I really appreciate that you didn’t assume The audience has any foreknowledge of setting up a network. I’m considering this setup for my place and am now a bit more confident that I can handle the technical side.
As a fan of the TP-Link Omada line, adding the hardware (even software) controller to your APs is truly an amazing experience. It makes your APs a mesh, and makes setup/adding a new AP around 5 clicks, less if you setup your SSIDs as default. I've deployed 6 mesh networks for business customers of mine, and I am currently testing/deploying one in my home, keeping the Synology router (due to amazing, and free, content filtering (I've got kids)). Keep up the good work, TP-Link! My one request would be expanding a bit in your switch lineup, possibly a half PoE 48 port version with the 10 GbE ports. I've got a few clients where that would be a perfect fit.
Got kit arriving tomorrow and I think this video has just given me everything I need to get set up. Very clear and easy to follow. Great work. Thank you.
Thank you for this! Being a newbie into networking, I believe this is the first or only video I’ve seen that shows from the start of the equipment plugged in from your existing router and to the computer you’re using to set everything up! Kudos also for using a Mac instead of PC so now I know I don’t necessarily need a PC. I would like to know however if you’re still using your existing router or is your ISP now going directly to your WAN port on the TP-Link router? Thanks!
Great video! but I think I found an error at 17:25, if you want to block OC and router, you need to select 192.168.10.1 in your set up, nstead you went with 20.
That's my last set up to complete everything and that part holding me back sorry I'm totally new on this but at the same time I'm been putting all my effort to keep leaning
This worked great. Until yesterday. I had set this up for a small church several months ago ahead of an internet service installation. There was a backlog for the cable company so we were on "the waiting list." This was July 2022. So, I went ahead and installed 3 EAP225 and the ER605, OC200, and a TL-SG2218 and used an ethernet bridge connected to VZ hotspot to test; all systems worked perfectly. Then the wait. Yesterday, Cox came in like gangbusters and set up the wrong modem. I ordered a basic business modem, without router or wifi. See, the church wanted to rent the modem, since it was only $5 month. Lightning strikes are common here and more than one microwave and phone system has been fried at this location, so they figured they'd rather Cox be on the hook for a replacement. While I was out of the room the tech installed and configured the AIO modem. Had I seen him take it out of the box, I'd have stopped him. It shouldn't have been a problem, but the gods were angry yesterday. The tech left and came back with the right modem. Still, nothing worked right, not even wired connections. So, I reset all hardware to factory and started over. I tried clearing the routing tables, etc, praying, crying, but I gave up. I did the hard reset and followed your video again. Wired connections work now and work well, but the EAPs only connect to windows devices with no internet. Chrome, Android, and Mac devices throw DHCP errors and fail to connect Looks like the EAPs are not passing DHCP to any of those devices. I have since done hard resets to everything and I am getting the same results.
Great video! Looking into setting up similar setup but with 200 clients for a small office network. What other hardware is needed to cater 200 clients?
Thanks for the walk-through, it was very helpful for me to set up my own Omada setup. What rules would I need to set up for my devices to cast to my google chromecasts on a different VLAN? I've been trying to no avail, and my family is getting annoyed at my tinkering.
Awesome video! While I have 15-20 witless devices at any given time. Is this controller worth having if I only have one access point, router, switch, and a few other wired devices?
Um maybe. It gives you a centralized place to manage everything and see everything and give you fancy stats. Otherwise you’d have to login into each device to update them and manage them.
This is looking very tempting as a replacement to Ubiquiti UniFi gear. The UI is so similar but what I'm curious about is if you can SSH into a device and for example run "show run -all" and take the output and put into a script to reload rules via the CLI. To me this would make a HUGE difference in being able to script out installs and not have to rely on exporting and importing the config files that may or may not be compatible with the next version of firmware as I've had issues with before in UniFi and have to reconfigure via the GUI.
Got a EAP660 this weekend, going to set it up next weekend. Any issues I might face trying to set this up connected to a pfSense router and using a Docker version of the Controller rather than a physical one?
Older devices may not work well with the higher allowed bandwidths from each 2.4 band and 5 band. Consider thoroughly testing all devices before settling on a specific power setting and frequency.
Do you have a similar video but instead of AP, one with a mesh system? By the way, what's the cost to have this system set up? Thank you for this video.
i live in delhi and tp link 710 is installed in my office there is no net at home so i can use office net to use home net my home is 25 kms away from office between which traffic signals multi all If I live in Delhi, then I put airspace on its tower, then I live in their bungalows in the basement of my house and second, if I put the tower in my balcony above, will it work, how much range can it cover? Will it cover a range of 25 kms?
This is an excellent guide, thank you. I went with the same hardware, and it was pretty easy to set up. The only problem I ran into was setting up the wireless Guest network and integrating it with the VLAN. Updated all firmware, tried multiple times, rechecking steps, but it simply would not assign IP addresses, at all. Not sure what the issue is, but there seems to be chatter on Reddit from others with this issue.
Wherever I assign a VLAN to a wireless network during setup I'm unable to get an assigned IP when connecting to the wireless network. The device connects to wifi fine, but no IP is assigned hence you can't go online. When looking at the connection details on my Mac, it says "self-assigned IP" and it's NOT in the same subnet range of the created LAN.
Found the issue...When creating the vlan interface I didn't select the LAN port of the router which the switch/EAP is connected to. I had certain LAN ports selected on the router, but not the WAN/LAN that that the Switch plugs into. Once I went back and included that router port, an IP address was assigned.
Did you put your AT&T router in Passthrough and turn off all the firewall stuff? Does the TP Link have firewalls setup by default? I have the same setup coming and also a AT&T router so just curious what to do there. Thanks!
Yes, I did IP passthrough be the gateway firewall is off. The TP Link router I have doesn’t support firewalls, according to the cloud controller anyway. I haven’t been able to play with any firewall stuff yet.
Very informative setup. I have been using 3 EAP245s with the controller software. I was wondering if you have videos going more in-depth on writing rules for kids devices using this software? thanks!
I just ordered AX3600 Wifi 6, already have the ER605 router and that feeds my 16 port TL-SG116. I try to hardwire every device where possible. That includes my firesticks, Sonos Speakers, and HA hubs. What I am wondering is if I put that AX3600 up on the top floor in the middle of my house (2 story with basement, 3000 sqaure feet, floors are 25*60). Do you think that coverage and bandwidth will be good enough top to bottom for basically phones, laptop and a few other WiFi devices like light bulbs... My other option for placement is on the middle floor on a far fall. I think that might be a better place, but I am not sure if it will cause issues since I have 4 HA Wink, hubitat, Lutron and Philips hubs there. Is the only benefit of the controller to have one central place for configuration? I plan to wire the AX3600 to one of my WAN\LAN ports on the ER605. Is that OK or would it be better to put it on the switch?
I'm not entirely sure to be honest. I'd start with top most floor though. If it ends up sucking then I'd just add some in-walls or other access points later. Bandwidth wise it should be more than enough, signal strength wise; it really depends on so many factors I couldn't give you a good answer even I wanted to. Mostly yes, but you also get easier configuration options for VLANs and other configuration options. Do whatever you are most comfortable with. If it was me, I would just use my switch.
Hey Love your videos and thanks so much for all the information! I do have a quick question, for a home setup would it be possible to use only the router(TP-Link ER605/TL-R605)+cloud controller(TP-LINK OC200)+2 AP´s (TP-Link EAP235 each with its own POE injectors) BUT using an unmanaged switch (TP-Link LS1008G)? If I´m not going to setup an advance levels of access between devices?
