TP-Link TL-SG3210XHP-M2 Omada SDN Software Controller 4.2.8windows&linux U
TP-Link TL-SG3210XHP-M2 Manual
View all TP-Link TL-SG3210XHP-M2 manuals
Add to My Manuals
Save this manual to your list of manuals |
TP-Link TL-SG3210XHP-M2 manual content summary:
- TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 1
User Guide Omada SDN Controller 1910012926 REV4.0.1 November 2020 © 2020 TP-Link - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 2
More Information ■ For technical support, the latest version of the User Guide and other information, please visit https://www.tp-link.com/support. ■ To ask questions, find answers, and communicate with TP-Link users or engineers, please visit https://community.tp-link.com to join TP-Link Community. - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 3
CONTENTS About this Guide Omada SDN Controller Solution Overview Overview of Omada SDN Controller Solution...2 Navigate the UI...44 Modify the Current Site Configuration...47 Site Configuration...47 Services...47 Advanced Features...50 Device Account...52 Configure Wired Networks...53 Set Up - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 4
114 Create Profiles...141 Time Range...141 Groups...143 Authentication...147 Portal...147 802.1X...178 MAC-Based Authentication...181 RADIUS Profile...183 Services...186 Dynamic DNS...186 SNMP...188 UPnP...189 SSH...190 Reboot Schedule...190 PoE Schedule...191 Export Data...192 Configure the Omada - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 5
HTTPS Certificate...199 Access Config...199 Manage Your Controller Remotely via Cloud Access 201 Maintenance...203 Controller Status...203 User Interface...203 Backup & Restore...205 Migration...207 Site Migration...207 Controller Migration...212 Auto Backup...219 Configure and Monitor Omada - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 6
Explanation of Widgets...296 View the Statistics of the Network...303 Performance...303 Switch Statistics ...306 Speed Test Statistics...308 Monitor the Network with Map...310 Topology...310 Map...312 View the Statistics During Specified Period with Insight 315 Known Clients...315 Past Connections - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 7
enterprise networks comprised of security gateways, switches, and wireless access points. With a reliable network management platform powered by TP-Link Omada SDN Controller, you can develop comprehensive, software-defined networking across demanding, high-traffic environments with robust wired and - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 8
Chapter 1 Omada SDN Controller Solution Overview 1. 1 Overview of Omada SDN Controller Solution Omada SDN Controller Solution is designed to provide business-class networking solutions for demanding, high-traffic environments such as campuses, hotels, malls, and offices. Omada SDN Controller - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 9
advanced business networks. ■ Access Points (Omada EAPs)-satisfy the mainstream Wi-Fi Standard and address your highdensity access needs with TP-Link's innovation to help you build the versatile and reliable wireless network for all business applications. Omada SDN Controller Tailored to different - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 10
on your network. Omada Hardware Controller Internet SafeStream Gateway JetStream Switch Omada Access Points ■ Omada Cloud-Based Controller Omada Cloud controller is deployed on the Omada Cloud server, providing paid license service with tiered pricing. With paid licienses bound to the devices on - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 11
router which can be managed by the controller. Omada Supported Gateways TL-R605(UN) V1 (default factory version or above) TL-ER7206(UN) V1 (default factory version or above) Omada Managed Switches TP-Link's JetStream Switch provides high-performance and enterprise-level security strategies and - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 12
version or above) TL-SG3428MP V1 (default factory version or above) TL-SG3452 V1 (default factory version or above) TL-SG3452P V1 (default factory version or above) TL-SG3428X V1 (default factory version or above) TL-SG3428XMP V1 (default factory version or above) TL-SG3210XHP-M2 V1 (default factory - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 13
Omada Access Points Omada SDN Controller Solution Overview TP-Link's Omada Access Point provides business-class Wi- by the controller. Omada Supported APs EAP660 HD V1 (default factory version or above) EAP620 HD V1 (default factory version or above) EAP265HD V1 (default factory version or - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 14
2 Get Started with Omada SDN Controller This chapter guides you on how to get started with Omada SDN Controller to configure the network. Omada Software Controller, Omada Hardware Controller, and Omada Cloud-Based Controller - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 15
a typical topology for a high-availability use case. Internet SafeStream Gateway JetStream Switch Omada SDN Controller Site A Site B Site C Site D , we recommend that you deploy the full Omada topology with supported TP-Link devices. If you use third-party devices, Omada SDN Controller cannot - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 16
11 (or above). ■■ Install Omada Software Controller Download the installation file of Omada Software Controller from the website. Then follow the instructions to properly install the Omada Software Controller. After a successful installation, a shortcut icon of the Omada Software Controller will be - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 17
your operating system from the website and follow the instructions to install the JRE. For Ubuntu16.04 or jsvc or curl installed, you can install it manually with the command: apt-get install or yum use the command: apt-get -f install to fix the problem. • Install the .tar.gz file 1. Make sure your - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 18
can use the command: apt-fix-broken install to fix the problem. After installing the controller, use the following commands to check more detailed information about the installation on Linux hosts, refer to the installation instructions. Note: • For installing the .tar.gz, if you want Omada - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 19
Network. You can also launch a web browser and enter http://127.0.0.1:8088 in the address bar. • If your web browser opens but prompts a problem with the website's security certificate, click Continue. Do the Basic Configurations In the web browser, you can see the configuration page. Follow the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 20
Chapter 2 Get Started with Omada SDN Controller 2. Specify a name for Omada Controller, and set your region and timezone. Then select the application scenario depending on your needs. Click Next. 3. The setup page displays all the discovered devices in the network. Select one or more devices to - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 21
a mail server, refer to Notifications. 6. If you want to access the controller to manage networks remotely, enable the Cloud Access button, and bind your TP-Link ID to your Omada Controller, and then click Next. If not, click Next directly. For more details about Omada Cloud, please refer to Omada - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 22
Chapter 2 7. Review your settings and click Finish. Get Started with Omada SDN Controller Log In to the Management Interface Once the basic configurations are the Omada Controller and manage EAPs. Or you can log in to Omada Controller using other management devices through Omada Cloud service. 16 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 23
for a high-availability use case. Internet SafeStream Gateway JetStream Switch Omada Hardware Controller Omada Access Points Note: When using Omada SDN Controller, we recommend that you deploy the full Omada topology with supported TP-Link devices. If you use third-party devices, Omada SDN - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 24
Chapter 2 2. 2. 3 Start and Log in to the Controller Get Started with Omada SDN Controller Log In to the Management Interface Follow the steps below to enter the management interface of Omada Hardware Controller: 1. Make sure that your management device has the route to access the controller. 2. - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 25
Chapter 2 Get Started with Omada SDN Controller 2. Specify a name for Omada Controller, and set your region and timezone. Then select the application scenario depending on your needs. Click Next. 3. The setup page displays all the discovered devices in the network. Select one or more devices to - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 26
a mail server, refer to Notifications. 6. If you want to access the controller to manage networks remotely, enable the Cloud Access button, and bind your TP-Link ID to your Omada Controller, and then click Next. If not, click Next directly. For more details about Omada Cloud, please refer to Omada - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 27
Chapter 2 7. Review your settings and click Finish. Get Started with Omada SDN Controller Log In to the Management Interface Once the basic configurations are the Omada Controller and manage EAPs. Or you can log in to Omada Controller using other management devices through Omada Cloud service. 21 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 28
bar. Enter your TPLink ID and password to log in. If you do not have a TP-Link ID, create a TP-Link ID first. 2 ) Click Add Controller and register for an Omada Cloud-Based Controller. Follow the instructions to complete the setup process. 3 ) Add devices with the serial number, make sure the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 29
3 Manage Omada Managed Devices and Sites Start managing your network by creating sites and adopting devices so that you can configure and monitor your devices centrally while keeping things organized. The chapter includes the following sections: • Create Sites • Adopt Devices - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 30
Chapter 3 3. 1 Create Sites Manage Omada Managed Devices and Sites Overview Different sites are logically separated network locations, like different subsidiary companies or departments. It's best practice to create one site for each LAN (Local Area Network) and add all the devices within the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 31
Chapter 3 Manage Omada Managed Devices and Sites Create a Site View and Edit the Site Go Into the Site To create a site, choose one from the following methods according to your needs. ■■ Create a site from scratch 1. Click + Add New Site in the drop-down list of Sites. Alternatively, click - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 32
Chapter 3 Manage Omada Managed Devices and Sites ■■ Import a site from another controller If you want to migrate seamlessly from an old controller to a new one, import the site configuration file of the old controller into the new. Before that, you need to export the site configuration file from - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 33
Chapter 3 Manage Omada Managed Devices and Sites 1. Select the site from the drop-down list of Sites to go into the site. 2. The Site field indicates the site which you are currently in. Some configuration items in the menu are applied to the site which you are currently in, whereas others are - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 34
Chapter 3 3. 2 Adopt Devices Manage Omada Managed Devices and Sites Overview After you create a site, add your devices to the site by making the controller adopt them. Make sure that your devices in each LAN are added to the corresponding site so that they can be managed centrally. Site C LAN 3 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 35
Chapter 3 Manage Omada Managed Devices and Sites Prepare for Communication Prepare for Device Discovery Adopt the Devices Note: If the controller and devices are in the same LAN, subnet and VLAN, skip this step. Make sure that the controller can communicate with the devices. Otherwise, the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 36
Chapter 3 Manage Omada Managed Devices and Sites 1. Set up the Network ■■ Scenario 1: Across VLANs or Subnets As shown in the following figures, the controller and devices are in different VLANs or subnets. You need to set up a layer 3 interface for each VLAN or subnet, and make sure the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 37
Chapter 3 Manage Omada Managed Devices and Sites • Use Port Forwarding Configure Port Forwarding on Gateway B and open port 29810-29813 for the controller, which are essential for discovering and adopting devices. If you are using firewalls in the networks, make sure that the firewalls don't block - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 38
Chapter 3 Manage Omada Managed Devices and Sites as Interface, disable DMZ, specify 29810-29813 as Source Port and Destination Port, specify the controller's IP address as Destination IP, and select All as Protocol. Then click Create. 32 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 39
Use VPN Set up a VPN connection between Gateway A and Gateway B in Standalone Mode. For details about VPN configuration, refer to the User Guide of the gateways. Internet VPN VPN Connection Gateway A VPN Gateway B Switch AP AP LAN 1 Omada SDN Controller Site Unified Management from One - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 40
Chapter 3 Manage Omada Managed Devices and Sites IP as the IP address of the controller (if you have configured Port Forwarding on the controller side, use the public WAN IP address of the gateway instead). Then click Ping. If the ping result shows the packets are received, it implies that the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 41
Chapter 3 Manage Omada Managed Devices and Sites You can configure Controller Inform URL for devices in Standalone Mode. Let's take a switch for example. Log into the management page of the switch in Standalone Mode and go to SYSTEM > Controller Settings to load the following page. In Controller - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 42
Chapter 3 Manage Omada Managed Devices and Sites 2. Open Discovery Utility and you can see a list of devices. Select the devices to be adopted and click Batch Setting. 3. Specify Controller Hostname/IP as the IP address of the controller (if you have configured Port Forwarding on the controller - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 43
