Tp link eap110 outdoor инструкция

Теперь трафик IPv6 можно блокировать через настройки ACL шлюза.

Добавлена возможность настройки RA IPv6 для шлюза Omada.

Добавлена возможность фильтрации MAC-адресов в разделе «Вид локации» > «Настройки» > «Безопасность сети» > «Фильтрация MAC-адресов».

В раздел «Аналитика» добавлена возможность отслеживания лимитов сеанса. Эта функция отображает количество сеансов, используемых одним IP-адресом.

Добавлена поддержка MSS Clamping («Вид локации» > «Настройки» > «Проводные сети» > «Интернет» > «PPPoE» > «Настройки»). MSS Clamping позволяет указать верхний предел значения максимального размера сегмента (MSS), о котором договариваются отправляющая и принимающая сторона при установке подключения TCP во избежание IP-фрагментации.

Добавлена поддержка кеша DNS («Вид локации» > «Настройки» > «Сервисы»). Кеш DNS повышает скорость преобразования доменного имени — перед отправкой запроса в интернет сначала анализируются недавние локальные преобразования адресов.

В шлюз добавлены ping, трассировка и «Инструменты терминала».

Добавлена возможность загрузки информации о шлюзе. Для получения доступа к функции откройте боковую панель шлюза и нажмите «Загрузить» в разделе «Настройка» > «Управление устройством». Для получения информации об устройстве контроллер Omada использует порт TCP 29815.

Для PFS добавлена поддержка групп DH 14 и 15.

Добавлена возможность использования диапазона IP-адресов локальной сети 0.0.0.0/0 для VPN-подключения IPsec типа «узел—сеть».

Добавлена возможность тегирования одного идентификатора VLAN в разных сетях.

Добавлена поддержка псевдонимов IP WAN («Вид локации» > «Настройки» > «Проводные сети» > «Интернет»). Эта функция позволяет создать несколько IP-адресов для одного порта WAN и использовать эти адреса для проброса портов.

В список управления доступом шлюза добавлена поддержка групп локаций, что позволяет блокировать передачу данных на определённые локации или приём данных с них.

В журналы добавлено отображение IP-адреса источника атак TCP с нулевым значением в поле «flags» и атак Ping of Death, а также отображение изменений в сети провайдера во время резервирования канала. Также увеличено количество журналов шлюза.

В раздел «Устройства» > «Порты» шлюзов Omada добавлена поддержка управления потоком.

Добавлена возможность изменения интервала обновления динамического DNS (1–60 минут).

May 2018

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

COPYRIGHT & TRADEMARKS

Specifications are subject to change without notice. is a registered trademark

of TP—Link TECHNOLOGIES CO., LTD. Other brands and product names are trademarks

or registered trademarks of their respective holders.

No part of the specifications may be reproduced in any form or by any means or used to

make any derivative such as translation, transformation, or adaptation without

permission from TP—Link TECHNOLOGIES CO., LTD. Copyright © 2016 TP—Link

TECHNOLOGIES CO., LTD. All rights reserved.

FCC STATEMENT

This equipment has been tested and found to comply with the limits for a Class B digital

device, pursuant to part 15 of the FCC Rules. These limits are designed to provide

reasonable protection against harmful interference in a residential installation. This

equipment generates, uses and can radiate radio frequency energy and, if not installed

and used in accordance with the instructions, may cause harmful interference to radio

communications. However, there is no guarantee that interference will not occur in a

particular installation. If this equipment does cause harmful interference to radio or

television reception, which can be determined by turning the equipment off and on, the

user is encouraged to try to correct the interference by one or more of the following

measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and receiver.

• Connect the equipment into an outlet on a circuit different from that to which the

receiver is connected.

• Consult the dealer or an experienced radio/ TV technician for help.

This device complies with part 15 of the FCC Rules. Operation is subject to the following

two conditions:

1） This device may not cause harmful interference.

2） This device must accept any interference received, including interference that may

cause undesired operation.

Any changes or modifications not expressly approved by the party responsible for

compliance could void the user’s authority to operate the equipment.

Note: The manufacturer is not responsible for any radio or TV interference caused by

unauthorized modifications to this equipment. Such modifications could void the user’s

authority to operate the equipment.

