Newbie OMADA setup issues

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Newbie OMADA setup issues

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Newbie OMADA setup issues
Newbie OMADA setup issues
2021-09-23 22:07:23
Model: OC200  
Hardware Version: V1
Firmware Version: 1.0

Experienced with standalone router/wifi units but new to OMADA. Have a hardware controller (OC200) and two access points (EAP265HD). Just one site, with an external router provided by our ISP. Planning to turn off the router's wifi and use only the OMADA gear. 

 

I was able to do basic initial configuration using the cloud controller, pretty much using the defaults except for entering two SSIDs for main and guest zones. with a password for the main zone. 

 

1. Firmware upgrade?

 

Want to upgrade to the latest firmware compatible with our controller and EAPs. All came with 1.x versions. There are all sorts of warnings about ensuring that controller and EAPs are upgraded to compatible versions. Current versions for the EAPs seem to be 1_5.x.

 

So can I upgrade, and when I do does it matter in which order I upgrade EAPs and hardware controller?

 

2. Guest Zone

 

We need a proper secure guest zone with a password, not the open guest zone that is created by default. Do I need the firmware upgrade to be able to do this? Have not yet found a way to reconfigure the guest zone. 

 

3. LAN-only zone?

 

I would like to create an additional SSID for LAN-only access (for some gear that I don't want exposed to the internet), and perhaps once I have it working turn off SSID broadcast to further hide it from the public. Is this feasible?

  0      
  0      
#1
Options
2 Reply
Re:Newbie OMADA setup issues
2021-09-24 03:06:53

@Al-from-Ottawa 

 

1. Firmware upgrade?

 

Want to upgrade to the latest firmware compatible with our controller and EAPs. All came with 1.x versions. There are all sorts of warnings about ensuring that controller and EAPs are upgraded to compatible versions. Current versions for the EAPs seem to be 1_5.x.

 

So can I upgrade, and when I do does it matter in which order I upgrade EAPs and hardware controller?

 

I suggest you to upgrade your OC200 first, then upgrade your EAPs.

 

2. Guest Zone

 

We need a proper secure guest zone with a password, not the open guest zone that is created by default. Do I need the firmware upgrade to be able to do this? Have not yet found a way to reconfigure the guest zone. 

 

Not sure what do you mean guest zone, guest SSID? You can just create a new SSID, set a Wi-Fi password, and enable Guest Network on it. Devices on the Guest network cannot reach any private IP address.

 

3. LAN-only zone?

 

I would like to create an additional SSID for LAN-only access (for some gear that I don't want exposed to the internet), and perhaps once I have it working turn off SSID broadcast to further hide it from the public. Is this feasible?

 

Turn off the SSID broadcast will stop new devices from connecting to this SSID, but not like prevent it from exposing to internet.

If you mean: devices connect to that SSID cannot get internet access, but can get LAN access only.

You need to set EAP ACL rules. One for allowing devices access LAN, one for blocking devices access IP address any.

 

Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:Newbie OMADA setup issues
2021-09-30 12:01:24

@Virgo 

 

Thanks for your advice. 

 

1. I have now upgraded our controller and access points to latest firmware. 

 

2. It's one click to create an open guest zone with no security. What I want is a guest SSID with full WPA2-PSK security just like the main SSIDs but with no access to the LAN. One that will give my guests an encrypted wifi connection that is harder for a hacker in the parking lot to intercept. It's been a table stakes feature of every cheap home router for over twenty years. But I can't find any way to set it up on this supposedly enterprise grade platform. 

 

3. I was wondering if I could create an SSID that is associated with an isolated subnet. Any subnet other than the one our router is on. For example an SSID connecting to 192.168.10.x if our router is at 192.168.0.x. Devices using the isolated SSID would be able to connect to each other but not to anything else. We would have to assign every IP address manually since the isolated subnet would not have DHCP. Your ACL suggestion is another option, but it would require entering the MAC address of every device in order to whitelist it. It may be easier to just buy a really cheap home router and not connect it to the internet. The down side of that is adding an interfering  wifi source whose channel assignments etc are not managed with the OMADA access points. 

  0  
  0  
#3
Options