TP Link EAP115 User Guide

Download

User Guide

For TP-LINK Auranet Access Points

EAP115

REV1.0.0

1910011765

FCC STATEMENT

This equipment has been tested and found to comply with the limits for a Class A digital device,

pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection

against harmful interference when the equipment is operated in a commercial environment. This

equipment generates, uses, and can radiate radio frequency energy and, if not installed and used

in accordance with the instruction manual, may cause harmful interference to radio

communications. Operation of this equipment in a residential area is likely to cause harmful

interference in which case the user will be required to correct the interference at his own expense.

This device complies with part 15 of the FCC Rules. Operation is subject to the following two

conditions:

1) This device may not cause harmful interference.

2) This device must accept any interference received, including interference that may cause

undesired operation.

Any changes or modifications not expressly approved by the party responsible for compliance

could void the user’s authority to operate the equipment.

Note: The manufacturer is not responsible for any radio or TV interference caused by unauthorized modifications to this equipment. Such modifications could void the user’s authority to operate the equipment.

FCC RF Radiation Exposure Statement:

This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment. This device and its antenna must not be co-located or operating in conjunction with any other antenna or transmitter.

“To comply with FCC RF exposure compliance requirements, this grant is applicable to only Mobile Configurations. The antennas used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter.”

CE Mark Warning

This is a class A product. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures.

RF Exposure Information

This device meets the EU requirements (1999/5/EC Article 3.1a) on the limitation of exposure of the general public to electromagnetic fields by way of health protection.

The device complies with RF specifications when the device used at 20 cm from your body.

IC STATEMENT

This Class A digital apparatus complies with Canadian ICES-003.

Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada.

Canadian Compliance Statement

This device complies with Industry Canada license-exempt RSSs. Operation is subject to the

following two conditions:

1） This device may not cause interference, and

2） This device must accept any interference, including interference that may cause undesired

operation of the device.

Le présent appareil est conforme aux CNR d’Industrie Canada applicables aux appareils radio

exempts de licence. L’exploitation est autorisée aux deux conditions suivantes :

1） l’appareil ne doit pas produire de brouillage;

2） l’utilisateur de l’appareil doit accepter tout brouillage radioélectrique subi, meme si le

brouillage est susceptible d’en compromettre le fonctionnement.

Radiation Exposure Statement:

This equipment complies with IC radiation exposure limits set forth for an uncontrolled

environment. This equipment should be installed and operated with minimum distance 20cm

between the radiator & your body.

Declaration d'exposition aux radiations:

Cet équipement est conforme aux limites d'exposition aux rayonnements IC établies pour un

environnement non contrôlé. Cet équipement doit être installé et utilisé avec un minimum de

20 cm de distance entre la source de rayonnement et votre corps.

Industry Canada Statement

CAN ICES-3 (A)/NMB-3(A)

Korea Warning Statements

당해 무선설비는 운용중 전파혼신 가능성이 있음.

Продукт сертифіковано згідно с правилами системи УкрСЕПРО на відповідність вимогам

This product bears the selective sorting symbol for Waste electrical and electronic

directive 2012/19/EU in order to be recycled or dismantled to minimize its impact on the

注意！

нормативних документів та вимогам, що передбачені чинними законодавчими актами

України.

Safety Information

 When product has power button, the power button is one of the way to shut off the product;

When there is no power button, the only way to completely shut off power is to disconnect

the product or the power adapter from the power source.

 Don’t disassemble the product, or make repairs yourself. You run the risk of electric shock

and voiding the limited warranty. If you need service, please contact us.

 Avoid water and wet locations.

 Adapter shall be installed near the equipment and shall be easily accessible.

 The plug considered as disconnect device of adapter.

 Explanation of the symbols on the product label

Symbol Explanation

DC voltage

RECYCLING

equipment (WEEE). This means that this product must be handled pursuant to European

environment.

User has the choice to give his product to a competent recycling organization or to the

retailer when he buys a new electrical or electronic equipment.

NCC Notice & BSMI Notice

依據低功率電波輻射性電機管理辦法

第十二條經型式認證合格之低功率射頻電機，非經許可，公司、商號或使用者均不得擅自

變更頻率、加大功率或變更原設計之特性或功能。

第十四條低功率射頻電機之使用不得影響飛航安全及干擾合法通行；經發現有干擾現象時，

應立即停用，並改善至無干擾時方得繼續使用。前項合法通信，指依電信規定作業之無線電

信。低功率射頻電機需忍受合法通信或工業、科學以及醫療用電波輻射性電機設備之干擾。

減少電磁波影響，請妥適使用。

安全諮詢及注意事項

●請使用原裝電源供應器或只能按照本產品注明的電源類型使用本產品。

●清潔本產品之前請先拔掉電源線。請勿使用液體、噴霧清潔劑或濕布進行清潔。

●注意防潮，請勿將水或其他液體潑灑到本產品上。

●插槽與開口供通風使用，以確保本產品的操作可靠並防止過熱，請勿堵塞或覆蓋開口。

●請勿將本產品置放於靠近熱源的地方。除非有正常的通風，否則不可放在密閉位置中。

●請不要私自打開機殼，不要嘗試自行維修本產品，請由授權的專業人士進行此項工作。

此為甲類資訊技術設備，于居住環境中使用時，可能會造成射頻擾動，在此種情況下，使用

者會被要求採取某些適當的對策。

CONTENTS

Chapter 1 About This Guide ............................................................................................................................. 1

1.1 Intended Readers ................................................................................................................................. 1

1.2 Conventions ........................................................................................................................................... 1

Chapter 2 Introduction ...................................................................................................................................... 2

2.1 Overview of the EAP ........................................................................................................................... 2

2.2 Appearance Description .................................................................................................................... 2

2.2.1 Top View ......................................................................................................................................... 2

2.2.2 Panel Layout ................................................................................................................................. 3

2.2.3 Mounting Bracket ....................................................................................................................... 4

Chapter 3 Typical Topology .............................................................................................................................. 5

Chapter 4 Getting Started with the EAP ...................................................................................................... 6

Option 1: Wireless Login .................................................................................................................................. 6

Option 2: Wired Login ....................................................................................................................................... 7

Chapter 5 Management Mode ........................................................................................................................ 8

5.1 Mode Identification ............................................................................................................................. 8

5.2 Mode Switching .................................................................................................................................... 9

5.2.1 Choose the Work Mode the First Time You Login ........................................................... 9

5.2.2 Switch from Cluster to Standalone ................................................................................... 10

5.2.3 Switch from Standalone to Cluster ................................................................................... 10

Chapter 6 Cluster Mode .................................................................................................................................. 12

6.1 Quick Setup ......................................................................................................................................... 12

6.2 Cluster ................................................................................................................................................... 13

6.2.1 Cluster .......................................................................................................................................... 13

6.2.2 AP List .......................................................................................................................................... 13

6.3 Wireless ................................................................................................................................................. 20

6.3.1 Wireless Settings ...................................................................................................................... 20

6.3.2 Portal ............................................................................................................................................ 27

6.3.3 MAC Filtering ............................................................................................................................ 36

6.3.4 Scheduler ................................................................................................................................... 38

6.3.5 QoS ............................................................................................................................................... 41

6.3.6 Rogue AP Detection ............................................................................................................... 44

6.4 Monitoring ........................................................................................................................................... 48

6.4.1 AP .................................................................................................................................................. 48

6.4.2 SSID ............................................................................................................................................... 52

6.4.3 Client ............................................................................................................................................ 53

6.5 Management ...................................................................................................................................... 56

6.5.1 System Log................................................................................................................................. 56

6.5.2 Web Server ................................................................................................................................. 58

6.5.3 Management Access .............................................................................................................. 59

6.5.4 LED ON/OFF............................................................................................................................... 60

6.5.5 SSH ................................................................................................................................................ 60

6.5.6 SNMP ............................................................................................................................................ 61

6.6 System ................................................................................................................................................... 64

6.6.1 User Account ............................................................................................................................. 64

6.6.2 Time Settings ............................................................................................................................ 64

6.6.3 Reboot/Reset ............................................................................................................................ 67

6.6.4 Backup & Restore ..................................................................................................................... 68

6.6.5 Firmware Upgrade .................................................................................................................. 68

Chapter 7 Standalone Mode ......................................................................................................................... 70

7.1 Network ................................................................................................................................................ 70

7.2 Wireless ................................................................................................................................................. 71

7.2.1 Wireless Settings ...................................................................................................................... 72

7.2.2 Portal ............................................................................................................................................ 79

7.2.3 MAC Filtering ............................................................................................................................ 87

7.2.4 Scheduler ................................................................................................................................... 89

7.2.5 QoS ............................................................................................................................................... 92

7.2.6 Rogue AP Detection ............................................................................................................... 95

7.3 Monitoring ........................................................................................................................................... 99

7.3.1 AP .................................................................................................................................................. 99

7.3.2 SSID ............................................................................................................................................. 103

7.3.3 Client .......................................................................................................................................... 104

7.4 Management .................................................................................................................................... 107

7.4.1 System Log............................................................................................................................... 107

7.4.2 Web Server ............................................................................................................................... 109

7.4.3 Management Access ............................................................................................................ 110

7.4.4 LED ON/OFF............................................................................................................................. 111

7.4.5 SSH .............................................................................................................................................. 111

7.4.6 SNMP .......................................................................................................................................... 112

7.5 System ................................................................................................................................................. 115

7.5.1 User Account ........................................................................................................................... 115

7.5.2 Time Settings .......................................................................................................................... 115

7.5.3 Reboot/Reset .......................................................................................................................... 118

7.5.4 Backup & Restore ................................................................................................................... 119

7.5.5 Firmware Upgrade ................................................................................................................ 119

Chapter 1 About This Guide

This User Guide contains information for setup and management of EAP115. Please read this

guide carefully before operation.

1.1 Intended Readers

This Guide is intended for network managers familiar with IT concepts and network

terminologies.

1.2 Conventions

When using this guide, please notice that features of the EAP may vary slightly depending on

the model and software version you have, and on your location, language, and Internet service

provider. All screenshots, images, parameters and descriptions documented in this guide are

used for demonstration only.

The information in this document is subject to change without notice. Every effort has been

made in the preparation of this document to ensure accuracy of the contents, but all statements,

information, and recommendations in this document do not constitute the warranty of any kind,

express or implied. Users must take full responsibility for their application of any products.

More Info:

 The latest software, management app and utility can be found at Download Center at

http://www.tp-link.com/support.

 The Installation Guide (IG) can be found where you find this guide or inside the package of

the EAP.

 Specifications can be found on the product page at http://www.tp-link.com.

 A Technical Support Forum is provided for you to discuss our products at http://forum.tp-

link.com.

 Our Technical Support contact information can be found at the Contact Technical Support

page at http://www.tp-link.com/support.

Chapter 2 Introduction

2.1 Overview of the EAP

EAP series products provide wireless coverage solutions for small-medium business. They can

either work independently as standalone APs or implement centralized management, providing

a flexible, richly-functional but easily-configured enterprise-grade wireless network for small and

medium business.