FCC RF Radiation Exposure Statement:

This equipment complies with FCC RF radiation exposure limits set forth for an

uncontrolled environment. This device and its antenna must not be co—located or

operating in conjunction with any other antenna or transmitter.

“To comply with FCC RF exposure compliance requirements, this grant is applicable to

only Mobile Configurations. The antennas used for this transmitter must be installed to

provide a separation distance of at least 20 cm from all persons and must not be co—

located or operating in conjunction with any other antenna or transmitter.”

CE Mark Warning

This is a class B product. In a domestic environment, this product may cause radio

interference, in which case the user may be required to take adequate measures.

RF Exposure Information

This device meets the EU requirements (1999/5/EC Article 3.1a) on the limitation of

exposure of the general public to electromagnetic fields by way of health protection.

The device complies with RF specifications when the device used at 20 cm from your

body.

Canadian Compliance Statement

This device complies with Industry Canada license—exempt RSSs. Operation is subject

to the following two conditions:

1） This device may not cause interference, and

2） This device must accept any interference, including interference that may cause

undesired operation of the device.

Le présent appareil est conforme aux CNR d’Industrie Canada applicables aux

appareils radio exempts de licence. L’exploitation est autorisée aux deux conditions

suivantes :

1） l’appareil ne doit pas produire de brouillage;

2） l’utilisateur de l’appareil doit accepter tout brouillage radioélectrique subi, meme si

le brouillage est susceptible d’en compromettre le fonctionnement.

This radio transmitter (IC: 8853A—EAP110—Outdoor/ Model: EAP110—Outdoor) has been

approved by Industry Canada to operate with the antenna types listed below with the

maximum permissible gain indicated. Antenna types not included in this list below,

having a gain greater than the maximum gain indicated for that type, are strictly

prohibited for use with this device.

Le présent émetteur radio (IC: 8853A- EAP110—Outdoor / Model: EAP110—Outdoor) a

été approuvé par Industrie Canada pour fonctionner avec les types d‘antenne

énumérés ci—dessous et ayant un gain admissible maximal. Les types d’antenne non

inclus dans cette liste ci—dessous et dont le gain est supérieur au gain maximal indiqué,

sont strictement interdits pour l’exploitation de l’émetteur.

Radiation Exposure Statement

This equipment complies with IC radiation exposure limits set forth for an uncontrolled

environment. This equipment should be installed and operated with minimum distance

20cm between the radiator & your body.

Déclaration d’exposition aux radiations

Cet équipement est conforme aux limites d’exposition aux rayonnements IC établies

pour un environnement non contrôlé. Cet équipement doit être installé et utilisé avec un

minimum de 20 cm de distance entre la source de rayonnement et votre corps.

Industry Canada Statement

CAN ICES—3 (B)/NMB—3(B)

Продукт сертифіковано згідно с правилами системи УкрСЕПРО на відповідність

вимогам нормативних документів та вимогам, що передбачені чинними

законодавчими актами України.

Safety Information

 When product has power button, the power button is one of the way to shut off the

product; When there is no power button, the only way to completely shut off power

is to disconnect the product or the power adapter from the power source.

 Don’t disassemble the product, or make repairs yourself. You run the risk of electric

shock and voiding the limited warranty. If you need service, please contact us.

 Avoid water and wet locations.

 Adapter shall be installed near the equipment and shall be easily accessible.

 The plug considered as disconnect device of adapter.

Use only power supplies which are provided by manufacturer and in the original

packing of this product. If you have any questions, please don’t hesitate to contact us.

