McCann Tech

View Original

TP-Link Omada In-Depth Overview

Originally Posted: March 25th, 2022
Last Edited: April 1st, 2022


TL;DR:

  • Omada is a software-defined network ecosystem that competes with Ubiquiti’s UniFi and Aruba’s Instant On

  • UniFi is the more mature and complete solution, and Instant On is the easier, more basic solution

  • Omada offers a lot of value and flexibility, but has some rougher edges


TP-Link was founded in 1996 by two brothers, Zhao Jianjun and Zhao Jiaxing, to produce and market a network card they had developed. Since then, TP-Link has become the world’s #1 manufacturer of consumer Wi-Fi and networking equipment. They’re a massive company, with a dizzying variety of products available globally. In the US, they’re mostly known for their low-cost switches, Archer line of all-in-one Wi-Fi routers and Deco mesh equipment. TP-Link makes a lot of other things, including a variety of other network and smart home equipment.

Of all the product lines TP-Link make, the most interesting to me is Omada. Omada is TP-Link’s ecosystem of routers, switches, and wireless access points, aimed at prosumers and small businesses. Due to the similar components and use cases, Omada draws a lot of comparisons to equipment I've covered before: Aruba’s Instant On and Ubiquiti’s UniFi.

TP-Link provided me some Omada equipment, so it's time to discuss how the three compare. I'm still in the process of learning and testing, but I’ve spent enough time with all three to understand them, and what each is best used for. In future posts I've cover Omada hardware, software, and performance in more detail. This overview focuses on Omada as a whole. If you want to compare the specs of individual components, refer to my Omada Comparison Charts.

Table of Contents

  • What Is Omada? ↩︎
  • Omada vs. UniFi vs. Instant On ↩︎
  • Omada Controller Options ↩︎
  • Omada SafeStream Routers ↩︎
  • Omada EAP: Wireless Access Points ↩︎
  • Omada JetStream Switches ↩︎
  • Example Omada Networks ↩︎
  • Overall First Impressions ↩︎

The Omada equipment TP-Link provided for this overview.

What is Omada?

Omada is a software-defined networking ecosystem of routers, switches, and wireless access points. The Omada Controller is software that controls all Omada devices, allowing for a single place to configure them all. The software can run on one of TP-Link's dedicated hardware appliances, and TP-Link is about to release a cloud-based option, removing the need for local hardware. The software is also available for free, and can be installed on any Windows or Linux PC or server. Under the hood it runs on Java and MongoDB, just like UniFi.

Unlike UniFi and Instant On, Omada equipment can operate on their own. All Omada equipment can be setup without the Omada Controller software, using their own web or command line interfaces. TP-Link calls this standalone mode. Some of their equipment has features that are only available in standalone mode, but for the most part, all the devices are fully featured with or without the Omada software running. The main exception is some layer 3 features on their JetStream switches, more on those later.

Omada is aimed at users who want more than an all-in-one router provides, or aren't satisfied with the limited options and features of most mesh Wi-Fi systems. Omada is also aimed at IT professionals, MSPs, and businesses. Omada is a good option for most basic needs, but it doesn't cover the level of features you get on expensive enterprise equipment with pricy licensing or support contracts. It lives in the middle ground.

TP-Link makes a countless number of switches and routers, but only some of them are compatible with Omada. Currently there are two router options, two hardware controllers, seventeen switches, and twelve access points. That list will grow and varies by region, so refer to TP-Link's list of Omada-compatible devices for the most updated information, as new models and firmware are released regularly.


Return to Table of Contents

Omada's Competition: Instant On and UniFi

Aruba Instant On

Aruba Instant On is the most basic of the three, offering managed switches and wireless access points with cloud-only management. Instant On is good for basic setups at a small business or home. Bring your own router or firewall, buy some Instant On equipment, set them up in Aruba's cloud, and you’re done.

The Aruba Instant On 1930 8 port PoE switch, with the AP22 (top left), AP11D (top right), and AP11 (bottom right).

Instant On uses a lot of the same underlying hardware as Aruba's enterprise-level switches and access points. It's all well made, and reasonably priced. The Instant On AP22 is still the only Wi-Fi 6 AP available. It’s a good option, especially for the $150-160 it usually sells for. If you need outdoor (AP17) or in-wall (AP11D) access points they have those too.

