TP-Link EAP220 User Guide
Contents
1. Chapter 1 INTOAU CUNA A iia 3 1 1 EE 3 1 2 FeV CA lle E ONON a a 3 O E 3 1 22 Interac Panek E 4 PER Es AO 6 Chapter 2 NetWork TOP aia 7 Chapter 3 Mana dE MENO Sitio 8 3 1 Slate TE Oe e 8 3 2 ee Ce Be A ie aess tence 8 3 3 Switch to Standalone MO Si EA 8 Chapter 4 NetWork E 10 Chapter 5 Wele S Siac ccc gosta aes a a 11 5 1 WIteless e E 12 doll Wireless Basic SENGS rta 13 SEZ EE 14 SE Wireless Advanced Settings italianas 18 A Load la id 19 5 2 PON CC EE 19 S2 Portal CONT Uta ON da 20 5 2 2 Free Authentication Policy secsssscssecsssscsssscsssscsssscsssecsssecssscsssecsssecssscssssesssscasseesesees 25 5 3 MACETA o 27 ope el E 29 e O cacao 33 2k a lu 34 5 532 EE Parame tel eege 35 5 6 FRO GS APD eN ad 36 O AMM iia 37 5 6 2 Detected Roque AP Sonia 37 0 TUSted AR Manta bo 38 CONTENTS 5 6 4 Download Backup Trusted AP List ssesessssscssessssssessessssssssssessssssssessssssssseesesseseens 38 Chapter 6 leie ee neto eee 40 6 1 Aoi 40 A A e vaste eee cee eee 40 E EE 45 0720 A o o o ee 45 A O 46 OL Used a 46 6 32 ROESER 47 Chapter 7 Mana de MN dE 49 7 1 SY STN LOG A E Un en ioe Ra eee ai E 49 FEN Ws WR Beie H E o POE nn tere neon et a er nT RO ee 49 HZ e Leg e E 50 E EE 51 7 3 Management ee 52 TE EEN 53 7 5 AAA A O eN 53 7 6 SE ee 54 Chapter 8 e 57 8 1 Be LEE 57 8 2 nde e EE 57 oy Ay e Kinn En dl e ee ee nen an E eee ee ee ee eee 58 822 VIDA CHAE SAW INC E 59 8 3 REDOO2. Standalone Mode By default the EAP works independently as a standalone access point By entering the IP address of the standalone EAP you can log in to its web interface and perform configurations The factory default IP address configuration of the EAP is DHCP Dynamic Host Configuration Protocol Before you access the web interface of the EAP please make sure the DHCP server works properly Typically a router acts as the DHCP server Follow the steps below to log in to the web interface of a standalone EAP 1 Launch a web browser enter the DHCP address in the address field and press the Enter key 2 Enter admin all lowercase for both username and password Managed Mode The EAP will become a managed AP once it is adopted via the EAP Controller software Users can manage the AP via a web browser Refer to the EAP Controller User Guide to know more about EAP Controller software Switch to Standalone Mode The web interface of a specific EAP is not available once this EAP is adopted by the EAP Controller You can Forget the EAP via the EAP Controller to turn it back as a standalone AP Refer to the EAP Controller User Guide to learn more TIPS Proceed to the following chapters for information on using the EAP in standalone mode EAP110 is taken as the example Chapter 4 Network On Network page you can configure the IP address of the standalone EAP TP LINK espro United States Network Monitoring Managemen
3. Band MAC Group Name Action 5 4 Scheduler specified in the MAC group Figure 5 22 MAC Filtering Association Displays the SSID of the wireless network Displays the frequency band the wireless network operates at Select a MAC group from the drop down list to allow or deny its members to access the wireless network e Allow Allow the access of the stations specified in the MAC group e Deny Deny the access of the stations specified in the MAC group Scheduler allows you to configure rules with specific time interval for radios to operate which automates the enabling or disabling of the radio 29 TP LINK ron United States Network Monitoring Management System Wireless Settings MAC Filtering Scheduler Rogue AP Detection Settings Scheduler Enable Association Mode Associated with SSID w Scheduler Profile Configuration Create Profiles Scheduler Association SSID Name Profile Name Action TP LINK_2 4GHz_16E290 Radio Off Figure 5 23 Scheduler Page Settings Scheduler Check the box to enable Scheduler Association Mode Select Associated with SSID AP you can perform configurations on the SSIDs AP The display of Scheduler Association is based on your option here Scheduler Profile Configuration Follow the steps below to add rules Step 1 click Create Profiles two tables will be shown Scheduler Profile Configuration Add a Profile Add an Item Day
4. please set the IP address and subnet mask of your external web server as the Destination IP Range Source MAC Enter the source MAC address of the clients who can enjoy the free authentication policy Leaving the field empty means all MAC addresses can access the specific resources Destination Enter the destination port for free authentication policy Leaving the field Port empty means all ports can be accessed Status Check the box to enable the policy 26 Click the button OK in Figure 5 16 and the policy is successfully added as Figure 5 17 shows Free Authentication Policy add Policy Name Source IP Range Destination IP Range Source MAC on Status Settings Policy 1 192 168 2 0 24 10 10 10 0 24 Enable 4 W Figure 5 17 Add Free Authentication Policy Here is the explanation of Figure 5 17 The policy name is Policy 1 Clients with IP address range 192 168 2 0 24 are able to visit IP range 10 10 10 0 24 Policy 1 is enabled Click 4 to edit the policy Click to delete the policy 5 3 MAC Filtering MAC Filtering uses MAC addresses to determine whether one host can access the wireless network or not Thereby it can effectively control the user access in the wireless network TP LINK c4P110 United States Network Wireless Monitoring Management System Wireless Settings Portal MAC Filtering Scheduler Rogue AP Detection Settings Enable MAC Filtering Enable Station MAC Group Create
5. 802 11n standards It is recommended to select 802 1 1b g n in which way clients supporting 11b 11g or 11n mode can access your wireless network EAP220 the wireless network can work within 2 4GHz and 5GHz frequency Wireless network of EAP220 operating at 5GHz frequency band supports 802 11a n 802 11a and 802 11n standards It is recommended to select 802 11a n in which way your wireless network can be connected by clients supporting 11a or 11n mode Select the channel width of this device Options include 20MHz 40MHz and 20 40MHz this device automatically selects 20MHz or 40MHz and 20MHz will be used if 40MHz is not available According to IEEE 802 11n standard using a channel width of 40MHz can increase wireless throughput However users may choose lower bandwidth due to the following reasons 1 To increase the available number of channels within the limited total bandwidth 2 To avoid interference from overlapping channels occupied by other devices in the environment 3 Lower bandwidth can concentrate higher transmit power increasing stability of wireless links over long distances Select the channel used by this device to improve wireless performance 1 2412MHz means the Channel is 1 and the frequency is 2412MHz The channel number varies in different regions By default channel is automatically selected Enter the transmit power value By default the value is 20 The maximum transmit power may vary among different c
6. Automatic Power Save Delivery Y Enable Figure 5 29 QoS Page Wi Fi Multimedia By default WMM is enabled After WMM is enabled the device has the QoS WMM function to guarantee the transmission of audio and video packets with high priority 33 5 5 1 AP EDCA Parameters AP Enhanced Distributed Channel Access EDCA parameters affect traffic flowing from the EAP device to the client station AP EDCA Parameters Arbitration Minimum Maximum Inter Frame Space Contention Window Contention Window Maximum Burst Queue Data 0 Voice 1 Data 1 Video 1 Data 2 Best Effort 3 gt Data 3 Background 7 Figure 5 30 AP EDCA Parameters Queue Displays the transmission queues Data O gt Data 1 gt Data 2 gt Data 3 Arbitration Inter A wait time for data frames The wait time is measured in slots Valid values Frame Space for AIFS are from 1 to 15 Minimum An input to the algorithm that determines the initial random backoff wait Contention time window for retry of a transmission Window Maximum The upper limit in milliseconds for the doubling of the random backoff Contention value Window Maximum Burst This parameter applies only to traffic flowing from EAP to the client station This value specifies in milliseconds the maximum burst length allowed for packet bursts on the wireless network A packet burst is a collection of multiple frames transmitted without header information The decreased overhead resu
7. Click to delete the SSID Following is the detailed introduction of security mode WEP WPA Enterprise and WPA PSK e WEP WEP Wired Equivalent Privacy based on the IEEE 802 11 standard is less safe than WPA Enterprise or WPA PSK NOTE WEP is not supported in 802 11n mode If WEP is applied in 802 11n mode the clients may not be able to access the wireless network If WEP is applied in 11b g n mode in the 2 4GHz frequency band or 11a n in the 5GHz frequency band the device may work at a low transmission rate Security Mode Type Key Selected Wep Key Format Key Type Key Value Type WEP v e Auto Open System Shared Key Keyl v Hexadecimal e ASCII 64 Bit gt 128 Bit O 152Bit weppw Figure 5 5 Security Mode_WEP Select the authentication type for WEP e Auto The default setting is Auto which can select Open System or Shared Key automatically based on the wireless station s capability and request Key Selected Wep Key Format Key Type Key Value e Open System After you select Open System clients can pass the authentication and associate with the wireless network without password However correct password is necessary for data transmission e Shared Key After you select Shared Key clients has to input password to pass the authentication or it cannot associate with the wireless network or transmit data You can configure four keys in advance and select one a
