TP-Link Omada OC300 User Manual
  1. Manuals
  2. Brands
  3. TP-Link Manuals
  4. Controller
  5. Omada OC300
  6. User manual
TP-Link Omada OC300 User Manual

TP-Link Omada OC300 User Manual

Sdn controller
Hide thumbs Also See for Omada OC300:
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
Table of Contents

Advertisement

Quick Links

User Guide
Omada SDN Controller
1910013343 V5.9
© 2023 TP-Link

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Omada OC300 and is the answer not in the manual?

Questions and answers

Related Manuals for TP-Link Omada OC300

Summary of Contents for TP-Link Omada OC300

  • Page 1 User Guide Omada SDN Controller 1910013343 V5.9 © 2023 TP-Link...
  • Page 2 Configuration Guidelines More Information ■ For technical support, the latest version of the User Guide and other information, please visit https://www.tp-link.com/support. ■ To ask questions, find answers, and communicate with TP-Link users or engineers, please visit https://community.tp-link.com to join TP-Link Community.

  • Page 3: Table Of Contents

    CONTENTS About this Guide 1.Omada SDN Controller Solution Overview 1. 1 Overview of Omada SDN Controller Solution ....................2 1. 2 Core Components ..............................3 2.Get Started with Omada SDN Controller 2. 1 Set Up Your Software Controller ..........................8 2. 1. 1 Determine the Network Topology ..........................
  • Page 4 4. 4. 1 Set Up Basic Wireless Networks ..........................90 4. 4. 2 Advanced Settings ................................97 4. 4. 3 WLAN Schedule ................................... 98 4. 4. 4 802.11 Rate Control ................................99 4. 4. 5 MAC Filter ..................................... 100 4. 4. 6 AI WLAN Optimization ..............................
  • Page 5 4. 10. 6 SSH ......................................236 4. 10. 7 Reboot Schedule ................................237 4. 10. 8 PoE Schedule ..................................238 4. 10. 9 IPTV......................................239 4. 10. 10 Upgrade Schedule ................................241 4. 10. 11 DNS Proxy .................................... 241 4. 10. 12 Export Data ..................................242 4.
  • Page 6 6. 4. 2 Monitor EAPs..................................341 7.Monitor and Manage the Clients 7. 1 Manage Wired and Wireless Clients in Clients Page ................355 7. 1. 1 Introduction to Clients Page ............................355 7. 1. 2 Using the Clients Table to Monitor and Manage the Clients ..............355 7.
  • Page 7 8. 6. 1 Alerts ....................................... 426 8. 6. 2 Events ..................................... 427 8. 6. 3 Notifications ..................................428 8. 7 Monitor the Network with Tools ........................434 8. 7. 1 Network Check .................................. 434 8. 7. 2 Packet Capture ................................. 435 8.

  • Page 8: Omada Sdn Controller Solution Overview

    Omada SDN Controller Solution offers centralized and efficient management for configuring enterprise networks comprised of security gateways, switches, and wireless access points. With a reliable network management platform powered by TP-Link Omada SDN Controller, you can develop comprehensive, software-defined networking across demanding, high-traffic environments with robust wired and wireless solutions.

  • Page 9: Overview Of Omada Sdn Controller Solution

    Chapter 1 Omada SDN Controller Solution Overview 1. 1 Overview of Omada SDN Controller Solution Omada SDN Controller Solution is designed to provide business-class networking solutions for demanding, high-traffic environments such as campuses, hotels, malls, and offices. Omada SDN Controller Solution simplifies deploying and managing large-scale enterprise networks and offers easy maintenance, ongoing monitoring, and flexible scalability.

  • Page 10: Core Components

    PoE options. Advanced features such as Access Control, QoS, LAG and Spanning Tree will satisfy advanced business networks. ■ Access Points (Omada EAPs)—satisfy the mainstream Wi-Fi Standard and address your high- density access needs with TP-Link’s innovation to help you build the versatile and reliable wireless network for all business applications. Omada SDN Controller Tailored to different needs and budgets, Omada SDN Controller offers diverse deployment solutions.
  • Page 11 Chapter 1 Omada SDN Controller Solution Overview SafeStream Gateway JetStream Switch Omada Software Controller Omada Access Points ■ Omada Hardware Controller Omada Hardware Controller is the management device which is pre-installed with Omada Software Controller. You just need to pay for the device, then the built-in Omada Controller software is free to use, no license fee or extra cost required.
  • Page 12 Omada Managed Gateways TP-Link’s Omada Router supports Gigabit Ethernet connections on both WAN and LAN ports which keep the data moving at top speed. Including all the routing and network segmentation functions that a business router must have, SafeStream VPN Router will be the backbone of the Omada SDN network.
  • Page 13 Omada SDN Controller Solution Overview Omada Access Points TP-Link’s Omada Access Point provides business-class Wi-Fi with superior performance and range which guarantees reliable wireless connectivity for the Omada SDN network. Managing the access points centrally through Omada SDN Controller is available on certain models only.

  • Page 14: Get Started With Omada Sdn Controller

    Get Started with Omada SDN Controller This chapter guides you on how to get started with Omada SDN Controller to configure the network. Omada Software Controller, Omada Hardware Controller, and Omada Cloud-Based Controller differ in forms, but they have almost the same browser–based management interface for network management. Therefore, they have almost the same initial setup steps, including building your network topology, deploying your controller, and logging in to the controller.

  • Page 15: Set Up Your Software Controller

    Access Points Omada Software Controller Omada Access Points Note: When using Omada SDN Controller, we recommend that you deploy the full Omada topology with supported TP-Link devices. If you use third-party devices, Omada SDN Controller cannot discover and manage them.

  • Page 16: Install Omada Software Controller

    Chapter 2 Get Started with Omada SDN Controller 2. 1. 2 Install Omada Software Controller Omada Software Controller is provided for both Windows and Linux operating systems. Determine your operating system and follow the introductions below to install Omada Software Controller. Installation on Windows Host Omada Software Controller can be hosted on any computers with Windows systems on your network.
  • Page 17 Chapter 2 Get Started with Omada SDN Controller ■ System Requirements Operating System: 64-bit Linux operating system, including Ubuntu 14.04/16.04/17.04/18.04, CentOS 6.x/7.x, Fedora 20 (or above), and Debian 9.8. Web Browser: Mozilla Firefox 32 (or above), Google Chrome 37 (or above), Opera 24 (or above), or Microsoft Internet Explorer 11 (or above).

  • Page 18: Start And Log In To The Omada Software Controller

    Chapter 2 Get Started with Omada SDN Controller If dependencies are missing during the installation, you can use the command: apt-fix-broken install to fix the problem. After installing the controller, use the following commands to check and change the status of the controller.
  • Page 19 Chapter 2 Get Started with Omada SDN Controller Note: • If your browser does not open automatically, click Launch. You can also launch a web browser and enter http://127.0.0.1:8088 in the address bar. • If your web browser opens but prompts a problem with the website’s security certificate, click Continue. Complete Basic Configurations In the web browser, you can see the configuration page.
  • Page 20 If you want to access the controller to manage networks remotely, enable Cloud Access, and bind your TP-Link ID to your Omada Controller. For more details about Omada Cloud, please refer to 2 Manage Your Controller Remotely via Cloud Access.
  • Page 21 Chapter 2 Get Started with Omada SDN Controller 3. Choose how would you like to set up your new controller. You can configure a new setup or restore from backup file. 4. Follow the setup wizard to set up the controller.
  • Page 22 Chapter 2 Get Started with Omada SDN Controller Log In to the Management Interface Once the basic configurations are finished, the browser will be redirected to the following page. Log in to the management interface using the username and password you have set in the basic configurations. Note: In addition to the Controller Host, other hosts in the same LAN can also manage EAPs via remote access to the Controller Host.

  • Page 23: Set Up Your Hardware Controller

    Omada Hardware Controller Omada Access Points Note: When using Omada SDN Controller, we recommend that you deploy the full Omada topology with supported TP-Link devices. If you use third-party devices, Omada SDN Controller cannot discover and manage them. 2. 2. 2...

  • Page 24: Start And Log In To The Controller

    Chapter 2 Get Started with Omada SDN Controller 2. 2. 3 Start and Log in to the Controller Log In to the Management Interface Follow the steps below to enter the management interface of Omada Hardware Controller: 1. Make sure that your management device has the route to access the controller. 2.
  • Page 25 If you want to access the controller to manage networks remotely, enable Cloud Access, and bind your TP-Link ID to your Omada Controller. For more details about Omada Cloud, please refer to 2 Manage Your Controller Remotely via Cloud Access.
  • Page 26 Chapter 2 Get Started with Omada SDN Controller 3. Choose how would you like to set up your new controller. You can configure a new setup or restore from backup file. 4. Follow the setup wizard to set up the controller.
  • Page 27 Chapter 2 Get Started with Omada SDN Controller Log In to the Management Interface Once the basic configurations are finished, the browser will be redirected to the following page. Log in to the management interface using the username and password you have set in the basic configurations. Note: In addition to the Controller Host, other hosts in the same LAN can also manage EAPs via remote access to the Controller Host.

  • Page 28: Set Up Your Cloud-Based Controller

    1 ) Launch a web browser and enter https://omada.tplinkcloud.com in the address bar. Enter your TP- Link ID and password to log in. If you do not have a TP-Link ID, create a TP-Link ID first. 2 ) Click Add Controller and register for an Omada Cloud-Based Controller.

  • Page 29: Manage Omada Managed Devices And Sites

    Manage Omada Managed Devices and Sites Start managing your network by creating sites and adopting devices so that you can configure and monitor your devices centrally while keeping things organized. The chapter includes the following sections: • 3. 1 Create Sites •...

  • Page 30: Create Sites

    Chapter 3 Manage Omada Managed Devices and Sites 3. 1 Create Sites Overview Different sites are logically separated network locations, like different subsidiary companies or departments. It’s best practice to create one site for each LAN (Local Area Network) and add all the devices within the network to the site, including the router, switches and APs.
  • Page 31 Chapter 3 Manage Omada Managed Devices and Sites Create a Site View and Edit the Site Go Into the Site To create a site, choose one from the following methods according to your needs. ■ Create a site from scratch 1.
  • Page 32 Chapter 3 Manage Omada Managed Devices and Sites 2. Enter a Site Name to identify the new site. Click Apply. The new site will be added to the Site List and the drop-down list of Organization. ■ Import a site from another controller If you want to migrate seamlessly from an old controller to a new one, import the site configuration file of the old controller into the new.
  • Page 33 Chapter 3 Manage Omada Managed Devices and Sites Create a Site View and Edit the Site Go Into the Site After you create the site, you can view the site status in the Site List. You can click the icons in the ACTION column to edit, copy, delete and launch the site.

  • Page 34: Adopt Devices

    Chapter 3 Manage Omada Managed Devices and Sites 3. 2 Adopt Devices Overview After you create a site, add your devices to the site by making the controller adopt them. Make sure that your devices in each LAN are added to the corresponding site so that they can be managed centrally. Site D Site C Router...
  • Page 35 Chapter 3 Manage Omada Managed Devices and Sites Prepare for Communication Prepare for Device Discovery Adopt the Devices Note: If the controller and devices are in the same LAN, subnet and VLAN, skip this step. Make sure that the controller can communicate with the devices. Otherwise, the controller cannot discover or adopt the devices by any means.
  • Page 36 Chapter 3 Manage Omada Managed Devices and Sites 1. Set up the Network ■ Scenario 1: Across VLANs or Subnets As shown in the following figures, the controller and devices are in different VLANs or subnets. You need to set up a layer 3 interface for each VLAN or subnet, and make sure the interfaces can communicate with each other.
  • Page 37 Chapter 3 Manage Omada Managed Devices and Sites • Use Port Forwarding Configure Port Forwarding on Gateway B and open port 29810-29813 for the controller, which are essential for discovering and adopting devices. If you are using firewalls in the networks, make sure that the firewalls don’t block those ports.
  • Page 38 Chapter 3 Manage Omada Managed Devices and Sites as Interface, disable DMZ, specify 29810-29813 as Source Port and Destination Port, specify the controller’s IP address as Destination IP, and select All as Protocol. Then click Create.
  • Page 39 Chapter 3 Manage Omada Managed Devices and Sites • Use VPN Set up a VPN connection between Gateway A and Gateway B in Standalone Mode. For details about VPN configuration, refer to the User Guide of the gateways. VPN Connection Gateway A Gateway B Switch...
  • Page 40 Chapter 3 Manage Omada Managed Devices and Sites If the ping result shows the packets are received, it implies that the controller can communicate with the devices. Otherwise, the controller cannot communicate with the devices, then you need to check your network. Prepare for Communication Prepare for Device Discovery Adopt the Devices...
  • Page 41 Chapter 3 Manage Omada Managed Devices and Sites IP Address as the controller’s URL or IP address (if you have configured Port Forwarding on the controller side, use the public WAN IP address of the gateway instead). Then click Apply. ■...
  • Page 42 Chapter 3 Manage Omada Managed Devices and Sites 2. Open Discovery Utility and you can see a list of devices. Select the devices to be adopted and click Batch Setting. 3. Specify Controller Hostname/IP as the IP address of the controller (if you have configured Port Forwarding on the controller side, use the public WAN IP address of the gateway instead), and...
  • Page 43 Chapter 3 Manage Omada Managed Devices and Sites enter the username and password of the devices. By default, the username and password are both admin. Then click Apply. Wait until the setting succeeds. ■ DHCP Option 138 DHCP Option 138 informs a DHCP client, such as a switch or an EAP, of the controller’s IP address when the DHCP client sends DHCP requests to the DHCP server, which is typically a gateway.
  • Page 44 Chapter 3 Manage Omada Managed Devices and Sites 138 as the controller’s IP address (if you have configured Port Forwarding on the controller side, use the public WAN IP address of the gateway instead). Click Save. 3. To make DHCP Option 138 take effect, you need to renew DHCP parameters for the DHCP clients.

  • Page 45: For Omada Cloud-Based Controller

    Chapter 3 Manage Omada Managed Devices and Sites Prepare for Communication Prepare for Device Discovery Adopt the Devices 1. Decide which site you want to add the devices to. On the controller configuration page, select the site from the drop-down list of Organization. 2.
  • Page 46 Chapter 3 Manage Omada Managed Devices and Sites 3 ) Adopt the devices. Connect to the Internet Prepare for Controller Management Adopt the Devices 1. Set up the network. Make sure that your devices are connected to the internet. Omada SDN Controller Site Unified Gateway...
  • Page 47 The Cloud-Based Controller Management feature allows the devices to be adopted by Omada Cloud- Based Controller. Make sure Cloud-Based Controller Management is enabled on the devices. For details, refer to the User Guide of your devices, which can be downloaded from the TP-Link download center.
  • Page 48 Chapter 3 Manage Omada Managed Devices and Sites Let’s take a switch for example. Log into the web page of the switch in Standalone Mode. Go to SYSTEM > Controller Settings to load the following page. In Cloud-Based Controller Management, enable Cloud- Based Controller Management and click Apply.

  • Page 49: Configure The Network With Omada Sdn Controller

    Configure the Network with Omada SDN Controller This chapter guides you on how to configure the network with Omada SDN Controller. As the command center and management platform at the heart of the Omada network, Omada SDN Controller provides a unified approach to configuring enterprise networks comprised of routers, switches, and wireless access points.

  • Page 50: Navigate The Ui

    Chapter 4 Configure the Network with Omada SDN Controller 4. 1 Navigate the UI As you start using the management interface of the controller (Controller UI) to configure and monitor your network, it is helpful to familiarize yourself with the Controller UI. ■ Global Overview Know the status of your sites at a glance, and manage sites in the Omada platform. •...
  • Page 51 Chapter 4 Configure the Network with Omada SDN Controller device and client. • Settings—Configure all your network devices centrally. ■ Site Overview Site, which means logically separated network location, is the largest unit for managing networks with Omada SDN Controller. You can simultaneously configure features for multiple devices at a site.
  • Page 52 Chapter 4 Configure the Network with Omada SDN Controller location. The site is the largest unit for managing the network. • Import Site — Click Import Site to import the site from another controller. • Site Bookmark – Click Bookmark to place frequently-used sites on the top of the list. ■...
  • Page 53 Chapter 4 Configure the Network with Omada SDN Controller Global Search Feature Click and enter the keywords to quickly look up the functions or devices that you want to configure. And you can search for the devices by their MAC addresses and device names. My Account Click the account icon to display account information, Account Settings and Log Out.
  • Page 54 Device displays all TP-Link devices discovered on the site and their general information. This list view can change depending on your monitoring need through customizing the columns. You can click any device on the list to reveal the Properties window for more detailed information of each device and provisioning individual configurations to the device.

  • Page 55: Modify The Current Site Configuration

    Chapter 4 Configure the Network with Omada SDN Controller 4. 2 Modify the Current Site Configuration You can view and modify the configurations of the current site in Site, including the basic site information, centrally-managed device features, and the device account. The features and device account configured here are applied to all devices on the site, so you can easily manage the devices centrally.

  • Page 56: Services

    Chapter 4 Configure the Network with Omada SDN Controller Daylight Saving Time Enable the feature if your country/region implements DST. When it is enabled, the icon will appear on the upper right, showing the DST settings and status. Time Offset Select the time added in minutes when Daylight Saving Time starts. Starts On Specify the time when the DST starts.
  • Page 57 Chapter 4 Configure the Network with Omada SDN Controller Configuration Select a site from the drop-down list of Sites in the top-right corner, go to Settings > Site, and configure the following features for the current site in Services. Click Save. Enable or disable LEDs of all devices in the site. By default, the device follows the LED setting of the site it belongs to.

