TP-Link Omada OC200 Cloud Controller Overview
This is our first version of the hardware wireless controller for the Omada EAP line. It supports access via the cloud, mobile app and network. And all this without paid licenses and monthly deductions. For remote network management, connecting to our cloud is enough. In general, everything as you like.
Under the cat review of the interface, plus a bunch of details on the connection, configuration and deployment.
')
At the words "wireless controller", imagination standardly draws a bulky, rack-mounted device. Previously, it was so. Previously - to OC200 , a wireless network controller in a compact metal case with dimensions of 100x98x25 mm. Yes, it looks absolutely tiny. But it is only in appearance!
The front panel has two FE ports, two LEDs, a USB host port and a recessed Reset button. One of the Fast Ethernet network interfaces allows not only transferring data, but also providing power to the device when connected to a switch with IEEE 802.3af or 802.3at support. Power mode using PoE (Power over Ethernet) is more convenient because it does not require additional wiring and organization of sockets, in addition, the controller can always be rebooted remotely if necessary (of course, using a managed switch). The speed of the Fast Ethernet network interface (100 Mbit / s) is quite enough, since user traffic is not transmitted through it. But we will tell about it in more detail in the next section.
The front panel USB interface is intended for connecting a drive to which a local backup of the database and configuration files will be made; it will also be required when connecting a large number of access points and / or wireless clients.
On the rear panel there is a Kensington lock and a microUSB connector, which is needed to connect an external power source (5V / 1A) used in a situation when there is no possibility of powering the controller via PoE.
The TP-Link OC200 wireless controller is designed for desktop or wall placement, therefore, on its bottom panel there are round rubber feet and L-shaped technological openings. Compact dimensions, low weight and the absence of fans in the case allow you to place the device anywhere: in a rack or on a table, in a server room or on a wall in a regular office.
What's inside? Inside, the system is based on a Marvell Armada 88F3720 SoC processor with two ARMv8 cores operating at 1 GHz, as well as an Atheros AR8236 switch.
If for some reason a software solution is preferable to a hardware one or, for example, you have more than 100 access points, you can use our TP-Link Omada Controller wireless software controller running under Microsoft Windows and Linux operating systems.
Now look at the supported topologies.
In one of our previous materials we have already described various options for connecting a wireless controller to the network. The OC200 model has only two network interfaces. In addition, these are interfaces using Fast Ethernet technology. Does this mean that the controller will be a bottleneck, limiting the speed of all wireless clients? Definitely not! Of course, provided that access points do not connect directly to the controller.
Modern wireless networks simultaneously support multiple SSIDs. Typically, each such network (SSID - Service Set Identifier) ​​corresponds to a specific virtual network (VLAN) that exists in the reference wire segments. This means that a trunk should be established between the switch and the access point, that is, a connection over which traffic of several virtual networks can be transmitted simultaneously. Typically, IEEE 802.1P and 802.1Q protocols are used to organize the trunk. As a result, the access point will perform frame switching for all SSID / VLAN.
But how does the controller connect itself? There are two ways. When using the first controller and access points are located in the same IP subnet (in the same virtual network). Perhaps it should be noted that for a controller connection and access points it is better to allocate a separate virtual network. The control traffic in the trunk between the switch and the access point is transmitted untagged, that is, the so-called native vlan is used. User traffic is usually tagged. An example of such a connection is shown in the figure below.
When connected in the second way, the access points and the controller are located in different IP subnets (in different virtual networks). An example of such a connection is presented below. A special case of such a connection will be the installation of a controller on a remote object.
Each of these methods has its advantages and disadvantages. For example, the first method requires minimal configuration, but at the same time all access points should be located in one stretched virtual network. The second method is more flexible, but requires a little more complicated setup. So, once again, we note that regardless of how the OC200 controller is connected to the network, user traffic is not transmitted through it, so the Fast Ethernet interfaces that this model possesses will in no way restrict users.
