple routers (I have a Time Capsule), I basically said "whatever".

    While I still wanted to blame the cable company, I went ahead and order a TP-Link Archer 8 router from Costco.com to give it a whirl. The router was easy to setup and I had it running for a week. After about a week, the web UI stopped responding and required a reboot; support had no idea why and just suggested I reboot the router when it happened. I didn't like that answer as I like routers to just work, so I returned it to Costco. (Another issue I had with it is that it had an on/off switch; there doesn't need to be a power switch on a router.) Other than the web UI not responding, it seemed to work well for the week I used it.

    I decided to take a stab at another router; this one was a Netgear router that I bought at the Costco store. Configuration was easy (and it did have a power switch which I didn't like) and it ran for about a day before the 2.4 GHz network stopped responding and required a reboot. This was not good as my son was quite upset that his Squeezebox Radio wouldn't work when he got up. This router didn't get a second chance and went right back to Costco.

    My luck was kind of running out with routers. I remembered that I had backed the Securifi Almond+ on Kickstarter and I had it sitting on my shelf. I fired it up to use as a router. Setup, like the others, was easy and I was up and running. I went through a few software updates and it performed quite well for well over 2 months. I didn't, however, take the last few software updates as there were reports of problems with them. I had wanted an integrated automation hub/router, but the automation stuff isn't up to what I want, yet.

    A colleague and I had been discussing routers over this whole time and we were both convinced that the Apple AirPort Extreme/Time Capsule wasn't the fastest router. (Routers have processors in them and have to make decisions about where each packet goes; the more traffic going through the network and the more devices, the more processing power a router needs.) He had been reading about the Ubiquiti Networks EdgeRouter Lite and decided to pick one up. The router is less than $100 and is only a router and not a WiFi access point.

    I've used a Ubiquiti Networks access point in the past and the performance for price was phenomenal. When my colleague got his router and started using it, I got a text that said "Holy cow, this router is fast!". He's on a 75 Mbps/75 Mbps FIOS connection. A few days after he got the router, I decided to bite the bullet and get one.

    This router is definitely not a router for the average consumer. As I've configured Linux networking for almost 20 years, I wasn't intimidated by the box. The web UI on this is much better than any other web UI I've seen for a device like this. It has pretty graphs and the latest firmware uses deep packet inspection (DPI) to show you the bandwidth used by each device and what services the devices are using. Initial setup was a little trickier as I had to upgrade the firmware (new firmware came out the day before I received mine), add a new admin user, figure out which wizard to use, and change a few network settings. This router has 3 ports; it is NOT a switch, so the 3 ports are designed for 3 separate network interfaces. One interface is the WAN (cable modem) while the other 2 are for separate LANs. I configured 1 LAN for my home network and the other LAN for my Ooma; no real reason to separate the Ooma, but I had the port available and I can monitor bandwidth for it separately.

    While everything worked fine for my wired network, I had to reconfigure my Time Capsule to simply be a wireless access point which wasn't hard.

    Screen Shot 2015 07 09 at 4 49 46 PM

    After the setup, I was pleased as punch with the graphs and the performance was quite snappy for accessing web pages. While most people would be done and happy, I wasn't content! I wanted to get my guest WiFi network working. In a separate post, I've written about the experience.

    Now my router has been running for 1 week without any hiccups. I've done some reconfiguring, but have not had to restart the router. This is NOT common in the consumer routers I've touched, but is very much UNIX like where you can bring network interfaces down and then back up. This router has so many options that I've only scratched the surface on what it can do. It is definitely a geek's tool.

    Screen Shot 2015 07 09 at 4 51 37 PM

    Pros

    • Very fast router.
    • Excellent web user interface.
    • Extremely flexible (VLANs, VPNs, etc.)
    • Vibrant user community.
    • Well supported with firmware updates.

    Cons

    • Some pieces are not very user friendly.
    • Command line need to configure some things.
    • Not a full fledged switch, so a separate switch will be needed.
    • Not a WiFi access point, so a separate WiFi access point is needed.
    • Limited documentation.

    Summary

    This router is an excellent router for someone that has a networking background and likes to tinker. The configurations are endless and can be tuned to the needs of almost any small setup. It is NOT a consumer router. For my uses, it is excellent and appears to be quite stable. The performance is more than I can ask for on my 50 Mbps/5 Mbps connection and I wish I had more bandwidth to really put this router through its paces.

