This will work great for classic DNS. User / kid can still bypass by configuring their local machine to use DoH to any DNS server they like. Or use a VPN that tunnels its own DNS. Kind of hard to lock that down. But this is useful until the kids get smart enough to find their way around it.
hey there @unrelativistic, thanks for dropping by the channel. And I agree, with anything about security, it's always a cat/trap-and-mouse approach. Build a better cat/trap to catch more mouse, and mouse evolves to get around the cat/trap :). If you are really paranoid though, you can do whitelisting and just block everything except those you want to go out ;)
Thanks for the videos, which help me optimize my configuration every time. Is it possible for you to show how to integrate opnsense or pfsens in the Omada environment?
hey there @JeanFrancoisCoquerelle, thanks for dropping by the channel and am glad it is helping you. As for pfsense, treat it just like any other firewall or router. I haven't used pfsense in a while and when I did, it was great except I used to run it on an old x86 PC that takes so much electricity :(. I have not used OpnSense so can't say much about it. It will really depend on your use-case and both have pros-cons. Here's a couple of ideas: * If you are not using ER-8411 (10Gb WAN) and you need a flexible option for your WAN/firewall, then you can go for a custom pfsense. You can upgrade your NIC to whatever you want for current and future needs. * If you like managing your Gateway and Switches and Access Points, then Omada is the best way to go because of the integration. It's a one-stop-shop console for all your network devices. Using one of them doesn't preclude the other. For example, you can use pfsense as your main WAN/NAT, do port forwarding, and use your Omada device to handle VPN server. Or vice versa :) Hope it helps, good hunting to you!
heya, i have been going back to old comments to see some requests. just fyi, i already released a video about using a non-Omada Gateway, and I used $19 wifi router because I don't have pfsense/ opnsense but both of them falls into non-Omada Gateway. Once I have enough $$$, I'll probably get an entry level or refurb PC to configure opnsense/pfsense but I don't think it'll be any different from the way I configure the $19 wifi router.
hello @riczescaran, salamat sa pag bisita sa channel. Yes, pwede ka gumamit ng sarili mong DNS. Pwede mo i-configure yung Gateway VLAN Interface para mag point doon or kung gusto mo naman, gamitin mo yung proxy settings, eto yung link: th-cam.com/video/WP74-_yc4ds/w-d-xo.html Good hunting!
heya @user-wc7wz2cc5t, thanks for dropping by. As for QoS, i do have it on my list and had a few videos planned out but many of my old test had to be scrapped because I made them a long time ago and options/features in Omada had changed so much. Many of the things that needs QoS can now be done outside of the main QoS for Omada (i.e. bandwidth control, session limit, etc) so I'll see what I can come up with.
heya, i have been going back to old comments to see some requests. just fyi, i already released a video about QoS, if you have not seen it, you can find it here: th-cam.com/video/JiJNuF-gMgc/w-d-xo.htmlsi=adwaCk3Q_NP5e8jZ
1:25 hi there. What should I do when I have 3 different Vlans which should Adguard protected? The Adguard Server has a static IP in one Network. Thanks a lot.
hey there @BekacktesLigaspiel, welcome to the channel. For your 3 VLANs (or however many they are), make sure you include all the networks you want to block as shown in 6:18, whitelist your AdGuard as shown in 8:03, then just do the configuration I have shown at 9:15. You have to set up all 3 VLAN DNS settings to point to your DNS server. Good hunting.
@@deadmeats Hi there, I almost got it. All VLANs are now pointing to the AdGuard Server. But my Admin Network doesn't get a IP over WLAN. And I don't know why? Cable connection is no problem.
