1910012370 Omada Controller Software 2.6.0 UG

2018-03-07

: Tp-Link 1910012370 Omada Controller Software 2.6.0 Ug 1910012370_Omada Controller Software 2.6.0_UG 20180307 201803 2018

Open the PDF directly: View PDF PDF.
Page Count: 106

Download1910012370 Omada Controller Software 2.6.0 UG
Open PDF In BrowserView PDF
User Guide

Omada Controller Software

1910012370 REV 2.6.0
March 2018

CONTENTS
1 Quick Start........................................................................................................................ 1
1.1

Determine the Network Topology..........................................................................................................................2
1.1.1 Management in the Same Subnet.................................................................................................................. 2
1.1.2 Management in Different Subnets................................................................................................................. 3

1.2

Install Omada Controller Software.........................................................................................................................3

1.3

Inform the EAPs of the Controller Host's Address...........................................................................................4

1.4

Start and Log In to the Omada Controller............................................................................................................5
1.4.1 Launch Omada Controller................................................................................................................................. 6
1.4.2 Do the Basic Configurations............................................................................................................................ 6
1.4.3 Log In to the Management Interface............................................................................................................. 8

1.5

Create Sites and Adopt EAPs...................................................................................................................................8
1.5.1 Create Sites............................................................................................................................................................ 8
1.5.2 Adopt the EAPs..................................................................................................................................................... 9

1.6

Monitor and Manage the EAPs..............................................................................................................................10

2 Monitor and Manage the Network..........................................................................11
2.1

Monitor the Network with the Map......................................................................................................................12
2.1.1 Add a Map............................................................................................................................................................. 12
2.1.2 Monitor the EAPs on the Map....................................................................................................................... 14

2.2

View the Statistics of the Network......................................................................................................................15
2.2.1 View the Client Distribution on SSID.......................................................................................................... 15
2.2.2 Have a Quick Look at EAPs and Clients.................................................................................................... 15
2.2.3 View Current Usage-Top EAPs.................................................................................................................... 16
2.2.4 View Recent Activities..................................................................................................................................... 16

2.3

Monitor and Manage the EAPs..............................................................................................................................17
2.3.1 Manage the EAPs in Different Status......................................................................................................... 17
2.3.2 View the Detailed Information of EAPs..................................................................................................... 18
2.3.3 Manage the EAPs in the Action Column................................................................................................... 18

2.4

Monitor and Manage Clients..................................................................................................................................19
2.4.1 View the Current Information of Clients................................................................................................... 20
2.4.2 Manage Clients in the Action Column........................................................................................................ 20

2.5

View Clients Statistics During the Specified Period ....................................................................................20
2.5.1 Select a Specified Period............................................................................................................................... 21
2.5.2 View the History Information of Clients.................................................................................................... 21
2.5.3 Manage Clients in the Action Column........................................................................................................ 22

2.6

Manage the Rogue APs List...................................................................................................................................22
2.6.1 Manage the Untrusted Rogue APs List..................................................................................................... 22
2.6.2 Manage the Trusted Rogue APs List.......................................................................................................... 23

2.7

View Past Guest Authorization..............................................................................................................................23

2.8

View Logs......................................................................................................................................................................24

2.9

View Alerts....................................................................................................................................................................24

3 Configure the EAPs Globally....................................................................................25
3.1

Wireless Network.......................................................................................................................................................26
3.1.1 Add Wireless Networks................................................................................................................................... 26
3.1.2 Configure Advanced Wireless Parameters............................................................................................. 31
3.1.3 Configure Band Steering................................................................................................................................ 32

3.2

Access Control...........................................................................................................................................................33

3.3

Portal Authentication................................................................................................................................................34
3.3.1 No Authentication............................................................................................................................................. 35
3.3.2 Simple Password............................................................................................................................................... 39
3.3.3 Local User............................................................................................................................................................. 43
3.3.4 Voucher................................................................................................................................................................. 50
3.3.5 SMS......................................................................................................................................................................... 58
3.3.6 Facebook.............................................................................................................................................................. 62
3.3.7 External RADIUS Server.................................................................................................................................. 63
3.3.8 External Portal Server...................................................................................................................................... 68

3.4

Free Authentication Policy.....................................................................................................................................69

3.5

MAC Filter.....................................................................................................................................................................70

3.6

Scheduler......................................................................................................................................................................72