Perhaps a few words should be said about local switching. We decided to describe the obvious and present on the route map of traffic for different connections of wireless clients. We take the connection of the controller and access points to the same subnet as a basis (we are talking exclusively about the control interfaces).
Two clients connected to one access point and one wireless network (SSID). Traffic is switched by means of the access point itself.
Two clients connected to the same wireless network, but to different access points. In this case, traffic must be transmitted over the existing wired L2 infrastructure.
If wireless clients are connected to different access points and to different wireless networks, then in this case you cannot do without using a router (OSI device third level device). This is due to the fact that in a wired network the traffic of such clients falls into different virtual networks between which routing can be performed.
And the last possible option: different wireless networks and one access point. In this case, the access point will not be able to perform switching on its own, since the clients are placed in different virtual networks, and the router will need to be involved again.
We would also like to acquaint readers with examples of the simplest network topologies used in various business sectors. Probably one of the most simple schemes can boast of catering, restaurants, cafes and so on.
Chains in shops and hotels are usually a little more complicated.
Campus local networks are perhaps the most complex.
Regardless of the complexity of the topology of the local network segment, the OC200 can be used to support remote site operation. That is, for example, when opening a second store or cafe, you do not need to purchase an additional controller, since access points of the second site can be controlled by an already existing controller.
We hope our short description will help administrators to correctly design the network, taking into account all possible routes of user traffic, so as to avoid bottlenecks as much as possible.
The TP-Link OC200 cloud wireless network controller is configured to automatically obtain IP parameters using DHCP. This means that wherever it is connected, the administrator can immediately access it. However, if for some reason there is no DHCP server on the network, the OC200 will use the so-called fallback address, which is 192.168.0.253 by default. Naturally, if necessary, the administrator can configure a static IP address on the OC200.
When you connect to the controller for the first time, the initial setup wizard starts automatically, with which you can fully prepare the wireless network for work in six simple steps. Since the OC200 controller is of interest to administrators not by itself, but together with the access points it supports, it is also necessary to connect the access points to the existing wired network. Access points can be located with the controller in the same IP network or in different ones, we wrote about this in more detail in the section devoted to the consideration of possible topologies. Of course, access points can be added later - after the initial configuration of the controller has been completed.
Speaking of access points. Currently, ten of our newest indoor models are supported, as well as outdoor models: EAP330, EAP320, EAP245 (October new), EAP225, EAP225-Outdoor, EAP115, EAP110, EAP110-Outdoor, EAP115-Wall, EAP225- Wall.
The controller automatically detects access points placed in it on the same IP subnet. The administrator only needs to specify which devices you want to add to the network.
If the controller and access points are located in different IP subnets, then you can use one of the following methods to connect points to the controller.
Connect to the subnet with access points of a computer or laptop with the preinstalled utility Omada Discovery. This utility can detect wireless devices in the local segment and add them to the OC200 controller.
Unfortunately, this approach cannot be called scalable, since the administrator will need to connect to all segments where access points may be located.
Using option number 138 of DHCP. This option allows you to tell access points the IP address of the TP-Link OC200 wireless controller. After receiving information about the location of the controller, the access points will begin the procedure of connecting to the latter, the administrator will only have to allow connection of access points to the network.
We describe the whole procedure of setting up the core network for connecting access points in a little more detail. The first thing to start with is to create virtual networks on the switches. As an example, we will consider the TP-Link T2600G-28MPS switch. Virtual networks 8 and 9 will be used to bind to the SSID, whereas we have created VLAN10 to manage access points.
The second step is to configure the interfaces to which the access points are connected, translating them into trunk mode. We will leave the control virtual network on these interfaces without a tag.
It is time to create L3-interfaces for the corresponding virtual networks.
For each virtual network in which wireless users can be located, as well as for the control network, you need to create the appropriate DHCP pools.
The final step is to specify the IP address of the OC200 wireless controller in the option 138 field.