@@BekacktesLigaspiel hey there, sorry to hear about the IP. if your cable connection is good, try turning off ACL (any ACL that may impact DHCP) and see if that helps. Second thing you can check, make sure your AP is connected to a port with the correct profile, oftentimes, this profile is "All". Third thing to check, make sure your SSID VLAN Config in the AP is not selected i.e. you should not put "1" in the VLAN ID because the Admin VLAN is usually/normally "untagged". Good hunting.
great videos, my er605 is is standalone mode, if I install the Omada Controller Software in my linux box and conenct the ER605 to it, will I be able to do so? does it reset the settings I current have in standalone mode? not that I have much configured anyway, I'd rather have more features though.
hey @FivePeyton, thanks for dropping by and good to know you want to use more features. As for Omada Software Controller in Linux, yes you can connect to it but since Omada SC is natively Windows, you may have some challenges in set up today or in the future. and yes, your stand-alone mode settings will be wiped out. Good hunting!
Meaning is hindi pala enough URL/Website filtering lang sir at mas powerful itong DNS? Example filter mo website ng youtube, kasi pwede mag manual change ng DNS yung user to access padin yung TH-cam kahit sinet mona sa router mo.
hey @davidesguerra7837, salamat sa pagbisita sa channel sir. And yes sir, hindi ko i-recommend yung URL filter kung expert yung mga users mo. Kung gusto mo ng mas powerful URL blocker, gamit ka na lang ng 3rd party content Web Content Filtering service tulad ng OpenDNS and similar companies. Meron silang settings i.e. Protects against all adult-related sites, illegal activity, social networking sites, video sharing sites, and general time-wasters. Suggestion ko, try mo yung OpenDNS kasi free lang sya. Madali lang sya i-configure. Pwede ka mag add ng custom URL (like yung sa TP Link Omada) or gamitin mo yung mga settings nila (high / medium / low). Happy Hunting!
hey @WiMi71214, thanks for dropping by the channel. EAP ACL, on its own, in my personal experience, fail from time to time for this type of granular (port#-based) ACL so I do not recommend doing this if you don't have an Omada (or similar capability) switch. I have better luck if the EAP is powered or uplinked to an Omada Managed switch with proper trunk and vlan configuration, and all ACLs are applied to the switch. It could be that I am doing it wrong but sometimes I can make it work, but oftentimes for granular (port#-based) ACL, it will not work just the same with ACL applied to Switch. Not sure if it's bug, wrong configuration, or limitation of the EAP. Sorry it's not much help. Good hunting!
hey @nelcardiano1094 salamat sa pagbisita sa channel. Yung DNS na naka-assign sa voucher eh depende sa kung anong VLAN mo in-assign mo sa Portal. Halimbawa, meron kang Home VLAN (DNS 192.168.0.1) at Bisita VLAN (DNS 8.8.8.8), kung in-assign mo sa Portal ay Home VLAN, ang DNS nila ay 192.168.0.1 at kung in-assign mo eh Bisita VLAN, ang DNS nila ay magiging 8.8.8.8. Nagma-mana lang yung DNS sa kung ano ang inilagay mo sa VLAN
Thanks for making genius video like these. It helps a lot practically. kudos and thanks again. I have a doubt; and I am sure you'll be able to help. This is in regards to the DNS proxy I had set after seeing your video. The problem happens; once there's a power outage or routers and gateway gets switched off; and once power is restored, the internet is back and the devices gets connected to the EAPs/ wifi networks; but internet doesn't work. It works correctly when DNS proxy is not enabled. I would appreciate if you could help me analyse this issue? Thanks again for your help. Regards. :)
hey @wizajit1, thanks for the kind words and thanks for dropping by the channel. The only reason I can think of why Internet will fail during power outage and you're using DNS Proxy is that your DNS Server IP has changed during power up. In that scenario, you can either set a static IP on your DNS server or use Omada's DHCP reservation. Also, it will be great to add a small affordable UPS power supply. Other than providing a little more uptime, UPS are good "regulators" too and can prevent surges, making your devices more stable and last a bit longer.