“Celling lamp” appearance and easily mounting design with chassis make EAP easy to be

installed on a wall or ceiling and blend in with most interior decorations. EAP115 can be powered

via a PSE* device or the provided power adapter.

With two built-in omnidirectional antennas, EAP115 works within the 2.4GHz frequency band. It

applies 802.11n standards and 2*2MIMO technology, allowing packet transmission at up to

300Mbps.

*PSE: Power Sourcing Equipment, a device (switch or hub for instance) that will provide power

in a PoE setup.

2.2 Appearance Description

2.2.1 Top View

The top view of EAP115 is shown as the following figure.

Figure 2-1 Top View of the EAP

 LED

RAM, flash, Ethernet, WLAN or

Firmware update is in progress. Do not

There is a System LED on the top of the EAP. The following table explains the indications of

different LED colors.

LED Color Indication

Flashing green System initialization is complete.

Solid green The device is working properly.

Flashing red System errors.

firmware may be malfunctioning.

Flashing yellow

disconnect or power off the device.

Alternating red/green/yellow twice The device is being reset.

2.2.2 Panel Layout

Figure 2-2 Panel Layout of the EAP

The interface panel components of the EAP, from left to right, are described in the following list:

 Kensington Security Slot: Secure the lock (not provided) into the security slot to prevent

the device from being stolen.

 RESET: With the device powered on, press and hold the RESET button for about 8 seconds

until the LED flashes Red/Green/Yellow alternatively twice, then release the button. The

device will restore to factory default settings.

 ETHERNET: This port is used to connect to a router to transmit data or to a PSE device, such

as a switch, for both data transmission and Power over Ethernet (PoE) through Ethernet

cabling.

 POWER: The power port is used connect the device to an electrical wall outlet via power

adapter. Please only use the provided power adapter.

 ARROW 1: This arrow is used to align with ARROW 2 on the mounting bracket to lock the

EAP into place.

2.2.3 Mounting Bracket

The following figure describes the structure of the mounting bracket.

Figure 2-3 Structure of the Mounting Bracket

Chapter 3 Typical Topology

A typical topology for the EAP is described below.

Figure 3-1 Typical Topology

To deploy an EAP in your local network, a DHCP server is required to assign IP addresses to the

EAPs and clients. Typically, a router acts as the DHCP server.

Typically, you can choose a Power over Ethernet (PoE) switch to provide power for the EAP. You

can also use the power adapter to provide power instead if the PoE switch is unavailable.

The EAP115 can be managed in three ways: EAP Controller, Cluster and Standalone.

EAP Controller: The EAP Controller software allows network administrators to monitor and

manage hundreds of Auranet EAPs, at multiple sites, from any connected PC within the network.

This dramatically enhances scalability and makes remote network management more

convenient. For more information about the EAP Controller, please refer to the EAP Controller

User Guide from our official website:

http://www.tp-link.com/en/support/download/

Cluster mode: In this mode, all the EAP115s with a same cluster name in a same LAN will form

a cluster (the number of EAPs in a cluster is no more than 24), and a Master EAP will be elected

among them to manage other EAPs which are called Member EAPs. On the management host,

the access to any EAP’s IP address will be redirected to the Master EAP’s web management

page, where you can manage each member EAP in the cluster.

Standalone mode: In this mode, the EAP works independently as a standalone access point.

By entering the IP address of the standalone EAP, you can log in to its web interface and

perform configurations. The EAP can only be managed by EAP Controller in Standalone mode.

Chapter 4 Getting Started with the EAP

The following content will guide you to quickly set up a wireless network connection with several

EAPs, and login to the management page to configure the EAPs. The management host can be

connected to the EAP wirelessly or with wires. Wireless Login is conveniently recommended.

EAP115 can be managed in three ways: EAP Controller, Cluster and Standalone. In this User

Guide, we introduce Cluster Mode and Standalone Mode.

Option 1: Wireless Login

Figure 4-1 Sample Network Diagram for Wireless Login

Step 1: Power on

Power on the EAPs.

Step 2: Wireless Access

1. Make sure the management host is set to obtain IP address automatically.

2. Join the wireless network using the default SSID TP-LINK_2.4GHz_XXXXXX, where XXXXXX

represents the last 6 characters of the EAP's MAC address. Password is not required.

Step 3: Choose the work mode

1. Open a web browser and type in http://tplinkeap.net to access the EAP's web

management page. The default user name and password are admin (all lowercase).

2. Choose the work mode in the drop-down box the first time you login. With factory default

settings, the EAP works in Standalone mode.

3. Configure the EAP parameters. Please refer to the corresponding chapter according to the work mode you chose.

Congratulations! Now you can enjoy the wireless network.

If you want to perform more configurations, please connect to the new SSID.

Option 2: Wired Login

Figure 4-2 Sample Network Diagram for Wired Login

Step 1: Power on

Power on the EAPs.

Step 2: Wired Access

1. Make sure the management host is set to obtain IP address automatically.

2. Access your DHCP server and locate the IP address of the EAPs.

Step 3: Choose the work mode

1. Open a web browser, in the address field type in the IP address of the EAP to access the

EAP’s web management page. The default user name and password are admin (all lowercase).

2. Choose the work mode in the drop-down box the first time you login. With factory default settings, the EAP works in Standalone mode.

3. Configure the EAP parameters. Please refer to the corresponding chapter according to the work mode you chose.

Congratulations! Now you can enjoy the wireless network.

Chapter 5 Management Mode

The Cluster mode is recommended for the centralized management of EAPs in a medium

wireless network (the number of EAPs is no more than 24) if you don’t want to install the EAP

Controller. In Cluster mode, all the EAPs in this network can work in AP operating mode to

provide wireless access service.

The Standalone mode applies to a relatively small-sized wireless network. EAPs in the Standalone

mode cannot be managed centrally.

With factory default settings, the EAP works in Standalone mode. Switch the two management

modes of the EAP based on the actual situations.

5.1 Mode Identification

How to judge the current management mode of the EAP? The web management pages of the

EAP in the Cluster and Standalone mode are different. In Cluster mode, there is a Cluster tab,

while in Standalone mode, there is a Network tab as shown below.

 Cluster

The web management page of the EAP in Cluster mode.

Figure 5-1 Web Management Page in Cluster Mode

 Standalone

The web management page of the EAP in Standalone mode.

Figure 5-2 Web Management Page in Standalone Mode

5.2 Mode Switching

The management mode Cluster and Standalone can be switched with each other on every single

EAP. The switching operation is shown below.

5.2.1 Choose the Work Mode the First Time You Login

Choose the work mode in the drop-down box the first time you log in. With factory default

settings, the EAP works in Standalone mode. When you choose the work mode as Cluster, the

EAP will reboot and switch to Cluster mode.

Figure 5-3 Choose the work mode

5.2.2 Switch from Cluster to Standalone

Cluster mode. AP List will be displayed as shown below.

Figure 5-4 Delete an EAP from a Cluster

1. Select the specified EAP in the AP list and click the icon in the Settings column.

2. If the deleted EAP is a Member (shown in the Role column) in the cluster, the mode will

switch to Standalone. To know how to log in to the Member’s web management page, refer to Chapter 4 Getting Started with the EAP management mode will switch to Standalone and the login window will pop up.

NOTE:

For detailed information of the Master EAP and Member EAP, please refer to 6.2 Cluster.

. If the deleted EAP is a Master in the cluster, the

5.2.3 Switch from Standalone to Cluster

in Standalone mode. The following content will be displayed.

Figure 5-5 Join a Cluster

1. Select the Mode as Cluster and enter a cluster name to join the cluster.

2. Click Save and the EAP will reboot and search the cluster with the same cluster name to

join. If there is no device with the same cluster name in the network, the EAP will create a new cluster with this name and act as the Master.

Chapter 6 Cluster Mode

Cluster feature provides centralized management and monitoring of the EAPs, thus significantly

simplifying the wireless network configuration and maintenance.

By default, the EAPs with a same cluster name and in a same subnet will form a cluster

automatically. One EAP will be elected as the Master EAP, through which you can manage all the

EAPs in this cluster centrally, while the other EAPs work as Members.

Master election determines the role of the cluster members. Master election is held each time

the cluster is newly formed or the former Master works abnormally.

The Master is elected based on the following rules in the order listed:

1. System Uptime: The EAP with the longest system uptime becomes the Master. Uptime is the time that has elapsed since the last reboot.

2. MAC Address: The EAP with the highest MAC address becomes the Master.

In a cluster, the access to any EAP’s IP address in the web browser will be redirected to the Master

EAP’s management web page. Each EAP’s private parameters such as Name, Radio, IP Settings,

Load Balance and SSID Override can be customized in the AP list in Cluster page, while the global

configurations including Wireless, Monitoring, Management and System on the Master EAP will

be automatically synchronized across the cluster to all Member EAPs.

NOTE:

You can remove the EAP from the cluster and switch it to Standalone mode if it is no longer planned to be managed by the cluster.

To form a cluster, make sure the following prerequisites or conditions are satisfied:

1. Be sure the EAPs forming a cluster are of the same model.

2. Be sure all EAP devices prepared for a cluster are in the same network segment.

3. Be sure the number of EAPs in a cluster is no more than 24.

4. Be sure all EAP devices prepared for a cluster have the same cluster name. It is

recommended to specify a new cluster name to prevent malicious EAPs from joining and even becoming Master of the cluster.

6.1 Quick Setup

Follow the step-by-step instructions to complete the Quick Setup. Any configurations you make

on the Master EAP will automatically synchronize to all the other EAPs.

6.2 Cluster

The Cluster page is shown below.

Figure 6-1 Cluster Page

6.2.1 Cluster

Customize the cluster name in this zone. The cluster name will be synchronized automatically

across the cluster to all Member EAPs. The EAPs have to have the same cluster name to form a

cluster.

Figure 6-2 Modify the Cluster Name

6.2.2 AP List

AP List displays all the EAPs in this cluster. Click in the Settings column to configure the

private parameters of the selected EAP. These private parameters take effect on each EAP

separately, which helps to optimize the network performance. Configurable parameters include

Device Name, Radio, IP Settings, Load Balance and SSID Override

Figure 6-3 AP List

Device Name:

Model:

MAC:

IP:

Role:

Status:

Clients:

Settings:

Displays the name of the device. The default format of device name is “modelMAC address” (such as EAP115-00-0a-eb-9a-2a-ac).

Displays the model of the device.

Displays the MAC address of the device.

Displays the IP address of the EAP. By default, it is obtained from a DHCP server (typically a router).

Displays the role of the EAP in a cluster, including Master and Member.

Displays the status of an EAP in a cluster, including connected and joining.

 Connected: The EAP has joined a cluster.

 Joining: The EAP is trying to join a cluster.

Displays the number of wireless devices connected to the EAP.

Operations here are only valid for a specific EAP.

: Click to configure the parameters of the EAP.

: Click to remove the EAP from the cluster, thus the management mode of

the removed EAP will switch to Standalone.

: Click to reboot the EAP.

Click to configure the wireless parameters of a specific EAP. The following content will be

shown.