Instant On switches currently come in three different classes, 1830, 1930 and 1960. They have models with 8, 24, or 48 ports, with and without PoE. Instant On switches offer the common settings you'd expect in the cloud controller, and some models offer L2+ features. These won't replace your router, but they offer static routing, DHCP server and relay, ACLs, and all the other things you'd expect from a managed switch. As with Omada, some of the more advanced switching features only work in standalone mode, but more of those features are being added to the cloud controller over time.

The Instant On cloud management software doesn't offer a ton of settings or customization, but it offers enough to cover most networks. For some, the cloud-only management is a feature, for some it is a bug. I have no problem recommending Instant On if you’re OK with it’s limitations. If you're interested in more detail, see my Aruba Instant On Overview from last year.

Ubiquiti UniFi

UniFi is the elephant in the room. It's been around the longest, it's the most popular, and it paved the way for software-defined prosumer networks. UniFi also offers security cameras, access control, a VoIP phone system, and more. I only want to focus on the network equipment right now though.

The UniFi Network Application is the software used to configure and monitor all UniFi networking equipment. UniFi equipment doesn't require the software to be running for the network to function, but it is required to fully configure and manage the devices. Access points can be setup as standalone devices with the UniFi mobile app, but only the most basic settings are available. UniFi devices don’t have their own web or command line interfaces for configuration.

The UniFi Dream Machine (center) with Lite 8 PoE switch and some UniFi access points.

For a full UniFi network, you'll want to run the Network Application somewhere. It can be hosted on one of Ubiquiti's Cloud Key appliances, or any Linux or Windows hardware you want. Things get more complicated when you consider routers that are also UniFi OS Consoles like the Dream Machine Pro, which run the software themselves and can't be managed by another controller.

If you want to run the UniFi Network Application yourself, your gateway options are the aging USG or USG-Pro, or the newly released UXG-Pro. You can also choose to run your own router or firewall, and use UniFi for only switching or Wi-Fi. UniFi still offers the flexibility of self hosting, it's just more complicated than it used to be.

The UniFi Network Application is mostly intuitive and setting up the basics is easy, but building a UniFi network requires research. You'll probably end up searching their community forums or subreddit for help at some point. If you don't like to tinker, Instant On is the better option. If you do like to tinker or you're an MSP or small business, UniFi networks cover a wide variety of needs. If you're interested in more detail on UniFi, see all of my posts in my Ubiquiti Guide.

Despite some asterisks, UniFi is still the standard that Omada has to be compared with. So, how does Omada compare? Let's start by looking at the Omada Controller and the various hardware options that are available.


Return to Table of Contents

Omada Controller

Hosting Options

  • Hardware Appliance: OC200 - up to 100 devices
  • Hardware Appliance: OC300 - up to 500 devices
  • Self-hosted - up to 1500 devices (based on hardware used)
  • Cloud-hosted - unlimited devices

Comparison chart of the different Omada Controller options

The Omada controller software provides centralized management of your Omada networks. It monitors your devices, provides real-time statistics, and gives you one place to configure and upgrade all your devices over multiple sites. The easiest way to host the software is one of TP-Links appliances, the OC200 or OC300. For networks under 100 total devices, the OC200 is available for around $100. For more scalability you can step up to the OC300, which can manage up to 500 devices for around $160.

When using the OC200 or OC300, you have the ability to link the installation to your TP-Link ID, which gives you access to their cloud portal. This allows for remote access to your Omada controller, removing the need for a VPN for offsite configuration and monitoring. There are obvious security implications to this, and it requires trusting TP-Link's security. The TP-Link Cloud recently added support for two-factor authentication which is a welcome change. You still have to trust the security of TP-Link’s cloud, just like you would with Instant On or UniFi. Thankfully, Omada’s cloud integration is optional.

It's worth noting that TP-Link had a recent controversy where Deco and Archer routers were sending DNS requests to a 3rd party, even with their Home Shield features turned off. TP-Link said this was a bug that will be addressed, but it's another in a long line of stories proving that security is hard, and trusting any company or cloud service increases your risk. In my limited testing, the Omada controller didn't exhibit this behavior. It didn't reach out to any cloud services until I chose to link my TP-Link ID, and it didn't send my DNS requests to a 3rd party without me knowing. For some that won't be enough reassurance, and I can’t blame them. The good news is that TP-Link allows you to host the software yourself, on hardware you own, behind a firewall you trust.

