tp-link EAP225 V1 v2 User's Guide

tp-link EAP225 manual cover
Pages 70
Year 2016
Language(s)
English en
Page 1

REV1.3.0

1910011858

User Guide

For TP-LINK Auranet Access Points

Page 2

COPYRIGHT & TRADEMARKS

Specifications are subject to change without notice. is a registered trademark

of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or

registered trademarks of their respective holders.

No part of the specifications may be reproduced in any form or by any means or used to make

any derivative such as translation, transformation, or adaptation without permission from TP-

LINK TECHNOLOGIES CO., LTD. Copyright 2016 TP-LINK TECHNOLOGIES CO., LTD. All rights

reserved.

Page 3

FCC STATEMENT (EAP110/EAP320/EAP330/EAP225)

This equipment has been tested and found to comply with the limits for a Class B digital device,

pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection

against harmful interference in a residential installation. This equipment generates, uses and can

radiate radio frequency energy and, if not installed and used in accordance with the instructions,

may cause harmful interference to radio communications. However, there is no guarantee that

interference will not occur in a particular installation. If this equipment does cause harmful

interference to radio or television reception, which can be determined by turning the equipment

off and on, the user is encouraged to try to correct the interference by one or more of the

following measures:

Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver.

Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

Consult the dealer or an experienced radio/ TV technician for help.

This device complies with part 15 of the FCC Rules. Operation is subject to the following two

conditions:

1 This device may not cause harmful interference.

2 This device must accept any interference received, including interference that may cause undesired operation.

Any changes or modifications not expressly approved by the party responsible for compliance

could void the users authority to operate the equipment.

Note: The manufacturer is not responsible for any radio or TV interference caused by unauthorized modifications to this equipment. Such modifications could void the users authority to operate the equipment.

FCC STATEMENT (EAP120/EAP220)

This equipment has been tested and found to comply with the limits for a Class A digital device,

pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection

against harmful interference when the equipment is operated in a commercial environment. This

equipment generates, uses, and can radiate radio frequency energy and, if not installed and used

in accordance with the instruction manual, may cause harmful interference to radio

Page 4

communications. Operation of this equipment in a residential area is likely to cause harmful

interference in which case the user will be required to correct the interference at his own expense.

This device complies with part 15 of the FCC Rules. Operation is subject to the following two

conditions:

1 This device may not cause harmful interference.

2 This device must accept any interference received, including interference that may cause undesired operation.

Any changes or modifications not expressly approved by the party responsible for compliance

could void the users authority to operate the equipment.

Note: The manufacturer is not responsible for any radio or TV interference caused by unauthorized modifications to this equipment. Such modifications could void the users authority to operate the equipment.

FCC RF Radiation Exposure Statement:

This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment. This device and its antenna must not be co-located or operating in conjunction with any other antenna or transmitter.

To comply with FCC RF exposure compliance requirements, this grant is applicable to only Mobile Configurations. The antennas used for this transmitter must be installed to provide a separation distance of at least 46 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter.

For EAP220/EAP320/EAP330/EAP225:

This device is restricted in indoor environment only.

CE Mark Warning

(EAP110)

This is a class B product. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures.

(EAP120)

This is a class A product. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures.

(EAP220)

This is a class A product. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures.

(EAP320/EAP330/EAP225)

This is a class B product. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures.

Page 5

RF Exposure Information This device meets the EU requirements (1999/5/EC Article 3.1a) on the limitation of exposure of

the general public to electromagnetic fields by way of health protection.

The device complies with RF specifications when the device used at 20 cm from your body.

National Restrictions (EAP220/EAP320/EAP330/EAP225) Restricted to indoor use.

