I like the separation of guest and IoT traffic! I also like the attention payed to setting rules to isolate then from access to VLAN 1. So many people miss on this stuff.
This video made me go out and buy Omada over Ubiquiti and year on only one regret.. the firewall functionality in the router is perhaps a little lack compared to an OpenSense or pfSense unit. Have you considered a video on how to augment an Omada SDN with a more heavyweight firewall with things like IDS & IPS working across the VLANs?
This video has triggered me to buy almost this exact setup with an extra EAP without OC200. This should be the default for a home setup. Thank you for your video. Super!
Nicely done! I have had the Omada set up for about 6 months now and finally I will get the chance to set up the same arrangement you have. I do want guests to be allowed on the AP's and nothing else and my IoT stuff to still be able to get out but not into may management LAN. Just means going back to my roku and other IoT stuff and putting in the password of the new SSID...alot of stuff on the management VLAN that needs to be moved...But worth it.
Nice video and good channel. I work from home and a small office. I currently use Nest Wifi for both locations. My problem is that, at the house, the ISP can go down at inconvenient times, like when I'm video conferencing. I recently learned about failover, and your router recommendation here seems to have that feature in spades with up to 4 WAN ports. I haven't seen any consumer grade routers with a failover option that I've been interested in yet. For example, the LTE routers all seem to lack mesh abilities. And on the commercial grade equipment, failover even seems rare. Unify for example only has dual WAN on its most expensive router. Failover isn't my only priority. I know the aesthetics committee will want any visible gear to look nice. I want to keep noise to a minimum. And space is a premium. Given all these priorities, the best options I've seen so far are either your TP-Link recommendation, or using PFSense on an appropriate router. I may start with your TP-Link recommendation and use the Nest Wi-Fi gear as access points. That will allow me to experiment with another cable internet provider, an LTE router in bridge mode, or satellite provider to see how failover works. If I like it, I figure I can add to the system from there.
Thanks for taking the time and sharing your home setup. I just completed mine and really like the idea of separating the network based on client traffic. I also love the TP-Link single-user interface. Now I need to find someone who wants my Linksys and Netgear equipment. :)
Glad to see someone ignoring unifi for a change, and giving people a different option. You can be sure if people knew there were different options they would go there, as unifi does not fit what evewryone wants. So, i am glad to see someone on net choosing to show there are other options. Personally i picked tplink ages ago, so i know they have a product that works, so nice to see your channel doing videos on this other option.
Great video. I've been having a lot of issues with Ubiquiti lately and my patience has run out. I plan on switching to Omada in the near future. The only thing I didn't like about Omada are the smaller smart switch price of $60ea. My setup will be similar.. ER7206 -> TL-SG2210P V3 -> OC200 - EAP650 AP - Easy Smart 5 Port Gigabit PoE Switch x3. I'll be using this video as a guide when I get everything together.
I am 12:26 into this video and just wanted stop and say thank you. This is, so far, one of the best Omada set up videos I have watched. My setup includes: OC300,ER7206,TL-SG2210P,TL-SG2210MP, EAP265 and a EAP224.My network is setup and works well, but need to do a few tweaks you covered in this video. I am challenged with ACL... This helped a lot. Thanks for the video.
Great video, it gave me the confidence to get the same kit and set it up myself. Two questions for the community : 1) If I connect my laptop directly to the switch with ethernet, how does it know which vlan to put me on? 2) I set up a guest portal so that users have to log in. This works great but to get it to work you have to allow the guest network to see the omada controller, which is on the secure network. So I had to remove the acl preventing the guest network from accessing the secure network. What can I put in place to make this secure again? thanks!
Would love to see you look at UniFi vs omada set up at the basic, average and advanced level hardware similar to some of your past videos. Omada hardware is available but not sure how close it comes to UniFi gear. What’s your thoughts on Omada?
Thanks for the video. There is one detail that I found out. Once you block the IoT network from entering LAN, it works. However, that ACL entry also blocks the LAN network from reaching IoT network. I tried creating another ACL entry with Allow from LAN to IoT, but no Joy.
One little point I notice with most people that setup networks is that they never seem to test their choice of DNS servers. You (and others) may find the 'DNS Benchmark' tool by Steve Gibson enlightening/useful... (Gibson Research produces it)
Hi, thank you for this excellent video ! What you think about TP-Link TL-ER7212PC (3 in 1 device) for a Small Business like a Real Estate Office? Instead using this setup with OC200+ER605+TL-SG2210MP ? Waiting your reply ! Many Thks ! 🙏
I have a couple of configuration questions on the Omada controller (I'm using the OC300): 1. Several of my IoT devices are wired. How do I get them to a specific VLAN? It looks like my only choice is assigning specific ports on the switch to that VLAN, but are there other ways to accomplish this? 2. How can I have devices on the Guest network be able to print to a wired printer? I'm guessing that I'll have to: a. Create new networks (wired and wireless) for this "guest" network. b. Put the printer on the wired "guest" network via VLAN assignment on that switch port. c. Use Network ACLs to allow access to the printer from that "group" wireless network, and to prevent access to anything else in that or the main "secure" network. (How do I accomplish this?) Am I missing anything?
Thank you so much. Your channel have so many useful how to videos. The Unifi setup was very helpful for me and I was curious about this platform as well.... now I know!