Chapter 3 Manage Omada Managed Devices and Sites enter the username and password of the devices. By default, the username and password are both admin. Then click Apply. Wait until the setting succeeds. ■■ DHCP Option 138 DHCP Option 138 informs a DHCP client, such as a switch or an EAP, of the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 44
Chapter 3 Manage Omada Managed Devices and Sites 138 as the controller's IP address (if you have configured Port Forwarding on the controller side, use the public WAN IP address of the gateway instead). Click Save. 3. To make DHCP Option 138 take effect, you need to renew DHCP parameters for the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 45
Chapter 3 Manage Omada Managed Devices and Sites Prepare for Communication Prepare for Device Discovery Adopt the Devices 1. Decide which site you want to add the devices to. On the controller configuration page, select the site from the drop-down list of Sites. 2. Go to Devices, and devices - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 46
Chapter 3 3. 3. 2 For Omada Cloud-Based Controller To adopt the devices on the controller, follow these steps: 1 ) Connect to the internet. 2 ) Prepare for controller management. 3 ) Adopt the devices. Manage Omada Managed Devices and Sites Connect to the Internet Prepare for Controller - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 47
devices to be adopted by Omada CloudBased Controller. Make sure Cloud-Based Controller Management is enabled on the devices. For details, refer to the User Guide of your devices, which can be downloaded from the TP-Link download center. 41 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 48
Chapter 3 Manage Omada Managed Devices and Sites Let's take a switch for example. Log into the web page of the switch in Standalone Mode. Go to SYSTEM > Controller Settings to load the following page. In Cloud-Based Controller Management, enable CloudBased Controller Management and click Apply. - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 49
4 Configure the Network with Omada SDN Controller This chapter guides you on how to configure the network with Omada SDN Controller. As the • Configure Wired Networks • Configure Wireless Networks • Network Security • Transmission • Configure VPN • Create Profiles • Authentication • Services - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 50
monitor your network, it is helpful to familiarize yourself with the most commonly-used elements of the Controller UI that are frequently referenced in this guide. The Controller UI is grouped into task-oriented menus, which are located in the top right-hand corner and the left-hand navigation bar - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 51
UI depending on your needs. For details, refer to Maintenance About: Click to display the controller version. Tutorial: Click to view the quick Getting Started guide which demonstrates the navigation and tools available for the controller. 45 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 52
location for a visual representation of your network. Devices displays all TP-Link devices discovered on the site and their general information. This list Insight displays a list of statistics of your network device, clients and services during a specified period. You can change the range of date in - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 53
the site. Specify the application scenario of the site. To customize your scenario, click Create New Scenario in the drop-down list. 4. 2. 2 Services Overview In Services, you can view and modify the features applied to devices on the current site. Most features are applied to all devices, such as - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 54
> Site, and configure the following features for the current site in Services. Click Save. LED Automatic Upgrades Channel Limit Mesh Auto Failover Enable or EU countries. (For EAP225/EAP245/EAP225-Outdoor) When enabled, EAPs supporting Mesh can establish the mesh network at the site. (For APs in - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 55
Detection when mesh is enabled. In a mesh network, the APs can send ARP request packets to a fixed IP address to test the connectivity. If the link fails, the status of these APs will change to Isolated. Auto (Recommended): Select this method and the mesh APs will send ARP request packets to - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 56
with the WLAN knowledge. If you are not sure about your network conditions and the potential impact of all settings, keep Advanced Features disabled in Services to use their default configurations. Configuration Select a site from the drop down list of Sites in the top-right corner, go to Settings - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 57
disabled, the AP only issues an 802.11v roaming suggestion when a client's link quality drops below the predefined threshold and there is a better option of AP, Steering can improve the network performance because the 5 GHz band supports a larger number of non-overlapping channels and is less - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 58
Chapter 4 Beacon Control Configure the Network with Omada SDN Controller Beacons are transmitted periodically by the EAP to announce the presence of a wireless network for the clients. Click , select the band, and configure the following parameters of Beacon Control. Beacon Interval: Specify how - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 59
Chapter 4 Configure the Network with Omada SDN Controller 4. 3 Configure Wired Networks Wired networks enable your wired devices and clients including the gateway, switches, EAPs and PCs to connect to each other and to the internet. As shown in the following figure, Wired Networks consist of two - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 60
WAN ports is decided by WAN Mode. Go to Settings > Wired Networks > Internet. For WAN connections, choose a Connection Type according to the service provided by your ISP. Connection Type Dynamic IP: If your ISP automatically assigns the IP address and the corresponding parameters, choose Dynamic - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 61
Chapter 4 Configure the Network with Omada SDN Controller ■■ Dynamic IP 1. Choose Connection Type as Dynamic IP and configure the following parameters. MAC Address Use Default MAC Address: The WAN port uses the default MAC address to set up the internet connection. It's recommended to use the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 62
Add the WAN port to a VLAN and you need to specify the VLAN. Generally, you don't need to manually configure it unless required by your ISP. QoS Tag The QoS (Quality of Service) function helps to prioritize the internet traffic based on your needs. You can determine the priority level for the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 63
Chapter 4 Configure the Network with Omada SDN Controller ■■ Static IP 1. Choose Connection Type as Static IP and configure the following parameters. IP Address Subnet Mask Default Gateway MAC Address Enter the IP address provided by your ISP. Enter the subnet mask provided by your ISP. Enter - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 64
Add the WAN port to a VLAN and you need to specify the VLAN. Generally, you don't need to manually configure it unless required by your ISP. QoS Tag The QoS (Quality of Service) function helps to prioritize the internet traffic based on your needs. You can determine the priority level for the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 65
Chapter 4 Configure the Network with Omada SDN Controller ■■ PPPoE 1. Choose Connection Type as Static IP and configure the following parameters. Username Password MAC Address Enter the PPPoE username provided by your ISP. Enter the PPPoE password provided by your ISP. Use Default MAC Address: - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 66
Chapter 4 Configure the Network with Omada SDN Controller 2. Click + Advanced Settings and configure the following parameters. Then click Apply. 60 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 67
Add the WAN port to a VLAN and you need to specify the VLAN. Generally, you don't need to manually configure it unless required by your ISP. QoS Tag The QoS (Quality of Service) function helps to prioritize the internet traffic based on your needs. You can determine the priority level for the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 68
Chapter 4 Configure the Network with Omada SDN Controller ■■ L2TP Choose Connection Type as L2TP and configure the following parameters. Then click Apply. Username Password Enter the L2TP username provided by your ISP. Enter the L2TP password provided by your ISP. 62 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 69
1460. Add the WAN port to a VLAN and you need to specify the VLAN. Generally, you don't need to manually configure it unless required by your ISP. The QoS (Quality of Service) function helps to prioritize the internet traffic based on your needs. You can determine the priority level for the traffic - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 70
Chapter 4 Configure the Network with Omada SDN Controller ■■ PPTP Choose Connection Type as PPTP and configure the following parameters. Then click Apply. Username Password VPN Server / Domain Name Get IP address from ISP Primary DNS Server / Secondary DNS Server Enter the PPTP username provided - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 71
1420. Add the WAN port to a VLAN and you need to specify the VLAN. Generally, you don't need to manually configure it unless required by your ISP. The QoS (Quality of Service) function helps to prioritize the internet traffic based on your needs. You can determine the priority level for the traffic - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 72
address ( or destination port) will be forwarded to the recorded WAN port. This feature ensures that multi-connected applications work properly. Link Backup With Link Backup enabled, the router will switch all the new sessions from dropped lines automatically to another to keep an always on-line - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 73
Chapter 4 4. 3. 2 Configure LAN Networks Configure the Network with Omada SDN Controller Overview The LAN function allows you to configure wired internal network. Based on 802.1Q VLAN, Omada Controller provides a convenient and flexible way to separate and deploy the network. The network can be - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 74
Chapter 4 Purpose Configure the Network with Omada SDN Controller Interface: Create the network with a Layer 3 interface, which is required for inter-VLAN routing. VLAN: Create the network as a Layer 2 VLAN. 3. Configure the parameters according to the purpose for the network. ■■ Interface LAN - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 75
. It uses the IP address specified in the Gateway/Subnet entry as the DNS server address. Manual: Specify DNS servers manually. Enter the IP address of a server in each DNS server field. Specify how long a 66. It specifies the TFTP server information and supports a single TFTP server IP address. 69 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 76
Chapter 4 Option 138 ■■ VLAN Configure the Network with Omada SDN Controller Enter the value for DHCP Option 138. It is used in discovering the devices by the Omada controller. VLAN IGMP Snooping Legal DHCP Servers Enter a VLAN ID with the values between 1 and 4090. Each VLAN can be uniquely - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 77
Chapter 4 Configure the Network with Omada SDN Controller Create a Network Create a Port Profile Assign the Port Profile to the Ports Note: • Three default port profiles are preconfigured on the controller. They can be viewed, but not edited or deleted. All: In the All profile, all networks - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 78
Chapter 4 Configure the Network with Omada SDN Controller 2. Click + Create New Port Profile to load the following page, and configure the following parameters. 72 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 79
Unauthorized: The port remains in the unauthorized state, ignoring all attempts by the client to authenticate. The switch cannot provide authentication services to the client through the port. Click the checkbox to enable Port Isolation. An isolated port cannot communicate directly with any other - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 80
Ingress Rate Limit Egress Rate Limit Broadcast Threshold Multicast Threshold UL-Frame Threshold Action Click the checkbox to enable LLDP-MED (Link Layer Discovery Protocol-Media Endpoint Discovery) for device discovery and auto-configuration of VoIP devices. Select the type of Bandwidth Control - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 81
Chapter 4 Configure the Network with Omada SDN Controller Create a Network Create a Port Profile Assign the Port Profile to the Ports Note: By default, there is a port profile named All, which is assigned to all switch ports by default. In the All profile, all networks except the default - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 82
Chapter 4 Configure the Network with Omada SDN Controller 4. 4 Configure Wireless Networks Wireless networks enable your wireless clients to access the internet. Once you set up a wireless network, your EAPs typically broadcast the network name (SSID) in the air, through which your wireless - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 83
Chapter 4 Configure the Network with Omada SDN Controller 3. (Optional) If you want to create a new WLAN group based on an existing one, check Copy All SSIDs from the WLAN Group and select the desired WLAN group. Then you can further configure wireless networks based on current settings. 4. Click - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 84
Chapter 4 Configure the Network with Omada SDN Controller 2. Click + Create New Wireless Network to load the following page. Configure the basic parameters for the network. Network Name (SSID) Enter the network name (SSID) to identify the wireless network. The users of wireless clients choose to - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 85
Chapter 4 Configure the Network with Omada SDN Controller ■■ WEP Traffic is encrypted with a WEP Key, which you need to specify. WEP is not recommended because it's insecure. ■■ WPA-Personal Traffic is encrypted with a Security Key, which you need to specify. WPA-Personal is more secure than WEP. - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 86