  • Page 58: Advanced Features

    Chapter 4 Configure the Network with Omada SDN Controller Connectivity Detection (For APs in the mesh network) Specify the method of Connection Detection when mesh is enabled. In a mesh network, the APs can send ARP request packets to a fixed IP address to test the connectivity.
  • Page 59 Chapter 4 Configure the Network with Omada SDN Controller Configuration Select a site from the drop-down list of Organization in the top-right corner, go to Settings > Site, and enable Advanced Features Services first. Then configure the following features in Advanced Features. Click Save. Fast Roaming With this feature enabled, wireless clients that support 802.11k/v can improve fast roaming experience when moving among different APs.
  • Page 60 Chapter 4 Configure the Network with Omada SDN Controller Force-Disassociation With this feature disabled, the AP only issues an 802.11v roaming suggestion when a client’s link quality drops below the predefined threshold and there is a better option of AP, but whether to roam or not is determined by the client. With this feature enabled, the AP will force disassociate the client if it does not re-associate to another AP.

  • Page 61: Device Account

    Chapter 4 Configure the Network with Omada SDN Controller 4. 2. 4 Device Account You can specify a device account for all adopted devices on the site in batches. Once the devices are adopted by the controller, their username and password become the same as settings in Device Account to protect the communication between the controller and devices.

  • Page 62: Configure Wired Networks

    Chapter 4 Configure the Network with Omada SDN Controller 4. 3 Configure Wired Networks Wired networks enable your wired devices and clients including the gateway, switches, EAPs and PCs to connect to each other and to the internet. As shown in the following figure, wired networks consist of two parts: Internet and LAN. Wired Networks Internet Omada Controller...
  • Page 63 Chapter 4 Configure the Network with Omada SDN Controller 1 ) Configure the number of WAN ports on the gateway based on needs. 2 ) Configure WAN Connections. You can set up the IPv4 connection, IPv6 connection, or both. 3 ) (Optional) Configure Load Balancing if more than one WAN port is configured. Select WAN Mode Configure WAN Connections (Optional) Configure Load Balancing...
  • Page 64 Chapter 4 Configure the Network with Omada SDN Controller • Set Up USB Modem Connection USB Modem Display whether a USB modem is connected to the device and the name of the connected USB modem. Config Type Select a configuration type for the USB modem. Auto: Use the Location and Mobile ISP information below for configuration.
  • Page 65 Chapter 4 Configure the Network with Omada SDN Controller Connection Mode Select the connection mode. Connect Automatically: The router will use the USB modem to connect to the internet automatically. Connect Manually: You need to turn on/off the internet manually on the device page, refer to 6.
  • Page 66 Chapter 4 Configure the Network with Omada SDN Controller ■ Dynamic IP 1. Choose Connection Type as Dynamic IP and configure the following parameters. MAC Address Use Default MAC Address: The WAN port uses the default MAC address to set up the internet connection. It’s recommended to use the default MAC address unless required otherwise.
  • Page 67 Chapter 4 Configure the Network with Omada SDN Controller 2. Click + Advanced Settings and configure the following parameters. Then click Apply. Unicast DHCP With this option enabled, the gateway will require the DHCP server to assign the IP address by sending unicast DHCP packets. Usually you need not to enable the option.
  • Page 68 Chapter 4 Configure the Network with Omada SDN Controller ■ Static IP 1. Choose Connection Type as Static IP and configure the following parameters. IP Address Enter the IP address provided by your ISP. Subnet Mask Enter the subnet mask provided by your ISP. Default Gateway Enter the default gateway provided by your ISP.
  • Page 69 Chapter 4 Configure the Network with Omada SDN Controller 2. Click + Advanced Settings and configure the following parameters. Then click Apply. Primary DNS Server / Enter the IP address of the DNS server provided by your ISP if there is any. Secondary DNS Server Specify the MTU (Maximum Transmission Unit) of the WAN port. MTU is the maximum data unit transmitted in the physical network.
  • Page 70 Chapter 4 Configure the Network with Omada SDN Controller ■ PPPoE 1. Choose Connection Type as PPPoE and configure the following parameters. Username Enter the PPPoE username provided by your ISP. Password Enter the PPPoE password provided by your ISP. MAC Address Use Default MAC Address: The WAN port uses the default MAC address to set up the internet connection.
  • Page 71 Chapter 4 Configure the Network with Omada SDN Controller 2. Click + Advanced Settings and configure the following parameters. Then click Apply.
  • Page 72 Chapter 4 Configure the Network with Omada SDN Controller Get IP address from ISP With this option enabled, the gateway gets IP address from ISP when setting up the WAN connection. With this option disabled, you need to specify the IP Address provided by your ISP. Primary DNS Server / Enter the IP address of the DNS server provided by your ISP if there is any.
  • Page 73 Chapter 4 Configure the Network with Omada SDN Controller ■ L2TP Choose Connection Type as L2TP and configure the following parameters. Then click Apply. Username Enter the L2TP username provided by your ISP. Password Enter the L2TP password provided by your ISP.
  • Page 74 Chapter 4 Configure the Network with Omada SDN Controller VPN Server / Domain Name Enter the VPN Server/Domain Name provided by your ISP. Get IP address from ISP With this option enabled, the gateway gets IP address from ISP when setting up the WAN connection. With this option disabled, you need to specify the IP address provided by your ISP.
  • Page 75 Chapter 4 Configure the Network with Omada SDN Controller ■ PPTP Choose Connection Type as PPTP and configure the following parameters. Then click Apply. Username Enter the PPTP username provided by your ISP. Password Enter the PPTP password provided by your ISP. VPN Server / Domain Name Enter the VPN Server/Domain Name provided by your ISP.
  • Page 76 Chapter 4 Configure the Network with Omada SDN Controller Connection Mode Connect Automatically: The gateway activates the connection automatically when the connection is down. You need to specify the Redial Interval, which decides how often the gateway tries to redial after the connection is down. Connect Manually: You can manually activate or terminate the connection.
  • Page 77 Chapter 4 Configure the Network with Omada SDN Controller MAC Address Use Default MAC Address: The WAN port uses the default MAC address to set up the internet connection. It’s recommended to use the default MAC address unless required otherwise. Customize MAC Address: The WAN port uses a customized MAC address to set up the internet connection and you need to specify the MAC address.
  • Page 78 Chapter 4 Configure the Network with Omada SDN Controller ■ Dynamic IP (SLAAC/DHCPv6) Choose Connection Type as Dynamic IP (SLAAC/DHCPv6) and configure the following parameters. Then click Apply. Get IPv6 Address Select the proper method whereby your ISP assigns IPv6 address to your gateway. Automatically: With this option selected, the gateway will automatically select SLAAC or DHCPv6 to get IPv6 addresses.
  • Page 79 Chapter 4 Configure the Network with Omada SDN Controller DNS Address Select whether to get the DNS address dynamically from your ISP or designate the DNS address manually. Get from ISP Dynamically: The DNS address will be automatically assigned by the ISP. Use the Following DNS Addresses: Enter the DNS address provided by the ISP.
  • Page 80 Chapter 4 Configure the Network with Omada SDN Controller ■ PPPoE Choose Connection Type as PPPoE and configure the following parameters. Then click Apply. Share the same PPPoE If your ISP provides only one PPPoE account for both IPv4 and IPv6 connections, session with IPv4 and you have already established an IPv4 connection on this WAN port, you can check the box, then the WAN port will use the PPP session of IPv4 PPPoE connection to get the IPv6 address.
  • Page 81 Chapter 4 Configure the Network with Omada SDN Controller Get IPv6 Address Select the proper method whereby your ISP assigns IPv6 address to your gateway. Automatically: With this option selected, the gateway will automatically select the method to get IPv6 addresses between SLAAC and DHCPv6. SLAAC: With SLAAC (Stateless Address Auto-Configuration) selected, your ISP assigns the IPv6 address prefix to the gateway and the gateway automatically generates its own IPv6 address.
  • Page 82 Chapter 4 Configure the Network with Omada SDN Controller ■ 6to4 Tunnel Choose Connection Type as 6to4 Tunnel and configure the following parameters. Then click Apply. DNS Address Select whether to get the DNS address dynamically from your ISP or designate the DNS address manually. Get from ISP Dynamically: The DNS address will be automatically assigned by the ISP.
  • Page 83 Chapter 4 Configure the Network with Omada SDN Controller Select a site from the drop-down list of Organization. Go to Settings > Wired Networks > Internet load the following page. In Load Balancing, configure the following parameters and click Apply. Load Balancing Weight Specify the ratio of network traffic that each WAN port carries. Alternatively, you can click Pre-Populate to test the speed of WAN ports and...

  • Page 84: Configure Lan Networks

    Chapter 4 Configure the Network with Omada SDN Controller 4. 3. 2 Configure LAN Networks Overview The LAN function allows you to configure wired internal network. Based on 802.1Q VLAN, Omada Controller provides a convenient and flexible way to separate and deploy the network. The network can be logically segmented by departments, application, or types of users, without regard to geographic locations.
  • Page 85 Chapter 4 Configure the Network with Omada SDN Controller Purpose Interface: Create the network with a Layer 3 interface, which is required for inter-VLAN routing. VLAN: Create the network as a Layer 2 VLAN. 3. Configure the parameters according to the purpose for the network.
  • Page 86 Chapter 4 Configure the Network with Omada SDN Controller ■ Interface LAN Interface Select the physical interfaces of the Omada Gateway that this network will be associated with.
  • Page 87 Chapter 4 Configure the Network with Omada SDN Controller VLAN Enter a VLAN ID with the values between 1 and 4090. Each VLAN can be uniquely identified by VLAN ID, which is transmitted and received as IEEE 802.1Q tag in an Ethernet frame. Gateway/Subnet Enter the IP address and subnet mask in the CIDR format. The CIDR Notation here includes the IP address and subnet mask of the default gateway.
  • Page 88 Chapter 4 Configure the Network with Omada SDN Controller Option 66 Enter the value for DHCP Option 66. It specifies the TFTP server information and supports a single TFTP server IP address. Option 138 Enter the value for DHCP Option 138. It is used in discovering the devices by the Omada controller.
  • Page 89 Chapter 4 Configure the Network with Omada SDN Controller DHCP Range Enter the starting and ending IP addresses of the DHCP address pool in the fields provided. For quick operation, click the beside the Gateway/Subnet entry to get the IP address range populated automatically, and edit the range according to your needs.
  • Page 90 Chapter 4 Configure the Network with Omada SDN Controller DNS Server Select a method to configure the DNS server for the network. Auto: With Auto selected, the DHCP server automatically assigns DNS server for devices in the network. Manual: With Manual selected, enter the IP address of a server in each DNS server field. With Pass-Through selected, configure the following parameters.
  • Page 91 Chapter 4 Configure the Network with Omada SDN Controller Create a Network Create a Port Profile Assign the Port Profile to the Ports Note: • Three default port profiles are preconfigured on the controller. They can be viewed, but not edited or deleted. All: In the All profile, all networks except the default network (LAN) are configured as Tagged Network, and the native network is the default network (LAN).
  • Page 92 Chapter 4 Configure the Network with Omada SDN Controller 2. Click + Create New Port Profile to load the following page, and configure the following parameters. Name Enter a name to identify the port profile. Select the PoE mode for the ports. Keep the Device's Settings: PoE keep enabled or disabled according to the switches’...
  • Page 93 Chapter 4 Configure the Network with Omada SDN Controller Native Network Select the native network from all networks. The native network determines the Port VLAN Identifier (PVID) for switch ports. When a port receives an untagged frame, the switch inserts a VLAN tag to the frame based on the PVID, and forwards the frame in the native network.
  • Page 94 Chapter 4 Configure the Network with Omada SDN Controller Loopback Control Loopback refers to the routing of data streams back to their source in the network. You can disable loopback control for the network or choose a method to prevent loopback happening in your network. Off: Disable loopback control on the port. Loopback Detection Port Based: Loopback Detection Port Based helps detect loops that occur on a specific port.
  • Page 95 Chapter 4 Configure the Network with Omada SDN Controller Action When Storm Control selected, select the action that the switch will take when the traffic exceeds its corresponding limit. With Drop selected, the port will drop the subsequent frames when the traffic exceeds the limit. With Shutdown selected, the port will be shutdown when the traffic exceeds the limit.
  • Page 96 Chapter 4 Configure the Network with Omada SDN Controller 1. Go to Devices, and click the switch in the devices list to reveal the Properties window. Go to Ports, you can either click in the Action column to assign the port profile to a single port, or select the desired ports and click Edit Selected on the top to assign the port profile to multiple ports in...

  • Page 97: Configure Wireless Networks

    Chapter 4 Configure the Network with Omada SDN Controller 4. 4 Configure Wireless Networks Wireless networks enable your wireless clients to access the internet. Once you set up a wireless network, your EAPs typically broadcast the network name (SSID) in the air, through which your wireless clients connect to the wireless network and access the internet.
  • Page 98 Chapter 4 Configure the Network with Omada SDN Controller 3. (Optional) If you want to create a new WLAN group based on an existing one, check Copy All SSIDs from the WLAN Group and select the desired WLAN group. Then you can further configure wireless networks based on current settings. 4.
  • Page 99 Chapter 4 Configure the Network with Omada SDN Controller 2. Click + Create New Wireless Network to load the following page. Configure the basic parameters for the network. Note: The 6 GHz band is only available for certain devices. Network Name (SSID) Enter the network name (SSID) to identify the wireless network. The users of wireless clients choose to connect to the wireless network according to the SSID, which appears on the WLAN settings page of wireless clients.
  • Page 100 Chapter 4 Configure the Network with Omada SDN Controller ■ WPA-Enterprise WPA-Enterprise requires an authentication server to authenticate wireless clients, and probably an accounting server to record the traffic statistics. Select a RADIUS Profile, which records the settings of the authentication server and accounting server. You can create a RADIUS Profile by clicking + Create New Radius Profile from the drop-down list of RADIUS Profile.
  • Page 101 Chapter 4 Configure the Network with Omada SDN Controller Select a PPSK Profile, which records the PPSK settings. You can create a PPSK Profile by clicking Create New PPSK Profile from the drop-down list of PPSK Profile. For details, refer to 4. 8. 4 PPSK. ■ PPSK with RADIUS PPSK (private pre-shared key) can provide a unique PSK for each wireless use.
  • Page 102 Chapter 4 Configure the Network with Omada SDN Controller Select a RADIUS Profile, which records the settings of the authentication server and accounting server. You can create a RADIUS Profile by clicking + Create New Radius Profile from the drop-down list of RADIUS Profile. For details, refer to 4.
  • Page 103 Chapter 4 Configure the Network with Omada SDN Controller ■ Apply to a Single EAP Go to Devices, select the EAP. In the Properties window, go to Config > WLANs, select the WLAN group to apply. ■ Apply to EAPs in batch 1. Go to Devices, select the tab, click Batch Action, and then select...

  • Page 104: Advanced Settings

    Chapter 4 Configure the Network with Omada SDN Controller 4. 4. 2 Advanced Settings Select a site from the drop-down list of Organization. Go to Settings > Wireless Networks, click in the ACTION column of the wireless network which you want to configure, and click + Advanced Settings load the following page.

  • Page 105: Wlan Schedule

    Chapter 4 Configure the Network with Omada SDN Controller Protected Management Frames (PMF) provide protection for unicast and multicast management action frames. When Mandatory is selected, non-PMF-capable clients may fail to connect to the network. Disable: Disables PMF for a network. It is not recommended to use this setting, only in case non-PMF-capable clients experience connection issues with the “Capable”...

  • Page 106: 802.11 Rate Control

    Chapter 4 Configure the Network with Omada SDN Controller Configuration Select a site from the drop-down list of Organization. Go to Settings > Wireless Networks, click in the ACTION column of the wireless network which you want to configure, and click + WLAN Schedule load the following page. Enable WLAN schedule and configure the parameters .Then click Apply. Action Radio On: Turn on your wireless network within the time range you set, and turn it off...

  • Page 107: Mac Filter

    Chapter 4 Configure the Network with Omada SDN Controller to your needs, move the slider to determine what bit rates your wireless network allows, and configure the parameters. Then click Apply. Note: The 6 GHz band is only available for certain devices. Disable CCK Rates (1/2/5.5/11 Mbps) Select whether to disable CCK (Complementary Code Keying), the modulation scheme which works with 802.11b devices.

  • Page 108: Ai Wlan Optimization

    Chapter 4 Configure the Network with Omada SDN Controller Configuration Select a site from the drop-down list of Organization. Go to Settings > Wireless Networks, click in the ACTION column of the wireless network which you want to configure, and click + MAC Filter to load the following page.
  • Page 109 Chapter 4 Configure the Network with Omada SDN Controller 1. Select a site from the drop-down list of Organization. Go to Settings > Wireless Networks > WLAN Optimization. 2. Enable Automatic Channel Optimization Automatic Power Optimization on the desired frequency bands, then click Scan and Optimize. The controller will scan the wireless environment to conclude the optimum operation channels and power for the APs.