Thanks for your videos, I really enjoy watching them. I have taken your advice to heart, and I have now upgraded my Home Network from a standard ISP provided Router, to a TP-Link Omada managed Network. This video has been so useful, and really helped me with the setup. I also need to give a big Shout-out to the TP-Link support people, who have been so helpful with some other issues I faced, as I was building my new Network. However, I do have one issue, which I’d love to see you make a video on. Which is, how can I connect my old Landline phone, to my new TP-Link Network? My current standard ISP provided Router has a built in RJ11 plug, and I just need to connect the phone into that jack, to make the home phone work. However, I haven’t been able to find any TP-Link gear that has an included RJ11 socket. So, do I just need a RJ11 to RJ45 adaptor and then setup a dedicated Voice Network, or do I need some extra gear, like a VOPI Gateway (if so, any recommendations)? Otherwise, if I can just get away with a RJ11 to RJ45 adaptor and a dedicated Voice Network, it would be good if you could demonstrate the setup for this. Thanks in advance for any pointers you could give on this issue. 😊
Hey, Chris thanks so much for the video. I am upgrading my 13-year-old ASUS router to your solutions. I am now retired but my wife is still working and her boss is allowing her to work from home. To that end, with all the money we are saving on gas purchases, I am upgrading my system based on your video. My internet connection is AT&T 1GB Fiber BG210 fiber modem. My house size is 3800sqf two levels brick front with at least two CAT 5 drops in every room. My shopping list today to cover this and outside is (ER605 VPN, TL-SG1024DE Switch, TL-SG1005P POE, EAP650 x 2 back of the bedrooms house left and right side, and EAP670 front of the house. I can't start today the TL-SG1024DE Switch won't be until tomorrow. Meanwhile, I have an old dell laptop in the closet I am installing Windows 10 and the controller software. Then I give all this shot. I use Flight Simulation 2020 and Formula 1 simulation software along with my son who does a lot more when he is here. I have 9 grandkids who visit with all their devices. So my smart home has over 100 wireless devices. HERE'S TO HOPING ALL THIS WORKS AND MY WIFE HAS A PRIVATE CONNECTION TO HER JOB THAT WILL BE ROCK SOLID FOR THE TRAINING SHE DOES.
Thanks for all the great info, but I was wondering about how good is the firewall or can you intergrate pfSense with the Omada system instead of using the tp link firewall?
Excellent video, info and example setup. I especially liked the back end of the video detailing the ACLs. Thank you so much! You said there is plenty more could be done, do you have another video that might be food for thought?
I really appreciate this walk through and it helped me, as a checklist and a how to for some parts, setting up my stronger home network (as a bit of a noob). Thank you
This is a great video and helped me with my initial setup. I ran into one difference between options on screen you show and my setup. On the ACL setup around 22:40 in, my screen does not have an option for Destination type of Network, only IP Group and IP-Port Group. I went back to through my LAN settings and can't find any differences from what you did. Any help is appreciated. BTW, I am using the windows software controller, not the device.
Did you select "Switch ACL" as the type of Network Security rule? If you leave it as "Gateay ACL" you don't get an option for "Network" as the destination.
Same to me too.. seems like they gradually discontinue the older model and only make wifi 6 version available. The bad thing is the newer model come with higher price without significant value for my setup.
Chris, I know this is a 2 years late, but nicely done. You covered what move home users would need an example of. I am looking at the Omada solution for a church application… do you know if the controller supports time of day wireless networks, so SSIDs can be shutdown when people are not onsite? Thanks in advance.
For a home network, that could be streaming between devices like computers to Roku or phones to Roku, having a separate "Secure" network doesn't seem to make as much sense as it would be an absolute pain swapping networks constantly. It's the old security vs ease of use thing. I'd prefer to see a video on routing video streaming from a secure network to an IoT network so a phone on a secure network, and as such private and protected, could cast across to the IoT network securely
Great vid! One thing I noticed app vs on screen controller setup is that device firmware upgrades work better through the app. By better I mean it pulls the update automatically, as well as newer than what's listed on the Omada site.
Hi Chris. Great vodeos and quite useful. Thank you for that. This is a very interesting solution for a home setup. My question is if one adds up a few AP can they ve setup as a mesh wireless network for seamless comnection throughout the house like with ubiquity?
Damn Bro. Never seen you before but the title of this video should have been “Solve Zach’s Issues In Detail” Amazing. And done at a level that even I could understand with a minimum of condescension. Thanks again. I have added you to my favorites.
Really well explained, this helped me achieve a very similar setup which serves its purpose . Thank you! One question: The ACL which you demonstrate that blocks traffic from the IoT to the Secure network - is that the equivalent of activating the "guest" flag in an SSID?
Thank you for this video, it was very helpful in getting my omada network setup. What tool are you using on your phone and laptop to view the network info and ping?
This was super helpful. For my setup I would need the IoT network access to the home assistant server running in the secure network. My question is can the ACL grant access by ports, as I think this might be a solution.
Great video like always and thank you for the information. Question you are adding your VLAN to all of the interfaces on your router. Usually I use one interface to trunk the VLAN's. Are you adding the VLAN to all interfaces because of network redundancy? Love to hear your thoughts. Thank you so much.
