pfSense TP-Link Omada Home Network

Anebula is reader-supported. When you buy through links on our site, we may earn an affiliate commission.

Newer August 2023 Post – TP-Link Omada and pfSense Setup for 2023

It’s been 18 months since I originally wrote this article and both pfSense and the Omada components have been rock solid during that period. Not once has the system gone down unexpectedly, the only time the system is down is during planned maintenance like during firmware upgrades. Also, since the original post, I added 6 more cameras (a total of 9 cameras now), 1 8-port PoE switch (a total of 2 switches now), and a lot of IoT devices throughout the house (both wired and wireless). I also refreshed this article a bit with 14-month learnings. Please continue on…

A few weeks ago I took the plunge into a more serious home network. I left the basic modem + router setup, which worked fine for many years. Over the last month, I have been researching and designing my upgraded home network which I’ll walk through in this post.

My old setup was a Netgear CM700 cable modem and a Nighthawk R7000 router. I’ve been using the same setup since 2017 which for the most part has been functioning fine. So what pushed me to upgrade? Well, it’s been a combination of issues with the R7000 along with missing features that I’ve encountered as my server needs have grown:

• The main issue is that the R7000 started dropping 5 Ghz and 2.4 Ghz clients. I’ll admit, my client list has grown from roughly 12 to 40 clients which makes sense that the router could start facing issues like this.
• Router firmware updates started breaking the R7000 web GUI. After the most recent update, the “Attached Devices” list was not populating so I had to perform a factory reset. Someone posted the issue here.
• R7000 does not support Wireguard VPN – I wanted to take advantage of the faster speeds over OpenVPN.
• VLANs and extensive firewall rules – I need support for advanced firewall rules to gate devices across different VLANs
• Intrusion Detection System (IDS) / Intrusion Prevention System (IPS) – packet inspection demands more powerful resources from the firewall (CPU/Memory) which were completely out of the question in the R7000 and even in entry-level pfSense appliances.

The R7000 has been a solid router for the most part and I don’t regret my purchase. In fact, I’ll still be using it for many years to come as it serves well as an access point.

pfSense + Omada Solution

I chose a combination of pfSense and TP-LInk Omada since they both promise excellent features at a reasonable price. Furthermore, both pfSense and Omada offer a lot of room to grow.

Anyrevo pfSense Firewall, Intel Celeron J4125

I went with pfSense because it’s open-source, widely documented and supported, and arguably the most capable firewall/router software out there. I originally wanted to go with a Netgate 2100 option, but ultimately decided against that since it was really pricey compared to Protectli and other appliance hardware. I also eliminated the Netgate 1100 since according to YouTube sources, is not so great at speeds over 400 Mbps.

Protectli was my top choice since it was reputable and offered a better bang for the buck. However, after pricing out the new Protectli VP2410 the total came out to $511 USD which is more than I was ready to spend.

I ended up going with a firewall from AliExpress which had similar specs to the VP2410, but at half the price. The model is Anyrevo Intel Celeron J4125 Quad Core with 8GB DDR4, also preloaded with OPNSense just for kicks – my plan was to install a fresh copy of pfSense after quickly looking at the OPNSense interface.

My Anyrevo pfSense firewall is currently supporting:

• 2 switches (1 managed & 1 unmanaged)
• 1 SDN controller
• 2 access points
• 40 wired & wireless clients (3 cameras + 37 other devices)

CPU Load: 2%, Memory Usage: 6% of 8GB, 12 watts at the wall.

Looking at the resources used under a typical load I’d say I have a lot of room to grow!

TP-Link TL-SG2210P-V3 8 Port PoE Managed Switch

Picking the switch was a dilemma since I had big plans to grow the network to at least 16 wired devices within the next 12 months. I was deciding between a conservative 8-port switch and a more future-proof 24-port switch.