Hi@@deadmeats, thanks for your reply. Regarding the DHCP; I have set static for my EAP access points and ER605 gateway can't be given a DHCP reserved address. DNS Proxy is cloudflare using DOH. Inside the settings of the Wired Networks ( 2 interfaces ) the DNS is set to ER605 gateway reserved address. Default gateway is set respective of their VLANs. My system has ER605 and two EAPs connected to this. I don't use the switch. I also use the software controller only. Could that cause the issue? because to fix the issue; everytime I have to use a LAN port free on ER605 and connect to the software controller Laptop and then devices are detected back automatically and wifi is back to normal. Thanks a lot for helping me out of this. _/\_ :)
hello@@wizajit1 , thanks for dropping by the channel again. I am not sure I understand what the issue, so I will just explain what I think you are trying to do: assign static IP to your Access Point. To do that, follow steps below: 1. Go to Settings > Wired Networks > LAN > Edit VLAN. 2. On the "Edit" page, make sure that all LAN Interfaces are checked! 3. Repeat Step 2 for all your VLAN Interfaces until all Interfaces are completed (you mentioned 2, so edit all those) 4, Connect your EAP to any of the free ER-605 LAN ports. 5. Then click Devices > EAP > Config > IP Settings > Use Fixed IP Address > Enable [Check box] > Network [select from dropdown, make sure to select VLAN 1] > IP Address 6. Done Good hunting!
THOSE SOUND ARE BEYOND IRRITATING, especially watching a few videos back to back. Also, show more of what to do in the omada rather your pinging. BUT THE SOUND's ARE ANNOYING! Bling, BELLS, self-applause every other second!!!*** !!! to finish with a horn?? Im just joking, the horn is repetitive through out the video as well. I GO A neurological disorder from 10 of your videos. These can be great, get rid of this nonsense and your pings!
This will work great for classic DNS. User / kid can still bypass by configuring their local machine to use DoH to any DNS server they like. Or use a VPN that tunnels its own DNS. Kind of hard to lock that down. But this is useful until the kids get smart enough to find their way around it.
hey there @unrelativistic, thanks for dropping by the channel. And I agree, with anything about security, it's always a cat/trap-and-mouse approach. Build a better cat/trap to catch more mouse, and mouse evolves to get around the cat/trap :).
If you are really paranoid though, you can do whitelisting and just block everything except those you want to go out ;)
Great help. Walked through and all my VLAN are now DNS locken down.
Hey @PaulKirk, good to know it worked for you!
Thanks for the videos, which help me optimize my configuration every time.
Is it possible for you to show how to integrate opnsense or pfsens in the Omada environment?
hey there @JeanFrancoisCoquerelle, thanks for dropping by the channel and am glad it is helping you. As for pfsense, treat it just like any other firewall or router. I haven't used pfsense in a while and when I did, it was great except I used to run it on an old x86 PC that takes so much electricity :(. I have not used OpnSense so can't say much about it.
It will really depend on your use-case and both have pros-cons. Here's a couple of ideas:
* If you are not using ER-8411 (10Gb WAN) and you need a flexible option for your WAN/firewall, then you can go for a custom pfsense. You can upgrade your NIC to whatever you want for current and future needs.
* If you like managing your Gateway and Switches and Access Points, then Omada is the best way to go because of the integration. It's a one-stop-shop console for all your network devices.
Using one of them doesn't preclude the other. For example, you can use pfsense as your main WAN/NAT, do port forwarding, and use your Omada device to handle VPN server. Or vice versa :)
Hope it helps, good hunting to you!
heya, i have been going back to old comments to see some requests. just fyi, i already released a video about using a non-Omada Gateway, and I used $19 wifi router because I don't have pfsense/ opnsense but both of them falls into non-Omada Gateway. Once I have enough $$$, I'll probably get an entry level or refurb PC to configure opnsense/pfsense but I don't think it'll be any different from the way I configure the $19 wifi router.
