@spotlizard 

The point of Omada is that all configuration is done from a central controller, which then manages an arbitrary number of switches/WAPs (limits depend on resources of the system the controller is running on but hundreds to thousands) and optionally a router per site as well, or you can bring your own. Everything is configured and monitored in one place, hence why this sort of design is often referred to as a "single pane of glass" network management. You can setup VLANs/SSIDs and they'll be distributed automatically to all managed devices. DHCP/DNS settings, firewall rules etc are done only in one place not per switch (without getting into layer 3 switching which you definitely don't need to think about at this point). This can be on a third party router or an Omada one. Many of us run our own routing/gateway/network services on something else, but most people just run the entire Omada stack for simplicity and that's probably what would be best for you. Get rid of Asus, have your Cable Modem in bridge mode, and feed that right into an Omada router and then to switches downstream and then WAPs attached to those.

 

 

You can add whatever switches and WAPs you like on any floor. The switches will require power, the WAPs will work off of PoE so long as you have it on a few switches (and it's not at all expensive). If at all possible I'd definitely recommend hardwiring your WAPs, I doubt you'd need more than 2 if that even at three floors. Each WAP supports 8 SSIDs per band, but you will only need a fraction of that, typically 2-4 ("main", "IOT", "guest" is the typical buckets) because VLANs can be dynamic on any given SSID. If you do run one WAP per floor be careful to adjust power down and manually set them all on different channels, you don't want to just leave everything pumped to max. There is the option to mesh, but it sounds like you have ample ethernet run already anyway and there's no reason not to take advantage of that. You do not tag traffic between switches or WAPs in general, only to clients.

 

As far as assigning VLANs to devices, you've got many options in a managed network. Ports on switches can be assigned profiles tagging all traffic as you say. On WiFi, you can also take advantage of Omada's "PPSK" networks, which essentially are a network that looks like a normal WPA2-PSK, but at the WAP level can have 256 different passwords where the password itself is linked to a given VLAN. So a connecting client will have its traffic tagged based on the password it supplies. This is great for IOT devices which typically have mediocre old WiFi chipsets, to them it looks like a totally normal network, but then they get shunted where you wish. You can assign VLANs by MAC address, but I'd consider this outdated vs PPSK. A final option on both WiFi and switching is to setup RADIUS authentication, which allows more secure modes but is a bit more complex and has more limited support.

 

 

Be aware (this is nothing Omada specific) that when you have IOT isolated to its own subnet(s) you may have to go to some effort to have it work, and there isn't any set formula there since some stuff is weird. A lot of it uses mDNS multicast for discovery, which does not normally travel between networks, so you'll need an mDNS repeater of some flavor (or bridging but that's another topic). Omada can do this itself if you're also running one of their routers. Lots of 3rd party ones can as well, but it's something you'll need one way or another. Then there will be firewall rules, depending on how locked down you want things to be.

 

 

As far as what devices to get, I'll recommend McCann Tech's comparison chart (just google/ddg for "mccann omada comparison charts") as a good digestible graph of all the different router/switch/waps Omada offers. But you don't need to overthink it is starting out either, Omada is very reasonably priced and again a core part of the value of a centrally managed SDN is that you can experiment with your network quite easily and try things out then see how they work which is great for people getting into it.

 

You'd probably be best off with a middle of the road ER7206 router to start you off. For switches they cover a lot of different budgets and PoE options so just take a look at the charts. If you have multiple ethernet jacks per floor with all cables going to the bottom in one place, you may be fine with having that 24 port be the only switch with PoE, so perhaps an SG2428P or an SG3428MP, and using cheaper non-PoE 16 port switches (SG2218) for the other floors. You can also consider options like have 2x 8 port switches per floor, one with and one without PoE. Since you're centrally managing everything, this isn't actually any more effort. Just keep in mind you'll have that kind of flexibility. For WAPs the price range on the WiFi 6 models is pretty narrow at small numbers, ranging from $100 to $150 (or $180 for a high density model you almost certainly do not need). Even the entry EAP610 is a very decent performer, your call on that one. The primary difference between them is having 160 MHz support (probably not useful to you particularly not with so many WAPs close together) or 4x4 instead of 2x2 MIMO streams (this is mostly useful with a very few clients that have more then 2x2, like Apple's MBPs with 3x3).