8. Groups MAC Filtering Association SSID Name MAC Group Name TP LINK_2 4GHz_16E290 Note Deny Deny the access of the stations specified in the MAC group Allow Allow the access of the stations specified in the MAC group Figure 5 18 MAC Filtering Page 27 Settings Enable MAC Filtering Check the box to enable MAC Filtering Station MAC Group Follow the steps below to add MAC groups Step 1 Click create Groups two tables will be shown Station MAC Group MAC Group Name MAC Address Figure 5 19 Station MAC Group Step 2 Click Add a Group and fill in a name for the MAC group Station MAC Group Add a Group MAC Group Name Modify MAC Address MAC Group Figure 5 20 Add a Group Step 3 Add a Group Member Modify Add a Group Member Modify Click Add a Group Member and input the MAC address you want to organize into this group 28 Station MAC Group MAC Group Name 1st Floor Add a Group Add a Group Member Modify MAC Address Modify Fw Zw Figure 5 21 Add a Group Member Click L in Modify column to edit the MAC group name or MAC address Click ll to delete the MAC group or group member e MAC Filtering Association MAC Filtering Association SSID Name MAC Group Name Action TP LINK_2 4GHz_16E290 Note Deny Deny the access of the stations specified in the MAC group Allow Allow the access of the stations SSID Name
9. Information about the trusted APs is displayed in the list Trusted AP List Action Band Channel Security Unknown 40 16 9F BF 56 12 TP LINK_2 4GHz_BF5612 2 ON B0 48 7A DB 8A A5 TP LINK_2 4GHzZ_DB8AA5 Figure 5 35 Trusted AP List Action Click Unknown to move the AP out of the Trusted AP List MAC The MAC address of the trusted AP SSID The SSID for the trusted AP Band Displays the frequency band which the wireless network of the trusted AP operates at Channel The channel on which the trusted AP is currently broadcasting Security Displays the enabling or disabling of the security mode of the wireless network 5 6 4 Download Backup Trusted AP List You can import a list of trusted APs from a saved list which is acquired from another AP or created from a text file The AP whose MAC address is in the Trusted AP List will not be detected as a rogue You can also backup a list and save it in your PC Download Backup Trusted AP List Save Action DownLoad PC to AP Backup AP to PC Source File Name Browse File Management Replace Merge Figure 5 36 Download Backup Trusted AP List 38 Save Action Source File Name File Management NOTE Select Download PC to AP to import a trusted AP list to the device Select Backup AP to PC to copy the trusted AP list to your PC Click Browse and choose the path of a saved trusted AP list or to save a trusted AP list Select Repla
10. Select WPA PSK or WPA2 PSK automatically based on the wireless station s capability and request 16 e WPA PSK Pre shared key of WPA e WPA2 PSK Pre shared key of WPA2 Encryption Select the encryption type including Auto TKIP and AES The default setting is Auto which can select TKIP Temporal Key Integrity Protocol or AES Advanced Encryption Standard automatically based on the wireless station s capability and request AES is more secure than TKIP and TKIP is not supported in 802 11n mode It is recommended to select AES as the encryption type RADIUS Server Enter the IP address port of the RADIUS server IP Port RADIUS Enter the shared secret of RADIUS server to access the RADIUS server Password Group Key Specify the group key update period in seconds The value can be either 0 or Update period atleast 30 0 means no update NOTE Encryption type TKIP is not supported in 802 11n mode If TKIP is applied in 802 11n mode the clients may not be able to access the wireless network of the EAP If TKIP is applied in 11b g n mode in the 2 4GHz frequency band or 11a n in the 5GHz frequency band the device may work at a low transmission rate e WPA PSK Based on pre shared key security mode WPA PSK is characterized by high security and simple configuration which suits for common households and small business WPA PSK has two versions WPA PSK and WPA2 PSK Security Mode WPA PSK Version Auto O WPA PSK
11. be presented to users as the login page Words can be filled in Input Box 1 and Input Box 2 Term of Use Input Box 2 v i I accept the Term of Use Enter up to 31 characters as the title of the authentication login page in Input Box 1 like Guest Portal of TP LINK Enter the terms presented to users in Input Box 2 The terms can be 1 to 1023 characters long 22 Local Password Portal Configuration Authentication Type Local Password Username Password Authentication Timeout 1 Hours D Redirect Enable Redirect URL Portal Customization Local Web Portal Username Password Term of Use Y I accept the Term of Use Figure 5 12 Portal Configuration_Local Password Authentication Type Select Local Password Username Enter the user name for local authentication Password Enter the password for local authentication Please refer to No Authentication to configure Authentication Timeout Redirect Redirect URL and Portal Customization External RADIUS Server External RADIUS Server provides two types of portal customization Local Web Portal and External Web Portal The authentication login page of Local Web Portal is provided by the built in portal server of the EAP as Figure 5 13 shown The authentication login page of External Web Portal is provided by external portal server as Figure 5 14 shown 23 1 Local Web Portal Portal Configuration Authentication Type Exte
12. of Start Week Time Profile Name Modify Profile Name End Time Modify Figure 5 24 Scheduler Profile Configuration 30 Step 2 Click Add a Profile and input a profile name for the rule Scheduler Profile Configuration Add a Profile Add an Item Profile Name Modify Profile Name mas End Time Modify Figure 5 25 Add a Profile Step 3 Click Add a Item and configure the recurring schedule for the rule Scheduler Profile Configuration Add a Profile Add an Item Profile Name Modify Profile Name om End Time Modify Weekdays Le W Saturday 4 i Day O Weekday O Weekend O Every Day Custom Mon Tue Wed Thu Fri Mi Sat _ Sun Time 24 hours Start Time 15 vy End Time 18 v o Figure 5 26 Add a Rule 31 e Scheduler Association This zone will display different contents based on your selection of association mode in Settings 1 Associated with SSID Scheduler Association SSID Name Profile Name Action TP LINK_2 4GHz_16E290 Radio Off Save Figure 5 27 Scheduler Association_Associated with SSID SSID Name Displays the SSID of the standalone AP Band Displays the frequency band which the wireless network operates at Profile Name Select a profile name from the drop down list Profile name is configured in Scheduler Profile Configuration Action Select Radio On Off to turn on off the wireless network during th
13. off the product When there is no power button the only way to completely shut off power is to disconnect the product or the power adapter from the power source e Don t disassemble the product or make repairs yourself You run the risk of electric shock and voiding the limited warranty If you need service please contact us O Avoid water and wet locations NCC Notice amp BSMI Notice ER RIE MIR EEN VE EE DEA TAE AA RL MIERDA SERRE AT AA ARRERA IAE A ES MAR a Se JT PE TA o EFR ARR RE AN a ERR AE US LARS Er HSH MECA ATI AA AAI a Tak BAA BLE ESE RAR E Bo RAIA Et Ba EE fh H WMO ERRES REA AAA AGE BIA raps 82 FA RARA ROT RAS E Ad EB ERA A ARE A AA E ZAI GR IEA WSR BR Hk TR OE IRA AAA BI AS E mm Eo 0 05 A POBRE A De AS E m IRE SEEDERS oS SB a i HO o IRAE m EUR ERITREA LEA GRU GAN CE A AA AAA ATT DR ANE el AT AIS AN Em a FSS BR Se A EEIT IE kA Ra TERRE EIR ATA ee d INTE EA TINEO EE TB EDS AR This product can be used in the following countries About this User Guide This User Guide is for EAP110 EAP120 and EAP220 Chapter 4 to Chapter 8 are only suitable for the EAP in Standalone mode Refer to the EAP Controller User Guide when the EAP is managed by the EAP Controller software Convention Unless otherwise noted the EAP or the device mentioned in this guide stands for 300Mbps Wireless N Access Point EAP110 Wireless N Gigabit Access Point EAP120 and EAP220
14. provided by the URL remote portal server Please refer to No Authentication to configure Authentication Timeout Redirect and Redirect URL 5 2 2 Free Authentication Policy Free Authentication Policy allows clients to access network resources for free On the lower part of the Portal page you can configure and view free authentication policies Free Authentication Policy add Source Mac Destination Status Port Policy Name Source IP Range Destination IP Range Settings Figure 5 15 Free Authentication Policy 25 Click Add to add a new authentication policy and configure its parameters Free Authentication Policy add Policy Name Source IP Range Destination IP Range Source MAC EEN Status Settings Policy Name Policy 1 Source IP Range 192 168 2 0 24 Optional Destination IP Range 10 10 10 0 24 Optional Source MAC Optional Destination Port Optional Status Y Enable Figure 5 16 Configure Free Authentication Policy Policy Name Enter a policy name Source IP Enter the source IP address and subnet mask of the clients who can enjoy the Range free authentication policy Leaving the field empty means all IP addresses can access the specific resources EES Enter the destination IP address and subnet mask for free authentication policy Range Leaving the field empty means all IP addresses can be visited When External Radius Server is configured and External Web Portal is selected
