Omada SDN Controller_V5.12 (Updated on Sep 20th, 2023) [Thread Closed]

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Omada SDN Controller_V5.12 (Updated on Sep 20th, 2023) [Thread Closed]

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
109 Reply
Re:Omada SDN Controller_V5.12.x (Updated on Sep 4th, 2023)
2023-09-07 21:16:42

  @Fae 

 

using 5.12 cloud or hardware controller 6ghz is no longer usuable. Channel can be set but it reports 33 always and no devices can connect to it.

 

 

  1  
  1  
#74
Options
Re:Omada SDN Controller_V5.12.x (Updated on Sep 4th, 2023)
2023-09-08 03:40:40

Hello everyone and @Fae!

 

Running an ER7206 with the latest firmware (1.4.0 build 20230828 Rel.58568) and Omada SDN Controller v5.12.6 beta in a Debian LXC. I've got a pair of PowerEdge servers in a co-lo I've been managing this setup (to pair with an identical setup back at home), and my networking setup has a couple of peculiarities that have me scratching my head.

 

WAN IP Aliasing

I've got two separate /28 public IP subnets on one physical connection—no VLANs. Was pretty stoked about the WAN IP aliasing feature. But when I tried setting it up, the UI threw me for a loop. It asks for a 'subnet', yet it seems like it only wants an IP address. When I punched in the IP, tried to swap out 1:1 NAT and routed ports 80 and 443, nothing got through to my Nginx proxy manager. Worked like a charm with 1:1 NAT, so what gives?

 

Questions:

  • How does WAN IP aliasing work with single physical connections and multiple /28s or other subnets?
  • Does this feature jive with subnets that are spatially apart in the addressing?
  • Anything specific I need to do differently versus 1:1 NAT?

 

Threat Alerts and Block Lists
Switching gears, I enabled some of the newer threat prevention features. Now I'm swamped with DShield IP alerts. That's fine and dandy as I love me some alerts, but when I try to blacklist these suckers, I hit a wall before even reaching 100 entries. Seems pretty limited IMO.

 

Questions:

  • What's the cap on this block list?
  • Can it support Regex or be extended with lists like PiHole or PFBlockerNG?
  • How do I manage or remove IPs from the threat analysis if I can't add 'em to the block list?

 

Would appreciate any tips, tricks, or insights. This isn't just about solving my problems; I'm pretty sure this could help others stuck in similar spots.

 

Cheers!

  0  
  0  
#75
Options
Re:Omada SDN Controller_V5.12.x (Updated on Sep 4th, 2023)
2023-09-08 14:48:34 - last edited 2023-09-09 02:38:32

  @Fae 

 

I am running OC200(UN)_V1_1.26.2_Build 20230817. I am getting many, "Router/Gateway detected TCP SYN-and-FIN packets attack and dropped xx packets" and "Router/Gateway detected TCP no-Flag attack and dropped xx packets." errors every hour.  Avoiding these excessive (and likely false) log entries and warnings was one of the reasons I decided to download and install this beta firmware version.  If anything, this version has made the situation worse.

(1) TL-R605 v1.0 Router/Gateway (1) OC200 v1.0 Controller (1) TL-SG2210P v3.20 POE Switch (2) TL-SG2218 v1.0 POE Switch (3) EAP245 v3.0 Access Point (1) EAP225-Outdoor v1.0 Access Point
  0  
  0  
#76
Options
Re:Omada SDN Controller_V5.12.x (Updated on Sep 4th, 2023)
2023-09-10 19:13:21

  @Fae 

Hi Fae

 

I've got 7 AP's hanging off my OC200 v1 and 3 of them (2 x eap225 fw 5.1.0 and 1 x eap235-wall fw 3.1.1) after upgrade to the beta FW they refused to take any clients even though some of the clients are less then a couple of metres from the AP's. The only way I could gets clients to reconnect (some of the clients are fixed to those AP's as well) was to un-adopt them, factory reset them and then re-adopt, after that everything started reconnecting on those AP's.

 

Lee...

OC300 V1 ER8411 V1 T1600G-52TS V1 TL-SG1218MPE V5 TL-SG608E V6 TL-SG605E V5 EAP225 V3 (x3) EAP225-Outdoor V1 (x2) EAP235-Wall V1 (x2)
  0  
  0  
#77
Options
Re:Omada SDN Controller_V5.12.x (Updated on Sep 4th, 2023)
2023-09-11 06:10:58

Hello @IamMurphy,

 

IamMurphy wrote

using 5.12 cloud or hardware controller 6ghz is no longer usuable. Channel can be set but it reports 33 always and no devices can connect to it.

 

Do you mean that the 6GHz is working fine before you upgrade to 5.12 controller? If so, what is the previous version of your controller? Are you using OC200 v1/v2 or OC300 v1?

 

After you manual fix the channel 117 on 6GHz, you may wait for a couple minutes and then refresh the controller page to check whether the channel utilization will report the channel 117.

 

Regarding the issue that no devices can connect to 6GHz, please ensure that your client device is 6 GHz capable first. And please check whether there is any error message from your client device or controller log when your 6GHz capable client failed to connect to the EAP690E on 6GHz band.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#78
Options
Re:Omada SDN Controller_V5.12.x (Updated on Sep 4th, 2023)
2023-09-11 06:48:08

Hello @gknac,

 

gknac wrote

WAN IP Aliasing

I've got two separate /28 public IP subnets on one physical connection—no VLANs. Was pretty stoked about the WAN IP aliasing feature. But when I tried setting it up, the UI threw me for a loop. It asks for a 'subnet', yet it seems like it only wants an IP address. When I punched in the IP, tried to swap out 1:1 NAT and routed ports 80 and 443, nothing got through to my Nginx proxy manager. Worked like a charm with 1:1 NAT, so what gives?