    I am looking forward to the web UI enhanced for IPv6 when that is rolled out. While the router handles IPv6 through the command line, there are only a few pieces in the web UI to support it. If Ubiquiti keeps up with the firmware, I expect to see this in the future.

    If you have a really fast connection and feel that your router isn't snappy, something like this router could be the ticket. However, don't get this expecting it to be completely plug and play. If you have never used ipfilter or similar firewall tool and don't know what to do with separate ethernet interfaces named eth0, eth1, and eth2, stay far away from this router.

  • Jul 5, 2015

    Setting up a guest network with the EdgeRouter Lite

    I recently purchased a Ubiquiti Networks EdgeRouter Lite to act as the router to my home network. As this box is only a router and not a WiFi access point, I'm using my Apple Time Capsule as an access point. By doing this and not using the Time Capsule, I lost the ability to have a separate guest network that wouldn't interact with my main network and wouldn't have access to my internal resources. After a bit of searching, I found out that the Time Capsule (and Airport Extreme)'s guest network uses a VLAN tag of 1003. A VLAN is a virtual LAN designed to separate traffic without physically separating it. I knew that the EdgeRouter Lite was extremely powerful and could do all kinds of wacky things with a VLAN; the question was just how could I do it.

    I've been dabbling with Linux networking for almost 20 years, so firewall, DNS, DHCP, etc. don't scare me. It was just a matter of putting the right pieces in the right places without having to resort to the command line.

    Here's what I did:

    1. From the Dashboard, click Add Interface and select VLAN.

      Screen Shot 2015 07 05 at 1 59 24 PM

    2. Set up the VLAN as 1003 and attach it to the physical interface of your LAN. Give it an IP address in the range of a private IP block, but make sure you end it in a /24 to specify the proper subnet (I originally did /32 as I though it was supposed to be the exact IP address).

      Screen Shot 2015 07 05 at 1 59 56 PM

    3. Click on the Services tab. Click Add DHCP Server. Set it up similar to the image below.


      Screen Shot 2015 07 05 at 2 00 48 PM

    4. Click on the DNS tab under services. Click Add Listen interface and select the VLAN interface. Make sure you hit save.

      Screen Shot 2015 07 05 at 2 01 25 PM

    At this point, you should be able to connect to your Guest Network and connect to the Internet. However, you'll be able to access the EdgeRouter as well as other devices on your LAN. Next thing you have to do is secure the VLAN.

    1. Click on Firewall/NAT and then click on Add Ruleset. This is for packets coming into the router destined for somewhere else (not the router). Set up the default policy for Accept. Click Save.

      Screen Shot 2015 07 05 at 5 00 24 PM

    2. From the Actions menu next to the Ruleset, click Interfaces.


      Screen Shot 2015 07 05 at 5 11 50 PM

    3. Select your VLAN interface and the in direction.


      Screen Shot 2015 07 05 at 5 12 44 PM

    4. Click Rules and then Add New Rule. Click on Basic and name it LAN. Select Drop as the Action.


      Screen Shot 2015 07 05 at 5 14 38 PM

    5. Click Destination and enter 10.0.1.0/24 or whatever your LAN IP range is. Then click Save. This will drop all packets from the VLAN destined for your LAN. Save.


      Screen Shot 2015 07 05 at 5 14 52 PM

    6. Repeat 1 and 2 above (name it GUEST_LOCAL). From the Interface, select the VLAN interface and the local direction. However, set up the default policy as Drop.

    7. Add a new rule. Set it to Accept on UDP port 53.


      Screen Shot 2015 07 05 at 5 18 22 PM
      Screen Shot 2015 07 05 at 5 18 28 PM

    8. Save.

    Now you can test this by connecting to the guest network and accessing the Internet. Then try connecting to a device on your LAN or connecting to the EdgeRouter Lite. Both actions should fail.

    I've tested this and it is working well on my network; if I've missed anything, please let me know!

  • Mar 24, 2015

    Fixing my faucet, a year and a half later

    When we were remodeling our house, we had to pick everything, including the kitchen sink! My wife and I went shopping for a kitchen faucet months before it was ready to be installed so that we could get it ordered and get it out of the way. We wanted a detachable sprayer and wanted it in stainless steel. We went to our local Pacific Sales and looked at all the kitchen faucets (and there were a ton). The one feature we hated on just about all of them was that the detachable spray heads were made out of plastic while the rest of the faucet was made out of stainless steel (or at least some type of metal). The plastic would chip, change color or just not hold up based on past experience. Even though many consumer faucets carry a lifetime warranty, I didn't want to deal with that (been there, done that).