You can make sure that the settings you made are correct by the appearance of requests from access points for registration on the controller.
The initial configuration of the core network, controller and access points is completed. The only thing I would like to note is that the OC200 wireless network controller supports access points located on several sites (sites). If you use OC200 to build such a distributed wireless network, you will need to take care of connectivity between sites. There are two ways to connect remote access points to the controller.
The first, most obvious, is the organization of site-to-site VPN connections between sites. With this connection, the controller and access points have the simplest configuration, as it provides full IP connectivity between the head office and branch office networks.
The second, slightly less obvious way is to use the virtual server function on the head office border router. This router performs port forwarding (PAT) inside the network, providing access from the outside to the internal resources of the local network. In this case, in branch office networks, DHCP servers need to be configured so that the value of option # 138 is equal to the IP address of the WAN interface of the headquarters border router.
However, it seems to us that in most cases a tunnel connection between the head office and branches will still be realized, so the second method is extremely rare, although it is quite possible.
When performing maintenance work on the wireless infrastructure, it is necessary to update the firmware for the equipment used on a regular basis. Updates should be made both for the controller itself and for the access points it manages. Issues of updating the firmware devices in the wired core network, we still leave behind the scenes.
The controller firmware can be changed using the Maintenance menu item in the Controller Settings tab. Updates can be made in manual or semi-automatic modes (in the latter case, the controller must be connected to the global network). When updating the controller manually, all you need to do is download the previously downloaded file with the new firmware. The whole procedure takes a few minutes and does not require any specialized knowledge from the administrator.
It is also necessary to update the firmware of the access points. Since all access points are controlled from the controller, it is also necessary to use a controller to update their firmware (menu Batch Upgrade in the Site Settings tab).
Access points of the same type are updated at the same time. This can also be done in manual or semi-automatic modes. When updating automatically, the controller will automatically download the required file from our site and perform the update. The administrator will only have to wait for the process to complete.
We usually post new firmware to the automatic update servers with a slight delay; up to this point they are available only for manual download and update. Changing the firmware version in manual mode is a bit more complicated than in semi-automatic: you only need to download the image from our website and upload it to the controller.
Even if at the moment your wireless network is working without any complaints, we still recommend updating periodically, as newer firmware versions may contain new functions or optimizations of existing ones, include support for new devices and technologies, and provide enhanced security.
One of the ways to control the wireless controller is a web interface, which you can connect to using any modern browser.
A quick look at the possibilities of the top menu items. The Map menu, perhaps, provides the most visual information. With it, the administrator can indicate the location of existing access points on the plan, and the controller will show the intended coverage area. I would like to emphasize that it is the intended coverage area that is displayed, since in reality it is necessary to take into account many additional factors, such as materials of obstacles on the way of radio waves, the presence of interference sources, the location of subscribers and so on. When developing complex and demanding projects, it is impossible to do without full-fledged radio intelligence.
The TP-Link OC200 controller can be used to control the operation of access points in very large networks (up to 100 access points are supported (up to 50 are recommended)) geographically separated. The Omada Controller software solution, using the recommended platform configuration, supports up to 500 access points. For the convenience of administering distributed sites, the use of “sites” is recommended, which allow grouping devices by geography.
Statistical information about managed access points, the number of connected wireless clients, the traffic consumed, and so on can be obtained using the Statistics menu.
You can get more detailed information about any particular access point, as well as customize it using the Access Points menu. For example, you can change the settings of the radio module, enable or disable redistribution (balancing) of clients between access points and detect unmanaged points, change the parameters of wireless networks supported by the point.
A list of connected wireless clients is available in the Clients menu.
The Insight menu is also intended to display statistics, but only this time the statistics are displayed for wireless clients and all “foreign” access points that do not belong to our controller.
If you need access to log information, refer to the Log menu.