Forgot to mention the one LAN interface is the one that is trunked and two interfaces are used to connect to a Pfsense with different "zones" defined by Pfsense.
Seems like a nice system. I'll have to give it a try. Do you know how the performance is? Will it be able to keep up with a 1000/1000 fiber connection? I also noticed you used a network tool on your phone. Which one is it? I've previously tried a wifi scanner from the google app store and it was honestly not so great. LinSSID on a laptop worked better for me but I would really like something on my phone as it's easier to carry around.
Thanks so much for this excellent video. I noticed that you do not set a VLAN ID for your "Secure Wireless" network (even though you set VLAN ID 1 for your "Secure LAN"). I tried both, setting 1 as VLAN ID for my WLAN and not setting it and it only works _without_ the VLAN ID. All other wireless networks work with their VLAN IDs set as shown in your video. Any idea why setting a VLAN ID for the "secure wireless" network does not work? Or should it? Thanks again!
Excellent overview. I've been debating moving beyond consumer wifi to a much more granular setup like this. I considered going with the Netgate4100 PFsense appliance with Omada devices behind it as a buy-once, cry-once.
NetGate/PFSense are the way to go for routing. I've been using it for about 18 years and minus one update in 2020, it's been absolutely solid. Even with 5,000 users, it did everything we needed. Skip the UniFi/TP-Link routers unless you only need the basics.
Thanks Chris... everything worked nicely today. The only issue I encountered was my WAN configuration, which was easily solved by my ISP (iiNet) support person. Request... how about showing us how to set-up a L2PT VPN...
It takes so long for the OC200 to reboot - if you just connect it to usb power - then you can pull the cable out and put it back in the alternate slot and it will get new ip almost instantly .
Great video, I am planing to do multi story/floor setup in the future, can you show how to setup WPA2-Enterprise where the password determine which vlan you will be on with seamless roaming
Thanks for the great video. I'm trying to decide if I need a Smart Managed switch or not, like the SG2210MP you demo'd in the video. I would like the ability to setup the different VLANs as you did in the video. However I don't think I need much more capability or L2 features (other than IGMP Snooping). When you setup the different VLANs and Static/DHCP configurations, was that done at the ER605 Router level, or did you need the SG2210MP switch to do that? Thank-you.
Can you please go into more detail on the ACLs for IOT. I have a lot of IOT devices and want the ability to cast from secure devices (in secure network) to the IOT network.
There is a lot of talk on the TP-Link forums about getting MDNS on the 605 - which it lacks! I have all TP-Link except for the router, I want the 605 but my EdgeRouter X does MDNS perfectly and that is what is putting me off getting the 605. I always have my personal devices on my secure network and I cast etc from them to IOT - works on EdgeRouter but so far not on the 605.
@@M4l3k0 Thank you for the explanation. I am not an IT professional but been in IT staffing a long time so finally got my hands dirty doing some stuff myself. I built my own rack, ran my own cat 6 and deployed a full Omada network. However, I haven't deployed an IoT Vlan yet for this specific reason. Luckily, all of my IoT devices are from "reputable" (and I use that VERY lightly) brands (Amazon, Philips, TP Link, Samsung, GE) but would still prefer to keep them on their own network. I currently have the ER605 but have been debating on going to another solution like PfSense or similar.
@crosstalksol - can you answer this one??? I don't see your response to many inquiries here. If you answer these in another spot can you post that here? Thanks!
@crosstalksol - can you answer the question on accessing IoT from secure (for casting and such)? I don't see your response to many inquiries here. If you answer these in another spot can you post that here? Thanks! 😊
Thanks for explaining this whole process in an easy manner. but is there any alternative to the current 4 items you have mentioned for only making 4 VLANs? The currently mentioned items are beyond my budget (which is almost 1/4 of this setup)
I watched this video several months ago, and enjoyed it, but now use two Verizon 4G/5G broadband modem/routers as my internet connection. Can the ER7206 WAN and WAN/LAN inputs come from the two broadbanc router LAN outputs and if so, is there anything special to setup the ER7206 Wired Internernet inputs?
Loved this video very much. Only question as i progress froward How would you share network printers (EPSON) on your secure network to allow printing say off of your iphone on the IOT Network>. Thanks!
Great video, really helped me understand this system. I started laying out this system for a small business. Right now we have 4 desktops, a NAS, and a Brother 3-in-one directly connected to an unmanaged switch. I am mainly going to use the Omada to setup a mesh system to connect WiFi cameras around several other buildings (along with providing senate WiFi to those buildings). I am assuming I could keep them on the unmanaged switch connected to a wan/lan port on the ER605 and I could isolate them from the remainder of the network? Thanks for any help.
Great video. What do you like better: Unifi or Omada? I'm building a network at my new home. I had Unifi in the past with the original cloud key. It was problematic.
First of all, great video. I'm planning to setup an omada based network and I have a question. Is it possible to use my existing starlink router rather than getting an ER605? Am I able to configure everything on the video without it? Or is it important to get the router? Thanks.
Interesting even if I can't do the VLAN bit yet :) I'm still using a consumer grade router with WIFI on it with a switch connected to it. The switch odes VLAN but the router does not. Since I installed an EAP225 (PoE-switch, though I might have to use an injector with the new 610) some time back I disabled the built-in WIFI of the router and let the EA225 handle that part. Have an EAP 610 on its way to me and was thinking of switching the 225 for the 610 in the same spot and then have the 225 in a mesh with it. The plan is to move away from that older router to something (prebuilt or homebrew) that does VLAN so I can isolate some stuff on my network.