Self of Cloud Hosted

As with UniFi, you can download the software for free and run it yourself. You can put it on a spare PC or server, or host it in the cloud. This version of the software can manage up to 1,500 devices, as long as you have hardware powerful enough to support that. TP-Link recommends an Intel Core i3-8100, i5-6500, or i7-4700 with 6 GB of RAM or more. Besides the device limits, the hosted version of the software works exactly like the OC200 or OC300. If you host the software yourself you can still choose to link it to TP-Link's cloud, or enable remote access through your own VPN.

Omada Cloud-Based Controller

One of the latest additions to the Omada ecosystem is the official TP-Link cloud-based controller. The public release is due for mid-2022, and it's in beta now. The cloud-based controller will act like any other Omada controller, with the exception that the number of devices you can manage are unlimited.

The cloud-based controller also adds a few features, such as automatic channel and power selection for access points, RF scanning, heat maps, zero-touch provisioning, and what TP-Link refers to as "Intelligent Network Analysis". The cloud-based controller requires a per-device basic or advanced license, but pricing hasn't been publicly revealed yet.

Omada Web Interface and Mobile App

The web interface from Omada looks and works similar to UniFi. The Omada software supports multiple sites, allowing you to manage multiple locations from a single installation. There is a dashboard to view status, which can be customized. Along the left side are the main categories and menus. Selecting a device will bring in a panel from the right side, allowing you to change settings for that device. You can view statistics for your network devices and clients, and you’ll get alerts when something goes wrong.

The device view in the Omada controller.

The Omada mobile app allows you to view and change most of the settings you get in the full web interface, and is a convenient way to manage Omada networks when you're not near a computer. You can also use it to get push notifications for network alerts. It doesn't require a controller that's connected to Omada's cloud either, it will work locally or over your own remote access VPN. When it comes to mobile apps for network devices, it's one of the better ones.

I'll need to spend more time with the software to say more than that, but in my early testing it's been easy to pick up and learn, and most things are laid out in a way that makes sense. It feels less polished than Instant On’s and UniFi's software, but it's good enough to get the job done.


Return to Table of Contents

Omada SafeStream Routers

The TP-Link Omada ER605 (left) vs. the UniFi USG (right).

Omada Router Models

Comparison chart of the Omada router options.

The ER605 is the cheapest, smallest, and most basic router option. The ER7206 offers more CPU power for higher VPN and firewall throughput, and an SFP slot. They both offer multiple WAN and LAN ports, and offer weighted and failover load balancing. For now, these are the two router options in Omada. There's no multi-gig or 10 Gbps models yet, although that may change soon.

As with UniFi's USG and Dream Machines, the Omada routers cover the basics well - DHCP, 802.1X Radius authentication, NAT, multiple VLANs/subnets, and basic security settings. They both have limited advanced routing and firewall features, and miss some things you'd expect. The Omada routers do stack up well against the USG, offering built-in policy routing and better load balancing options. None of them offer dynamic routing protocols like OSPF or BGP, or have truly great built-in VPN options. Firewall settings and logging are limited, and they can’t come close to the depth of something like pfSense.

The Omada VPN options are limited to L2TP, PPTP, IPsec, and OpenVPN. As a solution for site-to-site VPNs, it's OK. For a remote user VPN solution, it doesn't cut it. There's no way to point to a RADIUS server for VPN users, and error logging is limited. SPX Labs on YouTube has a good overview of Omada's OpenVPN support and the issues he ran into. UniFi does better here, and will soon be adding Wireguard support, at least on the UDMs. I hope Omada's VPN situation improves as time goes on, but for now don't expect much.

The feature set of the routers is the first indication of what Omada is good for, and where it fits in relation to Instant On and UniFi. None of them have a great solution for complicated routing, and none of them offer a truly great firewall. It's taken UniFi years to build up the feature set it has, and still has plenty of room to improve. For a basic network with one Internet connection, one public IP address, and simple routing, they're good integrated options. For advanced routing, firewall and VPN features, look elsewhere.

Just like Instant On and UniFi, you can use Omada for switching and wireless, while turning to another vendor for routing and firewall duties. For most considering an Omada network, the ER605 or ER7206 should offer plenty of performance, and just enough features. For those that are not OK with the limits, put your Omada switches and APs behind a different firewall.


Return to Table of Contents

Omada Wi-Fi Access Points

Omada Access Points Naming Conventions

  • EAP1xx = Wi-Fi 4 (802.11n)
  • EAP2xx = Wi-Fi 5 (802.11ac)
  • EAP6xx = Wi-Fi 6 (802.11ax)
  • Higher xx numbers = more features or capabilities
  • HD = higher client capacity limits
  • Wall models fit into duplex wall outlets
  • Outdoor models are weatherproof
  • V1, V2, V3, etc. are hardware revisions. Refer to their product support pages for more details on the differences.