 

If you've already got your own self-hosting infrastructure, something you run VMs on or Docker or whatever, you can just run a controller on that. It's straight forward to get up and running and free. If you don't or want something dedicated, the OC200 and OC300 are basic stand alone controllers, essentially simple single board computers. OC200 is fine for your scale and will run right off of PoE itself, so you can just plug it into a port on your switch.

 

 

So: Cable Modem <--> Bottom floor: ER7206 <--> BF: SG2428P|SG3428MP (OC200 optional, or your own controller) <==> upper floors: SG2218+EAP610, or SG2008x2 or as you wish.

 

Good luck with your journey.

 

  @sonaric 

 

Thank you SO much for the prompt and detailed response. It is extremely helpful.

 

i just wanted to clarify one thing regarding VLANs. If I've understood you correctly, I only need to configure them once, let's say on the downstairs switch. Then, on the switches on the other floors I just need to tell them which ports are members of which VLAN and the rest will take care of itself?

 

Regarding the router, do you know if TP-Link has any plans for a device offering higher speeds than 1Gb? Right now my ISP gives me 1.4Gb down and my Asus router can go up to 10Gb?

 

once again, my sincere thanks for all your help

  @spotlizard 

i just wanted to clarify one thing regarding VLANs. If I've understood you correctly, I only need to configure them once, let's say on the downstairs switch. Then, on the switches on the other floors I just need to tell them which ports are members of which VLAN and the rest will take care of itself?

 

No, you don't configure anything on the switches (or WAPs) at all, you use the Omada controller. I'd suggest going and reading the getting started on that or an article or watching a video, however you prefer to consume these things, but the whole mindset here is different. There is a single central place where you configure all your networks, rules etc, then you adopt various switches and WAPs to that and it will automatically deploy all the network wide stuff to all of them. You can then afterwards dive down into specifics, like overriding a specific port on a specific switch, or manually setting which channels a WAP radio uses, but the overall setup is something you configure in the controller not at the hardware level. The overall approach is "software defined networking" (SDN), and is a core advantage of using something like Omada (or others).

 

 

 

So you can just plug in the router/switch/controller, set up your networks, add on more switches and WAPs, make changes to VLANs as you wish, and it'll all stay updated. You can override (or remove overrides) on specific ports on switches as you want afterwards, or reconfigure SSIDs on the fly or whatever else. It's a decent system.

 

Regarding the router, do you know if TP-Link has any plans for a device offering higher speeds than 1Gb? Right now my ISP gives me 1.4Gb down and my Asus router can go up to 10Gb?

 

Go read the charts I told you to go read, and your question would be answered :). Yes they do offer one already, the ER8411, but since you didn't mention you had greater then 1G needs I didn't suggest it due to the extra cost. If you want to take advantage of that wired you'll need not just the router but also a switch that has at least a few >1G too, which will cost more, and if on top of that you also want more to WiFi again you'll need to pick appropriately with 2.5G ports. TP-Link does offer options for all of that, it just costs more. Although honestly for WiFi almost zero clients, even theoretically, can reach even 1G let alone more (don't be deceived by marketing numbers) so I wouldn't worry about it there just yet. Maybe in another few years when WiFi 7 is starting to get more widespread.

 

I do run 10-100G myself, but only on two core switches, elsewhere 2.5 or 1G (or less) is fine. You'll have to pick that based on your own applications, but having only the router and core switch be capable of more may be fine for you. I'll note as well that I run my 10G and faster over fiber or in some cases in the rack DAC twinax. If you want to run 10G over plain ethernet copper you'll need decent cable and low enough interference. If your house has that and it was qualified you may be set, but if you don't know you'll have to test it. At your network core none of that is an issue, but if you wanted 10G from there upstairs to your other floors something to check out. If you already have 10G capable switches everywhere along with your router then ignore all that clearly you're already set.

Hi, Once again, thank you so much for your reply. On first reading I missed the reference you made to the comparison chart. I have now reviewed that and it was very helpful. I now know what I need to make everything work :) Thank you also for clarifying the VLAN configuration. I'm old school, so I'm used to VLANS being configured on a switch and the switch controlling everything, so it was hard to divorce myself from that line of thinking but what you said makes perfect sense and having a controller do the heavy lifting makes life a lot easier. I hope to start purchasing the equipment soon and am looking forward to getting this all set up. Best regards.

  @spotlizard 

Definitely takes some getting used to and a different mode of thinking the first time, but it's a nice way of doing things in practice. Good luck with your deployment!