This is awesome stuff!! Thank you so much for all this information is super helpful. Do you know if there is a way with all this setup to have a schedule "timer" on certain devices? ... Ex. No internet for playstation during the night :P
The only thing missing is what happens next in the setup process… plugging in actual devices and assigning them to the various vlan’s. For example, what are the pros/cons of having a dedicated “dumb” switch hooked up to one of the ports on the smart switch for all IoT devices, and another dumb switch hooked up for all Secure devices? And will I need separate access points for each vlan in order to keep things separate, or can I somehow assign the various SSIDs to various vlan’s from a single access point (hooked up to a single port on the smart switch)?? I have 18 wired devices and 29 wireless devices, so knowing the best way to hook up a good number of wired devices would be helpful. (I know there are managed switches in the Omada line with more than 8 ports, but they get more expensive, and I already have a couple of dumb switches laying around, so tips on how to incorporate the dumb switches into the smart switch layout for these vlans would be helpful.) Otherwise, this was an excellent tutorial on actul setup of the Omada suite of products. Just wish some real world connections were made and shown how to assign different ports and devices to the various vlans.
Normal switches don't understand VLANs. So every port on your dumb switch will be on the same VLAN. Not sure on the Omada, but on HP you have tagged/untagged and Cisco you have trunk and access. Your dumb switches need to be connected to untagged/access ports. Your APs will be on trunk/tagged ports. On the new Aruba managed switches, they are trunk ports but have a native VLAN, which is access, so it's a little different but most of the same stuff still applies. You can get "smart" switches, which are cheaper than managed, but more expensive than dumb switches. Hopefully that all makes sense. Not an expert on it, but can maybe provide some insight. I haven't seen the Omada stuff, but have some TP-Link smart switches and use the Deco stuff right now. Have been looking at getting some newer Deco stuff, but might need to check this out myself. Ubiquiti also makes nice home/small business gear.
How were you able to set the static IP for the controller? I keep getting an error saying the static IP must come out of the DHCP pool and not the addresses that were reserved to be used from outside the DHCP pool. From my understanding, this is a known problem to be addressed in a new version of firmware.
Great guide. Is it possible to connect two different internet connections to the TP link firewall and assign APs to the different internet connections? E.g. I have four APs in the topology, I want to assign two to a particular internet source that is connection to the TP Link firewall and the other two to another internet source also connected to the TP Link firewall. The first two will be on the private network and the remaining two will be on a public network. Is this possible? Note that I am not referring to load balancing.
Great tutorial! I currently have a tl-r600vpn wired router managing my home LAN , would you say that switching to the er605 would make it more secure? The tl r600vpn hasn't had a firmware update since 2014
Thanks for this complete presentation. I noticed that you don't enable the default Vlan on the Secure Wlan. On my configuration, when I enable it this Wlan doesn't work anymore. Is it for the same reason you don't enable it ? Does anybody know why it doesn't work ? Thanks for your help.
As a total noob in this field, this ist the information I was searching for. Thank you so much!
I like the separation of guest and IoT traffic! I also like the attention payed to setting rules to isolate then from access to VLAN 1. So many people miss on this stuff.
This video made me go out and buy Omada over Ubiquiti and year on only one regret.. the firewall functionality in the router is perhaps a little lack compared to an OpenSense or pfSense unit. Have you considered a video on how to augment an Omada SDN with a more heavyweight firewall with things like IDS & IPS working across the VLANs?
WooHoo for another non-Unifi video! Keep them coming!!
Your videos are always concise, informative, spot-on, well edited. Thank you for the knowledge.
This video has triggered me to buy almost this exact setup with an extra EAP without OC200. This should be the default for a home setup. Thank you for your video. Super!
Nicely done! I have had the Omada set up for about 6 months now and finally I will get the chance to set up the same arrangement you have. I do want guests to be allowed on the AP's and nothing else and my IoT stuff to still be able to get out but not into may management LAN. Just means going back to my roku and other IoT stuff and putting in the password of the new SSID...alot of stuff on the management VLAN that needs to be moved...But worth it.
I've been torn between Ubiquiti and TP-Link, I think you've just managed to convince me to go with TP-Link.
Nice video and good channel. I work from home and a small office. I currently use Nest Wifi for both locations. My problem is that, at the house, the ISP can go down at inconvenient times, like when I'm video conferencing. I recently learned about failover, and your router recommendation here seems to have that feature in spades with up to 4 WAN ports.
I haven't seen any consumer grade routers with a failover option that I've been interested in yet. For example, the LTE routers all seem to lack mesh abilities. And on the commercial grade equipment, failover even seems rare. Unify for example only has dual WAN on its most expensive router.
Failover isn't my only priority. I know the aesthetics committee will want any visible gear to look nice. I want to keep noise to a minimum. And space is a premium. Given all these priorities, the best options I've seen so far are either your TP-Link recommendation, or using PFSense on an appropriate router.
I may start with your TP-Link recommendation and use the Nest Wi-Fi gear as access points. That will allow me to experiment with another cable internet provider, an LTE router in bridge mode, or satellite provider to see how failover works. If I like it, I figure I can add to the system from there.
