Site Branch without Switch. Will it work?
Hi all,
I have an OC300 + ER605 + SG3428X + 2xEAP653 in the Main Branch and I'm planning to have ER605 + 2xEAP245 on the Small Branch.
The 2 will be connected through VPN (if I will be able to make this happen! :D).
Now, my question is: do I need a switch?
My intent is to connect the first EAP245 to the ER605 via Ethernet and the second EAP245 via Mesh, controlled by the remote OC300 controller, which is in the Main Branch.
Is it doable? And is it doable without a switch?
Thank you,
Fra
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Assuming you are powering the APs via some method other than a POE switch then maybe. Why maybe, read on.
The Omada 'stack' as I call it consists of a gateway+switch(es)+AP(s), and this forms a 'site', one or more of which can be managed by a controller.
To manage a remote site, it needs to access its controller over the internet, not a site-site VPN because that would create a situation where one Omada gateway sits below another Omada gateway and the controller has no idea what to do with that. As an example of how well this doesn't work, I actually have a site-site VPN tunnel between two of my sites, each running a local controller, and neither controller is even remotely aware of the other devices at the far end of the tunnel. I believe this is because the broadcast traffic (used by omada for discovery/adoption) is not 'invited' to cross the VPN tunnel.
To make this work, at least in a way I have made it work before, your remote site needs to be able to 'find' your controller on the internet. Normally this is done by having a static IP/domain or DDNS assigned to the primary site.
The actual mechanics can be done 2 ways and either way will need ports 27001-29814 to be forwarded to the controller via the primary router.
-
set devices up locally to controller and add them to a site before sending them to final destination, configuring the URL for the home controller on them
-
at remote destination, log into each device, and enter the public ip of the controller in the controller section on each device(usually in system>controller settings)
Read this: https://www.tp-link.com/no/support/faq/3087/
- Copy Link
- Report Inappropriate Content
I was trying to follow this FAQ:
https://www.tp-link.com/it/support/faq/3640/
But without a switch on the smaller branch.
Let me read your link...
Thank you,
Fra
- Copy Link
- Report Inappropriate Content
I have read it and I think that FAQ is before the FAQ I mentioned and uses the Port Forwarding method instead of IPSec VPN tunnel, but it's almost the same thing, conceptually speaking. It connects 2 sites with Public Static IP.
My problem is understanding if ER605 is sufficient to drive 2 EAPs in Mesh mode.
If not, at least one EAP.
Thank you,
Fra
- Copy Link
- Report Inappropriate Content
The ER605 has zero POE output...so either power the APs via DC wall adapters, or POE injectors, or a cheap POE switch, or for full functionality an Omada capable switch like the SG2210P or SG2008P or SG2005P-PD
One problem with the FAQ's VPN method is that TPlink's B2B IPSEC connectivity requires (or at least used to require) public static IP's at both ends and also didn't work over Starlink (ESP filtering).
The port forwarding approach does work and only the controller end needs to be static OR Dynamic DNS if you get a dynamic public IP; and with only 3 devices, configuring the URL on the router and two APs is pretty easy. My recommendation would be to set them up initially as all wired devices, then disconnect one of the APs and within a few minutes of powering it back up, you should see it announce as ready for adoption.
- Copy Link
- Report Inappropriate Content
Sorry, I missed to say that I have:
- POE adapters for both
- Public Static IP at both ends
Ok! I will try that approach! :)
Anyway, if it doesn't work, I will buy a cheap Switch, like TL-SG2008. That should complete the suite for sure, I hope!
Thanks a lot,
Fra
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 540
Replies: 5
Voters 0
No one has voted for it yet.