Figure 6-4 Configure the Wireless Parameters

 Device Name

is able to operate in the 2.4GHz

You can rename the EAP like “EAP115_1” to distinguish it from others. The name can be 1 to 31

characters long. Then click OK.

Figure 6-5 Rename the Device

 Radio

Figure 6-6 Radio

Mode:

Choose the protocol standard for the wireless network.

Wireless network created by EAP115 frequency, EAP115 supports 802.11b/g/n, 802.11b/g, and 802.11n standards. It is recommended to select 802.11b/g/n, in which way clients supporting 11b, 11g or 11n mode can access your wireless network.

Channel Width:

20/40MHz (this device automatically selects 20MHz or 40MHz, and 20MHz

channel number varies in different regions. By default, channel is

If the maximum transmit power is set to be larger than local regulation

Selecting larger transmit power than needed may cause interference to neighborhood. Also it consumes more power and will reduce longevity of

Select the channel width of this device. Options include 20MHz, 40MHz and

will be used if 40MHz is not available). According to IEEE 802.11n standard, using a channel width of 40MHz can increase wireless throughput. However, users may choose lower bandwidth due to the following reasons:

1. To increase the available number of channels within the limited total bandwidth.

2. To avoid interference from overlapping channels occupied by other devices in the environment.

3. Lower bandwidth can concentrate higher transmit power, increasing stability of wireless links over long distances.

Channel:

Select the channel used by this device to improve wireless performance. 1/2412MHz means the Channel is 1 and the frequency is 2412MHz. The

automatically selected.

Tx Power:

Enter the transmit power value. By default, the value is 20. The maximum transmit power may vary among different countries or regions.

allows, the maximum Tx power regulated will be applied in actual situation.

NOTE: In most cases, it is unnecessary to select maximum transmit power.

the device. Select a certain transmit power is enough to achieve the best performance.

 IP Settings

You can allocate the EAP a static IP address or set it to obtain an IP address automatically from a

DHCP server. By default, the EAP is set to obtain IP address automatically, thus a DHCP server is

required in the network.

Figure 6-7 IP Settings

Dynamic/Static:

By default, the EAP device receives an IP address from a DHCP server (typically a router). Select Static to configure IP address manually.

Fallback IP:

If the EAP fails to get a dynamic IP address from a DHCP server within ten seconds, the fallback IP will work as the IP address of the device. After that, however, the device will keep trying to obtain an IP address from the DHCP until it succeeds.

DHCP Fallback

Enter the fallback IP/IP mask.

IP/IP Mask:

DHCP Fallback

Enter the fallback gateway.

Gateway:

 Load Balance

In a network with a great number of wireless clients, there may be a great disparity in the number

of clients connected to each AP, which may waste the network resources and reduce the network

performance. By restricting the maximum number of the wireless clients connected to an EAP,

Load Balance helps to reduce the traffic loading and enhance the network performance.

Figure 6-8 Load Balance

Maximum Associated

Load Balance:

Clients:

 SSID Override

Disable by default. Check the box to enable the function. Then you can set a number for maximum associated clients to control the wireless access.

Enter the number of clients to be allowed for connection to the EAP. The number ranges from 1 to 99.

Customize the wireless network’s SSID to distinguish it from the cluster’s Service Set Identifier

(SSID), which will help to locate this AP in the wireless network list. Meanwhile, wireless network

can be divided into a specific VLAN based on the SSID. In a network with the same SSID, clients

under the same VLAN can communicate with each other while clients of different VLANs are

separated.

Click , the following content will be shown.

Figure 6-9 SSID Override

Enable:

VLAN:

SSID:

Password:

Check the box to enable SSID Override.

Check the box to enable VLAN and set a VLAN ID (ranges from 0 to 4094) to the wireless network. VLAN 0 means VLAN function is disabled. Wireless networks with the same VLAN ID are grouped to a VLAN.

Enter an easily-identified SSID to override the SSID shared with other clustered EAPs.

Set a WPA2-PSK password to access the wireless network. Only previous passwords with PSK encryption can be overridden.

6.3 Wireless

Wireless page, consisting of Wireless Settings, Portal, MAC Filtering, Scheduler, QoS and Rogue

AP Detection, is shown below.

Figure 6-10 Wireless Page

6.3.1 Wireless Settings

Following is the page of Wireless Settings.

Figure 6-11 Wireless Settings Page

6.3.1.1 Wireless Basic Settings

6.3.1.2 SSIDs

In Cluter mode, parameters in Figure 6-15 including Wireless Mode, Channel Width, Channel and

Tx Power are not available.

Figure 6-12 Wireless Basic Settings

2.4GHz Wireless Radio:

Check the box to enable 2.4GHz Wireless Radio.

SSIDs can work together with switches supporting 802.1Q VLAN. The EAP can build up to eight

virtual wireless networks per radio for users to access. At the same time, it adds different VLAN

tags to the clients which connect to the corresponding wireless network. It supports maximum

, AP will broadcast its SSID to hosts in the surrounding

wireless network. For the safety of wireless

his device

for the clients who want to access the

After enabling SSID Isolation, the devices connected in the same SSID cannot

8 VLANs per radio. The clients in different VLAN cannot directly communicate with each other.

Clients connected to the device via cable do not belong to any VLAN. Thus wired client can

communicate with all the wireless clients despite the VLAN settings.

Click in the Modify column, the following content will be shown.

SSID Name:

Wireless VLAN ID:

SSID Broadcast:

Security Mode:

Figure 6-13 SSIDs

Click to add up to 8 wireless networks per radio.

Enter up to 32 characters as the SSID name.

Set a VLAN ID (ranges from 0 to 4094) for the wireless network. VLAN 0 means VLAN function is disabled. Wireless networks with the same VLAN ID are grouped to a VLAN.

Enable this function environment, as thus hosts can find the wireless network identified by this SSID. If SSID Broadcast is not enabled, hosts must enter the AP’s SSID manually to connect to this AP.

Select the security mode of the network, you are suggested to encrypt your wireless network. T provides three security modes: WPA-Enterprise, WPA-PSK (WPA Pre-Shared Key) and WEP (Wired Equivalent Privacy). WPA-PSK is recommended. Settings vary in different security modes as the details are in the following introduction. Select

None and the hosts can access the wireless network without password.

Portal:

SSID Isolation:

Portal provides authentication service wireless local area network. For more information, refer to 6.4.2 Portal. After Portal is enabled, the configurations in 6.4.2 Portal will be applied.

communicate with each other.

Modify:

Web Key

Hexadecimal format stands for any combination of

Click to open the page to edit the parameters of SSID.

Click to delete the SSID.

Following is the detailed introduction of security mode: WEP, WPA-Enterprise and WPA-PSK.

 WEP

WEP (Wired Equivalent Privacy), based on the IEEE 802.11 standard, is less safe than WPA-

Enterprise or WPA-PSK.

NOTE:

WEP is not supported in 802.11n mode. If WEP is applied in 802.11n mode, the clients may not be able to access the wireless network. If WEP is applied in 11b/g/n mode (in the 2.4GHz frequency band), the device may work at a low transmission rate.

Type:

Key Selected:

Format:

Figure 6-14 Security Mode_WEP

Select the authentication type for WEP.

 Auto: The default setting is Auto, which can select Open System or Shared Key

automatically based on the wireless station's capability and request.

 Open System: After you select Open System, host in the wireless network can

pass the authentication and associate with the wireless network without password. However, correct password is necessary for data transmission.

 Shared Key: After you select Shared Key, host in the wireless network has to

input password to pass the authentication, or it cannot associate with the wireless network or transmit data.

You can configure four keys in advance and select one as the present valid key.

Select the web key format ASCII or Hexadecimal.

 ASCII: ASCII format stands for any combination of keyboard characters in the

specified length.

 Hexadecimal:

hexadecimal digits (0-9, a-f, A-F) in the specified length.

Key Type:

Select the WEP key length (64-bit, or 128-bit, or 152-bit) for encryption.

 64-bit: You can enter 10 hexadecimal digits (any combination of 0-9, a-f, A-F

without null key) or 5 ASCII characters.



128-bit: You can enter 26 hexadecimal digits (any combination of 0-9, a-f, A-

is Auto, which can select TKIP (Temporal Key Integrity Protocol) or AES

Group Key

F without null key) or 13 ASCII characters.

 152-bit: You can enter 32 hexadecimal digits (any combination of 0-9, a-f, A-

F without null key) or 16 ASCII characters.

Key Value:

 WPA-Enterprise

Enter the key value.

Based on RADIUS server, W PA -Enterprise can generate different passwords for different users and

it is much safer than WPA-PSK. However, it costs much to maintain and is more suitable for

enterprise users. At present, WPA-Enterprise has two versions: WPA-PSK and WPA2-PSK.

Figure 6-15 Security Mode_WPA-Enterprise

Version:

Select one of the following versions:

 Auto: Select WPA-PSK or WPA2-PSK automatically based on the wireless

station's capability and request.

 WPA-PSK: Pre-shared key of WPA.

 WPA2-PSK: Pre-shared key of WPA2.

Encryption: Select the encryption type, including Auto, TKIP, and AES. The default setting

(Advanced Encryption Standard) automatically based on the wireless station's capability and request. AES is more secure than TKIP and TKIP is not supported in 802.11n mode. It is recommended to select AES as the encryption type.

RADIUS Server

Enter the IP address/port of the RADIUS server.

IP/Port:

RADIUS

Enter the password to access the RADIUS server.

Password:

Specify the group key update period in seconds. The value can be either 0 or

Update period:

at least 30. 0 means no update.

NOTE:

clients may not be able to access the wireless network of the EAP. If TKIP is applied in 11b/g/n

automatically based on the wireless station's capability

with ASCII or Hexadecimal

For ASCII, the length should be between 8 and 63 characters with

Group Key

Encryption type TKIP is not supported in 802.11n mode. If TKIP is applied in 802.11n mode, the

mode (in the 2.4GHz frequency band), the device may work at a low transmission rate.

 WPA-PSK

Based on pre-shared key, security mode W PA -PSK is characterized by high safety and simple

configuration, which suits for common households and small business. WPA-PSK has two

versions: WPA-PSK and WPA2-PSK.

Figure 6-16 Security Mode_WPA-PSK

Version:

 Auto: Select WPA or WPA2 automatically based on the wireless station's

capability and request.

 WPA: Pre-shared key of WPA.

 WPA2: Pre-shared key of WPA2.

Encryption: Select the encryption type, including Auto, TKIP, and AES. The default setting is

Auto, which can select TKIP (Temporal Key Integrity Protocol) or AES (Advanced Encryption Standard) and request. AES is more secure than TKIP and TKIP is not supported in 802.11n mode. It is recommended to select AES as the encryption type.

Wireless Password:

Configure the WPA-PSK/WPA2-PSK password characters. combination of numbers, letters (case-sensitive) and common punctuations. For Hexadecimal, the length should be 64 characters (case-insensitive, 0-9, a-f, A-F).

Specify the group key update period in seconds. The value can be either 0 or at

Update Period:

least 30. 0 means no update.