Thanks for taking the time and sharing your home setup. I just completed mine and really like the idea of separating the network based on client traffic. I also love the TP-Link single-user interface. Now I need to find someone who wants my Linksys and Netgear equipment. :)
Glad to see someone ignoring unifi for a change, and giving people a different option.
You can be sure if people knew there were different options they would go there, as unifi does not fit what evewryone wants.
So, i am glad to see someone on net choosing to show there are other options.
Personally i picked tplink ages ago, so i know they have a product that works, so nice to see your channel doing videos on this other option.
Great video. I've been having a lot of issues with Ubiquiti lately and my patience has run out. I plan on switching to Omada in the near future. The only thing I didn't like about Omada are the smaller smart switch price of $60ea. My setup will be similar.. ER7206 -> TL-SG2210P V3 -> OC200 - EAP650 AP - Easy Smart 5 Port Gigabit PoE Switch x3. I'll be using this video as a guide when I get everything together.
I am 12:26 into this video and just wanted stop and say thank you. This is, so far, one of the best Omada set up videos I have watched.
My setup includes: OC300,ER7206,TL-SG2210P,TL-SG2210MP, EAP265 and a EAP224.My network is setup and works well, but need to do a few tweaks you covered in this video. I am challenged with ACL... This helped a lot. Thanks for the video.
Please do more videos on the omada configuration via the controller asap!
Thanks
How to demo config vpn with tp-link Omaha?
Thank you a lot for this video! I've just finished configuring my Omada environment following your instructions, it is so clear now.
Great video, it gave me the confidence to get the same kit and set it up myself.
Two questions for the community :
1) If I connect my laptop directly to the switch with ethernet, how does it know which vlan to put me on?
2) I set up a guest portal so that users have to log in. This works great but to get it to work you have to allow the guest network to see the omada controller, which is on the secure network. So I had to remove the acl preventing the guest network from accessing the secure network. What can I put in place to make this secure again?
thanks!
Great overview. Will get people up and running in no time
Would love to see you look at UniFi vs omada set up at the basic, average and advanced level hardware similar to some of your past videos. Omada hardware is available but not sure how close it comes to UniFi gear. What’s your thoughts on Omada?
I am not keen on the Omada being cloud based/enabled.
This is exactly what I needed to see! I will be purchasing this exact setup. Keep the Omada vids coming!
I set up my Omada from this video, thanks for the great knowledge and well spoken tutorial.
to what wifi or network are you connected to when doing the inital config, especially for when scanning qr
This was great! More Omada videos on ACL config and other features!! Thanks
Thanks for the video. There is one detail that I found out. Once you block the IoT network from entering LAN, it works. However, that ACL entry also blocks the LAN network from reaching IoT network. I tried creating another ACL entry with Allow from LAN to IoT, but no Joy.
I have encountered the same issue. Have you found a solution to this?
Same issue for me.
Great walk through on this one Chris. I appreciate it - I have both Ubiquiti and TP-Link devices, and as always you make it very easy to understand.
One little point I notice with most people that setup networks is that they never seem to test their choice of DNS servers. You (and others) may find the 'DNS Benchmark' tool by Steve Gibson enlightening/useful... (Gibson Research produces it)
Hi, thank you for this excellent video ! What you think about TP-Link TL-ER7212PC (3 in 1 device) for a Small Business like a Real Estate Office? Instead using this setup with OC200+ER605+TL-SG2210MP ? Waiting your reply ! Many Thks ! 🙏
I set the IPs manually to the switch/routers/etc, and THEN I changed the DHCP range. This kept everything connected :)
I have a couple of configuration questions on the Omada controller (I'm using the OC300):
1. Several of my IoT devices are wired. How do I get them to a specific VLAN? It looks like my only choice is assigning specific ports on the switch to that VLAN, but are there other ways to accomplish this?
2. How can I have devices on the Guest network be able to print to a wired printer? I'm guessing that I'll have to:
a. Create new networks (wired and wireless) for this "guest" network.
b. Put the printer on the wired "guest" network via VLAN assignment on that switch port.
c. Use Network ACLs to allow access to the printer from that "group" wireless network, and to prevent access to anything else in that or the main "secure" network. (How do I accomplish this?)
Am I missing anything?
Thank you so much. Your channel have so many useful how to videos. The Unifi setup was very helpful for me and I was curious about this platform as well.... now I know!
Thanks for your videos, I really enjoy watching them.
I have taken your advice to heart, and I have now upgraded my Home Network from a standard ISP provided Router, to a TP-Link Omada managed Network. This video has been so useful, and really helped me with the setup.
I also need to give a big Shout-out to the TP-Link support people, who have been so helpful with some other issues I faced, as I was building my new Network.
However, I do have one issue, which I’d love to see you make a video on. Which is, how can I connect my old Landline phone, to my new TP-Link Network?
My current standard ISP provided Router has a built in RJ11 plug, and I just need to connect the phone into that jack, to make the home phone work. However, I haven’t been able to find any TP-Link gear that has an included RJ11 socket.
So, do I just need a RJ11 to RJ45 adaptor and then setup a dedicated Voice Network, or do I need some extra gear, like a VOPI Gateway (if so, any recommendations)? Otherwise, if I can just get away with a RJ11 to RJ45 adaptor and a dedicated Voice Network, it would be good if you could demonstrate the setup for this.