Some Omada APs (left) with some UniFi APs (right).

Omada Access Point Models

Wi-Fi 4 (802.11n)

Wi-Fi 5 (802.11ac)

Wi-Fi 6 (802.11ax)

Access points are where Omada started, and they are still one of their strengths. Like all Omada devices, they can operate independently or be managed by the Omada controller. There are a variety of models for indoor use, and there are also models that can be mounted in a standard electrical outlet, or outdoors.

Comparison of all omnidirectional Omada APs. For outdoor and wall models, see my Omada Comparison Charts.

Design wise, all Omada APs are made of white plastic, with minimal branding and an LED status light. The new EAP615-Wall looks and feels nice, making it a good fit for a hotel room or a place in your house which needs better Wi-Fi coverage and a few Ethernet ports. The outdoor model I tested was the EAP225-Outdoor, which looks suspiciously like the UniFi AC-Mesh. Where Omada falls down in the design department is with their new omnidirectional APs like the EAP610 or EAP660HD. These are truly massive in every dimension, and filled with a lot of empty space. I can't say I'm a fan of the new design, especially compared to the unique style they had for the 100 and 200 series.

While they may not be the prettiest, what matters is how they work. In that department they do well. I have been using them in my home network since they arrived, and I haven't encountered any poor performance or issues yet. I'll need to use them more to get a good understanding of how they compare. For now I can say they are good enough to consider using them on their own, even if you don't want a full Omada setup.


Return to Table of Contents

Omada JetStream Switches

Decoding Model Names and Numbers

Instant On uses a simple numbering scheme, where AP22 offers more than AP12, and a 1960 series switch offers more than an 1830. UniFi mostly uses names and structures things into tiers. The UniFi Switch Enterprise 24 PoE has more features than the Switch 24 PoE.There are a lot of models in those ecosystems, but it's mostly straightforward to understand what they are and how they relate to each other.

TP-Link doesn't make it that easy. Before we cover the specific switch models, it helps to understand how they are named.

Some common UniFi and Omada switch models.

Omada Switch Naming Conventions

  • Omada switch models start with TL-S
  • The next character determines main port speed
    • F = 100 Mbps
    • L = 100 Mbps with Gigabit uplink
    • G = Gigabit
    • X = 10 Gbps
  • The next digit is for management
    • 1 = unmanaged
    • 2 = smart managed
    • 3 or 5 = fully managed
      • Fully managed offer more features in standalone mode, mainly L2+/L3 features.
      • In controller mode, the features on smart and fully managed switches are the same.
  • Then, a single digit for number of uplink ports
  • Then, two digits for total available ports
  • Then, alphabet soup for features
    • PoE
      • P = PoE with under 10W per port PoE Budget
      • MP = PoE with 10 to 15W per port PoE budget
      • HP = PoE with 15 to 30W per port PoE budget
      • HPP = PoE+ with more than 30W per port PoE budget
    • S = Steel
    • D = Desktop
    • E = Easy Smart features
    • F = All ports are SFP/Fiber
    • X = 10 Gbps uplink
    • M2 = 2.5 Gbps RJ45 ports

Example: TL-SG3210XHP-M2

  • TL-S = TP-Link Switch
  • G = Gigabit
  • 3 = fully managed
  • 2 = 2 uplink ports
  • 10 = 10 total ports
  • X = 10 Gbps uplink
  • HP = PoE with 15 to 30W per port budget
  • M2 = 2.5 Gbps RJ45 ports

Simple, right? Note how even though this is a TL-SG model, meaning the main ports are Gigabit, the M2 at the end indicates this is a 2.5 Gbps model. Searching for consistency or patterns is a recipe for a headache. TP-Links filters on their website make things a little easier, but it's still hard to decipher the alphabet soup model names.

Omada Switch Models

100 Mbps Switches

Gigabit Switches

2.5 Gbps Switches

10 Gbps Switches

All of the PoE models of Omada switches. For more, see my Omada Comparison Charts.

Within the Omada controller these switches are fairly basic, offering an easy way to configure VLANs, ACLs, port profiles, and view connected clients. On models that support it, you can also create layer 3 VLAN interfaces and static routes. If you want to utilize the rest of the layer 2+/3 features, you'll need to use them as standalone devices. Every change between controller and standalone mode requires a factory reset. This is the same way it works with Instant On switches.