Canadian Compliance Statement This device complies with Innovation, Science and Economic Development Canada license-exempt RSSs. Operation is subject to the following two conditions:

1 This device may not cause interference, and

2 This device must accept any interference, including interference that may cause undesired operation of the device.

Le prsent appareil est conforme aux CNR dIndustrie Canada applicables aux appareils radio exempts de licence. Lexploitation est autorise aux deux conditions suivantes :

1 lappareil ne doit pas produire de brouillage;

2 lutilisateur de lappareil doit accepter tout brouillage radiolectrique subi, meme si le brouillage est susceptible den compromettre le fonctionnement.

Caution (EAP220/EAP320/EAP330/EAP225)

1 The device for operation in the band 5150--5250 MHz is only for indoor use to reduce the potential for harmful interference to co-channel mobile satellite systems;

2 For devices with detachable antenna(s), the maximum antenna gain permitted for devices in the band 5725-5850 MHz shall be such that the equipment still complies with the e.i.r.p. limits specified for point-to-point and non-point-to-point operation as appropriate; and

The high-power radars are allocated as primary users (i.e. priority users) of the bands 5250-5350 MHz and 5650-5850 MHz and that these radars could cause interference and/or damage to LE-LAN devices.

Avertissement 1 Le dispositif fonctionnant dans la bande 5150-5250 MHz est rserv uniquement pour une

utilisation lintrieur afin de rduire les risques de brouillage prjudiciable aux systmes de satellites mobiles utilisant les mmes canaux;

Page 6

2 Le gain maximal d'antenne permis pour les dispositifs avec antenne(s) amovible(s) utilisant la bande 5725-5850 MHz doit se conformer la limitation P.I.R.E spcifie pour lexploitation point point et non point point, selon le cas.

En outre, les utilisateurs devraient aussi tre aviss que les utilisateurs de radars de haute puissance sont dsigns utilisateurs principaux (c.--d., quils ont la priorit) pour les bandes 5250-5350 MHz et 5650-5850 MHz et que ces radars pourraient causer du brouillage et/ou des dommages aux dispositifs LAN-EL.

Radiation Exposure Statement This equipment complies with ISEDC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance (20cm for EAP110/120, 26cm for EAP 220, 35cm for EAP 320, 46cm for EAP330, and 24cm for EAP225) between the radiator & your body. Cet quipement est conforme aux limites ISEDC d'exposition aux rayonnements tablies pour un environnement non contrl. Cet quipement doit tre install et utilis une distance minimale (entre la source de rayonnement et votre corps) indique ci-aprs : Modle Distance EAP110/120 20 cm EAP220 26 cm EAP225 24 cm EAP320 35 cm EAP330 46 cm

Dclaration d'exposition aux radiations Cet quipement est conforme aux limites d'exposition aux rayonnements ISEDC tablies pour un environnement non contrl. Cet quipement doit tre install et utilis avec un minimum de 26 cm de distance entre la source de rayonnement et votre corps.(EAP220) Cet quipement est conforme aux limites d'exposition aux rayonnements ISEDC tablies pour un environnement non contrl. Cet quipement doit tre install et utilis avec un minimum de 46 cm de distance entre la source de rayonnement et votre corps.(EAP330)

Innovation, Science and Economic Development Canada

Statement (EAP110/EAP320/EAP330/EAP225) CAN ICES-3 (B)/NMB-3(B)

Innovation, Science and Economic Development Canada

Statement (EAP120/EAP220) CAN ICES-3 (A)/NMB-3(A)

Page 7

,

.

Safety Information When product has power button, the power button is one of the way to shut off the product;

When there is no power button, the only way to completely shut off power is to disconnect the product or the power adapter from the power source.

Dont disassemble the product, or make repairs yourself. You run the risk of electric shock and voiding the limited warranty. If you need service, please contact us.

Avoid water and wet locations. Adapter shall be installed near the equipment and shall be easily accessible. The plug considered as disconnect device of adapter.

For EAP110(EU):

Use only power supplies which are provided by manufacturer and in the original

packing of this product. If you have any questions, please don't hesitate to contact us.