NCC Notice & BSMI Notice

注意！

依據 低功率電波輻射性電機管理辦法

第十二條 經型式認證合格之低功率射頻電機，非經許可，公司、商號或使用者均不得擅自

變更頻率、加大功率或變更原設計之特性或功能。

第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通行；經發現有干擾現象時，

應立即停用，並改善至無干擾時方得繼續使用。前項合法通信，指依電信規定作業之無線電

信。低功率射頻電機需忍受合法通信或工業、科學以及醫療用電波輻射性電機設備之干擾。

安全諮詢及注意事項

●請使用原裝電源供應器或只能按照本產品注明的電源類型使用本產品。

●清潔本產品之前請先拔掉電源線。請勿使用液體、噴霧清潔劑或濕布進行清潔。

●注意防潮，請勿將水或其他液體潑灑到本產品上。

●插槽與開口供通風使用，以確保本產品的操作可靠並防止過熱，請勿堵塞或覆蓋開口。

●請勿將本產品置放於靠近熱源的地方。除非有正常的通風，否則不可放在密閉位置中。

●請不要私自打開機殼，不要嘗試自行維修本產品，請由授權的專業人士進行此項工作。

Explanation of the symbols on the product label

DC voltage

RECYCLING

pursuant to European directive 2012/19/EU in order to be recycled or dismantled

to minimize its impact on the environment.

User has the choice to give his product to a competent recycling organization or

to the retailer when he buys a new electrical or electronic equipment.

CONTENTS

About this User Guide ……………………………………………………………………………………………………………. 1

Chapter 1 Introduction ………………………………………………………………………………………………………. 2

Chapter 2 Network Topology ……………………………………………………………………………………………. 3

Chapter 3 Management Mode ………………………………………………………………………………………….. 5

3.1 Standalone Mode …………………………………………………………………………………………………. 5

3.2 Managed Mode …………………………………………………………………………………………………….. 5

3.3 Switch to Standalone Mode ……………………………………………………………………………….. 5

Chapter 4 Network ……………………………………………………………………………………………………………… 6

Chapter 5 Wireless ……………………………………………………………………………………………………………… 7

5.1 Wireless Settings …………………………………………………………………………………………………. 8

5.1.1 Wireless Basic Settings …………………………………………………………………………… 9

5.1.2 SSIDs ………………………………………………………………………………………………………… 10

5.1.3 Wireless Advanced Settings …………………………………………………………………. 14

5.1.4 Load Balance …………………………………………………………………………………………… 15

5.2 Portal ……………………………………………………………………………………………………………………. 15

5.2.1 Portal Configuration ……………………………………………………………………………….. 16

5.2.2 Free Authentication Policy …………………………………………………………………….. 21

5.3 MAC Filtering ………………………………………………………………………………………………………. 23

5.4 Scheduler …………………………………………………………………………………………………………….. 25

5.5 QoS ………………………………………………………………………………………………………………………. 29

5.5.1 AP EDCA Parameters …………………………………………………………………………….. 29

5.5.2 Station EDCA Parameters ……………………………………………………………………… 31

5.6 Rogue AP Detection …………………………………………………………………………………………… 32

5.6.1 Settings ……………………………………………………………………………………………………. 33

5.6.2 Detected Rogue AP List…………………………………………………………………………. 33

5.6.3 Trusted AP List ………………………………………………………………………………………… 34

5.6.4 Download/Backup Trusted AP List ………………………………………………………. 35

Chapter 6 Monitoring ……………………………………………………………………………………………………….. 36

6.1 AP …………………………………………………………………………………………………………………………. 36

6.1.1 AP List ………………………………………………………………………………………………………. 36

6.2 SSID ……………………………………………………………………………………………………………………… 41

6.2.1 SSID List …………………………………………………………………………………………………… 41

6.3 Client…………………………………………………………………………………………………………………….. 42

6.3.1 User List …………………………………………………………………………………………………… 42

6.3.2 Portal Authenticated Guest …………………………………………………………………… 43

Chapter 7 Management……………………………………………………………………………………………………. 45

7.1 System Log …………………………………………………………………………………………………………. 45

7.1.1 Log List …………………………………………………………………………………………………….. 45

7.1.2 Log Settings …………………………………………………………………………………………….. 46

7.2 Web Server ………………………………………………………………………………………………………….. 47

7.3 Management Access …………………………………………………………………………………………. 48

7.4 LED ON/OFF ………………………………………………………………………………………………………… 49

7.5 SSH ………………………………………………………………………………………………………………………. 50

7.6 Management VLAN ……………………………………………………………………………………………. 50

7.7 SNMP ……………………………………………………………………………………………………………………. 51

Chapter 8 System ……………………………………………………………………………………………………………… 54

8.1 User Account ………………………………………………………………………………………………………. 54

8.2 Time Settings ………………………………………………………………………………………………………. 54

8.2.1 Time Settings ………………………………………………………………………………………….. 55

8.2.2 Daylight Saving ……………………………………………………………………………………….. 56

8.3 Reboot/Reset ……………………………………………………………………………………………………… 57

8.4 Backup & Restore ……………………………………………………………………………………………….. 58

8.5 Firmware Upgrade ……………………………………………………………………………………………… 58

About this User Guide

When using this guide, please notice that features of the EAP may vary slightly

depending on the model and software version you have, and on your location, language,

and Internet service provider. All screenshots, images, parameters and descriptions

documented in this guide are used for demonstration only.