All global settings are made using the bottom menu items. For example, the Wireless Settings section contains basic and advanced settings for wireless networks, roaming management options, and mesh network settings. It should be noted support for IEEE 802.11k / v standards for fast roaming. IEEE 802.11r support is on the way.
Mesh-technology allows you to slightly change the standard approaches to building wireless networks. Now you can combine the wireless access point of the wireless connection to the core network into a wireless segment. You can get acquainted with our implementation of mesh-networks in more detail with the help of a special page (https://www.tp-link.com/ru/faq-2283.html), which contains answers to frequently asked questions.
The settings for accessing the wireless network are controlled using the Wireless Control menu. Using this item, the administrator can create access lists that regulate traffic flows between specific subnets;perform filtering based on the MAC addresses of client devices, force users to undergo additional authentication on the captive portal, configure QoS settings.
A few additional words need to be said about our captive portal. It is used to authenticate clients using a password or a local user database, a remote RADIUS server or portal server, via SMS or using a Facebook account, a voucher, or even without any additional authentication.
You can enable or disable the lights on devices using the Site Settings menu. Here you can also change access parameters to access points, set a reboot schedule, manage settings for sending log information to remote servers, manage firmware, enable and disable access to the command line, change the virtual network number for management.
To control the OC200 itself, you need to access the Controller Settings menu.
These are, perhaps, all the main points concerning the work with the controller web interface.
It is also worth saying a few words about the TP-Link Omada mobile application, which is ideally suited for remote management of a company's wireless network. The administrator is no longer required to constantly carry a laptop with him, since all the necessary functions are in the application designed for smartphones based on iOS and Android.
In addition, TP-Link Omada allows you to manage your wireless network not only if you have a local connection to the company's network, but also using a cloud service, which you should take a closer look at.
OC200 supports work with our cloud service, connecting to which will allow the administrator to perform remote configuration of equipment.
There are other methods of remote control. For example, you can configure the “port forwarding” on the company's border router so that incoming connections to a specific port are automatically broadcast inside the network to the controller address. Is this approach safe? Definitely not. Of course, you can configure additional rules on the corporate firewall, limiting the list of IP addresses from which you can connect, but we do not consider this to be the best solution.
Another way to remotely manage your wireless network (more secure) is to use a VPN connection to your corporate network. By connecting via VPN (for example, IPSec, OpenVPN, SSL, or even PPTP with MPPE), the administrator establishes a secure connection over which control traffic will be transmitted.
However, an easier way to securely manage is to connect remotely using our cloud service. Consider the procedure for connecting the controller to the cloud.
There are two ways to connect. The first is to specify the cloud user credentials directly on the controller (Cloud Access tab).
If you do not have the required account, you can create it in a couple of minutes.
The second way is to add the controller directly from the cloud user's personal account - all that is required is to specify the device key (of course, support for access from the cloud should be activated on the Cloud Access tab). The device key is placed on a sticker on the bottom panel of the controller case.
Regardless of the chosen method of connecting the OC200 controller to the cloud service, information about the device will be available in the administrator’s personal account on our website.
Now, to remotely manage your wireless network, all you need to do is connect to our site using a mobile application or any modern browser, log in to your personal account, and you can start managing.
You can connect multiple controllers to a single cloud user account, which will allow you to manage wireless networks of different departments or different companies from a single place.
Also worth noting is the possibility of remote control of the controller by several users with different access rights, you only need to add them to the device, indicating the role of each account.
Remote control of the controller using a cloud service is possible not only using a web browser, but also using the TP-Link Omada mobile application.
The association of the new OC200 wireless controller with the cloud user using a mobile application is even faster and simpler: it is enough just to scan the QR code located on a sticker on the controller case.
So, here's what we have in the bottom line:
Under the cat review of the interface, plus a bunch of details on the connection, configuration and deployment.
')
Hardware platform
At the words "wireless controller", imagination standardly draws a bulky, rack-mounted device. Previously, it was so. Previously - to OC200 , a wireless network controller in a compact metal case with dimensions of 100x98x25 mm. Yes, it looks absolutely tiny. But it is only in appearance!