3.7

QoS..................................................................................................................................................................................73

3.8

System...........................................................................................................................................................................76
3.8.1 Reboot Schedule............................................................................................................................................... 76
3.8.2 Log Setting........................................................................................................................................................... 77
3.8.3 Device Account.................................................................................................................................................. 78
3.8.4 Backup&Restore................................................................................................................................................ 79
3.8.5 Batch Upgrade.................................................................................................................................................... 79
3.8.6 More Settings...................................................................................................................................................... 80

4 Configure the EAPs Separately..............................................................................82
4.1

View the Information of the EAP...........................................................................................................................83
4.1.1 Overview............................................................................................................................................................... 83
4.1.2 LAN.......................................................................................................................................................................... 83
4.1.3 Radio....................................................................................................................................................................... 84

4.2

View Clients Connecting to the EAP...................................................................................................................84
4.2.1 User......................................................................................................................................................................... 84
4.2.2 Guest...................................................................................................................................................................... 85

4.3

Configure the EAP.....................................................................................................................................................85
4.3.1 Basic Config......................................................................................................................................................... 85
4.3.2 IP Setting............................................................................................................................................................... 86
4.3.3 Radio....................................................................................................................................................................... 86
4.3.4 Load Balance....................................................................................................................................................... 88
4.3.5 WLANs................................................................................................................................................................... 88
4.3.6 Trunk Settings.................................................................................................................................................... 89
4.3.7 Rogue AP Detection......................................................................................................................................... 89
4.3.8 Local LAN Port Settings.................................................................................................................................. 90
4.3.9 Forget this AP..................................................................................................................................................... 90

5 Manage the Omada Controller................................................................................91
5.1

Information About the Software...........................................................................................................................92

5.2

User Account...............................................................................................................................................................92

5.3

Controller Settings....................................................................................................................................................93
5.3.1 Configure Controller Hostname/IP............................................................................................................. 93
5.3.2 Configure Mail Server...................................................................................................................................... 94

6 Application Example...................................................................................................95
6.1

Basic Configuration...................................................................................................................................................96

6.2

Advanced Settings....................................................................................................................................................96
6.2.1 Monitor the EAPs with Map............................................................................................................................ 96
6.2.2 Configure Portal Authentication.................................................................................................................. 97
6.2.3 Create a SSID for the Employees................................................................................................................ 99
6.2.4 Configure Scheduler......................................................................................................................................100

1

Quick Start

Omada Controller is a management software for TP-Link EAP devices. With this software, you can

use a web browser to centrally manage your EAP devices, such as configure EAPs in batches and
conduct real-time monitoring of EAPs .

Follow the steps below to complete the basic settings of Omada Controller.

1. Determine the Network Topology
2. Install Omada Controller Software
3. Inform the EAPs of the Controller Host's Address
4. Start and Log In to the Omada Controller
5. Create Sites and Adopt the EAPs
6. Monitor and Manage the EAPs

1

1.1 Determine the Network Topology

There are two kinds of network topologies to centrally manage EAPs via Omada Controller:
·Omada Controller and EAPs are in the same subnet.
·Omada Controller and EAPs are in different subnets.
Determine your management method according to your need and refer to the following
introductions to build your network toplogy.

1.1.1 Management in the Same Subnet

If your Omada Controller and EAPs are in the same subnet, refer to the following network topology.
A router acts as a DHCP server to assign IP addresses to EAPs and clients. Omada Controller

should be installed on one host, which is called as Controller Host. The other hosts in the same
LAN can access the Controller Host to manage the network. Taking the following topology as

an example, you can enter “192.168.0.100:8043“ in a web browser on Host B to visit the Omada

Controller interface on Host A. It's recommended to set a static IP address to the Controller Host
for the convenient login to the Omada Controller interface.

Host A (Controller Host)
IP: 192.168.0.100/24

Layer 2 Switch

Router (DHCP Server)
LAN IP:192.168.0.1/24

Internet

Omada Controller

EAPs

Host B
IP: 192.168.0.200/24

Clients
Note
··Omada Controller must be running all the time when you manage the network.

··Omada Controller can be running on only one host in a LAN. When other users in the LAN try to launch
Omada Controller on their own hosts, they will be redirected to the host that is already running Omada
Controller.

