TP-Link Omada
Environment
This document was created using the following hardware and software:
rXg: Version: 14.284 Controller Model: TP-Link Omada Controller (Windows) Controller Version: 5.6.13 AP Model: EAP610-Outdoor(US) v1.0 AP Version: 1.1.0 Build 20220930 Rel 65326
Deploy TP-Link Omada controller on Windows
The installation process for the Windows-based controller was documented using the following hardware and software:
rXg: Version: 14.284 Controller Model: TP-Link Omada Controller (Windows) Controller Version: 5.6.13 AP Model: EAP610-Outdoor(US) v1.0 AP Version: 1.1.0 Build 20220930 Rel 65326
Obtain the Omada installation file from TP-Link (https://support.omadanetworks.com/us/product/omada-software-controller/?resourceType=download). Double-click to begin the installation. Click "Next" through the typical installation wizard. On the final screen, make sure that "Start Omada Controller after installation is checked"
Allow access through the Windows firewall.
Deploy TP-Link Omada controller on Linux
The installation process for the Linux-based controller was documented using the following hardware and software:
rXg: Version: 16.116 Controller Model: TP-Link Omada Controller (Debian) Controller Version: 5.15.20.18 AP Model: AEP750-Wallmount(US) v1.1 AP Version: 1.0.2 Build 20241017 Rel. 74083
Obtain the Omada installation file from TP-Link (https://support.omadanetworks.com/us/product/omada-software-controller/?resourceType=download). In this example, a Ubuntu server 22.04.5 LTS with the latest upgrades is used.
Install openjdk-17-jre-headless:
sudo apt install openjdk-17-jre-headless
Download the controller debian package:
wget https://static.tp-link.com/upload/software/2025/202503/20250331/Omada_SDN_Controller_v5.15.20.18_linux_x64.deb
Install the latest MongoDB - these instructions may need to be modified for other OS versions.
sudo apt-get install gnupg curl
curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | \
sudo gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg \
--dearmor
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/8.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.list
sudo apt-get update
sudo apt-get install -y mongodb-org
Install the Omada controller directly from the Debian package
sudo apt install ./Omada_SDN_Controller_v5.15.20.18_linux_x64.deb
The controller should start automatically during the installation process. The status can be checked as follows:
sudo tpeap status
Omada Controller is running. You can visit http://localhost:8088 on this host to manage the wireless network.
If needed, start the controller using
sudo tpeap start
Configure TP-Link Omada controller
Click "Launch" to open the configuration page at https://localhost:8043
(when installing on Windows locally) or at https://<FQDN/IP>:8043
(when installing remotely on a VM / applicance). The following start up screen is applicable to the Windows installation only - there is no splash screen when running it on a Linux system.
Click "Let's Get Started"
Set your Controller name, region (should be automatically populated), timezone, and select the deployment scenario. Then click "Next"
Click "Skip" (note that the screen below shows the Controller view when a test WAP is powered on and discovered on the local L2 segment shared with the controller, i.e., both the Controller and the WAP belong to the same IP prefix)
Click "Skip" on the Configure WAN Settings Override
screen
Click "Skip" on the SSID configuration screen (can be set up later on)
Configure credentials for the controller and access points. Disable Cloud Access Accept Terms of Use Click "Next"
Click "Finish" to complete the initial Controller configuration
TP-Link Omada Controller Configuration for PPSK
Login using the credentials created in the previous step.
You can skip the tutorial here by clicking the X.
Create RADIUS profile
Click the gear icon in the bottom left-hand corner for settings. Browse to Authentication >> RADIUS Profile Click "+ Create New RADIUS Profile"
Before you configure this section, you will need to have the IP address of the rXg, and the RADIUS shared secret. The IP address of the rXg should be reachable from the Omada controller. The shared secret can be obtained from the rXg Admin UI by browsing to Services >> RADIUS
and then scroll down to the RADIUS Server Options
scaffold. Use this password for all password fields in the RADIUS profile below.
Click "Save" once the form is complete.
We now need to configure a RADIUS profile so that the Omada controller can send RADIUS requests to the rXg.
Add Access Points via AutoDiscovery
On the Omada Admin UI, browse to Devices
on the side menu. Note that the Autodiscovery mechanism is only available when the WAP and the Controller are on the same IP prefix (same L2 segment).
In this section, we need to adopt the access points. The easiest way to do this is by using the batch adopt button under Batch Action.
Then select all of the access points and click "Done".
Once the adoption process is complete, you should see the AP show connected.
Add Access Points via DHCP Option 138
When the WAP and the Controller are on different L2 segments (different IP prefixes), the Controller is not able to automatically discover WAPs. WAPs need to be offered with the IP address of the Controller using the DHCP Option 138 (CapWap). The DHCP Option 138 can be configured as a custom DHCP option on the rXg as follows:
- create a custom DHCP option under the Services::DHCP::Custom DHCP Options scaffold, as show below:
- create an instance of the DHCP Option 138 under the Services::DHCP::DHCP Options scaffold, with the value assigned to the previousl created option, as shown below
Once the WAP is rebooted, the DHCP Option 138 is offered to the WAP, informing the device about the IP address of the Controller. Afterwards, the device becomes visible in the Controller device scaffold as ready for adoption.
Add Access Points via Inform setting on WAP
In certain network configurations, it is not possible to add custom DHCP Option 138 due to functional limitations of the DHCP server. WAPs need to be configured with the IP address of the Controller using the Inform statement in their web UI. This method is the least recommended one, since it requires each individual WAP to complete the configuratuion using the web UI, to gain access to the Controller Settings, as shown below:
Add WLAN configuration
In this section, we will configure a WLAN for unbound PSK.
In the bottom left corner, click "Settings".
Click "Wireless Networks" to expand the menu. Click "WLAN"
Click "+ Create Wireless Network".
Complete the form below as indicated. Be sure to uncheck the 6 GHz band or the SSID will not broadcast. Click "Apply"
You should now see the SSID being broadcast as a secure network.
rXg Configuration
The following configuration assumes that the rXg has been previously configured for an MDU deployment. The steps below demonstrate how to add the TP-Link Omada controller to the existing configuration.
Add Omada Controller and WLAN
From the rXg UI, browse to Network >> Wireless
Click "Create New" on the WLAN Controllers
scaffold.
Complete the following fields with the appropriate information as it relates to the Omada controller. Click "Create"
Click "Create New" on the WLANs
scaffold.
Configure the following fields as indicated.
Configure RADIUS
From the rXg UI, browse to Services >> RADIUS
Click "Create New" on the RADIUS Server Attributes
scaffold.
Set the Name of the Attribute to TPLink-EAPOL-Found-PMK
Set the Value of the Attribute to %account.pre_shared_key%
Make sure that your Post-Auth realm is selected. Click "Create"
At this point, you should be able to associate to the ppsk SSID and enter a Pre-Shared Key that was previously configured for an account.