15. s authority to operate the equipment Note The manufacturer is not responsible for any radio or TV interference caused by unauthorized modifications to this equipment Such modifications could void the user s authority to operate the equipment FCC RF Radiation Exposure Statement This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment This device and its antenna must not be co located or operating in conjunction with any other antenna or transmitter To comply with FCC RF exposure compliance requirements this grant is applicable to only Mobile Configurations The antennas used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co located or operating in conjunction with any other antenna or transmitter CE Mark Warning C 1588 EAP110 EAP120 C 1588 EAP220 This is a class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures National Restrictions only for EAP220 This device is intended for home and office use in all EU countries and other countries following the EU directive 1999 5 EC without any limitation except for the countries mentioned below Country Bulgaria France Italy Luxembourg Norway Russian Federation 5150 5250 MHz Country Bulgaria Croatia Italy Luxembour
16. 11b g mode Figure 5 8 Wireless Advanced Settings Beacons are transmitted periodically by the device to announce the presence of a wireless network for the clients Beacon Interval value determines the time interval of the beacons sent by the device You can specify a value from 40 to 100 The default value is 100 milliseconds This value indicates the number of beacon intervals between successive Delivery Traffic Indication Messages DTIMs and this number is included in each Beacon frame A DTIM is contained in Beacon frames to indicate whether the access point has buffered broadcast and or multicast data for the client devices Following a Beacon frame containing a DTIM the access point will release the buffered broadcast and or multicast data if any exists You can specify the value between 1 255 Beacon Intervals The default value is 1 indicating the DTIM Period is the same as Beacon Interval An excessive DTIM period may reduce the performance of multicast applications It is recommended to keep it by default When the RTS threshold is activated all the stations and APs follow the Request to Send RTS protocol When the station is to send packets it will send a RTS to AP to inform the AP that it will send data After receiving the RTS the AP notices other stations in the same wireless network to delay their transmitting of data At the same time the AP inform the requesting station to send data The value range is from 1 to 2347 by
17. 60 minutes Start End Figure 8 7 Date Mode Mode Select Date Mode Time Offset Specify the time adding in minutes when Daylight Saving Time comes Start End Select starting time and ending time of Daylight Saving Time Reboot Reset TP LINK espro United States Network Wireless Monitoring Management System User Account Time Settings Reboot Reset Backup amp Restore Firmware Upgrade Reboot amp Reset Reboot Device Reset to Factory Default Figure 8 8 Reboot amp Reset Click Reboot to restart the device Click Reset to restore the device to factory default settings 60 8 4 Backup amp Restore TP LINK Coin United States Network Wireless Monitoring Management System User Account Time Settings Reboot Reset Backup amp Restore Firmware Upgrade Backup Save a copy of current settings Restore Restore saved settings from a file File Browse Figure 8 9 Backup amp Restore You can save the current configuration of the EAP as a backup file and restore the configuration via a backup file Back up the settings before you upgrade the device or upload a new configuration file can prevent it from being lost Restore function helps you to restore the device to previous settings by uploading a backup file 8 5 Firmware Upgrade TP LINK EaP110 United States Network Wireless Monitoring Management System User Account Time Settings Reboot Reset Backup amp Restore Firmware Upg
18. Controller Host EAP an Router Controller Clients ip Figure 2 1 Typical Topology To deploy an EAP in your local network a DHCP server is required to assign IP addresses to the EAP and clients Typically a router acts as the DHCP server Ensure the EAPs are in the same subnet with the Controller Host in which the EAP Controller is installed The EAP can be managed by the EAP Controller software which is a management software specially designed for the TP LINK EAP devices on a local wireless network allowing you to centrally configure and monitor mass EAP devices using a web browser on your PC For more information about the EAP Controller please refer to the EAP Controller User Guide in the resource CD or download it from our official website http www tp link com en support download 3 1 3 2 3 3 Chapter 3 Management Mode 300Mbps Wireless N Access Point EAP110 and Wireless N Gigabit Access Point EAP120 EAP220 can either work under the control of the EAP Controller software or work independently as a standalone access point When user establishes a large scale wireless network the management of every single AP in the network is complex and complicated With the EAP Controller software you can centrally manage the mass APs simply in a web browser The Standalone mode applies to a relatively small sized wireless network EAPs in the Standalone mode cannot be managed centrally by the EAP Controller software
19. Hz Frequency Wi Fi Standard IEEE 802 11b g n IEEE 802 11a b g n Maximum Data Up to 300Mbps Up to 600Mbps Rate Max RF 23dBm 2 4GHz 23dBm 5GHz 20dBm Transmission Power Multiple SSIDs Up to eight per radio Captive Portal Support Authentication Wireless Security WEP WPA WPA2 personal WPA WPA2 enterprise 63
20. Packets 10868 Tx Packets 7299 Rx Bytes 12770604 Tx Bytes 18132 Rx Dropped Packets Tx Dropped Packets 0 Rx Errors Tx Errors Figure 6 8 Radio Traffic Rx Tx Packets Displays the total amount of packets received sent by the wireless network Rx Tx Bytes Displays the total amount of data in bytes received sent by the wireless network Rx Tx Dropped Displays the total amount of dropped packets received sent by the wireless Packets network Rx Tx Errors Displays the total amount of error packets received sent by the wireless network 44 6 2 SSID TP LINK espiio United States Network Monitoring Management System Client SSID List Refresh Num of o Isolation Down Byte Up Byte ID SSID Name VLAN ID Band Security Portal MAC Clients Broadcast Filtering TP 1 LINK_2 4GHz_FFFFF 0 0 enable 2 4GHz disable disable disable 0 0 Figure 6 9 SSID Monitoring 6 2 1 SSID List In SSID List you can monitor the related parameters of the wireless network SSID List Refresh uwor S Isolation Down Byte Up Byte SSID Name VLAN ID i Band Security Portal MAC Clients Broadcast Filtering L LINK_2 4GHz_FFFFF 0 0 enable 2 4GHz disable disable disable 0 0 Figure 6 10 SSID List SSID Name Displays the SSID name If you want to modify it please refer to 5 1 2 SSIDs VLAN ID Displays the VLAN which the SSID belongs to If you want to change the VLAN ID please refer to 5 1 2 SSIDs N
21. TP LINK The Reliable Choice User Guide Wireless N Access Point EAP110 EAP120 EAP220 REV1 0 0 1910011184 FCC STATEMENT Capo HE This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures e Reorient or relocate the receiving antenna e Increase the separation between the equipment and receiver e Connect the equipment into an outlet on a circuit different from that to which the receiver is connected e Consult the dealer or an experienced radio TV technician for help This device complies with part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause un
22. URE SO Eo cases E E E taser ecastaee E EO ATE 60 8 4 PACKUP ERES O a E E TE A ET T E 61 8 5 Frimware Upata de nia idas 61 eeler e E SE 1 1 1 2 Chapter 1 Introduction Overview of the EAP EAP series products provide wireless coverage solutions for small medium business They can either work independently as standalone APs or be centrally managed by the EAP Controller software providing a flexible richly functional but easily configured enterprise grade wireless network for small and medium business Celling lamp appearance and easily mounting design with chassis make EAP easy to be installed on a wall or ceiling and blend in with most interior decorations EAP110 is provided with a passive PoE adapter for power supply EAP120 EAP220 can be powered via a PSE device or the provided power adapter With two built in omnidirectional antennas both EAP110 and EAP120 work within the 2 4GHz frequency band and apply 802 11 standards and 2 2MIMO technology allowing packet transmission at up to 300Mbps EAP220 has four built in omnidirectional antennas Wireless network created by EAP220 can operate at both 2 4GHz and 5GHz It applies 802 11n standard and two 2 2MIMO technology allowing packet transmission at up to 600Mbps 300Mbps per radio PSE Power Sourcing Equipment a device switch or hub for instance that will provide power in a PoE setup Hardware Overview 1 2 1 LED EAP110 EAP120 and EAP220 have the same LED st