Thanks! Found you, initially, as you are an ATT subscriber as am I, and I also have a public IP block that I'm trying to get a homelab ESXi server accessible to other people in my work group for homelabbing together. Good stuff. Saw another comment down the list, and you used IP passthrough ? Not Cascaded router ?
Yes, I wanted my UDM to have my external IP address VS a 192. Or 172. Address. Eliminates a double NAT situation. Not sure how cascade would be beneficial to me.
Does your ISP router have to be in bridge mode before you start configuring the omada setup ?? Can you do it without being in bridge mode. I have been trying to adopt the er605 router using the controller no poe switch just the router conneted to the omada controller. I edit the lan to 192.168.10.1/24 but the e605 will try to adopt but wont ??
Hi Stephano, i really like to build this set up at my home. I just bought eap235 wall AP, 2 pcs eap115 Wall AP, and eap110 AP and planning to buy some omada VPN router.. Just one question, i have old but still great TP Link poe+ switch, but it is unmanaged, can i still use it? What disadvantage not using Jetstream Omada Switch ? Thank you for your kindly advise 🙏🏻
Yes you can still use the unmanaged switch. The Omada Controller will not be able to... control the switch. So having things like Port Security, ports dedicated to VLANs, port isolation, and a bunch of other features can't be used on that switch. But if you don't need any of that fancy folk stuff, then it doesn't matter.
Hmmm. I haven't seen or heard of this happening to anyone before.... Update the firmware first maybe? Or maybe (I know it may be a pain in the arse) factory reset everything.
Thanks for this video! I just got in a bunch of TP Link Omada Hardware that I'm planning to put in a new house - thanks to this video, which convinced me I could handle it :) A quick question for you - my setup is essentially what you showed here. I'd like to set it up and test it at my old place (ATT Fiber and ATT Modem running bridge to my Eero Pro 6s), without messing with my current setup - is there any issue you can think of with setting this up without connecting to the internet or my current network?
Nice howto, is it possible to connect switches from other manufactures like zyxel for example…? Poe will come over the tplink Adapters. And also if already available could I use here my ubi edgerouter 4 too…?
I do not have the OC200 controller so Im using the software. Are the settings still in effect, specially th VLANS and the ACLs even if the software is not running?
Thank you for such an awesome tutorial. I watched it yesterday and I'm following along again today as I set up I my own Omada network. I have a few questions though. At 10:00 you began creating 3 separate VLANs for kids, IPcameras and guests. You left the purpose as interface, but you also had an option to set it as VLAN. Then at 15:40 you began to creating rules to isolate the kids network from the other VLANs and block access to the router. So what's the difference between setting the purpose to interface vs VLAN? Had you set the purpose to VLAN, would you still have to create those rules? And what are the benefits if doing it the way you did it?
Those are some questions that I don't know the answer to. That isn't something that initial crossed my mind. I just did it that way and got the results I wanted. I'm not sure what would happen if you deviated.
Hi there. Very useful video Thank you. Quick question: I have a TL-SG2008P, an OC-200 and an ER-605. Can I user a Netgear nightwawk as the AP? Will it work? or do I need to buy also a TP Link AP?
Hello! Thanks for the video as its helping setup my first home network. I wanted to ask, when you set the static IPs of the switch and access point, you specified the DNS to be the IP of the router and you said you were doing it "for now". When/Why would you want to set it with a different value? Also, at arount 17:40 you were creating rules to block access to the OC and Router but you specified IPs like 192 168 20 1 when the router was actually 192 168 10 1. Should it really be 20 or did you eventually changed it? Thanks for helping!
I host my own DNS using PiHole but hadn’t added it to that network. So it didn’t matter at the time. Yes that was intentional because those vlans that are 20.1, 10.1, or whatever act as the gateway. So if a user types that IP address in, they will be directed to your router. So if you don’t want the other vlans to have access to the router then it needs to be blocked
So I’m looking for a switch that has 8 or 16 PoE and 16 ports total to connect to the router. Do they have anything that works the same with the oc controller? Where I have all the control and stats?
TP-LINK makes decent hardware. Will be considering it over the ASUS stuff I have now in the future. TP-Link is a good compromise I think if you can't afford the more expensive stuff. I only wished the AX3600 wasn't so gigantic. Are you planning to do a review of those wireless mesh access points eventually like the AX3000 ?
It is pretty big! I don’t hate it but I partly do wish it was smaller. The thing is a beast though with its 2.5GbE port unlike my U6-LR. I’m not planning on that at this time.
@@SPXLabs Yes it does have some advantages. I guess, if you can find a place where it can remain hidden then it is not so bad. I'm also guessing the other advantage of it being bigger is that is doesn't get so hot?
I haven’t really put it through the paces yet. But every time I’ve touched it it’s never been hot. I feel like all my ubiquiti stuff is hot even when idling
@@SPXLabs If ever you do have the chance to stress test the equipment, it would be very interesting. As for your Ubiquiti stuff, I mean I can understand network switches gets hot, rarely seen one that doesn't unless you have very basic equipment and you have good ventilation now for your network stuff. But the Ubiquiti access point doesn't have much in terms of "vents". But you've been running it for how long now, 1 year? Will be interesting to see if it lasts long.
do I need a gigabit omada hardware? I have a gigabit bandwidth. all of my omada compatible access points are gigabit capable. I'm not sure if I need a gigabit omada (OC300) over 10/100mbps omada (OC200). I don't know if any bandwidth will be running through omada. as far as I know, omada only manage the EAPs.
For home use, I would seriously doubt you would need the OC300. The OC200 is perfectly adequate. The Omada controller has nothing to do with your bandwidth nor does the software. The controllers job is to give you a unified singular place to manage all of your Omada capable hardware. All of tp links hardware is Gigabit capable. The oc200 having a 100mb connection is irrelevant to your internet and local bandwidth.
Watching several of your videos. Super excited to get a similar setup going. I am going to use three EAP615-walls around the house instead of the single AP. This will be my first attempt to have major upgrade to the home network. I am also going to have a Disney Circle on the kids vlan. Circle is my lazy solution for managing their screen time on devices.
Hello how you doing, I finally set up my home lab and I follow all your steps/setting but got a little confused where you set up the IP-port group, How did you get the IP subnet, here's were I got confused since the OCandRouter has a different default IP already you set up from the beginning .. Why you set it up with 192.168.20.1
I didnt' get it from anywhere I made it up along with the other groups. The router acts as the default gateway for each subnet, so 192.168.0.1, 192.168.10.1, 20.1, 30.1, or whatever all take you back to the router, it doesn't matter what subnet you are on.
I’m looking for the strongest and fastest WiFi. I have a lot of devices. A one story home with a basement. I’m using 6 google nest access points and they are pretty good. But I still have some slow areas. My router also sends out its own WiFi under a different name and it is much slower. What can I do to seep things up. Should I see how to sit off the router WiFi and let the google one do it’s thing or do a setup as your video shows and put a access point upstairs and downstairs with that bigger disk??
I’m not really a WiFi guru. Also I hate WiFi. So I could be wrong but it sounds like your radios need to be attenuated as to not compete with surrounding bands. If you have already done this then maybe it’s time to switch brands.
Hi there, I see that on you configuration you don't get any issue when you change the ip range of the LAN. On my configuratuion, when I change the IP range, my netgear AP don't work anymore. I don't know whay. Can you please tell me, do I need to reset my AP to config again for that ? Thnx in advance>
Thanks for your videos! I have followed your video guide and its great. Do I need to apply the same rules you created for Kids network on the EAP ACL to the Switch ACL for the kids wired devices to have the same rules?
at 15:20 what is the difference between choosing All or Allvlans for port 1? Since All vlans are in this profile I guess this makes no differences? at 10:12 you create Lan kids with only Lan interface 'lan' checked. While the default Lan has all the interfaces checked, what makes the difference then between these 2 lans?