	TP-Link TL-SG2210P-V3	Mikrotik CRS328-24P-4S+RM
Use case	Starter switch to get a feeling for the features I need	Future-proof switch with many bells and whistles
1G PoE ports	8	24
SPF ports	2 SFP	4 SFP+
PoE budget	61w	450w
Idle power consumption	5w	21w
Price (USD)	$120	$525
Pros	Cheap, low-power, controlled by Omada	24 ports, SFP+, virtually unlimited PoE budget
Cons	None, since I could use it as a secondary switch	Not controlled by Omada , high-idle power

I was going to go all-in on a Mikrotik CRS328-24P-4S+RM 24 port PoE switch but when it went out of stock on Amazon it made the decision for me. I’m happy with my starter switch as I now have a better idea as to what I want from my next, bigger, switch.

TP-Link Omada OC200

March 2023 Update – I would still definitely buy this over the Docker version for simplicity.

As a beginner, I wanted to take advantage of the controller to help set up the Omada switch and access points. The question was – do I want to buy the physical controller or do I want to run it from a docker container? I researched how to do it from docker and it didn’t seem too complicated, but it was just enough to discourage me. I didn’t want to deal with another component to manage on top of trying to figure out how to set up pfSense and Omada. I also regularly perform maintenance on my server and didn’t want my network to be interrupted at any capacity while my server was offline – I also knew that the network would function fine even if the controller was offline but I didn’t want to comprise don’t he Assisted Roaming features.

Assisted Roaming or “Fast Roaming” is an Omada feature only available while the Omada SDN controller is online as it performs the function of measuring signal strength in real-time to “assist” typical roaming. More info here.

As a power-conscious consumer, I measured the TP-Link Omada OC200 to idle at 6w. I tested this with a Kill A Watt taken from the switch with and without the Omada OC200 controller attached. Had I known this before buying the physical device I would have tried the docker container first.

Power aside, the TP-Link Omada OC200 has not skipped a beat in the two weeks that I’ve had it and made the setup process really easy.

TP-Link Omada EAP245 V3 Access Points

These access points are awesome and the connections at both 5 Ghz and 2.4 Ghz have been solid. The pricing was right for 802.11ac (Wifi 5) at $90. There’s not much to say other than the installation and adoption into the Omada controller was easy.

Wifi 5 vs Wifi 6: I’m not an expert here but in my research, there was a lot of “it’s not really needed unless you are in a high-density area with potentially hundreds of clients”. Also, my switch was only capable of 1G connections so it didn’t really make sense to have >1G capable access points. The last point is that the EAP245 V3 comes with three antennas for each band while other Wifi 6 access points only have 2 antennas per band.

On the power side, I measured each TP-Link Omada EAP245 V3 access point to consume a respectable 5 watts at idle.

TL-SG2210P V3 PoE Power Usage by Port

Omada SDN Controller TL-SG2210P v3.20 Report:

• Port 1 – no power
• Port 2 – EAP245 V3 uses 3.9W
• Port 3 – EAP245 V3 uses 3.6W
• Port 4 – no power
• Port 5 – 5MP Camera 1 uses 3.2W
• Port 6 – 5MP Camera 2 uses 3.1W
• Port 7 – 5MP Camera 3 uses 4.0W
• Port 8 – Omada OC200 Controller uses 2.8W

Omada reports “Remaining PoE Power: 66.89% / 40.80W” so there is definitely plenty to go around.

Keep in mind that these numbers are measured at the switch and not at the wall. For example, I clocked in the OC200 Controller at 6W at the wall versus 2.8W reported by Omada. In either case, the 61W power budget on the TL-SG2210P-V3 is pretty good for multiple 5MP cameras and APs.

March 2023 Update – Some products have newer versions. See below if you are interested in the latest lineup.

Product	Original Post Link	March 2023 Upgrade
pfSense Firewall & Router	Anyrevo pfSense Firewall, Intel Celeron J4125	Same Anyrevo firewall, but upgraded with 2.5G NIC
Omada Switch	TL-SG2210P V3	Same as the original post if you need 10 or fewer ports. If you need something bigger then I would recommend the 24-port PoE TL-SG2428P
Omada Access Points	EAP245 V3	EAP650 Ultra Slim, which is Wifi 6
Omada SDN Controller	OC200	Same as the original post, if you buy now then you’ll probably get the newest hardware version of it since TP-Link will be reiterating to make it better.

Thank you for reading! I hope you found it helpful. Please leave a comment if you have any questions.