How to configure Management VLAN in Omada SDN Controller (4.4.4 or above)

The management VLAN is a VLAN created to separate the management network from the data network. By default, the management VLAN is the LAN network in a network centrally managed by Omada SDN Controller.

You can change the management VLAN to improve network security. With a separated management VLAN, it is much harder for unauthorized users to modify the configurations or monitor the network.

This article takes two scenarios as examples to introduce how to configure Management VLAN:

• Network with an Omada managed router as the gateway
• Network with a non-Omada managed router as the gateway

Note:

1. The Omada managed router refers to the TP-Link router that can be managed centrally by Omada SDN Controller, such as ER7206 and ER605.
2. Configurations in Omada Hardware Controller and Software Controller are the same. Here we take Omada Software Controller as an example. Before configuring Management VLAN, refer to User Guide to add the devices to the controller, and set up the computer running the controller to obtain an IP address dynamically.
3. When using Omada Cloud-Based Controller, you have no need to configure Management VLAN because it has separated the management data from user data to ensure privacy. No user data will pass through the cloud.

Topology 1: Network with an Omada Managed Router as the Gateway

Note: The router can be managed by Omada SDN Controller.

In this scenario, the router, switches, and EAPs can be managed by Omada SDN Controller. After connecting and adding devices, launch the management page and follow the steps below to configure Management VLAN.

1. Go to Settings > Wired Networks > LAN Networks and click Create New LAN to create a network (named MGMT VLAN with VLAN ID 4090 in this example) as Interface. Click the box of associated LAN interface (LAN1), enable DHCP Server, and fill the DHCP range to assign IP addresses to devices in this network. After being created, a profile with the same name will be added automatically, and its PVID is 4090.

2. Go to Devices, click switch A to open the sidebar, and go to Ports. Click the edit icon of an idle port (port 4 in this example) and select a profile whose PVID is 4090.

3. Go to Devices and add the devices to MGMT VLAN (VLAN 4090). You can configure the devices in batches and the steps for switches and EAPs are similar. Take the switch as an example. Click the Gateway/Switches tab, and then Batch Config to select the switches to be configured, and click Edit Selected to open the Properties window. Go to Config > Services, enable Management VLAN, and configure the VLAN as MGMT VLAN (VLAN 4090).

NOTE: Set a DHCP address reservation in the management VLAN for the controller making certain to note that the Network must select the management VLAN. Also, enable Auto Refresh IP to ensure that the controller can obtain the corresponding IP address.

4. Reconnect the controller to switch A through port 4 (the idle port configured in step 2).

Note: Given the Omada Gateway does not support changing the management VLAN temporarily, we will use Omada Discovery Utility to inform the Omada gateway of the new IP address of the Omada Controller.

5. Use another PC connecting to Omada gateway directly to download and install Omada Discovery Utility via this link. Run Omada Discovery Utility, select the Omada gateway and click Batch Setting. Fill in the Controller Hostname/IP with IP address of Omada Controller and the Username/Password of the Omada gateway. At last, click Apply. Given the Omada gateway had been adopted by Omada Controller before, you can find the username/password in Omada Controller Settings > Site > Devices Account.

After configuration, the switches and EAPs will be in the management VLAN (VLAN 4090) with new-assigned IP addresses. The controller can manage and monitor the devices in the separated management VLAN.

Note: We suggest you to set ACL to prevent devices in other networks from accessing the devices in management VLAN, which improves the network security.

Topology 2: Network with a Non-Omada Managed Router as the Gateway

* The router cannot be managed by Omada SDN Controller.

In this scenario, only the switches and EAPs can be managed by Omada SDN Controller. After connecting and adding devices, launch the management page and follow the steps below to configure Management VLAN.

1. Go to Settings > Wired Networks > LAN Networks and click Create New LAN to create a network (named MGMT VLAN with VLAN ID 4090 in this example) as VLAN. After being created, a profile with the same name will be added automatically, and its PVID is 4090.

2. Make sure the devices have obtained IP addresses dynamically or have proper static IP addresses.

• If the devices obtain IP addresses automatically, make sure the DHCP server can assign IP addresses to devices in VLAN 4090.
• If the devices use static IP addresses, note that the controller and devices should be in the same subnet.

3. Go to Devices, click switch A to open the sidebar, and go to Ports. Click the edit icon of an idle port (port 4 in this example) and select a profile whose PVID is 4090.

4. On the same page, go to Devices and add the devices to MGMT VLAN (VLAN 4090). You can configure the devices in batches and the steps for switches and EAPs are similar. Take the switch as an example. Click the Gateway/Switches tab, and then Batch Config to select the switches to be configured, and click Edit Selected to open the Properties window. Go to Config > Services, enable Management VLAN and configure the VLAN as MGMT VLAN (VLAN 4090).

5. Reconnect the controller to switch A through port 4 (the idle port configured in step 3).

After configuration, the switches, EAPs, and controllers will be in the management VLAN (VLAN 4090) with new-assigned IP addresses. The controller can manage and monitor the devices in the separated management VLAN.

To get to know more details of each function and configuration please go to Download Center to download the manual of your product.