TP-Link Omada

Environment

This document was created using the following hardware and software:

rXg: Version: 14.284 Controller Model: TP-Link Omada Controller (Windows) Controller Version: 5.6.13 AP Model: EAP610-Outdoor(US) v1.0 AP Version: 1.1.0 Build 20220930 Rel 65326

The installation process for the Windows-based controller was documented using the following hardware and software:

rXg: Version: 14.284 Controller Model: TP-Link Omada Controller (Windows) Controller Version: 5.6.13 AP Model: EAP610-Outdoor(US) v1.0 AP Version: 1.1.0 Build 20220930 Rel 65326

Obtain the Omada installation file from TP-Link (https://support.omadanetworks.com/us/product/omada-software-controller/?resourceType=download). Double-click to begin the installation. Click "Next" through the typical installation wizard. On the final screen, make sure that "Start Omada Controller after installation is checked"

Allow access through the Windows firewall.

The installation process for the Linux-based controller was documented using the following hardware and software:

rXg: Version: 16.116 Controller Model: TP-Link Omada Controller (Debian) Controller Version: 5.15.20.18 AP Model: AEP750-Wallmount(US) v1.1 AP Version: 1.0.2 Build 20241017 Rel. 74083

Obtain the Omada installation file from TP-Link (https://support.omadanetworks.com/us/product/omada-software-controller/?resourceType=download). In this example, a Ubuntu server 22.04.5 LTS with the latest upgrades is used.

Install openjdk-17-jre-headless:

sudo apt install openjdk-17-jre-headless

Download the controller debian package:

wget https://static.tp-link.com/upload/software/2025/202503/20250331/Omada_SDN_Controller_v5.15.20.18_linux_x64.deb

Install the latest MongoDB - these instructions may need to be modified for other OS versions.

sudo apt-get install gnupg curl
curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | \
   sudo gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg \
   --dearmor
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/8.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.list
sudo apt-get update
sudo apt-get install -y mongodb-org

Install the Omada controller directly from the Debian package

sudo apt install ./Omada_SDN_Controller_v5.15.20.18_linux_x64.deb

The controller should start automatically during the installation process. The status can be checked as follows:

sudo tpeap status

Omada Controller is running. You can visit http://localhost:8088 on this host to manage the wireless network.

If needed, start the controller using

sudo tpeap start

Click "Launch" to open the configuration page at https://localhost:8043 (when installing on Windows locally) or at https://<FQDN/IP>:8043 (when installing remotely on a VM / applicance). The following start up screen is applicable to the Windows installation only - there is no splash screen when running it on a Linux system.

Click "Let's Get Started"

Set your Controller name, region (should be automatically populated), timezone, and select the deployment scenario. Then click "Next"

Click "Skip" (note that the screen below shows the Controller view when a test WAP is powered on and discovered on the local L2 segment shared with the controller, i.e., both the Controller and the WAP belong to the same IP prefix)

Click "Skip" on the Configure WAN Settings Override screen

Click "Skip" on the SSID configuration screen (can be set up later on)

Configure credentials for the controller and access points. Disable Cloud Access Accept Terms of Use Click "Next"

Click "Finish" to complete the initial Controller configuration

Login using the credentials created in the previous step.

You can skip the tutorial here by clicking the X.

Create RADIUS profile

Click the gear icon in the bottom left-hand corner for settings. Browse to Authentication >> RADIUS Profile Click "+ Create New RADIUS Profile"

Before you configure this section, you will need to have the IP address of the rXg, and the RADIUS shared secret. The IP address of the rXg should be reachable from the Omada controller. The shared secret can be obtained from the rXg Admin UI by browsing to Services >> RADIUS and then scroll down to the RADIUS Server Options scaffold. Use this password for all password fields in the RADIUS profile below.

Click "Save" once the form is complete.

We now need to configure a RADIUS profile so that the Omada controller can send RADIUS requests to the rXg.

Add Access Points via AutoDiscovery

On the Omada Admin UI, browse to Devices on the side menu. Note that the Autodiscovery mechanism is only available when the WAP and the Controller are on the same IP prefix (same L2 segment).

In this section, we need to adopt the access points. The easiest way to do this is by using the batch adopt button under Batch Action.

Then select all of the access points and click "Done".

Once the adoption process is complete, you should see the AP show connected.

Add Access Points via DHCP Option 138

When the WAP and the Controller are on different L2 segments (different IP prefixes), the Controller is not able to automatically discover WAPs. WAPs need to be offered with the IP address of the Controller using the DHCP Option 138 (CapWap). The DHCP Option 138 can be configured as a custom DHCP option on the rXg as follows:

  • create a custom DHCP option under the Services::DHCP::Custom DHCP Options scaffold, as show below:

DHCP Option 138 structure

  • create an instance of the DHCP Option 138 under the Services::DHCP::DHCP Options scaffold, with the value assigned to the previousl created option, as shown below

DHCP Option 138 example value

Once the WAP is rebooted, the DHCP Option 138 is offered to the WAP, informing the device about the IP address of the Controller. Afterwards, the device becomes visible in the Controller device scaffold as ready for adoption.

Add Access Points via Inform setting on WAP

In certain network configurations, it is not possible to add custom DHCP Option 138 due to functional limitations of the DHCP server. WAPs need to be configured with the IP address of the Controller using the Inform statement in their web UI. This method is the least recommended one, since it requires each individual WAP to complete the configuratuion using the web UI, to gain access to the Controller Settings, as shown below:

Inform configuration

Add WLAN configuration

In this section, we will configure a WLAN for unbound PSK.

In the bottom left corner, click "Settings".

Click "Wireless Networks" to expand the menu. Click "WLAN"

Click "+ Create Wireless Network".

Complete the form below as indicated. Be sure to uncheck the 6 GHz band or the SSID will not broadcast. Click "Apply"

You should now see the SSID being broadcast as a secure network.

rXg Configuration

The following configuration assumes that the rXg has been previously configured for an MDU deployment. The steps below demonstrate how to add the TP-Link Omada controller to the existing configuration.

Add Omada Controller and WLAN

From the rXg UI, browse to Network >> Wireless Click "Create New" on the WLAN Controllers scaffold.

Complete the following fields with the appropriate information as it relates to the Omada controller. Click "Create"

Click "Create New" on the WLANs scaffold.

Configure the following fields as indicated.

Configure RADIUS

From the rXg UI, browse to Services >> RADIUS Click "Create New" on the RADIUS Server Attributes scaffold.

Set the Name of the Attribute to TPLink-EAPOL-Found-PMK Set the Value of the Attribute to %account.pre_shared_key% Make sure that your Post-Auth realm is selected. Click "Create"

At this point, you should be able to associate to the ppsk SSID and enter a Pre-Shared Key that was previously configured for an account.


Cookies help us deliver our services. By using our services, you agree to our use of cookies.