Omada Controller 3.1.4 (Windows) has been released.
Omada Controller 3.1.4 (Windows) has been released.
Dear friends,
We are glad to share you that we have published Omada Controller 3.1.4 (Windows), which mainly adds Guest Network/Merge 2.4G and 5G SSID/Radius Accounting/API changes of Radius Portal.
You can download Omada Controller 3.1.4 (Windows) at the following link:
https://www.tp-link.com/en/download/EAP-Controller.html#Controller_Software
1. Guest Network
We change SSID Isolation as the Guest Network. With the Guest Network enabled, the devices connected in the same SSID of the same AP cannot communicate with each other, and guest network will block clients from reaching any private IP subnet.
2. Merge 2.4G and 5G SSID.
Omada Controller 3.1.4 merges the 2.4G and 5G SSID. The SSID on different radio band with the same name will be regarded as an identical SSID entry. When you upgrade your controller and restore the backup files from the controller with the version 3.0.5 or below, the SSID entries will be changed to the parameters of the original SSID on the 2.4GHz radio band.
3. Radius Accounting.
If we select WPA-Enterprise encryption when creating an SSID, we can enable Radius accounting to count the traffic of the client. With this feature, the user can be billed accordingly, and it can also be used for statistical purposes and general network monitoring.
4. API changes of Radius Portal
We add CHAP encryption and NAS ID in Radius portal authentication, and the Radius Client role is transferred from EAP to Omada Controller. If you use External Radius Server with External Web Portal in old version controller, pay attention that the API has been changed in this version. Thus you have to modify your External Web Portal, refer to FAQ-2390 for more details.
PS: Below are the detailed release note of Omada Controller 3.1.4 (Windows)for your reference.
New Feature/Enhancement:
1. Merge 2.4GHz and 5GHz SSID.
2. Add Guest Network function.
3. Optimize log field and content.
4. Add SSID Radius accounting to WPA-Enterprise security mode.
5. Optimize the site list which allows us to inquire the specific site based on the site name and add new entrance for the hotspot.
6. Add SSL encryption in Log Server, and Log setting/Mail Server can be only accessed by administrator account.
7. Add Layer-3 Accessibility in SSH.
8. Add Mesh settings to Backup and Restore file.
9. Add CHAP encryption and NAS ID in Radius portal authentication and the Radius Client role is transferred from EAP to Omada Controller.
10. Add SSID MAC Authentication to none security mode.
11. Add channel utilization function.
12. Add Full-Sector DFS function in Mesh network.
13. Channel limit is revised from private configuration to site settings.
14. Support inputting domain name in SMTP server.
Notes:
1. The log will be cleared when you upgrade the software from version 3.0.x to version 3.1.4.
2. Add push notification to Omada APP of version 2.1.4 or above when EAP is connected/disconnected from Omada Controller.
3. This version of Omada Controller is applied to Omada APP of version 2.1.4 or above.
4. When you upgrade your controller or backup files from lower version, the 2.4GHz and 5GHz SSID entries with the same name will be merged and it will inherit the parameters of the original 2.4GHz SSID.
5. If you use External Radius Server with External Web Portal in old version controller, pay attention that the API has been changed in this version, thus you have to modify your External Web Portal, refer to FAQ-2390 for more details.
6. The log generated by EAP will be managed and storaged by Controller if you manage EAPs by Omada Controller.
7. Channel utilization will take effect only with new firmware.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @R1D2 ,
About your question, we had a test today. We set EAP in 192.168.1.1/24, OC200 in 192.168.2.1/24, then we enabled Guest Network in the SSID, the clients cannot access the OC200 (192.168.2.4), then we set Access Control for the SSId, and then we can ping the OC200 successfully. So we didn't reproduce your issue. We recommend you to have a test agian.
Captive Portal runs on a router which is connected to both subnets (multi-homed host).
We can set portal on the PC200 and the clients can authenticate successfully. You say the portal runs on a router, we don't understand it.
You mentioned the SSID Isolation, we will add this to our suggestion list, thank you for your feedback.
- Copy Link
- Report Inappropriate Content
Hello forrest,
thank you for your reply. Could it be that the effect depends on the firmware (EAP225-Outdoor)? I did test v1.0.0 (pre-installed), v1.3.0 and v1.5.0. They seem to have different semantics regarding ACLs. With version 1.0.5 it works so far.
Regarding Captive Portal: yes, we use our own Captive Portal software running on the router b/c we need detailed possibility of intervention due to legal regulations (german TMG law). The router can be any device, either our own x86-based hardware as shown below, but also any other router, even an Archer WiFi router or an UBNT EdgeRouter running our own firmware.
Following diagram outlines the most common topology, another one is the placement of OC200 in the WAN zone if the WAN zone is behind another router (e.g. from the ISP) instead of just a modem:
Firewall and ACLs are on the router. ACLs on EAPs are not needed in this topology. I really would appreciate if you could enable Client Isolation setting in Omada Controller again.
Thanks for your consideration! Much appreciated.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 7872
Replies: 12