Guto Carvalho # 2022-21-08 @ BSB
Guto Carvalho # 2022-21-08 @ BSB

Comandos UNIFI USG CLI

by

Bora anotar algumas dicas do USG já que documentação da CLI é rara.

Load balancer

checando status do LB

gutocarvalho@RoteadorUSG:~$ show load-balance status

saída exemplo

show load-balance status
Group wan_failover
  interface   : eth0
  carrier     : up
  status      : active
  gateway     : 192.168.1.1
  route table : 201
  weight      : 100%
  flows
      WAN Out : 11156
      WAN In  : 2048
    Local Out : 55

  interface   : eth2
  carrier     : up
  status      : failover
  gateway     : 192.168.22.1
  route table : 202
  weight      : 0%
  flows
      WAN Out : 1101
      WAN In  : 0
    Local Out : 27

checando métricas do load balancer

gutocarvalho@RoteadorUSG:~$ show load-balance watchdog

saída exemplo

Group wan_failover
  eth0
  status: Running
  pings: 6
  fails: 1
  run fails: 1/3
  route drops: 8
  ping gateway: ping.ubnt.com - REACHABLE
  last route drop   : Mon Feb  7 17:20:15 2022
  last route recover: Mon Feb  7 17:20:37 2022

  eth2
  status: Running
  failover-only mode
  pings: 35
  fails: 1
  run fails: 0/3
  route drops: 1
  ping gateway: ping.ubnt.com - REACHABLE
  last route drop   : Mon Feb  7 17:13:07 2022
  last route recover: Mon Feb  7 17:15:40 2022

vendo os logs

gutocarvalho@RoteadorUSG:~$ show log | grep wlb

saída exemplo

Feb  7 18:00:12 RoteadorUSG wlb: wlb-wan_failover-eth0 wlb-wan_failover-eth0 reachability failed, failover
Feb  7 18:00:12 RoteadorUSG wlb: group wan_failover, interface eth0 going Inactive
Feb  7 18:00:13 RoteadorUSG wlb: group wan_failover, interface eth2 going Active
Feb  7 18:01:06 RoteadorUSG wlb: group wan_failover, interface eth0 going Active
Feb  7 18:04:25 RoteadorUSG wlb: wlb-wan_failover-eth0 wlb-wan_failover-eth0 reachability failed, failover
Feb  7 18:04:25 RoteadorUSG wlb: group wan_failover, interface eth0 going Inactive
Feb  7 18:04:26 RoteadorUSG wlb: group wan_failover, interface eth2 going Active
Feb  7 18:04:46 RoteadorUSG wlb: group wan_failover, interface eth0 going Active
Feb  7 18:15:46 RoteadorUSG wlb: wlb-wan_failover-eth2 wlb-wan_failover-eth2 reachability failed, failover

IP saindo pela WAN2

Policy-Based Routing (PBR) is a way to force traffic to use a specific address or interface as the next-hop. When using PBR, traffic is matched on a certain criteria, for example a source IP address, and forwarded to a next-hop. On the USG models, Policy-Based Routing can be used to send specific traffic to the WAN1/WAN2 interfaces.

To route traffic out of WAN2 based on the Source Network, Destination Port and Protocol:

configure
set protocols static table 5 route 0.0.0.0/0 next-hop <IP address>
set firewall modify LOAD_BALANCE rule 2501 action modify
set firewall modify LOAD_BALANCE rule 2501 modify table 5
set firewall modify LOAD_BALANCE rule 2501 source address <IP address>
set firewall modify LOAD_BALANCE rule 2501 destination port 80,443
set firewall modify LOAD_BALANCE rule 2501 protocol tcp
commit ; exit

Policy-Based Routing can be used with either weighted or failover-only Load Balancing. When using PPPoE interfaces, create an interface-route instead with the next-hop set to the interface. For example: set protocols static table 5 interface-route 0.0.0.0/0 next-hop-interface pppoe0.

In 1st command line, the next-hop gateway address of the ISP connected to the WAN2 interface.

In 4th line, you will need to mention the source from host from VLAN/LAN for am example VLAN 2 set as 192.168.2.0/24