6.3.1.3 Wireless Advanced Settings

the clients. Beacon Interval value determines the time

, the access point will release the buffered than the fragmentation threshold, the packet will be fragmented into several packets. Too low fragmentation threshold may result in poor wireless

6.3.1.4 Load Balance

Figure 6-17 Wireless Advanced Settings

Beacon Interval:

DTIM Period:

RTS Threshold:

Beacons are transmitted periodically by the device to announce the presence of a wireless network for interval of the beacons sent by the device. You can specify a value from 40 to 100. The default value is 100 milliseconds.

This value indicates the number of beacon intervals between successive Delivery Traffic Indication Messages (DTIMs) and this number is included in each Beacon frame. A DTIM is contained in Beacon frames to indicate whether the access point has buffered broadcast and/or multicast data for the client devices. Following a Beacon frame containing a DTIM broadcast and/or multicast data, if any exists. You can specify the value between 1-255 Beacon Intervals. The default value is 1, indicating the DTIM Period is the same as Beacon Interval. An excessive DTIM period may reduce the performance of multicast applications. It is recommended to keep it by default.

When the RTS threshold is activated, all the stations and APs follow the Request to Send (RTS) protocol. When the station is to send packets, it will send a RTS to AP to inform the AP that it will send data. After receiving the RTS, the AP notices other stations in the same wireless network to delay their transmitting of data. At the same time, the AP inform the requesting station to send data. The value range is from 1 to 2347 bytes. The default value is 2347, which means that RTS is disabled.

Fragmentation Threshold:

Specify the fragmentation threshold for packets. If the size of the packet is larger

performance caused by the excessive packets. The recommended and default value is 2346 bytes.

Figure 6-21 is only displayed in Standalone mode. Load Balance in Cluster mode is explained in

6.2.2 AP List

By restricting the maximum number of clients accessing the EAPs, Load Balance helps to achieve

rational use of network resources.

Figure 6-18 Load Balance

Load Balance: Disable by default. Click ON to enable the function. After enabling it, you

can set a number for maximum associated clients to control the wireless access.

Maximum Associated Clients:

Enter the number of clients to be allowed for connection to the EAP. The number ranges from 1 to 99.

6.3.2 Portal

Portal enhances the network security by providing authentication service to the clients who

want to access the wireless local network. Portal is also called web authentication. The users have

to log in a web page to establish verification.

Network resources can be classified into different types for different users. Part of them can be

accessed for free by the clients; while some specific resources can only be accessed by authorized

users. What’s more, you can customize the authentication login page and specify a URL which

the newly authenticated client will be redirected to. Please refer to Portal Configuration or

Authentication Policy according to your need.

Following is the page of Portal.

Free

Figure 6-19 Portal Page

6.3.2.1 Portal Configuration

NOTE:

To apply Portal in a wireless network, please go to Wireless→Wireless Settings→SSIDs to enable Portal of a selected SSID.

Three authentication types are available: No Authentication, Local Password and External

RADIUS Server.

1. No Authentication：Users are required to finish only two steps: agree with the user protocol

and click the Login button.

2. Local Password：Users are required to enter the preset user name and password, which are

saved in the EAP.

3. External RADIUS Server：Users are required to enter the preset user name and password,

the device keeps the authentication session open with the

To reopen the session, the client needs to log in the web

e user name and password again once

which are saved in the database of the RADIUS server. The RADIUS server acts as the authentication server, which allows you to set different user name and password for different users.

Refer to the following content to configure Portal based on actual network situations.

 No Authentication

Figure 6-20 Portal Configuration_No Authentication

Authentication Type:

Authentication Timeout:

Redirect:

Redirect URL:

Select No Authentication.

After successful verification, an authentication session is established. Authentication Timeout decides the active time of the session. Within the active time, associated client. authentication page and enter th authentication timeout is reached.

By default, authentication timeout is one hour. Select Custom from the dropdown list to customize the parameter.

Disable by default. Redirect specifies that the portal should redirect the newly authenticated clients to the configured URL.

Enter the URL that a newly authenticated client will be directed to.

Portal Customization:

Select Local Web Portal, the authentication login page will be provided by the built-in portal server.

The page configured below will be presented to users as the login page. Words can be filled in Input Box 1 and Input Box 2.

Enter up to 31 characters as the title of the authentication login page in Input Box 1, like “Guest Portal of TP-LINK”.

Enter the terms presented to users in Input Box 2. The terms can be 1 to 1023 characters long.

 Local Password

Figure 6-21 Portal Configuration_Local Password

Authentication

Authentication Timeout decides the active time of the session. Within active time, the device keeps the authentication session open with the associated

Type:

Select Local Password.

Password:

Authentication Timeout:

Redirect:

Redirect URL:

Portal Customization:

Enter the password for local authentication.

After successful verification, an authentication session is established.

client. To reopen the session, the client needs to log in the web authentication page and enter the user name and password again once authentication timeout is reached.

By default, authentication timeout is one hour. Select Custom from the dropdown list to customize the parameter.

Disable by default. Redirect specifies that the portal should redirect the newly authenticated clients to the configured URL.

Enter the URL that a newly authenticated client will be directed to.

Select Local Web Portal, the authentication login page will be provided by the built-in portal server.

The page below will be presented to users. Words can be filled in Input Box 1 and Input Box 2.

Enter up to 31 characters as the title of the authentication login page in Input Box 1, like “Guest Portal of TP-LINK”.

Enter the terms presented to users in Input Box 2. The terms can be 1 to 1023 characters long.

 External RADIUS Server

External RADIUS Server provides two types of portal customization: Local Web Portal and

External Web Portal. The authentication login page of Local Web Portal is provided by the built-

in portal server of the EAP, as Figure 6-25 shown. The authentication login page of External Web

Portal is provided by external portal server, as Figure 6-26 shown.

Local Web Portal

Figure 6-22 Portal Configuration_External RADIUS Server_Local Web Portal

Authentication Type: Select External RADIUS Server.

RADIUS Server IP:

Port:

RADIUS Password:

Authentication Timeout:

Enter the IP address of the RADIUS server.

Enter the port for authentication service.

Enter the password to log in to the RADIUS server.

After successful verification, an authentication session is established. Authentication Timeout decides the active time of the session. Within active time, the device keeps the authentication session open with the associated client. To reopen the session, the client needs to log in to the web authentication page and enter the user name and password again once authentication timeout is reached.

By default, authentication timeout is one hour. Select Custom from the drop-down list to customize the parameter.

Redirect:

Disable by default. Redirect specifies that the portal should redirect the newly authenticated clients to the configured URL.

Redirect URL:

Portal Customization:

Enter the URL that a newly authenticated client will be directed to.

Select Local Web Portal, the authentication login page will be provided by the built-in portal server.

The page below will be presented to users. Words can be filled in Input Box 1 and Input Box 2.

Enter up to 31 characters as the title of the authentication login page in Input Box 1, like “Guest Portal of TP-LINK”.

Enter the terms presented to users in Input Box 2. The terms can be 1 to 1023 characters long.

2. External Web Portal

Figure 6-23 Portal Configuration_External RADIUS Server_External Web Portal

Authentication Type: Select External RADIUS Server.

External Web Portal

6.3.2.2 Free Authentication Policy

RADIUS Server IP:

Port:

RADIUS Password:

Authentication Timeout:

Redirect:

Redirect URL:

Portal Customization: Select External Web Portal.

URL:

Enter the IP address of the RADIUS server.

Enter the port for authentication service.

Enter the password to log in to the RADIUS server.

After successful verification, an authentication session is established. Authentication Timeout decides the active time of the session. Within active time, the device keeps the authentication session open with the associated client. To reopen the session, the client needs to log in the web authentication page and enter the user name and password again once authentication timeout is reached.

By default, authentication timeout is one hour. Select Custom from the drop-down list to customize the parameter.

Disable by default. Redirect specifies that the portal should redirect the newly authenticated clients to the configured URL.

Enter the URL that a newly authenticated client will be directed to.

Enter the authentication login page’s URL, which is provided by the remote portal server.

Free Authentication Policy allows clients to access network resources for free. On the lower part

of the Portal page you can configure and view free authentication policies.

Figure 6-24 Free Authentication Policy

Click to add a new authentication policy and configure its parameters.

Destination IP

Figure 6-25 Configure Free Authentication Policy

Policy Name:

Source IP Range:

Range:

Source MAC:

Destination Port:

Status:

Enter a policy name.

Enter the source IP address and subnet mask of the clients who can enjoy the free authentication policy. Leaving the field empty means all IP addresses can access the specific resources.

Enter the destination IP address and subnet mask for free authentication policy. Leaving the field empty means all IP addresses can be visited.

Enter the source MAC address of the clients who can enjoy the free authentication policy. Leaving the field empty means all MAC addresses can access the specific resources.

Enter the destination port for free authentication policy. Leaving the field empty means all ports can be accessed.

Check the box to enable the policy.

Click the button OK in Figure 6-28 and the policy is successfully added as Figure 6-29 shows.

Figure 6-26 Add Free Authentication Policy

Here is the explanation of Figure 6-29: The policy name is Policy 1. Clients with IP address range

192.168.2.0/24 are able to visit IP range 10.10.10.0/24. Policy 1 is enabled.

Click to edit the policy. Click to delete the policy.

6.3.3 MAC Filtering

MAC Filtering uses MAC addresses to determine whether one host can access the wireless

network or not. Thereby it can effectively control the user access in the wireless network.

Figure 6-27 MAC Filtering Page

 Settings

Enable MAC Filtering:

 Station MAC Group

Check the box to enable MAC Filtering.

Follow the steps below to add MAC groups.

Step 1:

Click , two tables will be shown.

Figure 6-28 Station MAC Group

Step 2:

Click and fill in a name for the MAC group.

Figure 6-29 Add a Group

Step 3:

Click and input the MAC address you want to organize into this group.

Figure 6-30 Add a Group Member

Click in Modify column to edit the MAC group name or MAC address. Click to delete the

MAC group or group member.

 MAC Filtering Association

Figure 6-31 MAC Filtering Association

SSID Name:

Band:

MAC Group Name:

Displays the SSID of the wireless network.

Displays the frequency band the wireless network operates at.

Select a MAC group from the drop-down list to allow or deny its members to access the wireless network.

Action:

 Allow: Allow the access of the stations specified in the MAC group.

 Deny: Deny the access of the stations specified in the MAC group.

6.3.4 Scheduler

Scheduler allows you to configure rules with specific time interval for radios to operate, which

automates the enabling or disabling of the radio.

 Settings

Figure 6-32 Scheduler Page

Scheduler:

Check the box to enable Scheduler.

Association Mode: Select Associated with SSID/AP, you can perform configurations on the

SSIDs/APs. The display of Scheduler Association is based on your option here.

 Scheduler Profile Configuration

Follow the steps below to add rules.

Step 1:

Click , two tables will be shown.

Figure 6-33 Scheduler Profile Configuration

Step 2:

Click and input a profile name for the rule.

Figure 6-34 Add a Profile

Step 3:

Click and configure the recurring schedule for the rule.

Figure 6-35 Add a Rule

 Scheduler Association

This zone will display different contents based on your selection of association mode in Settings.

