Using the Omada SDN Controller to Manage Omada Devices Across Multiple Locations Via a VPN Connection (Controller 5.0 and Above)

Knowledgebase
Configuration Guide
Controller
VPN
05-05-2023
162

*Use Scenario:  Router A and the Controller are located in the HQ office.  Router B is located in a Branch Office.  Router A and B are connected to each other via a VPN Tunnel.  This guide will show you how you could use the HQ’s controller to manage the Omada devices in the Branch office.

Establish an IPsec VPN tunnel between Router A and Router B:

Note: In this example we assume Router A is an Omada Gateway with the Controller feature active and configured.  If your router is not an Omada Gateway you may need additional hardware to accomplish this task.

  • Configuration on Router A

Go to Settings > VPN > VPN, and click on the Create New VPN Policy button to create an IPsec rule for Branch Office:

Click on Advance Settings, then set up the parameters as desired.  Once this is completed, click on Apply.

  • Configuration on Router B

Enter Router B’s Standalone interface, go to VPN > IPsec > IPsec Policy, and click Add to create an IPsec rule for HQ.

Click on Advanced Settings, set up the parameter to correspond with what you have set on Router A.

Go to VPN > IPsec > IPsec SA to check if the IPsec VPN tunnel has been established successfully.

Go to System Tools > Controller Settings > Controller Inform URL, enter the Controller’s IP in the box, then click Save.

  • Pre-configuration for Router B on the Controller

Create a new site for Branch Office in the Controller.

Pre-configuration of WAN:

Go to Settings > Wired Network > Internet to configure the WAN override for Router B. The parameters should be the same as the Standalone mode.

  • Pre-configuration of LAN

Go to Settings > Wired Networks > LAN > Network to configure the LAN override for Router B. The parameters should be the same as the Standalone mode.

  • Pre-configuration of IPsec VPN

Go to Settings > VPN > VPN and click on Create New VPN Policy button to create a new IPsec rule with the same parameters set in Router B Standalone mode.

Adopt Router B on the Controller:

Since Controller’s IP has been assigned to Router B in the steps above, Router B will appear in the Controller’s Device list. Click the adopt button to adopt it, the pre-configured settings for WAN, LAN, and VPN that you just set will be sent to Router B automatically.

 

Go to Insight > VPN status > IPsec VPN to check the IPsec tunnel between Router A and Router B.

 

Manage Omada devices in different sites via different tools:

 

Method 1: Omada Discovery Utility

  • Select the devices to manage and click the "Batch Setting" button in the lower right corner.

  • Specify the Center IP as Controller IP, and enter the device’s Username and Password.

4) After settings succeed, the switch and AP will appear in the Controller Devices list.

 

Method 2: DHCP Option 138

 

  • Go to Settings > Wired Network > LAN > Networks to configure the DHCP settings  of Router B.

  • Click on Advanced Settings to display the DHCP Options list, find Option 138 and enter the Controller IP, then click Save.

  • Connect the Switch and EAP to Router B to obtain the IP via DHCP, the Controller’s IP will be sent to the switch and EAP via DHCP Option 138. After that, the devices will appear in the Controller Devices list with “PENDING” status.

Method 3: Web Management Page

  • Enter the switch’s IP on the browser to access its management page, go to SYSTEM > Controller Settings > Controller Inform URL and enter the Controller’s IP on the box, then click Apply.

  • Enter the EAP’s IP on the browser to access its management page, go to System > Controller Settings > Controller Inform URL and enter the Controller’s IP on the box, then click Save.

  • Wait for a while, the devices will appear in the devices list with “PENDING” status.

Method 4: CLI

For Switch:

  • Enable the SSH on Switch’s Standalone management page, then Click Apply.

  • Access the CLI of the Switch.

  • The commands for informing Switch of the Controller IP are as below.

enable

configure

controller inform-url 192.168.10.2

For EAP:

  • Enable SSH on EAP’s Standalone management page, then click Save.

2) Access the CLI of the EAP.

  • The commands for informing EAP of the Controller IP are as below.

xsetctrladdr “192.168.10.2:29810”

Wait for a while, the Switch and EAP will appear in the Controller devices list with “PENDING” status.

 

 

Please Rate this Document

Related Documents