When standalone, their web and command line interfaces offer more control than what's available within Omada. On the fully managed switches, they add DHCP server, QoS, storm control, TACACS+/RADIUS authentication, DoS protection, port mirroring, sFlow, and other features. In standalone mode they're more like Ubiquiti's EdgeSwitches than UniFi switches. It's nice they have this flexibility, but it would be even nicer if these features were all present in the Omada controller.

Of the three models I tested, the TL-SG2210P is the one I would recommend for most small networks. It's an 8 port switch with 2 SFP slots, and enough PoE for a few access points. It's fanless, which is a big advantage over the noisy TL-SG3210XHP-M2 when it's on your desk. The TL-SG3210XHP-M2 stands out for it's 2.5 Gbps ports and high PoE budget, but I'd recommend placing that in a network closet if you don't want to listen to the fans whir. If you want a bunch of 10 Gbps interfaces, the SX3016F is a solid rackmount option. All Omada switches offer a lot of bang for the buck, especially as standalone devices.


Return to Table of Contents

Example Omada Networks

Basic Home Network

  • OC200 Controller
  • ER605 Router
  • TL-SG2210P Switch
  • EAP610

This setup would be good for a home, and could easily be expanded with additional switches or access points. The SG2210P is fanless and has enough PoE for a few APs, and the EAP610 is a good, cost-effective Wi-Fi 6 AP.

High-end Home Network

  • OC200 Controller
  • ER7206 Router
  • TL-SG3210XHP-M2 Switch
  • TL-SG2210P Switch
  • EAP660 HD

Stepping up to the ER7206 would offer more performance headroom and an SFP port. The TL-SG3210XHP-M2 offers 2.5 Gbps RJ45 ports, which pair well with the 2.5 Gbps uplink on the EAP660HD. You'll only run into the limits of Gigabit Ethernet under ideal conditions with 80 or 160 MHz channels, but the additional speed will be more relevant as time goes on and Wi-Fi 6E and Wi-Fi 7 become the new normal. That switch also has fans which are quite audible, so plan to put in a network closet if you can.

Small Business Network

  • Self-hosted or Cloud Controller
  • ER7206 or third-party router
  • Core and distribution switches
    • TL-SX3016F
    • TL-SG3428XMP
    • TL-SG3452P V1
  • Access Points
    • EAP660HD
    • EAP225-Outdoor

While there are good options for controller, switch, and access point for this kind of network, I would put some reservations around the ER7206. Depending on the style of network you need to build it may not offer enough features, ports, or performance. For most small business networks it's more than enough, and the rest of the Omada ecosystem still offers a lot of variety and value.


Return to Table of Contents

Overall First Impressions

I haven't spent enough time using Omada to form a full opinion, but so far Omada has impressed in some areas, and disappointed in others. For managed switches and Wi-Fi it covers all the basics and then some, but it also has a few rough edges. Configuring management VLANs is harder than it should be, and some of the advanced layer 3 switch features require standalone mode to access. TP-Link’s public documentation is pretty extensive, but is sometimes incomplete or confusing. Instant On and UniFi aren’t much better here, and that’s part of the trade off of going with this kind of network. In the end, it’s going to be up to you to configure it and maintain it.

Despite the few issues I've run into, overall Omada competes pretty well. It’s cheaper than the alternatives, and mostly keeps up on features. The controller, access points, and switches all work well. If you go for an Omada router, be aware of it's limitations and be ready to accept them or work around them. If you use Omada switches and wireless access points with a 3rd party firewall, I think you get the best of both worlds. That lines up with my feelings about UniFi and Instant On, which doesn’t even offer a router.

Omada has a leg up in a few areas, namely value. Omada also has the most flexible local and self-hosted options, and they don't require a cloud account. Omada is the only of the three which allow all individual devices to operate on their own. UniFi requires the controller software either locally or in the cloud, and Instant On only supports the Aruba cloud controller.

There are many areas where Omada is strong, but also many areas which need some improvement. You'll occasionally run into features which only do the bare minimum, and either can't be configured how you need them to be, or simply don't work. That's not unique to Omada, and it's common in this tier of networking device.

As always, things can improve with future firmware. UniFi has had many features that were either promised or unaddressed for years. Multiple IPs on a WAN port. Policy based routing. Time series data for network statistics. A useful firewall log. There's always room for improvement. As it stands now, I would recommend Omada for home users that want to get away from their all-in-one router, and for businesses with basic needs, or are OK with finding a different firewall.