1. Associated with SSID

Displays the name of the device. If you want to customize the device name,

the wireless network during the time

Figure 6-36 Scheduler Association_Associated with SSID

SSID Name:

Band:

Profile Name:

Action: Select Radio On/Off to turn on/off the wireless network during the time

Displays the SSID of an individual device or a cluster.

Displays the frequency band which the wireless network operates at.

Select a profile name from the drop-down list. Profile name is configured in Scheduler Profile Configuration.

interval set for the profile.

2. Associated with AP

Figure 6-37 Scheduler Association_Associated with AP

AP:

please refer to Device Name.

AP MAC:

Profile Name:

Action: Select Radio On/Off to turn on/off

Displays the MAC address of the device.

Select a profile name from the drop-down list. Profile name is configured in Scheduler Profile Configuration.

interval set for the profile.

6.3.5 QoS

The EAP supports Quality of Service (QoS) to prioritize voice and video traffic over other traffic

types.

In normal use, the default values for the EAP device and station EDCA should not need to be

changed. Changing these values affects the QoS provided.

Figure 6-38 QoS Page

Fi Multimedia

6.3.5.1 AP EDCA Parameters

Wi(WMM):

By default, WMM is enabled. After WMM is enabled, the device has the QoS function to guarantee the transmission of audio and video packets with high priority.

AP Enhanced Distributed Channel Access (EDCA) parameters affect traffic flowing from the EAP

device to the client station.

Figure 6-39 AP EDCA Parameters

An input to the algorithm that determines the initial random backoff wait

The upper limit (in milliseconds) for the doubling of the random backoff

packet bursts on the wireless network. A packet burst is a collection of

ple frames transmitted without header information. The decreased

6.3.5.2 Station EDCA Parameters

Queue:

Arbitration InterFrame Space:

Minimum Contention Window:

Maximum Contention Window:

Maximum Burst

Displays the transmission queues: Data 0>Data 1>Data 2>Data 3.

A wait time for data frames. The wait time is measured in slots. Valid values for AIFS are from 1 to 15.

time (window) for retry of a transmission.

value.

This parameter applies only to traffic flowing from EAP to the client station.

This value specifies (in milliseconds) the maximum burst length allowed for

multi overhead results in higher throughput and better performance. Valid values for Maximum Burst are from 0 to 8192 and should be exactly divided by 32.

Station EDCA parameters affect traffic flowing from the client station to the EAP device.

Figure 6-40 Station EDCA Parameters

：

A wait time for data frames. The wait time is measured in slots. Valid

：

milliseconds, when a WME client station has the right to initiate

：

Queue

Arbitration Inter-

Frame Space

Minimum Contention

Window

Maximum

Contention Window

TXOP Limit：

Acknowledgement

Unscheduled Automatic Power

Save Delivery

Displays the transmission queues: Data 0>Data 1>Data 2>Data 3.

values for AIFS are 1 through 15.

An input to the algorithm that determines the initial random backoff wait time (window) for retry of a transmission.

The upper limit (in milliseconds) for the doubling of the random backoff value.

The Transmission Opportunity (TXOP) is an interval of time, in

transmissions onto the wireless medium towards the EAP device. Valid values for TXOP Limit are from 0 to 8192 and should be exactly divided by 32.

Select Enable to specify that the EAP device should not acknowledge frames with QosNoAck as the service class value. By default, it is disabled.

Select Enable to enable APSD, which is a power management method. APSD is recommended if VoIP phones access the network through the EAP device. By default, it is enabled.

6.3.6 Rogue AP Detection

A Rogue AP is an access point that has been installed on a secure network without explicit

authorization from a system administrator.

The EAP device can scan all channels to detect all APs in the vicinity of the network. If rogue APs

are detected, they are shown on the Detected Rogue AP List. If an AP listed as a rogue is

legitimate, you can add it to the Trusted AP List.

Figure 6-41 Rogue AP Detection Page

6.3.6.1 Settings

6.3.6.2 Detected Rogue AP List

Figure 6-42 Enable Rogue AP Detection

Rogue AP Detection: Check the box to enable Rogue AP Detection, then click Save.

Information about the detected rogue APs is displayed in the list. By default, the status of the

detected rogue AP is unknown. You can click Known in Action column to move the AP to the

Trusted AP List.

Figure 6-43 Detected Rogue AP List

Beacon frames are transmitted by an AP at regular intervals to announce the

6.3.6.3 Trusted AP List

Action: Click Known to move the AP to the Trusted AP List. After the configurations are

MAC:

SSID:

Band:

Channel:

Security:

Beacon Interval:

Signal:

Click to scan rogue APs. Make sure you have enabled Rogue AP Detection and saved the setting before you click the button.

saved, the moved AP will not be displayed in the Detected Rogue AP List.

The MAC address of the rogue AP.

The SSID for the rogue AP.

Displays the frequency band which the wireless network of the rogue AP operates at.

The channel on which the rogue AP is currently broadcasting.

Displays the enabling or disabling of the security mode of the wireless network.

The beacon interval used by the rogue AP.

existence of the wireless network. The default behavior is to send a beacon frame once every 100 milliseconds (or 10 per second).

The strength of the radio signal emitting from the rogue AP.

Information about the trusted APs is displayed in the list.

Figure 6-44 Trusted AP List

Action: Click Unknown to move the AP out of the Trusted AP List.

MAC:

6.3.6.4 Download/Backup Trusted AP List

Source File

The MAC address of the trusted AP.

SSID:

Band:

Channel:

Security:

The SSID for the trusted AP.

Displays the frequency band which the wireless network of the trusted AP operates at.

The channel on which the trusted AP is currently broadcasting.

Displays the enabling or disabling of the security mode of the wireless network.

You can import a list of trusted APs from a saved list which is acquired from another AP or created

from a text file. The AP whose MAC address is in the Trusted AP List will not be detected as a

rogue.

You can also backup a list and save it in your PC.

Figure 6-45 Download/Backup Trusted AP List

Save Action: Select Download (PC to AP) to import a trusted AP list to the device.

Select Backup (AP to PC) to copy the trusted AP list to your PC.

Click Browse and choose the path of a saved trusted AP list or to save a

Name:

File Management:

trusted AP list.

Select Replace to import the list and replace the contents of the Trusted AP List.

Select Merge to import the list and add the APs in the imported file to the APs currently shown in the Trusted AP List

NOTE:

EAP device does not have any control over the APs in the Detected Rogue AP List.

6.4 Monitoring

6.4.1.1 AP List

On Monitoring page, you can monitor the network running status and statistics based on APs,

SSIDs and Clients.

6.4.1 AP

AP List on the Monitoring page displays the numbers of EAP devices in a cluster, the MAC address

of the EAPs, the number of clients or the corresponding parameters of a standalone AP. Select an

AP in the AP List, below which the AP’s detailed information will be shown, including

Information, Wireless Settings, LAN Information, Client, LAN Traffic and Radio Traffic.

Device

Figure 6-46 AP Monitoring

Figure 6-47 AP List

Device Name:

Displays the device name. If you want to customize the device name, please refer to Device Name

MAC:

Num of Clients:

 Device Information

Displays the MAC address of the EAP.

Displays the number of clients connected to the EAP.

Figure 6-48 Device Information

Device Name:

Device Model:

Firmware Version:

System Time:

Uptime:

CPU:

Memory:

Displays the device name. If you want to customize the device name, please refer to Device Name

Displays the model of the device.

Displays the firmware version of the device. If you want to upgrade the firmware, please refer to 6.7.5 Firmware Upgrade

Displays the system time of the device. If you want to adjust the system time, please refer to 6.7.2.1 Time Settings

Displays the time that has elapsed since the last reboot.

Displays the CPU occupancy rate, which helps you to preliminarily judge whether the device functions properly.

Displays the memory usage rate, which helps you to preliminarily judge whether the device functions properly.

 Wireless Settings

Displays the maximum average transmit power of the device. If you

Figure 6-49 Wireless Settings

Channel/Frequency:

Channel Width:

IEEE802.11 Mode:

Max TX Rate:

Transmit Power:

 LAN Information

Displays the channel number and the operating frequency. If you want to change them, please refer to Radio in Cluster mode,

6.4.1.1 Wireless

Basic Settings in Standalone mode.

Displays the spectral width of the radio channel used by the device. If you want to change it, refer to Radio in Cluster mode,

6.4.1.1 Wireless

Basic Settings in Standalone mode.

Displays the radio standard used for operation of your device. If you want to change it, refer to Radio in Cluster mode,

6.4.1.1 Wireless Basic

Settings in Standalone mode.

Displays the maximum data rate at which the device should transmit wireless packets.

want to change it, refer to Radio in Cluster mode, 6.4.1.1 Wireless Basic

Settings in Standalone mode.

Figure 6-50 LAN Information

MAC Address:

IP Address:

Subnet Mask:

Displays the MAC address of the device.

Displays the IP address of the device.

Displays the subnet mask of the device.

LAN Port:

the power ratio between the received wireless signal

current effective transmission bandwidth and the theoretically maximum

 Client

Displays the maximum transmission rate and duplex mode (half-duplex or full-duplex) of the port.

Figure 6-51 Client

MAC:

SSID:

SNR(dB):

Displays the MAC address of the client of the AP selected in AP List.

Displays the SSID the client is connected to.

Signal to Noise Ratio, strength and the environmental noise strength. The bigger the value of SNR, the better network performance the device provides.

CCQ(%):

Displays the wireless Client Connection Quality (CCQ). CCQ refers to the ratio of

available bandwidth. CCQ reflects the actual link condition.

Rate(Mbps):

Down(Byte):

Up(Byte):

Active Time:

 LAN Traffic

Displays the data rate at which the client transmits wireless packets.

Displays the throughput of the downstream data.

Displays the throughput of the upstream data.

Displays the amount of time the client has been connected to the device.

Click LAN Traffic and you can monitor the data transmission status of the LAN port.

Figure 6-52 LAN Traffic

Rx/Tx Packets:

Displays the total amount of packets received/sent on the LAN port.

Rx/Tx Bytes:

6.4.2.1 SSID List

Displays the total amount of data (in bytes) received/sent on the LAN port.

Rx/Tx Dropped Packets:

Rx/Tx Errors:

 Radio Traffic

Displays the total amount of dropped packets received/sent on the LAN port.

Displays the total amount of error packets received/sent on the LAN port.

Click Radio Traffic and you can monitor the data transmission status of the wireless network.

Figure 6-53 Radio Traffic

Rx/Tx Packets:

Rx/Tx Bytes:

Rx/Tx Dropped Packets:

Rx/Tx Errors:

6.4.2 SSID

Displays the total amount of packets received/sent by the wireless network.

Displays the total amount of data (in bytes) received/sent by the wireless network.

Displays the total amount of dropped packets received/sent by the wireless network.

Displays the total amount of error packets received/sent by the wireless network.

Figure 6-54 SSID Monitoring

In SSID List you can monitor the related parameters of the wireless network.

