×

EdgeRouter - Suspension

Overview

Readers will learn how to utilize the Suspension feature that can be enabled from UNMS or manually on the EdgeRouter by using the command line.

NOTES & REQUIREMENTS:
  • Applicable to the latest EdgeOS firmware on all EdgeRouter models.
  • More information on the Ubiquiti Network Management System can be found on the UNMS website.
  • The (manual CLI) suspend feature is supported starting from the v1.10.7 EdgeOS firmware release.

Table of Contents

  1. Introduction & Network Diagram
  2. Suspending Clients from UNMS
  3. Suspending Clients Manually by Using the CLI
  4. Related Articles

Introduction

Back to Top

The EdgeRouter Suspension feature allows an administrator to (temporarily) suspend the network services of a client or customer. This feature identifies clients by their IP address and prevents them from accessing the internet or other networks, with the exception of some previously defined network services. The user can then be redirected to a specific web page (for example the UNMS controller), instructing them why their service was suspended. The Suspension feature can be enabled from the Ubiquiti Network Management System (UNMS), which applies the configuration to the EdgeRouter that is defined as the UNMS Gateway router. 

NOTE: See the Suspension and Traffic Shapingand Global Features for Networks articles for more information.

The example network below uses an ER-8-XG as the UNMS Gateway router which will be running the Suspension feature. The client in the Client Site is connected to the EdgeRouter through a UFiber GPON network, consisting of an UF-OLT-4 and a UF-Instant ONU. The client is utilizing the 203.0.113.1 IP address which will be suspended on the EdgeRouter. Afterwards, the client will only be able to access the UNMS Cloud portal, which will have further instructions as to why their service was suspended.

topology.png

Example network where a Client Site (203.0.113.1) is connected to the Internet via a UFiber GPON network and an EdgeRouter Gateway.

Suspending Clients from UNMS

Back to Top

Suspending clients from UNMS is supported if the EdgeRouter is defined as a UNMS Gateway router. Another requirement is that the client that is being suspended connects through the Internet through the Gateway router. Follow the steps below to enable the Suspension feature from UNMS:

GUI: Access the UNMS Controller Web Portal.

1. Navigate to the Settings  settings.png  section and select the Network tab.

2. Edit the existing UNMS Gateway router or add a new gateway.

3. Enable the Suspension feature and optionally add the allowed IP address(es).

Allow suspend: ON
Allow IP addresses: <optional>
NOTE:By default, suspended clients will be able to reach the UNMS server as an exception is created automatically. Other IP addresses that the client is allowed to connect to can optionally be added.

4. Save the changes.

5. For existing clients, navigate to the Client Sites  client-sites.png  section and select the service plan that is listed in the CRM Service column.

NOTE:You can also reach this section through CRM > Clients > Select client > Select service plan.

6. The service plan for the client will show Active by default. Change the option from  active.png  to  suspended.png  to suspend the client.

7. Provide a reason for the suspension and confirm.

The suspend configuration can be verified on the Gateway router by accessing the EdgeRouter through the command line. From UNMS:

GUI: Access the UNMS Controller Web Portal.

1. Navigate to the Devices  devices.png  and select the EdgeRouter that is defined as the UNMS Gateway.

2. Select the Terminal  terminal.png  tab to open up an SSH session to the device.

3. Log into the device with your credentials.

4. Run the following commands to display the suspend configuration:

ubnt@EdgeRouter:~$ configure

[edit]
ubnt@EdgeRouter# show service suspend
allow-domain unmscloud.unmsapp.com allow-ip 198.51.100.1 redirect { url http://unmscloud.unmsapp.com/crm/suspension/ }

Suspending Clients Manually by Using the CLI

Back to Top

Follow the steps below to configure the EdgeRouter to suspend the client that is using the 203.0.113.1 IP address:

CLI: Access the Command Line Interface.You can do this using the CLI button in the GUI or by using a program such as PuTTY.

1. Enter configuration mode.

configure

2. Define the domain and IP address that the suspended client is allowed to connect to.

set service suspend allow-domain unmscloud.unmsapp.com 
set service suspend allow-ip 198.51.100.1

3. Define the redirection URL.

set service suspend redirect url http://unmscloud.unmsapp.com/crm/suspension/ 

4. Specify the IP address of the client that should be suspended.

set service suspend user-ip 203.0.113.1

5. Commit the changes and save the configuration.

commit ; save

The EdgeRouter suspend feature is able to provide additional options, allowing you to redirect the client to a specific server that is using a custom port. There is also an option to forward traffic to a web proxy:

[edit]
ubnt@EdgeRouter# set service suspend forward-to ? Possible completions: address IP address of the web proxy [REQUIRED] http-port HTTP port of the web proxy https-port HTTPS port of the web proxy [edit]
ubnt@EdgeRouter# set service suspend redirect ? Possible completions: http-port HTTP port of the redirect server https-port HTTPS port of the redirect server url URL prefix of the captive portal (must end with '/') [REQUIRED] 

Related Articles

Back to Top

UNMS v1 - Suspension and Traffic Shaping

UNMS v1 - Global Features for Networks

UNMS v1 - Sites and Clients

UNMS - Getting Started

Was this article helpful?
2 out of 3 found this helpful
Can't find what you're looking for?
Visit our worldwide community of Ubiquiti experts for more answers
Visit the Ubiquiti Community