The information in this document is subject to change without notice. Every effort has

been made in the preparation of this document to ensure accuracy of the contents, but

all statements, information, and recommendations in this document do not constitute

the warranty of any kind, express or implied. Users must take full responsibility for their

application of any product.

Chapter 4 to Chapter 8 are only suitable for the EAP in Standalone mode. Refer to the

EAP Controller User Guide from our website at www.tp—link.com when the EAP is

managed by the EAP Controller software.

Unless otherwise noted, the EAP or the device mentioned in this guide stands for

EAP110—Outdoor.

The latest software, management app and utility can be found at Download Center at

www.tp—link.com/support.

The Quick Installation Guide can be found where you find this guide or inside the package

of the EAP.

Specifications can be found on the product page at http://www.tp—link.com.

A Technical Support Forum is provided for you to discuss our products at

http://forum.tp—link.com.

Our Technical Support contact information can be found at the Contact Technical

Support page at www.tp—link.com/support.

1

Chapter 1 Introduction

Auranet series products provide wireless coverage solutions for small—medium

business. They can either work independently as standalone APs or be centrally

managed by the EAP Controller software, providing a flexible, richly—functional but

easily—configured enterprise—grade wireless network for small and medium business.

Figure 1-1 View of the EAP

2

Chapter 2 Network Topology

A typical network topology for the EAP is shown below.

Figure 2-1 Typical Topology

To deploy an EAP in your local network, a DHCP server is required to assign IP addresses

to the EAP and clients. Typically, a router acts as the DHCP server. A computer running

the EAP Controller software can locate in the same or different subnet with the EAPs.

3

The EAP can be managed by the EAP Controller software, which is a management

software specially designed for the TP—Link EAP devices on a local wireless network,

allowing you to centrally configure and monitor mass EAP devices using a web browser

on your PC. For more information about the EAP Controller, please find the EAP

Controller User Guide from our official website:

http://www.tp—link.com/en/support/download/

4

Chapter 3 Management Mode

Auranet series products can either work under the control of the EAP Controller

software or work independently as a standalone access point.

When user establishes a large—scale wireless network, the management of every single

AP in the network is complex and complicated. With the EAP Controller software, you

can centrally manage the mass APs simply in a web browser.

The Standalone mode applies to a relatively small—sized wireless network. EAPs in the

Standalone mode cannot be managed centrally by the EAP Controller software.

3.1 Standalone Mode

By default, the EAP works independently as a standalone access point. By entering the

IP address of the standalone EAP, you can log in to its web interface and perform

configurations.

The factory default IP address configuration of the EAP is DHCP (Dynamic Host

Configuration Protocol). Before you access the web interface of the EAP, please make

sure the DHCP server works properly. Typically, a router acts as the DHCP server.

Follow the steps below to log in to the web interface of a standalone EAP.

1. Launch a web browser, enter the DHCP address in the address field and press the

Enter key.

2. Enter admin (all lowercase) for both username and password.

3.2 Managed Mode

The EAP will become a managed AP once it is adopted via the EAP Controller software.

Users can manage the AP via a web browser. Refer to the EAP Controller User Guide

from our website at www.tp—link.com to know more about EAP Controller software.

3.3 Switch to Standalone Mode

The web interface of a specific EAP is not available once this EAP is adopted by the

EAP Controller. You can

Forget

the EAP via the EAP Controller to turn it back as a

standalone AP. Refer to the EAP Controller User Guide from our website at www.tp—

link.com to learn more.

5

Chapter 4 Network

On

page you can configure the IP address of the standalone EAP.

Figure 4-1 Network Page

Dynamic/Static: By default, the EAP device obtains an IP address from a DHCP server

(typically a router). Select Static to configure IP address manually.