Figure 6-55 SSID List

isplays the enabling or disabling of Portal. If you want to modify it, please

isplays the enabling or disabling of MAC Filtering. If you want to modify it,

isplays the enabling or disabling of SSID Isolation. If you want to modify it,

SSID Name:

VLAN ID:

Num of Clients:

SSID Broadcast:

Band:

Security:

Portal:

MAC Filter:

Isolation:

Displays the SSID name. If you want to modify it, please refer to 6.4.1.2 SSIDs

Displays the VLAN which the SSID belongs to. If you want to change the VLAN ID, please refer to 6.4.1.2 SSIDs

Displays the number of clients connected to the SSID. If you want to get more information about these clients, please refer to 6.4.1.2 SSIDs

Displays the enabling or disabling of SSID broadcast. If you want to modify it, please refer to 6.4.1.2 SSIDs

Displays the frequency band the wireless network is operating at.

Displays the security mode the wireless network is applying. If you want to modify it, please refer to6.4.1.2 SSIDs

D refer to 6.4.1.2 SSIDs.

D please refer to 6.4.1.2 SSIDs.

Down(Byte):

Up(Byte):

Displays the throughput of the downstream data.

Displays the throughput of the upstream data.

6.4.3 Client

From User List, you can monitor the status of all the clients connected to the clustered EAPs

including those who are authenticated.

6.4.3.1 User List

the power ratio between the received wireless signal

current effective transmission bandwidth and the theoretically maximum

Figure 6-56 Client Monitoring

Figure 6-57 User List

MAC:

Access Point:

SSID:

SNR(dB):

CCQ(%):

Rate(Mbps):

Down(Byte):

Up(Byte):

Active Time:

Displays the MAC address of the client.

Displays the name of the device to which the client is connected.

Displays the SSID the client is connected to.

Signal to Noise Ratio, strength and the environmental noise strength. The bigger the value of SNR, the better network performance the device provides.

Displays the wireless Client Connection Quality (CCQ). CCQ refers to the ratio of

available bandwidth. CCQ reflects the actual link condition.

Displays the data rate at which the client transmits wireless packets.

Displays the throughput of the downstream data.

Displays the throughput of the upstream data.

Displays the amount of time the client has been connected to the device.

6.4.3.2 Portal Authenticated Guest

the power ratio between the received wireless signal

Displays the Client Connection Quality (CCQ) of the authenticated client. CCQ refers to the ratio of current effective transmission bandwidth and the

able bandwidth. CCQ reflects the actual link

Displays the data rate at which the authenticated client transmits wireless

The Portal Authenticated Guest displays information about clients that have set up valid

authentication.

Figure 6-58 Portal Authenticated Guest

MAC:

Access Point:

SSID:

SNR(dB):

CCQ(%):

Rate(Mbps):

Down(Byte):

Up(Byte):

Active Time:

Displays the MAC address of the authenticated client.

Displays the name of the device to which the authenticated client is connected

Displays the SSID the authenticated client is connected to.

Signal to Noise Ratio, strength and the environmental noise strength. The bigger the value of SNR, the better network performance the device provides.

theoretically maximum avail condition.

packets.

Displays the throughput of the downstream data.

Displays the throughput of the upstream data.

Displays the amount of time the authenticated client has been connected to the root AP.

Action: Click Unauthorize to stop giving authorization to the clients connected to the

wireless network.

6.5 Management

6.5.1.1 Log List

Management page is mainly used for device management and maintenance.

6.5.1 System Log

System log records information about hardware, software as well as system issues and monitors

system events. With the help of system log, you can get informed of system running status and

detect the reasons for failure.

Following is the page of System Log.

Figure 6-59 System Log Page

From Log List you can view detailed information about hardware, software, system issues and so

on.

Figure 6-60 Log List

6.5.1.2 Log Settings

You can choose the way to receive system logs in Log Settings zone, where these parameters can

be configured: Enable Auto Mail, Enable Server and Enable Nvram

Figure 6-61 Log Settings

 Enable Auto Mail

If Auto Mail is enabled, system logs will be sent to a mailbox. The following content will be shown.

From:

To:

SMTP Server:

Figure 6-62 Enable Auto Mail

Enter the sender’s email address.

Enter the recipient’s email address, which will receive the system logs.

Enter the IP address of the SMTP server.

Enable

Generally users are required to log in to the SMTP server by entering user

Authentication:

name and password.

 User Name: Enter the sender’s email address.

 Password: Enter the password of the sender’s email address.

 Confirm Password: Enter the password again for confirmation.

Time Mode:

System logs can be sent at specific time or time interval.

 Fixation Time: Set a fixed time, for example, 15:00. The recipient will

receive the system logs sent by the device at 15:00 every day.

 Period Time: Set a time interval, for example, 5 hours. The recipient will

receive the system logs sent by the device every 5 hours.

 Enable Server

System logs can also be sent to a server. After Auto Mail Feature is enabled, the following content

will be shown.

Figure 6-63 Enable Server

System Log Server IP:

System Log Server Port:

Enter the IP address of the remote server.

Enter the port of the remote server.

 Enable Nvram

By default, Nvram is disabled. Check the box to enable Nvram, system logs will be saved after

power supply is cut.

6.5.2 Web Server

You can log in web management interface, thereby manage and maintain the device.

Following is the page of Web Server.

Figure 6-64 Web Server Page

Secure Server

the system will log out automatically. Please

HTTPS:

Port:

Server Port:

Session Timeout:

HTTPS (Hypertext Transfer Protocol Secure) is enabled by default.

Designate a secure server port for web server in HTTPS mode. By default the port is 443.

Designate a server port for web server in HTTP mode. By default the port is 80.

Set the session timeout time. If you do nothing with the web management page within the timeout time, login again if you want to go back to web management page.

6.5.3 Management Access

Management Access Control allows you to configure up to four MAC addresses of the hosts that

are allowed to log in to the web management page of the EAP. Click Add PC’s MAC and the MAC

address of the current host will be added to MAC address list.

Following is the page of Management Access.

Figure 6-65 Management Access Page

enabled, only the PCs in MAC address list can log in the device’s web

MAC Authentication:

MAC1~MAC4:

Check the box to enable MAC Authentication. After MAC Authentication is

management page. By default this function is disabled. All PCs in LAN can log in and manage the device.

Enter the MAC addresses of the PCs which are authorized to log in the device.

6.5.4 LED ON/OFF

Following is the page of LED ON/OFF. By default the LED is on.

Figure 6-66 LED ON/OFF

6.5.5 SSH

This device supports the SSH Server function that allows users to login and manage it through

SSH connection on the SSH client software.

SSH (Secure Shell) is a security protocol established on application and transport layers. SSH-

encrypted-connection is similar to a telnet connection, but essentially the old telnet remote

management method is not safe, because the password and data transmitted with plain-text

can be easily intercepted. SSH can provide information security and powerful authentication

when you login this device remotely through an insecure network environment. It can encrypt

all the transmission data and prevent the information in remote management from being leaked.

Following is the page of SSH.

Figure 6-67 SSH Page

Server Port:

SSH Login:

Enter the server port. By default, it is port 22.

Check the box to enable SSH Server. By default, it is disabled.

6.5.6 SNMP

The device can be configured as an SNMP agent.

SNMP (Simple Network Management Protocol), the most widely applied network management

protocol, provides a management framework to monitor and maintain Internet devices. Main

functions of SNMP include monitoring network performance, detecting and analyzing network

error, configuring network devices, and so on. When networks function properly, SNMP can

perform the functions of statistics, configuration and testing. When networks have troubles,

SNMP can detect and restore these troubles.

An SNMP consists of three key components: manager, agent and MIB (Management Information

Base). SNMP manager is a client program operating at workstation, assisting network

administrators to accomplish most network device management tasks. An agent is a network-

management software module that resides on a managed device and responsible for receiving

and dealing with data sent by managing device. Generally the managed devices are network

devices including hosts, bridges, switches and routers. MIB is the collection of managed devices.

It defines a series of properties of the managed devices. Every SNMP agent has its own MIB.

Once the device has become an SNMP agent, it is able to receive and process request messages

from SNMP manager.

Following is the page of S NM P.

Figure 6-68 SNMP Page

The community name can be considered a group password. The default

evice's SNMP

SNMP Agent:

SysContact:

SysName:

SysLocation:

Get Community:

Get Source:

Set Community:

Enable SNMP Agent and the SNMP Agent will collect the information of this device and respond to information requests from one or more management systems.

Enter the textual identification of the contact person for this managed node.

Enter an administratively-assigned name for this managed node.

Enter the physical location of this managed node.

Community refers to a host group aiming at network management. Get Community only has the read-only right of the device's SNMP information.

setting is public.

Defines the IP address (for example, 10.10.10.1) or subnet for management systems that can serve as Get Community to read the SNMP information of this device. The format of subnet is “IP address/bit” (such as 10.10.10.0/24). The default is 0.0.0.0, which means all hosts can read the SNMP information of this device.

Set Community has the read and write right of the d information. Enter the community name that allows read/write access to the device's SNMP information. The community name can be considered a group password. The default setting is private.

Set Source:

Defines the IP address (for example, 10.10.10.1) or subnet for management systems that can serve as Set Community to read and write the SNMP information of this device. The format of subnet is “IP address/bit” (such as

10.10.10.0/24). The default is 0.0.0.0, which means all hosts can read and write the SNMP information of this device.

NOTE:

Defining community can allow management systems in the same community to communicate

with the SNMP Agent. The community name can be seen as the shared password of the network hosts group. Thus, for the safety, we suggest modifying the default community name before enabling the SNMP Agent service. If the field of community is blank, the SNMP Agent will not respond to any community name.

6.6 System

Old User

New User

Confirm New

System page is mainly used to configure some basic information like user account and time, and

realize functions including reboot, reset, backup, restore and upgrade the device.

6.6.1 User Account

You can change the user password to protect your device from unauthorized login. We

recommend that you change the default user password on the very first system setup.

Figure 6-69 User Account Page

Enter the present user name and password of the admin account to get the

Name/Password:

Password:

permission of modification.

Enter a new user name and password for the admin account. Both values are case-sensitive, up to 64 characters and with no space.

Enter the new password again.

6.6.2 Time Settings

System time represents the device system’s notion of the passing of time. System time is the

standard time for Scheduler and other time-based functions. You can manually set the system

time, configure the system to acquire its time settings from a preconfigured NTP server or

synchronize the system time with the PC’s clock.

The device supports DST (daylight saving time).

6.6.2.1 Time Settings

Figure 6-70 Time Settings

Figure 6-71 Time Settings

Time zone:

Date:

Click the button and the device will obtain GMT time from NTP server. IP address of the NTP server has to be filled in.

Click the button, your PC’s time will be obtained as the device’s system time.

Select your local time zone from the drop-down list.

Set the current date, in format MM/DD/YYYY. For example, for November 25, 2014, enter 11/25/2014 in the field.

Time:

6.6.2.2 Daylight Saving

Specify the device’s time. Select the number from the drop-down list in time format HH/MM/SS.

Primary/Secondary NTP Server:

If you’ve selected Get GMT from an NTP server, please input the primary NTP sever address and an alternative NTP server address.

Daylight Saving:

Mode:

Enable or disable the DST. DST is disabled by default.