  • Page 110: Network Security

    Chapter 4 Configure the Network with Omada SDN Controller 4. 5 Network Security Network Security is a portfolio of features designed to improve the usability and ensure the safety of your network and data. Network security services include 4. 5. 1 ACL, 4. 5. 2 URL Filtering, and 4.
  • Page 111 Chapter 4 Configure the Network with Omada SDN Controller 1 ) Create an ACL with the specified type. 2 ) Define packet-filtering criteria of the rule, including protocols, source, and destination, and determine whether to forward the matched packets. ■ Configuring Gateway ACL 1. Select a site from the drop-down list of Organization. Go to Settings >...
  • Page 112 Chapter 4 Configure the Network with Omada SDN Controller Policy Select the action to be taken when a packet matches the rule. Permit: Forward the matched packet. Deny: Discard the matched packet. Protocols Select one or more protocol types to which the rule applies from the drop-down list.
  • Page 113 Chapter 4 Configure the Network with Omada SDN Controller Set the States Type according to your needs: States Type Determine the type of stateful ACL rule. It is recommended to use the default Auto type. Auto (Match Sate New/Established/Related): Match the new, established, and related connection states. Manual: If selected, you can manually specify the connection states to match.
  • Page 114 Chapter 4 Configure the Network with Omada SDN Controller ■ Configuring Switch ACL 1. Select a site from the drop-down list of Organization. Go to Settings > Network Security > ACL. Under the Switch ACL tab, click to load the following page.
  • Page 115 Chapter 4 Configure the Network with Omada SDN Controller 2. Define packet-filtering criteria of the rule, including protocols, source, and destination, and determine whether to forward the matched packets. Refer to the following table to configure the required parameters. Name Enter a name to identify the ACL. Status Click the checkbox to enable the ACL.
  • Page 116 Chapter 4 Configure the Network with Omada SDN Controller IPv6-Port Group Select the IPv6-Port Group you have created. If no IPv6-Port Groups have been created, click +Create on this page or go to Settings > Profiles > Groups to create one. The switch will examine whether the source IP address and port number of the packet are in the IPv6-Port Group.
  • Page 117 Chapter 4 Configure the Network with Omada SDN Controller ■ Configuring EAP ACL 1. Select a site from the drop-down list of Organization. Go to Settings > Network Security > ACL. Under the EAP ACL tab, click to load the following page. 2. Define packet-filtering criteria of the rule, including protocols, source, and destination, and determine whether to forward the matched packets.
  • Page 118 Chapter 4 Configure the Network with Omada SDN Controller Policy Select the action to be taken when a packet matches the rule. Permit: Forward the matched packet. Deny: Discard the matched packet. Protocols Select one or more protocol types to which the rule applies from the drop-down list.

  • Page 119: Url Filtering

    Chapter 4 Configure the Network with Omada SDN Controller IP-Port Group Select the IP-Port Group you have created. If no IP-Port Groups have been created, click +Create on this page or go to Settings > Profiles > Groups to create one. The EAP will examine whether the destination IP address and port number of the packet are in the IP-Port Group.
  • Page 120 Chapter 4 Configure the Network with Omada SDN Controller ■ Configuring Gateway Rules 1. Select a site from the drop-down list of Organization. Go to Settings > Network Security > Filtering. Under the Gateway Rules tab, click to load the following page. 2. Define filtering criteria of the rule, including source and URLs, and determine whether to forward the matched packets.
  • Page 121 Enter the URL address using up to 128 characters. URL address should be given in a valid format. The URL which contains a wildcard(*) is supported. One URL with a wildcard(*) can match mutiple subdomains. For example, with *.tp-link.com specified, community.tp-link.com will be matched. ■ Configuring EAP Rules 1.

  • Page 122: Attack Defense

    URL address should be given in a valid format. The URL which contains a wildcard(*) is supported. One URL with a wildcard(*) can match mutiple subdomains. For example, with *.tp-link.com specified, community.tp-link.com will be matched. 4. 5. 3 Attack Defense...
  • Page 123 Chapter 4 Configure the Network with Omada SDN Controller Configuration ■ Configuring Flood Defense Select a site from the drop-down list of Organization. Go to Settings > Network Security > Attack Defense. In the Flood Defense, click the checkbox and set the corresponding limit of the rate at which specific packets are received.
  • Page 124 Chapter 4 Configure the Network with Omada SDN Controller Stationary Source TCP A TCP SYN flood attack occurs when the attacker sends the target system with a SYN Flood succession of SYN (synchronize) requests. When the system responds, the attacker does not complete the connections, thus leaving the connection half-open and flooding the system with SYN messages.
  • Page 125 Chapter 4 Configure the Network with Omada SDN Controller ■ Configuring Packet Anomaly Defense Select a site from the drop-down list of Organization. Go to Settings > Network Security > Attack Defense. In the Packet Anomaly Defense, click the checkbox and set the corresponding limit of the rate at which specific packets are received.

  • Page 126: Firewall

    Chapter 4 Configure the Network with Omada SDN Controller Block TCP Scan (Stealth With this option enabled, the gateway will block the anomalous packets in the FIN/Xmas/Null) following attack scenarios: Stealth FIN Scan: The attacker sends the packet with its SYN field and the FIN field set to 1.
  • Page 127 Chapter 4 Configure the Network with Omada SDN Controller Options, you can further configure the gateway to prevent attacks like SYN flood attacks and broadcast ping. Configuration ■ Configuring State Timeouts Select a site from the drop-down list of Organization. Go to Settings > Network Security >...

  • Page 128: Ip-Mac Binding

    Chapter 4 Configure the Network with Omada SDN Controller TCP Last ACK The TCP Last ACK status will be closed if there is no response after the set time. TCP SYN Recv The TCP SYN (Synchronize) Recv status will be closed if there is no response after the set time.
  • Page 129 Chapter 4 Configure the Network with Omada SDN Controller on the false ARP packets and record wrong mapping entries, which results in a breakdown of normal communication. Anti ARP Spoofing can protect the network from ARP spoofing attacks. It works based on the IP-MAC Binding. These entries record the correct one-to-one relationships between IP addresses and MAC addresses.
  • Page 130 Chapter 4 Configure the Network with Omada SDN Controller 3. Click Create New IP-MAC Binding Entry and add an IP-MAC binding entry. Click Apply. IP Address Specify the IP address to be bound. MAC Address Specify the MAC address to be bound. Interface Select the interface on which the entries will take effect. Description Enter a description for identification.

  • Page 131: Transmission

    Chapter 4 Configure the Network with Omada SDN Controller 4. 6 Transmission Transmission helps you control network traffic in multiple ways. You can add policies and rules to control transmission routes and limit the session and bandwidth. 4. 6. 1 Routing Overview ■ Static Route Network traffic is oriented to a specific destination, and Static Route designates the next hop or interface where to forward the traffic.
  • Page 132 Chapter 4 Configure the Network with Omada SDN Controller Destination IP/Subnet Destination IP/Subnet identifies the network traffic which the Static Route entry controls. Specify the destination of the network traffic in the format of 192.168.0.1/24. You can click + Add Subnet to specify multiple Destination IP/ Subnets and click to delete them.
  • Page 133 Chapter 4 Configure the Network with Omada SDN Controller ■ Policy Routing 1. Go to Setting > Transmission > Routing > Policy Routing. Click + Create New Routing to load the following page and configure the parameters. Name Enter the name to identify the Policy Routing entry. Status Enable or disable the Policy Routing entry.

  • Page 134: Nat

    Chapter 4 Configure the Network with Omada SDN Controller Routing Legend The Policy Routing entry takes effect only when the traffic using specified protocols matches the source and destination which are specified in the Routing Legend. Select the type of the traffic source and destination. Network: Select the LAN Interfaces for the traffic source or destination. Group: Select the IP Group for the traffic source or destination.
  • Page 135 Chapter 4 Configure the Network with Omada SDN Controller Configuration ■ Port Forwarding 1. Go to Setting > Transmission > > Port Forwarding. Click + Create New Rule to load the following page and configure the parameters. Name Enter the name to identify the Port Forwarding rule. Status Enable or disable the Port Forwarding rule.
  • Page 136 Chapter 4 Configure the Network with Omada SDN Controller With DMZ enabled, all the traffic is forwarded to the Destination IP in the LAN, port to port. You need to specify the Destination With DMZ disabled, only the traffic which matches the Source Port and the Protocol is forwarded.
  • Page 137 Chapter 4 Configure the Network with Omada SDN Controller FTP ALG FTP ALG allows the FTP server and client to transfer data using the FTP protocol in one of the following scenarios: • The FTP server is in the LAN, while the FTP client is on the internet. •...
  • Page 138 Chapter 4 Configure the Network with Omada SDN Controller ■ One-to-One NAT 1. Go to Setting > Transmission > > One-to-One NAT. Click + Create New Rule to load the following page and configure the parameters. Name Enter the name to identify the one-to-one NAT rule. Status Enable or disable the one-to-one NAT rule.

  • Page 139: Session Limit

    Chapter 4 Configure the Network with Omada SDN Controller 4. 6. 3 Session Limit Overview Session Limit optimizes network performance by limiting the maximum sessions of specific sources. Configuration 1. Go to Setting > Transmission > Session Limit. In Session Limit, enable Session Limit globally and click Apply.

  • Page 140: Bandwidth Control

    Chapter 4 Configure the Network with Omada SDN Controller Source Type Network: Limit the maximum sessions of specific LAN networks. With this option selected, select the networks, which you can customize in Wired Networks > Networks. For detailed configuration of networks, refer to 4. 3. 2 Configure LAN Networks.
  • Page 141 Chapter 4 Configure the Network with Omada SDN Controller Threshold Control With Threshold Control enabled, Bandwidth Control takes effect only when total bandwidth usage reaches the specified percentage. You need to specify the total Upstream Bandwidth and Downstream Bandwidth of the WAN ports. It’s recommended to use the Test Speed tool to decide the actual Upstream Bandwidth and Downstream Bandwidth.

  • Page 142: Quality Of Services

    Chapter 4 Configure the Network with Omada SDN Controller Upstream Bandwidth Specify the limit of Upstream Bandwidth, which the specific local hosts use to transmit traffic to the internet through the gateway. Downstream Bandwidth Specify the limit of Downstream Bandwidth, which the specific local hosts use to receive traffic from the internet through the gateway.
  • Page 143 Chapter 4 Configure the Network with Omada SDN Controller 2. Click Create New Rule. 3. Configure the parameters and click Apply. WAN Interface Select the WAN port. You can configure the QoS rule for a WAN port only when the port is enabled. Quality of Service Enable or disable QoS for the current entry.
  • Page 144 Chapter 4 Configure the Network with Omada SDN Controller Limited Bandwidth When UDP Bandwidth Control is enabled, specify the bandwidth ratio of UDP at each Ratio level of class1/2/3/other. Outbound TCP ACK Check the box to prioritize outbound TCP ACK packets. This function ensures that Prioritize traffic is not slowed down by remote hosts waiting for ACK packets before sending further traffic.
  • Page 145 Chapter 4 Configure the Network with Omada SDN Controller 2. Click Create New Class Rule. 3. Configure the parameters and click Apply. Status Check the box to enable the rule. IP Version Specify the protocol version: IPv4 or IPv6. Local Address Match the source IP address of the traffic. For IPv4 protocol, you can use the IP Group object configured in the Profiles >...
  • Page 146 Chapter 4 Configure the Network with Omada SDN Controller Configuration 1. Select a site from the drop-down list of Organization. Go to Setting > Transmission > Quality of Services > VoIP Prioritization. 2. Enable the first priority for VoIP SIP/RTP and enter the SIP UDP port. Then apply the settings. Enable the First Priority Check the box to enable prioritize VoIP traffic.

  • Page 147: Configure Vpn

    Chapter 4 Configure the Network with Omada SDN Controller 4. 7 Configure VPN VPN (Virtual Private Network) provides a means for secure communication between remote computers across a public wide area network (WAN), such as the internet. Omada managed gateways supports various types of VPN. 4. 7. 1 Overview VPN (Virtual Private Network) gives remote LANs or users secure access to LAN resources over a public network such as the internet.
  • Page 148 Chapter 4 Configure the Network with Omada SDN Controller There are many variations of virtual private networks, with the majority based on two main models: ■ Site-to-Site VPN A Site-to-Site VPN creates a connection between two networks at different geographic locations. Typically, headquarters set up Site-to-Site VPN with the subsidiary to provide the branch office with access to the headquarters’...
  • Page 149 Chapter 4 Configure the Network with Omada SDN Controller When the remote user’s gateway works as the VPN client, the gateway helps create VPN tunnels between its connected hosts and the VPN server. The gateway which functions as a VPN client can use L2TP, PPTP, or OpenVPN as the tunneling protocol. Client-to-Site VPN: Scenario 1 Gateway (Client) Gateway (Server)
  • Page 150 Chapter 4 Configure the Network with Omada SDN Controller Here is the infographic to provide a quick overview of VPN solutions. Create a VPN Policy Select the purpose of the VPN Site-to-Site VPN Branch Office Headquarters Auto IPsec VPN The controller automatically creates an IPsec VPN tunnel between two sites on the same controller.
  • Page 151 Chapter 4 Configure the Network with Omada SDN Controller Configuration To complete the VPN configuration, follow these steps: 1 ) Create a new VPN policy and select the purpose of the VPN according to your needs. Select Site- to-Site if you want the network connected to another. Select Client-to-Site if you want some hosts connected to the network.
  • Page 152 Chapter 4 Configure the Network with Omada SDN Controller Remote Site Select the site on the other end of the Auto IPsec VPN tunnel. Make sure that the selected remote site has an online Omada managed gateway within the same controller. • Configuring Manual IPsec VPN 1.
  • Page 153 Chapter 4 Configure the Network with Omada SDN Controller Purpose Select the purpose for the VPN as Site-to-Site VPN. VPN Type Select the VPN type as Manual IPsec. Remote Gateway Enter an IP address or a domain name as the gateway on the remote peer of the VPN tunnel.
  • Page 154 Chapter 4 Configure the Network with Omada SDN Controller 3. Click Advanced Settings to load the following page. Advanced settings include Phase-1 settings and Phase-2 settings. Phase-1 is used to set up a secure encrypted channel which the two peers can negotiate Phase-2, and then establish the IKE Security Associations (IKE SA).
  • Page 155 Chapter 4 Configure the Network with Omada SDN Controller define what traffic can go through the VPN, and how to encrypt and authenticate the traffic, then establish the IPsec Security Associations (IPsec SA). Refer to the following table to complete the configurations according to your actual needs and click Create.
  • Page 156 Chapter 4 Configure the Network with Omada SDN Controller Local ID Type Specify the type of Local ID which indicates the authentication identifier sent to the peer for IKE negotiation. IP Address: Select IP Address to use the IP address for authentication. Name: Select Name, and then enter the name in the Local ID field to use the name as the ID for authentication.
  • Page 157 Chapter 4 Configure the Network with Omada SDN Controller Proposal Specify the proposal for IKE negotiation phase-2. An IPsec proposal lists the encryption algorithm, authentication algorithm and protocol to be negotiated with the remote IPsec peer. Note that both peer gateways must be configured to use the same Proposal. Select the DH group to enable PFS (Perfect Forward Security) for IKE mode, then the key generated in phase-2 will be irrelevant with the key in phase-1, which enhance the network security.
  • Page 158 Chapter 4 Configure the Network with Omada SDN Controller • Configuring the gateway as a VPN server using L2TP 1. Select a site from the drop-down list of Organization. Go to Settings > VPN. Click to load the following page. 2. Enter a name to identify the VPN policy and select the purpose as Client-to-Site VPN. Refer to the following table to configure the required parameters and click Create.
  • Page 159 Chapter 4 Configure the Network with Omada SDN Controller IPsec Encryption Specify whether to enable the encryption for the tunnel. Encrypted: Select Encrypted to encrypt the L2TP tunnel by IPsec (L2TP over IPsec). With Encrypted selected, enter the Pre-shared Key for IKE authentication. VPN server and VPN client must use the same pre-shared secret key for authentication.
  • Page 160 Chapter 4 Configure the Network with Omada SDN Controller • Configuring the gateway as a VPN server using PPTP 1. Select a site from the drop-down list of Organization. Go to Settings > VPN. Click to load the following page. 2. Enter a name to identify the VPN policy and select the purpose as Client-to-Site VPN. Refer to the following table to configure the required parameters and click Create.
  • Page 161 Chapter 4 Configure the Network with Omada SDN Controller Local Network Type Specify whether to apply the VPN policy to specific local networks or IP addresses. Network: Specify the local networks of the VPN tunnel. The VPN policy will be only applied to the selected local networks. Custom IP: Specify the IP addresses of the VPN tunnel.
  • Page 162 Chapter 4 Configure the Network with Omada SDN Controller Name Enter a name to identify the VPN policy. Status Click the checkbox to enable the VPN policy. Purpose Select the purpose for the VPN as Client-to-Site VPN. VPN Type Select the VPN type as VPN Server - IPsec.
  • Page 163 Chapter 4 Configure the Network with Omada SDN Controller 3. Click Advanced Settings to load the following page. Advanced settings include Phase-1 settings and Phase-2 settings. Phase-1 is used to set up a secure encrypted channel which the two peers can negotiate Phase-2, and then establish the IKE Security Associations (IKE SA).
  • Page 164 Chapter 4 Configure the Network with Omada SDN Controller define what traffic can go through the VPN, and how to encrypt and authenticate the traffic, then establish the IPsec Security Associations (IPsec SA). Refer to the following table to complete the configurations according to your actual needs and click Create.
  • Page 165 Chapter 4 Configure the Network with Omada SDN Controller Local ID Type Specify the type of Local ID which indicates the authentication identifier sent to the peer for IKE negotiation. IP Address: Select IP Address to use the IP address for authentication. Name: Select Name, and then enter the name in the Local ID field to use the name as the ID for authentication.
  • Page 166 Chapter 4 Configure the Network with Omada SDN Controller Proposal Specify the proposal for IKE negotiation phase-2. An IPsec proposal lists the encryption algorithm, authentication algorithm and protocol to be negotiated with the remote IPsec peer. Note that both peer gateways must be configured to use the same Proposal. Select the DH group to enable PFS (Perfect Forward Security) for IKE mode, then the key generated in phase-2 will be irrelevant with the key in phase-1, which enhance the network security.
  • Page 167 Chapter 4 Configure the Network with Omada SDN Controller Purpose Select the purpose for the VPN as Client-to-Site VPN. VPN Type Select the VPN type as VPN Server - OpenVPN. Account Password Specify whether VPN clients need to enter a user account to access the VPN tunnel.
  • Page 168 Chapter 4 Configure the Network with Omada SDN Controller • Configuring the gateway as a VPN client using L2TP 1. Select a site from the drop-down list of Organization. Go to Settings > VPN. Click to load the following page. 2. Enter a name to identify the VPN policy and select the purpose as Client-to-Site VPN. Refer to the following table to configure the required parameters and click Create.
  • Page 169 Chapter 4 Configure the Network with Omada SDN Controller Working Mode Specify the Working Mode as NAT or Routing. NAT: With NAT (Network Address Translation) mode selected, the L2TP client uses the assigned IP address as its source addresses of original IP header when forwarding L2TP packets. Routing: With Routing selected, the L2TP client uses its own IP address as its source addresses of original IP header when forwarding L2TP packets.
  • Page 170 Chapter 4 Configure the Network with Omada SDN Controller • Configuring the gateway as a VPN client using PPTP 1. Select a site from the drop-down list of Organization. Go to Settings > VPN. Click to load the following page. 2. Enter a name to identify the VPN policy and select the purpose as Client-to-Site VPN. Refer to the following table to configure the required parameters and click Create.
  • Page 171 Chapter 4 Configure the Network with Omada SDN Controller Working Mode Specify the Working Mode as NAT or Routing. NAT: With NAT (Network Address Translation) mode selected, the PPTP client uses the assigned IP address as its source addresses of original IP header when forwarding PPTP packets. Routing: With Routing selected, the PPTP client uses its own IP address as its source addresses of original IP header when forwarding PPTP packets.
  • Page 172 Chapter 4 Configure the Network with Omada SDN Controller • Configuring the gateway as a VPN client using OpenVPN 1. Select a site from the drop-down list of Organization. Go to Settings > VPN. Click to load the following page. 2. Enter a name to identify the VPN policy and select the purpose as Client-to-Site VPN. Refer to the following table to configure the required parameters and click Create.