NCC Notice & BSMI Notice

Page 8

(EAP120/EAP220)

(EAP220/EAP320/EAP330/EAP225)

For EU/EFTA, this product can be used in the following countries:

Explanation of the symbols on the product label

Symbol Explanation

DC voltage

RECYCLING

This product bears the selective sorting symbol for Waste electrical and electronic

equipment (WEEE). This means that this product must be handled pursuant to European

directive 2012/19/EU in order to be recycled or dismantled to minimize its impact on the

environment.

User has the choice to give his product to a competent recycling organization or to the

retailer when he buys a new electrical or electronic equipment.

AT BE BG CH CY CZ DE DK

EE ES FI FR GB GR HR HU

IE IS IT LI LT LU LV MT

NL NO PL PT RO SE SI SK

Page 9

CONTENTS

About this User Guide .............................................................................................................................................. 1

Chapter 1 Introduction ...................................................................................................................................... 2

Chapter 2 Network Topology .......................................................................................................................... 3

Chapter 3 Management Mode........................................................................................................................ 4

3.1 Standalone Mode ............................................................................................................................ 4

3.2 Managed Mode ................................................................................................................................ 4

3.3 Switch to Standalone Mode ........................................................................................................ 4

Chapter 4 Network .............................................................................................................................................. 5

Chapter 5 Wireless ............................................................................................................................................... 6

5.1 Wireless Settings.............................................................................................................................. 7

5.1.1 Wireless Basic Settings......................................................................................................... 8

5.1.2 SSIDs ........................................................................................................................................... 9

5.1.3 Wireless Advanced Settings ........................................................................................... 13

5.1.4 Load Balance ........................................................................................................................ 14

5.2 Portal ................................................................................................................................................. 14

5.2.1 Portal Configuration .......................................................................................................... 15

5.2.2 Free Authentication Policy .............................................................................................. 20

5.3 MAC Filtering ................................................................................................................................. 22

5.4 Scheduler ........................................................................................................................................ 24

5.5 QoS .................................................................................................................................................... 28

5.5.1 AP EDCA Parameters ......................................................................................................... 29

5.5.2 Station EDCA Parameters ................................................................................................ 31

5.6 Rogue AP Detection .................................................................................................................... 32

5.6.1 Settings .................................................................................................................................. 33

5.6.2 Detected Rogue AP List.................................................................................................... 34

5.6.3 Trusted AP List ..................................................................................................................... 34

5.6.4 Download/Backup Trusted AP List ............................................................................... 35

Chapter 6 Monitoring ...................................................................................................................................... 37

6.1 AP ....................................................................................................................................................... 37

6.1.1 AP List ..................................................................................................................................... 37

6.2 SSID ................................................................................................................................................... 42

Page 10

6.2.1 SSID List .................................................................................................................................. 42

6.3 Client ................................................................................................................................................. 43

6.3.1 User List .................................................................................................................................. 43

6.3.2 Portal Authenticated Guest ............................................................................................ 44

Chapter 7 Management ................................................................................................................................. 46

7.1 System Log ..................................................................................................................................... 46

7.1.1 Log List ................................................................................................................................... 46

7.1.2 Log Settings .......................................................................................................................... 47

7.1.3 Backup Log ........................................................................................................................... 48

7.2 Web Server...................................................................................................................................... 49

7.3 Management Access ................................................................................................................... 49

7.4 Trunk ................................................................................................................................................. 50

7.5 LED ON/OFF ................................................................................................................................... 51

7.6 SSH ..................................................................................................................................................... 51

7.7 Management VLAN ..................................................................................................................... 52

7.8 SNMP................................................................................................................................................. 53

Chapter 8 System .............................................................................................................................................. 55

8.1 User Account .................................................................................................................................. 55

8.2 Time Settings ................................................................................................................................. 55

8.2.1 Time Settings ....................................................................................................................... 56

8.2.2 Daylight Saving ................................................................................................................... 57

8.3 Reboot/Reset ................................................................................................................................. 58

8.4 Backup & Restore.......................................................................................................................... 59

8.5 Firmware Upgrade ....................................................................................................................... 59

Page 11

About this User Guide When using this guide, please notice that features of the EAP may vary slightly depending on

the model and software version you have, and on your location, language, and Internet service

provider. All screenshots, images, parameters and descriptions documented in this guide are

used for demonstration only.

