How to configure Management VLAN in Omada SDN Controller 4.1.X?

Q&A of functional explanation or specification parameters
Updated 07-01-2020 06:24:04 AM
This Article Applies to: 

The management VLAN is a VLAN created to separate the management network from the data network. By default, the management VLAN is the LAN network in a network centrally managed by Omada SDN Controller 4.1.X.

You can change the management VLAN to improve network security. With a separated management VLAN, it is much harder for unauthorized users to modify the configurations or monitor the network.

This article takes two scenarios as examples to introduce how to configure Management VLAN:

  • Network with an Omada managed router as the gateway
  • Network with a non-Omada managed router as the gateway

Note:

  1. The Omada managed router refers to the TP-Link router that can be managed centrally by Omada SDN Controller 4.1.X, such as TL-ER7206 and TL-R605.
  2. Configurations in Omada Hardware Controller and Software Controller are the same. Here we take Omada Software Controller as an example. Before configuring Management VLAN, refer to User Guide to add the devices to the controller, and set up the computer running the controller to obtain IP address dynamically.
  3. When using Omada Cloud-Based Controller, you have no need to configure Management VLAN because it has separated the management data from user data to ensure the privacy. No user data will pass through the cloud.

 

Topology 1: Network with an Omada Managed Router as the Gateway

 

* The router can be managed by Omada SDN Controller 4.1.X.

In this scenario, the router, switches, and EAPs can be managed by Omada SDN Controller 4.1.X. After connecting and adding devices, launch the management page and follow the steps below to configure Management VLAN.

  1. Go to Settings > Wired Networks > LAN Networks and click Create New LAN to create a network (named MGMT VLAN with VLAN ID 4090 in this example) as Interface. Click the box of associated LAN interface (LAN1), enable DHCP Server and fill the DHCP range to assign IP addresses to devices in this network. After created, a profile with the same name will be added automatically, and its PVID is 4090.

 

  1. Go to Devices and add the devices to MGMT VLAN (VLAN 4090). You can configure the devices in batches and the steps for switches and EAPs are similar. Take the switch as an example. Click the Gateway/Switches tab, click  and then Batch Config to select the switches to be configured, and click Edit Selected to open the Properties window. Go to Config > Services, enable Management VLAN and configure the VLAN as MGMT VLAN (VLAN 4090).

 

 

After configuration, the switches and EAPs will be in the management VLAN (VLAN 4090) with new-assigned IP addresses. The controller can manage and monitor the devices in the separated management VLAN.

 

Topology 2: Network with a Non-Omada Managed Router as the Gateway

 

* The router cannot be managed by Omada SDN Controller 4.1.X.

In this scenario, only the switches and EAPs can be managed by Omada SDN Controller 4.1.X. After connecting and adding devices, launch the management page and follow the steps below to configure Management VLAN.

  1. Go to Settings > Wired Networks > LAN Networks and click Create New LAN to create a network (named MGMT VLAN with VLAN ID 4090 in this example) as VLAN. After created, a profile with the same name will be added automatically, and its PVID is 4090.

 

  1. Make sure the devices have obtained IP addresses dynamically or have proper static IP addresses.
  • If the devices obtain IP addresses automatically, make sure the DHCP server can assign IP addresses to devices in VLAN 4090.
  • If the devices use static IP addresses, note that the controller and devices should be in the same subnet.
  1. Go to Devices, click switch A to open the sidebar, and go to Ports. Click the edit icon of an idle port (port 4 in this example) and select a profile whose PVID is 4090.

 

  1. On the same page, go to Devices and add the devices to MGMT VLAN (VLAN 4090). You can configure the devices in batches and the steps for switches and EAPs are similar. Take the switch as an example. Click the Gateway/Switches tab, click  and then Batch Config to select the switches to be configured, and click Edit Selected to open the Properties window. Go to Config > Services, enable Management VLAN and configure the VLAN as MGMT VLAN (VLAN 4090).

 

 

  1. Reconnect the controller to switch A through port 4 (the idle port configured in step 3).

After configuration, the switches, EAPs, and controller will be in the management VLAN (VLAN 4090) with new-assigned IP addresses. The controller can manage and monitor the devices in the separated management VLAN.

 

Get to know more details of each function and configuration please go to Download Center to download the manual of your product.

AbonneerTP-Link hecht veel waarde aan privacy. Voor meer informatie over ons privacybeleid kan je onze Privacy Policy bekijken.

Krijg updates over nieuwe producten, samenwerkingen en ander interessant nieuws

From United States (English)?

Check products and services for your region.