23. User List 1 14 F4 2A 3B D7 E9 MAC Access Point SSID Refresh Access Point SSID SNR dB CCQ Rate Mbps Down Byte Up Byte Active Time Action Figure 6 11 Client Monitoring User List Refresh Access Point SSID Active Time SNR dB CCQ Rate Mbps Down Byte Up Byte TP LINK_2 4GHz_FFFFF 36 4 ik E EAP 110 00 0a eb 13 7b 00 0 days 00 00 09 Figure 6 12 User List Displays the MAC address of the client Displays the name of the device to which the client is connected Displays the SSID the client is connected to 46 SNR dB Signal to Noise Ratio the power ratio between the received wireless signal strength and the environmental noise strength The bigger the value of SNR the better network performance the device provides CCQ Displays the wireless Client Connection Quality CCQ CCQ refers to the ratio of current effective transmission bandwidth and the theoretically maximum available bandwidth CCQ reflects the actual link condition Rate Mbps Displays the data rate at which the client transmits wireless packets Down Byte Displays the throughput of the downstream data Up Byte Displays the throughput of the upstream data Active Time Displays the amount of time the client has been connected to the device 6 3 2 Portal Authenticated Guest The Portal Authenticated Guest displays information about clients that have set up valid authentication Portal Authenticate
24. WPA2 PSK Encryption Auto O TKIP AES Wireless Password wpapassl Group Key Update Period seconds 30 8640000 0 means no upgrade Figure 5 7 Security Mode_WPA PSK Version e Auto Select WPA or WPA2 automatically based on the wireless station s capability and request e WPA Pre shared key of WPA e WPA2 Pre shared key of WPA2 Encryption Wireless Password Group Key Update Period Select the encryption type including Auto TKIP and AES The default setting is Auto which can select TKIP Temporal Key Integrity Protocol or AES Advanced Encryption Standard automatically based on the wireless station s capability and request AES is more secure than TKIP and TKIP is not supported in 802 11n mode It is recommended to select AES as the encryption type Configure the WPA PSK WPA2 PSK password with ASCII or Hexadecimal characters For ASCII the length should be between 8 and 63 characters with combination of numbers letters case sensitive and common punctuations For Hexadecimal the length should be 64 characters case insensitive 0 9 a f A F Specify the group key update period in seconds The value can be either 0 or at least 30 0 means no update 5 1 3 Wireless Advanced Settings Wireless Advanced Settings Beacon Interval DTIM Period RTS Threshold Fragmentation Threshold Beacon Interval DTIM Period RTS Threshold ms 40 100 1 255 1 2347 256 2346 works only in
25. and should be exactly divided by 32 Select Enable to specify that the EAP device should not acknowledge frames with QosNoAck as the service class value By default it is disabled Select Enable to enable APSD which is a power management method APSD is recommended if VoIP phones access the network through the EAP device By default it is enabled 35 5 6 Rogue AP Detection A Rogue AP is an access point that has been installed on a secure network without explicit authorization from a system administrator The EAP device can scan all channels to detect all APs in the vicinity of the network If rogue APs are detected they are shown on the Detected Rogue AP List If an AP listed as a rogue is legitimate you can add it to the Trusted AP List TP LINK espiio United States Network Monitoring Management System Wireless Settings MAC Filtering Scheduler Rogue AP Detection Settings Rogue AP Detection Enable Save Detected Rogue AP List Q Scan Beacon Interval Signal Channel Security Trusted AP List Channel Security Download Backup Trusted AP List Save Action DownLoad PC to AP Backup AP to PC Source File Name Browse File Management Replace O Merge Figure 5 32 Rogue AP Detection Page 36 5 6 1 Settings Settings Rogue AP Detection _ Enable Figure 5 33 Enable Rogue AP Detection Rogue AP Detection Check the box to enable Rogue AP Detection then
26. atus and corresponding indications E i Figure 1 1 Top View of the EAP Solid green The device is working properly Flashing red System errors RAM flash Ethernet WLAN or firmware may be malfunctioning Flashing yellow Firmware update is in progress Do not disconnect or power off the device Double flashing red green yellow The device is being reset to its factory default settings 1 2 2 Interface Panel EAP110 ETHERNET ARROW 1 Figure 1 2 Interface Panel of EAP110 EAP120 EAP220 R RESET CONSOLE ETHERNET ON OFF POWER ARROW 1 Figure 1 3 Interface Panel of EAP120 EAP220 Please note that EAP 110 does not have the CONSOLE port POWER port and ON OFF button The interface panel components of the EAP from left to right are described in the following list Kensington Security Slot Secure the lock not provided into the security slot to prevent the device from being stolen RESET With the device powered on press and hold the RESET button for about 8 seconds until the LED flashes red then release the button The device will restore to factory default settings CONSOLE This port is used to connect to the serial port of a computer or a terminal to check and monitor system information of the EAP120 EAP220 Note CLI commands are not available in current software version We will release a new version suppo
27. authentication server which allows you to set different user name and password for different users Refer to the following content to configure Portal based on actual network situations e No Authentication Portal Configuration Authentication Type No Authentication Authentication Timeout 1 Hours D Redirect Enable Redirect URL Portal Customization Local Web Portal v Term of Use vi I accept the Term of Use Figure 5 11 Portal Configuration_No Authentication Authentication Select No Authentication Type Authentication After successful verification an authentication session is established Timeout Authentication Timeout decides the active time of the session Within the active time the device keeps the authentication session open with the associated client To reopen the session the client needs to log in the web authentication page and enter the user name and password again once authentication timeout is reached By default authentication timeout is one hour Select Custom from the drop down list to customize the parameter Redirect Disable by default Redirect specifies that the portal should redirect the newly authenticated clients to the configured URL 21 Redirect URL Enter the URL that a newly authenticated client will be directed to Portal Select Local Web Portal the authentication login page will be provided by the Customization built in portal server The page configured below will
28. ce to import the list and replace the contents of the Trusted AP List Select Merge to import the list and add the APs in the imported file to the APs currently shown in the Trusted AP List EAP device does not have any control over the APs in the Detected Rogue AP List 39 6 1 Chapter 6 Monitoring On Monitoring page you can monitor the network running status and statistics based on AP SSID and Client AP AP List on the Monitoring page displays the device name its MAC address and the number of clients Below the AP List the AP s detailed information will be shown including Device Information Wireless Settings LAN Information Client LAN Traffic and Radio Traffic TP LINK Coin United States Network Wireless Monitoring Management System Client Refresh Device Name Num of Clients EAP 110 00 0a eb 13 7b 00 00 0A EB 13 7B 00 Device Information Wireless Settings LAN Information Client LAN Traffic Radio Traffic Device Name Device Model Firmware Version System Time Uptime CPU Memory Figure 6 1 AP Monitoring 6 1 1 AP List Refresh Device Name Num of Clients EAP110 00 0a eb 13 7b 00 00 0A EB 13 7B 00 Figure 6 2 AP List 40 Device Name Displays the device name MAC Displays the MAC address of the EAP Num of Clients Displays the number of clients connected to the EAP e Device Information Device Information Wireless Settings LAN Information Cli
29. click Save 5 6 2 Detected Rogue AP List Information about the detected rogue APs is displayed in the list By default the status of the detected rogue AP is unknown You can click Known in Action column to move the AP to the Trusted AP List Detected Rogue AP List Q Scan Beacon Interval Signal Action Band Channel Security F8 1A4 67 D3 36 80 TP LINK_9E7YTP 2 4 ON 100 ill all F4 EC 38 22 D3 10 TP LINK_22D310 2 al Figure 5 34 Detected Rogue AP List a Scan Click to scan rogue APs Make sure you have enabled Rogue AP Detection and saved the setting before you click the button Action Click Known to move the AP to the Trusted AP List After the configurations are saved the moved AP will not be displayed in the Detected Rogue AP List MAC The MAC address of the rogue AP SSID The SSID for the rogue AP Band Displays the frequency band which the wireless network of the rogue AP operates at Channel The channel on which the rogue AP is currently broadcasting Security Displays the enabling or disabling of the security mode of the wireless network 37 Beacon The beacon interval used by the rogue AP Interval Beacon frames are transmitted by an AP at regular intervals to announce the existence of the wireless network The default behavior is to send a beacon frame once every 100 milliseconds or 10 per second Signal The strength of the radio signal emitting from the rogue AP 5 6 3 Trusted AP List
