@guillaumesoucy the controller won't allocate IP addresses. Your existing gateway will do that.

To do any DHCP allocation configuration In the controller you will need a tp link router like the er7206 or er605 adopted. Software or hardware controller it doesn't matter. 

@J4ce does the er605 can only give IP addresses using it's DHCP server to wireless access points?

My goal is to have wireless clients connected to Omada AP(s) having their own IP address pool, not sharing with other wired network hosts.

Other wired hosts need to get their IP from the ISP gateway.

  @guillaumesoucy I don't think that will work very well as you'd essentially be running 2 gateways both doing DHCP work. 

You can configure different IP ranges with different vlans in the controller, so everything would connect to the er605, but the wifi ssids can be associated to a vlan that gives different range to the wired devices. 

Example:

https://youtu.be/YziM0CB8v3U?si=Cv6kdBiJaYh4oElX

@J4ce 

J4ce wrote

  @guillaumesoucy I don't think that will work very well as you'd essentially be running 2 gateways both doing DHCP work. 

That was the plan to turning back off the DHCP from our ISP router. I know it could be very messy. :-)

I will explain a bit more my setup.

The ISP router has this address: 192.168.2.1

The Omada Software Controller has this address: 192.168.2.107 and it is a VM running on Proxmox Virtual Environments.

Does the controller need to be plugged into the ER605 LAN port? If yes, I will need a Omada Hardware Controller as I can't simply connect a VM to a ER605 LAN port as this is a VM. (Tricks exist but prefer not going there.)

I guess than EAPs need to be connected into the router as well. Right? Can I use regular unmanaged switches?

I don't mind to get a hardware controller, if absolutely required. We suffer for too much years from terrible WIFI now we're able to get to all corners of our property covered. No matter if it's inside, outside, roof top (if required), everywhere will be covered without loosing network connectivity. We have a big piece of land approximately 100' width by 200' depth in town (which is rare now). 

  @guillaumesoucy the controller needs to be on the same network as the er605 router. So a simple unmanaged switched connected to the router, and then the controller plugged into the switch is fine. Same with the EAPs they'll need to be connected to this network via the switch too. 

I do not see the purpose of the ISP router if you get an er605. Unless you put the ISP router in bridged mode and it is providing the wan connection only. 

The vm running the controller is fine. There's absolutely no need to get a hardware controller. They both would plug into the switch, or if no switch, plug directly into the er605. Either way need to be on the network. 

  @guillaumesoucy I'm reading it as if you have two separate networks? One where you have the ISP router being the gateway, and another where you have an ER605 as the gateway? I'm sort of guessing you have the WAN port of the ER605 connected into the ISP LAN? Meaning it has WAN 192.186.2.X and the LAN is something like 192.186.1.NN/24?? You then have the EAP225 on this network and the other AP's on the ISP router LAN??

Or am I completely misreading your information??

I'm guessing then, since the controller can see the EAP225, but not adopt it, you need to do a port forward in the ER605 so the controller can reach the AP. Check out the ports in this FAQ https://www.tp-link.com/us/support/faq/3265/  (8043, 29810 and 29814 if on v5.x.x). 

Regarding having wireless clients on a VLAN, your ISP router needs to support setting up VLAN's. If not, you need to get a router that does and retire the ISP router... 

  @Gblenn 

For now we'll just trying to make the EAP(s) adopted.

I will try to explain my setup.

Where APs are installed:

ISP router (required) (192.168.2.1)

-> all kind of wired devices (192.168.2.2-254)

-> wired router (IP: 192.168.2.216) (LAN IP of the wired router: 192.168.50.1-254) -> unanaged switch -> TP-Link EAP(s) (The one that I tried to confifgured had 192.168.50.58).

Where the software controller is installed:

Business ISP router -> core switch -> Virtualisation Host (software controller running off a VM).

Notes:

1. The controller is seeing the EAP and know it has 192.168.50.58 as local IP but, it fails showing public IP (I don't know if it is normal).
2. Port range TCP-UDP 29810-29814 are fowarded to the software controller IP where the software controller is hosted.
3. At the EAP(s) site: Tried to forward UDP port 29810 to the wired router's WAN IP: 192.168.2.216 and then in the wired router forwarding UDP port 29810 to the EAP IP 192.168.50.58 .
4. The reason of the wired router is, due to the amount of machibnes we have on the network, we need a different local IP range for wireless devices.
5. Even without the wired router, it is not working, the controller always states that the AP fail to respond to adopt command.

Thank-you, I apreciate the help.

  @guillaumesoucy 

Ok, so the setup for the Omada related units is like this? :

Internet (Public IP) - ISP Router (LAN 192.168.2.0/24) - Omada Controller(192.168.2.???) - 2nd Router (LAN 192.168.50.0/24) - Multiple EAP's (192.168.50.N-NNN)

First of all, the Omada Controller has no way of knowing your public IP, unless it can get this information from the router. And as you are using the ISP router this will not happen, so yes it's normal.

Port forwarding is done in the direction of WAN to LAN, meaning that you point it towards an IP on the LAN side. So when you say that ports 29810-29814 are forwarded to the software controller IP, I don't see how this has been accomplished? The wired router (ER605) can only forward ports towards 192.168.50.0/24 range, not up to the WAN.

To adopt a single EAP you then have to forward all required ports (28910-28914) to the IP of that EAP. 

However, as you have multiple EAPs on that LAN, and you can only forward any given port to one of all those EAP's, you have to do things a bit differently.

There is a tool called EAP Discovery Utility which you can use. This can run on a PC or a Mac which needs to be on the same network as the EAP's (192.168.50.0/24). Let's say you put this at IP 192.168.50.10. On the 2nd router you then do your port forward of 29810-29814 towards 192.168.50.10.

In the discovery utility you set things up so that it knows the IP of the controller (192.168.2.???) as well as user name and password (default is admin/admin).

Now the Omada controller will talk to the discovery utility instead, which will in turn "distribute" the communication to all the AP's in that network.

The other solution would be to move the controller over to the same LAN as all the AP's. 

You mention that you run the software controller on Proxmox. If that machine has multiple physical ports, or you can add a network card to that machine. You can dedicate a port to the VM running the Omada Controller, and connect it to the LAN side of the ER605. You will have to forward port 8043 towards the controller, so you can access the UI from the ISP router LAN. I would suggest to forward port 22 as well so you can manage the VM with some nice TTy tool, for sw updates etc. Unless you want to do that from the Proxmox UI.

So with this setup, the Proxmox machine and all the VM's are still running in the same LAN as before, except the Omada Controller VM which is located in the 192.168.50.0 network.