  • Page 173: Vpn User

    Chapter 4 Configure the Network with Omada SDN Controller Remote Server Enter the IP address or domain name of the OpenVPN server. Local Network Type Specify whether to apply the VPN policy to specific local networks or IP addresses. Network: Specify the local networks of the VPN tunnel. The VPN policy will be only applied to the selected local networks.
  • Page 174 Chapter 4 Configure the Network with Omada SDN Controller 2. Specify the parameters and click Create. Username Enter the username used for the VPN tunnel. The client use the username for the validation before accessing the network. Password Enter the password of user. The client uses the password for the validation before accessing the network.

  • Page 175: Ssl Vpn

    Chapter 4 Configure the Network with Omada SDN Controller To edit or delete the VPN users, click the icon in the Action column. You can further filter the entries based on the VPN Server. Filter the entries. View and edit the account information of users. Delete the VPN user. 4.
  • Page 176 Chapter 4 Configure the Network with Omada SDN Controller 1. Select a site from the drop-down list of Organization. Go to Settings > > SSL VPN > SSL VPN Server. Enable SSL VPN Server. 2. Configure the parameters according to your needs. Click Apply. Select the port for the SSL VPN server to listen on, and the VPN tunnel will take effect on the port.
  • Page 177 Chapter 4 Configure the Network with Omada SDN Controller Authentication Type Select the authentication for the clients: Local Authentication RADIUS Authentication. If you selected RADIUS Authentication, configure the following parameters: RADIUS Server: Select a RADIUS server profile. Authentication Type: Select the authentication protocol for the RADIUS server. Max Requests: Specify the maximum number of requests sent when no response is received.
  • Page 178 Chapter 4 Configure the Network with Omada SDN Controller 3. Click Export Certificate, enter the WAN IP/Domain Name to access the VPN, then click Export. The VPN configuration file will be exported for clients to access the VPN. ■ Resource Management In Tunnel Resources, you can configure the resources the clients can access through the VPN tunnel, including IP range and domain name.
  • Page 179 Chapter 4 Configure the Network with Omada SDN Controller 2. Click Create New Tunnel Resource to load the following page. Configure the parameters and click Confirm. Name Specify a name for the entry. Resource Type Select the type for the resources: IP Address Domain Name. If you selected Address, configure the following parameters: IP/Mask: Specify IP range the clients can access.
  • Page 180 Chapter 4 Configure the Network with Omada SDN Controller Resources Select the resources for the group. ■ User Group In User Group, you can add multiple users to a group for better management. 1. Select a site from the drop-down list of Organization. Go to Settings >...
  • Page 181 Chapter 4 Configure the Network with Omada SDN Controller 2. Click Create New User to load the following page. Configure the parameters and click Confirm. Username Specify the username a client used for login. Password Specify the password a client used for login. Max Concurrent Users Specify the maximum number of clients using the username for login concurrently.

  • Page 182: Wireguard Vpn

    Chapter 4 Configure the Network with Omada SDN Controller 2. Click Add Locked Out User to load the following page. Configure the parameters and click Confirm. Type Specify the locked out type. If you selected Username, specify the username of a locked out user. If you selected Address, specify the IP address of a locked out user.
  • Page 183 Chapter 4 Configure the Network with Omada SDN Controller 2. Click Create New WireGuard. Configure the parameters and click Apply. Name Specify the name that identifies the WireGuard interface. Status Specify whether to enable the WireGuard interface. Specify the MTU value of the WireGuard interface. The default value 1420 is recommended.
  • Page 184 Chapter 4 Configure the Network with Omada SDN Controller 2. Click Create New Peer. Configure the parameters and click Apply. Name Specify the name that identifies the peer. Status Specify whether to enable the peer. Interface Specify the WireGuard interface to which the peer belongs. Endpoint Specify the IP address of the peer.

  • Page 185: Create Profiles

    Chapter 4 Configure the Network with Omada SDN Controller 4. 8 Create Profiles Profiles section is used to configure and record your custom settings for site configurations. It includes Time Range and Groups profiles. In Time Range section, you can configure time templates for wireless schedule, PoE schedule, etc. In Groups section, you can configure groups based on IP, IP-Port and MAC addresses for ACL, Routing, NAT, etc.
  • Page 186 Chapter 4 Configure the Network with Omada SDN Controller them to site configuration. To apply the customized time range profiles in configuration, refer to 4. 3 WLAN Schedule, and 4. 10. 8 PoE Schedule. Name Enter a name for the new entry, and it is a string with 1 to 64 ASCII symbols. Day Mode Select Every...

  • Page 187: Groups

    Chapter 4 Configure the Network with Omada SDN Controller Edit the parameters in the entry. Delete the entry. 4. 8. 2 Groups Overview Groups section allows you to customize client groups based on IP, IP-Port, or MAC Address. You can set different rules for the groups profiles which can be shared and applied to ACL, Routing, NAT, etc. in site configuration.
  • Page 188 Chapter 4 Configure the Network with Omada SDN Controller ■ Based on IP Group To configure a group profile based on IP Group, you are required to specify the IP subnets, while subnet mask is optional. You can click +Add Subnet to add new subnets, and click to delete them.
  • Page 189 Chapter 4 Configure the Network with Omada SDN Controller ■ Based on IP-Port Group To configure a group profile based on IP-Port Group, you are required to specify IP-Port type and the port(s) for the entry, while it is optional to specify the IP subnet(s). If you only specify the port(s) without entering any IP subnet, it means the group contains the specified port(s) for all IPs.
  • Page 190 Chapter 4 Configure the Network with Omada SDN Controller ■ Based on MAC Group To configure a group profile based on MAC Group, you are required to enter MAC Address(es) in the MAC Addresses List. There are three ways to add MAC address(es) to the MAC Addresses List. Add MAC address singly.

  • Page 191: Rate Limit

    Chapter 4 Configure the Network with Omada SDN Controller Add MAC addresses in batches. You can enter the MAC addresses and names in the input box or import them with files in the format of Excel, txt, and text. If you want to use the newly added MAC address(es) and names when they conflict with the existing ones, click the to allow it to override the current MAC Access Control List.
  • Page 192 Chapter 4 Configure the Network with Omada SDN Controller Configuration To configure the rate limit profiles, follow these steps: 1. Select a site from the drop-down list of Organization. Go to Settings > Profiles > Rate Limit. By default, there is an entry with no limits, and it can not be deleted. Click +Create New Rate Limit Profile to add a new group entry.

  • Page 193: Ppsk

    Chapter 4 Configure the Network with Omada SDN Controller You can view the name, download limit, and upload limit in the list. To view, edit or delete the rate limit profile, click the icon in the Action column. View and edit the parameters in the entry. You cannot change the type when editing the entry. Delete the entry.
  • Page 194 Chapter 4 Configure the Network with Omada SDN Controller 2. Enter a name for the new profile. Click +Add to add new entries in the PPSK profile or click Import to import entries in batches from a file. Enter the parameters and click Apply to save the PPSK information. Name Enter a name to identify the created PPSK.
  • Page 195 Chapter 4 Configure the Network with Omada SDN Controller You can view the name and which wireless network (SSID) the PPSK profile is applied to in the list. To view, edit or delete the PPSK profile, click the icon in the Action column. View and edit the parameters in the entry. Delete the entry.

  • Page 196: Authentication

    Chapter 4 Configure the Network with Omada SDN Controller 4. 9 Authentication Authentication is a portfolio of features designed to authorize network access to clients, which enhances the network security. Authentication services include 4. 9. 1 Portal, 4. 9. 2 802.1X 4. 9. 3 MAC-Based Authentication, covering all the needs to authenticate both wired and wireless clients. 4.
  • Page 197 Chapter 4 Configure the Network with Omada SDN Controller • Clients can get verification codes using their mobile phones and enter the received codes to pass the authentication. • RADIUS Clients are required to enter the correct username and password which are stored in the RADIUS server to pass the authentication.
  • Page 198 Chapter 4 Configure the Network with Omada SDN Controller 3 ) Customize the Portal page including the background picture, logo picture and so on. 4 ) (Optional) Configure access control policies including Pre-Authentication Access and Authentication-Free Clients if needed. The following part introduces how to configure each type of Portal authentication: Authentication, Simple Password,...
  • Page 199 Chapter 4 Configure the Network with Omada SDN Controller Daily Limit Click the checkbox to enable Daily Limit. With this feature enabled, after authentication times out, clients cannot get authenticated again until the next day. With this feature disabled, after authentication times out, clients can get authenticated again without limit.
  • Page 200 Chapter 4 Configure the Network with Omada SDN Controller logo picture and so on. Type Select the type of the Portal page. Edit Current Page: Edit the related parameters to customize the Portal page based on the provided page. Import Customized Page: Click to import your unique Portal page for branding it as per your business.
  • Page 201 Chapter 4 Configure the Network with Omada SDN Controller Default Language Select the default language displayed on the Portal page. The controller automatically adjusts the language displayed on the Portal page according to the system language of the clients. If the language is not supported, the controller will use the default language specified here.
  • Page 202 Chapter 4 Configure the Network with Omada SDN Controller Click Advertisement Options and customize advertisement pictures on the authentication page. Advertisement Click the checkbox to enable the Advertisement feature. With this feature enabled, you can add advertisement pictures on the authentication page. These advertisement pictures will be displayed before the login page appears. Picture Resource Click and select pictures from your PC as the advertisement pictures.
  • Page 203 Chapter 4 Configure the Network with Omada SDN Controller 4. (Optional) Configure access control rules including Pre-Authentication Access and Authentication- Free Policy if needed. Go to Settings > Authentication > Portal. On Access Control tab, click the checkbox to enable Pre-Authentication Access and Authentication-Free Policy. Pre-Authentication Click the checkbox to enable Pre-Authentication Access.
  • Page 204 Chapter 4 Configure the Network with Omada SDN Controller ■ Configuring Portal with Simple Password 1. Select a site from the drop-down list of Organization. Go to Settings > Authentication > Portal. On Portal tab, click to create new portal entry. Then click to enable Portal and load the following page.
  • Page 205 Chapter 4 Configure the Network with Omada SDN Controller Landing Page Select which page the client will be redirected to after a successful authentication. The Original URL: Clients are directed to the URL they request for after they pass Portal authentication. The Promotional URL: Clients are directed to the specified URL here after they pass Portal authentication.
  • Page 206 Chapter 4 Configure the Network with Omada SDN Controller 3. In the Portal Customization section, customize the Portal page including the background picture, logo picture and so on.
  • Page 207 Chapter 4 Configure the Network with Omada SDN Controller Type Select the type of the Portal page. Edit Current Page: Edit the related parameters to customize the Portal page based on the provided page. Import Customized Page: Click to import your unique Portal page for branding it as per your business.
  • Page 208 Chapter 4 Configure the Network with Omada SDN Controller Click Advertisement Options and customize advertisement pictures on the authentication page. Advertisement Click the checkbox to enable the Advertisement feature. With this feature enabled, you can add advertisement pictures on the authentication page. These advertisement pictures will be displayed before the login page appears. Picture Resource Click and select pictures from your PC as the advertisement pictures.
  • Page 209 Chapter 4 Configure the Network with Omada SDN Controller 4. (Optional) Configure access control rules including Pre-Authentication Access and Authentication- Free Policy if needed. Go to Settings > Authentication > Portal. On Access Control tab, click the checkbox to enable Pre-Authentication Access and Authentication-Free Policy. Pre-Authentication Click the checkbox to enable Pre-Authentication Access.
  • Page 210 Chapter 4 Configure the Network with Omada SDN Controller ■ Configuring Portal with Hotspot 1. Select a site from the drop-down list of Organization. Go to Settings > Authentication > Portal. On Portal tab, click to create new portal entry. Then click to enable Portal and load the following page.
  • Page 211 Chapter 4 Configure the Network with Omada SDN Controller 3. With different types of Hotspot selected, configure the related parameters. • Configuring Voucher Portal Voucher Select Voucher and click to manage the voucher codes. Refer to 7. 2. 2 Vouchers for detailed information about how to create vouchers. •...
  • Page 212 Chapter 4 Configure the Network with Omada SDN Controller Authentication Timeout Select the login duration. The client needs to log in again on the web authentication page to access the network. Preset Country Code Enter the default country code that will be filled automatically on the authentication page.
  • Page 213 Chapter 4 Configure the Network with Omada SDN Controller Receiver Port Specify the port on which the controller listens when there are disconnect requests from the RADIUS server. Make sure that the specified port is not in use. Status The entry displays the status of the receiver port, including Running, Disabled, and Error.
  • Page 214 Chapter 4 Configure the Network with Omada SDN Controller 4. In the Portal Customization section, customize the Portal page including the background picture, logo picture and so on.
  • Page 215 Chapter 4 Configure the Network with Omada SDN Controller Type Select the type of the Portal page. Edit Current Page: Edit the related parameters to customize the Portal page based on the provided page. Import Customized Page: Click to import your unique Portal page for branding it as per your business.
  • Page 216 Chapter 4 Configure the Network with Omada SDN Controller Click Advertisement Options and customize advertisement pictures on the authentication page. Advertisement Click the checkbox to enable the Advertisement feature. With this feature enabled, you can add advertisement pictures on the authentication page. These advertisement pictures will be displayed before the login page appears. Picture Resource Click and select pictures from your PC as the advertisement pictures.
  • Page 217 Chapter 4 Configure the Network with Omada SDN Controller 5. (Optional) Configure access control rules including Pre-Authentication Access and Authentication- Free Policy if needed. Go to Settings > Authentication > Portal. On Access Control tab, click the checkbox to enable Pre-Authentication Access and Authentication-Free Policy. Pre-Authentication Click the checkbox to enable Pre-Authentication Access.
  • Page 218 Chapter 4 Configure the Network with Omada SDN Controller ■ Configuring Portal with External RADIUS Server 1. Select a site from the drop-down list of Organization. Go to Settings > Authentication > Portal. Click to enable Portal and load the following page. 2. Select the SSIDs and LAN networks for the portal to take effect on and configure basic parameters including authentication type, authentication timeout and so on.
  • Page 219 Chapter 4 Configure the Network with Omada SDN Controller Authentication Timeout Select the login duration. Clients will be off-line after the authentication timeout. RADIUS Profile Select the RADIUS profile you have created. If no RADIUS profiles have been created, click from the drop-down list or to create one. The RADIUS profile records information of the RADIUS server including the IP address, port and so on.
  • Page 220 Chapter 4 Configure the Network with Omada SDN Controller 3. If you choose Local Web Portal which is provided by the built-in portal server of the controller, customize the Portal page in the Portal Customization section, including the background picture, logo picture and so on. Type Select the type of the Portal page.
  • Page 221 Chapter 4 Configure the Network with Omada SDN Controller Default Language Select the default language displayed on the Portal page. The controller automatically adjusts the language displayed on the Portal page according to the system language of the clients. If the language is not supported, the controller will use the default language specified here.
  • Page 222 Chapter 4 Configure the Network with Omada SDN Controller Click Advertisement Options and customize advertisement pictures on the authentication page. Advertisement Click the checkbox to enable the Advertisement feature. With this feature enabled, you can add advertisement pictures on the authentication page. These advertisement pictures will be displayed before the login page appears. Picture Resource Click and select pictures from your PC as the advertisement pictures.
  • Page 223 Chapter 4 Configure the Network with Omada SDN Controller 4. (Optional) Configure access control rules including Pre-Authentication Access and Authentication- Free Policy if needed. Go to Settings > Authentication > Portal. On Access Control tab, click the checkbox to enable Pre-Authentication Access and Authentication-Free Policy. Pre-Authentication Click the checkbox to enable Pre-Authentication Access.
  • Page 224 Chapter 4 Configure the Network with Omada SDN Controller ■ Configuring Portal with External Portal Server 1. Select a site from the drop-down list of Organization. Go to Settings > Authentication > Portal. On Portal tab, click to create new portal entry. Then click to enable Portal and load the following page.
  • Page 225 Chapter 4 Configure the Network with Omada SDN Controller 3. (Optional) Configure access control rules including Pre-Authentication Access and Authentication- Free Policy if needed. Go to Settings > Authentication > Portal. On Access Control tab, click the checkbox to enable Pre-Authentication Access and Authentication-Free Policy. Pre-Authentication Click the checkbox to enable Pre-Authentication Access.
  • Page 226 Chapter 4 Configure the Network with Omada SDN Controller 1. Select a site from the drop-down list of Organization. Go to Settings > Authentication > Portal. Click to enable Portal and load the following page. 2. Select the SSIDs and LAN networks for the portal to take effect on and configure basic parameters. SSID &...
  • Page 227 Chapter 4 Configure the Network with Omada SDN Controller 3. In the Portal Customization section, customize the Portal page including the background picture, logo picture and so on. Type Select the type of the Portal page. Edit Current Page: Edit the related parameters to customize the Portal page based on the provided page.
  • Page 228 Chapter 4 Configure the Network with Omada SDN Controller Default Language Select the default language displayed on the Portal page. The controller automatically adjusts the language displayed on the Portal page according to the system language of the clients. If the language is not supported, the controller will use the default language specified here.
  • Page 229 Chapter 4 Configure the Network with Omada SDN Controller Click Advertisement Options customize advertisement pictures on the authentication page. Advertisement Click the checkbox to enable the Advertisement feature. With this feature enabled, you can add advertisement pictures on the authentication page. These advertisement pictures will be displayed before the login page appears. Picture Resource Click and select pictures from your PC as the advertisement pictures.