Fallback IP: If the EAP fails to get a dynamic IP address from a DHCP server within

ten seconds, the fallback IP will work as the IP address of the device.

After that, however, the device will keep trying to obtain an IP address

from the DHCP server until it succeeds.

DHCP Fallback

IP/IP MASK:

Enter the fallback IP/IP mask.

DHCP Fallback

Gateway:

Enter the fallback gateway.

6

Chapter 5 Wireless

page, consisting of Wireless Settings, Portal, MAC Filtering, Scheduler, QoS

and Rogue AP Detection, is shown below.

Figure 5-1 Wireless Page

7

5.1 Wireless Settings

Following is the page of

.

Figure 5-2 Wireless Settings Page

8

5.1.1 Wireless Basic Settings

Figure 5-3 Wireless Basic Settings

2.4GHz

Wireless Radio:

Check the box to enable 2.4GHz Wireless Radio.

Wireless Mode: Select the protocol standard for the wireless network.

We recommend that select 802.11b/g/n, in which way clients supporting

any one of these modes can access your wireless network.

Channel Width: Select the channel width of this device.

According to IEEE 802.11n standard, using a higher bandwidth can

increase wireless throughput. However, users may choose lower

bandwidth due to the following reasons:

1. To increase the available number of channels within the limited total

bandwidth.

2. To avoid interference from overlapping channels occupied by other

devices in the environment.

3.

increasing stability of wireless links over long distances.

Channel: Select the channel used by thi

performance. 1/2412MHz means the Channel is 1 and the frequency is

2412MHz. By default, channel is automatically selected.

Tx power: Enter the transmit power value. By default, the value is 20.

If the maximum transmit power is set to be larger than local regulation

situation.

: In most cases, it is unnecessary to select maximum transmit

power. Selecting larger transmit power than needed may cause

9

enough to achieve the best performance.

5.1.2 SSIDs

SSIDs can work together with switches supporting 802.1Q VLAN. The EAP can build up

to eight virtual wireless networks per radio for users to access. At the same time, it adds

different VLAN tags to the clients which connect to the corresponding wireless network.

It supports maximum 8 VLANs per radio. The clients in different VLAN cannot directly

communicate with each other.

Clients connected to the device via cable do not belong to any VLAN. Thus wired client

can communicate with all the wireless clients despite the VLAN settings.

Click in the Modify column, the following content will be shown.

Figure 5-4 SSIDs

Click to add up to 8 wireless networks per radio.

SSID Name: Enter up to 32 characters as the SSID name.

Wireless

VLAN ID:

Set a VLAN ID for the wireless network.

Wireless networks with the same VLAN ID are grouped to a VLAN.

SSID

Broadcast:

Enable this function, AP will broadcast its SSID to hosts in the surrounding

environment, as thus hosts can find the wireless network identified by this

SSID. If SSID Broadcast is not enabled, hosts must enter the AP’s SSID

manually to connect to this AP.

10

Security

Mode:

Select the security mode of the wireless network. For the security of

wireless network, you are suggested to encrypt your wireless network. This

device provides three security modes: WPA—Enterprise, WPA—PSK (WPA

Pre—Shared Key) and WEP (Wired Equivalent Privacy). WPA—

recommended. Settings vary in different security modes as the details are

in the following introduction. Select None and the hosts can access the

wireless network without password.

Portal: Portal provides authentication service for the clients who want to access

the wireless local area network. For more information, refer to 5.2 Portal.

After Portal is enabled, the configurations in 5.2 Portal will be applied.

SSID

Isolation:

After enabling SSID Isolation, the devices connected in the same SSID

cannot communicate with each other.

Modify: Click to open the page to edit the parameters of SSID.

Click to delete the SSID.

Following is the detailed introduction of security mode: WEP, WPA—Enterprise and

WPA—PSK.

 WEP

WEP (Wired Equivalent Privacy), based on the IEEE 802.11 standard, is less safe than

WPA—Enterprise or WPA—PSK.

WEP is not supported in 802.11n mode. If WEP is applied in 802.11n mode, the clients may

not be able to access the wireless network. If WEP is applied in 11b/g/n mode, the device

Figure 5-5 Security Mode—WEP

Type: Select the authentication type for WEP.

