Feature requests for Omada Controller
Dear @forrest,
I have some feature request for Omada Controller collected over time from our Omada customers and from Omada users here in the forum. I would appreciate very much if you could consider those features in a future version of Omada controller.
1. Statistics page
It would be helpful if the statistics page would allow to select a pie chart for showing numbers of users/guests per EAP, not only per SSID. Often, sites have only one SSID at all and the current pie chart always shows 100% users for this SSID. I know, it's already in Omada App, but sysadmins would like to see this in Omada software controller and OC200, too.
2. Client hostnames
If WiFi hostnames are empty (device shows up as »Unknown«), Omada Controller should query the DNS server for the hostname. DNS servers in small SOHO networks keep track of the hostname sent by DHCP automatically. Business users often use a full-fledged DNS server. Additionally, the client's hostname should be allowed to be set manually – you have accepted the latter suggestion of a manual settings for home users already as far as I know. But DNS names should be queried for power (business) users, too, and it would be beneficial even for SOHO users.
3. Proxying capabilities
It would be helpful to allow use of web proxys such as the nginx or apache web server, which can forward requests to Omada controller. This would just require the ability to bind Omada controller to specific IP addresses set in the properties, thus preventing the controller to listen to all IP addresses of the server. Business class servers often have web front-ends and load-balancing while the software runs on a back-end server. Those load balancing functions of a proxy could be used easily for Omada controller with only small changes in the Java code which allow binding to certain IP adresses.
4. mongod database
Sysadmins should be able to use a system-provided mongodb instance alternatively to the built-in one. Currently Omada controller always starts an own mongod instance. If it would be possible to prevent this start, Omada controller could use an existing (already installed) mongod by just changing the port in the properties. So please make start of the built-in mongod optional for those users who run an own mongod already. No need to run DB servers twice on the same system.
5. Make Java code platform-independent again
In version 2.x Omada controller's Java code was platform-independent. Java classes for Windows could be used on Linux and FreeBSD UNIX without any change. Starting with version 3 Omada controller introduced platform dependency, which isn't really needed (Java has been designed to be platform-independent). Only change required in V3 Omada controller would be to not query for the platform the controller is running on, but instead querying for the existance of platform-dependend helper commands such as ps (then it's running on Linux or FreeBSD) or tasklist (then it is running on Windows).
By querying for the existance of helper commands instead of querying the platform you would have to support only one version of Omada controller's Java code for every platform. No more differences in Java code for Windows, Linux and FreeBSD – just one Java code base like it was in versions 2.4 to 2.7. You only would need to package different software packages versions for distribution of built-in binaries such as mongod, but the Omada community version, which avoids any built-in binary, could run on any platform, whether it's 32 bit, 64 bit or x86, mips or arm architecture.
If R&D doesn't want to unite the Java code base, then please remove at least the platform checks in Java method »com.tp_link.eap.start.EapLinuxMain« and consider removal of the platform checks in the Linux version of Omada controller. For example, if you remove those platform checks, the Linux version could be made easily to run also on FreeBSD, which is often used as an Internet server. And I'm sure, no-one would download the Linux version anyway if he runs Windows.
6. SSL certificates
While it is possible to change SSL certificates in the Linux version easily, it isn't possible at all on OC200. Please consider an upload mechanism for OC200 either through the web UI or maybe through the optional USB stick, which can be added to OC200. There is a lot of space on USB sticks used for auto-backups. Why not use it for other things, too?
7. Client isolation
Please consider to add a setting for »Client Isolation« again. It would be not necessary to change the current existing setting »Guest Network«, which still could co-exist and which could enable client isolation, too. But it would be beneficial to only enable client isolation without the invisible ACLs being set when using »Guest Network« setting. This would also simplify access from guest users to the OC200 portal when OC200 is the only device in the (wired) LAN.
These are the feature requests I'm often asked for by our customers and by users here in the forum. It would definitely improve Omada Controller.
