Business Community > Routers > How to Configure SD-WAN
< Routers

Configuration Guide How to Configure SD-WAN

Configuration Guide How to Configure SD-WAN

Configuration GuideHow to Configure SD-WAN
How to Configure SD-WAN
12 hours ago - last edited 11 hours ago
Tags: #VLAN & Multi-Networks #WAN Setup #Routing

Background:

 

This post provides a configuration guide on turning on the SD-WAN.

 

This Article Applies to:

 

  • It requires both adaptations. If you're not on the proper router firmware and controller version, the SD-WAN option is not displayed.
  • Omada routers with SD-WAN capability.
  • The controller is required to be V5.15.20.X or above. 

 

Configuration Steps:

 

Read before you start:

 

1. At least one of the devices participating in the network must have a public IP.
2. The WAN participating in the network cannot have the DMZ function enabled.
3. The network segments participating in the network must not conflict with each other and cannot conflict with the LAN network segments of other sites.
4. The direct tunnel between Spokes must wait until the Spoke-Hub tunnel is fully established before it is controlled by the Hub to establish.

 

If you are missing either one, you are not able to use SD-WAN properly. 

 

1. Adopting devices

Go to https://omada.tplinkcloud.com/

Create your Organization.

In the Organization page, you copy the URL.

 

 

2. Adopt your other router devices.

The rest of the other routers are required to be adopted over the Internet. You should copy the address above and use the Inform URL to control your device.

 

 

3. Create the Site.

Create a site for every router you are gonna use for the SD-WAN. Finish the adoption process.

 

4. Configure the SD-WAN.

4.1.1 Configure basic SD-WAN information - Basic information

Click SD-WAN and create the SD-WAN Group.

 

 

 

 

Fill in Group Name, Description, and SD-WAN IP Range. The SD-WAN IP Range is used to assign virtual IPs to the VPN interface. Ensure that the IP Range contains at least 16 IPs. After filling in, click Check Availability to perform conflict detection on the IP Range.

 

 

4.1.2 Configure basic SD-WAN information - Hub and Spoke Devices

Pick the Hub Device.

At this time, all site devices with public IP addresses in the WAN of all sites will be listed, and one device will be selected as the Hub.

 

 

Pick the Spoke Device

 

 

Then you should see this page like this, and click Next:

 

 

4.2 Configure basic SD-WAN information - Set Network Topology

Click Manage Spoke-Spoke Connection.

 

 

The tunnel between Spokes must ensure that at least one end has a public IP. Since the 10_7206v2 site has a public IP, it can establish a direct tunnel between Spokes with 30_7206v2 and 40_7206v2. Users can configure it according to the actual network topology.

 

 

The tunnel between Spokes must ensure that at least one end has a public IP. Since the 10_7206v2 site has a public IP, it can establish a direct tunnel between Spokes with 30_7206v2 and 40_7206v2. Users can configure it according to the actual network topology.

 

 

 

4.3 Configure basic SD-WAN information - Select WAN & Network

This page will add the Default LAN of each site to the Network Segment. Users can customize the Network Segment parameters for each site. It is necessary to ensure that all Network Segments in the network do not conflict with LANs in other sites.

 

 

Click Auto Select WAN Port, and the controller will automatically select a WAN with a public IP or a WAN with the smallest number of ports and an IP. Users can also customize the configuration for each site.

 

 

Click Save to finish the setup.

 

 

 

Verification:

 

1. Examine the Routing Table.

 

 

Spoke:

 

 

Hub:

 

 

2. Spoke-Hub test.

 

 

 

3. Spoke-Hub-Spoke test.

 

 

 

Note:

 

1. Configuration steps for Standalone mode are similar.

2. Please note that this will involve an adapted firmware, not just a controller update. Firmware development is a complex process, and timelines may change. Therefore, we cannot provide a specific release date at this time. Please stay tuned to future firmware release notes for updates.

3. When introducing a feature like this, we typically apply it uniformly across all models to ensure consistency and a seamless user experience.

However, it's essential to acknowledge that hardware limitations may exist, which might prevent us from adding the feature to certain models. In such cases, we cannot provide individual notifications explaining the reason. Please note that we cannot guarantee the fulfillment of all requests, and we must set clear expectations upfront.

4. If your ping fails, strongly recommend you refer: 

 

 

Update Log:

 

Apr 24th, 2025:

Release of the article.

 

Recommended Threads:

 

How to Disable NAT on Omada Router

Configuration Guide How to Configure WireGuard VPN on Omada Controller

Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates

Get the Latest Omada SDN Controller Releases Here - Subscribe for Updates

 

Feedback:

 

  • If this was helpful, welcome to give us Kudos by clicking the upward triangle below.
  • If there is anything unclear in this solution post, please feel free to comment below.

 

Thank you in advance for your valuable feedback!

 

------------------------------------------------------------------------------------------------

Have other off-topic issues to report? 

Welcome to > Start a New Thread < and elaborate on the issue for assistance.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0      
 
  0      
 
#1
Options
1 Reply
Re:How to Configure SD-WAN
5 hours ago

  @Clive_A 

 

Thank you for this, very much appreciated.  I look forward for the adapted ER605v2 firmware so i can test this on a couple easily-accessible remote sites i have.

 

I have a couple follow-up questions.

 

1- When you add the network segments of the hub / spokes, are all of those automatically shared across all the devices in the group?

2- If the above is true, how can you limit users of a LAN on a spoke from accessing a lan of another spoke or the hub ?  (eg, users of vlan 10 on spoke should not be able to freely access management vlan of hub, but can access the matching vlan 10 of the hub freely) - can you still achieve this with a gateway WAN IN acl specifying an incoming IP Group ?

Main: ER8411 x1, SG3428X x1, SG3452 x1, SG2428LP x1, SG3210 x1, SG2218P x1, SG2008P x1, ES205G x2, EAP650 x6 Remotes: ER605 v2 x3, SG2008P x2, EAP650 x2 VPN Server: ER7206 v2 Controller: OC300
  0  
  0  
#2
Options

Information

Helpful: 0

Views: 51

Replies: 1

Tags

VLAN & Multi-Networks WAN Setup Routing
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.