The information in this document is subject to change without notice. Every effort has been

made in the preparation of this document to ensure accuracy of the contents, but all statements,

information, and recommendations in this document do not constitute the warranty of any kind,

express or implied. Users must take full responsibility for their application of any product.

This guide is for EAP110, EAP120, EAP220, EAP320, EAP330 and EAP225. Chapter 4 to Chapter 8

are only suitable for the EAP in Standalone mode. Refer to the EAP Controller User Guide from

our website at www.tp-link.com when the EAP is managed by the EAP Controller software.

Convention

Unless otherwise noted, the EAP or the device mentioned in this guide stands for EAP110,

EAP120, EAP220, EAP320, EAP330 and EAP225. Due to the similarity of their software features,

we take EAP330 for an example to illustrate Chapter 4 to Chapter 8.

More Info

The latest software, management app and utility can be found at Download Center at www.tp-

link.com/support.

The Quick Installation Guide can be found where you find this guide or inside the package of the

EAP.

Specifications can be found on the product page at http://www.tp-link.com.

A Technical Support Forum is provided for you to discuss our products at http://forum.tp-

link.com.

Our Technical Support contact information can be found at the Contact Technical Support page

at www.tp-link.com/support.

1

Page 12

Chapter 1 Introduction

Auranet series products provide wireless coverage solutions for small-medium business. They

can either work independently as standalone APs or be centrally managed by the EAP

Controller software, providing a flexible, richly-functional but easily-configured enterprise-

grade wireless network for small and medium business.

Celling lamp appearance and easily mounting design with chassis make EAP easy to be

installed on a wall or ceiling and blend in with most interior decorations.

EAP110/120/220/225:

Figure 1-1 Top View of the EAP

EAP320/330:

Figure 1-2 Top View of the EAP

2

Page 13

Chapter 2 Network Topology

A typical network topology for the EAP is shown below.

Figure 2-1 Typical Topology

To deploy an EAP in your local network, a DHCP server is required to assign IP addresses to the

EAP and clients. Typically, a router acts as the DHCP server. A computer running the EAP

Controller software can locate in the same or different subnet with the EAPs.

The EAP can be managed by the EAP Controller software, which is a management software

specially designed for the TP-LINK EAP devices on a local wireless network, allowing you to

centrally configure and monitor mass EAP devices using a web browser on your PC. For more

information about the EAP Controller, please find the EAP Controller User Guide from our

official website:

http://www.tp-link.com/en/support/download/

3

Page 14

Chapter 3 Management Mode

Auranet series products can either work under the control of the EAP Controller software or

work independently as a standalone access point.

When user establishes a large-scale wireless network, the management of every single AP in

the network is complex and complicated. With the EAP Controller software, you can centrally

manage the mass APs simply in a web browser.

The Standalone mode applies to a relatively small-sized wireless network. EAPs in the Standalone

mode cannot be managed centrally by the EAP Controller software.

3.1 Standalone Mode

By default, the EAP works independently as a standalone access point. By entering the IP

address of the standalone EAP, you can log in to its web interface and perform configurations.

The factory default IP address configuration of the EAP is DHCP (Dynamic Host Configuration

Protocol). Before you access the web interface of the EAP, please make sure the DHCP server

works properly. Typically, a router acts as the DHCP server.

Follow the steps below to log in to the web interface of a standalone EAP.

1. Launch a web browser, enter the DHCP address in the address field and press the Enter key.

2. Enter admin (all lowercase) for both username and password.

3.2 Managed Mode

The EAP will become a managed AP once it is adopted via the EAP Controller software. Users

can manage the AP via a web browser. Refer to the EAP Controller User Guide from our

website at www.tp-link.com to know more about EAP Controller software.

