How to Manage Omada Devices at Different Sites Using Omada SDN Controller via VPN (Controller 5.0 or Above)

As the network scenario shown below, Controller is running in the HQ, Router B in the Branch Office can communicate with Router A through VPN. In this article, we will introduce how to use the Controller in HQ to manage the devices in Branch Office via VPN.

Step1: Establish the IPsec VPN between Router A and Router B

Note: In this article, we suppose Router A is an Omada gateway managed by the Controller, in practice, it is enough if Router A can set up IPsec VPN.

1. Configuration on Router A

Go to Settings > VPN > VPN, and click on Create New VPN Policy button to create an IPsec rule for Branch Office:

Click on Advance Settings, set up the parameters as you like, then click on Create.

2. Configuration on Router B

1) Enter Router B’s Standalone interface, go to VPN > IPsec > IPsec Policy, and click Add to create an IPsec rule for HQ.

Click on Advanced Settings, set up the parameter corresponding to what you have set on Router A.

2) Go to VPN > IPsec > IPsec SA to check if the IPsec VPN tunnel is established successfully.

3) Go to System Tools > Controller Settings > Controller Inform URL, enter the Controller’s IP in the box.

Step2: Pre-configuration for Router B on the Controller

Create a new site for Branch Office in the Controller.

1) Pre-configuration of WAN

Go to Settings > Wired Network > Internet to configure the WAN override for Router B. The parameters should be the same as the Standalone mode.

2) Pre-configuration of LAN

Go to Settings > Wired Networks > LAN > Network to configure the LAN override for Router B. The parameters should be the same as the Standalone mode.

3) Pre-configuration of IPsec VPN

Go to Settings > VPN > VPN, and click on Create New VPN Policy button to create a new IPsec rule with the same parameters set in Router B Standalone mode.

Step3: Adopt Router B on the Controller

1) Since Controller’s IP has been told to Router B in step 1.2.3, Router B will appear in the Controller Devices list. Click adopt button to adopt it, the pre-configuration of WAN, LAN, VPN you just set will be sent to Router B automatically.

2) Go to Insight > VPN status > IPsec VPN to check the IPsec tunnel between Router A and Router B.

Step4：Manage Omada devices in different sites via different tools

Method 1: L3 Omada Discovery Utility

1) Download the Omada Discovery Utility and run it on PC2.

2) Select them and click the "Batch Setting" buttons in the lower right corner.

3) Specify the Center IP as Controller IP, and enter the devices’ Username and Password.

4) After settings succeed, the switch and AP will appear in the Controller Devices list.

Method 2: DHCP Option 138

1) Go to Settings > Wired Network > LAN > Networks to configure the DHCP of Router B.

2) Click on Advanced Settings to display the DHCP Options list, find Option 138 and enter the Controller IP.

3) Connect the Switch and EAP to Router B to obtain the IP via DHCP, the Controller’s IP will be sent to the switch and EAP via DHCP Option 138. After that, the devices will appear in the Controller Devices list with “PENDING” status.

Method 3: Web Management Page

1) Enter the switch’s IP on the browser to access its management page, go to SYSTEM > Controller Settings > Controller Inform URL and enter the Controller’s IP on the box.

2) Enter the EAP’s IP on the browser to access its management page, go to System > Controller Settings > Controller Inform URL and enter the Controller’s IP on the box.