HON’s Wiki # Ubiquiti EdgeSwitch

Home / Server

Contents

• General
• Initial Setup
• Commands
• Tasks
  • Reset
  • Upgrade Software

General

• Default credentials: Username ubnt, password ubnt.
• Serial settings: Baud 115200, 8 data bits, 0 parity bits, 1 stop bit, no flow control.

Initial Setup

Tested with an EdgeSwitch 16 XG, configured as a L2 core/distro switch (homelab).

1. Basics (use where appropriate):
   • Log in: Username ubnt, password ubnt.
   • Enter enable mode (aka. privileged exec mode) from unprivileged mode: en
   • Enter config mode from enable mode: conf
   • Exit any mode: exit
   • Save config: write mem
   • Assume config commands are in config mode, unless stated otherwise.
2. Add new user and remove the default:
   1. Add new user (config mode): username <username> level 15 override-complexity-check password (prompts for password)
   2. Relog as the new user.
   3. Delete the default user (config mode): no username ubnt
3. Setup basics:
   1. Set hostname (enable mode): hostname <hostname>
   2. Set pre-login banner: set clibanner "Hello"
   3. Set timezone (Norway example):
      1. clock timezone +1
      2. clock summer-time recurring EU
      3. TODO: Verify this.
   4. Set SNTP server: sntp server <server>
4. Setup STP:
   1. Set mode: spanning-tree mode rstp
   2. Set priority: spanning-tree mst priority 0 8192
   3. Enable STP on all ports by default: spanning-tree port mode all (default)
   4. Enable BPDU guard on all edge ports: spanning-tree bpduguard
5. Setup VLANs:
   1. Enter VLAN mode (enable mode): vlan database
   2. Create VLAN (VLAN mode):
      1. Define: vlan <vid>
      2. Name: vlan name <vid> <name>
6. Setup management interface:
   1. Set management VLAN (enable mode): network mgmt_vlan <vid>
   2. TODO
7. Setup access ports (untagged edge):
   1. Enter interface config: int <range> (e.g. int 0/8-0/12)
   2. Description: desc host:pve
   3. Disable flow control: no flowcontrol (default)
   4. Configure LLDP:
      1. lldp receive (default)
      2. lldp transmit (default)
      3. lldp transmit-tlv port-desc
      4. lldp transmit-tlv sys-name
      5. lldp transmit-tlv sys-desc
   5. Configure VLAN (example: VLAN 10):
      1. switchport mode access
      2. switchport access vlan 10
   6. Configure STP:
      1. Set as edge port: spanning-tree edgeport
      2. (Optional) Enable BPDU filter: spanning-tree bpdufilter
   7. Configure storm control:
      1. storm-control unicast level 5
      2. storm-control broadcast level 5
      3. storm-control multicast level 75
8. Setup L2 link ports (trunk link):
   1. Repeat relevant access port config.
   2. Configure VLAN trunk (example: all VLANs):
      1. switchport mode trunk
      2. switchport trunk allowed vlan all
   3. Configure STP:
      1. Enable root guard: spanning-tree guard root
9. Setup AAA:
   1. Setup (better) local auth:
      1. Remove any custom AAA commands.
      2. Avoid enable password: aaa authorization exec default local
   2. Setup console:
      1. Enter line config: line console
      2. Set timeout: serial timeout 60 (mintes)
   3. Setup SSH:
      1. TODO
   4. Set SSH timeout (enable mode): sshcon timeout 60 (mintes)
   5. TODO Line enable/authn/authz
10. TODO:
    1. SNMP
    2. Syslog
    3. IGMP/MLD snooping.
    4. MTU

Commands

• System:
  • Show hardware and versions: show version
  • Show active and backup firmware: show bootvar
• L2 interfaces:
  • Notice the difference between the show interface and show interfaces commands.
  • Show status: show interfaces status all
  • Show traffic counters: show interface counters
  • Show switchport config: show interfaces switchport [port]
• L3 interfaces:
  • Show brief: show ip int brief
• STP:
  • Show summary: show spanning-tree

Tasks

Reset

1. Wait until fully booted.
2. Press and hold the reset button for 30 seconds (exact duration is unclear). Holding it for a too short duration will simply reboot the device instead.

Upgrade Software

1. Consider whether to use the lite version (limited to 255 VLANS for lower memory utilization).
2. Download the new version from the downloads page: https://ui.com/download/edgemax
3. Download the firmware to the backup partition: copy tftp://<ip-address>/<filename> backup (example)
4. Select the backup partition for the next boot: boot system backup
5. Reboot: reload
6. Verify that the new firmware is booted into: show bootvar
7. Copy the backup firmware to the active partition: copy backup active

---

hon.one | HON95/wiki | Edit page