I have the ER7206 router, SG2210P switch, and 4 EAP610 APs, 2 upstairs and two down. With just a single SSID based on my LAN, signal strength is great on all APs. When I setup a VLAN fir my IoT devices for wired and wireless with a separate SSID, I get no internet for . Ideas?
I'm curious about the way the kids VLAN is set up. If I set up the kids VLAN in this way, and block it from the rest of the networks (LAN, IPCAM, etc) would the kids' PCs be unable to connect to a minecraft server hosted on the LAN network?
I have been trying to add my wifi cameras that are connected to a NVR to a vlan..Before i start should i take my nvr and cameras off of static ip address?Thank you
If your nvr and cameras already have IPs on the same subnet as the VLAN you created then it shouldn't matter. If the VLAN you created has a different IP space then switch them to dhcp. Or just make the VLAN the same subnet. up to you.
I'm new to all this and I'm working on updating my network at home and your videos have been very helpful, I wanted to ask how many wireless accounts you can have or create, if there is a limit.
Trying to find what is max switching throughput of ER605 when configured with 1xWAN and 2xLAN (think this is software switch)? Have 700/100 link and want to configuration only with ER605 and 2xEAP245. But don't know that they can work full speed.
You said you were enabling the guest network setting for the Guest SSID so it can't access devices on the other subnets. Does that setting also block access to other devices on its own subnet? If I want a roommate to have their own wireless network and subnet and allow their devices to see each other (but not devices on any other subnets), what settings are needed?
Looks good and great... I need to know if i use it for home solution with one ssid and one password for all at home..doni need to use mesh..or i can use this to make one same ssid for all access points
@@SPXLabs can u suggest which model i need to use for 10 rooms with APs having same ssid and password so client have signals every where without changing wifi connections or hard handoff...and can switch automatically
Just bought this exact setup and I need another small switch for the location where my pc, printer, scanner, are located. What Omada switch do you recommend that pairs well with 2210MP?
I think this would be pretty cool instead. It’s not a switch perse but it has 3 data ports and WiFi. Assuming you have an Ethernet cable in that same room as you. amzn.to/3pq3Ofy
@@SPXLabs Funny that you recommended that since that since I already bought one for another room in the house. If I needed more than 3 ethernet ports would the 2210P be a good choice? Kind of surprised that Omada doesn't offer a cheap 4 port for that reason. Thanks for the response and great videos by the way.
Stumbled onto this while researching/looking for APs for my home. I'm confused about the purpose of the Controller. Am I to understand that you need that to be able to configure your hardware? So each piece of equipment is "dumb" and unconfigurable without it? Just wondering. Seems like a pretty sweet setup but seems like an extra piece of equipment that I don't understand the purpose for. At for use at home. Personally, I'm looking for something very similar to what's in this video: A router to connect to the ISP, a switch for my wired hosts, and an access point with 2 ethernet connections to place downstairs (since my ISP is wired in upstairs). The ports on the AP would be to 1 connect to the LAN and the other to pass-through to (another switch) to my DirecTV and my TV set. TMI I guess. Anyway, what's the point of the controller?
You don’t need the controller as each device can be manually configured. You can also download the controller software and host it on a computer at home. The hardware controller basically gives you a more easy and centralized place to manage and configure your devices. Savvy?
Hi, I think you have done an amazing job explaining the programming of the GUI and all the offerings that Omanda has with their new platform. I have installed several systems already. The problem is, No one tells us how to separate the devices to the V-lans that you teach us how to set up. If I want to put all my IOT devices in a V-lan, I’m clueless. It seems it would be easy for a hard wired device, but not so easy with wireless.. Please advise. BRB
i has installed vmbase omada controller , added 24 MAC under single SSID but now recently added MAC id user unable to connect to SSID ..getting event logs as channel 1 because the Association times out.(1 time in a minute).please suggest
You can use whatever hardware you want but certain features from the hardware will be missing. Each device from TP Link can operate in “standalone mode”
I've been given an omada setup, but my question is, what's the difference between the hardware controller and the wifi controller? I have the wifi controller, and I'm curious what I'm missing out on without the hardware controller.
I got the Omada setup without a managed switch and I'm using the software Omada controller. Is there a way I can make a printer discoverable across all LANs? Right now if I'm on the Guest LAN with my Android, it does not find the Printer which is on the LAN network.
Looks good. However, I am happy with my UniFi setup for now. Replaced the USG 3P with a Protectli Vault running OPNSense firewall/router. Also replaced the UAP-AC-PRO with the UAP-U6-Lite. Upstairs I have the UAP-AC-LR. It's been rock solid with zero issues.
Hi and thanks for the video. I have a very simple setup, the ER605 acting as a router for my single home LAN. I'm going crazy not able to block a fixed IP device within my LAN from inbound/outbound internet (WAN) connection. How can I do this using the ER605 admin panel? I previously owned the TL-R600VPN and this was very easy to do, but the admin panel of the ER605 changed completely and can't understand the Firewall's Access Control menu . Thanks
After a quick Google search I found this. Have you seen or tried this? www.reddit.com/r/TPLink_Omada/comments/mphbix/can_i_allow_a_client_to_access_the_lan_but_not/
@@SPXLabs Thanks for your quick reply, I was just looking at that same link a few minutes ago, will try to follow it when I get home, but in that link the reply suggests to create the ACL rule at the switch or EAP level, not from the ER605, however since the ER605 is the only Omada device in my LAN I guess it has to be done from there. Do you think I need to install/use the Omada Controller software in my simple set up? Maybe achieving this task is easier from the Controller than from the ER605 admin panel
In my experience, EVERYTHING is easier with the Omada Software. Standalone mode is convoluted and confusing to me. Just the other day I tried to enable DHCP on a switch in standalone mode and literally could not figure it out even though there was 1 check box to enable it and a handful of options to set. I never figured it out and just gave up after about 2 hours.
@@SPXLabs Yeah, I feel the same way, never installed/used the Omada controller software, but from videos I've seen like yours it seems the interface is much simpler. So should I install the Omada Controller (v5.1.7) or the Omada SDN Controller? Can I do it from my Windows PC ?
The Omada team needs to help the Standalone team lol. Downloading and running the Omada Software is possible on Windows. I would use the Omada software whenever possible.
I recently bought the ax3600 because I was giving an aruba hp poe+ switch from work. Its currently in standalone mode. Its the only tp link device I have. I shut off the wifi on my isp provided device. Speeds improved even on my 802.11ac devices. Only have one ax and its hardwired. Anyway, so I can do all the vlan stuff with the Omada controller then? Dont have to configure anything on the switch? Have no cameras or anything like that. Live with my parents still. Id like to restrict their wireless devices from my devices. I pay for our internet and handle all that stuff. My parents don't know much about tech. And if they ever get a virus I dont want it crossing over to my stuff. Especially my network storage I recently starting putting all my backups on. I wasnt going to do a controller because I only have one tp link device. But, it sounds like it may be worth hosting myself on the same machine that has my network storage. Its an old lenovo d30 work was throwing away. Dual exons and has 48GB of ram. Shame to let that device just be a nas. Haha thanks in advance for any help.
When setting up the Deny OC & Router group, is there a reason you didn't include the IP Camera and Guest networks? Wouldn't you want to deny them access to the controller and router IPs and ports, in addition to blocking the Kids network?