3.3 Switch to Standalone Mode

The web interface of a specific EAP is not available once this EAP is adopted by the EAP

Controller. You can Forget the EAP via the EAP Controller to turn it back as a standalone AP.

Refer to the EAP Controller User Guide from our website at www.tp-link.com to learn more.

TIPS:

Proceed to the following chapters for information on using the EAP in standalone mode. EAP330 is taken as the example.

4

Page 15

Chapter 4 Network

On Network page you can configure the IP address of the standalone EAP.

Figure 4-1 Network Page

Dynamic/Static: By default, the EAP device obtains an IP address from a DHCP server (typically a router). Select Static to configure IP address manually.

Fallback IP: If the EAP fails to get a dynamic IP address from a DHCP server within ten seconds, the fallback IP will work as the IP address of the device. After that, however, the device will keep trying to obtain an IP address from the DHCP server until it succeeds.

DHCP Fallback IP/IP MASK:

Enter the fallback IP/IP mask.

DHCP Fallback Gateway:

Enter the fallback gateway.

5

Page 16

Chapter 5 Wireless

Wireless page, consisting of Wireless Settings, Portal, MAC Filtering, Scheduler, QoS and Rogue

AP Detection, is shown below.

Figure 5-1 Wireless Page

6

Page 17

5.1 Wireless Settings

Following is the page of Wireless Settings.

Figure 5-2 Wireless Settings Page

7

Page 18

5.1.1 Wireless Basic Settings

Figure 5-3 Wireless Basic Settings

2.4GHz Wireless Radio:

Check the box to enable 2.4GHz Wireless Radio.

Wireless Mode: Select the protocol standard for the wireless network.

For 2.4GHz network, we recommend that select 802.11b/g/n, in which way clients supporting any one of these modes can access your wireless network.

For 5GHz network, we recommend that select 802.11a/n or 802.11a/n/ac, in which way clients supporting any one of these modes can access your wireless network.

Channel Width: Select the channel width of this device.

According to IEEE 802.11n standard, using a higher bandiwidthcan increase wireless throughput. However, users may choose lower bandwidth due to the following reasons:

1. To increase the available number of channels within the limited total bandwidth.

2. To avoid interference from overlapping channels occupied by other devices in the environment.

3. Lower bandwidth can concentrate higher transmit power, increasing stability of wireless links over long distances.

Channel: Select the channel used by this device to improve wireless performance. 1/2412MHz means the Channel is 1 and the frequency is 2412MHz. By default, channel is automatically selected.

TIPS:

Proceed to the following chapter for information on configuring the wireless network of the EAP. The configuring information of 2.4GHz is taken as the example.

8

Page 19

Tx power: Enter the transmit power value. By default, the value is 20.

If the maximum transmit power is set to be larger than local regulation allows, the maximum Tx power regulated will be applied in actual situation.

NOTE: In most cases, it is unnecessary to select maximum transmit power. Selecting larger transmit power than needed may cause interference to neighborhood. Also it consumes more power and will reduce longevity of the device. Select a certain transmit power is enough to achieve the best performance.

5.1.2 SSIDs

SSIDs can work together with switches supporting 802.1Q VLAN. The EAP can build up to eight

virtual wireless networks per radio for users to access. At the same time, it adds different VLAN

tags to the clients which connect to the corresponding wireless network. It supports maximum

8 VLANs per radio. The clients in different VLAN cannot directly communicate with each other.

Clients connected to the device via cable do not belong to any VLAN. Thus wired client can

communicate with all the wireless clients despite the VLAN settings.

Click in the Modify column, the following content will be shown.

Figure 5-4 SSIDs

Click to add up to 8 wireless networks per radio.

SSID Name: Enter up to 32 characters as the SSID name.

Wireless VLAN ID:

Set a VLAN ID for the wireless network.

Wireless networks with the same VLAN ID are grouped to a VLAN.