The front panel has two FE ports, two LEDs, a USB host port and a recessed Reset button. One of the Fast Ethernet network interfaces allows not only transferring data, but also providing power to the device when connected to a switch with IEEE 802.3af or 802.3at support. Power mode using PoE (Power over Ethernet) is more convenient because it does not require additional wiring and organization of sockets, in addition, the controller can always be rebooted remotely if necessary (of course, using a managed switch). The speed of the Fast Ethernet network interface (100 Mbit / s) is quite enough, since user traffic is not transmitted through it. But we will tell about it in more detail in the next section.
The front panel USB interface is intended for connecting a drive to which a local backup of the database and configuration files will be made; it will also be required when connecting a large number of access points and / or wireless clients.
On the rear panel there is a Kensington lock and a microUSB connector, which is needed to connect an external power source (5V / 1A) used in a situation when there is no possibility of powering the controller via PoE.
The TP-Link OC200 wireless controller is designed for desktop or wall placement, therefore, on its bottom panel there are round rubber feet and L-shaped technological openings. Compact dimensions, low weight and the absence of fans in the case allow you to place the device anywhere: in a rack or on a table, in a server room or on a wall in a regular office.
What's inside? Inside, the system is based on a Marvell Armada 88F3720 SoC processor with two ARMv8 cores operating at 1 GHz, as well as an Atheros AR8236 switch.
If for some reason a software solution is preferable to a hardware one or, for example, you have more than 100 access points, you can use our TP-Link Omada Controller wireless software controller running under Microsoft Windows and Linux operating systems.
Now look at the supported topologies.
Topologies
In one of our previous materials we have already described various options for connecting a wireless controller to the network. The OC200 model has only two network interfaces. In addition, these are interfaces using Fast Ethernet technology. Does this mean that the controller will be a bottleneck, limiting the speed of all wireless clients? Definitely not! Of course, provided that access points do not connect directly to the controller.
Modern wireless networks simultaneously support multiple SSIDs. Typically, each such network (SSID - Service Set Identifier) ​​corresponds to a specific virtual network (VLAN) that exists in the reference wire segments. This means that a trunk should be established between the switch and the access point, that is, a connection over which traffic of several virtual networks can be transmitted simultaneously. Typically, IEEE 802.1P and 802.1Q protocols are used to organize the trunk. As a result, the access point will perform frame switching for all SSID / VLAN.
But how does the controller connect itself? There are two ways. When using the first controller and access points are located in the same IP subnet (in the same virtual network). Perhaps it should be noted that for a controller connection and access points it is better to allocate a separate virtual network. The control traffic in the trunk between the switch and the access point is transmitted untagged, that is, the so-called native vlan is used. User traffic is usually tagged. An example of such a connection is shown in the figure below.
When connected in the second way, the access points and the controller are located in different IP subnets (in different virtual networks). An example of such a connection is presented below. A special case of such a connection will be the installation of a controller on a remote object.
Each of these methods has its advantages and disadvantages. For example, the first method requires minimal configuration, but at the same time all access points should be located in one stretched virtual network. The second method is more flexible, but requires a little more complicated setup. So, once again, we note that regardless of how the OC200 controller is connected to the network, user traffic is not transmitted through it, so the Fast Ethernet interfaces that this model possesses will in no way restrict users.
Perhaps a few words should be said about local switching. We decided to describe the obvious and present on the route map of traffic for different connections of wireless clients. We take the connection of the controller and access points to the same subnet as a basis (we are talking exclusively about the control interfaces).
Two clients connected to one access point and one wireless network (SSID). Traffic is switched by means of the access point itself.
Two clients connected to the same wireless network, but to different access points. In this case, traffic must be transmitted over the existing wired L2 infrastructure.
