security logo

Rural Mesh WiFi: Part 4 – Software Defined Network

I recently had the pleasure of designing and installing a network for a family member who lives in a rural part of the country. This experience has inspired me to share the details so that other may benefit from my research and learnings.

If you missed the other posts regarding this project, feel free to check them out.

Software Defined Network

The big question is, “What is a software-defined network?” In short, a software-defined network (SDN) allows a network administrator to configure the network via software configuration in ways that would have traditionally required changes in hardware. As you can imagine, this can lead to reduction in hardware costs over a number of years.

Centralized Management

Centralized management of networks does not require SDN, but it just makes sense to include centralized management capabilities in SDN. Without centralized management of the network, a network administrator would have to configure each wireless access point individually. With centralized management, a network administrator can create SSIDs (hide, isolate, configure VLANs, portals, vouchers, mesh, configure channels, et cetera) for the site. WiFi settings are pushed to the access point when it is adopted into the SDN. It’s that simple. Of course, there are options to run stand-alone access points and have certain settings go to specific access points, but that is all configured centrally.

The same is true of gateway (router) settings, switch settings, services, and any other setting a network administrator would need to configure. You have access to 100% of your configuration from a single console, rather than having to log in to each device.

No-touch Provisioning

Have you ever installed multiple access points at a site? This typically requires connecting directly to the access point with a static IP address, logging into the access point’s admin console, configuring the access point, connecting the access point to the network, finishing up the configuration on the router side, then physically installing the access point. With no-touch provisioning, none of this is required.

With no-touch provisioning, the network administrator physically installs the access point, logs in to the centralized management console, and adopts the access point into the SDN.

The same is true of all the network devices that support the SDN. When I configure a network, I log in to the centralized management console, configure everything, then start the physical install of devices. Well, in reality, I try to get someone else to do the physical install while I work on the configuration remotely. I adopt the devices as I see them pop up in the management console. This is an extremely efficient way to install networks. Another benefit is that if a client wants to add a network device like an access point later on, they can do it themselves, and I can configure it with a single mouse click.

Monitoring

Software-defined networking allows easier configuration of dashboards. With centralized management, the controller has full access to all the devices, so it can gather stats for analysis and anomaly detection.

Equipment

I mentioned Starlink internet service and the Starlink ethernet adapter in earlier posts, so I won’t rehash those details here.

Beyond the internet uplink provided by Starlink and the ethernet adapter, everything else we installed is compatible with TP-Link’s software defined network (SDN) technology named “Omada”.

Router

The router we chose is the TP-Link ER7206. This is a reliable multi-WAN router complete with an SFP WAN port and built in VPN server functionality. TP-Link offers more expensive routers with a lot of cool functionality, but those routers do not add anything that we could actually use for this project.

Access Points

We tried to save on cost where we could, so the wireless access points (APs) we used in this project are the TP-Link EAP610. This is not the highest-end access point that TP-Link offers, but I thought it would offer the range and throughput needed for the farm. We used one access point in the shop and one access point on each level of the house. The EAP610 has modern features like WiFi 6 and WPA3.

Switches

The PoE switches that supply power to the access points is the TP-Link TL-SG2016P. This is a 16-port switch, featuring 8 PoE ports with a 120-watt power budget and 8 non-PoE ports. Because we only needed a couple of ports for the initial network install, the same PoE switches can be used for surveillance cameras in the future.

Controller

The TP-Link OC200 gives me extremely easy way to manage the entire network from a single interface. The OC200 is a hardware controller with cloud access capability that allows me to manage the network locally and from anywhere that has internet access. The controller houses settings for the WAN, LAN, and WiFi, as well as VPN, DHCP reservations, port forwarding, DDNS, QoS, automatic rolling firmware upgrades, automatic rebooting, access control, VLANs, and pretty much anything else you would need to manage. What this means is that you don’t have to log into your router to tweak some settings and log into your access point to tweak other settings. It’s all available through the single controller.

Additionally, if an extra access point or switch is required at a later date, all the network owner needs to do is plug the device into the network. With a single click (or tap in the mobile app), I can provision the device and it takes on the appropriate settings for how the network is already configured. For example, the network owner in this project needed some extra time to get the house access points installed. No problem! I had already configured the WiFi settings for the network. I was driving when the owner notified me that the house access points were physically plugged into the network. I simply pulled over, opened the Omada app on my phone, and I tapped one button to adopt the access points (which also configures them based on the controller’s WiFi settings). I tapped another button to flash the LEDs on one of the access points so we could identify it as the “upstairs” access point or the “downstairs” access point. At that point, the work was done.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.