9

Page 20

SSID Broadcast:

Enable this function, AP will broadcast its SSID to hosts in the surrounding environment, as thus hosts can find the wireless network identified by this SSID. If SSID Broadcast is not enabled, hosts must enter the APs SSID manually to connect to this AP.

Security Mode: Select the security mode of the wireless network. For the security of wireless network, you are suggested to encrypt your wireless network. This device provides three security modes: WPA-Enterprise, WPA-PSK (WPA Pre-Shared Key) and WEP (Wired Equivalent Privacy). WPA-PSK is recommended. Settings vary in different security modes as the details are in the following introduction. Select None and the hosts can access the wireless network without password.

Portal: Portal provides authentication service for the clients who want to access the wireless local area network. For more information, refer to 5.2 Portal. After Portal is enabled, the configurations in 5.2 Portal will be applied.

SSID Isolation: After enabling SSID Isolation, the devices connected in the same SSID cannot communicate with each other.

Modify: Click to open the page to edit the parameters of SSID.

Click to delete the SSID.

Following is the detailed introduction of security mode: WEP, WPA-Enterprise and WPA-PSK.

WEP

WEP (Wired Equivalent Privacy), based on the IEEE 802.11 standard, is less safe than WPA-

Enterprise or WPA-PSK.

NOTE:

WEPis not supported in 802.11n mode. If WEP is applied in 802.11n mode, the clients may not be able to access the wireless network. If WEP is applied in 11b/g/n mode (in the 2.4GHz frequency band) or 11a/n (in the 5GHz frequency band), the device may work at a low transmission rate.

Figure 5-5 Security Mode-WEP

Type: Select the authentication type for WEP.

Auto: The default setting is Auto, which can select Open System or Shared Key automatically based on the wireless station's capability and request.

10

Page 21

Open System: After you select Open System, clients can pass the authentication and associate with the wireless network without password. However, correct password is necessary for data transmission.

Shared Key: After you select Shared Key, clients has to input password to pass the authentication, or it cannot associate with the wireless network or transmit data.

Key Selected: You can configure four keys in advance and select one as the present valid key.

Wep Key Format:

Select the wep key format ASCII or Hexadecimal.

ASCII: ASCII format stands for any combination of keyboard characters in the specified length.

Hexadecimal: Hexadecimal format stands for any combination of hexadecimal digits (0-9, a-f, A-F) in the specified length.

Key Type: Select the WEP key length for encryption.

64-bit: You can enter 10 hexadecimal digits (any combination of 0-9, a-f, A-F without null key) or 5 ASCII characters.

128-bit: You can enter 26 hexadecimal digits (any combination of 0-9, a-f, A- F without null key) or 13 ASCII characters.

152-bit (For EAP110/120/220 only): You can enter 32 hexadecimal digits (any combination of 0-9, a-f, A-F without null key) or 16 ASCII characters.

Key Value: Enter the key value.

WPA-Enterprise

Based on RADIUS server, WPA-Enterprise can generate different passwords for different users and

it is much safer than WPA-PSK. However, it costs much to maintain and is more suitable for

enterprise users. At present, WPA-Enterprise has two versions: WPA-PSK and WPA2-PSK.

Figure 5-6 Security Mode_WPA-Enterprise

Version: Select one of the following versions:

Auto: Select WPA-PSK or WPA2-PSK automatically based on the wireless station's capability and request.

11

Page 22

WPA-PSK: Pre-shared key of WPA.

WPA2-PSK: Pre-shared key of WPA2.

Encryption: Select the encryption type, including Auto, TKIP, and AES. The default setting is Auto, which can select TKIP (Temporal Key Integrity Protocol) or AES (Advanced Encryption Standard) automatically based on the wireless station's capability and request. AES is more secure than TKIP and TKIP is not supported in 802.11n mode. It is recommended to select AES as the encryption type.

RADIUS Server IP/Port:

Enter the IP address/port of the RADIUS server.

RADIUS Password:

Enter the shared secret of RADIUS server to access the RADIUS server.