Options include Predefined Mode, Recurring Mode and Date Mode. Please refer to the following content for more information.

Figure 6-72 Daylight Saving

 Predefined Mode

Figure 6-73 Predefined Mode

Mode: Select Predefined Mode.

Predefine Country:

Select a predefined DST configuration. Europe is the predefined country by default.

 USA: Second Sunday in March, 02:00 ~ First Sunday in November, 02:00

 European: Last Sunday in March, 01:00 ~ Last Sunday in October, 01:00

 Australia: First Sunday in October, 02:00 ~ First Sunday in April, 03:00

 New Zealand: Last Sunday in September, 02:00 ~ First Sunday in April,

03:00

 Recurring Mode

Figure 6-74 Recurring Mode

Mode: Select Recurring Mode. The configuration is recurring in use.

Time Offset:

Start/End:

 Date Mode

Mode: Select Date Mode.

Time Offset:

Start/End:

Specify the time adding in minutes when Daylight Saving Time comes.

Select starting time and ending time of Daylight Saving Time.

Specify the time adding in minutes when Daylight Saving Time comes.

Select starting time and ending time of Daylight Saving Time.

6.6.3 Reboot/Reset

Figure 6-75 Date Mode

Figure 6-76 Reboot & Reset

Click Reboot to restart the device. Click Reset to restore the device to factory default settings.

NOTE:

Clicking Reboot/Reset will reboot/reset all the EAPs in a cluster.

6.6.4 Backup & Restore

Figure 6-77 Backup & Restore

You can save the current configuration of the EAP as a backup file and restore the configuration

via a backup file. Back up the settings before you upgrade the device or upload a new

configuration file can prevent it from being lost.

Restore function helps you to restore the device to previous settings by uploading a backup file.

6.6.5 Firmware Upgrade

Figure 6-78 Firmware Upgrade

Please log in http://www.tp-link.com/en/ to download the latest system file. As Figure 6-81

shows, firstly select the model and device you are planning to upgrade. Then click Browse and

choose the firmware file. Finally click Upgrade to upgrade the devices.

NOTE:

1. Please select the proper software version that matches your hardware to upgrade.

2. To avoid damage, please do not turn off the device while upgrading.

3. After upgrading, the device will reboot automatically.

Chapter 7 Standalone Mode

7.1 Network

On Network page you can configure the work mode and IP address of the standalone EAP.

Mode:

Cluster:

Dynamic/Static:

Fallback IP:

DHCP Fallback IP/IP MASK:

DHCP Fallback Gateway:

Figure 7-1 Network Page

Choose the work mode of the EAP.

Enter the cluster name.

By default, the EAP device obtains an IP address from a DHCP server (typically a router). Select Static to configure IP address manually.

Enter the fallback IP/IP mask.

Enter the fallback gateway.

7.2 Wireless

Wireless page, consisting of Wireless Settings, Portal, MAC Filtering, Scheduler, QoS and Rogue

AP Detection, is shown below.

Figure 7-2 Wireless Page

7.2.1 Wireless Settings

Following is the page of Wireless Settings.

Figure 7-3 Wireless Settings Page

7.2.1.1 Wireless Basic Settings

supports 802.11b/g/n, 802.11b/g, and 802.11n standards. It is

Select the channel width of this device. Options include 20MHz, 40MHz and

channel width of 40MHz can increase wireless throughput. However, users

To avoid interference from overlapping channels occupied by other

elect the channel used by this device to improve wireless performance.

Selecting larger transmit power than needed may cause interference to neighborhood. Also it consumes more power and will reduce longevity of the

to achieve the best

Figure 7-4 Wireless Basic Settings

2.4GHz Wireless Radio:

Wireless Mode:

Channel Width:

Check the box to enable 2.4GHz Wireless Radio.

Select the protocol standard for the wireless network.

Wireless network created by the EAP is able to operate in the 2.4GHz frequency The EAP recommended to select 802.11b/g/n, in which way clients supporting 11b, 11g or 11n mode can access your wireless network.

20/40MHz (this device automatically selects 20MHz or 40MHz, and 20MHz will be used if 40MHz is not available). According to IEEE 802.11n standard, using a

may choose lower bandwidth due to the following reasons:

1. To increase the available number of channels within the limited total bandwidth.

2. devices in the environment.

3. Lower bandwidth can concentrate higher transmit power, increasing stability of wireless links over long distances.

Channel:

Tx power:

S 1/2412MHz means the Channel is 1 and the frequency is 2412MHz. The channel number varies in different regions. By default, channel is automatically selected.

Enter the transmit power value. By default, the value is 20. The maximum transmit power may vary among different countries or regions.

If the maximum transmit power is set to be larger than local regulation allows, the maximum Tx power regulated will be applied in actual situation.

NOTE: In most cases, it is unnecessary to select maximum transmit power.

device. Select a certain transmit power is enough performance.

7.2.1.2 SSIDs

, AP will broadcast its SSID to hosts in the surrounding

SSIDs can work together with switches supporting 802.1Q VLAN. The EAP can build up to eight

virtual wireless networks per radio for users to access. At the same time, it adds different VLAN

tags to the clients which connect to the corresponding wireless network. It supports maximum

8 VLANs per radio. The clients in different VLAN cannot directly communicate with each other.

Clients connected to the device via cable do not belong to any VLAN. Thus wired client can

communicate with all the wireless clients despite the VLAN settings.

Click in the Modify column, the following content will be shown.

SSID Name:

Wireless VLAN ID:

SSID Broadcast:

Security Mode:

Figure 7-5 SSIDs

Click to add up to 8 wireless networks per radio.

Enter up to 32 characters as the SSID name.

Set a VLAN ID (ranges from 0 to 4094) for the wireless network. VLAN 0 means VLAN function is disabled. Wireless networks with the same VLAN ID are grouped to a VLAN.

Select the security mode of the wireless network. For the security of wireless network, you are suggested to encrypt your wireless network. This device provides three security modes: WPA-Enterprise, WPA-PSK (WPA Pre-Shared Key) and WEP (Wired Equivalent Privacy). WPA-PSK is recommended. Settings vary in different security modes as the details are in the following introduction. Select None and the hosts can access the wireless network without password.

Portal:

provides authentication service for the clients who want to access the

After enabling SSID Isolation, the devices connected in the same SSID cannot

pass the

the authentication, or it cannot associate with the wireless network or

SSID Isolation:

Portal wireless local area network. For more information, refer to 7.2.2 Portal. After Portal is enabled, the configurations in 7.2.2 Portal will be applied.

communicate with each other.

Modify:

Click to open the page to edit the parameters of SSID.

Click to delete the SSID.

Following is the detailed introduction of security mode: WEP, WPA-Enterprise and WPA-PSK.

 WEP

WEP (Wired Equivalent Privacy), based on the IEEE 802.11 standard, is less safe than WPA-

Enterprise or WPA-PSK.

NOTE:

Type:

Key Selected:

Wep Key Format:

Figure 7-6 Security Mode_WEP

Select the authentication type for WEP.

 Auto: The default setting is Auto, which can select Open System or Shared Key

automatically based on the wireless station's capability and request.

 Open System: After you select Open System, clients can

authentication and associate with the wireless network without password. However, correct password is necessary for data transmission.

 Shared Key: After you select Shared Key, clients has to input password to pass

transmit data.

You can configure four keys in advance and select one as the present valid key.

Select the wep key format ASCII or Hexadecimal.

 ASCII: ASCII format stands for any combination of keyboard characters in the

specified length.



Hexadecimal: Hexadecimal format stands for any combination of

is Auto, which can select TKIP (Temporal Key Integrity Protocol) or AES

hexadecimal digits (0-9, a-f, A-F) in the specified length.

Key Type:

Select the WEP key length (64-bit, or 128-bit, or 152-bit) for encryption.

 64-bit: You can enter 10 hexadecimal digits (any combination of 0-9, a-f, A-F

without null key) or 5 ASCII characters.

 128-bit: You can enter 26 hexadecimal digits (any combination of 0-9, a-f, A-

F without null key) or 13 ASCII characters.

 152-bit: You can enter 32 hexadecimal digits (any combination of 0-9, a-f, A-

F without null key) or 16 ASCII characters.

Key Value:

 WPA-Enterprise

Enter the key value.

Based on RADIUS server, WPA-Enterprise can generate different passwords for different users and

it is much safer than WPA-PSK. However, it costs much to maintain and is more suitable for

enterprise users. At present, WPA-Enterprise has two versions: WPA-PSK and WPA2-PSK.

Figure 7-7 Security Mode_WPA-Enterprise

Version:

Select one of the following versions:

 Auto: Select WPA-PSK or WPA2-PSK automatically based on the wireless

station's capability and request.

 WPA-PSK: Pre-shared key of WPA.

 WPA2-PSK: Pre-shared key of WPA2.

Encryption: Select the encryption type, including Auto, TKIP, and AES. The default setting

RADIUS Server

Enter the IP address/port of the RADIUS server.

IP/Port:

RADIUS

clients may not be able to access the wireless network of the EAP. If TKIP is applied in 11b/g/n

automatically based on the wireless station's capability

with ASCII or Hexadecimal

characters. For ASCII, the length should be between 8 and 63 characters with

Password:

Enter the shared secret of RADIUS server to access the RADIUS server.

Group Key Update period:

Specify the group key update period in seconds. The value can be either 0 or at least 30. 0 means no update.

NOTE:

Encryption type TKIP is not supported in 802.11n mode. If TKIP is applied in 802.11n mode, the

mode (in the 2.4GHz frequency band), the device may work at a low transmission rate.

 WPA-PSK

Based on pre-shared key, security mode W PA -PSK is characterized by high security and simple

configuration, which suits for common households and small business. WPA-PSK has two

versions: WPA-PSK and WPA2-PSK.

Figure 7-8 Security Mode_WPA-PSK

Version:

 Auto: Select WPA or WPA2 automatically based on the wireless station's

capability and request.

 WPA: Pre-shared key of WPA.

 WPA2: Pre-shared key of WPA2.

Encryption: Select the encryption type, including Auto, TKIP, and AES. The default setting is

Wireless

Configure the WPA-PSK/WPA2-PSK password

Password:

combination of numbers, letters (case-sensitive) and common punctuations. For Hexadecimal, the length should be 64 characters (case-insensitive, 0-9, a-f, A-F).

Group Key Update Period:

Specify the group key update period in seconds. The value can be either 0 or at least 30. 0 means no update.

7.2.1.3 Wireless Advanced Settings

value determines the time

, the access point will release the buffered than the fragmentation threshold, the packet will be fragmented into several packets. Too low fragmentation threshold may result in poor wireless

7.2.1.4 Load Balance

Figure 7-9 Wireless Advanced Settings

Beacon Interval:

DTIM Period:

RTS Threshold:

Beacons are transmitted periodically by the device to announce the presence of a wireless network for the clients. Beacon Interval interval of the beacons sent by the device. You can specify a value from 40 to 100. The default value is 100 milliseconds.

Fragmentation Threshold:

Specify the fragmentation threshold for packets. If the size of the packet is larger

performance caused by the excessive packets. The recommended and default value is 2346 bytes.