2

1.1.2 Management in Different Subnets
If your Omada Controller and EAPs are in different subnets, refer to the following topology.
A router acts as the gateway of the network. A layer 3 switch acts as a DHCP server to assign IP

addresses to EAPs and clients. The Controller Host and the EAPs are connected to the switch's
different network segments. To help EAPs find the Controller Host, EAP Discover Utility should be
installed on Host B which is in the same subnet with the EAPs. For how to use EAP Discovery Utility,
refer to 1.3 Inform the EAPs the Controller Host's Address.
Host A (Controller Host)

Layer 3 Switch

IP: 192.168.1.100/24
Omada Controller

192.168.1.0/24

Router

(DHCP Server)

Internet
WAN

LAN

192.168.2.0/24

EAPs

EAP
Discovery Utility

Host B

IP: 192.168.2.100/24
Clients

1.2 Install Omada Controller Software

Make sure your PC meets the following system requirements and then properly install the Omada
Controller software.

System Requirements
Operating System: Microsoft Windows 7/8/10/Server.
Web Browser: Mozilla Firefox 32 (or above), Google Chrome 37 (or above), Opera 24 (or above), or
Microsoft Internet Explorer 11 (or above).

Note

We recommend that you deploy Omada Controller on a 64-bit operating system to guarantee the software
stability.

3

Install Omada Controller
Download the installation file of Omada Controller from the website http://www.tp-link.com/en/

download/EAP-Controller.html. Then follow the instructions to properly install the Omada Controller
software. After successful installation, a shortcut icon

your desktop.

of the Omada Controller will be created on

1.3 Inform the EAPs of the Controller Host's Address
If your Controller Host and EAPs are in the same network segment, you can skip this section.

If your Controller Host and EAPs are in different subnets, you need to install EAP Discovery Utility
on a host that is in the same network segment with the EAPs. EAP Discovery Utility can help EAPs
find the Controller Host.

System Requirements
Windows 7/8//10/Server
Mac OS X 10.7/10.8/10.9/10.10/10.11

Install and Use EAP Discovery Utility
Follow the steps below to install EAP Discovery Utility and use it to inform the EAPs of the Controller
Host's IP address:

1. Download the installation file from the website http://www.tp-link.com/en/download/EAP-

Controller.html#EAP_Discovery_Tool . Then follow the instructions to properly install EAP
Discovery Utility.

2. Open the EAP Discovery Utility and the following window will pop up. This window shows the
information of all EAPs in the same LAN.

4

3. Click Manage in the Action column or select multiple EAPs and click Batch Manage.

4. Enter the hostname or IP address of the Controller Host.
5. Enter the EAP’s username and password (both are admin by default).
6. Click Apply to inform the EAP of the Controller Host's hostname or IP address. And then the
connection can be established between the EAP and the Controller Host.

1.4 Start and Log In to the Omada Controller

Launch Omada Controller and follow the instructions to complete the basic configurations, and
then you can log in to the management interface.

5

1.4.1 Launch Omada Controller
Double click the icon

and the following window will pop up. You can click Hide to hide this window

but do not close it. After a while, your web browser will automatically open.


Note
··If your browser does not open automatically, click Launch a Browser to Manage Wireless Network. You can
also launch a web browser and enter http://127.0.0.1:8088 in the address bar.

··If your web browser opens but prompts a problem with the website's security certificate, click Continue.
··Only one Omada Controller can run in a LAN. If an Omada Controller has already been running on a host that
is in your LAN, you will be redirected to the Omada Controller interface on that host.

1.4.2 Do the Basic Configurations

In the web browser you can see the configuration page. Follow the setup wizard to complete the
basic settings for Omada Controller.

1. The setup page displays all the detected EAPs in the network. Select one or more EAPs to be
managed and click Next.

2. Set an SSID name (wireless network name) and password for the EAPs to be managed. Omada
Controller will create two wireless networks, a 2.4GHz one and a 5GHz one, both encrypted in
WPA2-PSK mode. Click Next.

6

3. Specify a username and password to create an administrator account. Specify the email address
to receive the notification emails and reset your password if necessary. Click Next.


Note

After logging into Omada Controller, set a mail server so that you can receive notification emails and reset your
password in case that you forget the password. Please refer to Configure Mail Server.

4. Review your settings and click Finish.

7

1.4.3 Log In to the Management Interface
Once the basic configurations are finished, the browser will be redirected to the following page.
Log in to the management interface using the username and password you have set in the basic
configurations.