Chapter 4 Configure the Network with Omada SDN Controller Select a RADIUS Profile, which records the settings of the authentication server and accounting server. You can create a RADIUS Profile by clicking + Create New Radius Profile from the drop-down list of RADIUS Profile. For details, refer to - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 87
Chapter 4 Configure the Network with Omada SDN Controller ■■ Apply to a Single EAP Go to Devices, select the EAP which you want to apply the WLAN group to. In the Properties window, go to Config > WLANs, select the WLAN group which you want to apply to the EAP. ■■ Apply to EAPs in batch 1. Go to - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 88
SSID. With SSID Broadcast disabled, users of wireless clients must enter the SSID manually to connect to the wireless network. To set a wireless VLAN for the IDs. Then the EAPs work together with the switches which also support 802.1Q VLAN, to distribute the traffic to different VLANs according - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 89
Chapter 4 Configure the Network with Omada SDN Controller WEP Mode If you select WEP as the security strategy, you can select the WEP Mode including the WEP authentication type, the WEP key format, and the WEP key length. Select the WEP authentication type. Open System: Wireless clients can pass - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 90
Chapter 4 4. 4. 3 WLAN Schedule Configure the Network with Omada SDN Controller Overview WLAN Schedule can turn on or off your wireless network in the specific time period as you desire. Configuration Go to Settings > Wireless Networks, click in the ACTION column of the wireless network which you - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 91
Chapter 4 Configure the Network with Omada SDN Controller GHz band to enable minimum data rate control according to your needs, move the slider to determine what bit rates your wireless network allows, and configure the parameters. Then click Apply. Disable CCK Rates (1/2/5.5/11 Mbps) Select - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 92
Chapter 4 Configure the Network with Omada SDN Controller Configuration Go to Settings > Wireless Networks, click in the ACTION column of the wireless network which you want to configure, and click + MAC Filter to load the following page. Enable MAC Filter and configure the parameters .Then click - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 93
Network Security is a portfolio of features designed to improve the usability and ensure the safety of your network and data. Network security services include ACL, URL Filtering, and Attack Defense, which implement policies and controls on multiple layers of defenses in the network. 4. 5. 1 ACL - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 94
Chapter 4 Configure the Network with Omada SDN Controller 2 ) Define packet-filtering criteria of the rule, including protocols, source, and destination, and determine whether to forward the matched packets. ■■ Configuring Gateway ACL 1. Go to Settings > Network Security > ACL. On Gateway ACL tab - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 95
Chapter 4 Configure the Network with Omada SDN Controller Protocols Select one or more protocol types to which the rule applies from the drop-down list. The default is All, indicating that packets of all protocols will be matched. When you select one of TCP and UDP or both of them, you can set - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 96
Chapter 4 Configure the Network with Omada SDN Controller ■■ Configuring Switch ACL 1. Go to Settings > Network Security > ACL. Under the Switch ACL tab, click the following page. to load 90 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 97
Chapter 4 Configure the Network with Omada SDN Controller 2. Define packet-filtering criteria of the rule, including protocols, source, and destination, and determine whether to forward the matched packets. Refer to the following table to configure the required parameters. Name Status Enter a - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 98
Chapter 4 Configure the Network with Omada SDN Controller IP-Port Group MAC Group Select the IP-Port Group you have created. If no IP-Port Groups have been created, click +Create on this page or go to Settings > Profiles > Groups to create one. The switch will examine whether the destination IP - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 99
Chapter 4 Configure the Network with Omada SDN Controller ■■ Configuring EAP ACL 1. Go to Settings > Network Security > ACL. Under the EAP ACL tab, click the following page. to load 2. Define packet-filtering criteria of the rule, including protocols, source, and destination, and determine - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 100
Chapter 4 Configure the Network with Omada SDN Controller Policy Protocols Select the action to be taken when a packet matches the rule. Permit: Forward the matched packet. Deny: Discard the matched packet. Select one or more protocol types to which the rule applies from the drop-down list. The - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 101
Chapter 4 4. 5. 2 URL Filtering Configure the Network with Omada SDN Controller Overview URL Filtering allows a network administrator to create rules to block or allow certain websites, which protects it from web-based threats, and deny access to malicious websites. In URL filtering, the system - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 102
Chapter 4 Configure the Network with Omada SDN Controller ■■ Configuring Gateway Rules 1. Go to Settings > Network Security > URL Filtering. Under the Gateway Rules tab, click to load the following page. 2. Define filtering criteria of the rule, including source and URLs, and determine whether to - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 103
URL address should be given in a valid format. The URL which contains a wildcard(*) is supported. One URL with a wildcard(*) can match mutiple subdomains. For example, with *.tp-link.com specified, community.tp-link.com will be matched. ■■ Configuring EAP Rules 1. Go to Settings > Network Security - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 104
(*) is supported. One URL with a wildcard(*) can match mutiple subdomains. For example, with *.tp-link.com specified, community.tp-link.com will target device is busy with these fake packets and cannot process normal services. Flood Defense detects flood packets in real time and limits the receiving - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 105
large number of UDP packets to a target host in a short time, the target host is busy with these UDP packets and cannot process normal services. With this feature enabled, the gateway limits the rate of receiving UDP packets from all the clients to the specified rate. Multi-Connections ICMP Flood - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 106
large number of UDP packets to a target host in a short time, the target host is busy with these UDP packets and cannot process normal services. With this feature enabled, the gateway limits the rate of receiving UDP packets from a single client to the specified rate. Stationary Source ICMP Flood - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 107
Chapter 4 Configure the Network with Omada SDN Controller ■■ Configuring Packet Anomaly Defense Go to Settings > Network Security > Attack Defense. In the Packet Anomaly Defense, click the checkbox and set the corresponding limit of the rate at which specific packets are received. Block Fragment - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 108
request from WAN. Block WinNuke Attack With this option enabled, the router will block WinNuke attacks. WinNuke attack refers to a remote DoS (denial-of-service) attack that affects some Windows operating systems, such as the Windows 95. The attacker sends a string of OOB (Out of Band) data to the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 109
Chapter 4 Configure the Network with Omada SDN Controller 4. 6 Transmission Transmission helps you control network traffic in multiple ways. You can add policies and rules to control transmission routes and limit the session and bandwidth. 4. 6. 1 Routing Overview ■■ Static Route Network traffic - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 110
Chapter 4 Configure the Network with Omada SDN Controller Destination IP/Subnet Route Type Metric Destination IP/Subnet identifies the network traffic which the Static Route entry controls. Specify the destination of the network traffic in the format of 192.168.0.1/24. You can click + Add Subnet - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 111
Chapter 4 Configure the Network with Omada SDN Controller ■■ Policy Routing 1. Go to Setting > Transmission > Routing > Policy Routing. Click + Create New Routing to load the following page and configure the parameters. Name Status Protocols WAN Enter the name to identify the Policy Routing - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 112
the entry. 4. 6. 2 NAT Overview ■■ Port Forwarding You can configure Port Forwarding to allow internet users to access local hosts or use network services which are deployed in the LAN. Port Forwarding helps establish network connections between a host on the internet and the other in the LAN by - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 113
Chapter 4 Configuration Configure the Network with Omada SDN Controller ■■ Port Forwarding 1. Go to Setting > Transmission > NAT > Port Forwarding. Click + Create New Rule to load the following page and configure the parameters. Name Status Source IP Interface DMZ Enter the name to identify the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 114
Chapter 4 Source Port Destination IP Destination Port Protocol Configure the Network with Omada SDN Controller The gateway uses the Source Port to receive the traffic from the internet. Only the traffic which matches the Source Port and the Protocol is forwarded. The traffic is forwarded to the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 115
Chapter 4 H.323 ALG PPTP ALG SIP ALG IPsec ALG Configure the Network with Omada SDN Controller H.323 ALG allows the IP phones and multimedia devices to set up connections using the H.323 protocol in one of the following scenarios: •• One of the endpoints is in the LAN, while the other is on the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 116
Chapter 4 Configure the Network with Omada SDN Controller 2. In Session Limit Rule List, click + Create New Rule to load the following page and configure the parameters. Name Status Source Type Maximum Sessions Enter the name to identify the Session Limit rule. Enable or disable the Session - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 117
Chapter 4 Configure the Network with Omada SDN Controller Configuration 1. Go to Setting > Transmission > Bandwidth Control. In Bandwidth Control, enable Bandwidth Control globally and configure the parameters. Then click Apply. Threshold Control With Threshold Control enabled, Bandwidth - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 118
Chapter 4 Configure the Network with Omada SDN Controller 2. In Bandwidth Control Rule List, click + Create New Rule to load the following page and configure the parameters. Name Enter the name to identify the Bandwidth Control rule. Status Enable or disable the Bandwidth Control rule. Source - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 119
Chapter 4 Mode Configure the Network with Omada SDN Controller Specify the bandwidth control mode for the specific local hosts. Shared: The total bandwidth for all the local hosts is equal to the specified values. Individual: The bandwidth for each local host is equal to the specified values. 3. - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 120
, data transmission and data decompression via the tunneling protocol. The gateway supports common tunneling protocols that a VPN uses to keep the data secure: ■■ IPsec IPsec (IP Security) can provide security services such as data confidentiality, data integrity and data authentication at the IP - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 121
from site B to site A, and nothing is needed to be configured on site B. • Manual IPsec You create an IPsec VPN tunnel between two peer routers over internet manually, from a local router to a remote router that supports IPsec. Omada managed gateway on this site is the local peer router. ■■ Client - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 122
Chapter 4 Configure the Network with Omada SDN Controller When the remote user's gateway works as the VPN client, the gateway helps create VPN tunnels between its connected hosts and the VPN server. The gateway which functions as a VPN client can use L2TP, PPTP, or OpenVPN as the tunneling - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 123
creates an IPsec VPN tunnel between two sites on the same controller. Manual IPsec VPN You manually create an IPsec VPN tunnel between two peer routers over internet, from a local router to a remote router that supports IPsec. Client-to-Site VPN Gateway (Client) Remote User Internet Gateway - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 124
protocol and configure the VPN policy based on the protocol. ■■ Configuring Site-to-Site VPN Omada managed gateway supports two types of Site-to-Site VPNs: Auto IPsec and Manual IPsec. • Configuring Auto IPsec VPN 1. Go to Settings > VPN. Click to load the following page. 2. Enter a name to - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 125
Chapter 4 • Configuring Manual IPsec VPN 1. Go to Settings > VPN. Click Configure the Network with Select the purpose for the VPN as Site-to-Site VPN. VPN Type Select the VPN type as Manual IPsec. Status Click the checkbox to enable the VPN policy. Remote Gateway Enter an IP address or a - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 126
Chapter 4 Pre-Shared Key WAN Configure the Network with Omada SDN Controller Enter the pre-shared key(PSK). Both peer gateways must use the same pre-shared secret key for authentication. A pre-shared key is a string of characters that is used as an authentication key. Both peer gateways create a - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 127
Chapter 4 Configure the Network with Omada SDN Controller 3. Click Advanced Settings to load the following page. Advanced settings include Phase-1 settings and Phase-2 settings. Phase-1 is used to set up a secure encrypted channel which the two peers can negotiate Phase-2, and then establish the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 128
Select the version of Internet Key Exchange (IKE) protocol which is used to set up security associations for IPsec. Both IKEv1 and IKEv2 are supported with Omada managed gateways, but IKEv1 is available only when the VPN policy is applied to a single Remote Subnet and a single Local Network. Note - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 129
