Ubiquiti EdgeRouter X and RADIUS

I have a Ubiquiti EdgeRouter X and I need to connect it to the ISP using their modem and a username and a RADIUS password. Will this work?

This is being used and setup in a commercial-ish environment. The ISP is using Carrier-grade NAT. Apparently they showed up, installed the modem, plugged it in to the switch, and left. They haven’t had internet for a month because nothing works. I connected my laptop, had to supply the username and RADIUS password, then I had internet access. It gave me this crazy IP address, which turned out to be the Carrier-grade NAT.

So I had an EdgeRouter X sitting around. Decided it might work. Anyone familiar with Ubiquiti stuff?

1 Like

Its possible but I’ve never experienced the edge routers wan settings interface. What kind of settings do you have the ability to set.

1 Like

I’ll get some screenshots when I get home from work this evening.

So, after going through all the tabs I found some mentions of RADIUS in the PPoE tab. I’m guessing that’s where I’ll need to focus. Needs the IP and password, when I have a username and password, a group, and two DNS IPs.

I’m not sure what the pool range is, but it makes me think this is setting up a radius server on the edgerouter, not connecting to one. Not sure.

I took more screenshots of the other tabs across the top, but I won’t upload them all unless needed.

Edit: and this is what they stuck on the wall next to the modem:

Try adding a ppoe interface (not a service).

1 Like

OK. Adding the PPoE interface gives me the options I need, I think. Does the ID matter, or can I just make something up? What should the MTU be? I’m going to set the interface to eth0.

So I finished this tonight.

I tried adding the PPPoE interface over and over, and it just wouldn’t work. No variation of settings or wizard setup would get it to work.

Eventually I called the ISP tech support (very nice 24 hour support for such a tiny local ISP). I told him I was trying to setup a Ubiquity EdgeRouter X, and that I was trying to do a PPPoE interface. He said no, I don’t need to do anything like that. I just needed to let them know the IP address my router WAN port received, (which wasn’t a CGN IP but one of the private ranges, 172.something). Then they did some sort of registration on their end,. After I rebooted the EdgeRouter I got the CGN IP (100.64.something) and everything work perfectly. Full internet access at a blazing 10Mbps.

Sort of an odd experience. Learned something new, though. Also setup a few Aerohive AP330 access points for them.

1 Like

Ah weird. Glad you got it sorted out.

1 Like

Definitely setup smart QOS. It will prevent any one thing from dominating all of your bandwidth.

1 Like

That’s a good idea. I’m going to get another edgerouter to experiment with. Need to set one up for my parents house, along with some more of those AP330s.

I just thought it was kinda sucky that the ISP would come in, install the cable and modem, then leave. I mean, they probably told someone that a router needed to be installed and setup to finish and get internet going. But if so, that information never got passed on. Also kinda sucky that they had to do the registration thing on their end to get whatever was installed to work. Not even sure how that works or what they did.

But, yeah, I’ll be going back eventually to install a fifth AP. I need to go through the edgerouter config to make sure everything is good to go anyway.

Edit: also, I wish I could setup a VPN so I can remotely admin stuff there. That’d be super cool. Not sure how well that would work with the carrier-grade NAT they’re doing, though.

You can configure OpenVPN and/or ipsec/l2tp in EdgeOS. I have many of both configured.

Sorry for my naivety, but how does that work on the remote system? If I connect to the VPN, how do I get to the web interface of the edgerouter? Should I do it in a dedicated management VM with a static IP that’s on the same subnet as the edgerouter? Or is this ssh?

In a tunnel you should have persistent access to the remote networks so you’d connect as if you were on the lan. You can restrict access with firewall rules but it’s unrestricted by default.