TP Link Omada

Compatibility

Social WiFi has been tested and is proven to work on the following configurations:

Omada Cloud-based Controller

  • Version 5.6.0 and above (tested up to 5.13.10.41)

Omada Software Controller

  • Controller V4: unsupported

  • Controller V5: versions 5.3.1 and newer (tested up to 5.12.7)

Due to upcoming security changes in Google Chrome browser, affecting Windows and Android devices, the minimum supported controller version is 5.3.1. This is the first release that includes a fix that makes captive portals work even when Google Chrome starts enforcing new security rules (currently planned for Q1 2023).

Access the administration panel

This guide assumes using the web based UI of the controller, which you can access by entering the IP address of the device in your browser. E.g. if the controller is installed on a local machine, enter: http://127.0.0.1:8088. The screenshots are based on controller version 4.4.3.

Alternatively, if your device is managed from Omada Cloud, you can access the management UI from there.

Wireless network configuration

If you don’t have a wireless network configured yet, go to Settings → Wireless Networks and click the Create New Wireless Network button.

Use the following settings:

RADIUS configuration

Go to Settings → Authentication → RADIUS Profile and click the Create New RADIUS Profile button.

Use the following settings:

Portal configuration

Go to Settings → Authentication → Portal and click the Create New Portal button.

Use the following settings:

Access Control configuration

Go to Settings → Authentication → Portal and click the Access Control tab at the top. Click Enable next to Pre-Authentication Access. Click the (+) Add button.

Now you’ll need to add the following domains. Change IP Range to URL and for each domain add an entry. You can add more entries by clicking the (+) Add New Pre-Authentication Access Entry button.

Mandatory

login.socialwifi.com
sw-login.com

Facebook remarketing pixel

connect.facebook.net
www.facebook.com

Google remarketing tag

www.googletagmanager.com
www.googleadservices.com
googleads.g.doubleclick.net

YouTube widget on login pages

Not supported, because TP-Link Omada controller does not support wildcards in URLs.

Google login

accounts.google.com
accounts.google.co.uk – example regional domain*
* You must also add your regional domain for “accounts.google.com”, for example “accounts.google.co.uk” if you are in the UK
ssl.gstatic.com
fonts.gstatic.com
accounts.youtube.com
content.googleapis.com
apis.google.com

Facebook login

www.facebook.com
facebook.com
static.xx.fbcdn.net
external-frt3-2.xx.fbcdn.net

Twitter login

twitter.com
api.twitter.com
pbs.twimg.com
abs-0.twimg.com
abs.twimg.com

LinkedIn login

www.linkedin.com
static-exp1.licdn.com
media-exp1.licdn.com
static.licdn.com

When finished, press Save and then Apply.

Add the access points to Social WiFi panel

The setup of the controller is now finished. The last step is to add all access points to the Social WiFi platform.

Go to Devices in the menu on the left. We need to display the MAC address for each device. In order to do that, click on the three dots icon, just next to the Actions column. Click on the checkbox next to MAC Address. The MAC ADDRESS column will be added. You will need those MAC addresses in the next step.

Now, switch to Social WiFi Panel, go to Access Points tab, click the Add button and paste the MAC addresses of all of your access points controlled by the Omada controller. Click Create.

Test the solution

Connect with the WiFi network. You should see a login page. Go through the login process and, once finished, you should have internet access. You should see first connections and authorizations in the Social WiFi Panel’s statistics section.

Firewall troubleshooting

Symptom: after connecting to the WiFi network, on the last step which is clicking the "Connect to the internet button" you're not getting connected to the internet.

Solution: it might be the case that you have a firewall that blocks traffic between the WiFi device and the controller. You might either have explicit blocking rules on the firewall, or simply have separate VLANs for the guests and the controller and the traffic between them might be blocked as well. In this case you have to unlock specific ports. For example:

  • TCP 8088 (When the clients visit the Portal page via an HTTP connection)

  • TCP 8843 (When the clients visit the Portal page via an HTTPS connection)

More details on firewall configuration are available under this link:

https://www.tp-link.com/us/support/faq/3281/

Last updated