Possibility to disable web ui

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Possibility to disable web ui

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Possibility to disable web ui
Possibility to disable web ui
2020-08-03 14:04:04 - last edited 2020-08-13 10:55:15
Model: EAP225-Outdoor  
Hardware Version:
Firmware Version:

Hi!

 

I'm considering to add the EAP225-Outdoor (or omada accesspoints in general) to our network infrastructure. Since I didn't find anything usefull in the freely available documentation, I have two questions.

 

1) The device appears to have a web ui (in addition to the management/control server). Is it possible to disable access to the UI via WIFI and only allow access to the UI via ethernet? 

 

2) Is it possible to bind the UI to a specific VLAN or is the management UI exposed as UNTAGGED traffic on the ethernet port?

 

Best regards

  0      
  0      
#1
Options
1 Accepted Solution
Re:Possibility to disable web ui-Solution
2020-08-03 15:00:59 - last edited 2020-08-13 10:55:15

Hi jw_at,

 

  1. No. The EAPs can be operated in either stand-alone mode or in managed mode under control of Omada SDN Controller software, resp. an OC200:
    • In stand-alone mode access to the web UI is enabled gloabally, but you can limit access by the MAC address for up to four devices.
    • In managed mode access to the EAP's built-in web UI is disabled.
      You manage the EAP through the controller, which can reside in another network.
      However, to use the built-in Hotspot Portal you would need to grant access to the controller for wireless clients and secure its web UI using a password.
  2. You can set a »Management VLAN«, yes. This works in both, managed and stand-alone modes.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
Recommended Solution
  0  
  0  
#2
Options
3 Reply
Re:Possibility to disable web ui-Solution
2020-08-03 15:00:59 - last edited 2020-08-13 10:55:15

Hi jw_at,

 

  1. No. The EAPs can be operated in either stand-alone mode or in managed mode under control of Omada SDN Controller software, resp. an OC200:
    • In stand-alone mode access to the web UI is enabled gloabally, but you can limit access by the MAC address for up to four devices.
    • In managed mode access to the EAP's built-in web UI is disabled.
      You manage the EAP through the controller, which can reside in another network.
      However, to use the built-in Hotspot Portal you would need to grant access to the controller for wireless clients and secure its web UI using a password.
  2. You can set a »Management VLAN«, yes. This works in both, managed and stand-alone modes.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
Recommended Solution
  0  
  0  
#2
Options
Re:Possibility to disable web ui
2020-08-13 10:57:58

@R1D2 

 

Thanks!

 

ad 1) hotspot portal) We would like to continue to use our opnsense portal, so if I understand it correctly, I can lockdown the controllers webui in regards of the wifi net work.

 

 

  0  
  0  
#3
Options
Re:Possibility to disable web ui
2020-08-13 11:15:28 - last edited 2020-08-13 11:33:03

@jw_at, yes, you can continue to use your pfsense portal. We also use our own portal running on the gateway router and place EAPs as well as the controller in an isolated management network, aside from the guest network.

 

See this post (scroll down to »Method 2«) for a typical network topology and router configuration. You can easily add an isolated management network or use the LAN for the EAPs and the controller. With a separate management network, typical topology is as follows:

 

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#4
Options