Search
Search

How to manage EAPs at different sites across Internet using Omada Controller (via VPN Tunnel with DHCP Option138)? (Old UI)

User Application Requirement
Updated 08-03-2021 05:49:26 AM 28770
This Article Applies to: 

As shown below, HQ and Branch Office are connected with each other through IPSec VPN tunnel. In HQ, there are TP-Link EAP controller, EAP1 and TL-ER6120 (VPN Router) in subnet 192.168.1.0/24. In branch office, there are EAP2, layer 3 switch T2600G-28TS as DHCP Server (supporting DHCP option138) and TL-ER6120 (VPN router) in subnet 192.168.0.0/24.

This document will introduce how to manage EAPs at different sites across Internet using TP-Link EAP/Omada controller (via VPN Tunnel with DHCP option138). About how to choose VPN Router and set up site to site IPSec VPN tunnel, please refer to: Setting up Site-to-Site IPsec VPN on TP-Link Router

 

Step1. Configurations on T2600 switch in Branch Office

1.1 Change switch’s default IP address from 192.168.0.1 to 192.168.0.2 to avoid IP conflict with gateway router.

1.2 Enable DHCP Server Function on T2600G-28TS, and set DHCP Option138 as the IP address of Remote EAP/Omada Controller Host (192.168.1.253). And then the DHCP Server will tell the EAPs will the EAP/Omada Controller is, so that the EAP/Omada Controller and EAPs can communicate with each other among different subnets

1.3 Configure DHCP IP Address Pool (192.168.0.0/24) for EAP in branch office.

 

Step2. VPN Settings on TL-ER6120 in Branch Office

2.1 Disable DHCP server function on TL-ER6120 in Branch Office.

2.2 Go to VPN -> IKE -> IKE Proposal, and complete IKE Proposal settings shown as below.

2.3 Go to VPN -> IKE -> IKE Policy, and complete IKE Policy settings shown as below.

2.4 Go to VPN -> IPsec -> IPsec Proposal, and complete IPSec Proposal settings shown as below.

2.5 Go to VPN -> IPsec -> IPsec Policy, and complete IPsec Policy settings shown as below. Note: “Remote Gateway” should be the WAN IP address of TL-ER6120 in HQ.

 

Step3. VPN settings on TL-ER6120 in HQ are similar with “Step2”. Here we don’t describe them in detail any more. After all settings, the VPN tunnel will be established between HQ and Branch Office shown as below.

 

Step4. Run EAP Controller. The EAP will appear in EAP/Omada controller’s “pending” list, which means you can use EAP/Omada controller to adopt and manage this EAP now shown as below.

SubscriptionTP-Link takes your privacy seriously. For further details on TP-Link's privacy practices, see TP-Link's Privacy Policy.

Follow Us

About Us
Press
Where to Buy
Learning Center
Norway / English
Copyright © 2021 TP-Link Corporation Limited. All rights reserved.

From United States?

Get products, events and services for your region.

GO Other Option

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again

Cookie Settings Accept All Cookies

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again

Basic Cookies

These cookies are necessary for the website to function and cannot be deactivated in your systems.

Site Selection Popup

accepted_local_switcher

SMB Product Selection System

tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple

Livechat

__livechat, __lc2_cid, __lc2_cst, __lc_cid, __lc_cst, CASID

Youtube

VISITOR_INFO1_LIVE, YSC, LOGIN_INFO, PREF, CONSENT, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC

Analysis and Marketing Cookies

Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.

The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.

Google Analytics & Google Tag Manager & Google Optimize

_gid, _gat, _gat_global, _ga, _gaexp

Google Ads & DoubleClick

NID, IDE, test_cookie, id, 1P_JAR

Facebook

fr, spin, xs, datr, c_user, sb, _fbp

Crazy Egg

_ce.s, _CEFT, _gid, cean, _fbp, ceac, _drip_client_9574608, cean_asoc

Hotjar

_hjKB, _fbp, ajs_user_id, _BEAMER_LAST_UPDATE_zeKLgqli17986, _hjid, _gcl_au, _ga, ajs_anonymous_id, _BEAMER_USER_ID_zeKLgqli17986, _hjAbsoluteSessionInProgress, _hjFirstSeen, _hjIncludedInPageviewSample, _hjTLDTest

Baidu

Hm_lpvt_33178d1a3aad1dcf1c9b345501daa675, Hm_lvt_33178d1a3aad1dcf1c9b345501daa675, HMACCOUNT_BFESS

Linkedin

lms_analytics, AnalyticsSyncHistory, _gcl_au, liap