What if gumagamit po ako ng NextDNS instead of locally self hosted DNS? Possible po ba?
hello @riczescaran, salamat sa pag bisita sa channel. Yes, pwede ka gumamit ng sarili mong DNS. Pwede mo i-configure yung Gateway VLAN Interface para mag point doon or kung gusto mo naman, gamitin mo yung proxy settings, eto yung link: th-cam.com/video/WP74-_yc4ds/w-d-xo.html
Good hunting!
I hope you will teach us how to configure gateway qos sir thank you so much for sharing ideas ❤❤
heya @user-wc7wz2cc5t, thanks for dropping by. As for QoS, i do have it on my list and had a few videos planned out but many of my old test had to be scrapped because I made them a long time ago and options/features in Omada had changed so much. Many of the things that needs QoS can now be done outside of the main QoS for Omada (i.e. bandwidth control, session limit, etc) so I'll see what I can come up with.
heya, i have been going back to old comments to see some requests. just fyi, i already released a video about QoS, if you have not seen it, you can find it here: th-cam.com/video/JiJNuF-gMgc/w-d-xo.htmlsi=adwaCk3Q_NP5e8jZ
1:25 hi there. What should I do when I have 3 different Vlans which should Adguard protected? The Adguard Server has a static IP in one Network. Thanks a lot.
hey there @BekacktesLigaspiel, welcome to the channel. For your 3 VLANs (or however many they are), make sure you include all the networks you want to block as shown in 6:18, whitelist your AdGuard as shown in 8:03, then just do the configuration I have shown at 9:15. You have to set up all 3 VLAN DNS settings to point to your DNS server.
Good hunting.
@@deadmeats thx a lot. I will give it a try tomorrow 🫡💪
@@deadmeats Hi there, I almost got it. All VLANs are now pointing to the AdGuard Server. But my Admin Network doesn't get a IP over WLAN. And I don't know why? Cable connection is no problem.
@@BekacktesLigaspiel hey there, sorry to hear about the IP. if your cable connection is good, try turning off ACL (any ACL that may impact DHCP) and see if that helps. Second thing you can check, make sure your AP is connected to a port with the correct profile, oftentimes, this profile is "All". Third thing to check, make sure your SSID VLAN Config in the AP is not selected i.e. you should not put "1" in the VLAN ID because the Admin VLAN is usually/normally "untagged".
Good hunting.
@@deadmeats Perfect. Thank YOU 🙏 I think the VLAN SSID Tag was the mistake.
great videos, my er605 is is standalone mode, if I install the Omada Controller Software in my linux box and conenct the ER605 to it, will I be able to do so? does it reset the settings I current have in standalone mode? not that I have much configured anyway, I'd rather have more features though.
hey @FivePeyton, thanks for dropping by and good to know you want to use more features.
As for Omada Software Controller in Linux, yes you can connect to it but since Omada SC is natively Windows, you may have some challenges in set up today or in the future.
and yes, your stand-alone mode settings will be wiped out. Good hunting!
Meaning is hindi pala enough URL/Website filtering lang sir at mas powerful itong DNS? Example filter mo website ng youtube, kasi pwede mag manual change ng DNS yung user to access padin yung TH-cam kahit sinet mona sa router mo.
hey @davidesguerra7837, salamat sa pagbisita sa channel sir. And yes sir, hindi ko i-recommend yung URL filter kung expert yung mga users mo. Kung gusto mo ng mas powerful URL blocker, gamit ka na lang ng 3rd party content Web Content Filtering service tulad ng OpenDNS and similar companies. Meron silang settings i.e. Protects against all adult-related sites, illegal activity, social networking sites, video sharing sites, and general time-wasters.
Suggestion ko, try mo yung OpenDNS kasi free lang sya. Madali lang sya i-configure. Pwede ka mag add ng custom URL (like yung sa TP Link Omada) or gamitin mo yung mga settings nila (high / medium / low).
Happy Hunting!