Thanks in advance for any pointers you could give on this issue. 😊
Hey, Chris thanks so much for the video. I am upgrading my 13-year-old ASUS router to your solutions. I am now retired but my wife is still working and her boss is allowing her to work from home. To that end, with all the money we are saving on gas purchases, I am upgrading my system based on your video. My internet connection is AT&T 1GB Fiber BG210 fiber modem. My house size is 3800sqf two levels brick front with at least two CAT 5 drops in every room. My shopping list today to cover this and outside is (ER605 VPN, TL-SG1024DE Switch, TL-SG1005P POE, EAP650 x 2 back of the bedrooms house left and right side, and EAP670 front of the house. I can't start today the TL-SG1024DE Switch won't be until tomorrow.
Meanwhile, I have an old dell laptop in the closet I am installing Windows 10 and the controller software. Then I give all this shot. I use Flight Simulation 2020 and Formula 1 simulation software along with my son who does a lot more when he is here. I have 9 grandkids who visit with all their devices. So my smart home has over 100 wireless devices. HERE'S TO HOPING ALL THIS WORKS AND MY WIFE HAS A PRIVATE CONNECTION TO HER JOB THAT WILL BE ROCK SOLID FOR THE TRAINING SHE DOES.
That was a great overview video of a simple network design/implementation. Thanks Chris....
Thanks for all the great info, but I was wondering about how good is the firewall or can you intergrate pfSense with the Omada system instead of using the tp link firewall?
Excellent video, info and example setup. I especially liked the back end of the video detailing the ACLs. Thank you so much! You said there is plenty more could be done, do you have another video that might be food for thought?
I really appreciate this walk through and it helped me, as a checklist and a how to for some parts, setting up my stronger home network (as a bit of a noob). Thank you
Brilliant training video on setting up a partitioned home network using TP-Link Omada
This is a great video and helped me with my initial setup. I ran into one difference between options on screen you show and my setup. On the ACL setup around 22:40 in, my screen does not have an option for Destination type of Network, only IP Group and IP-Port Group. I went back to through my LAN settings and can't find any differences from what you did. Any help is appreciated. BTW, I am using the windows software controller, not the device.
Did you select "Switch ACL" as the type of Network Security rule? If you leave it as "Gateay ACL" you don't get an option for "Network" as the destination.
Great video Chris. I am considering TPlink because its so hard to get UniFi hardware I need.
my thinking exactly.
Same to me too.. seems like they gradually discontinue the older model and only make wifi 6 version available. The bad thing is the newer model come with higher price without significant value for my setup.
Omada is better than UniFi... Ubiquiti is just milking with their past brand reputation these days. TP-Link Omada is honestly better.
Now I can understand how to config secure network with vlan, thanks for your explanation
Chris, I know this is a 2 years late, but nicely done. You covered what move home users would need an example of. I am looking at the Omada solution for a church application… do you know if the controller supports time of day wireless networks, so SSIDs can be shutdown when people are not onsite? Thanks in advance.
For a home network, that could be streaming between devices like computers to Roku or phones to Roku, having a separate "Secure" network doesn't seem to make as much sense as it would be an absolute pain swapping networks constantly. It's the old security vs ease of use thing. I'd prefer to see a video on routing video streaming from a secure network to an IoT network so a phone on a secure network, and as such private and protected, could cast across to the IoT network securely
Thank you very much for the video, I was successfully able to setup a small office networking.
Great vid! One thing I noticed app vs on screen controller setup is that device firmware upgrades work better through the app. By better I mean it pulls the update automatically, as well as newer than what's listed on the Omada site.
Very similar to Unifi, BUT I liked the blocking rules in Omada better
Hi Chris. Great vodeos and quite useful. Thank you for that. This is a very interesting solution for a home setup. My question is if one adds up a few AP can they ve setup as a mesh wireless network for seamless comnection throughout the house like with ubiquity?
Damn Bro. Never seen you before but the title of this video should have been “Solve Zach’s Issues In Detail”
Amazing. And done at a level that even I could understand with a minimum of condescension.
Thanks again. I have added you to my favorites.
Really well explained, this helped me achieve a very similar setup which serves its purpose . Thank you!
One question: The ACL which you demonstrate that blocks traffic from the IoT to the Secure network - is that the equivalent of activating the "guest" flag in an SSID?
Thank you for this video, it was very helpful in getting my omada network setup. What tool are you using on your phone and laptop to view the network info and ping?
To answer my own question, this is the Network Analyzer app. ;)
@@RocknR00ster Thank you! I was wondering that myself.
This was super helpful. For my setup I would need the IoT network access to the home assistant server running in the secure network. My question is can the ACL grant access by ports, as I think this might be a solution.
Great video like always and thank you for the information. Question you are adding your VLAN to all of the interfaces on your router. Usually I use one interface to trunk the VLAN's. Are you adding the VLAN to all interfaces because of network redundancy? Love to hear your thoughts. Thank you so much.
Forgot to mention the one LAN interface is the one that is trunked and two interfaces are used to connect to a Pfsense with different "zones" defined by Pfsense.
Seems like a nice system. I'll have to give it a try. Do you know how the performance is? Will it be able to keep up with a 1000/1000 fiber connection?