  • Page 230: 223

    Chapter 4 Configure the Network with Omada SDN Controller 4. (Optional) Configure access control rules including Pre-Authentication Access and Authentication- Free Policy if needed. Go to Settings > Authentication > Portal. On Access Control tab, click the checkbox to enable Pre-Authentication Access and Authentication-Free Policy. Pre-Authentication Click the checkbox to enable Pre-Authentication Access.
  • Page 231 Client A client, usually a computer, is connected to the authenticator via a physical port. We recommend that you install TP-Link 802.1X authentication client software on the client hosts, enabling them to request 802.1X authentication to access the LAN. ■...
  • Page 232 Chapter 4 Configure the Network with Omada SDN Controller Enable 802.1X Configure RADIUS Profile and Parameters Select the Ports Select a site from the drop-down list of Organization. Go to Settings > Authentication > 802.1X. Click to enable 802.1X. Enable 802.1X Configure RADIUS Profile and Parameters Select the Ports Select the RADIUS profile you have created.

  • Page 233: Mac-Based Authentication

    Chapter 4 Configure the Network with Omada SDN Controller Authentication Type Select the 802.1X authentication type. Port Based: After a client connected to the port gets authenticated successfully, other clients can access the network via the port without authentication. MAC Based: Clients connected to the port need to be authenticated individually. The RADIUS server distinguishes clients by their MAC addresses.
  • Page 234 Chapter 4 Configure the Network with Omada SDN Controller Note: Both MAC-Based Authentication and Portal authentication can authenticate wireless clients. If both are configured on a wireless network, a wireless client needs to pass MAC-Based Authentication first and then Portal authentication for internet access. You can enable MAC- Based Authentication Fallback to allow clients bypass MAC-Based Authentication, which means the client needs to pass either of the two authentication.

  • Page 235: Radius Profile

    Chapter 4 Configure the Network with Omada SDN Controller NAS ID Configure a Network Access Server Identifier (NAS ID) for the authentication. Authentication request packets from the controller to the RADIUS server carry the NAS ID. The RADIUS server can classify users into different groups based on the NAS ID, and then choose different policies for different groups.
  • Page 236 Chapter 4 Configure the Network with Omada SDN Controller Configuration 1. Select a site from the drop-down list of Organization. Go to Settings > Authentication > RADIUS Profile. Click to load the following page. 2. Enter the information of the RADIUS servers. Refer to the following table to configure the required parameters and click Save.
  • Page 237 Chapter 4 Configure the Network with Omada SDN Controller Interim Update Click the checkbox to enable Interim Update. By default, the RADIUS accounting process needs only start and stop messages to the RADIUS accounting server. With Interim Update enabled, Omada devices will periodically send an Interim Update (a RADIUS Accounting Request packet containing an “interim-update”...

  • Page 238: Services

    Chapter 4 Configure the Network with Omada SDN Controller 4. 10 Services Services provide convenient network services and facilitate network management. You can set fixed IP address for certain device in DHCP Reservation, configure servers or terminals in DDNS, SNMP, UPnP, and SSH, schedule the devices in Reboot Schedule, PoE Schedule and Upgrade Schedule, and export the information in Export Data, and more.

  • Page 239: Dynamic Dns

    Chapter 4 Configure the Network with Omada SDN Controller 4. 10. 2 Dynamic DNS Overview WAN IP Address of your gateway can change periodically because your ISP typically employs DHCP among other techniques. This is where Dynamic DNS comes in. Dynamic DNS assigns a fixed domain name to the WAN port of your gateway, which facilitates remote users to access your local network through WAN Port.
  • Page 240 Chapter 4 Configure the Network with Omada SDN Controller Prerequisite: Choose one Service Provider from the four that the controller supports, i.e. DynDNS, No-IP, Peanuthull, Comexe. Register at your Service Provider, then you get your Username and Password. Get your Domain Name from your Service Provider. How Dynamic DNS works: Gateway informs Service Provider...

  • Page 241: Mdns

    Chapter 4 Configure the Network with Omada SDN Controller Status Enable or disable the Dynamic DNS entry. Interface Select the WAN Port which the Dynamic DNS entry applies to. Username Enter your username for the service provider. If you haven’t registered at the service provider, click Go To Register.

  • Page 242: Snmp

    Chapter 4 Configure the Network with Omada SDN Controller 4. 10. 4 SNMP Overview SNMP (Simple Network Management Protocol) provides a convenient and flexible method for you to configure and monitor network devices. Once you set up SNMP for the devices, you can centrally manage them with an NMS (Network Management Station). The controller supports multiple SNMP versions including SNMPv1, SNMPv2c and SNMPv3.

  • Page 243: Upnp

    Chapter 4 Configure the Network with Omada SDN Controller 4. 10. 5 UPnP Overview UPnP (Universal Plug and Play) is essential for applications including multiplayer gaming, peer-to-peer connections, real-time communication (such as VoIP or telephone conference) and remote assistance, etc. With the help of UPnP, the traffic between the endpoints of these applications can freely pass the gateway, thus realizing seamless connections.

  • Page 244: Reboot Schedule

    Chapter 4 Configure the Network with Omada SDN Controller Configuration Select a site from the drop-down list of Organization. Go to Settings > Services > SSH. Enable SSH Login globally and configure the parameters. Then click Apply. SSH Server Port Specify the SSH Sever Port which your network devices use for SSH connections. You need to configure the SSH Server Port correspondingly on your SSH terminal.

  • Page 245: Poe Schedule

    Chapter 4 Configure the Network with Omada SDN Controller Name Enter the name to identify the Reboot Schedule entry. Status Enable or disable the Reboot Schedule entry. Occurrence Specify the date and time for the devices to reboot. Devices List Select the devices which the Reboot Schedule applies to. 2.

  • Page 246: Iptv

    Chapter 4 Configure the Network with Omada SDN Controller Time Range Select the Time Range when the PoE devices work. You can create a Time Range entry by clicking + Create New Time Range Entry from the drop down list of Time Range. For details, refer to Profiles. Devices List Select the PoE switches and PoE ports which the PoE Schedule applies to.
  • Page 247 Chapter 4 Configure the Network with Omada SDN Controller IGMP Proxy Enable IGMP Proxy. IGMP Proxy sends IGMP querier packets to the LAN ports to detect if there is any multicast member connected to the LAN ports. IGMP Version Select the IGMP version as V2 or V3. The default is IGMP V2. IGMP Interface Select the WAN port on which the IGMP Proxy takes effect.

  • Page 248: Upgrade Schedule

    Chapter 4 Configure the Network with Omada SDN Controller 4. 10. 10 Upgrade Schedule Overview Upgrade Schedule allows you to schedule the device upgrade as desired. You can set recurring upgrades or a one-time schedule. Configuration Select a site from the drop-down list of Organization. Go to Settings >...

  • Page 249: Export Data

    Chapter 4 Configure the Network with Omada SDN Controller All of the three options need an upstream DNS server that supports them. Configuration 1. Select a site from the drop-down list of Organization. Go to Settings > Services > Proxy. 2. Enable Proxy, configure the parameters, then save the settings. Proxy Type Specify a security option to apply.
  • Page 250 Chapter 4 Configure the Network with Omada SDN Controller 2. Go to Settings > Services > Export Data. Select the type of data from the export list and click Export. Export List Device List: Export the list of managed devices. Client List: Export the list of all clients that are connected to the networks. Insight-Rogue AP List: Export the list of the rogue APs scanned before.
  • Page 251 Chapter 4 Configure the Network with Omada SDN Controller Send Email If you want to send the exported data via email, enable Send Email and configure the parameters below: Report Name: Specify the report name of the email to send. Occurrence: Specify when to send the email. Send to: Specify the email addresses to send the exported data to.

  • Page 252: Cli Configuration

    Currently, CLI configuration only supports switches. Please refer to CLI Reference Guide understand the CLI commands of TP-Link switches. If you need to use CLI configuration, please read the precautions and User Guide carefully. You can contact TP-Link technical support if necessary.
  • Page 253 Chapter 4 Configure the Network with Omada SDN Controller 5. To avoid disconnection of devices from the Controller due to configuration errors or conflicts, it is recommended to configure VLAN, VLAN Interface, IP Address, ACL, etc. via GUI, and avoid modifying related configurations via CLI. Repeated Configurations When the same function is configured via CLI multiple times, the previous configuration may be overwritten, and the last configuration shall prevail.

  • Page 254: Site Cli

    Chapter 4 Configure the Network with Omada SDN Controller 4. 11. 1 Site CLI Overview Site CLI enables batch configurations of all devices that support CLI configuration on the site via command lines. Configuration 1. Go to Settings > CLI Configuration > Site CLI. 2. Click Create New Site CLI Profile and create a CLI profile according to your needs.

  • Page 255: Device Cli

    Chapter 4 Configure the Network with Omada SDN Controller 3. Click Save to add the profile. The new profile is in inactive state and will not be applied to devices. 4. Click Apply to apply the CLI. The profile will change to active state and apply configurations to all devices that support CLI configuration on the site.
  • Page 256 Chapter 4 Configure the Network with Omada SDN Controller Configuration 1. Go to Settings > CLI Configuration > Device CLI. Click Create New Device CLI Profile and create a CLI profile according to your needs. Note: • The # character is a special command, which indicates entering the configure mode. Please use it in a separate line. If you add other commands after it in the same line, they will be ignored.
  • Page 257 Chapter 4 Configure the Network with Omada SDN Controller 3. Click Save to add the profile. The new profile is in inactive state and will not be applied to devices. 4. Click Apply to apply the CLI. The profile will change to active state and apply configurations to the devices you selected.

  • Page 258: Configure The Omada Sdn Controller

    Configure the Omada SDN Controller Controller Settings control the appearance and behavior of the controller and provide methods of data backup, restore and migration: • 5. 1 Manage the Controller • 5. 2 Manage Your Controller Remotely via Cloud Access •...

  • Page 259: Manage The Controller

    Chapter 5 Configure the Omada SDN Controller 5. 1 Manage the Controller 5. 1. 1 General Settings Configuration Select Global from the drop-down list of Organization in the upper right corner. Go to Settings > Controller. In General Settings, configure the parameters and click Save. ■...
  • Page 260 Chapter 5 Configure the Omada SDN Controller Time Offset Select the time added in minutes when Daylight Saving Time starts. Starts On Specify the time when the DST starts. The clock will be set forward by the time offset you specify. Ends On Specify the time when the DST ends.The clock will be set back by the time offset you specify.

  • Page 261: Mail Server

    Chapter 5 Configure the Omada SDN Controller Time Offset Select the time added in minutes when Daylight Saving Time starts. Starts On Specify the time when the DST starts. The clock will be set forward by the time offset you specify. Ends On Specify the time when the DST ends.The clock will be set back by the time offset you specify.
  • Page 262 Chapter 5 Configure the Omada SDN Controller 2. Select Global from the drop-down list of Organization in the upper right corner. Go to Settings > Controller Settings. In Mail Server, enable SMTP Server and configure the parameters. Then click Save. SMTP Enter the URL or IP address of the SMTP server according to the instructions of the email service provider.

  • Page 263: History Data Retention

    Chapter 5 Configure the Omada SDN Controller Sender Address (Optional) Specify the sender address of the email. If you leave it blank, the controller uses your email address as the Sender Address. Test SMTP Server Test the Mail Server configuration by sending a test email to an email address that you specify.

  • Page 264: Customer Experience Improvement Program

    Customer Experience Improvement Program Configuration Click the checkbox if you agree to participate in the customer experience improvement program and help improve the quality and performance of TP-Link products by sending statistics and usage information. 5. 1. 5 HTTPS Certificate Overview If you have assigned a domain name to the controller for login, to eliminate the “untrusted certificate“...
  • Page 265 Chapter 5 Configure the Omada SDN Controller Configuration Select Global from the drop-down list of Organization in the upper right corner. Go to Settings > Controller Settings. In HTTPS Certificate, select your file format, import your SSL certificate and configure the parameters. Then click Save. File Format Select the format of your certificate, and import the certificate file.

  • Page 266: Access Config

    Chapter 5 Configure the Omada SDN Controller 5. 1. 6 Access Config Overview With Access Config, you can specify the port used by the controller for management and portal. Note: • Access Config is only available on Omada Software Controller and Omada Hardware Controller. •...
  • Page 267 Chapter 5 Configure the Omada SDN Controller Controller Hostname/IP Enter the hostname or IP address of the controller which will be used as the Controller URL in the notification email for resetting your controller password. You can keep it default and IP address recognized by the controller will be used as the Controller URL. Auto Refresh IP (Only for hardware controller) Enable the feature and the hardware controller will refresh its IP address automatically.

  • Page 268: Manage Your Controller Remotely Via Cloud Access

    Before you start, make sure your Omada Software Controller Host or Omada Hardware Controller has access to the internet. • If you have enabled cloud access and bound your TP-Link ID in the quick setup wizard, skip this step. 1 ) Select Global from the drop-down list of Organization in the upper right corner.
  • Page 269 Service. No additional preparation is needed. 2. Access your controller through Cloud Service Go to Omada Cloud and login with your TP-Link ID and password. A list of controllers that have been bound with your TP-Link ID will appear. Then click to manage the controller.

  • Page 270: Maintenance

    Chapter 5 Configure the Omada SDN Controller 5. 3 Maintenance 5. 3. 1 Controller Status Select Global from the drop-down list of Organization in the upper right corner. Go to Settings > Maintenance. In Controller Status, you can view the controller-related information and status. Controller Name Displays the controller name, which identifies the controller.
  • Page 271 Chapter 5 Configure the Omada SDN Controller Configuration Select Global from the drop-down list of Organization in the upper right corner. Go to Settings > Maintenance. In User Interface, configure the parameters and click Apply. Language Select the language to display the user interface. Use 24-Hour Time With Use 24-Hour Time enabled, time is displayed in a 24-hour format.

  • Page 272: Backup & Restore

    Chapter 5 Configure the Omada SDN Controller Show Pending Devices With this option enabled, the devices in Pending status will be shown, and you can determine whether to adopt them. With this option disabled, they will not be shown, thus you cannot adopt any new devices. Refresh Button Enable or disable Refresh Button in the upper right corner of the configuration page.
  • Page 273 Chapter 5 Configure the Omada SDN Controller If you want to export the data to a file server, configure the parameters accordingly and click Export. Retained Data Backup Select the time range in the drop-down menu of Retained Data Backup. Only configuration and data within the time range is backed up. If you select Settings Only, only configuration (no data) is backed up.
  • Page 274 Chapter 5 Configure the Omada SDN Controller ■ Restore Go to Settings > Maintenance > Backup & Restore > Restore. In Backup & Restore section, Click Browse and select a backup file from your computer or file server. Click Restore. Import Select where you store the restore file. Import from Local File: Import the data locally.

  • Page 275: Migration

    Chapter 5 Configure the Omada SDN Controller 5. 4 Migration Migration services allow users to migrate the configurations and data to any other controller. Migration services include 5. 4. 1 Site Migration 5. 4. 2 Controller Migration, covering all the needs to migrate both a single site and the whole controller. 5.
  • Page 276 Chapter 5 Configure the Omada SDN Controller Export Site Migrate Site Migrate Devices 1. Select Global from the drop-down list of Organization in the upper right corner. Go to Settings > Migration. On the Site Migration tab, click start button on the following page. 2.
  • Page 277 Chapter 5 Configure the Omada SDN Controller Export Site Migrate Site Migrate Devices 1. Start and log in to the target controller, click the top right corner of the screen and select , and then the following window will pop up. Note that for controller v 4.3.0 and above, only the file from the controller with the same major and minor version number can be imported.
  • Page 278 Chapter 5 Configure the Omada SDN Controller Export Site Migrate Site Migrate Devices 1. Enter the IP address or URL of your target controller into Controller IP/Inform URL input filed. In this case, the IP address of the target controller is 10.0.3.23. Note: Make sure that you enter the correct IP address or URL of the target controller to establish the communication between Omada managed devices and your target controller.
  • Page 279 Chapter 5 Configure the Omada SDN Controller 2. Select the devices that are to be migrated by clicking the box next to each device. By default, all the devices are selected. Click Migrate Devices to migrate the selected devices to the target controller.