Does this works with EAP ACL section?
hey @WiMi71214, thanks for dropping by the channel. EAP ACL, on its own, in my personal experience, fail from time to time for this type of granular (port#-based) ACL so I do not recommend doing this if you don't have an Omada (or similar capability) switch. I have better luck if the EAP is powered or uplinked to an Omada Managed switch with proper trunk and vlan configuration, and all ACLs are applied to the switch. It could be that I am doing it wrong but sometimes I can make it work, but oftentimes for granular (port#-based) ACL, it will not work just the same with ACL applied to Switch. Not sure if it's bug, wrong configuration, or limitation of the EAP.
Sorry it's not much help. Good hunting!
@@deadmeats Thank you though! Keep up the good work!
Pano lods gumawa ng DNS para sa Wifi Voucher?
hey @nelcardiano1094 salamat sa pagbisita sa channel. Yung DNS na naka-assign sa voucher eh depende sa kung anong VLAN mo in-assign mo sa Portal. Halimbawa, meron kang Home VLAN (DNS 192.168.0.1) at Bisita VLAN (DNS 8.8.8.8), kung in-assign mo sa Portal ay Home VLAN, ang DNS nila ay 192.168.0.1 at kung in-assign mo eh Bisita VLAN, ang DNS nila ay magiging 8.8.8.8. Nagma-mana lang yung DNS sa kung ano ang inilagay mo sa VLAN
Thanks for making genius video like these. It helps a lot practically. kudos and thanks again. I have a doubt; and I am sure you'll be able to help. This is in regards to the DNS proxy I had set after seeing your video. The problem happens; once there's a power outage or routers and gateway gets switched off; and once power is restored, the internet is back and the devices gets connected to the EAPs/ wifi networks; but internet doesn't work. It works correctly when DNS proxy is not enabled. I would appreciate if you could help me analyse this issue? Thanks again for your help. Regards. :)
hey @wizajit1, thanks for the kind words and thanks for dropping by the channel. The only reason I can think of why Internet will fail during power outage and you're using DNS Proxy is that your DNS Server IP has changed during power up. In that scenario, you can either set a static IP on your DNS server or use Omada's DHCP reservation.
Also, it will be great to add a small affordable UPS power supply. Other than providing a little more uptime, UPS are good "regulators" too and can prevent surges, making your devices more stable and last a bit longer.
Hi@@deadmeats, thanks for your reply. Regarding the DHCP; I have set static for my EAP access points and ER605 gateway can't be given a DHCP reserved address. DNS Proxy is cloudflare using DOH. Inside the settings of the Wired Networks ( 2 interfaces ) the DNS is set to ER605 gateway reserved address. Default gateway is set respective of their VLANs. My system has ER605 and two EAPs connected to this. I don't use the switch. I also use the software controller only. Could that cause the issue? because to fix the issue; everytime I have to use a LAN port free on ER605 and connect to the software controller Laptop and then devices are detected back automatically and wifi is back to normal. Thanks a lot for helping me out of this. _/\_ :)
hello@@wizajit1 , thanks for dropping by the channel again. I am not sure I understand what the issue, so I will just explain what I think you are trying to do: assign static IP to your Access Point. To do that, follow steps below:
1. Go to Settings > Wired Networks > LAN > Edit VLAN.
2. On the "Edit" page, make sure that all LAN Interfaces are checked!
3. Repeat Step 2 for all your VLAN Interfaces until all Interfaces are completed (you mentioned 2, so edit all those)
4, Connect your EAP to any of the free ER-605 LAN ports.
5. Then click Devices > EAP > Config > IP Settings > Use Fixed IP Address > Enable [Check box] > Network [select from dropdown, make sure to select VLAN 1] > IP Address
6. Done
Good hunting!
THOSE SOUND ARE BEYOND IRRITATING, especially watching a few videos back to back. Also, show more of what to do in the omada rather your pinging. BUT THE SOUND's ARE ANNOYING!
Bling, BELLS, self-applause every other second!!!*** !!! to finish with a horn?? Im just joking, the horn is repetitive through out the video as well. I GO A neurological disorder from 10 of your videos.
These can be great, get rid of this nonsense and your pings!