I also noticed you used a network tool on your phone. Which one is it? I've previously tried a wifi scanner from the google app store and it was honestly not so great. LinSSID on a laptop worked better for me but I would really like something on my phone as it's easier to carry around.
Thanks for sharing such a nice instructional video on OMADA, it will be very useful for me in the future.
Great video! Interested in how this setup would work with the Deco mesh APs, or with another manufacturer's mesh APs.
Hello there, and a great video. It has helped me get my hands on omada.
Did you hard reboot the omada controller? Does it have a reboot option?
Thanks so much for this excellent video. I noticed that you do not set a VLAN ID for your "Secure Wireless" network (even though you set VLAN ID 1 for your "Secure LAN"). I tried both, setting 1 as VLAN ID for my WLAN and not setting it and it only works _without_ the VLAN ID. All other wireless networks work with their VLAN IDs set as shown in your video. Any idea why setting a VLAN ID for the "secure wireless" network does not work? Or should it? Thanks again!
Same for me.
Excellent overview. I've been debating moving beyond consumer wifi to a much more granular setup like this. I considered going with the Netgate4100 PFsense appliance with Omada devices behind it as a buy-once, cry-once.
NetGate/PFSense are the way to go for routing. I've been using it for about 18 years and minus one update in 2020, it's been absolutely solid. Even with 5,000 users, it did everything we needed. Skip the UniFi/TP-Link routers unless you only need the basics.
Thanks Chris... everything worked nicely today. The only issue I encountered was my WAN configuration, which was easily solved by my ISP (iiNet) support person.
Request... how about showing us how to set-up a L2PT VPN...
It takes so long for the OC200 to reboot - if you just connect it to usb power - then you can pull the cable out and put it back in the alternate slot and it will get new ip almost instantly .
Nice tip!
Great video, I am planing to do multi story/floor setup in the future, can you show how to setup WPA2-Enterprise where the password determine which vlan you will be on with seamless roaming
Thanks for the great video. I'm trying to decide if I need a Smart Managed switch or not, like the SG2210MP you demo'd in the video. I would like the ability to setup the different VLANs as you did in the video. However I don't think I need much more capability or L2 features (other than IGMP Snooping). When you setup the different VLANs and Static/DHCP configurations, was that done at the ER605 Router level, or did you need the SG2210MP switch to do that? Thank-you.
Excellent video. Sounds like something I can do. HOWEVER, our service is a DSL and I don't know if the TP-Link Omada is doable.
We have an Zyxel XMG3512-B10a router.
Great training. Well thought out and organized. Easy to follow. Thanks
This was a great tutorial! Thank you for sharing!
Can you please go into more detail on the ACLs for IOT. I have a lot of IOT devices and want the ability to cast from secure devices (in secure network) to the IOT network.
There is a lot of talk on the TP-Link forums about getting MDNS on the 605 - which it lacks! I have all TP-Link except for the router, I want the 605 but my EdgeRouter X does MDNS perfectly and that is what is putting me off getting the 605. I always have my personal devices on my secure network and I cast etc from them to IOT - works on EdgeRouter but so far not on the 605.
@@M4l3k0 Thank you for the explanation.
I am not an IT professional but been in IT staffing a long time so finally got my hands dirty doing some stuff myself. I built my own rack, ran my own cat 6 and deployed a full Omada network. However, I haven't deployed an IoT Vlan yet for this specific reason. Luckily, all of my IoT devices are from "reputable" (and I use that VERY lightly) brands (Amazon, Philips, TP Link, Samsung, GE) but would still prefer to keep them on their own network.
I currently have the ER605 but have been debating on going to another solution like PfSense or similar.
@crosstalksol - can you answer this one??? I don't see your response to many inquiries here. If you answer these in another spot can you post that here? Thanks!
@crosstalksol - can you answer the question on accessing IoT from secure (for casting and such)? I don't see your response to many inquiries here. If you answer these in another spot can you post that here? Thanks! 😊
Thanks for explaining this whole process in an easy manner. but is there any alternative to the current 4 items you have mentioned for only making 4 VLANs? The currently mentioned items are beyond my budget (which is almost 1/4 of this setup)
I watched this video several months ago, and enjoyed it, but now use two Verizon 4G/5G broadband modem/routers as my internet connection. Can the ER7206 WAN and WAN/LAN inputs come from the two broadbanc router LAN outputs and if so, is there anything special to setup the ER7206 Wired Internernet inputs?
Very well presented. This is the information I was looking for. Thank you so much!
Loved this video very much. Only question as i progress froward How would you share network printers (EPSON) on your secure network to allow printing say off of your iphone on the IOT Network>. Thanks!
Can you do a video on dual WAN with starlink and your cable internet .. fail over or backup
The ACL is stateless on omada so that last ACL rule you made will actually block traffic in both directions.
yeah I think that is what I am encountering. What would be the solution to allow the secure network to then still have access to the IoT network?
Great video, really helped me understand this system. I started laying out this system for a small business. Right now we have 4 desktops, a NAS, and a Brother 3-in-one directly connected to an unmanaged switch. I am mainly going to use the Omada to setup a mesh system to connect WiFi cameras around several other buildings (along with providing senate WiFi to those buildings). I am assuming I could keep them on the unmanaged switch connected to a wan/lan port on the ER605 and I could isolate them from the remainder of the network? Thanks for any help.
