How to configure a Firewalla Gold Plus and TP Link SG2428P

This guide outlines the steps to install and configure a Firewalla Gold Plus, an Omada OC200 controller, and a TP-Link SG2428P switch. Additionally, it details how to change the default Omada management LAN to a custom VLAN.

Note: Use the Omada app on a PC or iPad for configuration, as the phone version lacks certain features.

Preparation

This guide assumes no prior configuration on the devices. If the devices have been set up previously, reset them before proceeding. (Back up any existing configurations if needed.)

1. Power on your Firewalla and switch. Go and make a brew as it’ll take several minutes.
2. Plug your Omada Controller into any port (not the port you want to use permanently, this is a temporary port).
3. Whilst you are waiting for the controller to boot up, create the vlans on Firewalla. Firewalla > Network > Create Network. Assign the vlans all to port 1 along with the default Firewalla Lan. The example here is management 100, guest 200, iot 300, personal 400
4. Connect an ethernet cable from port 1 or your Firewalla to any port on the switch. Not the port you want to use permanently, this is temporary.
5. Omada Controller -> Wired Networks -> Lan: create your vlans with the same IDs as step 3
6. Omada Controller -> Wired Networks -> Profiles: create a new Profile, I call it trunk. In this Profile you select your 100, 200, 300, 400 vlan as Tagged and your default Omada Network as Untagged and Native.
7. In order to prevent being locked out: Omada Controller -> select a Switch and change the port profile on two unused Ports to management, and another two to Omada default lan.
8. Omada Controller -> Switch. On the switch ports that connect to the access points change the profile to the created trunk profile.
9. Omada Controller -> Devices -> access point > config > services > vlan tick the management box and choose your management vlan. Hit save repeat for all access points
10. Omada Controller -> Devices -> switch. Select the port (not the one you are using now, that’s temporary) that will go to your router/firewall and change it to the “trunk” profile.
11. Omada Controller -> Devices -> switch > config > services > vlan. Hover over the management vlan and click the edit icon. IP Address Mode = static, IP Address = an empty one in the management IP range you configured in step 3 on the Firewalla. Click Apply
12. Omada Controller -> Devices -> switch > config > services > vlan. Enable the management vlan, disable the default LAN. Click Apply
    
    Don’t Panic!
    
    Your devices may now show unreachable/offline or Heartbeat missed. That is expected
    
13. Plug your software controller into the management port you created in step 3
14. Connect an ethernet cable from port 1 of the Firewalla to the switch port you configured with the trunk profile in step 10

Everything should work now. You may need to power cycle all devices.

Change all the Switch Ports Profiles which are still “all” to your needs