Thanks very much for your consideration.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@Rod-IT, ah, I see. Yes, the count of client devices differs from the number of clients shown on the page. I guess that the update times for the count and the »Clients« page are different, the headline counter is updated more often.
- Copy Link
- Report Inappropriate Content
@R1D2 Yep I also vote for the client isolation n7. I use pfsense captive portal for my guest network as I have currently several APs from different brands so I really need it.
- Copy Link
- Report Inappropriate Content
@R1D2 I would like to add my vote for this important feature!
7. Client isolation
Please consider to add a setting for »Client Isolation« again. It would be not necessary to change the current existing setting »Guest Network«, which still could co-exist and which could enable client isolation, too. But it would be beneficial to only enable client isolation without the invisible ACLs being set when using »Guest Network« setting. This would also simplify access from guest users to the OC200 portal when OC200 is the only device in the (wired) LAN.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Vote here for #3 Proxy capability.
Just tried to set this up for a client (that use a reverse proxy for anything that needs external connectivity) and was shocked to find it does not work.
Can't imagine too many people want to open custom ports through their firewall specifically for the Omada software
- Copy Link
- Report Inappropriate Content
I've just registered to the forum only to say: PLEASE separate "guest network" from "client isolation".
There is no sane reason for combining "client isolation" and "block private (rfc1918) networks" in a single setting. Just implement two check boxes in a common section:
______
guest network settings:
[x] client isolation
[x] block private (rfc1918) networks
______
reason:
I've put untrusted wifi (IoT) device in their own SSID/VLAN network. They are supposed to access local services, but they shouldn't talk to each other when connected to the EAP. All of them are just local - no internet involved. This scenario was broken by combining "client isolation" and "block private networks" in a single "guest network" setting.
- Copy Link
- Report Inappropriate Content
imoula wrote
I've just registered to the forum only to say: PLEASE separate "guest network" from "client isolation".
There is no sane reason for combining "client isolation" and "block private (rfc1918) networks" in a single setting. Just implement two check boxes in a common section:
______
guest network settings:
[x] client isolation
[x] block private (rfc1918) networks
______
Forrest did transfer moderation over to Fae.
Dear Fae, please add one more vote for re-introducing the »Client Isolation« setting in Omada Controller. We now should have ~24 votes for this request.
imoula, yes, it was a pretty bad idea by TP-Link to remove »Client Isolation« (which was falsely called »SSID Isolation«, it didn't isolate SSIDs) in Omada Controller V3.
Both settings, »Client Isolation« as well as »Guest Network« could easily co-exist. The former setting would be for professionals, the latter for home users.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Many thanks! I'm looking forward to a firmware update :-)
- Copy Link
- Report Inappropriate Content
@R1D2 Sorry - about time I jumped in...
It seems to me that the DNS update has not occurred yet. However I'm still seeing some clients pull a hostname from somewhere - I'm not sure where. I'm running PFSense and DNS resolver (named I think).
For SNMP polling - the capability still remains in the EAP's (I think). I read some time back about a workaround whereby you could un-adopt an EAP. Login via the web interface, then configure the SNMP settings as needed. Once re-adopted, the EAP still responds to SNMP requests using the generic SNMP MIBs. Of course there is a question as to whether TP-LINK have their own MIB base - anyone? Either way, enabling the functionality from within Omada should be straight forward.
For those with concerns over JAVA and user separation - have you considered taking a look at docker? I run the software controller in a separate container. Whevener a new release occurs, 'mbentley' (what a kind chap!) updates his images accordingly and, as if by magic, we can quickly pull the image and restart the container.
I believe this approach is becoming adopted by many organisations currently, and provides for many advantages in an ever-more cloud centric world.
For myself, I acquired an HP ml350p earlier this year, which now runs around 25 separate containers with a wide variety of containerised applications. The Omada Software-Controller is but one of these.
I offer my vote for DNS, SNMP, and using an existing MongoDB servver - especially as containerisation makes shared database servers (or in their own containers) far easier to maintain and manage.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 8
Views: 13400
Replies: 39