Trying to decide between the Omada router vs getting a custom router and running Pfsense on it. What are the pro's/con's for the omada router you have discovered?
Watching this at work, hopefully this helps when I try to troubleshoot it at home. I have everything connected, but it's weird because access point WiFi isn't connecting to the internet, so I think it's the VPN router. Oddly, I can only see one security camera on access point WiFi (even though it says it's not connected to the internet), so I think my other cameras might be connected straight to the modem, which is why I can see them on the modems wifi.
@@SPXLabs Thank you for replying. Last night I enabled bridge mode on my modem and that solved my problem, but I'm back to square one after resetting my modem to attempt to fix a WiFi security camera that just wouldn't connect. VPN router says it can't find the WAN IP address now (before it was a conflict that bridge mode solved). Back to the drawing board. 😮💨
Hey, so i have a question in regards to the vlan setup. So let’s say your kids are all connected to the kids vlan and your home printer is connected to an IoT vlan. How could the kids vlan communicate with the printer?
@@SPXLabs Thank you! Can you do a video on how to setup a VPN on the ER605 router? I want to use IPVanish to mask the public ip when my kids are playing PS4 but have no idea how to go about setting that up.
Hi Stephano, Thanks for the video. Would you recommend deploying the Omada ecosystem to a medium size campus? I just inherited this IT position at the local non profit organization that also runs a school, small museum, and a gift shop. All in one area. Currently we have the Cisco Meraki ecosystem which we want to get rid off. Not because they are bad but the expensive recurring licensing fees that we are not crazy about. I'm also considering Unifi and Microtik for our budget friendly and license free replacement. Do you think Omada (or Unifi or Microtik) is a reliable solution?
I’m honestly not a network professional by any stretch of the words. I’m familiar with Ubiquiti and I feel like that’s a safe bet. I know of mikrotik and like their pricing but am not familiar in anyway with their equipment. I think Omada is fine but have no idea how good it is at scale. Sorry that I can’t be more helpful
@@SPXLabs Ubiquiti is currently my third choice after Microtik because of bugs and issues that I've been hearing. Also, a lot of their L2 poe switches are sold out. Hey man.. thanks for your respond and great video!
@@SPXLabs Thanks! Is there a way to stop a device taking the OC200 Static address if it goes offline and another device connects/restarts and takes it?
There are a few ways. You can do DHCP reservations, you can start the up range handed out by dhcp to be higher than what the OC is, and well you could just not use DHCP either lol.
You can piece mill Omada all you want. As in have just a router or just an access point or just a switch. If you do that though I’m sure some features will be missing from your setup in the software controller but I don’t know which ones. All of the Omada hardware can be setup in standalone mode.
Рік тому
You can use 3rd-party router, just plug the router into the WAN port of the new router.
Is there a reason why my VLANS won't communicate with each other? I'm trying to ping from a machine on one VLAN to a machine on the main LAN and it wont work going either way. I know it was said in the video that all networks were able to communicate with each other by default, but mine aren't.
Hi Sir. I just got my ER7026 and OC300. I’ve been tinkering with it for a few days now. If I may ask, how come you needed to setup a rule under Network Security/ACL to restrict access between VLANs but you didn’t do it in the video below ua-cam.com/video/sc5eNPjeygQ/v-deo.html I noticed you didn’t setup network security but the vlan still wasn’t able to access the router and the controller. Could you help me sort out my confusion? Thank you so much.
For me the idea was to show that the end user can still customize things to their hearts desires without relying on default everything. Not sure how this will actually translate to the real world though.
I really appreciate that you didn’t assume The audience has any foreknowledge of setting up a network. I’m considering this setup for my place and am now a bit more confident that I can handle the technical side.
I wish you the best of luck and ease!
As a fan of the TP-Link Omada line, adding the hardware (even software) controller to your APs is truly an amazing experience. It makes your APs a mesh, and makes setup/adding a new AP around 5 clicks, less if you setup your SSIDs as default.
I've deployed 6 mesh networks for business customers of mine, and I am currently testing/deploying one in my home, keeping the Synology router (due to amazing, and free, content filtering (I've got kids)). Keep up the good work, TP-Link! My one request would be expanding a bit in your switch lineup, possibly a half PoE 48 port version with the 10 GbE ports. I've got a few clients where that would be a perfect fit.
Nice! Yeah I do like the ease of deployment myself.
If they send it. I will make content about it.
Thanks bro. I got the controller, the router, and the switch set up exactly as I wanted thanks to your video.
Just a heads up there is a newer version of this video available. It’s mostly similar
Got kit arriving tomorrow and I think this video has just given me everything I need to get set up. Very clear and easy to follow. Great work. Thank you.
Thanks for the kind words! Best of luck and enjoy!
@@SPXLabs Credit where it's due. Thank you.
Thank you for this! Being a newbie into networking, I believe this is the first or only video I’ve seen that shows from the start of the equipment plugged in from your existing router and to the computer you’re using to set everything up! Kudos also for using a Mac instead of PC so now I know I don’t necessarily need a PC. I would like to know however if you’re still using your existing router or is your ISP now going directly to your WAN port on the TP-Link router? Thanks!
Great video! but I think I found an error at 17:25, if you want to block OC and router, you need to select 192.168.10.1 in your set up, nstead you went with 20.
Yes I explain why in the video and show you an example of why you would want to do that. Good looking out anyway!
@@SPXLabs you're still oblivious to the mistake you made.
This is far more complicated than I ever expected. I’ll be using this as a guide for sure. Sheesh
I actually had to go back and use this at one point for my newest guide lol. This one is more generic but still works.
That's my last set up to complete everything and that part holding me back sorry I'm totally new on this but at the same time I'm been putting all my effort to keep leaning
This worked great. Until yesterday. I had set this up for a small church several months ago ahead of an internet service installation. There was a backlog for the cable company so we were on "the waiting list." This was July 2022. So, I went ahead and installed 3 EAP225 and the ER605, OC200, and a TL-SG2218 and used an ethernet bridge connected to VZ hotspot to test; all systems worked perfectly. Then the wait. Yesterday, Cox came in like gangbusters and set up the wrong modem. I ordered a basic business modem, without router or wifi. See, the church wanted to rent the modem, since it was only $5 month. Lightning strikes are common here and more than one microwave and phone system has been fried at this location, so they figured they'd rather Cox be on the hook for a replacement. While I was out of the room the tech installed and configured the AIO modem. Had I seen him take it out of the box, I'd have stopped him. It shouldn't have been a problem, but the gods were angry yesterday. The tech left and came back with the right modem. Still, nothing worked right, not even wired connections. So, I reset all hardware to factory and started over. I tried clearing the routing tables, etc, praying, crying, but I gave up. I did the hard reset and followed your video again. Wired connections work now and work well, but the EAPs only connect to windows devices with no internet. Chrome, Android, and Mac devices throw DHCP errors and fail to connect Looks like the EAPs are not passing DHCP to any of those devices. I have since done hard resets to everything and I am getting the same results.
I find these issues are mostly due to lan ip’s not being in the same range as the router.
Great video! Looking into setting up similar setup but with 200 clients for a small office network. What other hardware is needed to cater 200 clients?
Thanks for the walk-through, it was very helpful for me to set up my own Omada setup. What rules would I need to set up for my devices to cast to my google chromecasts on a different VLAN? I've been trying to no avail, and my family is getting annoyed at my tinkering.
You need to allow routes between vlans.
Awesome video!! I'm looking to setup 2 or 3 EAP's at my moms house. What would be easy to setup IE, Router, POE Switch, EAP?
Awesome video!
While I have 15-20 witless devices at any given time. Is this controller worth having if I only have one access point, router, switch, and a few other wired devices?
