How to manage EAPs at different sites across Internet using Omada Controller (via VPN Tunnel with DHCP Option138) (Old UI)
EAP225 V3 , EAP110-Outdoor V3 , EAP225-Wall , EAP115 V4 , EAP225-Outdoor , EAP225 V2 , EAP245 , EAP320 , EAP110 , EAP220 , EAP330 , EAP120 , EAP235-Wall , EAP110 V4 , EAP115 , EAP225 , EAP110-Outdoor , Omada Software Controller , EAP115-Wall
Recent updates may have expanded access to feature(s) discussed in this FAQ. Visit your product's support page, select the correct hardware version for your device and check either the Datasheet or the firmware section for the latest improvements added to your product.
As shown below, HQ and Branch Office are connected with each other through IPSec VPN tunnel. In HQ, there are TP-Link EAP controller, EAP1 and TL-ER6120 (VPN Router) in subnet 192.168.1.0/24. In branch office, there are EAP2, layer 3 switch T2600G-28TS as DHCP Server (supporting DHCP option138) and TL-ER6120 (VPN router) in subnet 192.168.0.0/24.
This document will introduce how to manage EAPs at different sites across Internet using TP-Link EAP/Omada controller (via VPN Tunnel with DHCP option138). About how to choose VPN Router and set up site to site IPSec VPN tunnel, please refer to: Setting up Site-to-Site IPsec VPN on TP-Link Router
Step1. Configurations on T2600 switch in Branch Office
1.1 Change switch’s default IP address from 192.168.0.1 to 192.168.0.2 to avoid IP conflict with gateway router.
1.2 Enable DHCP Server Function on T2600G-28TS, and set DHCP Option138 as the IP address of Remote EAP/Omada Controller Host (192.168.1.253). And then the DHCP Server will tell the EAPs will the EAP/Omada Controller is, so that the EAP/Omada Controller and EAPs can communicate with each other among different subnets
1.3 Configure DHCP IP Address Pool (192.168.0.0/24) for EAP in branch office.
Step2. VPN Settings on TL-ER6120 in Branch Office
2.1 Disable DHCP server function on TL-ER6120 in Branch Office.
2.2 Go to VPN -> IKE -> IKE Proposal, and complete IKE Proposal settings shown as below.
2.3 Go to VPN -> IKE -> IKE Policy, and complete IKE Policy settings shown as below.
2.4 Go to VPN -> IPsec -> IPsec Proposal, and complete IPSec Proposal settings shown as below.
2.5 Go to VPN -> IPsec -> IPsec Policy, and complete IPsec Policy settings shown as below. Note: “Remote Gateway” should be the WAN IP address of TL-ER6120 in HQ.
Step3. VPN settings on TL-ER6120 in HQ are similar with “Step2”. Here we don’t describe them in detail any more. After all settings, the VPN tunnel will be established between HQ and Branch Office shown as below.
Step4. Run EAP Controller. The EAP will appear in EAP/Omada controller’s “pending” list, which means you can use EAP/Omada controller to adopt and manage this EAP now shown as below.
Looking for More
Is this faq useful?
Your feedback helps improve this site.
What’s your concern with this article?
- Dissatisfied with product
- Too Complicated
- Confusing Title
- Does not apply to me
- Too Vague
- Other
We'd love to get your feedback, please let us know how we can improve this content.
Thank you
We appreciate your feedback.
Click here to contact TP-Link technical support.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again
Basic Cookies
These cookies are necessary for the website to function and cannot be deactivated in your systems.
TP-Link
SESSION, JSESSIONID, accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType
Youtube
id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ
Zendesk
OptanonConsent, __cf_bm, __cfruid, _cfuvid, _help_center_session, _pendo___sg__.<container-id>, _pendo_meta.<container-id>, _pendo_visitorId.<container-id>, _zendesk_authenticated, _zendesk_cookie, _zendesk_session, _zendesk_shared_session, ajs_anonymous_id, cf_clearance
Analysis and Marketing Cookies
Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.
The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.
Google Analytics & Google Tag Manager
_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>
Google Ads & DoubleClick
test_cookie, _gcl_au