Group Key Update period:

Specify the group key update period in seconds. The value can be either 0 or 30-8640000 seconds.

NOTE:

Encryption type TKIP is not supported in 802.11n mode. If TKIP is applied in 802.11n mode, the clients may not be able to access the wireless network of the EAP. If TKIP is applied in 11b/g/n mode (in the 2.4GHz frequency band) or 11a/n (in the 5GHz frequency band), the device may work at a low transmission rate.

WPA-PSK

Based on pre-shared key, security mode WPA-PSK is characterized by high security and simple

configuration, which suits for common households and small business. WPA-PSK has two

versions: WPA-PSK and WPA2-PSK.

Figure 5-7 Security Mode_WPA-PSK

Version: Auto: Select WPA or WPA2 automatically based on the wireless station's capability and request.

WPA: Pre-shared key of WPA.

WPA2: Pre-shared key of WPA2.

12

Page 23

Encryption: Select the encryption type, including Auto, TKIP, and AES. The default setting is Auto, which can select TKIP (Temporal Key Integrity Protocol) or AES (Advanced Encryption Standard) automatically based on the wireless station's capability and request. AES is more secure than TKIP and TKIP is not supported in 802.11n mode. It is recommended to select AES as the encryption type.

Wireless Password:

Configure the WPA-PSK/WPA2-PSK password with ASCII or Hexadecimal characters. For ASCII, the length should be between 8 and 63 characters with combination of numbers, letters (case-sensitive) and common punctuations. For Hexadecimal, the length should be 64 characters (case-insensitive, 0-9, a-f, A-F).

Group Key Update Period:

Specify the group key update period in seconds. The value can be either 0 or 30- 8640000 seconds.

5.1.3 Wireless Advanced Settings

Figure 5-8 Wireless Advanced Settings

Beacon Interval: Beacons are transmitted periodically by the device to announce the presence of a wireless network for the clients. Beacon Interval value determines the time interval of the beacons sent by the device. You can specify a value from 40 to 100. The default value is 100 milliseconds.

DTIM Period: This value indicates the number of beacon intervals between successive Delivery Traffic Indication Messages (DTIMs) and this number is included in each Beacon frame. A DTIM is contained in Beacon frames to indicate whether the access point has buffered broadcast and/or multicast data for the client devices. Following a Beacon frame containing a DTIM, the access point will release the buffered broadcast and/or multicast data, if any exists. You can specify the value between 1-255 Beacon Intervals. The default value is 1, indicating the DTIM Period is the same as Beacon Interval. An excessive DTIM period may reduce the performance of multicast applications. It is recommended to keep it by default.

RTS Threshold: When the RTS threshold is activated, all the stations and APs follow the Request to Send (RTS) protocol. When the station is to send packets, it will send a RTS to AP to inform the AP that it will send data. After receiving the RTS, the AP notices other stations in the same wireless network to delay their transmitting of data. At the same time, the AP inform the requesting station to send data. The value

13

Page 24

range is from 1 to 2347 bytes. The default value is 2347, which means that RTS is disabled.

Fragmentation Threshold:

Specify the fragmentation threshold for packets. If the size of the packet is larger than the fragmentation threshold, the packet will be fragmented into several packets. Too low fragmentation threshold may result in poor wireless performance caused by the excessive packets. The recommended and default value is 2346 bytes.

Airtime Fairness:(For EAP320/330/225 only)

Airtime Fairness is a feature that boost the overall network performance by sacrifice a little bit of network time on your slowest devices. The relatively slow wifi speed devices can be slow from either long physical distance, weak signal strength, or simply being a legacy device with older technology. The setting takes away the monopoly in network time by the slower device (making the slower device even slower), dedicate and shift those processing time to the faster device to achieve better overall network performance.

5.1.4 Load Balance

By restricting the maximum number of clients accessing the EAPs, Load Balance helps to achieve

rational use of network resources.

Figure 5-9 Load Balance

Load Balance: Disable by default. Click ON to enable the function. After enabling it, you can set a number for maximum associated clients to control the wireless access.