Great video. What do you like better: Unifi or Omada? I'm building a network at my new home. I had Unifi in the past with the original cloud key. It was problematic.
Thank You for all this usefull informations, it has help me to better set my networks (wired & wireless).
I was hoping you would cover VPN getting on certain network only and similar scenarios
First of all, great video. I'm planning to setup an omada based network and I have a question. Is it possible to use my existing starlink router rather than getting an ER605? Am I able to configure everything on the video without it? Or is it important to get the router? Thanks.
Interesting even if I can't do the VLAN bit yet :)
I'm still using a consumer grade router with WIFI on it with a switch connected to it. The switch odes VLAN but the router does not. Since I installed an EAP225 (PoE-switch, though I might have to use an injector with the new 610) some time back I disabled the built-in WIFI of the router and let the EA225 handle that part. Have an EAP 610 on its way to me and was thinking of switching the 225 for the 610 in the same spot and then have the 225 in a mesh with it. The plan is to move away from that older router to something (prebuilt or homebrew) that does VLAN so I can isolate some stuff on my network.
This is awesome stuff!! Thank you so much for all this information is super helpful. Do you know if there is a way with all this setup to have a schedule "timer" on certain devices? ... Ex. No internet for playstation during the night :P
Thanks for the video Chris. Any word if a multi tenant/customer controller is coming?
More videos with pfsense integration please.
The only thing missing is what happens next in the setup process… plugging in actual devices and assigning them to the various vlan’s. For example, what are the pros/cons of having a dedicated “dumb” switch hooked up to one of the ports on the smart switch for all IoT devices, and another dumb switch hooked up for all Secure devices? And will I need separate access points for each vlan in order to keep things separate, or can I somehow assign the various SSIDs to various vlan’s from a single access point (hooked up to a single port on the smart switch)?? I have 18 wired devices and 29 wireless devices, so knowing the best way to hook up a good number of wired devices would be helpful. (I know there are managed switches in the Omada line with more than 8 ports, but they get more expensive, and I already have a couple of dumb switches laying around, so tips on how to incorporate the dumb switches into the smart switch layout for these vlans would be helpful.)
Otherwise, this was an excellent tutorial on actul setup of the Omada suite of products. Just wish some real world connections were made and shown how to assign different ports and devices to the various vlans.
Normal switches don't understand VLANs. So every port on your dumb switch will be on the same VLAN. Not sure on the Omada, but on HP you have tagged/untagged and Cisco you have trunk and access. Your dumb switches need to be connected to untagged/access ports. Your APs will be on trunk/tagged ports. On the new Aruba managed switches, they are trunk ports but have a native VLAN, which is access, so it's a little different but most of the same stuff still applies. You can get "smart" switches, which are cheaper than managed, but more expensive than dumb switches. Hopefully that all makes sense. Not an expert on it, but can maybe provide some insight. I haven't seen the Omada stuff, but have some TP-Link smart switches and use the Deco stuff right now. Have been looking at getting some newer Deco stuff, but might need to check this out myself. Ubiquiti also makes nice home/small business gear.
where does he pull the IP ranges from that he mentioned at the beginning? can I use the same ones he mentioned?
How were you able to set the static IP for the controller? I keep getting an error saying the static IP must come out of the DHCP pool and not the addresses that were reserved to be used from outside the DHCP pool. From my understanding, this is a known problem to be addressed in a new version of firmware.
About to do this with my Starlink which I’m set to receive next month. Anything to look out for other than putting the router in bridge mode?
Awesome video! Clear and concise.
The best omada video. thanks
can you do a video on remote adoption from outside the local network
Hi Chris I have setup my system and would like to know after a power outages how to get the oc 200 back online. I live in the Caribbean.
can you share the link to your video on how to install s/w based controller
Great job and well explained. Thank you for that.
pretty useful video tutorial and really help us a lot as a new user of omada and tp link product.. :)
superhelpful! I'm researching what AP to use with Firewalla Purple. I'm considering EAP610 with the OC200 along with the FWPurple.
You can reserve ip address on DHCP, but the common practice is what is recommended in the video.
Thanks for this video, what is the software drawing diagram sir? Thanks is advanced
Great guide. Is it possible to connect two different internet connections to the TP link firewall and assign APs to the different internet connections? E.g. I have four APs in the topology, I want to assign two to a particular internet source that is connection to the TP Link firewall and the other two to another internet source also connected to the TP Link firewall. The first two will be on the private network and the remaining two will be on a public network. Is this possible? Note that I am not referring to load balancing.
Great tutorial! I currently have a tl-r600vpn wired router managing my home LAN , would you say that switching to the er605 would make it more secure? The tl r600vpn hasn't had a firmware update since 2014
Thanks for this complete presentation. I noticed that you don't enable the default Vlan on the Secure Wlan. On my configuration, when I enable it this Wlan doesn't work anymore. Is it for the same reason you don't enable it ? Does anybody know why it doesn't work ? Thanks for your help.
This is just what i needed...Your great ...Thank you
Great video. I want to replace an Edgerouter lite with outdated firmware. What is current firmware policy for TP Link Omada devices?
this is lovely and very practical examle. Awesome.
Fun fact, "omada" (ομάδα) means "team" in Greek