Um maybe. It gives you a centralized place to manage everything and see everything and give you fancy stats. Otherwise you’d have to login into each device to update them and manage them.
This is looking very tempting as a replacement to Ubiquiti UniFi gear. The UI is so similar but what I'm curious about is if you can SSH into a device and for example run "show run -all" and take the output and put into a script to reload rules via the CLI. To me this would make a HUGE difference in being able to script out installs and not have to rely on exporting and importing the config files that may or may not be compatible with the next version of firmware as I've had issues with before in UniFi and have to reconfigure via the GUI.
Check out the Aruba AIO stuff, its even better ! and it's direct competition with Unifi.
Got a EAP660 this weekend, going to set it up next weekend. Any issues I might face trying to set this up connected to a pfSense router and using a Docker version of the Controller rather than a physical one?
Older devices may not work well with the higher allowed bandwidths from each 2.4 band and 5 band. Consider thoroughly testing all devices before settling on a specific power setting and frequency.
Can't wait to set things up for my new house. Big thanks for the this tutorial.
Heck yeah! I think you will be happy with the equipment
Do you have a similar video but instead of AP, one with a mesh system? By the way, what's the cost to have this system set up? Thank you for this video.
i live in delhi and tp link 710 is installed in my office there is no net at home so i can use office net to use home net my home is 25 kms away from office between which traffic signals multi all If I live in Delhi, then I put airspace on its tower, then I live in their bungalows in the basement of my house and second, if I put the tower in my balcony above, will it work, how much range can it cover? Will it cover a range of 25 kms?
This is an excellent guide, thank you. I went with the same hardware, and it was pretty easy to set up. The only problem I ran into was setting up the wireless Guest network and integrating it with the VLAN. Updated all firmware, tried multiple times, rechecking steps, but it simply would not assign IP addresses, at all. Not sure what the issue is, but there seems to be chatter on Reddit from others with this issue.
Oh man that sucks. I actually never tried
Have you found an anwer yet? I run into the same problem here! @@SPXLabs
Wherever I assign a VLAN to a wireless network during setup I'm unable to get an assigned IP when connecting to the wireless network. The device connects to wifi fine, but no IP is assigned hence you can't go online. When looking at the connection details on my Mac, it says "self-assigned IP" and it's NOT in the same subnet range of the created LAN.
Found the issue...When creating the vlan interface I didn't select the LAN port of the router which the switch/EAP is connected to. I had certain LAN ports selected on the router, but not the WAN/LAN that that the Switch plugs into. Once I went back and included that router port, an IP address was assigned.
What is the VPN router for? Can you use any other normal router? also, what is the controller for?
Did you put your AT&T router in Passthrough and turn off all the firewall stuff? Does the TP Link have firewalls setup by default? I have the same setup coming and also a AT&T router so just curious what to do there. Thanks!
Yes, I did IP passthrough be the gateway firewall is off. The TP Link router I have doesn’t support firewalls, according to the cloud controller anyway. I haven’t been able to play with any firewall stuff yet.
Very informative setup. I have been using 3 EAP245s with the controller software. I was wondering if you have videos going more in-depth on writing rules for kids devices using this software? thanks!
Same here.
just get the hardware controller, its worth it.
I just ordered AX3600 Wifi 6, already have the ER605 router and that feeds my 16 port TL-SG116. I try to hardwire every device where possible. That includes my firesticks, Sonos Speakers, and HA hubs. What I am wondering is if I put that AX3600 up on the top floor in the middle of my house (2 story with basement, 3000 sqaure feet, floors are 25*60). Do you think that coverage and bandwidth will be good enough top to bottom for basically phones, laptop and a few other WiFi devices like light bulbs... My other option for placement is on the middle floor on a far fall. I think that might be a better place, but I am not sure if it will cause issues since I have 4 HA Wink, hubitat, Lutron and Philips hubs there.
Is the only benefit of the controller to have one central place for configuration?
I plan to wire the AX3600 to one of my WAN\LAN ports on the ER605. Is that OK or would it be better to put it on the switch?
I'm not entirely sure to be honest. I'd start with top most floor though. If it ends up sucking then I'd just add some in-walls or other access points later. Bandwidth wise it should be more than enough, signal strength wise; it really depends on so many factors I couldn't give you a good answer even I wanted to.
Mostly yes, but you also get easier configuration options for VLANs and other configuration options.
Do whatever you are most comfortable with. If it was me, I would just use my switch.
Really good video. I can't wait to setup my own tplink omada network!!!
It’s made so easy with the webui
Hey Love your videos and thanks so much for all the information! I do have a quick question, for a home setup would it be possible to use only the router(TP-Link ER605/TL-R605)+cloud controller(TP-LINK OC200)+2 AP´s (TP-Link EAP235 each with its own POE injectors) BUT using an unmanaged switch (TP-Link LS1008G)? If I´m not going to setup an advance levels of access between devices?
Yes that should be do-able.
Great guide with step by step instructions. Thanks! Is there a way to share a printer between different vlans?
Yes, add a route/ACL to the ip of the printer between each vlan.
Very nice video, I wonder if you have something to explain how to share a NAS on to vlan's.
I have the ER7206 v1.0, OC200 and TL-SG3428X v1.0.
Nope. But you just need an ACL to allow other vlans access to that IP or VLAN
Thanks! Found you, initially, as you are an ATT subscriber as am I, and I also have a public IP block that I'm trying to get a homelab ESXi server accessible to other people in my work group for homelabbing together. Good stuff. Saw another comment down the list, and you used IP passthrough ? Not Cascaded router ?
Yes, I wanted my UDM to have my external IP address VS a 192. Or 172. Address. Eliminates a double NAT situation. Not sure how cascade would be beneficial to me.
Does your ISP router have to be in bridge mode before you start configuring the omada setup ?? Can you do it without being in bridge mode. I have been trying to adopt the er605 router using the controller no poe switch just the router conneted to the omada controller. I edit the lan to 192.168.10.1/24 but the e605 will try to adopt but wont ??
Hi Stephano, i really like to build this set up at my home. I just bought eap235 wall AP, 2 pcs eap115 Wall AP, and eap110 AP and planning to buy some omada VPN router.. Just one question, i have old but still great TP Link poe+ switch, but it is unmanaged, can i still use it? What disadvantage not using Jetstream Omada Switch ?
Thank you for your kindly advise 🙏🏻
Yes you can still use the unmanaged switch. The Omada Controller will not be able to... control the switch. So having things like Port Security, ports dedicated to VLANs, port isolation, and a bunch of other features can't be used on that switch. But if you don't need any of that fancy folk stuff, then it doesn't matter.
Great video and setup. Only running into 1 problem. Controller keeps going back into adopting EAPs, switch and router. Any idea how to correct?
Hmmm. I haven't seen or heard of this happening to anyone before.... Update the firmware first maybe? Or maybe (I know it may be a pain in the arse) factory reset everything.
Thanks for this video! I just got in a bunch of TP Link Omada Hardware that I'm planning to put in a new house - thanks to this video, which convinced me I could handle it :) A quick question for you - my setup is essentially what you showed here. I'd like to set it up and test it at my old place (ATT Fiber and ATT Modem running bridge to my Eero Pro 6s), without messing with my current setup - is there any issue you can think of with setting this up without connecting to the internet or my current network?
Nope the tp link stuff can be configured 100% offline
Nice howto, is it possible to connect switches from other manufactures like zyxel for example…? Poe will come over the tplink Adapters. And also if already available could I use here my ubi edgerouter 4 too…?