30. customize the authentication login page and specify a URL which the newly authenticated client will be redirected to Please refer to Portal Configuration or Free Authentication Policy according to your need Following is the page of Portal TP LINK Coin United States Network Wireless Monitoring Management System Wireless Settings MAC Filtering Scheduler Rogue AP Detection Portal Configuration Authentication Type No Authentication Authentication Timeout 1 Hours D Redirect Enable Redirect URL Portal Customization Local Web Portal Term of Use Y I accept the Term of Use Save Free Authentication Policy add Policy Name Source IP Range Destination IP Range Source MAC ER Status Settings Figure 5 10 Portal Page NOTE To apply Portal in a wireless network please go to Wireless Wireless Settings SSIDs to enable Portal of a selected SSID 5 2 1 Portal Configuration Three authentication types are available No Authentication Local Password and External RADIUS Server 1 NoAuthentication Users are required to finish only two steps agree with the user protocol and click the Login button 20 2 Local Password Users are required to enter the preset user name and password which are saved in the EAP 3 External RADIUS Server Users are required to enter the preset user name and password which are saved in the database of the RADIUS server The RADIUS server acts as the
31. d Guest MAC Access Point e Refresh Access Point SNR dB CCQ Rate Mbps Down k Up k Active Time Action Figure 6 13 Portal Authenticated Guest Displays the MAC address of the authenticated client Displays the name of the device to which the authenticated client is connected SSID Displays the SSID the authenticated client is connected to SNR dB Signal to Noise Ratio the power ratio between the received wireless signal strength and the environmental noise strength The bigger the value of SNR the better network performance the device provides CCQ Displays the Client Connection Quality CCQ of the authenticated client CCQ refers to the ratio of current effective transmission bandwidth and the theoretically maximum available bandwidth CCQ reflects the actual link condition Rate Mbps Displays the data rate at which the authenticated client transmits wireless packets Down Byte Displays the throughput of the downstream data Up Byte Displays the throughput of the upstream data 47 Active Time Displays the amount of time the authenticated client has been connected to the root AP Action Click Unauthorize to stop giving authorization to the clients connected to the wireless network 48 Chapter 7 Management Management page is mainly used for device management and maintenance 7 1 System Log System log records information about hardware software as well as system issues and monitors syst
32. d used for operation of your device If you want to change it refer to 5 1 1 Wireless Basic Settings Max TX Rate Displays the maximum data rate at which the device should transmit wireless packets Transmit Power Displays the maximum average transmit power of the device If you want to change it refer to 5 1 1 Wireless Basic Settings e LAN Information Device Information Wireless Settings LAN Information Client LAN Traffic Radio Traffic MAC Address 00 04 EB 16 E2 90 IP Address 192 168 0 4 Subnet Mask 255 255 255 0 LAN Port 100Mbps FD Figure 6 5 LAN Information MAC Address Displays the MAC address of the device IP Address Displays the IP address of the device Subnet Mask Displays the subnet mask of the device 42 LAN Port o Client Displays the maximum transmission rate and duplex mode half duplex or full duplex of the port Device Information Wireless Settings LAN Information Client LAN Traffic Radio Traffic SSID SNR dB CCQ Rate Mbps Down Byte Up Byte Active Time TP 1 14 F4 2A 3B D7 E9 21 52K 7K O days 00 02 12 MAC SSID SNR dB CCQ Rate Mbps Down Byte Up Byte Active Time e LAN Traffic Figure 6 6 Client Displays the MAC address of the client of the AP selected in AP List Displays the SSID the client is connected to Signal to Noise Ratio the power ratio between the received wireless signal strength and the environmental n
33. desired operation Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment Note The manufacturer is not responsible for any radio or TV interference caused by unauthorized modifications to this equipment Such modifications could void the user s authority to operate the equipment FCC STATEMENT EAP1208 EAP220 HE This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipmentis operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense This device complies with part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operation Any changes or modifications not expressly approved by the party responsible for compliance could void the user
34. dministrators to accomplish most network device management tasks An agent is a network management software module that resides on a managed device and responsible for receiving and dealing with data sent by managing device Generally the managed devices are network devices including hosts bridges switches and routers MIB is the collection of managed devices It defines a series of properties of the managed devices Every SNMP agent has its own MIB 54 Once the device has become an SNMP agent it is able to receive and process request messages from SNMP manager Following is the page of SNMP TP LINK espiio United States Network Wireless Monitoring Management System System Log Web Server Management Access LED ON OFF SNMP Agent SNMP Agent _ Enable SysContact SysName SysLocation Get Community Get Source Set Community Set Source Figure 7 10 SNMP Page SNMP Agent Enable SNMP Agent and the SNMP Agent will collect the information of this device and respond to information requests from one or more management systems SysContact Enter the textual identification of the contact person for this managed node SysName Enter an administratively assigned name for this managed node SysLocation Enter the physical location of this managed node Get Community refers to a host group aiming at network management Get Community Community only has the read only right of the device s SNMP information The comm
35. e Figure 5 4 SSIDs Click to add up to 8 wireless networks per radio Enter up to 32 characters as the SSID name Set a VLAN ID ranges from 0 to 4094 for the wireless network VLAN 0 means VLAN function is disabled Wireless networks with the same VLAN ID are grouped to a VLAN SSID Broadcast Security Mode Portal SSID Isolation Modify Enable this function AP will broadcast its SSID to hosts in the surrounding environment as thus hosts can find the wireless network identified by this SSID If SSID Broadcast is not enabled hosts must enter the AP s SSID manually to connect to this AP Select the security mode of the wireless network For the security of wireless network you are suggested to encrypt your wireless network This device provides three security modes WPA Enterprise WPA PSK WPA Pre Shared Key and WEP Wired Equivalent Privacy WPA PSK is recommended Settings vary in different security modes as the details are in the following introduction Select None and the hosts can access the wireless network without password Portal provides authentication service for the clients who want to access the wireless local area network For more information refer to 5 2 Portal After Portal is enabled the configurations in 5 2 Portal will be applied After enabling SSID Isolation the devices connected in the same SSID cannot communicate with each other Click 4 to open the page to edit the parameters of SSID
36. e time interval set for the profile 2 Associated with AP Scheduler Association Profile Name Action EAP110 00 0a eb 16 e2 98 00 0A EB 16 E2 98 None Y Radio off Figure 5 28 Scheduler Association_Associated with AP AP Displays the name of the device AP MAC Displays the MAC address of the device Profile Name Select a profile name from the drop down list Profile name is configured in Scheduler Profile Configuration Action Select Radio On Off to turn on off the wireless network during the time interval set for the profile 32 5 5 QoS The EAP supports Quality of Service QoS to prioritize voice and video traffic over other traffic types In normal use the default values for the EAP device and station EDCA should not need to be changed Changing these values affects the QoS provided TP LINK ar10 United States Network Monitoring Management System Wireless Settings MAC Filtering Scheduler Rogue AP Detection Wi Fi Multimedia WMM Y Enable AP EDCA Parameters Arbitration Minimum Maximum Inter Frame Space Contention Window Contention Window Maximum Burst Queue Data 0 Voice 1 Data 1 Video Data 2 Best Effort Data 3 Background Station EDCA Parameters Arbitration Minimum Maximum Inter Frame Space Contention Window Contention Window TXOP Limit Queue Data O Voice 2 Data 1 Video Data 2 Best Effort Data 3 Background No Acknowledgement _ Enable Unscheduled
37. em events With the help of system log you can get informed of system running status and detect the reasons for failure Following is the page of System Log TP LINK sario United States Network Wireless Monitoring Management System System Log Web Server Management Access LED ON OFF Log List Refresh Log Content DHCPC Recv OFFER from server 192 168 0 111 with ip 2014 01 01 00 00 31 NOTICE 192 168 0 100 2014 01 01 00 00 30 E NOTICE DHCPC Send DISCOVER with request ip 0 0 0 0 and unicast flag O 1970 01 01 00 00 10 System started Log Settings Enable Auto Mail _ Auto Mail Feature Enable Server _ Enable Server Enable Nvram Enable Nvram Figure 7 1 System Log Page 7 1 1 Log List From Log List you can view detailed information about hardware software system issues and so On 49 Log List Log Content DHCPC Recv OFFER from server 192 168 0 111 with ip 2014 01 01 00 00 3 C d 1 014 01 01 00 00 31 NOTICE 192 168 0 100 2014 01 01 00 00 30 NOTICE DHCPC Send DISCOVER with request ip 0 0 0 0 and unicast flag O 1970 01 01 00 00 10 INFO System started Figure 7 2 Log List 7 1 2 Log Settings You can choose the way to receive system logs in Log Settings zone where these parameters can be configured Enable Auto Mail Enable Server and Enable Nvram Log Settings Enable Auto Mail _ Auto Mail Feature Enable Server Enable Server Enable Nvram _ Enable Nvra
