OC200 Purchased
I am thinking about implementing the Omada OC200 cloud acces in to my network. Im in the learning process with this controller .
My network
ISP Gateway
Pfsense>Firewall /Router created with all Vlans that are working in all 3 Buildings on my Property.
Main Building
Switch 1 SG 3428 Main Switch
Switch 2 SG 2428P POE for Vlan 50.xxx Cameras
2-EAP610 1 hidden for Admin Lan 1.xxx. 1 for IOT Vlan for Staff 100.xxx
Building 2
Switch3 SG 2428P
Switch4 SG 1218POE Vlan Cameras 50.xxx
1EAP 613 Vlan access for Staff 100.xxx
1 Pharos CPE510 as AP to Building3 CPE510 Client
Building 3
Pharos CPE510 Client
Switch5 SG2428P Cameras VLan 50.xxx and Vlan 100.xxx IOT
1. Most important question>> If I adopt all my switched and EAP's will everything that is adopted loose all its configs?
A. Vlans? B. Static IP addresses? (Will I have to start from ground 0 and rebuild everything in the OC200 Controller?)
If rebuild has to happen, How do I go about doing this?> implement Vlans in OC200 <Link Documentation Please> and leave Pfsense Firewall/Router in place.
Thanks for any and all HELP!!
Big_12ms
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@d0ugmac1 Ok Got everything back up. I can see all APs and switches. It was a port assignment like you said, CORRECTED.
Ok so do I keep Pfsense Firewall/Router(Default IP 1.1) in DHCP mode and remove Vlan setup so the Controller can handle everything? I havnet adopted anything in the controller at this point. Looking for advice before taking everything down.
- Copy Link
- Report Inappropriate Content
I think I would make sure the current network plan is consistent with the future controller-owned network plan.
Oh and Don't update any more firmware until you are done the migration!
Your easiest path is to emulate an out of the box Omada gateway-switch-AP. So that would mean:
Management Subnet: 192.168.0.0 / 24
Management VLAN: VLAN ID 1, untagged
Router IP: 192.168.0.1
You then need all Omada devices on the 192.168.0.0/24 subnet, to do that typically they are connected to an upstream port which belongs to VLAN 1, and where VLAN 1 is untagged on that port. Each of those ports can also optionally belong to one or both of VLAN 50, tagged and VLAN 100, tagged.
Once your Omada device is reachable via a 192.168.0.X address (I'm assuming your Pfsense box will hand out IP's via DHCP...you can fix/reserve them later) then you can try to adopt it. Let's say you have an AP, it's address is 192.168.0.101 and your controller has an IP of something like 192.168.0.100 (they'll both be different I'm sure, doesn't matter).
I am assuming here that you have already ALSO defined in the controller subnets 192.168.50.0/24 and 192.168.100.0/24 which will belong to VLAN 50 and VLAN 100 respectively.
I further assume that you have created SSID50 and SSID100 and mapped them to VLAN50 and VLAN100 respectively.
I continue to assume that the port the AP is connected to is a member of VLANs 1,50,100 with its PVID set to 1
Lastly, you have create a Wifi Profile which has both SSID50 and SSID100
You should now be able to request to adopt that one AP. You will need to provide it's current admin credentials after the initial adopt attempt fails. Once you enter the creds, the adoption should flow through the adopt/config/provision/online steps. You now need to ADD the Wifi Profile to this AP before it will broadcast any SSIDs.
Once the AP is broadcasting, try to attach to say SSID50. Once authenticated, you should receive an IP from the subnet that VLAN50 is attached.
Test for functionality.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Ok, it looks like you are going forwards with your management subnet being 192.168.1.0/24. This is ok, I do run some sites on IP's other than the default subnet, but it's easier when adding or reseting devices if your default LAN is 192.168.0.0 instead of 192.168.1.0 as it is currently.
If you aren't in production, then you can change the subnet on the pfsense from 192.168.1.0 to 192.168.0.0, and force all devices to re-IP with a 192.168.0.X address....if you are production you can forge ahead with 192.168.1.X addresses.
- Copy Link
- Report Inappropriate Content
This is where you would change it, but you will cause outages for 5-10min as everything reconverges/re-IPs. Choose wisely :)
- Copy Link
- Report Inappropriate Content
If you don't change the Pfsense...then you need to redefine your Omada LAN to match the Pfsense...
ie below would need to change to 192.168.1.1/24
- Copy Link
- Report Inappropriate Content
@d0ugmac1 Ok lets for the moment we leave Pfsense to 1.1. No issus there. I guess my question Which 1 will handle the DHCP side of Vlans ? Of Course as of right now Pfsense/Router does all of that. If I enable Vlans on Contoller which is what I want to Do, Ill need to cutoff all Vlan setup in Pfsense router correct? and let the OC200 handle That. Pfsense will do just DHCP the 1.1/24 subnet. Then I can apply all rules/ACLs needed on the controller Correct? I know Im going around the world here!! butIll be back in an Hour and half I Drive a bus
Thanks @d0ugmac1
Big_12ms
- Copy Link
- Report Inappropriate Content
Nope, you double configure everything. So leave Pfsense exactly how it is, and we're going to use the controller to make the rest of the Omada kit dovetail seamless with the existing configuration of the Pfsense, and ideally re-create the switch and AP configs exactly...just via the controller this time.
Your Pfsense will still continue to do all the routing, the DHCP, possibly some ACL stuff, but it's config will plug nicely into the socket that is Omada (so don't expect to do any DHCP reservation, or WAN failover stuff via the controller...that would only work with an Omada gateway)
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1912
Replies: 27
Voters 0
No one has voted for it yet.