HowTo: Omada Port Security MAC-ID based?
Hi,
I do have an Outdoor Access-Point connected to my switch.
All configured with Omada Controller.
How can I secure my switch port in that way, that 'only' the Outdoor Access-Point MAC-ID is allowed to connect to that switch port?
Didn't find a way or any explanation within manuals.
Hope to get some help.
Thx.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I am very disappointed in this Omada system. I currently have 10 sites with 22 devices up and running. If I had known this earlier, I would not have invested in this. You can't even manage your VPN connections in the app. I really hope that a controller update will come with the Port Security option very soon.
PS: I could no longer log in via @Robin74's previous account.
- Copy Link
- Report Inappropriate Content
Hi All,
Thanks for your feedback!
The current Controller V5.9 supports the configuration of Port Security functions using the CLI, but it still requires Omada switches firmware adapted with V5.9.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@SameRobin74 Probably not easy to find, but you can see what version a switch is adapted to by going to the models support page. Under the firmware release notes they say what version controller the device is adapted to.
- Copy Link
- Report Inappropriate Content
@Hank21 Ubiquity supports this port security option today. It's annoying that this feature is not supported, especially since I'm in the market for a new 28+ port switch.
Anyways I'll hold out hope that this feature will be added in the future when I'm actually looking to buy a switch.
Do you have a roadmap or time frame of when the TL-SG2008P v1.0 would be updated for the controller version that supports port security?
- Copy Link
- Report Inappropriate Content
@Hank21 It's great that CLI setup is allowed now, but really this should just be implemented in the GUI.
For anyone with a switch adapted to Omada v5.9, the CLI Device contig below is the one I'm using.
#
interface gigabitEthernet 1/0/19
mac address-table max-mac-count max-number 1
mac address-table max-mac-count exceed-max-learned enable
mac address-table max-mac-count mode permanent
mac address-table max-mac-count status drop
- Copy Link
- Report Inappropriate Content
I think the proper way to secure in such scenario is to use 802.1X with which the access would have to provide credentials before being given network access.
Unfortunately, it seems 802.1X is not available for Omada AP outside of WPA Enterprise
- Copy Link
- Report Inappropriate Content
All hardware has had an update and port security works, but terribly cumbersome. I also miss the violation mode shutdown. I hope that a GUI will be made for it, which will make it as clear as a standalone switch
- Copy Link
- Report Inappropriate Content
@Hank21 I just found out that there isn't a update for my TL-SG2428P v4.0 4.0.5 Build 20221130 Rel.42340. Do you know when this will happen?
- Copy Link
- Report Inappropriate Content
@Stryk3rr3al You can do only 1 at the time :(
- Copy Link
- Report Inappropriate Content
Information
Helpful: 9
Views: 5474
Replies: 25