Chapter 4 Configure the Network with Omada SDN Controller Local ID Type Local ID Remote ID Type Remote ID SA Lifetime DPD DPD Interval Specify the type of Local ID which indicates the authentication identifier sent to the peer for IKE negotiation. IP Address: Select IP Address to use the IP - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 130
) Lifetime in IKE negotiation. If the SA lifetime expired, the related IPsec SA will be deleted. ■■ Configuring Client-to-Site VPN Omada managed gateway supports seven types of client-to-Site VPNs depending on the role of your Omada managed gateway and the protocol that you used: Configuring the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 131
use the same pre-shared secret key for authentication. WAN Select the WAN port on which the L2TP VPN tunnel is established. Each WAN port supports only one L2TP VPN tunnel when the gateway works as a L2TP server. IP Pool Enter the IP address and subnet mask to decide the range - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 132
Maximum Connections. Network Extension Mode: This mode allows only clients from the configured subnet to connect to the server and obtain VPN services. With this mode selected, specify the subnet in Remote Subnets. Maximum Connections With Client mode selected, set maximum number of concurrent VPN - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 133
Chapter 4 Configure the Network with Omada SDN Controller To edit or delete the L2TP users, click the icon in the Action column. View and edit the account information of users. Delete the L2TP user. • Configuring the gateway as a VPN server using PPTP 1. Go to Settings > VPN. Click to load the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 134
networks. Select the WAN port on which the PPTP VPN tunnel is established. Each WAN port supports only one PPTP VPN tunnel when the gateway works as a PPTP server. Enter the IP address to connect to the server and obtain VPN services. With this mode selected, specify the subnet in Remote Subnets. 128 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 135
same account. Remote Subnets With Network Extension Mode selected, only clients from the configured subnet are allowed to connect to the server and obtain VPN services. Click to specify the subnet.. To edit or delete the PPTP users, click the icon in the Action column. View and edit the account - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 136
Chapter 4 VPN Type Status Remote Host Local Networks Pre-Shared Key WAN IP Pool Configure the Network with Omada SDN Controller Select the VPN type as VPN Server - IPsec. Click the checkbox to enable the VPN policy. Enter an IP address or a domain name of the host on the remote peer of the VPN - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 137
Chapter 4 Configure the Network with Omada SDN Controller 3. Click Advanced Settings to load the following page. Advanced settings include Phase-1 settings and Phase-2 settings. Phase-1 is used to set up a secure encrypted channel which the two peers can negotiate Phase-2, and then establish the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 138
Select the version of Internet Key Exchange (IKE) protocol which is used to set up security associations for IPsec. Both IKEv1 and IKEv2 are supported with Omada managed gateways, but IKEv1 is available only when the VPN policy is applied to a single Remote Subnet and a single Local Network. Note - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 139
Chapter 4 Configure the Network with Omada SDN Controller Local ID Type Local ID Remote ID Type Remote ID SA Lifetime DPD DPD Interval Specify the type of Local ID which indicates the authentication identifier sent to the peer for IKE negotiation. IP Address: Select IP Address to use the IP - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 140
the VPN policy. Protocol Select the communication protocol for the gateway which works as an OpenVPN Server. Two communication protocols are available: TCP and UDP. Service Port Enter a VPN service port to which a VPN device connects. 134 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 141
VPN policy will be only applied to the selected local networks. Select the WAN port on which the VPN tunnel is established. Each WAN port supports only one OpenVPN tunnel when the gateway works as a OpenVPN server. Enter the IP address and subnet mask to decide the range of the VPN - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 142
Chapter 4 Configure the Network with Omada SDN Controller • Configuring the gateway as a VPN client using L2TP 1. Go to Settings > VPN. Click to load the following page. 2. Enter a name to identify the VPN policy and select the purpose as Client-to-Site VPN. Refer to the following table to - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 143
Chapter 4 Username Password IPsec Encryption Remote Server Remote Subnets Local Networks Pre-shared Key WAN Configure the Network with Omada SDN Controller Enter the username used for the VPN tunnel. This username should be the same as that of the L2TP server. Enter the password of user. This - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 144
Chapter 4 Configure the Network with Omada SDN Controller • Configuring the gateway as a VPN client using PPTP 1. Go to Settings > VPN. Click to load the following page. 2. Enter a name to identify the VPN policy and select the purpose as Client-to-Site VPN. Refer to the following table to - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 145
Chapter 4 Configure the Network with Omada SDN Controller Username Password MPPE Encryption Remote Server Remote Subnets Local Networks WAN Enter the username used for the VPN tunnel. This username should be the same as that of the PPTP server. Enter the password of user. This password should be - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 146
Chapter 4 Configure the Network with Omada SDN Controller 2. Enter a name to identify the VPN policy and select the purpose as Client-to-Site VPN. Refer to the following table to configure the required parameters and click Create. Name Enter a name to identify the VPN policy. Purpose Select - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 147
Chapter 4 Configure the Network with Omada SDN Controller 4. 8 Create Profiles Profiles section is used to configure and record your custom settings for site configurations. It includes Time Range and Groups profiles. In Time Range section, you can configure time templates for wireless schedule, - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 148
Chapter 4 Configure the Network with Omada SDN Controller 2. Enter a Name for the new entry, select the Day Mode, and specify the time range. Click Apply to save the entry. After saving the newly added entry, you can apply them to site configuration. To apply the customized time range profiles in - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 149
Chapter 4 Delete the entry. Configure the Network with Omada SDN Controller 4. 8. 2 Groups Overview Groups section allows you to customize client groups based on IP, IP-Port, or MAC Address. You can set different rules for the groups profiles which can be shared and applied to ACL, Routing, NAT, - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 150
Chapter 4 Configure the Network with Omada SDN Controller ■■ Based on IP Group To configure a group profile based on IP Group, you are required to specify the IP subnets, while subnet mask is optional. You can click +Add Subnet to add new subnets, and click to delete them. ■■ Based on IP-Port - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 151
Chapter 4 Configure the Network with Omada SDN Controller ■■ Based on MAC Group To configure a group profile based on MAC Group, you are required to enter MAC Address(es) in the MAC Addresses List. There are three ways to add MAC address(es) to the MAC Addresses List. Add MAC address singly. Add - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 152
Chapter 4 You can view the name, type, and count in the list. Configure the Network with Omada SDN Controller To view, edit or delete the group entry, click the icon in the Action column. View and edit the parameters in the entry. You cannot change the type when editing the entry. Delete the entry - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 153
Authentication, covering all the needs to authenticate both wired and wireless clients. 4. 9. 1 Portal Overview Portal authentication provides convenient authentication services to the clients that only need temporary access to the network, such as the customers in a restaurant or in a supermarket - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 154
Chapter 4 Configure the Network with Omada SDN Controller • Local User Clients are required to enter the correct username and password of the login account to pass the authentication. • SMS Clients can get verification codes using their mobile phones and enter the received codes to pass the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 155
Chapter 4 ■■ Configuring Portal with No Authentication 1. Go to Settings > Authentication > Portal. Click Configure the Network with Omada SDN Controller to enable Portal and load the following page. 2. Select the SSIDs and LAN networks for the portal to take effect on and configure basic - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 156
Chapter 4 Landing Page Configure the Network with Omada SDN Controller Select which page the client will be redirected to after a successful authentication. The Original URL: Clients are directed to the URL they request for after they pass Portal authentication. The Promotional URL: Clients are - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 157
system language of the clients. If the language is not supported, the controller will use the default language specified here. Select entering the hexadecimal HTML color code manually or through the color picker. Click the checkbox and enter text as the terms of service in the following box. Click - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 158
Chapter 4 Configure the Network with Omada SDN Controller Click Advertisement Options and customize advertisement pictures on the authentication page. Advertisement Click the checkbox to enable the Advertisement feature. With this feature enabled, you can add advertisement pictures on the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 159
Chapter 4 Configure the Network with Omada SDN Controller 4. In the Access Control section, configure access control rules including Pre-Authentication Access and Authentication-Free Policy if needed. Pre-Authentication Access Pre-Authentication Access List Authentication-Free Policy - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 160
Chapter 4 ■■ Configuring Portal with Simple Password 1. Go to Settings > Authentication > Portal. Click Configure the Network with Omada SDN Controller to enable Portal and load the following page. 2. Select the SSIDs and LAN networks for the portal to take effect on and configure basic parameters - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 161
Chapter 4 Configure the Network with Omada SDN Controller 3. In the Portal Customization section, customize the Portal page including the background picture, logo picture and so on. Type Select the type of the Portal page. Edit Current Page: Edit the related parameters to customize the portal - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 162
system language of the clients. If the language is not supported, the controller will use the default language specified here. Select entering the hexadecimal HTML color code manually or through the color picker. Click the checkbox and enter text as the terms of service in the following box. Click - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 163
Chapter 4 Configure the Network with Omada SDN Controller Click Advertisement Options and customize advertisement pictures on the authentication page. Advertisement Click the checkbox to enable the Advertisement feature. With this feature enabled, you can add advertisement pictures on the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 164
Chapter 4 Configure the Network with Omada SDN Controller 4. In the Access Control section, configure access control rules including Pre-Authentication Access and Authentication-Free Policy if needed. Pre-Authentication Access Pre-Authentication Access List Authentication-Free Policy - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 165
Chapter 4 Configure the Network with Omada SDN Controller 2. Select the SSIDs and LAN networks for the portal to take effect on and configure basic parameters. SSID & LAN Network Authentication Type HTTPS Redirection Select one or more SSIDs or LAN networks for the portal. The clients connected - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 166
Chapter 4 Configure the Network with Omada SDN Controller • Configuring SMS Portal Select SMS and configure the required parameters in the SMS section. SMS Clients can get verification codes using their mobile phones and enter the received codes to pass the authentication. Twilio SID Enter the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 167
Chapter 4 Configure the Network with Omada SDN Controller • Configuring RADIUS Portal Select RADIUS and configure the required parameters in the RADIUS section. RADIUS RADIUS Profile Authentication Mode NAS ID Clients are required to enter the correct username and password which are stored in - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 168
Chapter 4 Configure the Network with Omada SDN Controller 4. In the Portal Customization section, customize the Portal page including the background picture, logo picture and so on. Type Select the type of the Portal page. Edit Current Page: Edit the related parameters to customize the portal - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 169
system language of the clients. If the language is not supported, the controller will use the default language specified here. Select entering the hexadecimal HTML color code manually or through the color picker. Click the checkbox and enter text as the terms of service in the following box. Click - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 170
Chapter 4 Configure the Network with Omada SDN Controller Click Advertisement Options and customize advertisement pictures on the authentication page. Advertisement Click the checkbox to enable the Advertisement feature. With this feature enabled, you can add advertisement pictures on the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 171