Yes it is possible
I do not have the OC200 controller so Im using the software. Are the settings still in effect, specially th VLANS and the ACLs even if the software is not running?
Turn it off and find out?
Thank you for such an awesome tutorial. I watched it yesterday and I'm following along again today as I set up I my own Omada network. I have a few questions though. At 10:00 you began creating 3 separate VLANs for kids, IPcameras and guests. You left the purpose as interface, but you also had an option to set it as VLAN. Then at 15:40 you began to creating rules to isolate the kids network from the other VLANs and block access to the router. So what's the difference between setting the purpose to interface vs VLAN? Had you set the purpose to VLAN, would you still have to create those rules? And what are the benefits if doing it the way you did it?
Those are some questions that I don't know the answer to. That isn't something that initial crossed my mind. I just did it that way and got the results I wanted. I'm not sure what would happen if you deviated.
Hi there. Very useful video Thank you. Quick question: I have a TL-SG2008P, an OC-200 and an ER-605. Can I user a Netgear nightwawk as the AP? Will it work? or do I need to buy also a TP Link AP?
Yes you can still use your own stuff
@@SPXLabs thank you!!!
Hello! Thanks for the video as its helping setup my first home network. I wanted to ask, when you set the static IPs of the switch and access point, you specified the DNS to be the IP of the router and you said you were doing it "for now". When/Why would you want to set it with a different value? Also, at arount 17:40 you were creating rules to block access to the OC and Router but you specified IPs like 192 168 20 1 when the router was actually 192 168 10 1. Should it really be 20 or did you eventually changed it? Thanks for helping!
I host my own DNS using PiHole but hadn’t added it to that network. So it didn’t matter at the time.
Yes that was intentional because those vlans that are 20.1, 10.1, or whatever act as the gateway. So if a user types that IP address in, they will be directed to your router. So if you don’t want the other vlans to have access to the router then it needs to be blocked
@@SPXLabs Oh, I see now, thanks!
So I’m looking for a switch that has 8 or 16 PoE and 16 ports total to connect to the router. Do they have anything that works the same with the oc controller? Where I have all the control and stats?
TP-LINK makes decent hardware. Will be considering it over the ASUS stuff I have now in the future. TP-Link is a good compromise I think if you can't afford the more expensive stuff. I only wished the AX3600 wasn't so gigantic. Are you planning to do a review of those wireless mesh access points eventually like the AX3000 ?
It is pretty big! I don’t hate it but I partly do wish it was smaller. The thing is a beast though with its 2.5GbE port unlike my U6-LR. I’m not planning on that at this time.
@@SPXLabs Yes it does have some advantages. I guess, if you can find a place where it can remain hidden then it is not so bad. I'm also guessing the other advantage of it being bigger is that is doesn't get so hot?
I haven’t really put it through the paces yet. But every time I’ve touched it it’s never been hot. I feel like all my ubiquiti stuff is hot even when idling
@@SPXLabs If ever you do have the chance to stress test the equipment, it would be very interesting. As for your Ubiquiti stuff, I mean I can understand network switches gets hot, rarely seen one that doesn't unless you have very basic equipment and you have good ventilation now for your network stuff. But the Ubiquiti access point doesn't have much in terms of "vents". But you've been running it for how long now, 1 year? Will be interesting to see if it lasts long.
Yeah about a year. I think. Lol I’m sure it will work fine. I wish TP Link sent one of their switches that has 10G for the access point.
do I need a gigabit omada hardware? I have a gigabit bandwidth. all of my omada compatible access points are gigabit capable. I'm not sure if I need a gigabit omada (OC300) over 10/100mbps omada (OC200). I don't know if any bandwidth will be running through omada. as far as I know, omada only manage the EAPs.
For home use, I would seriously doubt you would need the OC300. The OC200 is perfectly adequate. The Omada controller has nothing to do with your bandwidth nor does the software. The controllers job is to give you a unified singular place to manage all of your Omada capable hardware. All of tp links hardware is Gigabit capable. The oc200 having a 100mb connection is irrelevant to your internet and local bandwidth.
@@SPXLabs thanks. I'm glad you cleared that up.
Watching several of your videos. Super excited to get a similar setup going. I am going to use three EAP615-walls around the house instead of the single AP. This will be my first attempt to have major upgrade to the home network. I am also going to have a Disney Circle on the kids vlan. Circle is my lazy solution for managing their screen time on devices.
You got to do what works! Thanks for watching and commenting
Hello how you doing, I finally set up my home lab and I follow all your steps/setting but got a little confused where you set up the IP-port group, How did you get the IP subnet, here's were I got confused since the OCandRouter has a different default IP already you set up from the beginning .. Why you set it up with 192.168.20.1
I didnt' get it from anywhere I made it up along with the other groups. The router acts as the default gateway for each subnet, so 192.168.0.1, 192.168.10.1, 20.1, 30.1, or whatever all take you back to the router, it doesn't matter what subnet you are on.
I’m looking for the strongest and fastest WiFi. I have a lot of devices. A one story home with a basement. I’m using 6 google nest access points and they are pretty good. But I still have some slow areas. My router also sends out its own WiFi under a different name and it is much slower. What can I do to seep things up. Should I see how to sit off the router WiFi and let the google one do it’s thing or do a setup as your video shows and put a access point upstairs and downstairs with that bigger disk??
I’m not really a WiFi guru. Also I hate WiFi. So I could be wrong but it sounds like your radios need to be attenuated as to not compete with surrounding bands. If you have already done this then maybe it’s time to switch brands.
Hi there, I see that on you configuration you don't get any issue when you change the ip range of the LAN. On my configuratuion, when I change the IP range, my netgear AP don't work anymore. I don't know whay. Can you please tell me, do I need to reset my AP to config again for that ? Thnx in advance>
try rebooting your netgear AP.
Thanks for your videos!
I have followed your video guide and its great. Do I need to apply the same rules you created for Kids network on the EAP ACL to the Switch ACL for the kids wired devices to have the same rules?
any update?
Um I’m not really
Hi my question is can we also make a vlan gateway ip for each vlan without using omada controller?
at 15:20 what is the difference between choosing All or Allvlans for port 1? Since All vlans are in this profile I guess this makes no differences?
at 10:12 you create Lan kids with only Lan interface 'lan' checked. While the default Lan has all the interfaces checked, what makes the difference then between these 2 lans?
I have the ER7206 router, SG2210P switch, and 4 EAP610 APs, 2 upstairs and two down. With just a single SSID based on my LAN, signal strength is great on all APs. When I setup a VLAN fir my IoT devices for wired and wireless with a separate SSID, I get no internet for . Ideas?
You probably need to allow the vlans access to the LAN port
AYE!!!!
totally planning on setting this up at my folks house
Sweet!
I'm curious about the way the kids VLAN is set up. If I set up the kids VLAN in this way, and block it from the rest of the networks (LAN, IPCAM, etc) would the kids' PCs be unable to connect to a minecraft server hosted on the LAN network?
Yes that’s exactly right. However you could allow them access to a specific IP on the LAN network if you wanted.
I have been trying to add my wifi cameras that are connected to a NVR to a vlan..Before i start should i take my nvr and cameras off of static ip address?Thank you
If your nvr and cameras already have IPs on the same subnet as the VLAN you created then it shouldn't matter. If the VLAN you created has a different IP space then switch them to dhcp. Or just make the VLAN the same subnet. up to you.
I'm new to all this and I'm working on updating my network at home and your videos have been very helpful, I wanted to ask how many wireless accounts you can have or create, if there is a limit.
There is no stated limit to the number of user accounts you can create. Do you mean wireless SSIDs or VLANS?