Note

In addition to the Controller Host, other hosts in the same LAN can also manage EAP devices via remote
access to the Controller Host. For example, if the IP address of the Controller Host is 192.168.0.100 and
Omada Controller is running normally on this host, you can enter https://192.168.0.100:8043/login, or
https://192.168.0.100:8043, or http://192.168.0.100:8088 in the web browser of other hosts in the same LAN
to log in to the Omada Controller and manage EAP devices.

1.5 Create Sites and Adopt EAPs

Omada Controller can manage multiple EAP networks, which are called sites. Multiple sites are
logically separated, and each site has its own configurations. There is an initial site named Default.
If you have no need to manage EAPs with different sites, you can use the default site and skip the
Create Sites section. However, Adopt the EAPs is a necessary step to manage the EAPs.

1.5.1 Create Sites

Follow the steps below to add sites.
1. Click

in the top left corner of the page and select

window will pop up.

2. Click

and set a name for the site.

8

, and then the following

3. Click Apply to create the site.

1.5.2 Adopt the EAPs

Omada Controller can discover all EAP devices currently connected in the network and display

their connection status. All EAPs are in Pending status when first discovered by Omada Controller.

To manage the EAPs, you need to adopt them. In the quick setup process, Omada Controller will
automatically adopt the selected EAPs using the default username and password (both are admin).

However, if you have changed the username or password of your EAPs before, Omada Controller
cannot automatically adopt the them, and you need to refer to the following steps to adopt them
manually.

To ensure that all EAPs are adopted, follow the steps below:
1. Select a site and go to Access Points > Pending. The table displays all the EAPs that have not
been adopted.

2. Click the Retry button in the Action column and enter the current username and password of the
EAP. Click Apply.

Tips
··If you have a new discovered EAP, you can click the Adopt button in the Action column to adopt the EAP.

Omada Controller will automatically adopt the EAP using the default username and password (both are
admin).

··If you have multiple new discovered EAPs, and all of them have the default username and password (both
are admin), you can click the Batch Adopt button to adopt them in batch. But if there are any EAPs with the
Retry button, it means that the username and password of these EAPs have been changed. You need to first
adopt them before batch adopt the rest EAPs.

3. After EAPs are adopted, the status will change from Pending to Connected. All the EAPs’

username and password will become the same as those of the Controller's administrator
account you created in the Basic Configuration.

9


Tips

If you want to change the EAPs' username and password, refer to Device Account.

1.6 Monitor and Manage the EAPs

When all the configurations above are finished, you can centrally monitor and manage the EAPs

via the Omada Controller's management interface. The management interface is divided into three
sections as the following figure shows.

Section A

In Section A, you can check the status of EAPs and clients in the network. Also,
to refresh the current page, click
to globally configure the
you can click

wireless network, and click

to sign out from the management interface.

Furthermore, the Sites allows you to group your EAPs and manage them in
batches. To configure sites, refer to Create Sites.

Section B

In Section B, you can centrally monitor and manage the EAPs and clients.

Section C

In Section C, you can globally configure the wireless network. The global
configurations will take effect on all the adopted EAPs.

10

2

Monitor and Manage the Network

With Omada Controller you can monitor the EAP devices and centrally manage your wireless
network. This chapter includes the following sections:
·Monitor the Network with the Map
·View the Statistics of the Network
·Monitor and Manage the EAPs
·Monitor and Manage Clients
·View Clients Statistics during the Specified Period
·Manage the Rogue APs List
·View Past Guest Authorization
·View Logs
·View Alerts

11

2.1 Monitor the Network with the Map

You can upload your local map images and monitor the status and coverage range of each EAP with
the map. When you initially launch Omada Controller, a default map is displayed as the following

figure shows. Follow the instructions below to add your own map and manage the EAPs via the map.

2.1.1 Add a Map

Prepare a map image in .jpg, .gif, or .png format. And then follow the steps below to add the map to
the Omada Controller.

1. Click Configure Maps on the upper right corner of map and click Add.

2. Enter the map description, select your map image, and click Create.

3. Select your local map from the drop-down list on the upper right corner of map area.
12

4. Click

. Draw a line on the map and enter the distance the line represents. Then the Omada

Controller will compute and generate the map scale automatically based on your configuration.