Chapter 4 Configure the Network with Omada SDN Controller 5. In the Access Control section, configure access control rules including Pre-Authentication Access and Authentication-Free Policy if needed. Pre-Authentication Access Pre-Authentication Access List Authentication-Free Policy - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 172
Chapter 4 Configure the Network with Omada SDN Controller ■■ Configuring Portal with External RADIUS Server 1. Go to Settings > Authentication > Portal. Click to enable Portal and load the following page. 2. Select the SSIDs and LAN networks for the portal to take effect on and configure basic - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 173
Chapter 4 RADIUS Profile NAS ID Authentication Mode Portal Customization HTTPS Redirection Landing Page Configure the Network with Omada SDN Controller Select the RADIUS profile you have created. If no RADIUS profiles have been created, click from the drop-down list or to create one. The - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 174
Chapter 4 Configure the Network with Omada SDN Controller 3. If you choose Local Web Portal which is provided by the built-in portal server of the controller, customize the Portal page in the Portal Customization section, including the background picture, logo picture and so on. Type Select the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 175
system language of the clients. If the language is not supported, the controller will use the default language specified here. Select entering the hexadecimal HTML color code manually or through the color picker. Click the checkbox and enter text as the terms of service in the following box. Click - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 176
Chapter 4 Configure the Network with Omada SDN Controller Click Advertisement Options and customize advertisement pictures on the authentication page. Advertisement Click the checkbox to enable the Advertisement feature. With this feature enabled, you can add advertisement pictures on the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 177
Chapter 4 Configure the Network with Omada SDN Controller 4. In the Access Control section, configure access control rules including Pre-Authentication Access and Authentication-Free Policy if needed. Pre-Authentication Access Pre-Authentication Access List Authentication-Free Policy - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 178
Chapter 4 Configure the Network with Omada SDN Controller ■■ Configuring Portal with External Portal Server 1. Go to Settings > Authentication > Portal. Click to enable Portal and load the following page. 2. Select the SSIDs and LAN networks for the portal to take effect on and configure basic - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 179
Chapter 4 Configure the Network with Omada SDN Controller 3. In the Access Control section, configure access control rules including Pre-Authentication Access and Authentication-Free Policy if needed. Pre-Authentication Access Pre-Authentication Access List Authentication-Free Policy - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 180
Chapter 4 ■■ Configuring Portal with Facebook 1. Go to Settings > Authentication > Portal. Click Configure the Network with Omada SDN Controller to enable Portal and load the following page. 2. Select the SSIDs and LAN networks for the portal to take effect on and configure basic parameters. SSID - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 181
page. The controller automatically adjusts the language displayed on the Portal page according to the system language of the clients. If the language is not supported, the controller will use the default language specified here. 175 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 182
can configure your desired text color for the welcome information by entering the hexadecimal HTML color code manually or through the color picker. Click the checkbox and enter text as the terms of service in the following box. Click the checkbox and enter text as the copyright in the following box - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 183
Chapter 4 Configure the Network with Omada SDN Controller Click Advertisement Options and customize advertisement pictures on the authentication page. Advertisement Click the checkbox to enable the Advertisement feature. With this feature enabled, you can add advertisement pictures on the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 184
. Click and enter the IP address or MAC address of Authentication-Free clients. 4. 9. 2 802.1X Overview 802.1X provides port-based authentication service to restrict unauthorized clients from accessing to the network through publicly accessible switch ports. An 802.1X-enabled port allows only - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 185
TP-Link 802.1X authentication client software on the client hosts, enabling them to request 802.1X authentication to access the LAN. ■■ Authenticator An authenticator is usually a network device that supports identity, 802.1X can also deliver customized services. For example, 802.1X and VLAN - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 186
packets are encapsulated in other protocol (such as RADIUS) packets, and transmitted to the authentication server. To use this authentication mechanism, the RADIUS server should support EAP attributes. 180 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 187
Chapter 4 Authentication Type VLAN Assignment MAB Configure the Network with Omada SDN Controller Select the 802.1X authentication type. Port Based: After a client connected to the port gets authenticated successfully, other clients can access the network via the port without authentication. MAC - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 188
Chapter 4 Configure the Network with Omada SDN Controller Note: Both MAC-Based Authentication and Portal authentication can authenticate wireless clients. If both are configured on a wireless network, a wireless client needs to pass MAC-Based Authentication first and then Portal authentication for - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 189
legal users. It authenticates users against the database when the users are requesting to access the network, and provides authorization and accounting services for them. A RADIUS profile records your custom settings of a RADIUS server. After creating a RADIUS profile, you can apply it to multiple - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 190
Chapter 4 Configure the Network with Omada SDN Controller Configuration 1. Go to Settings > Authentication > RADIUS Profile. Click page. to load the following 2. Enter the information of the RADIUS servers. Refer to the following table to configure the required parameters and click Save. Name - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 191
Chapter 4 Configure the Network with Omada SDN Controller Accounting Password Enter the password that will be used to validate the communication between Omada devices and the RADIUS accounting server. 185 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 192
Network After: Remote User can simply use Domain Name to access Local Network through WAN Port. In this example, Domain Name is mysite.ddns.net. Service Provider Use Domain Name (mysite.ddns.net) to access Local Network. Remote User Internet Domain Name is constant: 2020/05/27: mysite.ddns.net - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 193
with Omada SDN Controller Prerequisite: Choose one Service Provider from the four that the controller supports, i.e. DynDNS, No-IP, Peanuthull, Comexe. Register at your Service Provider, then you get your Username and Password. Get your Domain Name from your Service Provider. How Dynamic DNS works - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 194
service provider. If you haven't registered at the service provider, click Go To Register. Enter your password for the service provider. Enter the Domain Name which is provided by your service NMS (Network Management Station). The controller supports multiple SNMP versions including SNMPv1, SNMPv2c - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 195
, the traffic between the endpoints of these applications can freely pass the gateway, thus realizing seamless connections. Configuration Go to Settings > Services > UPnP. Enable UPnP globally and configure the parameters. Then click Apply. Interface Networks Select the WAN port where UPnP takes - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 196
use an SSH terminal to manage devices which are managed by the controller, you can only get the User privilege. Configuration Go to Settings > Services > SSH. Enable SSH Login globally and configure the parameters. Then click Apply. SSH Server Port Layer 3 Accessibility Specify the SSH Sever Port - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 197
Chapter 4 Configure the Network with Omada SDN Controller Configuration 1. Go to Settings > Services > Reboot Schedule. Click + Create New Reboot Schedule to load the following page and configure the parameters. Name Status Occurrence Devices List Enter the name to - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 198
Chapter 4 Configure the Network with Omada SDN Controller Configuration 1. Go to Settings > Services > PoE Schedule. Click + Create New PoE Schedule to load the following page and configure the parameters. Name Status Time Range Devices List Enter the name - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 199
Chapter 4 Configure the Network with Omada SDN Controller Configuration Go to Settings > Services > Export Data. Select the type of data from the export list and click Export. Export List Mode Format Device List: Export the list of managed - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 200
5 Configure the Omada SDN Controller Controller Settings control the appearance and behavior of the controller and provide methods of data backup, restore and migration: • Manage the Controller • Manage Your Controller Remotely via Cloud Access • Maintenance • Migration • Auto Backup - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 201
Chapter 5 5. 1 Manage the Controller Configure the Omada SDN Controller 5. 1. 1 General Settings Configuration Go to Settings > Controller. In General Settings, configure the parameters and click Save. ■■ For Omada Hardware Controller Controller Name Specify the Controller Name to identify the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 202
Server feature works with the SMTP (Simple Mail Transfer Protocol) service provided by an email service provider. Configuration 1. Log in to your email account and enable the SMTP (Simple Mail Transfer Protocol) Service. For details, refer to the instructions of your email service provider. 196 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 203
the port used by the SMTP server according to the instructions of the email service provider. Enable or disable SSL according to the instructions of the email service provider. SSL (Secure Sockets Layer) is used to create an encrypted link between the controller and the SMTP server. Enable or - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 204
Improvement Program Configuration Click the checkbox if you agree to participate in the customer experience improvement program and help improve the quality and performance of TP-Link products by sending statistics and usage information. 198 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 205
Chapter 5 5. 1. 5 HTTPS Certificate Configure the Omada SDN Controller Overview If you have assigned a domain name to the controller for login, to eliminate the "untrusted certificate" error message that will appear in the login process, you can import the corresponding SSL certificate and private - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 206
Chapter 5 Configure the Omada SDN Controller • Access Config is only available on Omada Software Controller and Omada Hardware Controller. • Once applying the change of HTTPS and HTTP port, restart the controller to make the change effective. • For security, the HTTPS and HTTP port for Potal - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 207
> Cloud Access. Enable Cloud Access. 2 ) Enter your TP-Link ID and password. Then click Log In and Bind. ■■ For Omada Cloud-Based Controller Your Omada Cloud-Based Controller is based on the Cloud, so it's naturally accessible through Cloud Service. No additional preparation is needed. 201 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 208
Chapter 5 Configure the Omada SDN Controller 2. Access your controller through Cloud Service Go to Omada Cloud and login with your TP-Link ID and password. A list of controllers that have been bound with your TP-Link ID will appear. Then click to manage the controller. 202 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 209
Chapter 5 5. 3 Maintenance Configure the Omada SDN Controller 5. 3. 1 Controller Status Go to Settings > Maintenance. In Controller Status, you can view the controller-related information and status. Controller Name MAC Address System Time Uptime Controller Version Displays the controller name, - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 210
Chapter 5 Configure the Omada SDN Controller Configuration Go to Settings > Maintenance. In User Interface, configure the parameters and click Apply. Use 24-Hour Time Statistic/Dashboard Timezone Fixed Menu With Use 24-Hour Time enabled, time is displayed in a 24-hour format. With Use 24Hour - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 211
updates in real time some part of its data on the web interface, which is transmitted using the WebSocket service, so that you don't need to refresh them manually. 5. 3. 3 Backup & Restore Overview You can backup the configuration and data of your controller to prevent any loss of important - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 212
Chapter 5 Configure the Omada SDN Controller ■■ Restore Go to Settings > Maintenance. In Backup & Restore section, Click Browse and select a backup file from your computer. Click Restore. 206 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 213
allow users to migrate the configurations and data to any other controller. Migration services include Site Migration and Controller Migration, covering all the needs to migrate both a single site and the whole controller. 5. 4. 1 Site Migration Overview Site Migration allows - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 214
Chapter 5 Configure the Omada SDN Controller Export Site Migrate Site Migrate Devices 3. Go to Settings > Migration. On the Site Migration tab, click start button on the following page. 4. Select the site to be imported into the second controller in the Select Site drop-down list. Click Export - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 215