Thx for your respond, I meant SSIDs
It depends on the device.
I have all 4 same devices you have in the video
A quick Google search says 16. No idea if that’s accurate
Trying to find what is max switching throughput of ER605 when configured with 1xWAN and 2xLAN (think this is software switch)?
Have 700/100 link and want to configuration only with ER605 and 2xEAP245. But don't know that they can work full speed.
I really wish I could answer you man but networking isn’t my forte
You said you were enabling the guest network setting for the Guest SSID so it can't access devices on the other subnets. Does that setting also block access to other devices on its own subnet? If I want a roommate to have their own wireless network and subnet and allow their devices to see each other (but not devices on any other subnets), what settings are needed?
Oh I see now in the isolating section at 15:40.
Do i need to buy the tp-link vpn router for the omada setup to work? I already have a really good router. Don't want to replace it.
no. But you will be missing some features
Would you recommend a hardware based firewall for this setup?
If you are extra security conscious then yes. The current firewall has a bit of growing to do.
Looks good and great...
I need to know if i use it for home solution with one ssid and one password for all at home..doni need to use mesh..or i can use this to make one same ssid for all access points
They all use the same SSID and password
@@SPXLabs can u suggest which model i need to use for 10 rooms with APs having same ssid and password so client have signals every where without changing wifi connections or hard handoff...and can switch automatically
10 rooms in 3 floors villa
That’s outside of my knowledge and skill set sorry
Thanks for this video. Is there a way you can block P2P websites and downloading using an ER605? Thank you.
Just bought this exact setup and I need another small switch for the location where my pc, printer, scanner, are located. What Omada switch do you recommend that pairs well with 2210MP?
I think this would be pretty cool instead. It’s not a switch perse but it has 3 data ports and WiFi. Assuming you have an Ethernet cable in that same room as you. amzn.to/3pq3Ofy
@@SPXLabs Funny that you recommended that since that since I already bought one for another room in the house. If I needed more than 3 ethernet ports would the 2210P be a good choice? Kind of surprised that Omada doesn't offer a cheap 4 port for that reason.
Thanks for the response and great videos by the way.
Ahh okay. Well yeah I think the 2210p would be good on a desk. All the cables will be on the rear and the blinking lights on the front.
Stumbled onto this while researching/looking for APs for my home. I'm confused about the purpose of the Controller. Am I to understand that you need that to be able to configure your hardware? So each piece of equipment is "dumb" and unconfigurable without it? Just wondering. Seems like a pretty sweet setup but seems like an extra piece of equipment that I don't understand the purpose for. At for use at home. Personally, I'm looking for something very similar to what's in this video: A router to connect to the ISP, a switch for my wired hosts, and an access point with 2 ethernet connections to place downstairs (since my ISP is wired in upstairs). The ports on the AP would be to 1 connect to the LAN and the other to pass-through to (another switch) to my DirecTV and my TV set.
TMI I guess. Anyway, what's the point of the controller?
You don’t need the controller as each device can be manually configured. You can also download the controller software and host it on a computer at home. The hardware controller basically gives you a more easy and centralized place to manage and configure your devices. Savvy?
Hi, I think you have done an amazing job explaining the programming of the GUI and all the offerings that Omanda has with their new platform. I have installed several systems already.
The problem is, No one tells us how to separate the devices to the V-lans that you teach us how to set up. If I want to put all my IOT devices in a V-lan, I’m clueless. It seems it would be easy for a hard wired device, but not so easy with wireless.. Please advise.
BRB
Create a separate wireless network called XXXXXXX_IoT or something and assign the separate vlan to it.
Hi SPX, what would be the counterpart of Ubiquiti's DPI to Omada, if there is any? Thanks
I don’t believe there is one at this time.
@@SPXLabs thank you.
i has installed vmbase omada controller , added 24 MAC under single SSID but now recently added MAC id user unable to connect to SSID ..getting event logs as channel 1 because the Association times out.(1 time in a minute).please suggest
I’m sorry I don’t understand
How do you get the switch to be a device instead of a client. When I set this system up it ended up as a client ???
Hello, for the specific setup of those devices, do we need the specific router or we can proceed with the router of the ISP ?
You can use whatever hardware you want but certain features from the hardware will be missing. Each device from TP Link can operate in “standalone mode”
Sir i have a question.Is TP Link ER605 is safe to use for Starlink?
Why would it not be safe?
I've been given an omada setup, but my question is, what's the difference between the hardware controller and the wifi controller? I have the wifi controller, and I'm curious what I'm missing out on without the hardware controller.
I don't believe there is an Omada WiFi controller and if there is, well then it's obvious I can't help you considering I haven't heard of it.
@@SPXLabs yeah, I checked when I got home. It's a cloud controller. I think I was confused because my brain swapped "cloud" with "wireless"
Ahh okay. Hardware controller = local control. Cloud Controller = remote control. Hardware can also be controlled remote.
I got the Omada setup without a managed switch and I'm using the software Omada controller. Is there a way I can make a printer discoverable across all LANs? Right now if I'm on the Guest LAN with my Android, it does not find the Printer which is on the LAN network.
There probably is, I'm guessing you need to tinker with ACL policies and use IP's instead of VLANs. As in all VLANs can hit the IP of the printer.
@@SPXLabs I'll keep trying. A video on that would be appreciated 😉
Looks good. However, I am happy with my UniFi setup for now. Replaced the USG 3P with a Protectli Vault running OPNSense firewall/router. Also replaced the UAP-AC-PRO with the UAP-U6-Lite. Upstairs I have the UAP-AC-LR. It's been rock solid with zero issues.
I’m still rocking unifi as well
Hi and thanks for the video. I have a very simple setup, the ER605 acting as a router for my single home LAN. I'm going crazy not able to block a fixed IP device within my LAN from inbound/outbound internet (WAN) connection. How can I do this using the ER605 admin panel? I previously owned the TL-R600VPN and this was very easy to do, but the admin panel of the ER605 changed completely and can't understand the Firewall's Access Control menu . Thanks
After a quick Google search I found this. Have you seen or tried this? www.reddit.com/r/TPLink_Omada/comments/mphbix/can_i_allow_a_client_to_access_the_lan_but_not/
@@SPXLabs Thanks for your quick reply, I was just looking at that same link a few minutes ago, will try to follow it when I get home, but in that link the reply suggests to create the ACL rule at the switch or EAP level, not from the ER605, however since the ER605 is the only Omada device in my LAN I guess it has to be done from there.
Do you think I need to install/use the Omada Controller software in my simple set up? Maybe achieving this task is easier from the Controller than from the ER605 admin panel
In my experience, EVERYTHING is easier with the Omada Software. Standalone mode is convoluted and confusing to me. Just the other day I tried to enable DHCP on a switch in standalone mode and literally could not figure it out even though there was 1 check box to enable it and a handful of options to set. I never figured it out and just gave up after about 2 hours.
@@SPXLabs Yeah, I feel the same way, never installed/used the Omada controller software, but from videos I've seen like yours it seems the interface is much simpler. So should I install the Omada Controller (v5.1.7) or the Omada SDN Controller? Can I do it from my Windows PC ?
The Omada team needs to help the Standalone team lol. Downloading and running the Omada Software is possible on Windows. I would use the Omada software whenever possible.
Very informative. But can I add another router in one of the ports of Sg2210₱?
I'm sure you could add one just be sure to configure things appropriately.
Hi. Please make a video reviewing the wireless mesh of eap660hd with another and comparing their speed tests with the wired backhaul. Thank you
With a poe switch can you change a poe port to a normal lan port? because i have some poe ports i dont use and i want to change it to a lan port
They are already normal lan ports, there is nothing that needs to be changed.