 Auto: The default setting is Auto, which can select Open System or

Shared Key automatically based on the wireless station’s capability and

request.

11



authentication and associate with the wireless network without

transmission.

 Shared Key: After you select Shared Key, clients has to input password

to pass the authentication, or it cannot associate with the wireless

network or transmit data.

Key Selected: You can configure four keys in advance and select one as the present

valid key.

Wep Key

Format:

Select the wep key format ASCII or Hexadecimal.

 ASCII: ASCII format stands for any combination of keyboard characters

in the specified length.

 Hexadecimal:

hexadecimal digits (0—9, a—f, A—F) in the specified length.

Key Type: Select the WEP key length for encryption.

 64—bit: You can enter 10 hexadecimal digits (any combination of 0—9, a—

f, A—F without null key) or 5 ASCII characters.

 128—bit: You can enter 26 hexadecimal digits (any combination of 0—9,

a-f, A-F without null key) or 13 ASCII characters.

 152—bit: You can enter 32 hexadecimal digits (any combination of 0—9,

a-f, A-F without null key) or 16 ASCII characters.

Key Value: Enter the key value.

 WPA—Enterprise

Based on RADIUS server, WPA—Enterprise can generate different passwords for

different users and it is much safer than WPA—PSK. However, it costs much to maintain

and is more suitable for enterprise users. At present, WPA—Enterprise has two versions:

WPA—PSK and WPA2—PSK.

Figure 5-6 Security Mode_WPA—Enterprise

12

Version: Select one of the following versions:

 Auto: Select WPA—PSK or WPA2—PSK automatically based on the

wireless station’s capability and request.

 WPA—PSK: Pre—shared key of WPA.

 WPA2—PSK: Pre—shared key of WPA2.

Encryption: Select the encryption type, including Auto, TKIP, and AES. The default

setting is Auto, which can select TKIP (Temporal Key Integrity Protocol)

or AES (Advanced Encryption Standard) automatically based on the

wireless station’s capability and request. AES is more secure than TKIP

and TKIP is not supported in 802.11n mode. It is recommended to select

AES as the encryption type.

RADIUS Server

IP/Port:

Enter the IP address/port of the RADIUS server.

RADIUS

Password:

Enter the shared secret of RADIUS server to access the RADIUS server.

Group Key

Update period:

Specify the group key update period in seconds. The value can be either

0 or 30—8640000 seconds.

Encryption type TKIP is not supported in 802.11n mode. If TKIP is applied in 802.11n mode,

the clients may not be able to access the wireless network of the EAP. If TKIP is applied in

 WPA—PSK

Based on pre—shared key, security mode WPA—PSK is characterized by high security and

simple configuration, which suits for common households and small business. WPA—PSK

has two versions: WPA—PSK and WPA2—PSK.

Figure 5-7 Security Mode_WPA—PSK

Version:  Auto: Select WPA—PSK or WPA2—PSK

wireless station’s capability and request.

13



 WPA2—PSK: Pre—shared key of WPA2.

Encryption: Select the encryption type, including Auto, TKIP, and AES. The default

setting is Auto, which can select TKIP (Temporal Key Integrity Protocol) or

AES (Advanced Encryption Standard) automatically based on the wireless

station’s capability and request. AES is more secure than TKIP and TKIP

is not supported in 802.11n mode. It is recommended to select AES as

the encryption type.

Wireless

Password:

Configure the WPA—PSK/WPA2—PSK password with ASCII or Hexadecimal

characters. For ASCII, the length should be between 8 and 63 characters

with combination of numbers, letters (case—sensitive) and common

punctuations. For Hexadecimal, the length should be 64 characters (case—

insensitive, 0—9, a—f, A—F).

Group Key

Update Period:

Specify the group key update period in seconds. The value can be either

0 or 30—8640000 seconds.

5.1.3 Wireless Advanced Settings

Figure 5-8 Wireless Advanced Settings

Beacon

Interval:

Beacons are transmitted periodically by the device to announce the

presence of a wireless network for the clients. Beacon Interval value

determines the time interval of the beacons sent by the device. You can

specify a value from 40 to 100. The default value is 100 milliseconds.

