Sanity check for EAP setup
Hello all,
Kindly asking for a sanity check for the below before to pull the trigger on some units.
I will have a fleet of EAP225 which will need to carry two wifi ssid; say GUEST and STAFF.
Will I be able to trunk 3 VLANS: V_GUEST, V_STAFF, V_MANAGEMENT to these devices and then use ssid GUEST on V_GUEST, ssid STAFF on V_STAFF and assign a management ip to the device (to use the standalone mode webgui) on V_MANAGEMENT? I expect that people on V_GUEST or V_STAFF won't be able to access the webgui and have complete isolation of the three vlans (meaning the EAP unit shouldn't break that).
A second question, in case I run these without the "omada controller", what can't I do? as far as I understand I can do pretty much everything on the standalone gui (with the understanding that I will need to do it on every device).
Thanks a lot!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
joe-wifi wrote
- I can add also a management VLAN and assign an IP to the EAP of this VLAN and manage it only via this VLAN? (webgui, ssh, etc)
- wifi clients won't be able to access the webgui of the EAP (standalone)
Yes and yes.
Regarding the second point, looks to me by reading your FAQ that most of what is needed for basic usage does not require the controller.
Yes. For basic usage you don't need the controller.
Also, say I use the controller.. Could you confirm I will need to "discover" my EAP from the VLAN_MANAGEMENT? if both controller and eap are on VLAN_MANAGEMENT no need for the discovery tool, otherwise I will need to use it.
Yes, you have to discover the EAPs from the Mgmt VLAN. Before setting the Management VLAN in an EAP, your switch port needs to be an untagged member of the Mgmt VLAN and needs to assign untagged traffic coming from the EAP to the Mgmt VLAN. After setting the Management VLAN in the EAP, the switch port needs to be changed to a tagged member of the Mgmt VLAN.
In the FAQ it's written SSH .. is there a documentation about SSH commands which can be used to configure the EAP in standalone mode via SSH?
SSH access is not meant to be an interface for configuration of the EAP, it's just for debugging purposes. Since EAPs run an embedded Linux system, you find a subset of Linux commands there, but you cannot make configuration changes nor run any commands with administrative permissions.
You need to use the web UI for configuration and monitoring in stand-alone mode.
- Copy Link
- Report Inappropriate Content
Dear @joe-wifi,
Will I be able to trunk 3 VLANS: V_GUEST, V_STAFF, V_MANAGEMENT to these devices and then use ssid GUEST on V_GUEST, ssid STAFF on V_STAFF and assign a management ip to the device (to use the standalone mode webgui) on V_MANAGEMENT?
Why not? The EAP225 supports Multi-SSID and Wireless VLAN, both can be configured and working in Standalone mode.
With wireless VLAN, the Omada EAP can work together with the switches supporting 802.1Q VLAN. Traffic from the clients in different wireless networks is added with different VLAN tags according to the VLAN settings of the wireless networks. Then the wireless clients in different VLANs cannot directly communicate with each other.
To get the Wireless VLAN working, make sure the Router supports trunk VLAN as well. Here is an instruction for your reference.
How to Configure Multiple SSIDs with Multiple Subnets on EAP products
A second question, in case I run these without the "omada controller", what can't I do? as far as I understand I can do pretty much everything on the standalone gui (with the understanding that I will need to do it on every device).
EAP in Standalone mode has limited features, so we recommend using Omada Controller for configuration with more advanced and stable features. To learn more about what functions are required the Omada Controller, please click this FAQ.
If you are interested, watch the Setup Video for <A Quick Overview of EAP Management Methods>.
- Copy Link
- Report Inappropriate Content
Thank you @Fae for your reply!
Regarding the first questions I wanted further confirmation that (better safe than sorry!):
- I can add also a management VLAN and assign an IP to the EAP of this VLAN and manage it only via this VLAN? (webgui, ssh, etc)
- wifi clients won't be able to access the webgui of the EAP (standalone)
Regarding the second point, looks to me by reading your FAQ that most of what is needed for basic usage does not require the controller. Which I hope is the case because this is the only reason I am considering EAPs instead of ubiquity which on the other hand require the controller.
Also, say I use the controller.. Could you confirm I will need to "discover" my EAP from the VLAN_MANAGEMENT? if both controller and eap are on VLAN_MANAGEMENT no need for the discovery tool, otherwise I will need to use it. However no discovery is needed (or make sense) from the VLAN_GUEST or VLAN_STAFF ?
In the FAQ it's written SSH .. is there a documentation about SSH commands which can be used to configure the EAP in standalone mode via SSH?
Thanks!
- Copy Link
- Report Inappropriate Content
joe-wifi wrote
- I can add also a management VLAN and assign an IP to the EAP of this VLAN and manage it only via this VLAN? (webgui, ssh, etc)
- wifi clients won't be able to access the webgui of the EAP (standalone)
Yes and yes.
Regarding the second point, looks to me by reading your FAQ that most of what is needed for basic usage does not require the controller.
Yes. For basic usage you don't need the controller.
Also, say I use the controller.. Could you confirm I will need to "discover" my EAP from the VLAN_MANAGEMENT? if both controller and eap are on VLAN_MANAGEMENT no need for the discovery tool, otherwise I will need to use it.
Yes, you have to discover the EAPs from the Mgmt VLAN. Before setting the Management VLAN in an EAP, your switch port needs to be an untagged member of the Mgmt VLAN and needs to assign untagged traffic coming from the EAP to the Mgmt VLAN. After setting the Management VLAN in the EAP, the switch port needs to be changed to a tagged member of the Mgmt VLAN.
In the FAQ it's written SSH .. is there a documentation about SSH commands which can be used to configure the EAP in standalone mode via SSH?
SSH access is not meant to be an interface for configuration of the EAP, it's just for debugging purposes. Since EAPs run an embedded Linux system, you find a subset of Linux commands there, but you cannot make configuration changes nor run any commands with administrative permissions.
You need to use the web UI for configuration and monitoring in stand-alone mode.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 984
Replies: 4
Voters 0
No one has voted for it yet.