By restricting the maximum number of clients accessing the EAPs, Load Balance helps to achieve

rational use of network resources.

Figure 7-10 Load Balance

Load Balance: Disable by default. Click ON to enable the function. After enabling it, you

can set a number for maximum associated clients to control the wireless access.

Maximum Associated Clients:

Enter the number of clients to be allowed for connection to the EAP. The number ranges from 1 to 99.

7.2.2 Portal

Portal authentication enhances the network security by providing authentication service to the

clients who want to access the wireless local network. Portal is also called web authentication.

The users have to log in a web page to establish verification.

Network resources can be classified into different types for different users. Part of them can be

accessed for free by the clients; while some specific resources can only be accessed by authorized

users. What’s more, you can customize the authentication login page and specify a URL which

the newly authenticated client will be redirected to. Please refer to Portal Configuration or

Authentication Policy according to your need.

Free

Following is the page of Portal.

7.2.2.1 Portal Configuration

Figure 7-11 Portal Page

NOTE:

To apply Portal in a wireless network, please go to Wireless→Wireless Settings→SSIDs to enable Portal of a selected SSID.

Three authentication types are available: No Authentication, Local Password and External

RADIUS Server.

1. No Authentication：Users are required to finish only two steps: agree with the user protocol

and click the Login button.

2. Local Password：Users are required to enter the preset user name and password, which are

, an authentication session is established. Authentication Timeout decides the active time of the session. Within the active time, the device keeps the authentication session open with the

authentication page and enter the user name and password again once

saved in the EAP.

3. External RADIUS Server：Users are required to enter the preset user name and password,

which are saved in the database of the RADIUS server. The RADIUS server acts as the authentication server, which allows you to set different user name and password for different users.

Refer to the following content to configure Portal based on actual network situations.

 No Authentication

Figure 7-12 Portal Configuration_No Authentication

Authentication Type:

Authentication Timeout:

Redirect:

Select No Authentication.

After successful verification

associated client. To reopen the session, the client needs to log in the web

authentication timeout is reached.

By default, authentication timeout is one hour. Select Custom from the dropdown list to customize the parameter.

Disable by default. Redirect specifies that the portal should redirect the newly authenticated clients to the configured URL.

Redirect URL:

Enter the URL that a newly authenticated client will be directed to.

Portal Customization:

Select Local Web Portal, the authentication login page will be provided by the built-in portal server.

The page configured below will be presented to users as the login page. Words can be filled in Input Box 1 and Input Box 2.

Enter up to 31 characters as the title of the authentication login page in Input Box 1, like “Guest Portal of TP-LINK”.

Enter the terms presented to users in Input Box 2. The terms can be 1 to 1023 characters long.

 Local Password

Figure 7-13 Portal Configuration_Local Password

Authentication Type: Select Local Password.

Password:

Enter the password for local authentication.

Please refer to No Authentication to configure Authentication Timeout, Redirect, Redirect

URL, and Portal Customization.

 External RADIUS Server

External RADIUS Server provides two types of portal customization: Local Web Portal and

External Web Portal. The authentication login page of Local Web Portal is provided by the built-

in portal server of the EAP, as Figure 6-25 shown. The authentication login page of External Web

Portal is provided by external portal server, as Figure 6-26 shown.

1. Local Web Portal

Figure 7-14 Portal Configuration_External RADIUS Server_Local Web Portal

Authentication Type: Select External RADIUS Server.

RADIUS Server IP:

Port:

RADIUS Password:

Enter the IP address of the RADIUS server.

Enter the port for authentication service.

Enter the shared secret of RADIUS server to log in to the RADIUS server.

Please refer to No Authentication to configure Authentication Timeout, Redirect, Redirect

URL, and Portal Customization.

2. External Web Portal

7.2.2.2 Free Authentication Policy

Figure 7-15 Portal Configuration_External RADIUS Server_External Web Portal

Authentication Type: Select External RADIUS Server.

RADIUS Server IP:

Port:

RADIUS Password:

Portal Customization: Select External Web Portal.

External Web Portal URL:

Enter the IP address of the RADIUS server.

Enter the port for authentication service.

Enter the shared secret of RADIUS server to log in to the RADIUS server.

Enter the authentication login page’s URL, which is provided by the remote portal server.

Please refer to No Authentication to configure Authentication Timeout, Redirect and Redirect

URL.

Free Authentication Policy allows clients to access network resources for free. On the lower part

of the Portal page you can configure and view free authentication policies.

Figure 7-16 Free Authentication Policy

Click to add a new authentication policy and configure its parameters.

free authentication policy. Leaving the field empty means all IP addresses can

Figure 7-17 Configure Free Authentication Policy

Policy Name:

Source IP Range:

Destination IP Range:

Source MAC:

Destination Port:

Status:

Enter a policy name.

Enter the source IP address and subnet mask of the clients who can enjoy the

access the specific resources.

Enter the destination IP address and subnet mask for free authentication policy.

Leaving the field empty means all IP addresses can be visited. When External

Radius Server is configured and External Web Portal is selected, please set

the IP address and subnet mask of your external web server as the Destination

IP Range.

Enter the source MAC address of the clients who can enjoy the free authentication policy. Leaving the field empty means all MAC addresses can access the specific resources.

Enter the destination port for free authentication policy. Leaving the field empty means all ports can be accessed.

Check the box to enable the policy.

Click the button OK in Figure 6-28 and the policy is successfully added as Figure 6-29 shows.

Figure 7-18 Add Free Authentication Policy

Here is the explanation of Figure 6-29: The policy name is Policy 1. Clients with IP address range

192.168.2.0/24 are able to visit IP range 10.10.10.0/24. Policy 1 is enabled.

Click to edit the policy. Click to delete the polic y.

7.2.3 MAC Filtering

MAC Filtering uses MAC addresses to determine whether one host can access the wireless

network or not. Thereby it can effectively control the user access in the wireless network.

 Settings

Enable MAC Filtering:

Figure 7-19 MAC Filtering Page

Check the box to enable MAC Filtering.

 Station MAC Group

Follow the steps below to add MAC groups.

Step 1:

Click , two tables will be shown.

Figure 7-20 Station MAC Group

Step 2:

Click and fill in a name for the MAC group.

Figure 7-21 Add a Group

Step 3:

Click and input the MAC address you want to organize into this group.

Figure 7-22 Add a Group Member

Click in Modify column to edit the MAC group name or MAC address. Click to delete the

MAC group or group member.

 MAC Filtering Association

Figure 7-23 MAC Filtering Association

SSID Name:

Band:

MAC Group Name:

Displays the SSID of the wireless network.

Displays the frequency band the wireless network operates at.

Select a MAC group from the drop-down list to allow or deny its members to access the wireless network.

Action:

 Allow: Allow the access of the stations specified in the MAC group.

 Deny: Deny the access of the stations specified in the MAC group.

7.2.4 Scheduler

Scheduler allows you to configure rules with specific time interval for radios to operate, which

automates the enabling or disabling of the radio.

 Settings

Figure 7-24 Scheduler Page

Scheduler:

Check the box to enable Scheduler.

Association Mode: Select Associated with SSID/AP, you can perform configurations on the

SSIDs/AP. The display of Scheduler Association is based on your option here.

 Scheduler Profile Configuration

Follow the steps below to add rules.

Step 1:

Click , two tables will be shown.

Figure 7-25 Scheduler Profile Configuration

Step 2:

Click and input a profile name for the rule.

Figure 7-26 Add a Profile

Step 3:

Click and configure the recurring schedule for the rule.

Figure 7-27 Add a Rule

 Scheduler Association

This zone will display different contents based on your selection of association mode in Settings.

1. Associated with SSID

Figure 7-28 Scheduler Association_Associated with SSID

SSID Name:

the wireless network during the time

Displays the SSID of the standalone AP.

Band:

Profile Name:

Action: Select Radio On/Off to turn on/off the wireless network during the time

Displays the frequency band which the wireless network operates at.

Select a profile name from the drop-down list. Profile name is configured in Scheduler Profile Configuration.

interval set for the profile.

2. Associated with AP

Figure 7-29 Scheduler Association_Associated with AP

AP:

AP MAC:

Profile Name:

Displays the name of the device.

Displays the MAC address of the device.

Select a profile name from the drop-down list. Profile name is configured in Scheduler Profile Configuration.

Action: Select Radio On/Off to turn on/off

interval set for the profile.

7.2.5 QoS

The EAP supports Quality of Service (QoS) to prioritize voice and video traffic over other traffic

types.

In normal use, the default values for the EAP device and station EDCA should not need to be

changed. Changing these values affects the QoS provided.

TP Link EAP115 User Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Chapter 1 About This Guide

1.1 Intended Readers

1.2 Conventions

Chapter 2 Introduction

2.1 Overview of the EAP

2.2 Appearance Description

2.2.1 Top View

2.2.2 Panel Layout

2.2.3 Mounting Bracket

Chapter 3 Typical Topology

Chapter 4 Getting Started with the EAP

Option 1: Wireless Login

Option 2: Wired Login

Chapter 5 Management Mode

5.1 Mode Identification

5.2 Mode Switching

5.2.1 Choose the Work Mode the First Time You Login

5.2.2 Switch from Cluster to Standalone

5.2.3 Switch from Standalone to Cluster

Chapter 6 Cluster Mode

6.1 Quick Setup

6.2 Cluster

6.2.1 Cluster

6.2.2 AP List

6.3 Wireless

6.3.1 Wireless Settings

6.3.1.1 Wireless Basic Settings

6.3.1.2 SSIDs

6.3.1.3 Wireless Advanced Settings

6.3.1.4 Load Balance

6.3.2 Portal

6.3.2.1 Portal Configuration

6.3.2.2 Free Authentication Policy

6.3.3 MAC Filtering

6.3.4 Scheduler

6.3.5 QoS

6.3.5.1 AP EDCA Parameters

6.3.5.2 Station EDCA Parameters

6.3.6 Rogue AP Detection

6.3.6.1 Settings

6.3.6.2 Detected Rogue AP List

6.3.6.3 Trusted AP List

6.3.6.4 Download/Backup Trusted AP List

6.4 Monitoring

6.4.1.1 AP List

6.4.1 AP

6.4.2.1 SSID List

6.4.2 SSID

6.4.3 Client

6.4.3.1 User List

6.4.3.2 Portal Authenticated Guest

6.5 Management

6.5.1.1 Log List

6.5.1 System Log

6.5.1.2 Log Settings

6.5.2 Web Server

6.5.3 Management Access

6.5.4 LED ON/OFF

6.5.5 SSH

6.5.6 SNMP

6.6 System

6.6.1 User Account

6.6.2 Time Settings

6.6.2.1 Time Settings

6.6.2.2 Daylight Saving

6.6.3 Reboot/Reset

6.6.4 Backup & Restore

6.6.5 Firmware Upgrade

Chapter 7 Standalone Mode

7.1 Network

7.2 Wireless

7.2.1 Wireless Settings

7.2.1.1 Wireless Basic Settings

7.2.1.2 SSIDs

7.2.1.3 Wireless Advanced Settings

7.2.1.4 Load Balance