Omada Pro Logo official website Vigi Logo official website
Contact Us
Nordic / English

How to manage EAPs at different sites across Internet using Omada Controller (via VPN Tunnel with DHCP Option138) (Old UI)

User Application Requirement
Updated 06-28-2022 02:33:29 AM Number of views for this article92961
This Article Applies to:

As shown below, HQ and Branch Office are connected with each other through IPSec VPN tunnel. In HQ, there are TP-Link EAP controller, EAP1 and TL-ER6120 (VPN Router) in subnet 192.168.1.0/24. In branch office, there are EAP2, layer 3 switch T2600G-28TS as DHCP Server (supporting DHCP option138) and TL-ER6120 (VPN router) in subnet 192.168.0.0/24.

This document will introduce how to manage EAPs at different sites across Internet using TP-Link EAP/Omada controller (via VPN Tunnel with DHCP option138). About how to choose VPN Router and set up site to site IPSec VPN tunnel, please refer to: Setting up Site-to-Site IPsec VPN on TP-Link Router

Step1. Configurations on T2600 switch in Branch Office

1.1 Change switch’s default IP address from 192.168.0.1 to 192.168.0.2 to avoid IP conflict with gateway router.

1.2 Enable DHCP Server Function on T2600G-28TS, and set DHCP Option138 as the IP address of Remote EAP/Omada Controller Host (192.168.1.253). And then the DHCP Server will tell the EAPs will the EAP/Omada Controller is, so that the EAP/Omada Controller and EAPs can communicate with each other among different subnets

1.3 Configure DHCP IP Address Pool (192.168.0.0/24) for EAP in branch office.

Step2. VPN Settings on TL-ER6120 in Branch Office

2.1 Disable DHCP server function on TL-ER6120 in Branch Office.

2.2 Go to VPN -> IKE -> IKE Proposal, and complete IKE Proposal settings shown as below.

2.3 Go to VPN -> IKE -> IKE Policy, and complete IKE Policy settings shown as below.

2.4 Go to VPN -> IPsec -> IPsec Proposal, and complete IPSec Proposal settings shown as below.

2.5 Go to VPN -> IPsec -> IPsec Policy, and complete IPsec Policy settings shown as below. Note: “Remote Gateway” should be the WAN IP address of TL-ER6120 in HQ.

Step3. VPN settings on TL-ER6120 in HQ are similar with “Step2”. Here we don’t describe them in detail any more. After all settings, the VPN tunnel will be established between HQ and Branch Office shown as below.

Step4. Run EAP Controller. The EAP will appear in EAP/Omada controller’s “pending” list, which means you can use EAP/Omada controller to adopt and manage this EAP now shown as below.

Looking for More

Is this faq useful?

Your feedback helps improve this site.

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .

Your Privacy Choices

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .

Basic Cookies

These cookies are necessary for the website to function and cannot be deactivated in your systems.

TP-Link

SESSION, JSESSIONID, accepted_local_switcher, tp_privacy_banner, tp_privacy_base, tp_privacy_marketing, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType

Youtube

id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ

Zendesk

OptanonConsent, __cf_bm, __cfruid, _cfuvid, _help_center_session, _pendo___sg__.<container-id>, _pendo_meta.<container-id>, _pendo_visitorId.<container-id>, _zendesk_authenticated, _zendesk_cookie, _zendesk_session, _zendesk_shared_session, ajs_anonymous_id, cf_clearance

Analysis and Marketing Cookies

Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.

The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.

Google Analytics & Google Tag Manager

_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>

Google Ads & DoubleClick

test_cookie, _gcl_au