Skip to content

TP Link WISPr with Omada Pro Cloud Based Controller (CBC)

How to setup WISPr with Omada Pro Cloud Based Controller

The things that we need to setup for TP-Link Omada Pro cloud based controller are exactly the same as what we setup in the RUCKUS WISPr example, just for TP-Link. First login to omada.tplinkcloud.com.

KEY DIFFERENCES FROM RUCKUS: 1. Access Points send RADIUS packets directly to the RADIUS Server, NOT Proxied through the controller. 2. All HTTPS API transactions will be done with the Cloud Based Controller, therefore you will need connectivity to the internet.

Create a new site.

First, please create a site to house the APs you want to setup.

tplink sites

Create the platform integration

Navigate to Settings :: Platform Integration, from the same level as before. From here you should be able to create a new application integration:

omadacbc create new platform integration

You can decide whether you want to choose every site it has authority over, or if you want to just let it have authority over all sites. It will need to have authority over the sites that you plan to use for WISPr.

Site Setup

Next launch into your site by clicking on the highlighted button to the right of its name.

omadacbc site launch button

Create WLAN

Please create a simple open WLAN like so:

omadacbc create wlan

Create Radius profile

Next you will be able to create your radius profile for this in Profiles :: RADIUS.

omadacbc radius profile

Keep in mind that the RADIUS packets will be coming from the APs, not the cloud-based controller, so you will want the address that you put in there to be reachable FROM the APs! I was mildly surprised the find that I think both my microtik and tp-link "small" routers would route private IP addresses up through their WAN interface without even needed to configure a static route.

Create External Portal Server

Under Authentication :: Portal, you can create your external portal server record.

Creating the external portal server is pretty straightforward, the biggest gotcha is don't forget to configure the Access Control. Otherwise it will not work for unauthenticated clients.

omadacbc external portal server

Access Control!

omadacbc external portal server access control

Mac-based Authentication (bringing together RADIUS and External Portal Server)

Under Authentication :: MAC-Based Authentication, now you can configure your SSID with your External Portal Server and RADIUS server. All you have to do is:

  • Enable MAC-Based Authentication
  • Choose your SSID
  • Choose your RADIUS profile from before
  • enable MAC-Based Authentication Fallback

omadapro mac based auth

Operation

Pending

Just as with RUCKUS, when a device joins the network for the first time, it will be placed into a walled garden and forcibly redirected to the portal with WISPr data appended to its HTTP query string.

omadapro cbc pending device

The AP will try to use RADIUS to find out if this device can get online, but these will be rejected because it does not have an account with usage.

omada pro cbc RADIUS rejects

Approved

Once the account has been granted usage and an API call has been made Omada CBC, the device will be online.