38. ent LAN Traffic Radio Traffic Device Name Device Model Firmware Version System Time Uptime CPU Memory Figure 6 3 Device Information Device Name Displays the device name Device Model Displays the model of the device Firmware Displays the firmware version of the device If you want to upgrade the firmware Version please refer to 8 5 Firmware Upgrade System Time Displays the system time of the device If you want to adjust the system time please refer to 8 2 1 Time Settings Uptime Displays the time that has elapsed since the last reboot CPU Displays the CPU occupancy which helps you to preliminarily judge whether the device functions properly Memory Displays the memory usage which helps you to preliminarily judge whether the device functions properly 41 e Wireless Settings Device Information Wireless Settings LAN Information Client LAN Traffic Radio Traffic Region Channel Frequency Channel Width IEEE302 11 Mode Max TX Rate Transmit Power Figure 6 4 Wireless Settings Region Displays the region you ve selected Channel Frequency Displays the channel number and the operating frequency If you want to change them please refer to 5 1 1 Wireless Basic Settings Channel Width Displays the spectral width of the radio channel used by the device If you want to change it refer to 5 1 1 Wireless Basic Settings IEEE802 11 Mode Displays the radio standar
39. erver Port 514 Figure 7 5 Enable Server System Log Server IP Enter the IP address of the remote server System Log Server Port Enter the port of the remote server e Enable Nvram By default Nvram is disabled Check the box to enable Nvram system logs will be saved after power supply is cut 7 2 Web Server You can log in web management interface thereby manage and maintain the device 51 Following is the page of Web Server TP LINK ron United States Network Wireless Monitoring Management System System Log Web Server Management Access LED ON OFF Web Server HTTPS Y Enable Secure Server Port 443 Server Port 80 Session Timeout 15 minutes Note Please enter the EAP s IP address to access the web based configuration utility via an HTTPS connection Figure 7 6 Web Server Page HTTPS HTTPS Hypertext Transfer Protocol Secure is enabled by default Secure Server Designate a secure server port for web server in HTTPS mode By default the Port port is 443 Server Port Designate a server port for web server in HTTP mode By default the port is 80 Session Set the session timeout time If you do nothing with the web management Timeout page within the timeout time the system will log out automatically Please login again if you want to go back to web management page 7 3 Management Access Management Access Control allows you to configure up to four MAC addresses of the hosts that are a
40. g Russian Federation Restriction None Outdoor use limited to 10 mW e i r p within the band 2454 2483 5 MHz None None Implemented None Restriction Not implemented License required None No info Reason remark General authorization required for outdoor use and public service Military Radiolocation use Refarming of the 2 4 GHz band has been ongoing in recent years to allow current relaxed regulation Full implementation planned 2012 If used outside of own premises general authorization is required General authorization required for network and service supply not for spectrum This subsection does not apply for the geographical area within a radius of 20 km from the centre of Ny lesund Only for indoor applications Reason remark Planned General authorization required if used outside own premises General authorization required for network and service supply not for spectrum Note Please don t use the product outdoors in France IC STATEMENT This Class A digital apparatus complies with Canadian ICES 003 Cet appareil num rique de la classe A est conforme a la norme NMB 003 du Canada y NpoAykT ceptudikoBaHo 3ri4Ho c npaBunama cucremu YkpCEMNPO Ha BianoBi4Hicre BWMOT aM HOPpMaTUBHUX AOKYMeHTIB Ta BuMOraM LUO NeperbaueHi UNHHAMM 3akoHO JaBunMua aKTAMN YKpalHn Safety Information When product has power button the power button is one of the way to shut
41. ght Saving Daylight Saving Daylight Saving _ Enable Mode Predefine Country European v Figure 8 4 Daylight Saving Daylight Saving Enable or disable the DST DST is disabled by default Mode Options include Predefined Mode Recurring Mode and Date Mode Please refer to the following content for more information Predefined Mode Mode Predefined Mode gt Recurring Mode Date Mode Predefine Country USA European Australia New Zealand Figure 8 5 Predefined Mode Mode Select Predefined Mode Predefine Country Select a predefined DST configuration Europe is the predefined country by default e USA Second Sunday in March 02 00 First Sunday in November 02 00 e European Last Sunday in March 01 00 Last Sunday in October 01 00 e Australia First Sunday in October 02 00 First Sunday in April 03 00 e New Zealand Last Sunday in September 02 00 First Sunday in April 03 00 59 Recurring Mode Mode O Predefined Mode 8 Recurring Mode O Date Mode Time Offset 60 minutes Start Fourtt w Sun v in Mar vw at 01 End Fourtt w Sun v in Oct v at OI Figure 8 6 Recurring Mode Mode Select Recurring Mode The configuration is recurring in use Time Offset Specify the time adding in minutes when Daylight Saving Time comes Start End Select starting time and ending time of Daylight Saving Time Date Mode Mode O Predefined Mode Recurring Mode 8 Date Mode Time Offset
42. in 11b g mode Load Balance Load Balance Maximum Associated Clients Figure 5 1 Wireless Page 11 5 1 Wireless Settings Following is the page of Wireless Settings TP LINK ar10 United States Network Wireless Monitoring Management Wireless Settings MAC Filtering Scheduler Wireless Basic Settings 2 4GHz Wireless Radio Y Enable Wireless Mode 802 11b g n mixed Channel Width 20 40MHz Channel Auto Tx power 20 SSID Name Wireless VLAN ID SSID Broadcast Security Mode Portal TP LINK_2 4GHz_16E290 Enable Disable Wireless Advanced Settings Beacon Interval ms 40 100 DTIM Period 1 255 RTS Threshold 1 2347 Fragmentation Threshold 256 2346 works only in 11b g mode Load Balance Load Balance Maximum Associated Clients Figure 5 2 Wireless Settings Page 12 System Rogue AP Detection SSID Isolation Disable Q do Modify 4 5 1 1 Wireless Basic Settings Wireless Basic Settings 2 4GHz Wireless Radio Wireless Mode Channel Width Channel Tx power 2 4GHz Wireless Radio Wireless Mode Channel Width Channel Tx power V Enable 802 11b g n mixed 20 40MHz Auto 20 Figure 5 3 Wireless Basic Settings Check the box to enable 2 4GHz Wireless Radio Select the protocol standard for the wireless network Wireless network created by the EAP is able to operate in the 2 4GHz frequency The EAP supports 802 11b g n 802 11b g and
43. llowed to log in to the web management page of the EAP Click Add PC s MAC and the MAC address of the current host will be added to MAC address list 52 Following is the page of Management Access TP LINK cariio United States Network Wireless Monitoring Management System System Log Web Server Management Access LED ON OFF Management Access Control MAC Authentication Enable MACI MAC2 MACS MAC4 Figure 7 7 Management Access Page MAC Check the box to enable MAC Authentication After MAC Authentication is Authentication enabled only the PCs in MAC address list can log in the device s web management page By default this function is disabled All PCs in LAN can log in and manage the device MAC1 MAC4 Enter the MAC addresses of the PCs which are authorized to log in the device 7 4 LED ON OFF Following is the page of LED ON OFF By default the LED is on TP LINK Corp United States Network Wireless Monitoring Management System System Log Web Server Management Access LED ON OFF LED ON OFF LED Y Enable Figure 7 8 LED ON OFF 7 5 SSH This device supports the SSH Server function that allows users to login and manage it through SSH connection on the SSH client software 53 SSH Secure Shell is a security protocol established on application and transport layers SSH encrypted connection is similar to a telnet connection but essentially the old telnet remote ma
44. lts in higher throughput and better performance Valid values for Maximum Burst are from 0 to 8192 and should be exactly divided by 32 34 5 5 2 Station EDCA Parameters Station EDCA parameters affect traffic flowing from the client station to the EAP device Station EDCA Parameters Queue Data O Voice Data 1 Video Data 2 Best Effort Data 3 Background No Acknowledgement Unscheduled Automatic Power Save Delivery Queue Arbitration Inter Frame Space Minimum Contention Window Maximum Contention Window TXOP Limit No Acknowledgement Unscheduled Automatic Power Save Delivery Inter Frame Space Maximum Contention Window Minimum Contention Window Arbitration TXOP Limit 3 v 7 7 v 15 v 15 v v 15 v y _ Enable Y Enable Figure 5 31 Station EDCA Parameters Displays the transmission queues Data 0 gt Data 1 gt Data 2 gt Data 3 A wait time for data frames The wait time is measured in slots Valid values for AIFS are 1 through 15 An input to the algorithm that determines the initial random backoff wait time window for retry of a transmission The upper limit in milliseconds for the doubling of the random backoff value The Transmission Opportunity TXOP is an interval of time in milliseconds when a WME client station has the right to initiate transmissions onto the wireless medium towards the EAP device Valid values for TXOP Limit are from 0 to 8192
