https://2mbit.com/ Fri, 01 May 2026 12:34:44 +0000 FeedCreator 1.8 https://2mbit.com/_media/wiki/dokuwiki.svg https://2mbit.com/ https://2mbit.com/edgerouter/6rd?rev=1502318568&do=diff Enable 6rd Support 6rd is a mechanism to enable IPv6 tunneling for providers who are unable to provide native IPv6 to their customers. It uses a 6in4 SIT tunnel to work it's magic. This is an example of 6rd for CenturyLink customers - you'll need to find out if your provider supports 6rd, and what are the various settings - including 6rd prefix, the ipv4 6rd tunnel server address. anonymous@undisclosed.example.com (Anonymous) Wed, 09 Aug 2017 22:42:48 +0000 https://2mbit.com/edgerouter/address-groups?rev=1430188799&do=diff Useful Address Groups Sometimes its good to have common netblocks in an 'address-group' rule in case you need to allow or deny certain types of traffic. set firewall group address-group Private-RFC-Ranges description 'RFC 1918 Private Ranges' set firewall group address-group Private-RFC-Ranges address 10.0.0.0/8 set firewall group address-group Private-RFC-Ranges address 172.16.0.0/12 set firewall group address-group Private-RFC-Ranges address 192.168.0.0/16 anonymous@undisclosed.example.com (Anonymous) Tue, 28 Apr 2015 02:39:59 +0000 https://2mbit.com/edgerouter/bgp?rev=1526432259&do=diff BGP Peering With An ISP Overview When you have your own IPv4/IPv6 address space, it's advantageous to announce it via your router to your ISP - especially if you have multiple providers (multi-homing). Even the lowest end EdgeRouters such as the ER-X and ERL can do a full BGP table. anonymous@undisclosed.example.com (Anonymous) Wed, 16 May 2018 00:57:39 +0000 https://2mbit.com/edgerouter/cisco-79xx-voip?rev=1430190319&do=diff Give Out Address Of TFTP Server To Cisco VoIP Phones Cisco 7900 series phones will want a TFTP server via DHCP options on boot in order to configure themselves. set service dhcp-server global-parameters 'option tftp66 code 66 = ip-address;' set service dhcp-server global-parameters 'option tftp150 code 150 = ip-address;' anonymous@undisclosed.example.com (Anonymous) Tue, 28 Apr 2015 03:05:19 +0000 https://2mbit.com/edgerouter/hw-offload?rev=1430188190&do=diff Enable Hardware Offloading Hardware offloading on the EdgeRouter series (with the exception of the new ERX) enable the devices to pass data at higher rates then just software could do alone: set system offload ipsec enable set system offload ipv4 forwarding enable set system offload ipv4 pppoe enable set system offload ipv4 vlan enable set system offload ipv6 forwarding enable set system offload ipv6 pppoe disable set system offload ipv6 vlan enable anonymous@undisclosed.example.com (Anonymous) Tue, 28 Apr 2015 02:29:50 +0000 https://2mbit.com/edgerouter/ipv6-no-unsolicit?rev=1430192364&do=diff Protect IPv6 Enabled Client Machines From Unsolicited Internet Traffic One of the biggest issues with enabling IPv6, is that it has the potential to expose client machines to malicious traffic. The easiest way to give yourself a little bit of extra protection while still allowing full outside connectivity without resorting to IPv6 NAT ( anonymous@undisclosed.example.com (Anonymous) Tue, 28 Apr 2015 03:39:24 +0000 https://2mbit.com/edgerouter/mss-clamp?rev=1430187965&do=diff MSS Clamping MSS Clamping works around issues caused by (clue impaired) system admins who think blocking all ICMP is a good idea. This is such of an issue in IPv4, that IPv6 makes ICMP mandatory to be allowed for basic networking to actually function. anonymous@undisclosed.example.com (Anonymous) Tue, 28 Apr 2015 02:26:05 +0000 https://2mbit.com/edgerouter/openvpn-roadwarrior?rev=1505771174&do=diff EdgeRouter + OpenVPN Road Warrior Example Generate Certificates With EasyRSA 3 You'll need to generate server, client, and DH certificates using the instructions here. Once you do that, copy the server certs (ca.crt, server.crt, dh.pem, and server.key) to: anonymous@undisclosed.example.com (Anonymous) Mon, 18 Sep 2017 21:46:14 +0000 https://2mbit.com/edgerouter/packages?rev=1430188133&do=diff Configure Package Manager on 1.6.0 and later These commands enable the Wheezy repo for firmware releases of 1.6.0 and later (which are based on Debian Wheezy, rather then Squeeze): set system package repository wheezy components 'main contrib non-free' set system package repository wheezy distribution wheezy set system package repository wheezy password '' set system package repository wheezy url 'http://ftp.us.debian.org/debian/' set system package repository wheezy username '' set… anonymous@undisclosed.example.com (Anonymous) Tue, 28 Apr 2015 02:28:53 +0000 https://2mbit.com/edgerouter/serviceports?rev=1430188034&do=diff Change Default Ports For HTTP GUI and SSH One of the easiest things you can do to help reduce the hammering on your management services such as HTTP and SSH, is to change the port. While this is not really a way of securing these services, it does provide a little bit of a buffer from scanning bots. anonymous@undisclosed.example.com (Anonymous) Tue, 28 Apr 2015 02:27:14 +0000