 

Questions:

  • How does WAN IP aliasing work with single physical connections and multiple /28s or other subnets?
  • Does this feature jive with subnets that are spatially apart in the addressing?
  • Anything specific I need to do differently versus 1:1 NAT?

 

WAN IP Alias supports configuring multiple IP addresses on one WAN port, and these IP addresses can be used to configure virtual server and other functions.

 

When configuring WAN IP Alias with multiple public IP subnets, you may need to add the IP addresses one by one, just like the example config shown below. (If needed, you can google for IP Subnet Calculator to get the IP addresses.)

 

Regarding One-to-One NAT, please notice that it only takes effect when the connection type of the corresponding WAN port is Static IP

How to configure One-to-One NAT

 

If it doesn't help, please feel free to report back, we may need to check your detailed configuration via email for further investigation.

 

gknac wrote

Threat Alerts and Block Lists
Switching gears, I enabled some of the newer threat prevention features. Now I'm swamped with DShield IP alerts. That's fine and dandy as I love me some alerts, but when I try to blacklist these suckers, I hit a wall before even reaching 100 entries. Seems pretty limited IMO.

 

Questions:

  • What's the cap on this block list?
  • Can it support Regex or be extended with lists like PiHole or PFBlockerNG?
  • How do I manage or remove IPs from the threat analysis if I can't add 'em to the block list?

 

If I didn't get it wrong, you were trying to click the Block icon from the Clients list, and have the questions about the Block list, is that right?

 

For the cap on the block list, I think you have get the answer when you failed to add more clients into the block list. (I haven't tried to reach the cap yet, so I don't have the exact number for you now.) And I'm afraid that it may not support Regex or be extended with lists like PiHole or PFBlockerNG.

 

To remove the clients from the blocked list, you may go to Insights > Known Clients > Blocked tab for unblock incon.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#79
Options
Re:Omada SDN Controller_V5.12.x (Updated on Sep 4th, 2023)
2023-09-11 07:01:18

Hello @lflorack,

 

lflorack wrote

I am running OC200(UN)_V1_1.26.2_Build 20230817. I am getting many, "Router/Gateway detected TCP SYN-and-FIN packets attack and dropped xx packets" and "Router/Gateway detected TCP no-Flag attack and dropped xx packets." errors every hour.  Avoiding these excessive (and likely false) log entries and warnings was one of the reasons I decided to download and install this beta firmware version.  If anything, this version has made the situation worse.

 

What's the current firmware version of your ER605 V1 router?

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#80
Options
Re:Omada SDN Controller_V5.12.x (Updated on Sep 4th, 2023)
2023-09-11 07:12:53

Hello @MantonL,

 

MantonL wrote

I've got 7 AP's hanging off my OC200 v1 and 3 of them (2 x eap225 fw 5.1.0 and 1 x eap235-wall fw 3.1.1) after upgrade to the beta FW they refused to take any clients even though some of the clients are less then a couple of metres from the AP's. The only way I could gets clients to reconnect (some of the clients are fixed to those AP's as well) was to un-adopt them, factory reset them and then re-adopt, after that everything started reconnecting on those AP's.

 

Our support engineers would like to check more details with you to look into the issue further. I've created a support ticket via your registered email address, the ticket ID is TKID230917364, if you're willing to help, please pay attention to this ticket email and respond to the support engineer. Thanks!

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#81
Options
Re:Omada SDN Controller_V5.12.6_Windows (Released on Aug 18th, 2023)
2023-09-11 08:03:11 - last edited 2023-09-11 08:04:51

Hello @RigpaCastanon,

 

RigpaCastanon wrote

 Caption

  @RigpaCastanon  now what i dow

 

Upon your screenshot, it seems that your ER605 got into DISCONNECTED state, while the TL-SG2008 v4 was still Connected with a valid IP address. Was your ER605 V2 disconnected right after you install the Controller v5.12? If yes, what's the previous version of your Omada Controller? And what's the current firmware version of your ER605 V2?

 

If your ER605 V2 is still shown as DISCONNECTED in your Omada Controller, please try the following suggestions and see if it works.

 

1. Forget the ER605 of "Disconnected" state from the Controller page (it will not actually reset ER605 since it is not managed by the controller now).

2. Try to access the standalone web UI of ER605 via its IP address, go to System Tools > Controller Settings, and configure the Controller Inform URL with the IP address of your Controller host.

 

 

3. If it doesn't help, please reset the ER605 and re-adopt it to have a check.

 

If there is anything new came up, please try to elaborate on the issue so that we can help you further.

We look forward to hearing back from you.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#82
Options
Re:Omada SDN Controller_V5.12.x (Updated on Sep 4th, 2023)
2023-09-11 11:24:10 - last edited 2023-09-11 11:25:55

  @Fae 

 

The current firmware version of my ER605 V1 router is 1.3.0 Build 20230511 Rel.51317.

(1) TL-R605 v1.0 Router/Gateway (1) OC200 v1.0 Controller (1) TL-SG2210P v3.20 POE Switch (2) TL-SG2218 v1.0 POE Switch (3) EAP245 v3.0 Access Point (1) EAP225-Outdoor v1.0 Access Point
  0  
  0  
#83
Options