45. m Figure 7 3 Log Settings Enable Auto Mail If Auto Mail is enabled system logs will be sent to a mailbox The following content will be shown Enable Auto Mail Y Auto Mail Feature From To SMTP Server Enable Authentication _ Enable Authentication User Name Password Confirm Password Time Mode Fixation Time Period Time Fixation Time 00 w 00 w HH MM Figure 7 4 Enable Auto Mail From Enter the sender s email address To Enter the recipient s email address which will receive the system logs 50 SMTP Server Enter the IP address of the SMTP server Enable Generally users are required to log in to the SMTP server by entering user Authentication name and password e User Name Enter the sender s email address e Password Enter the password of the sender s email address e Confirm Password Enter the password again for confirmation Time Mode System logs can be sent at specific time or time interval e Fixation Time Set a fixed time for example 15 00 The recipient will receive the system logs sent by the device at 15 00 every day e Period Time Set a time interval for example 5 hours The recipient will receive the system logs sent by the device every 5 hours e Enable Server System logs can also be sent to a server After Auto Mail Feature is enabled the following content will be shown Enable Server Y Enable Server System Log Server IP 0 0 0 0 System Log S
46. nagement method is not safe because the password and data transmitted with plain text can be easily intercepted SSH can provide information security and powerful authentication when you login this device remotely through an insecure network environment It can encrypt all the transmission data and preventthe information in remote management from being leaked Following is the page of SSH TP LINK espiio United States Network Wireless Monitoring Management System Log Web Server Management Access LED ON OFF SSH Server Server Port 22 SSH Login _ Enable Figure 7 9 SSH Page Server Port Enter the server port By default it is port 22 SSH Login Check the box to enable SSH Server By default it is disabled 7 6 SNMP The device can be configured as an SNMP agent SNMP Simple Network Management Protocol the most widely applied network management protocol provides a management framework to monitor and maintain Internet devices Main functions of SNMP include monitoring network performance detecting and analyzing network error configuring network devices and so on When networks function properly SNMP can perform the functions of statistics configuration and testing When networks have troubles SNMP can detect and restore these troubles An SNMP consists of three key components manager agent and MIB Management Information Base SNMP manager is a client program operating at workstation assisting network a
47. oise strength The bigger the value of SNR the better network performance the device provides Displays the wireless Client Connection Quality CCQ CCQ refers to the ratio of current effective transmission bandwidth and the theoretically maximum available bandwidth CCQ reflects the actual link condition Displays the data rate at which the client transmits wireless packets Displays the throughput of the downstream data Displays the throughput of the upstream data Displays the amount of time the client has been connected to the device Click LAN Traffic and you can monitor the data transmission status of the LAN port Device Information Wireless Settings LAN Information Client LAN Traffic Radio Traffic Rx Packets Rx Bytes Tx Packets Tx Bytes Rx Dropped Packets Tx Dropped Packets Rx Errors Tx Errors Figure 6 7 LAN Traffic 43 Rx Tx Packets Displays the total amount of packets received sent on the LAN port Rx Tx Bytes Displays the total amount of data in bytes received sent on the LAN port Rx Tx Dropped Displays the total amount of dropped packets received sent on the LAN Packets port Rx Tx Errors Displays the total amount of error packets received sent on the LAN port e Radio Traffic Click Radio Traffic and you can monitor the data transmission status of the wireless network Device Information Wireless Settings LAN Information Client LAN Traffic Radio Traffic Rx
48. ountries or regions 5 1 2 SSIDs If the maximum transmit power is set to be larger than local regulation allows the maximum Tx power regulated will be applied in actual situation NOTE In most cases it is unnecessary to select maximum transmit power Selecting larger transmit power than needed may cause interference to neighborhood Also it consumes more power and will reduce longevity of the device Select a certain transmit power is enough to achieve the best performance SSIDs can work together with switches supporting 802 10 VLAN The EAP can build up to eight virtual wireless net works per radio for users to access At the same time it adds different VLAN tags to the clients which connect to the corresponding wireless network It supports maximum 8 VLANs per radio The clients in different VLAN cannot directly communicate with each other Clients connected communicate with to the device via cable do not belong to any VLAN Thus wired client can all the wireless clients despite the VLAN settings Click L in the Modify column the following content will be shown SSID Name SSID Name Wireless VLAN ID SSID Broadcast Security Mode Portal SSID Isolation O ada SSID Name Wireless VLAN ID Add Wireless VLAN ID SSID Broadcast Security Mode Portal SSID Isolation Modify TP LINK_2 4GHz_16E290 0 4094 0 is used to disable VLAN 0 tagging Y Enable None _ Enable _ Enabl
49. rade Firmware Upgrade New Firmware File Warning The firmware upgrade process takes a couple of minutes Please do not power off the device until the process finishes Upgrade Figure 8 10 Firmware Upgrade Please log in http www tp link com en support download to download the latest system file Click Browse to choose the firmware file Click Upgrade to upgrade the devices 61 NOTE 1 Please select the proper software version that matches your hardware to upgrade 2 To avoid damage please do not turn off the device while upgrading 3 After upgrading the device will reboot automatically 62 Appendix A Specifications HARDWARE FEATURES Model EAP110 EAP120 EAP220 Interface Kensington lock slot RESET button ETHERNET ETHERNET 10 100 1000Mbps Ethernet port RJ 10 100Mbps 45 Ethernet port RJ CONSOLE port RJ 45 45 Power connector DC 2 24V 1A passive PoE PoE 802 3af compliant PoE 802 3af compliant adapter included 36 57VDC 0 2A Max or 36 57VDC 0 4A Max or external 12VDC 1A external 12VDC 1 5A Power Supply power supply power supply Maximum Power 7 7W 4 4W Consumption Antenna 2 3dBi embedded 2 4dBi embedded 4 4dBi embedded O md Ceiling Wall mounting kits included Certification CE FCC ROHS Operating 0C 40C 321 104F Temperature Mounting Operating 10 90 non condensing Humidity WIRELESS FEATURES Wireless 2 4GHz 2 4GHz amp 5G
50. ring Management System User Account i Time Settings Reboot Reset Backup amp Restore Firmware Upgrade Time Settings Time zone Select options Date MM DD YYYY Time gt 00 w HH MM SS Primary NTP Server optional Secondary NTP Server optional Get GMT Synchronize PC s Clock Daylight Saving Daylight Saving _ Enable Mode Predefined Mode O Recurring Mode O Date Mode Predefine Country USA v Figure 8 2 Time Settings 8 2 1 Time Settings Time Settings Time zone GMT 08 00 Beijing Hong Kong Perth Singapore Date 01 01 2014 MM DD YYYY Time 00 wi 22 wi 55 w HH MM SS Primary NTP Server optional Secondary NTP Server optional Get GMT Synchronize PC s Clock Figure 8 3 Time Settings Get GMT Click the button and the device will obtain GMT time from NTP server IP address of the NTP server has to be filled in Click the button your PC s time will be obtained as the device s system time Synchronize PC s Clock Time zone Select your local time zone from the drop down list Date Set the current date in format MM DD YYYY For example for November 25 2014 enter 11 25 2014 in the field Time Specify the device s time Select the number from the drop down list in time format HH MM SS 58 Primary Secondary If you ve selected Get GMT from an NTP server please input the primary NTP Server NTP sever address and an alternative NTP server address 8 2 2 Dayli
51. rnal Radius Serve w Radius Server Ip Port Radius Password Authentication Timeout D Redirect _ Enable Redirect URL Portal Customization Local Web Portal Username Password Term of Use Y I accept the Term of Use Figure 5 13 Portal Configuration_External RADIUS Server_Local Web Portal Authentication Type Select External RADIUS Server RADIUS Server IP Enter the IP address of the RADIUS server Port Enter the port for authentication service RADIUS Password Enter the shared secret of RADIUS server to log in to the RADIUS server Please refer to No Authentication to configure Authentication Timeout Redirect Redirect URL and Portal Customization 24 2 External Web Portal Portal Configuration Authentication Type Radius Server Ip Port Radius Password Authentication Timeout Redirect Redirect URL Portal Customization External Web Portal URL 1 Hours _ Enable External Radius Serve w External Web Portal v Figure 5 14 Portal Configuration_External RADIUS Server_External Web Portal Authentication Type RADIUS Server IP Port RADIUS Password Portal Customization Select External RADIUS Server Enter the IP address of the RADIUS server Enter the port for authentication service Enter the shared secret of RADIUS server to log in to the RADIUS server Select External Web Portal External Web Portal Enter the authentication login page s URL which is