Chapter 5 Configure the Omada SDN Controller Export Site Migrate Site Migrate Devices 1. Start and log in to the target controller, click the top right corner of the screen and select , and then the following window will pop up. 2. Enter a unique name for the new site. Click Browse to - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 216
Chapter 5 Configure the Omada SDN Controller Export Site Migrate Site Migrate Devices 1. Enter the IP address or URL of your target controller into Controller IP/Inform URL input filed. In this case, the IP address of the target controller is 10.0.3.23. Note: Make sure that you enter the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 217
Chapter 5 Configure the Omada SDN Controller 2. Select the devices that are to be migrated by clicking the box next to each device. By default, all the devices are selected. Click Migrate Devices to migrate the selected devices to the target controller. 211 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 218
Chapter 5 Configure the Omada SDN Controller 3. Verify that all the migrated devices are visible and connected on the target controller. When all the migrated devices are in Connected status on the Device page on the target controller, click Forget Devices to finish the migration process. 4. When - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 219
Chapter 5 Configure the Omada SDN Controller The process of migrating configurations and data from the current controller to another controller can be summarized in three steps: Export Controller, Migrate Controller and Migrate Devices. Controller Migration Controller A Controller B 1 Export - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 220
Chapter 5 Configure the Omada SDN Controller Export Controller Migrate Controller Migrate Devices 1. Go to Settings > Migration. On the Controller Migration tab, click start button on the following page. 214 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 221
Chapter 5 Configure the Omada SDN Controller 2. Select the length of time in days that data will be backed up in the Retained Data Backup, and click Export to export the configurations and data of your current controller as a backup file. If you have backed up the file, click Skip. Export - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 222
Chapter 5 Configure the Omada SDN Controller 2. After the file has been imported to the target controller, go back to the previous controller and click Confirm. Export Controller Migrate Controller Migrate Devices 1. Enter the IP address or URL of your target controller into Controller IP/ - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 223
Chapter 5 Configure the Omada SDN Controller 2. Select the devices that are to be migrated by clicking the box next to each device. By default, all the devices are selected. Click Migrate Devices to migrate the selected devices to the target controller. 217 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 224
Chapter 5 Configure the Omada SDN Controller 3. Verify that all the migrated devices are visible and connected on the target controller. When all the migrated devices are in Connected status on the Device page on the target controller, click Forget Devices to finish the migration process. When - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 225
Chapter 5 5. 5 Auto Backup Configure the Omada SDN Controller Overview With Auto Backup enabled, the controller will be scheduled to back up the configurations and data automatically at the specified time. You can easily restore the configurations and data when needed. Note: • For OC200, Auto - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 226
backup file. The exported file will be saved in the saving path of your web browser. Delete the backup file. Note: • To back up data manually and restore the data to the controller, refer to Backup & Restore to configure Backup&Restore. • The configuration of cloud users can be neither backed up - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 227
6 Configure and Monitor Omada Managed Devices This chapter guides you on how to configure and monitor Omada managed devices, including gateways, switches and EAPs. You can configure the devices individually or in batches to - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 228
Chapter 6 Configure and Monitor Omada Managed Devices 6. 1 Introduction to the Devices Page Overview The Devices page displays all TP-Link devices discovered by the controller and their general information. For an easy monitoring of the devices, you can customize the column and filter the devices - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 229
Chapter 6 Configure and Monitor Omada Managed Devices The connected device has lost connection with the controller for more than 5 minutes. (For APs in the mesh network) When this icon appears with a status icon, it indicates the EAP with mesh function and no wired connection is detected by the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 230
device. Click to upgrade the device's firmware version. This icon appears when the device has a new firmware version. For Automatic Upgrades, refer to Services. ■■ Batch Edit (for Switches and EAPs) After selecting the Gateway/Switches or APs tab, you can adopt or configure the switches or EAPs in - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 231
all in the Pending status, the controller will adopt then with the default username and password. If not, enter the username and password manually to adopt the devices. Click , select Batch Config, click the checkboxes of devices, and click Edit Selected. Then the Properties window appears. There - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 232
Chapter 6 Configure and Monitor Omada Managed Devices 6. 2 Configure and Monitor the Gateway In the Properties window, you can configure the gateway managed by the controller and monitor the performance and statistics. By default, all configurations are synchronized with the current site. To open - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 233
The device's LED will work following the settings of the site. To view and modify the site settings, refer to Services. On/Off: The device's LED will keep on/off. ■■ Services In Services, you can configure SNMP to write down the location and contact detail, and enable IGMP Proxy to detect multicast - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 234
Devices ■■ Advanced In Advanced, you can configure Hardware Offload, LLDP (Link Layer Discovery Protocol) and Echo Server to make better use of network monitor the latency of the network automatically or manually. If you click Custom, enter the IP address or hostname of your custom server. - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 235
Chapter 6 Configure and Monitor Omada Managed Devices ■■ Manage Device In Manage Device, you can upgrade the device's firmware version manually, move it to another site, synchronize the configurations with the controller, and forget the router. Custom Upgrade Move to Site Force Provision Forget - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 236
Chapter 6 Configure and Monitor Omada Managed Devices ■■ Common Settings In Common Settings, you can click the path to jump to corresponding modules quickly. 6. 2. 2 Monitor the Gateway One panel and three tabs are provided to monitor the device in the Properties window: Monitor Panel, Details, - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 237
Chapter 6 Configure and Monitor Omada Managed Devices You can hover the cursor over the port icon for more details. Details In Details, you can view the basic information of the router and statistics of WAN ports to know the device's running status briefly. ■■ Overview In Overview, you can view - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 238
Chapter 6 Configure and Monitor Omada Managed Devices ■■ WAN In WAN, you can view the basic information and statistics of the WAN port, such as the IP address, speed, duplex, and upload and download traffic. Network In Network, you can view the network information of the router, including the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 239
Chapter 6 Configure and Monitor Omada Managed Devices Statistics In Statistics, you can monitor the CPU and memory of the device in last 24 hours via charts. To view statistics of the device in a certain period, click the chart to jump to View the Statistics of the Network. 233 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 240
in Ports, and in Config, you can configure the switch features. Ports Port and LAG are two tabs designed for physical ports and LAGs (Link Aggregation Groups), respectively. Under the Port tag, all ports are listed but you can configure physical ports only, including overriding the applied profiles - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 241
Chapter 6 Configure and Monitor Omada Managed Devices ■■ Port In Port, you can view and configure all ports' names and applied profiles. Status Profile Action Displays the port status in different colors. : The port profile is Disabled. To enable it, click to change the profile. : The port is - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 242
Chapter 6 Configure and Monitor Omada Managed Devices To configure a single port, click in the table. To configure ports in batches, click the checkboxes and then click Edit Selected. Then you can configure the port name and profile. By default, all settings are Keep Existing for batch - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 243
Chapter 6 Configure and Monitor Omada Managed Devices • Override the Applied Profile If you select Switching for Operation, configure the following parameters and click Apply to override the applied profile. To discard the modifications, click Remove Overrides and all profile configurations will - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 244
any means. The switch cannot provide authentication services to the client through the port. duplex automatically. Manual: Specify the speed and duplex from the drop-down list manually. Click . Click the checkbox to enable LLDP-MED (Link Layer Discovery Protocol-Media Endpoint Discovery) for device - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 245
a copy of traffics passing through the mirrored port to the mirroring port. You can use mirroring to analyze network traffic and troubleshoot network problems. To configure Mirroring, select the mirrored port or LAG, specify the following parameters, and click Apply. To discard the modifications - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 246
member ports of LAG cannot be selected as mirrored ports. PoE Mode Link Speed Spanning Tree Ingress Rate Limit (Only for PoE ports) Select negotiates the speed and duplex automatically. Manual: Specify the speed and duplex from the drop-down list manually. Click the checkbox to enable Spanning - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 247
up to eight member ports. All the member ports share the bandwidth evenly. If an active link fails, the other active links share the bandwidth evenly. • One LACP LAG supports multiple member ports, but at most eight of them can work simultaneously, and the other member ports are backups. Using - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 248
your switch. For example, if your switch supports up to 14 LAGs, the valid value ranges from 1 to 14. Select the LAG type as Static LAG, and the member ports are added to the LAG manually. Select the LAG type as LACP (Link Aggregation Control Protocol), and the switch use LACP to implement - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 249
Chapter 6 Configure and Monitor Omada Managed Devices ■■ LAG LAGs (Link Aggregation Groups) are logical interfaces aggregated, which can increase link bandwidth and enhance the connection reliability. You can view and edit the LAGs under the LAG tab. To configure physical ports as a LAG, refer to - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 250
the LAG members and configure the following parameters. Link Speed Spanning Tree Select the speed mode for the port. Auto: The port negotiates the speed and duplex automatically. Manual: Specify the speed and duplex from the drop-down list manually. Click the checkbox to enable Spanning Tree. It - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 251
the traffic exceeds the limit. Config In Config, click the sections to configure the features applied to the selected switch(es), including the general settings, services, and networks. 245 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 252
's LEDs work. Use Site Settings: The device's LED will work following the settings of the site. To view and modify the site settings, refer to Services. On/Off: The device's LED will keep on/off. Select a tag from the drop-down list or create a new tag to categorize the device. 246 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 253
Chapter 6 Configure and Monitor Omada Managed Devices ■■ Services In Services, you can configure Management VLAN, Loopback Control and SNMP. Management VLAN To configure Management VLAN, create a network in LAN first, and then select it as - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 254
device) Configure SNMP to write down the location and contact detail. You can also click Manage to jump to Settings > Services > SNMP, and for detailed configuration of SNMP service, refer to SNMP. ■■ IP Settings (Only for configuring a single device) In IP Settings, select an IP mode and configure - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 255
Chapter 6 Configure and Monitor Omada Managed Devices If you select Static as the mode, set the IP address, IP mask, gateway, and DNS server for the static address. 249 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 256
Chapter 6 Configure and Monitor Omada Managed Devices ■■ Manage Device In Manage Device, you can upgrade the device's firmware version manually, move it to another site, synchronize the configurations with the controller and forget the switch. Custom Upgrade Move to Site Force Provision Click - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 257
Chapter 6 Forget Configure and Monitor Omada Managed Devices Click Forget and then the device will be removed from the controller. Once forgotten, all configurations and history related to the device will be wiped out. 6. 3. 2 Monitor Switches One panel and four tabs are provided to monitor the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 258