  • Page 280: Controller Migration

    Chapter 5 Configure the Omada SDN Controller 3. Verify that all the migrated devices are visible and connected on the target controller. When all the migrated devices are in Connected status on the Device page on the target controller, click Forget Devices to finish the migration process. 4.
  • Page 281 Chapter 5 Configure the Omada SDN Controller The process of migrating configurations and data from the current controller to another controller can be summarized in three steps: Export Controller, Migrate Controller and Migrate Devices. Controller Migration Controller B Controller A Export Controller Migrate Controller Migrate Devices Export the configurations and Import the configurations and data...
  • Page 282 Chapter 5 Configure the Omada SDN Controller Export Controller Migrate Controller Migrate Devices 1. Select Global from the drop-down list of Organization in the upper right corner. Go to Settings > Migration. On the Controller Migration tab, click start button on the following page.
  • Page 283 Chapter 5 Configure the Omada SDN Controller 2. Select the length of time in days that data will be backed up in the Retained Data Backup, and where you want to export and save the data. Click Export to export the configurations and data of your current controller as a backup file.
  • Page 284 Chapter 5 Configure the Omada SDN Controller Export Controller Migrate Controller Migrate Devices 1. Log in to the target controller. Select Global from the drop-down list of Organization in the upper right corner. Go to Settings > Maintenance > Backup & Restore. Click Browse to locate and choose the backup file of the previous controller.
  • Page 285 Chapter 5 Configure the Omada SDN Controller Export Controller Migrate Controller Migrate Devices 1. Enter the IP address or URL of your target controller into Controller IP/Inform URL input filed. In this case, the IP address of the target controller is 10.0.3.23. Note: Make sure that you enter the correct IP address or URL of the target controller to establish the communication between Omada managed devices and your target controller.
  • Page 286 Chapter 5 Configure the Omada SDN Controller 3. Verify that all the migrated devices are visible and connected on the target controller. When all the migrated devices are in Connected status on the Device page on the target controller, click Forget Devices to finish the migration process. When the migration process is completed, all the configuration and data are migrated to the target controller.

  • Page 287: Auto Backup

    Chapter 5 Configure the Omada SDN Controller 5. 5 Auto Backup Overview With Auto Backup enabled, the controller will be scheduled to back up the configurations and data automatically at the specified time. You can easily restore the configurations and data when needed. Note: •...
  • Page 288 Chapter 5 Configure the Omada SDN Controller Occurrence Specify when to perform Auto Backup regularly. Select Every Day, Week, Month, or Year first and then set a time to back up files. Note the time availability when you choose Every Month. For example, if you choose to automatically backup the data on the 31st of every month, Auto Backup will not take effect when it comes to the month with no 31st, such as February, April, and June.
  • Page 289 Chapter 5 Configure the Omada SDN Controller Note: • If the backup file is saved to file server and the type SCP / TFTP is selected, it will not included in the Backup Files List, and it cannot be exported, restored, or deleted. • To back up data manually and restore the data to the controller, refer to 5.

  • Page 290: Configure And Monitor Omada Managed Devices

    Configure and Monitor Omada Managed Devices This chapter guides you on how to configure and monitor Omada managed devices, including gateways, switches and EAPs. You can configure the devices individually or in batches to modify the configurations of certain devices. The chapter includes the following sections: •...

  • Page 291: Introduction To The Devices Page

    6. 1 Introduction to the Devices Page Overview The Devices page displays all TP-Link devices discovered by the controller and their general information. For an easy monitoring of the devices, you can customize the column and filter the devices for a better overview of device information.
  • Page 292 Chapter 6 Configure and Monitor Omada Managed Devices A transition status between Connected and Disconnected. Once connected to the controller, the device will send inform packets to the controller in a regular interval to maintain the connection. If the controller does not receive its inform packets in 30 seconds, the device will turn into the Heartbeat Missed status. For a heartbeat-missed device, if the controller receives an inform packet from the device in 5 minutes, its status will become Connected again;...
  • Page 293 Chapter 6 Configure and Monitor Omada Managed Devices To filter the devices, a tab bar is above the table to filter the devices by device type. You can also filter the devices by their status by clicking in the Status colum. If you select the tab, another tab bar will be available to change the column quickly.
  • Page 294 Chapter 6 Configure and Monitor Omada Managed Devices Missed/Isolated status, while Batch Adopt is available for the devices in the Pending/Managed By Others status. Click Batch Action. select Batch Adopt, click the checkboxes of devices, and click Done. If the selected devices are all in the Pending status, the controller will adopt then with the default username and password.

  • Page 295: Configure And Monitor The Gateway

    Chapter 6 Configure and Monitor Omada Managed Devices 6. 2 Configure and Monitor the Gateway In the Properties window, you can configure the gateway managed by the controller and monitor the performance and statistics. By default, all configurations are synchronized with the current site. To open the Properties window, click the entry of a router. A monitor panel and several tabs are listed in the Properties window.
  • Page 296 Chapter 6 Configure and Monitor Omada Managed Devices ■ Ports In Ports, you can view the status and edit settings of the ports. To configure a port, click in the table.
  • Page 297 Chapter 6 Configure and Monitor Omada Managed Devices Link Speed Select the speed mode for the port. Auto: The port negotiates the speed and duplex automatically. Manual: Specify the speed and duplex from the drop-down list manually. Mirroring Mirroring is used to analyze network traffic and troubleshoot network problems. Enable this option to set the edited port as the mirroring port, then specify one or multiple mirrored ports.
  • Page 298 Chapter 6 Configure and Monitor Omada Managed Devices ■ General In General, you can specify the device name and LED settings of the router. Name Specify a name of the device. Select the way that device’s LEDs work. Use Site Settings: The device’s LED will work following the settings of the site. To view and modify the site settings, refer to 4.
  • Page 299 Chapter 6 Configure and Monitor Omada Managed Devices ■ Services In Services, you can configure SNMP to write down the location and contact detail. You can also click Manage to jump to Settings > Services > SNMP, and for detailed configuration of SNMP service, refer to 4.
  • Page 300 Chapter 6 Configure and Monitor Omada Managed Devices ■ Manage Device In Manage Device, you can upgrade the device’s firmware version manually, move it to another site, synchronize the configurations with the controller, and forget the router. Custom Upgrade Click Browse and choose a file from your computer to upgrade the device. When upgrading, the device will be reboot and readopted by the controller.

  • Page 301: Monitor The Gateway

    Chapter 6 Configure and Monitor Omada Managed Devices ■ Common Settings In Common Settings, you can click the path to jump to corresponding modules quickly. 6. 2. 2 Monitor the Gateway One panel and three tabs are provided to monitor the device in the Properties window: Monitor Panel, Details, Networks, and Statistics.
  • Page 302 Chapter 6 Configure and Monitor Omada Managed Devices Monitor Panel The monitor panel displays the router’s ports, and it uses colors and icons to indicate different connection status and port types. When the router is pending or disconnected, all ports are disabled. You can hover the cursor over the port icon for more details. Details In Details, you can view the basic information of the router and statistics of WAN ports to know the device’s running status briefly.
  • Page 303 Chapter 6 Configure and Monitor Omada Managed Devices ■ SFP WAN/WAN/USB Modem In SFP WAN/WAN/USB Modem, you can view the basic information and statistics of the WAN port, such as the IP address, speed, duplex, and upload and download traffic. You can also click Connect or Disconnect to manually turn on/off the internet.
  • Page 304 Chapter 6 Configure and Monitor Omada Managed Devices Statistics In Statistics, you can monitor the CPU and memory of the device in last 24 hours via charts. To view statistics of the device in a certain period, click the chart to jump to 8. 2 View the Statistics of the Network.

  • Page 305: Configure And Monitor Switches

    Chapter 6 Configure and Monitor Omada Managed Devices 6. 3 Configure and Monitor Switches In the Properties window, you can configure one or some switches connected to the controller and monitor the performance and statistics. Configurations changed in the Properties window will be applied only to the selected switch(es). By default, all configurations are synchronized with the current site.
  • Page 306 Chapter 6 Configure and Monitor Omada Managed Devices ■ Port In Port, you can view and configure all ports’ names and applied profiles. Status Displays the port status in different colors. : The port profile is Disabled. To enable it, click to change the profile. : The port is enabled, but no device or client is connected to it.
  • Page 307 Chapter 6 Configure and Monitor Omada Managed Devices To configure a single port, click in the table. To configure ports in batches, click the checkboxes and then click Edit Selected. Then you can configure the port name and profile. By default, all settings are Keep Existing for batch configuration. Name Enter the port name.
  • Page 308 Chapter 6 Configure and Monitor Omada Managed Devices • Override the Applied Profile If you select Switching for Operation, configure the following parameters and click Apply override the applied profile. To discard the modifications, click Remove Overrides and all profile configurations will become the same as the applied profile.
  • Page 309 Chapter 6 Configure and Monitor Omada Managed Devices...
  • Page 310 Chapter 6 Configure and Monitor Omada Managed Devices PoE Mode (Only for PoE ports) Select the PoE (Power over Ethernet) mode for the port. Off: Disable PoE function on the PoE port. 802.3at/af: Enable PoE function on the PoE port. 802.1X Control Select 802.1X Control mode for the ports. To configure the 802.1X authentication globally, go to Settings >...
  • Page 311 Chapter 6 Configure and Monitor Omada Managed Devices LLDP-MED Click the checkbox to enable LLDP-MED (Link Layer Discovery Protocol-Media Endpoint Discovery) for device discovery and auto-configuration of VoIP (Voice over Internet Protocol) devices. Bandwidth Control Select the type of Bandwidth Control functions to control the traffic rate and specify traffic threshold on each port to make good use of network bandwidth.
  • Page 312 Chapter 6 Configure and Monitor Omada Managed Devices Circuit ID (Optional) Enter the customized circuit ID. The circuit ID configurations of the switch and the DHCP server should be compatible with each other. If it is not specified, the switch will use the default circuit ID when inserting Option 82 to DHCP packets.
  • Page 313 Chapter 6 Configure and Monitor Omada Managed Devices Note that the mirroring ports and the member ports of LAG cannot be selected as mirrored ports. PoE Mode (Only for PoE ports) Select the PoE mode for the port. Off: Disable PoE on the PoE port. 802.3at/af: Enable PoE on the PoE port.
  • Page 314 Chapter 6 Configure and Monitor Omada Managed Devices Bandwidth Control Bandwidth control optimizes network performance by limiting the bandwidth of specific sources. Off: Disable bandwidth control on the port. Rate Limit: Enable bandwidth control on the port, and you need to specify the ingress and/or egress rate limit. Ingress Rate Limit With Rate Limit...
  • Page 315 Chapter 6 Configure and Monitor Omada Managed Devices profile configurations become the same as the applied profile. For other parameters, configure them under the LAG tab. LAG ID Specify the LAG ID of the LAG. Note that the LAG ID should be unique. The valid value of the LAG ID is determined by the maximum number of LAGs supported by your switch.
  • Page 316 Chapter 6 Configure and Monitor Omada Managed Devices ■ LAGs (Link Aggregation Groups) are logical interfaces aggregated, which can increase link bandwidth and enhance the connection reliability. You can view and edit the LAGs under the LAG tab. To configure physical ports as a LAG, refer to Configure a LAG.
  • Page 317 Chapter 6 Configure and Monitor Omada Managed Devices Click to configure the LAG name and the applied profile. Name Enter the port name. Profile Select the profile applied to the port from the drop-down list. Click Manage Profiles jump to view and manage profiles. For details, refer to 4.
  • Page 318 Chapter 6 Configure and Monitor Omada Managed Devices With Profile Overrides enabled, you can reselect the LAG members and configure the following parameters. Link Speed Select the speed mode for the port. Auto: The port negotiates the speed and duplex automatically. Manual: Specify the speed and duplex from the drop-down list manually. Port Isolation Click the checkbox to enable Port Isolation.
  • Page 319 Chapter 6 Configure and Monitor Omada Managed Devices Loopback Control Loopback refers to the routing of data streams back to their source in the network. You can disable loopback control for the network or choose a method to prevent loopback happening in your network. Off: Disable loopback control on the port. Loopback Detection Port Based: Loopback Detection Port Based helps detect loops that occur on a specific port.
  • Page 320 Chapter 6 Configure and Monitor Omada Managed Devices Action With Storm Control selected, select the action that the switch will take when the traffic exceeds its corresponding limit. Drop: With Drop selected, the port will drop the subsequent frames when the traffic exceeds the limit. Shutdown: With Shutdown selected, the port will be shutdown when the traffic exceeds the limit.
  • Page 321 Chapter 6 Configure and Monitor Omada Managed Devices Select the way that device’s LEDs work. Use Site Settings: The device’s LED will work following the settings of the site. To view and modify the site settings, refer to 4. 2. 2 Services. On/Off: The device’s LED will keep on/off. Device Tags Select a tag from the drop-down list or create a new tag to categorize the device.
  • Page 322 Chapter 6 Configure and Monitor Omada Managed Devices ■ VLAN Interface In VLAN Interface, you can configure Management VLAN and different VLAN interface for the switch. The general information of the existing VLAN interface are displayed in the table.
  • Page 323 Chapter 6 Configure and Monitor Omada Managed Devices To configure a single VLAN interface, hover the mouse on the entry and click to edit the settings.
  • Page 324 Chapter 6 Configure and Monitor Omada Managed Devices Management VLAN Click the checkbox if you want to use the VLAN interface as Management VLAN. Note that the controller will fail to manage your devices with wrong Management VLAN configurations. If you are not sure about your network conditions and the potential impact of any configurations, we recommend that you keep the default configurations.
  • Page 325 Chapter 6 Configure and Monitor Omada Managed Devices ■ Static Route In Static Route, you can configure entries of static route for the switch. The general information of the existing static route entries are displayed in the table. For an existing static route, click to edit the settings, and click to delete it.
  • Page 326 Chapter 6 Configure and Monitor Omada Managed Devices Distance Specify the priority of a static route. It is used to decide the priority among routes to the same destination. Among routes to the same destination, the route with the lowest distance value will be recorded into the routing table. ■...
  • Page 327 Chapter 6 Configure and Monitor Omada Managed Devices Management VLAN Display the name of the current Management VLAN. To configure the Management VLAN, please go to Config > VLAN Interface. Note that the controller will fail to manage your devices with wrong Management VLAN configurations. If you are not sure about your network conditions and the potential impact of any configurations, we recommend that you keep the default configurations.
  • Page 328 Chapter 6 Configure and Monitor Omada Managed Devices address to hold an IP address in reserve for the situation in which the device fails to get a dynamic IP address. Enable Fallback IP and then set the IP address, IP mask and gateway.
  • Page 329 Chapter 6 Configure and Monitor Omada Managed Devices If you select Static as the mode, set the IP address, IP mask, gateway, and DNS server for the static address.
  • Page 330 Chapter 6 Configure and Monitor Omada Managed Devices ■ Manage Device In Manage Device, you can upgrade the device’s firmware version manually, move it to another site, synchronize the configurations with the controller and forget the switch. Custom Upgrade Click Browse and choose a file from your computer to upgrade the device. When upgrading, the device will be reboot and readopted by the controller.

  • Page 331: Monitor Switches

    Chapter 6 Configure and Monitor Omada Managed Devices Force Provision (Only for configuring a single device) Click Force Provision to synchronize the configurations of the device with the controller. The device will lose connection temporarily, and be adopted to the controller again to get the configurations from the controller.
  • Page 332 Chapter 6 Configure and Monitor Omada Managed Devices You can hover the cursor over the port icon (except disabled ports) for more details. The displayed information varies due to connection status and port type. Status Displays the negotiation speed of the port. Tx Bytes Displays the amount of data transmitted as bytes. Rx Bytes Displays the amount of data received as bytes.
  • Page 333 Chapter 6 Configure and Monitor Omada Managed Devices ■ Overview In Overview, you can view the basic information of the device. The listed information will be varied due to the device’s model and status. ■ Uplink (Only for the switch connected to an Omada-managed router/switch in Connected status) Click Uplink to view the uplink information, including the uplink port, the uplink device, the negotiation...
  • Page 334 Chapter 6 Configure and Monitor Omada Managed Devices ■ Downlink (Only for the switch connected to Omada-managed devices in Connected status) Click Downlink to view the downlink information, including the downlink ports, devices name and model as well as negotiation speed. Clients In Clients, you can view the information of clients connected to the switch, including the client name, IP address and the connected port.
  • Page 335 Chapter 6 Configure and Monitor Omada Managed Devices Statistics In Statistics, you can monitor the CPU and memory of the device in last 24 hours via charts. To view statistics of the device in certain period, click the chart to jump to 8. 2 View the Statistics of the Network.

  • Page 336: Configure And Monitor Eaps

    Chapter 6 Configure and Monitor Omada Managed Devices 6. 4 Configure and Monitor EAPs In the Properties window, you can configure one or some EAPs connected to the controller and monitor the performance and statistics. Configurations changed in the Properties window will be applied only to the selected AP(s).
  • Page 337 Chapter 6 Configure and Monitor Omada Managed Devices ■ General In General, you can specify the device name and LED settings of the AP, and categorize it via device tags. Name (Only for configuring a single device) Specify a name of the device. Select the way that device’s LEDs work. Use Site Settings: The device’s LED will work following the settings of the site.
  • Page 338 Chapter 6 Configure and Monitor Omada Managed Devices the situation in which the device fails to get a dynamic IP address. Enable Fallback IP and then set the IP address, IP mask and gateway.
  • Page 339 Chapter 6 Configure and Monitor Omada Managed Devices If you select Static as the mode, set the IP address, IP mask, gateway, and DNS server for the static address.
  • Page 340 Chapter 6 Configure and Monitor Omada Managed Devices ■ Radios In Radios, you can control how and what type of radio signals the EAP emits. Select each frequency band and configure the parameters. Different models support different bands. Note: The 6 GHz band is only available for certain devices. Status If you disable the frequency band, the radio on it will turn off.
  • Page 341 Chapter 6 Configure and Monitor Omada Managed Devices ■ WLANs In WLANs, you can apply the WLAN group to the EAP and specify a different SSID name and password to override the SSID in the WLAN group. After that, clients can only see the new SSID and use the new password to access the network.
  • Page 342 Chapter 6 Configure and Monitor Omada Managed Devices (Only for configuring a single device) To override the SSID, select a WLAN group, click in the entry and then the following page appears. SSID Override Enable or disable SSID Override on the EAP. If SSID Override enabled, specify the new SSID and password to override the current one.
  • Page 343 Chapter 6 Configure and Monitor Omada Managed Devices ■ Services In Services, you can enable Management VLAN to protect your network and configure SNMP and web server parameters. Management VLAN To configure Management VLAN, create a network in first, and then select it as the management VLAN on this page.
  • Page 344 Chapter 6 Configure and Monitor Omada Managed Devices Layer-3 Accessibility With this feature enabled, devices from a different subnet can access Omada managed devices. LLDP LLDP (Link Layer Discovery Protocol) can help discover devices. ■ Smart Antenna In Smart Antenna, you can turn on the function to improve Wi-Fi performance for user-heavy scenarios through antenna array and intelligent algorithm.
  • Page 345 Chapter 6 Configure and Monitor Omada Managed Devices Select each frequency band and configure the following parameters and features.
  • Page 346 Chapter 6 Configure and Monitor Omada Managed Devices Max Associated Clients Enable this function and specify the maximum number of connected clients. If the connected client reaches the maximum number, the EAP will disconnect those with weaker signals to make room for other clients requesting connections. RSSI Threshold Enable this function and enter the threshold of RSSI (Received Signal Strength Indication).
  • Page 347 Chapter 6 Configure and Monitor Omada Managed Devices ■ Manage Device In Manage Device, you can upgrade the device’s firmware version manually, move it to another site, synchronize the configurations with the controller and forget the AP. Custom Upgrade Click Browse and choose a file from your computer to upgrade the device. When upgrading, the device will be reboot and readopted by the controller.