DTIM Period: This value indicates the number of beacon intervals between successive

Delivery Traffic Indication Messages (DTIMs) and this number is included

in each Beacon frame. A DTIM is contained in Beacon frames to indicate

whether the access point has buffered broadcast and/or multicast data for

the client devices. Following a Beacon frame containing a DTIM, the

access point will release the buffered broadcast and/or multicast data, if

any exists. You can specify the value between 1—255 Beacon Intervals. The

default value is 1, indicating the DTIM Period is the same as Beacon

Interval. An excessive DTIM period may reduce the performance of

multicast applications. It is recommended to keep it by default.

14

RTS

Threshold:

When the RTS threshold is activated, all the stations and APs follow the

Request to Send (RTS) protocol. When the station is to send packets, it will

send a RTS to AP to inform the AP that it will send data. After receiving the

RTS, the AP notices other stations in the same wireless network to delay

their transmitting of data. At the same time, the AP inform the requesting

station to send data. The value range is from 1 to 2347 bytes. The default

value is 2347, which means that RTS is disabled.

Fragmentation

Threshold:

Specify the fragmentation threshold for packets. If the size of the packet

is larger than the fragmentation threshold, the packet will be fragmented

into several packets. Too low fragmentation threshold may result in poor

wireless performance

recommended and default value is 2346 bytes.

5.1.4 Load Balance

By restricting the maximum number of clients accessing the EAPs, Load Balance helps

to achieve rational use of network resources.

Figure 5-9 Load Balance

Load Balance: Disable by default. Click ON to enable the function. After enabling it,

you can set a number for maximum associated clients to control the

wireless access.

Maximum

Associated

Clients:

Enter the number of clients to be allowed for connection to the EAP.

The number ranges from 1 to 99.

5.2 Portal

Portal authentication enhances the network security by providing authentication service

to the clients that just need temporary access to the wireless network. Such clients have

to log into a web page to establish verification, after which they will access the network

as guests. What’s more, you can customize the authentication login page and specify a

URL which the newly authenticated clients will be redirected to. Please refer to Portal

Configuration or Free Authentication Policy according to your need.

15

Following is the page of

.

Figure 5-10 Portal Page

To apply Portal in a wireless network, please go to Wireless→Wireless Settings→SSIDs

5.2.1 Portal Configuration

Three authentication types are available: No Authentication, Local Password and

External RADIUS Server.

：Users are required to finish only two steps: agree with the user

protocol and click the Login button.

16

：Users are required to enter the preset password, which are saved in

the EAP.

：Users are required to enter the preset user name and

password, which are saved in the database of the RADIUS server. The RADIUS server

acts as the authentication server, which allows you to set different usernames and

passwords for different users.

Refer to the following content to configure Portal based on actual network situations.

 No Authentication

Figure 5-11 Portal Configuration_No Authentication

Authentication

Type:

Select No Authentication.

Authentication

Timeout:

After successful verification, an authentication session is established.

Authentication Timeout decides the active time of the session. Within

the active time, the device keeps the authentication session open with

the associated client. To reopen the session, the client needs to log in

the web authentication page and enter the user name and password

again once authentication timeout is reached.

By default, authentication timeout is one hour. Select Custom from the

drop—down list to customize the parameter.

17

Redirect: Disable by default. Redirect specifies that the portal should redirect the

newly authenticated clients to the configured URL.

Redirect URL: If you enable the Redirect function, please enter the URL that a newly

authenticated client will be directed to.

Portal

Customization:

Select Local Web Portal, the authentication login page will be provided

by the built—in web server.

The page configured below will be presented to users as the login page.

Words can be filled in Input Box 1 and Input Box 2.

Enter up to 31 characters as the title of the authentication login page in

Input Box 1, like “Guest Portal of TP—Link”.

Enter the terms presented to users in Input Box 2. The terms can be 1 to

1023 characters long.

18

 Local Password

Figure 5-12 Portal Configuration_Local Password

Authentication Type: Select Local Password.

Password: Enter the password for local authentication.

Please refer to No Authentication to configure Authentication Timeout, Redirect,

Redirect URL and Portal Customization.