If wireless clients are connected to different access points and to different wireless networks, then in this case you cannot do without using a router (OSI device third level device). This is due to the fact that in a wired network the traffic of such clients falls into different virtual networks between which routing can be performed.
And the last possible option: different wireless networks and one access point. In this case, the access point will not be able to perform switching on its own, since the clients are placed in different virtual networks, and the router will need to be involved again.
We would also like to acquaint readers with examples of the simplest network topologies used in various business sectors. Probably one of the most simple schemes can boast of catering, restaurants, cafes and so on.
Chains in shops and hotels are usually a little more complicated.
Campus local networks are perhaps the most complex.
Regardless of the complexity of the topology of the local network segment, the OC200 can be used to support remote site operation. That is, for example, when opening a second store or cafe, you do not need to purchase an additional controller, since access points of the second site can be controlled by an already existing controller.
We hope our short description will help administrators to correctly design the network, taking into account all possible routes of user traffic, so as to avoid bottlenecks as much as possible.
Initial setup
The TP-Link OC200 cloud wireless network controller is configured to automatically obtain IP parameters using DHCP. This means that wherever it is connected, the administrator can immediately access it. However, if for some reason there is no DHCP server on the network, the OC200 will use the so-called fallback address, which is 192.168.0.253 by default. Naturally, if necessary, the administrator can configure a static IP address on the OC200.
When you connect to the controller for the first time, the initial setup wizard starts automatically, with which you can fully prepare the wireless network for work in six simple steps. Since the OC200 controller is of interest to administrators not by itself, but together with the access points it supports, it is also necessary to connect the access points to the existing wired network. Access points can be located with the controller in the same IP network or in different ones, we wrote about this in more detail in the section devoted to the consideration of possible topologies. Of course, access points can be added later - after the initial configuration of the controller has been completed.
Speaking of access points. Currently, ten of our newest indoor models are supported, as well as outdoor models: EAP330, EAP320, EAP245 (October new), EAP225, EAP225-Outdoor, EAP115, EAP110, EAP110-Outdoor, EAP115-Wall, EAP225- Wall.
The controller automatically detects access points placed in it on the same IP subnet. The administrator only needs to specify which devices you want to add to the network.
If the controller and access points are located in different IP subnets, then you can use one of the following methods to connect points to the controller.
Method number 1
Connect to the subnet with access points of a computer or laptop with the preinstalled utility Omada Discovery. This utility can detect wireless devices in the local segment and add them to the OC200 controller.
Unfortunately, this approach cannot be called scalable, since the administrator will need to connect to all segments where access points may be located.
Method number 2
Using option number 138 of DHCP. This option allows you to tell access points the IP address of the TP-Link OC200 wireless controller. After receiving information about the location of the controller, the access points will begin the procedure of connecting to the latter, the administrator will only have to allow connection of access points to the network.
We describe the whole procedure of setting up the core network for connecting access points in a little more detail. The first thing to start with is to create virtual networks on the switches. As an example, we will consider the TP-Link T2600G-28MPS switch. Virtual networks 8 and 9 will be used to bind to the SSID, whereas we have created VLAN10 to manage access points.
The second step is to configure the interfaces to which the access points are connected, translating them into trunk mode. We will leave the control virtual network on these interfaces without a tag.
It is time to create L3-interfaces for the corresponding virtual networks.
For each virtual network in which wireless users can be located, as well as for the control network, you need to create the appropriate DHCP pools.
The final step is to specify the IP address of the OC200 wireless controller in the option 138 field.
You can make sure that the settings you made are correct by the appearance of requests from access points for registration on the controller.
The initial configuration of the core network, controller and access points is completed. The only thing I would like to note is that the OC200 wireless network controller supports access points located on several sites (sites). If you use OC200 to build such a distributed wireless network, you will need to take care of connectivity between sites. There are two ways to connect remote access points to the controller.
The first, most obvious, is the organization of site-to-site VPN connections between sites. With this connection, the controller and access points have the simplest configuration, as it provides full IP connectivity between the head office and branch office networks.