    We stumbled across the Brizo Solna (made by Delta) and thought that the hidden spray head was great as the plastic for the spray head wouldn't been seen. We ordered it and then picked it up a few weeks later (or so). The plumber installed it when we were ready and that was that. A few days after it was installed (the plumber was still around doing something), I asked the plumber why the spray head wasn't flush and didn't retract well and he said it had to do with the weight on the hose and the position of the pipes. Oh well, I guessed I'd have to live with it even though it wasn't quite a clean look.

    A few months ago, I discovered that if I pushed the spray head all the way up into the faucet it would stay. It seemed a little clunky, but it was better than what we had before. This evening, I noticed that the spray head was no longer staying, so I started pushing on a tab to see what would happen and discovered that the MagneDock® magnet was stuck to the spray head when it should have been in the faucet.

    Now things were starting to make sense; the MagneDock® piece was never seated properly and I had to get it back in place. I took the neck of the faucet off and the spray head. I then started pushing the magnet back in place. I pushed it down with the handle of a pair of pliers and presto, it stuck. I tried the spray head and it clicked into place; I pulled it off and tried again. Holy cow, I had been living with this problem for 1.5 years and never even thought of investigating it.

    So after I put everything back together, I tried again and just like magic, the spray head clicked back into place. Looking at the assembly instructions, it indicated that the magnet was part of the neck, but that it wasn't a separate piece. I almost feel like an idiot that I didn't figure this out for so long, but the good news is that I figured it out and as pleased as punch that I feel like I have a new faucet!

  • Mar 22, 2015

    No longer feel safe in my own home

    Today marks a kind of sad day for me; I no longer feel safe in my own home. The short term vacation rental next door has changed my whole sense of safety and security. The owner/operator has decided that money matters more than the neighborhood and rents it out to whoever will pay the asking price. This weekend it was a group of students on spring break. They have no respect for the neighborhood and have been loud. Last night we called the police and the noise quieted down; this morning, we saw them smoking pot in the backyard (they can see into our backyard and we can see into their backyard). Police responded and at least one of them had a medical marijuana card, so there was nothing the police could do. (Apparently police no longer deal with misdemeanor drug possession.)

    As I was walking the dog, I got a frantic call from my wife that some guy named Rob was banging on our door demanding to come in. I turned around and hurried back. When I got home, I went inside and then came out again only to see "Rob" walking out from our side yard. I yelled at him and told him to get off our property. I saw him walk down the street the wrong way (not towards the rental) and instantly knew he was drunk (can you say public drunkenness?). I then walked down the street to see where he was going next. He went to my neighbor's house and then the next neighbor trying to get in. I walked back and stopped in front of my neighbor's house; I saw him again bang on my neighbor's door (who wasn't home) and Rob insisted that he was renting the place. I told him he wasn't and to get off the property. (I sent that neighbor a picture of Rob on his property.)

    My wife was on hold with the police for 11 minutes and when she finally got through, the dispatcher wouldn't send officers because the guy was no longer on our property and was inside a residence.

    The owners/operators talk about this being managed by "bad apples"; the problem is that some of the people turning to vacation rentals as mini-hotels (just the properties that are used exclusively for short term vacation rentals) are in it only for the money. If they weren't, they'd be renting out the properties on a long term basis.

    While the city council's Smart Growth and Land Use Committee is bringing this up on April 22nd, I fear that anything they decide to do will be reactionary and allow this behavior to continue. If the police can't respond fast enough (they are already under staffed), how can these problems be witnessed and documented? It becomes a case of neighbor saying one thing and no one listening. (Video evidence doesn't appear to count in this case.)

    Change needs to happen now; these mini-hotels have to go. If nothing is done about these, what are my options to keeping my sanity? Move? Where do I go? If I move, I kick the problem down the road to my nice neighbors. How many more days/nights will I have to put up with this? Will someone knock on my door at 3 am and scare the crap out of me? Will some drunk person vandalize my house? Every weekend I fear what will be coming next; this is a horrible way to live.

    To all those that claim property rights and that people should be able to do what they want with their properties, live next to a mini-hotel for awhile and feel what it is like to have no idea if the renters will be respectful or you'll have to call the police.

    (As a side note, I hate to call the police, but my options are limited. My neighbor only wants to do short term rentals and there is no way that he can (or will) vet everyone that stays. One person rents and brings 10 friends.)

    Rob