I recently bought the ax3600 because I was giving an aruba hp poe+ switch from work. Its currently in standalone mode. Its the only tp link device I have. I shut off the wifi on my isp provided device. Speeds improved even on my 802.11ac devices. Only have one ax and its hardwired. Anyway, so I can do all the vlan stuff with the Omada controller then? Dont have to configure anything on the switch? Have no cameras or anything like that. Live with my parents still. Id like to restrict their wireless devices from my devices. I pay for our internet and handle all that stuff. My parents don't know much about tech. And if they ever get a virus I dont want it crossing over to my stuff. Especially my network storage I recently starting putting all my backups on. I wasnt going to do a controller because I only have one tp link device. But, it sounds like it may be worth hosting myself on the same machine that has my network storage. Its an old lenovo d30 work was throwing away. Dual exons and has 48GB of ram. Shame to let that device just be a nas. Haha thanks in advance for any help.
When setting up the Deny OC & Router group, is there a reason you didn't include the IP Camera and Guest networks? Wouldn't you want to deny them access to the controller and router IPs and ports, in addition to blocking the Kids network?
Yes you would, I didn’t follow through because I figured folks would just replicate the same changes to Kids to the other vlans.
@@SPXLabs OK, thanks! I just added them all in the same group. I didn't need a separate group for each subnet.
hi do you have video how to block wifi sharing in my er605 and oc200 wifi voucher thnks if you read my message..
I do not. Sorry.
@@SPXLabs thanks sir..
Trying to decide between the Omada router vs getting a custom router and running Pfsense on it. What are the pro's/con's for the omada router you have discovered?
Haven’t used it much. But every PFSense mofo on the planet will tell you PFSense over everything else. I run Ubiquiti daily
Seems like Omada routers does not support any LAG/LACP to switches, is that correct?
I have no idea
Can all this be mounted in a rack. I have yet to see that
I put mine on a rack mountable shelf.
Watching this at work, hopefully this helps when I try to troubleshoot it at home. I have everything connected, but it's weird because access point WiFi isn't connecting to the internet, so I think it's the VPN router. Oddly, I can only see one security camera on access point WiFi (even though it says it's not connected to the internet), so I think my other cameras might be connected straight to the modem, which is why I can see them on the modems wifi.
That's really odd. One thing you can do is create a ACL rule to disable the modem access to other subnets.
@@SPXLabs Thank you for replying. Last night I enabled bridge mode on my modem and that solved my problem, but I'm back to square one after resetting my modem to attempt to fix a WiFi security camera that just wouldn't connect. VPN router says it can't find the WAN IP address now (before it was a conflict that bridge mode solved). Back to the drawing board. 😮💨
Oh boy! That sounds like a good time
Can I use a Unifi access point with this setup?
You can use whatever you want as long as you don't expect Omada features to work with other manufactures Access Points.
Hey, so i have a question in regards to the vlan setup. So let’s say your kids are all connected to the kids vlan and your home printer is connected to an IoT vlan. How could the kids vlan communicate with the printer?
You can setup an rule in the ACL to allow that specific Address
@@SPXLabs Thank you! Can you do a video on how to setup a VPN on the ER605 router? I want to use IPVanish to mask the public ip when my kids are playing PS4 but have no idea how to go about setting that up.
I can certainly try but I can’t promise it will be anytime soon.
@@SPXLabs Whenever you can.
i read that the OC200 can only control 2-series APs. Not your 3-series AX one?
I have never heard of that but it definitely works for the EAP660HD.
@@SPXLabs awesome, thx
Can you use the AP without the controller?
Yes
Hi Stephano, Thanks for the video. Would you recommend deploying the Omada ecosystem to a medium size campus? I just inherited this IT position at the local non profit organization that also runs a school, small museum, and a gift shop. All in one area. Currently we have the Cisco Meraki ecosystem which we want to get rid off. Not because they are bad but the expensive recurring licensing fees that we are not crazy about. I'm also considering Unifi and Microtik for our budget friendly and license free replacement. Do you think Omada (or Unifi or Microtik) is a reliable solution?
I’m honestly not a network professional by any stretch of the words. I’m familiar with Ubiquiti and I feel like that’s a safe bet. I know of mikrotik and like their pricing but am not familiar in anyway with their equipment. I think Omada is fine but have no idea how good it is at scale. Sorry that I can’t be more helpful
@@SPXLabs Ubiquiti is currently my third choice after Microtik because of bugs and issues that I've been hearing. Also, a lot of their L2 poe switches are sold out. Hey man.. thanks for your respond and great video!
I don’t blame you. Also ubiquiti is expensive
If I were to run this set up without the Router and just use my Exisiting TPLINK Modem/Router (with wifi switched off) would there be any negatives?
Negatives. No. Most features can be accessed in standalone mode.
@@SPXLabs Thanks! Is there a way to stop a device taking the OC200 Static address if it goes offline and another device connects/restarts and takes it?
There are a few ways. You can do DHCP reservations, you can start the up range handed out by dhcp to be higher than what the OC is, and well you could just not use DHCP either lol.
Thanks for you help!
No problem
Does the ER605 have a DNS server, ER7206 doesn't?
Er605 does not have dns server
Can I do all this without the switch?
You can probably do most of the stuff shown but I'm not sure which features would be missing if you ditched the switch.
Wifi 6 ap hanging on a 1g link?
Does this work if you use the isp router instead of Omada? My isp does not support 3rd party routers.
Kind of, you will be missing some features.
@@SPXLabs Thanks. What about if you use the Omada router and a third party switch?
You can piece mill Omada all you want. As in have just a router or just an access point or just a switch. If you do that though I’m sure some features will be missing from your setup in the software controller but I don’t know which ones. All of the Omada hardware can be setup in standalone mode.
You can use 3rd-party router, just plug the router into the WAN port of the new router.
Is there a reason why my VLANS won't communicate with each other? I'm trying to ping from a machine on one VLAN to a machine on the main LAN and it wont work going either way. I know it was said in the video that all networks were able to communicate with each other by default, but mine aren't.
Firewalls maybe?
Im a newbie, what’s the purpose of assigning addresses?
Assigning addresses to VLANs or to the physical router, switches, etc?
after change the oc200 ip address to static, it doesn't work properly... everytime is offline
You can try accessing it from the fallback ip and see why the static ip might not be working
Hi Sir. I just got my ER7026 and OC300. I’ve been tinkering with it for a few days now. If I may ask, how come you needed to setup a rule under Network Security/ACL to restrict access between VLANs but you didn’t do it in the video below
ua-cam.com/video/sc5eNPjeygQ/v-deo.html
I noticed you didn’t setup network security but the vlan still wasn’t able to access the router and the controller. Could you help me sort out my confusion? Thank you so much.
Is there a router that will give me better vpn speed? The ipsec on this thing is only 42mbps
Thanks, very clear
Why would you need to create a new "AllVLANs" profile when you already have the existing "All" profile which has the tagged networks?
For me the idea was to show that the end user can still customize things to their hearts desires without relying on default everything. Not sure how this will actually translate to the real world though.
What is the Coverage Range of this AP in meters?
That information doesn't seem to be published anywhere. But in the real world it is heavily dependent on so so many factors.
Do you have to have the hardware controller?
I do. The OC200
Why do you have to? Would I have to if I just wanted this stupid in my home that’s pretty large?
You do not. They have 3 options, the cloud, the hardware controller, or their software running on a desktop
If you have issues adopting devices after changing the IP range, restart them, they will then not keep trying to access the original range dhcp.