5. Drag the EAPs from the Unplaced APs list to the appropriate locations on the map according to
their actual locations.

You can click

to reveal additional options:

Lock the selected EAP in the current location on the map.

13

Unlock the selected EAP and you can drag it to another location.
Display the EAP's details and configure the wireless parameters. Refer to
Configure the EAPs Separately.
Remove the selected EAP back into the Unplaced APs list.

2.1.2 Monitor the EAPs on the Map

Click any of the following options to display EAP Label, Details, and Coverage on the map.

Label

Display the EAP’s name. The default name is the MAC address of the EAP.

Details

Display the EAP’s name, MAC address, IP address, transmitting/receiving
channel, number of connected users, and number of connected guests.

Coverage

Display a visual representation of the wireless range covered by EAPs. The
actual signal coverage may be smaller than the visual coverage on the map
because the obstacles around the EAPs will weaken the signal.

14

2.2 View the Statistics of the Network

Omada Controller collects all statistics of the managed EAPs and displays the statistical
information via graphs, pie charts and tables, providing an overview of your wireless network.

2.2.1 View the Client Distribution on SSID

A visual pie chart shows the client distribution on each SSID. For example, the SSID1 has one client,
which occupies 50% of all the clients.

2.2.2 Have a Quick Look at EAPs and Clients
This tab displays the Most Active AP, the Most Active Clients and the All-Time Top Client. You can
click the MAC address of the EAP or the client to see more details.

15

Most Active AP

The current connected AP with the maximum traffic.

Most Active
Client

The current connected client with the maximum traffic.

All-time Top
Client

The client with the maximum traffic among all the clients that have ever
accessed the EAP network.

2.2.3 View Current Usage-Top EAPs
This tab lists the number of connected clients and the data traffic condition of the ten APs that use
the most traffic currently.

Clients

The amount of clients connected to this EAP.

%Clients

The proportion of current connected clients to the Top EAPs' total client
amount.

Traffic (MB)

The total amount of data transmitted by this EAP, which equals the sum of the
transmission traffic of all the current clients that connect to the AP.

%Traffic

The proportion of the EAP's current data transmission amount to the Top EAPs'
total transmission amount.

2.2.4 View Recent Activities

The Recent Activities statistics can be toggled between a view for the past specific 24 hours and
one for the past specific 30 days.

The left ordinate axis indicates the traffic and the right one represents the number of the clients.
The abscissa axis shows the selected time period. Traffic indicates a visual graph of the network

16

traffic during the selected time period. Client indicates a visual graph of the number of the

connected clients during the selected time period. For example, the statistics information at 15:00
indicates the traffic size and client number from 14:00 to 15:00. In the following figure, at 15 o’clock,
the traffic is about 5MB and there is 3 clients connected to the AP.

2.3 Monitor and Manage the EAPs

Omada Controller can discover all the EAP devices currently connected to the network and display
the information of them on the Access Points page.

2.3.1 Manage the EAPs in Different Status

According to their connection status, EAPs are divided into three categories: connected,
disconnected and pending. You can view the EAPs in different status on different pages:

All

Displays the information of all EAPs in different status.

Pending

Displays the pending EAPs.

Connected

Displays the connected EAPs.

All the EAPs are in pending status by default when first discovered by Omada
Controller, and only after they are adopted and connected, you can manage them. To
adopt pending EAPs, refer to Adopt EAPs.

Only connected EAPs can be managed. After you adopt a pending EAP, its status will
become provisioning and then connected. A connected EAP will turn into a pending
one after you forget it. You can refer to Forget this AP to forget an EAP or click Forget
All on the page to forget all the connected EAPs.

17

Disconnected

Displays the disconnected EAPs.

If a connected or pending EAP powers off, it will be disconnected. When a
disconnected EAP is reset to factory defaults or forgot, it will turn into a pending one
again. You can refer to Forget this AP to forget a EAP or click Forget All on the page to
forget all the disconnected EAPs.

2.3.2 View the Detailed Information of EAPs

You can click Overview, Config or Performance tab to view different detailed information of EAPs.

Overview

Displays the EAP's name/MAC address, IP address, status, model, software version,
number of connected clients and download/upload bytes.

Config

Displays the EAP's name/MAC address, IP address, status, model, software version,
WLAN Group bounded with the 2G and 5G of the EAP, and radio of the 2G and 5G.