The second, slightly less obvious way is to use the virtual server function on the head office border router. This router performs port forwarding (PAT) inside the network, providing access from the outside to the internal resources of the local network. In this case, in branch office networks, DHCP servers need to be configured so that the value of option # 138 is equal to the IP address of the WAN interface of the headquarters border router.
However, it seems to us that in most cases a tunnel connection between the head office and branches will still be realized, so the second method is extremely rare, although it is quite possible.
Firmware upgrade
When performing maintenance work on the wireless infrastructure, it is necessary to update the firmware for the equipment used on a regular basis. Updates should be made both for the controller itself and for the access points it manages. Issues of updating the firmware devices in the wired core network, we still leave behind the scenes.
The controller firmware can be changed using the Maintenance menu item in the Controller Settings tab. Updates can be made in manual or semi-automatic modes (in the latter case, the controller must be connected to the global network). When updating the controller manually, all you need to do is download the previously downloaded file with the new firmware. The whole procedure takes a few minutes and does not require any specialized knowledge from the administrator.
It is also necessary to update the firmware of the access points. Since all access points are controlled from the controller, it is also necessary to use a controller to update their firmware (menu Batch Upgrade in the Site Settings tab).
Access points of the same type are updated at the same time. This can also be done in manual or semi-automatic modes. When updating automatically, the controller will automatically download the required file from our site and perform the update. The administrator will only have to wait for the process to complete.
We usually post new firmware to the automatic update servers with a slight delay; up to this point they are available only for manual download and update. Changing the firmware version in manual mode is a bit more complicated than in semi-automatic: you only need to download the image from our website and upload it to the controller.
Even if at the moment your wireless network is working without any complaints, we still recommend updating periodically, as newer firmware versions may contain new functions or optimizations of existing ones, include support for new devices and technologies, and provide enhanced security.
Web interface
One of the ways to control the wireless controller is a web interface, which you can connect to using any modern browser.
A quick look at the possibilities of the top menu items. The Map menu, perhaps, provides the most visual information. With it, the administrator can indicate the location of existing access points on the plan, and the controller will show the intended coverage area. I would like to emphasize that it is the intended coverage area that is displayed, since in reality it is necessary to take into account many additional factors, such as materials of obstacles on the way of radio waves, the presence of interference sources, the location of subscribers and so on. When developing complex and demanding projects, it is impossible to do without full-fledged radio intelligence.
The TP-Link OC200 controller can be used to control the operation of access points in very large networks (up to 100 access points are supported (up to 50 are recommended)) geographically separated. The Omada Controller software solution, using the recommended platform configuration, supports up to 500 access points. For the convenience of administering distributed sites, the use of “sites” is recommended, which allow grouping devices by geography.
Statistical information about managed access points, the number of connected wireless clients, the traffic consumed, and so on can be obtained using the Statistics menu.
You can get more detailed information about any particular access point, as well as customize it using the Access Points menu. For example, you can change the settings of the radio module, enable or disable redistribution (balancing) of clients between access points and detect unmanaged points, change the parameters of wireless networks supported by the point.
A list of connected wireless clients is available in the Clients menu.
The Insight menu is also intended to display statistics, but only this time the statistics are displayed for wireless clients and all “foreign” access points that do not belong to our controller.
If you need access to log information, refer to the Log menu.
All global settings are made using the bottom menu items. For example, the Wireless Settings section contains basic and advanced settings for wireless networks, roaming management options, and mesh network settings. It should be noted support for IEEE 802.11k / v standards for fast roaming. IEEE 802.11r support is on the way.
Mesh-technology allows you to slightly change the standard approaches to building wireless networks. Now you can combine the wireless access point of the wireless connection to the core network into a wireless segment. You can get acquainted with our implementation of mesh-networks in more detail with the help of a special page (https://www.tp-link.com/ru/faq-2283.html), which contains answers to frequently asked questions.