 External RADIUS Server

provides two types of portal customization: Local Web Portal

and External Web Portal. The authentication login page of Local Web Portal is provided

by the built—in portal server of the EAP, as Figure 5-13 shown. The authentication login

page of External Web Portal is provided by external portal server, as Figure 5-14 shown.

19

1. Local Web Portal

Figure 5-13 Portal Configuration_External RADIUS Server_Local Web Portal

Authentication

Type:

Select External RADIUS Server.

RADIUS Server IP: Enter the IP address of the RADIUS server.

Port: Enter the port for authentication service.

RADIUS Password: Enter the shared secret of RADIUS server to log in to the RADIUS

server.

Please refer to No Authentication to configure Authentication Timeout, Redirect,

Redirect URL and Portal Customization.

20

2. External Web Portal

Figure 5-14 Portal Configuration_External RADIUS Server_External Web Portal

Authentication Type: Select External RADIUS Server.

RADIUS Server IP: Enter the IP address of the RADIUS server.

Port: Enter the port for authentication service.

RADIUS Password: Enter the shared secret of RADIUS server to log in to the RADIUS

server.

Portal Customization: Select External Web Portal.

External Web Portal

URL:

Enter the authentication login page’s URL, which is provided by

the remote portal server.

Please refer to No Authentication to configure Authentication Timeout, Redirect and

Redirect URL.

5.2.2 Free Authentication Policy

Free Authentication Policy allows clients to access network resources for free. On the

lower part of the Portal page you can configure and view free authentication policies.

Figure 5-15 Free Authentication Policy

21

Click to add a new authentication policy and configure its parameters.

Figure 5-16 Configure Free Authentication Policy

Policy Name: Enter a policy name.

Source IP

Range:

Enter the source IP address and subnet mask of the clients who can

enjoy the free authentication policy. Leaving the field empty means all IP

addresses can access the specific resources.

Destination IP

Range: Enter the destination IP address and subnet mask for free authentication

policy. Leaving the field empty means all IP addresses can be visited.

When External Radius Server is configured and External Web Portal is

selected, please set the IP address and subnet mask of your external

web server as the Destination IP Range.

Source MAC: Enter the source MAC address of the clients who can enjoy the free

authentication policy. Leaving the field empty means all MAC addresses

can access the specific resources.

Destination

Port:

Enter the destination port for free authentication policy. Leaving the field

empty means all ports can be accessed.

Status: Check the box to enable the policy.

22

Click the button OK in Figure 5-16 and the policy is successfully added as Figure 5-17

shows.

Figure 5-17 Add Free Authentication Policy

Here is the explanation of Figure 5-17: The policy name is Policy 1. Clients with IP

address range 192.168.2.0/24 are able to visit IP range 10.10.10.0/24. Policy 1 is enabled.

Click to edit the policy. Click to delete the policy.

5.3 MAC Filtering

MAC Filtering uses MAC addresses to determine whether one host can access the

wireless network. Thereby it can effectively control the user access to the wireless

network.

Figure 5-18 MAC Filtering Page

23

 Settings

Enable MAC

Filtering:

Check the box to enable MAC Filtering.

 Station MAC Group

Follow the steps below to add MAC groups.

Step 1:

Click , two tables will be shown.

Figure 5-19 Station MAC Group

Step 2:

Click and fill in a name for the MAC group.

Figure 5-20 Add a Group

Step 3:

Select one MAC group, click and input the MAC address you want

to organize into this group.

24

Figure 5-21 Add a Group Member

Click in Modify column to edit the MAC group name or MAC address. Click to

delete the MAC group or group member.

 MAC Filtering Association

Figure 5-22 MAC Filtering Association

SSID Name: Displays the SSID of the wireless network.

Band: Displays the frequency band the wireless network operates at.

MAC Group Name: Select a MAC group from the drop—down list to allow or deny its

members to access the wireless network.

Action:  Allow: Allow the access of the stations specified in the MAC

group.

 Deny: Deny the access of the stations specified in the MAC

group.

5.4 Scheduler

Scheduler allows you to configure rules with specific time interval for radios to operate,

which automates the enabling or disabling of the radio.

25

Figure 5-23 Scheduler Page

 Settings

Scheduler: Check the box to enable Scheduler.

Association Mode: Select Associated with SSID/AP, you can perform configurations on