Chapter 6 Tx Bytes Rx Bytes Profile PoE Power Uplink Mirroring From LAG ID Configure and Monitor Omada Managed Devices Displays the amount of data transmitted as bytes. Displays the amount of data received as bytes. Displays the name of profile applied to the port, which defines how the packets in - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 259
Chapter 6 Configure and Monitor Omada Managed Devices ■■ Uplink (Only for the switch connected to an Omada-managed router/switch in Connected status) Click Uplink to view the uplink information, including the uplink port, the uplink device, the negotiation speed, and transmission rate. ■■ - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 260
Chapter 6 Configure and Monitor Omada Managed Devices Statistics In Statistics, you can monitor the CPU and memory of the device in last 24 hours via charts. To view statistics of the device in certain period, click the chart to jump to View the Statistics of the Network. 254 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 261
Chapter 6 Configure and Monitor Omada Managed Devices 6. 4 Configure and Monitor EAPs In the Properties window, you can configure one or some EAPs connected to the controller and monitor the performance and statistics. Configurations changed in the Properties window will be applied only to the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 262
's LEDs work. Use Site Settings: The device's LED will work following the settings of the site. To view and modify the site settings, refer to Services. On/Off: The device's LED will keep on/off. Select a tag from the drop-down list or create a new tag to categorize the device. ■■ IP - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 263
Chapter 6 Configure and Monitor Omada Managed Devices address to hold an IP address in reserve for the situation in which the device fails to get a dynamic IP address. Enable Fallback IP and then set the IP address, IP mask and gateway. 257 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 264
Chapter 6 Configure and Monitor Omada Managed Devices If you select Static as the mode, set the IP address, IP mask, gateway, and DNS server for the static address. 258 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 265
20% (round off the value) Medium: Min. TxPower + (Max. TxPower-Min. TxPower) * 60% (round off the value) High: Max. TxPower Custom: Specify the value manually. ■■ WLANs In WLANs, you can apply the WLAN group to the EAP and specify a different SSID name and password to override the SSID in the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 266
Chapter 6 Configure and Monitor Omada Managed Devices use the new password to access the network. To create or edit WLAN groups, refer to Configure Wireless Networks. (Only for configuring a single device) To override the SSID, select a WLAN group, click in the entry and then the following page - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 267
device) Configure SNMP to write down the location and contact detail. You can also click Manage to jump to Settings > Services > SNMP, and for detailed configuration of SNMP service, refer to SNMP. ■■ Advanced In Advanced, configure Load Balance and QoS to make better use of network resources. Load - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 268
Chapter 6 Select the frequency band Configure and Monitor Omada Managed Devices and configure the following parameters and features. Max Associated Clients RSSI Threshold Enable this function and specify the maximum number of connected clients. If the connected client reaches the maximum number, - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 269
Chapter 6 Configure and Monitor Omada Managed Devices ETH VLAN/ETH2 VLAN/ ETH3 VLAN (Only for Wall Plate AP) Enable this function and add the corresponding AP's LAN port to the VLAN specified here. Then the hosts connected to this EAP can only communicate with the devices in this VLAN. ETH3 PoE - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 270
Chapter 6 Configure and Monitor Omada Managed Devices ■■ Manage Device In Manage Device, you can upgrade the device's firmware version manually, move it to another site, synchronize the configurations with the controller and forget the AP. Custom Upgrade Move to Site Force Provision Click Browse - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 271
Chapter 6 Forget this AP Configure and Monitor Omada Managed Devices Click Forget and then the device will be removed from the controller. Once forgotten, all configurations and history related to the device will be wiped out. 6. 4. 2 Monitor EAPs One panel and four tabs are provided to monitor - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 272
Chapter 6 Tx Error/Dropped Rx Error/Dropped Configure and Monitor Omada Managed Devices Displays the percentage of transmit packets that have errors and the percentage of packets that were dropped. Displays the percentage of receive packets that have errors and the percentage of packets that were - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 273
Chapter 6 Configure and Monitor Omada Managed Devices ■■ Uplink (Wireless) (Only for devices in the Connected status) Click Uplink (Wireless) to view the traffic information related to the uplink AP, including the signal strength, transmission rate, ratio of packets number and size, and dynamic - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 274
EAPs. Meanwhile, because of the ability to self-organize and selfconfigure, mesh also can efficiently reduce the configuration. Note that only certain EAP models support Mesh, and the EAPs should be in the same site to establish a Mesh network. To understand how mesh can be used, the following terms - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 275
Chapter 6 Configure and Monitor Omada Managed Devices A common mesh network is shown as below. Only the root AP is connected by an Ethernet cable, while other APs have no wired data connection. Mesh allows the isolated APs to communicate with preconfigured root AP on the network. Once powered up, - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 276
: factory default EAPs and EAPs that has been managed by the controller before. Go to Devices to adopt an EAP in Pending (Wireless) status or link an isolated AP. 1) For the factory default EAP, after powering on the device, the EAP will be in Pending (Wireless) status with the icon in - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 277
it is discovered by controller again. Click to connect the Uplink AP in the Devices list. The following page will be shown as below, click Link to connect the Uplink AP. Once mesh network has been established, the EAP can be managed by the controller in the same way as a wired - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 278
to search the available uplink APs and refresh the list, and click Link to connect the uplink AP and build up a mesh network. Tips: • You can manually select the uplink AP that you want to connect in the uplink network to start scanning. • The APs in the mesh network do not support RF Scanning. 272 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 279
Chapter 6 Select the frequency band Configure and Monitor Omada Managed Devices to view and analyze the scan results. Each colored bar graph displays the information about channel utilization and interference on a channel. The filling area of the bar represents the channel utilization. And the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 280
Chapter 6 Configure and Monitor Omada Managed Devices You can hover the cursor over a channel option for more details. Radio Channel Width Used Channels Frequency Range Utilization Interference Interference Type Displays the radio that the AP uses. Displays the width of the channel. Displays the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 281
Chapter 6 Configure and Monitor Omada Managed Devices Statistics In Statistics, you can monitor the utilization of the device in last 24 hours via charts, including CPU/ Memory Monitor, Channel Utilization, Dropped Packets, and Retried Packets. To view statistics of the device in certain period, - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 282
7 Monitor and Manage the Clients This chapter guides you on how to monitor and manage the clients through the Clients page using the clients table and the properties window and the Hotspot Manager - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 283
Chapter 7 Monitor and Manage the Clients 7. 1 Manage Wired and Wireless Clients in Clients Page 7. 1. 1 Introduction to Clients Page The Clients page offers a straight-forward way to manage and monitor clients. It displays all connected wired and wireless clients in the chosen site and their - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 284
to block the client in the chosen site. You can view blocked clients in Known Clients. (With portal authentication enabled) Click to manually authorize the client that has not passed the portal authentication. (With portal authentication enabled) Click to unauthorize the client that has passed the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 285
Chapter 7 Monitor and Manage the Clients 7. 1. 3 Using the Properties Window to Monitor and Manage the Clients In Properties window, you can view more detailed information about the connected client(s) and manage them. To open the Properties window, click the entry of a single client, or click the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 286
Chapter 7 Monitor and Manage the Clients Under the History tab, you can view the connection history of the client. 280 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 287
Chapter 7 ■■ Manage a Single Client In Config, you can configure the following parameters: Monitor and Manage the Clients Alias Rate Limit Use Fixed IP Address Specify the client's alias to better identify different clients, and the alias is used as the client's username in the table on the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 288
such as the Layer 3 switch and the gateway. Use Fixed IP Address: Select a network and assign fixed IP addresses to the chosen clients manually. To view and configure networks, refer to Configure Wired Networks. Note that an Omada-managed gateway is required for this function. Otherwise, you cannot - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 289
Chapter 7 Monitor and Manage the Clients You can view their names and IP addresses in the Clients tab and remove client(s) from Batch Client Configuration by clicking in the Action column. 283 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 290
Chapter 7 Monitor and Manage the Clients 7. 2 Manage Client Authentication in Hotspot Manager Hotspot Manager is a portal management system for centrally monitoring and managing the clients authorized by portal authentication. The following four tabs are provided in the system for a easy and - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 291
Chapter 7 Monitor and Manage the Clients clients for them to access the network via portal authentication. For detailed configurations, refer to Portal. Create vouchers Follow the steps below to create vouchers for authentication: 1. Click Hotspot Manager from the drop-down list of Sites and - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 292
Chapter 7 Monitor and Manage the Clients Amount Type Duration Download/Upload Limit Traffic Limit Description (optional) Specify the number of voucher codes you want to create. Select a type to limit the usage counts or the number of authorized users of a voucher code. Limited Usage Counts: The - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 293
can use the codes to pass authentication. If a voucher code expires, it will be automatically removed from the list. 6. To delete certain vouchers manually, click multiple voucher codes at a time. to delete a single voucher, or Delete to delete 7. 2. 3 Local Users The Local Users tab is used to - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 294
Chapter 7 Monitor and Manage the Clients To create local user accounts, follow the steps below. 1. Click Hotspot Manager from the drop-down list of Sites and click Local Users in the pop-up page. 2. Create Local User accounts through two different ways. ■■ Create Local User accounts Click +Create - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 295
Dynamic Type Binding. No Binding: No MAC address is bound to the local user account. Static Binding: Bind a MAC address to this user account manually. Then only the user with the this MAC address can use the username and password to pass the authentication. Dynamic Binding: The MAC address of - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 296
Chapter 7 Monitor and Manage the Clients ■■ Create Local User accounts from files. Click on the upper-right, and the following window pops up. Select a file in the format of CVS or Excel, and click Import. To see required parameters and corresponding explanation, refer to Create Local User - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 297
Chapter 7 Monitor and Manage the Clients operators have no privileges to create operator accounts, which offers convenience and ensures security for client authentication. Create Operators To create operator accounts, follow the steps below. 1. Click Hotspot Manager from the drop-down list of - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 298
Chapter 7 Monitor and Manage the Clients 4. The operator accounts are created and displayed in the table. You can view the information of the create operator accounts on the page, search certain accounts through the name and notes, and use icons for management. Click to edit the parameters for - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 299
8 Monitor the Network This chapter guides you on how to monitor the network devices, clients, and their statistics. Through visual and real-time presentations, Omada SDN Controller keeps you informed about - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 300
Chapter 8 8. 1 View the Status of Network with Dashboard Monitor the Network 8. 1. 1 Page Layout of Dashboard Dashboard is designed for a quick real-time monitor of the site network. An overview of network topology is at the top of Dashboard, and the below is a tab bar followed with customized - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 301
Chapter 8 Monitor the Network You can hover the cursor over the gateway, switch, AP, client or guest icons to check their status. For detailed information, click the icon here to jump to the Devices or Clients section. Tab Bar You can customize the widgets displayed on the tab for Dashboard page. - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 302