  • Page 348: Monitor Eaps

    Chapter 6 Configure and Monitor Omada Managed Devices Force Provision (Only for configuring a single device) Click Force Provision to synchronize the configurations of the device with the controller. The device will lose connection temporarily, and be adopted to the controller again to get the configurations from the controller.
  • Page 349 Chapter 6 Configure and Monitor Omada Managed Devices You can hover the cursor over the channel bar for more details. Ch.Util.(Busy/Rx/Tx) Displays channel utilization statistics. Busy: Displays the sum of Tx, Rx, and also non-WiFi interference, which indicates how busy the channel is. Rx: Indicates how often the radio is in active receive mode. Tx: Indicates how often the radio is in active transmit mode.
  • Page 350 Chapter 6 Configure and Monitor Omada Managed Devices ■ Overview In Overview, you can view the basic information of the device. The listed information varies due to the device’s status. ■ LAN (Only for devices in the Connected status) Click to view the traffic information of the LAN port, including the total number of packets, the total size of data, the total number of packets loss, and the total size of error data in the process of receiving and transmitting data.
  • Page 351 Chapter 6 Configure and Monitor Omada Managed Devices ■ Uplink (Wireless) (Only for devices in the Connected status) Click Uplink (Wireless) to view the traffic information related to the uplink AP, including the signal strength, transmission rate, ratio of packets number and size, and dynamic downstream rate.
  • Page 352 Chapter 6 Configure and Monitor Omada Managed Devices ■ Radios (Only for devices in the Connected status) Click Radio to view the radio information including the frequency band, the wireless mode, the channel width, the channel, and the transmitting power. You can also view parameters of receiving/ transmitting data on each radio band.
  • Page 353 Chapter 6 Configure and Monitor Omada Managed Devices Network disabled, while Guests are clients connected to that with Guest Network enabled. You can click the client name to open its Properties window. Click History to view the client history. In the History page, you can specify the date or time period to view the clients connected during specific time, and click Export to download the list...
  • Page 354 Chapter 6 Configure and Monitor Omada Managed Devices To understand how mesh can be used, the following terms used in Omada Controller will be introduced: Root AP The AP is managed by Omada Controller with a wired data connection that can be configured to relay data to and from mesh APs (downlink AP). Isolated AP When the EAP which has been managed by Omada Controller before connects to the network wirelessly and cannot reach the gateway, it goes into the Isolated state.
  • Page 355 Chapter 6 Configure and Monitor Omada Managed Devices 1. Go to Settings > Site to make sure Mesh is enabled. 2. Go to Devices to make sure that the Root AP has been adopted by the controller. The status of the Root AP is Connected. 3.
  • Page 356 Chapter 6 Configure and Monitor Omada Managed Devices After adoption begins, the status of Pending (Wireless) EAP will become Adopting (Wireless) and then Connected (Wireless). It should take roughly 2 minutes to show up Connected (Wireless) with the icon within your controller. 2) For the EAP that has been managed by Omada Controller before and cannot reach the gateway, it goes into Isolated status when it is discovered by controller again.
  • Page 357 Chapter 6 Configure and Monitor Omada Managed Devices If the selected AP is a downlink AP, this page lists all available uplink APs and their channel, signal strength, hop, and the number of downlink APs. You can click Rescan to search the available uplink APs and refresh the list, and click Link to connect the uplink AP and build up a mesh network.
  • Page 358 Chapter 6 Configure and Monitor Omada Managed Devices Select each frequency band to view and analyze the scan results. Each colored bar graph displays the information about channel utilization and interference on a channel. The filling area of the bar represents the channel utilization. And the larger filling area means the higher utilization, which indicates the channel is busier in transmitting data.
  • Page 359 Chapter 6 Configure and Monitor Omada Managed Devices You can hover the cursor over a channel option for more details. Radio Displays the radio that the AP uses. Channel Width Displays the width of the channel. Used Channels Displays the channels in use. Frequency Range Displays the range of frequencies.
  • Page 360 Chapter 6 Configure and Monitor Omada Managed Devices Statistics In Statistics, you can monitor the utilization of the device in last 24 hours via charts, including CPU/ Memory Monitor, Channel Utilization, Dropped Packets, and Retried Packets. To view statistics of the device in certain period, click the chart to jump to 8.

  • Page 361: Monitor And Manage The Clients

    Monitor and Manage the Clients This chapter guides you on how to monitor and manage the clients through the Clients page using the clients table and the properties window and the Hotspot Manager system. To view clients that have connected to the network in the past, refer to View the Statistics During the Specified Period with Insight.

  • Page 362: Manage Wired And Wireless Clients In Clients Page

    Chapter 7 Monitor and Manage the Clients 7. 1 Manage Wired and Wireless Clients in Clients Page 7. 1. 1 Introduction to Clients Page The Clients page offers a straight-forward way to manage and monitor clients. It displays all connected wired and wireless clients in the chosen site and their general information.
  • Page 363 Chapter 7 Monitor and Manage the Clients ■ Filter the Clients To search specific client(s), use the search box above the table. To filter the clients by their connection type, use the tab bars above the table. For wireless clients, you can further filter them by the frequency band and the type of connected wireless network.

  • Page 364: Using The Properties Window To Monitor And Manage The Clients

    Chapter 7 Monitor and Manage the Clients 7. 1. 3 Using the Properties Window to Monitor and Manage the Clients In Properties window, you can view more detailed information about the connected client(s) and manage them. To open the Properties window, click the entry of a single client, or click the icon to select multiple clients for batch configuration.
  • Page 365 Chapter 7 Monitor and Manage the Clients Under the History tab, you can view the connection history of the client.
  • Page 366 Chapter 7 Monitor and Manage the Clients ■ Manage a Single Client In Config, you can configure the following parameters: Name Specify the client’s name to better identify different clients, and the name is used as the client’s username in the table on the Clients page. Rate Limit Select an existing rate limit profile, create a new rate limit profile or customize the rate limit for the client.
  • Page 367 Chapter 7 Monitor and Manage the Clients Use Fixed IP Address Click the checkbox to configure a fixed IP address for the client. With this function enabled, select a network and specify an IP address for the client. To view and configure networks, refer to 4.
  • Page 368 Chapter 7 Monitor and Manage the Clients IP Setting Keeping Existing: The IP setting of the chosen clients remains their current settings. DHCP: The IP addresses of the clients is automatically assigned by the DHCP server, such as the Layer 3 switch and the gateway. Use Fixed IP Address: Select a network and assign fixed IP addresses to the chosen clients manually.

  • Page 369: Manage Client Authentication In Hotspot Manager

    Chapter 7 Monitor and Manage the Clients 7. 2 Manage Client Authentication in Hotspot Manager Hotspot Manager is a portal management system for centrally monitoring and managing the clients authorized by portal authentication. The following four tabs are provided in the system for a easy and direct management.

  • Page 370: Authorized Clients

    Chapter 7 Monitor and Manage the Clients 7. 2. 2 Authorized Clients The Authorized Clients tab is used to view and manage the clients authorized by portal system, including the expired clients and the clients within the valid period. To open the list of Authorized Clients, click Hotspot Manager from the drop-down list of Organization...
  • Page 371 Chapter 7 Monitor and Manage the Clients 2. Click +Create Vouchers on the lower-left, and the following window pops up. Configure the following parameters and click Save. Portal Select the portal for which the vouchers will take effect. Code Length Specify the length of the code(s) from 6 to 10 digits.
  • Page 372 Chapter 7 Monitor and Manage the Clients Duration Select the valid period for the voucher code(s). Rate Limit Select an existing rate limit profile, create a new rate limit profile or customize the rate limit for the voucher codes. Custom: Specify the download/upload rate limit based on needs. Download/Upload Limit Click the checkbox and specify the rate limit for download/upload for wireless clients using the voucher code(s).

  • Page 373: Local Users

    Chapter 7 Monitor and Manage the Clients 4. Print the vouchers. Click to print a single voucher, or click checkboxes of vouchers and click Print Selected Vouchers to print the selected vouchers. And you can click Print All Unused Vouchers to print all unused vouchers.
  • Page 374 Chapter 7 Monitor and Manage the Clients 1. Click Hotspot Manager from the drop-down list of Organization and click Local Users in the pop-up page. 2. Create Local User accounts through two different ways. ■ Create Local User accounts Click +Create User on the lower-left, and the following window pops up.
  • Page 375 Chapter 7 Monitor and Manage the Clients Status When the status is enabled, it means the user account is valid. You can disabled the user account, and enable it later when needed. Authentication Timeout Specify the authentication timeout for local users. After timeout, the users need to log in again on the authentication page to access the network.
  • Page 376 Chapter 7 Monitor and Manage the Clients ■ Create Local User accounts from files. Click on the upper-right, and the following window pops up. Select a file in the format of CVS or Excel, and click Import. To see required parameters and corresponding explanation, refer Create Local User accounts.

  • Page 377: Form Auth Data

    Chapter 7 Monitor and Manage the Clients 7. 2. 5 Form Auth Data The Form Auth Data tab is used to create and manage surveys. You can customize your survey contents and publish it to collect data. Create Surveys To create surveys, follow the steps below. 1.

  • Page 378: Operators

    Chapter 7 Monitor and Manage the Clients 7. 2. 6 Operators The Operators tab is used to manage and create operator accounts that can only be used to remotely log in to the Hotspot Manager system and manage vouchers and local users for specified sites. The operators have no privileges to create operator accounts, which offers convenience and ensures security for client authentication.
  • Page 379 Chapter 7 Monitor and Manage the Clients Click to edit the parameters for the operator account. Click to delete the operator account. 5. Then you can use an operator account to log in to the Hotspot Manager system: ■ For software controller Visit the URL https://Omada Controller Host’s IP Address:8043/ControllerID/login/#hotspot (for example: https://192.168.0.174:8043/4d4ede7983bb983545d017c628feaa3d/login/#hotspot), and use the operator account to enter the hotspot manager system.

  • Page 380: Monitor The Network

    Monitor the Network This chapter guides you on how to monitor the network devices, clients, and their statistics. Through visual and real-time presentations, Omada SDN Controller keeps you informed about the accurate status of the managed network. This chapter includes the following sections: •...

  • Page 381: View The Status Of Network With Dashboard

    Chapter 8 Monitor the Network 8. 1 View the Status of Network with Dashboard 8. 1. 1 Page Layout of Dashboard Dashboard is designed for a quick real-time monitor of the site network. An overview of network topology is at the top of Dashboard, and the below is a tab bar followed with customized widgets. Topology Overview Topology Overview on the top shows the status of ISP Load and numbers of devices, clients and guests.
  • Page 382 Chapter 8 Monitor the Network You can hover the cursor over the gateway, switch, AP, client or guest icons to check their status. For detailed information, click the icon here to jump to the Devices Clients section. Tab Bar You can customize the widgets displayed on the tab for Dashboard page. Three tabs are created by default and cannot be deleted.

  • Page 383: Explanation Of Widgets

    Chapter 8 Monitor the Network 8. 1. 2 Explanation of Widgets The widgets are divided into three categories: System, Network and Client. You can click the icon to add or remove the widgets. System Controller Overview Network Alerts, ISP Load, VPNs, Most Active EAPs, Most Active Switches,Wi-Fi Traffic Distribution, Wi-Fi Summary, Switching Summary, Traffic Distribution, Client Distribution, Traffic Activities, Retried Rate/Dropped Rate, Top Devices Usage, PoE Utilization, Top Interference...
  • Page 384 Chapter 8 Monitor the Network specify events appeared in Alerts, go to > Notifications and configure the events as the Alert level. For details, refer to 8. 6 View and Manage Logs. ■ ISP Load ISP Load use a line chart to display the throughput and latency of gateway’s WAN port within the time range.
  • Page 385 Chapter 8 Monitor the Network ■ VPNs VPNs displays the information of VPN servers and VPN clients. Click the corresponding tab to display the statistics. Name Displays the name of VPN server/client. Status Displays the connection status of VPN server/client. Tunnels Displays the number of VPN tunnels for the VPN server.
  • Page 386 Chapter 8 Monitor the Network configurations and monitoring. For details, refer to 6 Configure and Monitor Omada Managed Devices. ■ Wi-Fi Traffic Distribution The Wi-Fi Traffic Distribution widget displays channel distribution of all connected EAPs in the site. Good, Fair, and Poor are used to describe channel status which indicates channel interference from low to high.
  • Page 387 Chapter 8 Monitor the Network ■ Switching Summary The Switching Summary widget summarizes the real-time status of switches in the site, including the number of connected switches and clients, the port utilization, and the total amount of traffic within the time range. ■...
  • Page 388 Chapter 8 Monitor the Network device category the clients connected to, the middle is by the device name, and the outer is by the frequency band. You can hover the cursor over the slice to view specific values. ■ Traffic Activities The Traffic Activities widget displays the Tx and Rx data of EAPs and switches within the time range.
  • Page 389 Chapter 8 Monitor the Network ■ Retried Rate/Dropped Rate The Retried Rate/Dropped Rate widget displays the rate of retried and dropped packets of the connected EAPs within the time range. Select an AP from the list and click the tab to display the chart of retried rate or dropped rate.
  • Page 390 Chapter 8 Monitor the Network view specific values. The bar below displays the current power capacity provided by PoE and its proportion of the PoE budget. ■ Top Interference The Top Interference widget displays the environment interference of wireless products. Click the tab to select the 2.4 GHz band or 5 GHz band.
  • Page 391 Chapter 8 Monitor the Network To view all the clients connected to the network, click See All to jump to the Clients section. You can also click the traffic number in the widget to open the client’s Properties window for further configurations and monitoring.
  • Page 392 Chapter 8 Monitor the Network connect to the two bands. You can hover the cursor over the slice to view the number of clients in 2.4 GHz or 5 GHz band. ■ Clients Association Activities The Clients Association Activities widget displays how the number of client connected to EAPs changes over time and the duration during which the clients communicate with the EAPs.
  • Page 393 Chapter 8 Monitor the Network Blue represents the newly connected clients, orange is the clients have been connected in the last period, and gray is the newly disconnected clients. ■ Association Failures The Association Failures widget list three failure types and the times of clients failed to connect to the EAPs’...
  • Page 394 Chapter 8 Monitor the Network the cursor over the slice to view the number of clients connected to the SSID in 2.4 GHz or 5 GHz band. Click a certain SSID to further display the statistics of its band frequency distribution. ■...
  • Page 395 Chapter 8 Monitor the Network is bigger than -72 dBm. The line graph on the right displays the number of clients according to the different range values of RSSI.

  • Page 396: View The Statistics Of The Network

    Chapter 8 Monitor the Network 8. 2 View the Statistics of the Network Statistics provides a visual representation of device data in Omada SDN Controller. You can easily monitor the network traffic and performance under the following tabs, Performance, Switch Statistics, and Speed Test Statistics.
  • Page 397 Chapter 8 Monitor the Network ■ User Counts The User Counts graph displays the number of users connected to the devices during the selected time range. Hover the cursor over the line to display the specific values. ■ Usage The Usage graph uses the orange line and yellow line to display the percentage of CPU usage and used memory during the selected time range, respectively.
  • Page 398 Chapter 8 Monitor the Network ■ Packets The Packets graph uses the dark blue line and light blue line to display the number of packets transmitted and received during the selected time range, respectively. Hover the cursor over the lines to display the specific values.

  • Page 399: Switch Statistics

    Chapter 8 Monitor the Network ■ Retries The Retries graph uses the dark blue line and light blue line to display the number of times that the data packets are transmitted again and received again during the selected period, respectively. Hover the cursor over the lines to display the specific values.
  • Page 400 Chapter 8 Monitor the Network Select bps, Bytes or Packets to specify the data type and measuring unit. bps: Displays the traffic rate in bps. Bytes: Displays the traffic statistics in Bytes. Packets: Displays the total number of packets. If you select Packet, click the tab to specify which type of packet statistics to be displayed. All: Displays statistics of all packets, including broadcast and multicast packets.
  • Page 401 Chapter 8 Monitor the Network You can specify the data type and measuring unit by clicking the tab. The dark blue and light blue are used to indicate the transmitted and received statistics, respectively. Hover the cursor over the lines to display the specific values. To view and configure the device connected to the port, click the device name beside the port number.