The settings for accessing the wireless network are controlled using the Wireless Control menu. Using this item, the administrator can create access lists that regulate traffic flows between specific subnets;perform filtering based on the MAC addresses of client devices, force users to undergo additional authentication on the captive portal, configure QoS settings.
A few additional words need to be said about our captive portal. It is used to authenticate clients using a password or a local user database, a remote RADIUS server or portal server, via SMS or using a Facebook account, a voucher, or even without any additional authentication.
You can enable or disable the lights on devices using the Site Settings menu. Here you can also change access parameters to access points, set a reboot schedule, manage settings for sending log information to remote servers, manage firmware, enable and disable access to the command line, change the virtual network number for management.
To control the OC200 itself, you need to access the Controller Settings menu.
These are, perhaps, all the main points concerning the work with the controller web interface.
Mobile app
It is also worth saying a few words about the TP-Link Omada mobile application, which is ideally suited for remote management of a company's wireless network. The administrator is no longer required to constantly carry a laptop with him, since all the necessary functions are in the application designed for smartphones based on iOS and Android.
In addition, TP-Link Omada allows you to manage your wireless network not only if you have a local connection to the company's network, but also using a cloud service, which you should take a closer look at.
White Mane Horses: Cloud Service
OC200 supports work with our cloud service, connecting to which will allow the administrator to perform remote configuration of equipment.
There are other methods of remote control. For example, you can configure the “port forwarding” on the company's border router so that incoming connections to a specific port are automatically broadcast inside the network to the controller address. Is this approach safe? Definitely not. Of course, you can configure additional rules on the corporate firewall, limiting the list of IP addresses from which you can connect, but we do not consider this to be the best solution.
Another way to remotely manage your wireless network (more secure) is to use a VPN connection to your corporate network. By connecting via VPN (for example, IPSec, OpenVPN, SSL, or even PPTP with MPPE), the administrator establishes a secure connection over which control traffic will be transmitted.
However, an easier way to securely manage is to connect remotely using our cloud service. Consider the procedure for connecting the controller to the cloud.
There are two ways to connect. The first is to specify the cloud user credentials directly on the controller (Cloud Access tab).
If you do not have the required account, you can create it in a couple of minutes.
The second way is to add the controller directly from the cloud user's personal account - all that is required is to specify the device key (of course, support for access from the cloud should be activated on the Cloud Access tab). The device key is placed on a sticker on the bottom panel of the controller case.
Regardless of the chosen method of connecting the OC200 controller to the cloud service, information about the device will be available in the administrator’s personal account on our website.
Now, to remotely manage your wireless network, all you need to do is connect to our site using a mobile application or any modern browser, log in to your personal account, and you can start managing.
You can connect multiple controllers to a single cloud user account, which will allow you to manage wireless networks of different departments or different companies from a single place.
Also worth noting is the possibility of remote control of the controller by several users with different access rights, you only need to add them to the device, indicating the role of each account.
Remote control of the controller using a cloud service is possible not only using a web browser, but also using the TP-Link Omada mobile application.
The association of the new OC200 wireless controller with the cloud user using a mobile application is even faster and simpler: it is enough just to scan the QR code located on a sticker on the controller case.
Conclusion
So, here's what we have in the bottom line:
- Centralized wireless network management: 100 access points (recommended up to 50), support for remote sites, one-click maintenance operations, a cloud service and a mobile application, and automatic backup.
- Advanced wireless features: MU-MIMO, switching between frequency bands, beam forming, load balancing and the ability to limit available bandwidth, wireless speeds up to 1900 Mbps, mesh network, roaming, software up-to-date checking and automatic updating.
- Stability and security options: captive portal, access lists, support for multiple SSIDs and VLANs, additional authentication, scheduled actions, support for various topologies.
- : , , PoE, /// , (~7 . .).
Source: https://habr.com/ru/post/428415/
All Articles