. For detailed configuration, refer to Manage Administrator Accounts of Omada SDN Controller and Manage Your Controller Remotely via Cloud Access in this guide. Network Widgets in Network use lists and charts to illustrate the traffic status of wired and wireless networks in the site, including - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 303
Chapter 8 Monitor the Network ■■ Alerts The Alerts widget displays the total number of unarchived alerts happened in the site and details of the latest five. To view all the alerts and archive them, click Details to jump to Log > Alerts. To specify events appeared in Alerts, go to Log > - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 304
Chapter 8 Monitor the Network ■■ Wi-Fi Traffic Distribution The Wi-Fi Traffic Distribution widget displays channel distribution of all connected EAPs in the site. Good, Fair, and Poor are used to describe channel status which indicates channel interference from low to high. You can hover your - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 305
Chapter 8 Monitor the Network ■■ Traffic Distribution The Traffic Distribution widget uses a pie chart to display the traffic distribution on EAPs and switches in the site within the time range. Click the tab to display the statistic of EAPs or switches, and click the slice to view the total - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 306
Chapter 8 Monitor the Network ■■ Traffic Activities The Traffic Activities widget displays the Tx and Rx data of EAPs and switches within the time range. Only activities of the devices in the connected status currently will be counted. Click the tab to display the statistic of EAPs or switches, - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 307
Chapter 8 Monitor the Network To view all the clients connected to the network, click Details to jump to the Clients section. You can also click the traffic number in the widget to open the client's Properties window for further configurations and monitoring. For details, refer to Client. ■■ - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 308
Chapter 8 Monitor the Network The total value of a column shows the total number of connected clients in this time period, and the segments in three colors shows the change of client number compared with the last time period. Blue represents the newly connected clients, orange is the clients have - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 309
Chapter 8 Monitor the Network 8. 2 View the Statistics of the Network Statistics provides a visual representation of device data in Omada SDN Controller. You can easily monitor the network traffic and performance under the following tabs, Performance, Switch Statistics, and Speed Test Statistics. - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 310
Chapter 8 Monitor the Network ■■ User Counts The User Counts graph displays the number of users connected to the devices during the selected time range. Hover the cursor over the line to display the specific values. ■■ Usage The Usage graph uses the orange line and yellow line to display the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 311
Chapter 8 Monitor the Network ■■ Packets The Packets graph uses the dark blue line and light blue line to display the number of packets transmitted and received during the selected time range, respectively. Hover the cursor over the lines to display the specific values. ■■ Dropped The Dropped - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 312
Chapter 8 Monitor the Network ■■ Retries The Retries graph uses the dark blue line and light blue line to display the number of times that the data packets are transmitted again and received again during the selected period, respectively. Hover the cursor over the lines to display the specific - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 313
Chapter 8 Monitor the Network Select bps, Bytes or Packets to specify the data type and measuring unit. bps: Displays the traffic rate in bps. Bytes: Displays the traffic statistics in Bytes. Packets: Displays the total number of packets. If you select Packet, click the tab to specify which type - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 314
, including the network latency and speed. To enable the speed test, go to Settings > Sites, enable Periodic Speed Test in Service, and specify the test interval. For details, refer to Services. Tab Bar The tab and calendar on the top are used to specify the displayed statistics, and the legends on - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 315
Chapter 8 Monitor the Network ■■ Latency The Latency graph displays the time that it takes for a packet to travel from the gateway to the service provider's gateway. ■■ Speed The Speed graph uses the blue line and green line to display the upload and download speed of the WAN port, respectively. - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 316
Chapter 8 Monitor the Network 8. 3 Monitor the Network with Map In the Map section, you can look over the topology and device provisioning of network in Topology, and customizes a visual representation of your network in Map. 8. 3. 1 Topology Go to Map > Topology, and you can view the topology - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 317
8 Monitor the Network For a better overview of the network topology, you can control the display of branches, the size of the diagram, and the link labels. ■■ Display of Branches The default view shows the all devices connected by solid and dotted lines. Click the icon of the client group to - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 318
, duplex type, and connected port number. Note that only the switch's port number can be displayed in the label. (For Link Aggregation) Displays the LAG speed, duplex type, LAG ID, and the port number of LAG members. (For wireless connections between APs) Displays the RSSI (displayed - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 319
Chapter 8 Monitor the Network ■■ Customize Map Click the following icons to add, edit, and select the map. After selecting a map, click and drag in the devices from the Devices list to place it on the map according to the actual locations. Click to add a map. In the pop-up window, enter the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 320
Chapter 8 Monitor the Network ■■ Diagram Size Click the icons at the right corner to adjust the size of the topology and view the legends. Click to fit the map to the web page. Click to zoom in the map. Click to zoom out the map. 314 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 321
Chapter 8 Monitor the Network 8. 4 View the Statistics During Specified Period with Insight In the Insight page, you can monitor the site history of connected clients, portal authorizations, and rouge APs. For a better monitoring, you can specify the time period and classify the clients and APs. - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 322
Chapter 8 Monitor the Network Click the tabs to filter the clients listed in the table. The three tabs can take effect simultaneously. All/Wireless/Wired: Click All to display both wireless and wired clients. Click Wireless or Wired to display wireless or wired clients only. All/Users/Guests: Click - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 323
Chapter 8 A search bar and a time selector are above the table for searching and filtering. Monitor the Network Enter the client name, SSID or MAC address to search the clients. Filter the clients based on Start Time. Click the selector to open the calendar. Click a specific date twice in the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 324
the rogue APs listed in the table based on the frequency band. Click to scan rogue APs. It may take several minutes, and the wireless service may be influenced during scanning. A string with a similar form as MAC address to recognize access points. Displays the operation channel and standard of the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 325
Chapter 8 Signal Last Seen Monitor the Network Displays the signal strength in percentage and dBm). Display the last time that the rogue AP was scanned by the controller. 319 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 326
5 View and Manage Logs The controller uses logs to record the activities of the system, devices, users and administrators, which provides powerful supports to monitor operations and diagnose anomalies. In the Logs page, you can conveniently monitor the logs in Alerts and Events, and configure their - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 327
Chapter 8 Monitor the Network 8. 5. 1 Alerts Alerts are the logs that need to be noticed and archived specially. You can configure the logs as Alerts in Notifications, and all the logs configured as Alerts are listed under the Alerts tab for you to search, filter, and archive. Content Click to - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 328
Chapter 8 Time Archive All Monitor the Network Displays when the activity happened. Click to archive all unarchived logs. Click to archive the log entry. Click to delete all archived alerts. Once deleted the archived alerts cannot be recovered. The unarchived alerts cannot be deleted. 8. 5. 2 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 329
Chapter 8 Content Time Monitor the Network Enter the content types, severity levels, or key words to search the logs. Click to delete all Events logs. Click the tabs to filter the logs listed in the table. The two tabs can take effect simultaneously. All/Errors/Warnings/Info: Click All to display - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 330
Chapter 8 Monitor the Network With proper configurations, the controller will send emails to the administrators when it records the logs. To specify the logs as Alert/Event, click the corresponding checkboxes of logs and click Apply. The following icons and tab are provided as auxiliaries. Reset - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 331
the port used by the SMTP server according to the instructions of the email service provider. Enable or disable SSL according to the instructions of the email service provider. SSL (Secure Sockets Layer) is used to create an encrypted link between the controller and the SMTP server. Enable or - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 332
specify. Enable Mail Server Enable Alert Emails in Site Enable Alert Emails in Admin 1. Go to Settings > Site and enable Alert Emails in the Services section. 2. (Optional) On the same page, enable Send similar alerts within seconds in one email and specify the time interval. When enabled, the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 333
Chapter 8 3. Click Apply. Monitor the Network Enable Alert Emails in Site Enable Alert Emails in Admin Enable Alert Emails in Logs Go to Admin and configure Alert Emails for the administrators and viewers to receive the emails. Click + Add New Admin Account to create an account or click to edit - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 334
Chapter 8 Monitor the Network Enable Alert Emails in Site Enable Alert Emails in Admin Enable Alert Emails in Logs Go to Logs and click Notifications. Click a tab of content types and enable Email for the activity logs that the controller emails administrators. Click Save. 328 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 335
9 Manage Administrator Accounts of Omada SDN Controller This chapter gives an introduction to different user levels of administrator accounts and guides you on how to create and manage them in the Admin page. The chapter includes the following sections: • Introduction to User Accounts • Manage and - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 336
Chapter 9 Manage Administrator Accounts of Omada SDN Controller 9. 1 Introduction to User Accounts Omada SDN Controller offers three levels of access available for users: master administrator, administrator, and viewer. Because the controller can be accessed both locally and via cloud access, - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 337
Chapter 9 Manage Administrator Accounts of Omada SDN Controller 9. 2 Manage and Create Local User Accounts By default, Omada SDN Controller automatically sets up a local user with the role called master administrator as the primary administrator. The username and password of the master - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 338
Chapter 9 Manage Administrator Accounts of Omada SDN Controller 2. Basic information including role and device permissions is shown. You can change the password and enable alert emails by checking the box. Click Save. 332 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 339
Chapter 9 Manage Administrator Accounts of Omada SDN Controller 9. 2. 2 Create and Manage Administrator and Viewer To create and manage local user account, follow these steps: 1. Click + Add New Admin Account. 333 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 340
Chapter 9 Manage Administrator Accounts of Omada SDN Controller 2. Select Local User for the administrator type in the pop-out window. Specify the parameters and click Create. Username Password Role Specify the username. The username should be different from the existing ones. Specify the - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 341
alert emails. Check the box if you want the created user to receive emails about alerts of the privileged sites. For detailed configurations, refer to Services. To edit and delete the accounts, click icons in the Action Column. To edit the parameters for the user. Master administrator can edit all - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 342
1 Set Up the Cloud Master Administrator For software and hardware controller, if you have not enabled the cloud access and bound the controller with a TP-Link ID in quick setup, to set up the cloud master administrator, follow these steps: 1. Go to Settings > Cloud Access to enable Cloud Access and - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 343
Chapter 9 1. Click + Add New Admin Account. Manage Administrator Accounts of Omada SDN Controller 2. Select Cloud User for the administrator type in the pop-out window. Specify the parameters and click Invite. 337 - TP-Link TL-SG3210XHP-M2 | Omada SDN Software Controller 4.2.8windows&linux U - Page 344
email address. If the email address has already been registered as a TP-Link ID, it will become a valid cloud user after accepting the invitation. alerts of the privileged sites. For detailed configurations, refer to Services. To edit and delete the accounts, click icons in the Action
User Guide
Omada SDN Controller
1910012926 REV4.0.1
November 2020
© 2020 TP-Link