52. rting CLI commands soon Please pay close attention to our official website ARROW 1 This arrow is used to align with ARROW 2 on the mounting bracket to lock the EAP into place ETHERNET For EAP110 this port is used to connect to the POE port of the provided PoE adapter for both data transmission and power supply through Ethernet cabling For EAP120 EAP220 this port is used to connect to a router to transmit data or to a PSE Power Sourcing Equipment such as a PoE switch for both data transmission and Power over Ethernet PoE through Ethernet cabling ON OFF Press this button to turn on off the EAP120 EAP220 POWER The power port is used to connect the EAP120 EAP220 to an electrical wall outlet via power adapter Please only use the provided power adapter Passive PoE Adapter Power LED 7 Power LED The Power LED indicates the status of the electric current green 0 0 8A red 0 8A 1A POE Port This port is used to connect the ETHERNET port of the EAP110 LAN Port This port is used to connect your LAN 1 2 3 Mounting Bracket The following figure describes the structure of the mounting bracket ARROW 2 to align with ARROW 1 under the interface panel Ceiling mounting slot Wall mounting slot Locking clip Figure 1 4 Layout of the Mounting Bracket Chapter 2 Network Topology A typical network topology for the EAP is shown below
53. s the present valid key Select the wep key format ASCII or Hexadecimal e ASCII ASCII format stands for any combination of keyboard characters in the specified length e Hexadecimal Hexadecimal format stands for any combination of hexadecimal digits 0 9 a f A F in the specified length Select the WEP key length 64 bit or 128 bit or 152 bit for encryption e 64 bit You can enter 10 hexadecimal digits any combination of 0 9 a f A F without null key or 5 ASCII characters e 128 bit You can enter 26 hexadecimal digits any combination of 0 9 a f A F without null key or 13 ASCII characters e 152 bit You can enter 32 hexadecimal digits any combination of 0 9 a f A F without null key or 16 ASCII characters Enter the key value e WPA Enterprise Based on RADIUS server WPA Enterprise can generate different passwords for different users and it is much safer than WPA PSK However it costs much to maintain and is more suitable for enterprise users At present WPA Enterprise has two versions WPA PSK and WPA2 PSK Security Mode Version Encryption Radius Server IP Radius Port Radius Password Group Key Update Period Version WPA Enterprise T e Auto WPA PSK WPA2 PSK Auto TKIP O AES 0 0 0 0 0 1 65535 0 means default port 1812 seconds 30 8640000 0 means no upgrade Figure 5 6 Security Mode_WPA Enterprise Select one of the following versions e Auto
54. t System IP Settings Dynamic O Static Fallback IP vi Enable DHCP Fallback IP 192 168 0 254 DHCP Fallback IP MASK 255 255 255 0 DHCP Fallback Gateway Figure 4 1 Network Page Dynamic Static By default the EAP device obtains an IP address from a DHCP server typically a router Select Static to configure IP address manually Fallback IP If the EAP fails to get a dynamic IP address from a DHCP server within ten seconds the fallback IP will work as the IP address of the device After that however the device will keep trying to obtain an IP address from the DHCP server until it succeeds DHCP Fallback Enter the fallback IP IP mask IP IP MASK DHCP Fallback Enter the fallback gateway Gateway Chapter 5 Wireless Wireless page consisting of Wireless Settings Portal MAC Filtering Scheduler QoS and Rogue AP Detection is shown below TP LINK espiio United States Network Wireless Monitoring Management System Wireless Settings MAC Filtering Scheduler Rogue AP Detection Wireless Basic Settings 2 4GHz Wireless Radio V Enable Wireless Mode 802 11b g n mixed Channel Width 20 40MHz Channel Auto Tx power 20 SSID Name Wireless VLAN ID SSID Broadcast Security Mode Portal SSID Isolation TP LINK_2 4GHz_16E290 Enable Disable Disable Wireless Advanced Settings Beacon Interval ms 40 100 DTIM Period 1 255 RTS Threshold 1 2347 Fragmentation Threshold 256 2346 works only
55. tes The default value is 2347 which means that RTS is disabled Fragmentation Specify the fragmentation threshold for packets If the size of the packet is larger Threshold than the fragmentation threshold the packet will be fragmented into several packets Too low fragmentation threshold may result in poor wireless performance caused by the excessive packets The recommended and default value is 2346 bytes 5 1 4 Load Balance By restricting the maximum number of clients accessing the EAPs Load Balance helps to achieve rational use of network resources Load Balance Load Balance OFF Maximum Associated Clients 0 Figure 5 9 Load Balance Load Balance Disable by default Click ON to enable the function After enabling it you can set a number for maximum associated clients to control the wireless access Maximum Enter the number of clients to be allowed for connection to the EAP The Associated Clients number ranges from 1 to 99 5 2 Portal Portal authentication enhances the network security by providing authentication service to the clients who want to access the wireless local network Portal is also called web authentication The users have to log in a web page to establish verification Network resources can be classified into different types for different users Part of them can be accessed for free by the clients while some specific resources can only be accessed by authorized users What s more you can
56. um of Clients Displays the number of clients connected to the SSID If you want to get more information about these clients please refer to 5 1 2 SSIDs SSID Broadcast Displays the enabling or disabling of SSID broadcast If you want to modify it please refer to 5 1 2 SSIDs Band Displays the frequency band the wireless network is operating at Security Displays the security mode the wireless network is applying If you want to modify it please refer to 5 1 2 SSIDs Portal Displays the enabling or disabling of Portal If you want to modify it please refer to 5 1 2 SSIDs MAC Filtering Displays the enabling or disabling of MAC Filtering If you want to modify it please refer to 5 1 2 SSIDs 45 Isolation Down Byte Up Byte 6 3 Client Displays the enabling or disabling of SSID Isolation If you want to modify it please refer to 5 1 2 SSIDs Displays the throughput of the downstream data Displays the throughput of the upstream data From User List you can monitor the status of all the clients connected to the EAP including those who are authenticated TP LINK 110 Network User List 1 14 F4 2A 3B D7 E9 United States Wireless Monitoring Management System Client Refresh Access Point SSID SNR dB CCQ Rate Mbps Down Byte Up Byte Active Time TP LINK_2 4GHz_FFFFF 36 9 7 3k 1k E EAP110 00 0a eb 00 09 13 7b 00 O days 00 00 09 Portal Authenticated Guest 6 3 1
57. unity name can be considered a group password The default setting is public Get Source Defines the IP address for example 10 10 10 1 or subnet for management systems that can serve as Get Community to read the SNMP information of this device The format of subnet is IP address bit such as 10 10 10 0 24 The default is 0 0 0 0 which means all hosts can read the SNMP information of this device Set Community Set Community has the read and write right of the device s SNMP information Enter the community name that allows read write access to the device s SNMP information The community name can be considered a group password The default setting is private 55 Set Source Defines the IP address for example 10 10 10 1 or subnet for management systems that can serve as Set Community to read and write the SNMP information of this device The format of subnet is IP address bit such as 10 10 10 0 24 The default is 0 0 0 0 which means all hosts can read and write the SNMP information of this device NOTE Defining community can allow management systems in the same community to communicate with the SNMP Agent The community name can be seen as the shared password of the network hosts group Thus for the security we suggest modifying the default community name before enabling the SNMP Agent service If the field of community is blank the SNMP Agent will not respond to any community name 56 8 1 8 2 Chapter 8 S
58. ystem System page is mainly used to configure some basic information like user account and time and realize functions including reboot reset backup restore and upgrade the device User Account You can change the username and password to protect your device from unauthorized login We recommend that you change the default user password on the very first system setup TP LINK espiio United States Network Wireless Monitoring Management User Account Time Settings Reboot Reset Backup Restore Firmware Upgrade Account Management Old User Name Old Password New User Name New Password Confirm New Password Figure 8 1 User Account Page Old User Enter the present user name and password of the admin account to get the Name Password permission of modification New User Enter a new user name and password for the admin account Both values are Name Password case sensitive up to 64 characters and with no space Confirm New Enter the new password again Password Time Settings System time represents the device system s notion of the passing of time System time is the standard time for Scheduler and other time based functions You can manually set the system time configure the system to acquire its time settings from a preconfigured NTP server or synchronize the system time with the PC s clock The device supports DST daylight saving time 57 TP LINK ran United States Network Wireless Monito
Download Pdf Manuals
Related Search