OC200 Purchased
I am thinking about implementing the Omada OC200 cloud acces in to my network. Im in the learning process with this controller .
My network
ISP Gateway
Pfsense>Firewall /Router created with all Vlans that are working in all 3 Buildings on my Property.
Main Building
Switch 1 SG 3428 Main Switch
Switch 2 SG 2428P POE for Vlan 50.xxx Cameras
2-EAP610 1 hidden for Admin Lan 1.xxx. 1 for IOT Vlan for Staff 100.xxx
Building 2
Switch3 SG 2428P
Switch4 SG 1218POE Vlan Cameras 50.xxx
1EAP 613 Vlan access for Staff 100.xxx
1 Pharos CPE510 as AP to Building3 CPE510 Client
Building 3
Pharos CPE510 Client
Switch5 SG2428P Cameras VLan 50.xxx and Vlan 100.xxx IOT
1. Most important question>> If I adopt all my switched and EAP's will everything that is adopted loose all its configs?
A. Vlans? B. Static IP addresses? (Will I have to start from ground 0 and rebuild everything in the OC200 Controller?)
If rebuild has to happen, How do I go about doing this?> implement Vlans in OC200 <Link Documentation Please> and leave Pfsense Firewall/Router in place.
Thanks for any and all HELP!!
Big_12ms
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
The controller will let you set up ACL at Gateway/Switch/AP. You will be most successful implementing your ACLs at the Switch level. Your Pfsense will ignore anything you try to do a as a Gateway ACL of course!
Also, your camera POE switch #4 is 'dumb switch' so it should be plugged into a smart port on switch #3 (and all policies/vlans/acls on that port will then apply to every port on Sw#4 at least wrt the rest of your network)
- Copy Link
- Report Inappropriate Content
Ok everything adopted and works well .
I changed OC200 to Ip 192.168.1.XXX.. Everything works on that subnet 1.xxx. Once I create Vlan Interfaces and wireless Interface, The OC200 Controller becomes very unstable and starts shutting down switches. I get heartbeat and disconnected issues. The Vlans have not been activated. If I activate a vlan on 100 and set the profile to the correct Tagged port and Untagged port. Even setting the port assigment Loses internet all together Things go haywire. The controller disconnects itself from the network and lose all connectivity. I have to manually reboot the controlller to bring it back up. I NOT DOING SOMETHING RIGHT. i HAVE EVERYTHING WORKING ON THE SUBNET 1.XXX its the only way to have interent.
Any suggestions.
Im not convinced that I need to use this controller. Before adopting all switches and APs never missed a beat. Been in place for over a month before using controller
- Copy Link
- Report Inappropriate Content
Going to take this as progress :)
At this point probably need a little more detail about which device is connected to what. The controller can build this Topology map for you graphically once devices are adopted, and you can turn on Labels, to get more detail like port numbers. However, perhaps this following will be more immediately useful to you.
It looks like you have a number of interfaces defined on the Pfsense router. Presumably these interfaces can be configured as Access or Trunk physical ports, the difference being that if a port is say an access port for VLAN 30, then it is a member of VLAN 30 and 30 is set as the PVID (meaning any untagged traffic is treated as belonging to VLAN30 and will get an IP from the VLAN 30 subnet via its DHCP server).
However, Omada works more with trunk ports, which means a single port on the router connects to a single port on the first downstream switch. The router port MUST be configured with all necessary VLANs, ie all VLANs used by any device below the router (so, 1, 50,100,200 and maybe 30) and the PVID will be set to VLAN 1 meaning that 192.168.1.X subnet is untagged, and traffic on the all the other subnets is tagged appropriately. The connection at the downstream switch will be configured automatically by the OC200 so that it is also a member of VLANs 1,50,100,200 and it's PVID is set to 1 (so again VLAN1 traffic is untagged). It is CRITICAL that all ports servicing Omada controlled device downstream are also a member of VLAN1 (but the controller should take care of this automatically once the switches are adopted).
Now let's look at the case of a downstream AP which is configured with two SSIDs, one for IOT and one for Management. This AP now needs access to subnets 192.168.1.x, 192.168.100.x and 192.168.200.x via VLANS 1, 100 and 200 respectively. So the port the AP connects to is configured as a member of those 3 VLANs (1,100,200) and its PVID is again set to VLAN 1.
One thing to consider in all of this is that the trunk port on the Pfsense router needs to be able to deal with all the VLANs arriving from the master switch immediately below it.
- Copy Link
- Report Inappropriate Content
Ok would it not be better to allow the Controller to handle all vlans and let Pfsense handle just DHCP ?? as router only
At this point probably need a little more detail about which device is connected to what. The controller can build this Topology map for you graphically once devices are adopted, and you can turn on Labels, to get more detail like port numbers. However, perhaps this following will be more immediately useful to you.
It looks like you have a number of interfaces defined on the Pfsense router. Presumably these interfaces can be configured as Access or Trunk physical ports, the difference being that if a port is say an access port for VLAN 30, then it is a member of VLAN 30 and 30 is set as the PVID This is How I had it setup on Switch prior to Controller
(meaning any untagged traffic is treated as belonging to VLAN30 and will get an IP from the VLAN 30 subnet via its DHCP server).
However, Omada works more with trunk ports, which means a single port on the router connects to a single port on the first downstream switch. The router port MUST be configured with all necessary VLANs, ie all VLANs used by any device below the router (so, 1, 50,100,200 and maybe 30) and the PVID will be set to VLAN 1 meaning that 192.168.1.X subnet is untagged, and traffic on the all the other subnets is tagged appropriately. The connection at the downstream switch will be configured automatically by the OC200 so that it is also a member of VLANs 1,50,100,200 and it's PVID is set to 1 (so again VLAN1 traffic is untagged). It is CRITICAL that all ports servicing Omada controlled device downstream are also a member of VLAN1 (but the controller should take care of this automatically once the switches are adopted).
Now let's look at the case of a downstream AP which is configured with two SSIDs, one for IOT and one for Management. This AP now needs access to subnets 192.168.1.x, 192.168.100.x and 192.168.200.x via VLANS 1, 100 and 200 respectively. So the port the AP connects to is configured as a member of those 3 VLANs (1,100,200) and its PVID is again set to VLAN 1.
One thing to consider in all of this is that the trunk port on the Pfsense router needs to be able to deal with all the VLANs arriving from the master switch immediately below it.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@bigal_12ms you have to manage the vlans on both devices and they have to match exactly. This is the downside of splitting the omada/3rd Party between router and the rest of the devices.
- Copy Link
- Report Inappropriate Content
You are RIGHT!! I got so Frustrated (ALL ME) I hate when I miss something. I need to take a couple of days off from this and come back to it. Im gonna make it work with the controller. Hang in there with me so I can LEARN Brother.
Be back on Wednesday to try again
Thaniks Again @d0ugmac1
Big_12ms
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1929
Replies: 27
Voters 0
No one has voted for it yet.