Maximum Associated Clients:

Enter the number of clients to be allowed for connection to the EAP. The number ranges from 1 to 99.

5.2 Portal

Portal authentication enhances the network security by providing authentication service to the

clients that just need temporary access to the wireless network. Such clients have to log into a

web page to establish verification, after which they will access the network as guests. What's

more, you can customize the authentication login page and specify a URL which the newly

authenticated clients will be redirected to. Please refer to Portal Configuration or Free

Authentication Policy according to your need.

14

Page 25

Following is the page of Portal.

Figure 5-10 Portal Page

NOTE:

To apply Portal in a wireless network, please go to WirelessWireless SettingsSSIDs to enable Portal of a selected SSID.

5.2.1 Portal Configuration

Three authentication types are available: No Authentication, Local Password and External

RADIUS Server.

15

Page 26

No AuthenticationUsers are required to finish only two steps: agree with the user protocol and click the Login button.

Local PasswordUsers are required to enter the preset password, which are saved in the EAP.

External RADIUS ServerUsers are required to enter the preset user name and password, which are saved in the database of the RADIUS server. The RADIUS server acts as the authentication server, which allows you to set different usernames and passwords for different users.

Refer to the following content to configure Portal based on actual network situations.

No Authentication

Figure 5-11 Portal Configuration_No Authentication

Authentication Type:

Select No Authentication.

Authentication Timeout:

After successful verification, an authentication session is established. Authentication Timeout decides the active time of the session. Within the active time, the device keeps the authentication session open with the associated client. To reopen the session, the client needs to log in the web authentication page and enter the user name and password again once authentication timeout is reached.

By default, authentication timeout is eight hours (For EAP110/120/220, the value is one hour). Select Custom from the drop-down list to customize the parameter.

16

Page 27

Redirect: Disable by default. Redirect specifies that the portal should redirect the newly authenticated clients to the configured URL.

Redirect URL: If you enable the Redirect function, please enter the URL that a newly authenticated client will be directed to.

Portal Customization:

Select Local Web Portal, the authentication login page will be provided by the built-in web server.

The page configured below will be presented to users as the login page. Words can be filled in Input Box 1 and Input Box 2.

Enter up to 31 characters as the title of the authentication login page in Input Box 1, like Guest Portal of TP-LINK.

Enter the terms presented to users in Input Box 2. The terms can be 1 to 1023 characters long.

17

Page 28

Local Password

Figure 5-12 Portal Configuration_Local Password

Authentication Type: Select Local Password.

Username: (For EAP110/120/220 only)

Enter the user name for local authentication.

Password: Enter the password for local authentication.

Please refer to No Authentication to configure Authentication Timeout, Redirect, Redirect

URL, and Portal Customization.

External RADIUS Server

External RADIUS Server provides two types of portal customization: Local Web Portal and

External Web Portal. The authentication login page of Local Web Portal is provided by the built-

in portal server of the EAP, as Figure 5-13 shown. The authentication login page of External Web

Portal is provided by external portal server, as Figure 5-14 shown.

18

Page 29

1. Local Web Portal

Figure 5-13 Portal Configuration_External RADIUS Server_Local Web Portal

Authentication Type: Select External RADIUS Server.

RADIUS Server IP: Enter the IP address of the RADIUS server.

Port: Enter the port for authentication service.

RADIUS Password: Enter the shared secret of RADIUS server to log in to the RADIUS server.

Please refer to No Authentication to configure Authentication Timeout, Redirect, Redirect

URL, and Portal Customization.

19

Page 30

2. External Web Portal

Figure 5-14 Portal Configuration_External RADIUS Server_External Web Portal

Authentication Type: Select External RADIUS Server.

RADIUS Server IP: Enter the IP address of the RADIUS server.

Port: Enter the port for authentication service.

RADIUS Password: Enter the shared secret of RADIUS server to log in to the RADIUS server.

Portal Customization: Select External