  • Page 402: Monitor The Network With Map

    Chapter 8 Monitor the Network 8. 3 Monitor the Network with Map With the Map function, you can look over the topology and device provisioning of network in Topology, customizes a visual representation of your network in Heat Map, and visually display the geographic location of each device and site in Device Map Site...
  • Page 403 Chapter 8 Monitor the Network For a better overview of the network topology, you can control the display of branches, the size of the diagram, and the link labels. ■ Display of Branches The default view shows the all devices connected by solid and dotted lines. Click the icon of the client group to view clients connected to the same device.

  • Page 404: Heat Map

    Chapter 8 Monitor the Network ■ Link Labels Click Link Labels at the left corner, and labels will appear to display the link status. Information on the labels varies due to the link connections. (For the WAN port of router connected to the internet) Displays the port name, link speed and duplex type.
  • Page 405 Chapter 8 Monitor the Network Click to edit maps in the pop-up window. Click to edit the description and layout of the map. Click to delete the map. Click to add a map. In the pop-up window, enter the description, select the layout, and upload an image in the .jpg, .jpeg, .gif, .png, .bmp, .tiff format.
  • Page 406 Chapter 8 Monitor the Network Add Map Add Devices and Walls View and Export Results 1. Go to > Heat Map and click to add a new map. Then click Add. Description Enter a description for the map. Layout Select the general layout of the map, which will make the simulation more accurate.
  • Page 407 Chapter 8 Monitor the Network 3. Click to set the default height of the added devices and the information displayed on the map. Then click Confirm. Default Height Specify the default height for devices. You can change the height for individual device later.
  • Page 408 Chapter 8 Monitor the Network Add Map Add Devices and Walls View and Export Results 1. Click to enter the editing status of the map. 2. Click on the upper left, and the list of adopted devices and virtual devices will appear. Drag the devices to the desired place on the map.

  • Page 409: Device Map

    Chapter 8 Monitor the Network Add Map Add Devices and Walls View and Export Results Note: It is required to click Simulate to generate a new heat map after editing elements on the map. 1. Click to generate the heat map. You can adjust the receiver sensitivity, show signal strength, and view the simulation results according to your needs.
  • Page 410 Chapter 8 Monitor the Network Visit https://www.mapbox.com, register an account, and obtain the default token on the account page. Configuration 1. Select a site from the drop down list of Organization in the top-right corner. Go to > Device Map. 2.
  • Page 411 Chapter 8 Monitor the Network 3. Select the sites that can share the token, then click Confirm. 4. Use the map to manage your devices. Unplaced Device Display a list of sites that are not marked on the map. You can drag and drop a site to add it to the map.

  • Page 412: Site Map

    Chapter 8 Monitor the Network Right-click a device icon to edit location or remove it from the map. Click a device icon to view device info and edit settings. 8. 3. 4 Site Map Prerequisite A valid Mapbox API Access Token is required to use the Site Map function. Visit https://www.mapbox.com, register an account, and obtain the default token on the account page.
  • Page 413 Chapter 8 Monitor the Network Configuration 1. Select Global from the drop down list of Organization in the top-right corner. Go to Dashboard > Site Map. 2. Enter the Mapbox API Access Token you obtained, then click Confirm. 3. Select the sites that can share the token, then click Confirm. 4.
  • Page 414 Chapter 8 Monitor the Network Locate to current location. Zoom in and zoom out the map. Right-click the map to add a new site. Right-click a site icon to edit location or remove it from the map. Click a site to view site info, and click Launch to access the site.

  • Page 415: Monitor The Network With Reports

    Chapter 8 Monitor the Network 8. 4 Monitor the Network with Reports Network Report shows the statistics of various network indicators and their changes over time, helping network administrators to intuitively and comprehensively understand the current and historical operating status of their network. Thus, it facilitates network administrators to decide whether the controller and devices needs to be upgraded and optimized.
  • Page 416 Chapter 8 Monitor the Network When you are accessing the controller locally, you can export the network report or send the report via email by clicking the icons on the upper right. Click to send the report via email. Both Send Now and Send Schedule are available. Click to export and the network report locally.

  • Page 417: View The Statistics During Specified Period With Insight

    Chapter 8 Monitor the Network 8. 5 View the Statistics During Specified Period with Insight In the Insight page, you can monitor the site history of connected clients, portal authorizations, and rouge APs. For a better monitoring, you can specify the time period and classify the clients and APs. 8.

  • Page 418: Past Connections

    Chapter 8 Monitor the Network Click the tabs to filter the clients listed in the table. The three tabs can take effect simultaneously. All/Wireless/Wired: Click to display both wireless and wired clients. Click Wireless Wired to display wireless or wired clients only. All/Users/Guests: Click to display both users and guests.

  • Page 419: Past Portal Authorizations

    Chapter 8 Monitor the Network In the table, you can view the client’s name, MAC address, association time and duration, download and upload traffic, IP address, and the network/port it connected to. A search bar and a time selector are above the table for searching and filtering. Enter the client name, SSID or MAC address to search the clients.

  • Page 420: Switch Status

    Chapter 8 Monitor the Network In the table, you can view the client’s name, MAC address, authorization credential, uplink and downlink traffics, authorization time and duration, IP address, and the network/port it connected to. For detailed monitoring and management, refer to 7.
  • Page 421 Chapter 8 Monitor the Network Enter the switch or name to search. Click the tabs to filter the switch ports listed in the table. The two tabs can take effect simultaneously. Overview/PoE/Counters: Click Overview to display the general status of each port. Click to display the PoE configurations and status of each port.
  • Page 422 Chapter 8 Monitor the Network Mode Display the operation mode of the port. Switching: The default mode. Mirroring: The network traffic of this port will receive the mirrored traffic from its mirrored port. Aggregating: The port is a part of an aggregate link Profile Display the switch port profile that takes effect on the port.
  • Page 423 Chapter 8 Monitor the Network Display the PoE status of the port. PoE is disabled Display the power output of the port in watts. PD Class Display the power requirement of the PD connected to the PoE port. Power Display the power output of the port in watts. Voltage Display the voltage output in volts.

  • Page 424: Port Forwarding Status

    Chapter 8 Monitor the Network RX Multicast Display the number of received multicast packets. RX Broadcast Display the number of received broasdcast packets. RX Errors Display the number of received error packets. 8. 5. 5 Port Forwarding Status In Port Forwarding Status, a table displays information about the port forwarding entries used by the gateway managed by the controller.

  • Page 425: Vpn Status

    Chapter 8 Monitor the Network Packets Display the number of transferred packets. Bytes Display the number of transferred bytes. Lease Duration (Only for UPnP port forwarding) Display the uptime of the port forwarding entry. 8. 5. 6 VPN Status In VPN Status, a table displays the existing VPN tunnels and corresponding information. A tab is above the table for filtering.
  • Page 426 Chapter 8 Monitor the Network Data Flow Display local and remote subnet. The arrow indicates the direction. Protocol Display the authentication and encryption protocol of the entry. AH Authentication Display checksum algorithms of the entry. ESP Authentication Display the algorithms for ESP authentication. ESP Encryption Display the algorithms for ESP encryption.
  • Page 427 Chapter 8 Monitor the Network Uptime Display the time duration that the VPN tunnel has been active. The listed information of OpenVPN/PPTP/L2TP (Client) table is explained as follows (some information listed below is hidden by default). You can further filter the entries based on their type. Interface Display the interface that the traffic goes through.

  • Page 428: Routing Table

    Chapter 8 Monitor the Network Login IP Display the login IP address of the remote user. Virtual IP Display the virtual IP address of the remote user. Login Time Display the login time of the remote user. Statistics Display the upload and download traffic of the remote user. 8.

  • Page 429: Dynamic Dns

    Chapter 8 Monitor the Network Metric (Only for Gateway) Display the number of hops before reaching the destination. Generally, if there are a few routing entries with the same destination, the routing with the lowest metric will be used. Distance (Only for Switch) Display the administrative distance of the routing entry.
  • Page 430 Chapter 8 Monitor the Network Enter the client name or MAC address to search the clients. Filter the rogue APs based on Last Seen. Click the selector to open the calendar. Click a specific date twice in the calendar to display the rogue APs scanned on the day.
  • Page 431 Chapter 8 Monitor the Network Signal Displays the signal strength in percentage and dBm). Last Seen Display the last time that the rogue AP was scanned by the controller.

  • Page 432: View And Manage Logs

    Chapter 8 Monitor the Network 8. 6 View and Manage Logs The controller uses logs to record the activities of the system, devices, users and administrators, which provides powerful supports to monitor operations and diagnose anomalies. In the Logs page, you can conveniently monitor the logs in 8.

  • Page 433: Alerts

    Chapter 8 Monitor the Network 8. 6. 1 Alerts Alerts are the logs that need to be noticed and archived specially. You can configure the logs as Alerts in Notifications, and all the logs configured as Alerts are listed under the Alerts tab for you to search, filter, and archive.

  • Page 434: Events

    Chapter 8 Monitor the Network Time Displays when the activity happened. Archive All Click to archive all unarchived logs. Click to archive the log entry. Click and select the log types to delete the corresponding alert logs. Once deleted the archived alerts cannot be recovered. The unarchived alerts cannot be deleted. 8.

  • Page 435: Notifications

    Chapter 8 Monitor the Network Enter the content types, severity levels, or key words to search the logs. Click and select the log types to delete the corresponding event logs. Click the tabs to filter the logs listed in the table. The two tabs can take effect simultaneously.
  • Page 436 Chapter 8 Monitor the Network With proper configurations, the controller will send emails to the administrators when it records the logs. To specify the logs as Alert/Event, click the corresponding checkboxes of logs and click Apply. The following icons and tab are provided as auxiliaries. Reset to Default Click to reset all notification configurations in the current site to the default.
  • Page 437 Chapter 8 Monitor the Network 3 ) Enable Alert Emails in Admin 4 ) Enable Alert Emails in Logs Enable Mail Server Enable Alert Emails in Site Enable Alert Emails in Admin Go to Settings > Controller. In the Mail Server section, enable SMTP Server and configure the parameters.
  • Page 438 Chapter 8 Monitor the Network Test SMTP Server Test the Mail Server configuration by sending a test email to an email address that you specify. Enable Mail Server Enable Alert Emails in Site Enable Alert Emails in Admin 5. Go to Settings >...
  • Page 439 Chapter 8 Monitor the Network 7. Click Apply. Enable Alert Emails in Site Enable Alert Emails in Admin Enable Alert Emails in Logs Go to Admin and configure Alert Emails for the administrators and viewers to receive the emails. Click + Add New Admin Account to create an account or click to edit an account.
  • Page 440 Chapter 8 Monitor the Network Enable Alert Emails in Site Enable Alert Emails in Admin Enable Alert Emails in Logs Go to Logs and click Notifications. Click a tab of content types and enable Email for the activity logs that the controller emails administrators. Click Save.

  • Page 441: Monitor The Network With Tools

    Chapter 8 Monitor the Network 8. 7 Monitor the Network with Tools The controller provides many tools for you to analyze your network: ■ Network Check Test the device connectivity via ping or traceroute. ■ Packet Capture Capture packets for network troubleshooting. ■...

  • Page 442: Packet Capture

    Chapter 8 Monitor the Network Note: • Devices which are already running commands shall not execute newly added commands. • Output history of device with buffer space issues shall be automatically cleared. 3. Click to perform the test. You can view the test result in the Device Output section.

  • Page 443: Terminal

    Chapter 8 Monitor the Network Single Packet Size Specify the size of a single captured packet. It cannot exceed 1 MB. Packet Capture Filters Enter the filters to capture packets. Supported filters include: host, src, dst, tcp port, tcp src port, tcp dst port, udp port, udp src port, udp dst port, ether host, ether src, ether dst Combination of operators “and”, “or”, “(“...

  • Page 444: Manage Accounts Of Omada Sdn Controller

    Manage Accounts of Omada SDN Controller This chapter gives an introduction to different user levels of controller accounts and guides you on how to create and manage them. The chapter includes the following sections: • 9. 1 Introduction to User Accounts •...

  • Page 445: Introduction To User Accounts

    Chapter 9 Manage Accounts of Omada SDN Controller 9. 1 Introduction to User Accounts Omada SDN Controller offers three levels of access available for users: master administrator, administrator, and viewer. You can also create new account roles and customize their permissions to access different features.
  • Page 446 Chapter 9 Manage Accounts of Omada SDN Controller 2. Click Add New Role. Specify the role type name and customize the permissions for the role. 3. Click Create. The new role will be displayed in the role list. To edit/delete a custom role, click the icon in the ACTION Column.

  • Page 447: Manage And Create Local User Accounts

    Chapter 9 Manage Accounts of Omada SDN Controller 9. 3 Manage and Create Local User Accounts By default, Omada SDN Controller automatically sets up a local user with the role called master administrator as the primary administrator. The username and password of the master administrator are the same as that of the controller account by default.

  • Page 448: Create And Manage Other Local Accounts

    Chapter 9 Manage Accounts of Omada SDN Controller 3. Check the basic information, change the password, or enable alert emails according to your needs. Click Save. 9. 3. 2 Create and Manage Other Local Accounts To create and manage a local user account, follow these steps: 1.
  • Page 449 Chapter 9 Manage Accounts of Omada SDN Controller 3. Select Local User for the administrator type in the pop-out window. Specify the parameters and click Create. Username Specify the username. The username should be different from the existing ones. Password Specify the password.
  • Page 450 Chapter 9 Manage Accounts of Omada SDN Controller Site Privileges Assign the site permissions to the created local user. All: The created user has device permissions in all sites, including all new-created sites. Sites: The created user has device permission in the sites that are selected. Select the sites by checking the box before them.

  • Page 451: Manage And Create Cloud User Accounts

    TP-Link ID in the quick setup. The username and password is the same as that of the TP-Link ID. The cloud master administrator is cannot be deleted, and it can create, edit, and delete other levels of user accounts.
  • Page 452 Enter an email address of the created cloud user, and then an invitation email will be sent to the email address. If the email address has already been registered as a TP-Link ID, it will become a valid cloud user after accepting the invitation.
  • Page 453 Chapter 9 Manage Accounts of Omada SDN Controller Alert Emails Check the box if you want the created user to receive emails about alerts of the privileged sites. For detailed configurations, refer to 4. 2. 2 Services. To edit and delete the accounts, click icons in the Action Column. To edit the parameters for the user.

  • Page 454: Appendix 1: Omada App

    Appendix 1: Omada APP Omada app is a mobile application designed for Omada products. It allows you to conveniently monitor and manage your network. The Omada app can be used for Standalone and Controller mode. This appendix introduces how to use Omada app to manage your network. It includes the following sections: •...

  • Page 455: Install Omada App On The Mobile Device

    Omada app runs on iOS and Android devices, such as smart phones and tablets. Launch the Apple App Store (iOS) or Google Play store (Android) and search “TP-Link Omada” or simply scan the QR code to download and install the app.
  • Page 456 Appendix 1: Omada APP 1. Connect your mobile device to the EAP by 3. Tap on the EAP device appearing on the using the default SSID (format: TP-Link page. Set a new username and password for 2.4GHz/5GHz_XXXXXX) printed on the your login account of the EAP.
  • Page 457 Appendix 1: Omada APP 4. Edit the default SSID and password to keep 5. You can view the name of the EAP device your wireless network secure. Tap Next. and other information including wireless parameters and clients. You can tap change the settings of radio, SSID and device account.

  • Page 458: Manage Your Network In Controller Mode

    Appendix 1: Omada APP Manage Your Network in Controller Mode For a large-scale network which has routers, switches and mass EAPs, advanced functions are required, and controller mode is recommended. Controller mode allows you to configure and manage the devices and network in a straightforward and efficient way.
  • Page 459 Appendix 1: Omada APP 1. Connect your mobile device to the EAP by 3. Tap the Omada Controller, the controller using the default SSID (format: TP-Link login page will show. Enter the username and 2.4GHz/5GHz_XXXXXX) printed on the password of the controller, then tap Log In to label.
  • Page 460 Appendix 1: Omada APP 4. On the Devices screen, tap the Device that is pending for the adoption. And you can use the functions at the bottom to navigate various screens of the Omada Controller including the wireless statistics, clients information and basic settings.

  • Page 461: Remotely Manage Your Devices Using The Omada App

    A compatible iOS or Android device with Omada app (iOS: 3.0.28 and above, Android: 3.0.10 and above). • Cloud Access is enabled on the controller. The controller has been bound with a TP-Link ID. Internet Mobile Device Installed with Omada App...
  • Page 462 1. Launch the Omada app, go to Cloud Access 2. All the controllers which are bound with your and tap Go to Log In to log in to Omada TP-Link ID will appear on the page. Cloud with your TP-Link ID. •...
  • Page 463 Appendix 1: Omada APP 3. On the Devices screen, tap the device that is pending for the adoption. And you can use the functions at the bottom to navigate various screens of the Omada Controller including the wireless statistics, clients information and basic settings.
  • Page 464 Appendix 1: Omada APP Cloud-Based Controller Refer to the topology for cloud-based controller below, make sure that the following requirements have been met: • Your mobile device has internet access. • A compatible iOS or Android device with Omada app. •...
  • Page 465 2. All the online controller which are bound with and tap Go to Log In to log in to Omada your TP-Link ID will appear on the page. Tap Cloud with your TP-Link ID. the cloud-based controller to launch and...
  • Page 466 Appendix 1: Omada APP 3. On the Devices screen, tap the + on the 4. On the Devices screen, the newly added upper right to add devices to your cloud- device will appear. To manage and configure based controller. You can scan the barcode devices on the cloud-based controller, you of the serial number of the device or enter need to activate them by assigning available...
  • Page 467 Appendix 1: Omada APP 5. Tab Activate and follow the instructions to 6. After binding with licenses, the devices can assign licenses to the devices. be managed and configured. You can use the functions at the bottom to navigate various screens of the Omada Controller including the wireless statistics, clients information and basic settings.

Table of Contents

Save PDF