Performance

Displays the EAP's name/MAC address, IP address, status, model, software version,
number of connected 2G clients and 5G clients, TX(Downloaded Traffic), RX(Uploaded
Traffic), TX 2G and TX 5G.

2.3.3 Manage the EAPs in the Action Column

You can execute the corresponding operation to the EAP by clicking an icon in the Action column.

Locate the EAP in the map.
Reboot the EAP.
Upgrade the EAP.

Click Browse to locate and choose the upgrade file in your computer, then click
Upgrade to install the latest EAP firmware. The Status will appear as Upgrading until
the process is complete and the EAP reconnects to the Omada Controller.

18

Move the EAP to a site.

Select a site that has been created and click Apply. You can group all the EAPs by this
way and centrally manage them on each site.

Configure the EAP.

For detailed instructions about how to configure the EAP on this window, refer to
Configure the EAPs Separately.

Note
··Only managed EAPs can be rebooted or upgraded.

··If you want to log in to the EAP's own management interface, you need to forget the EAP first.

2.4 Monitor and Manage Clients

The Clients tab displays the clients connected to the EAP network.

19

2.4.1 View the Current Information of Clients

The clients are divided into two types: User and Guest. Users are the clients connected to the EAP
wireless network without the Portal Authentication. Guests are the clients connected to the EAP
wireless network with the Portal Authentication.

You can click the following tabs to respectively view the detailed information of users and guests.

All Clients

The page displays the information of all clients including users and guests.

Users

The page displays the information of Users.

Guests

The page displays the information of Guests.

2.4.2 Manage Clients in the Action Column

You can execute the corresponding operation to the EAP by clicking an icon in the Action column:

Reconnect the client to the network.
Restrict the client's access to the network.
Configure the rate limit of the client and view the connection history.
Enter the download limit and upload limit and click Apply.

If the client is a Guest, you can click this icon to cancel the authorization for it.

2.5 View Clients Statistics During the Specified Period

The Clients Statistics page under the Insight tab displays the information of clients that have
connected to the EAPs network during a specified period.

20

2.5.1 Select a Specified Period

Select a period from the drop-down menu. Then the page will display clients that have connected to
the EAPs network during the period.

2.5.2 View the History Information of Clients
You can click the client's MAC address to get its connection history and configure the Rate Limit

feature for this client. In addition, you can click the following tabs to view the information of different
types of clients:

All

The page displays the history information of all the clients.

User

The page displays the history information of Users.

Guest

The page displays the history information of Guests.

Blocked

The page displays the clients that have been blocked.

Users are the clients connected to the EAP wireless network without the Portal
Authentication.

Guests are the clients connected to the EAP wireless network with the Portal Authentication.

All

The page displays the history information of all clients.

Offline Only

The page displays the history information of the off-line clients.

21

2.5.3 Manage Clients in the Action Column

You can execute the corresponding operation to the EAP in the Action column:
Block the client's access to the network.
Resume the client's access.

2.6 Manage the Rogue APs List

A Rogue AP is an access point that has been installed on a secure network without explicit
authorization from a system administrator. The Omada Controller can scan all channels to detect
all nearby EAPs. If rogue APs are detected, they will be shown on the Untrusted Rogue APs list.
Besides, you can move the untrusted rogue APs to the Trusted Rogue APs list.

By default, the Rogue AP Detection feature is disabled. To allow your EAP to detect nearby APs, you
need to enable this feature for this EAP. You can refer to Rouge AP Detection.

2.6.1 Manage the Untrusted Rogue APs List

The Untrusted Rogue APs page displays the detailed information of untrusted rogue APs.

You can execute the corresponding operation to the EAP in the Action column:
Move the untrusted rogue AP to the Trusted Rogue APs list.
Delete this record.
Delete all records.

22

2.6.2 Manage the Trusted Rogue APs List

The Trusted Rogue APs page displays the detailed information of trusted rogue APs.

You can execute the corresponding operation to the EAP by clicking an icon in the Action column:
Move the trusted rogue AP to the Untrusted Rogue APs list.
Export and download the current Trusted Rogue APs list and save it on your PC.
Import a saved Trusted Rogue APs list. If the MAC address of an AP appears in list, it will
not be detected as a rogue AP.

Please follow the steps below:

1. Select Replace (replace the current Trusted Rogue APs list with the one you import) or
Merge (add the APs in the file to the current Trusted Rogue APs list).
2. Click Browse to locate the file and choose it.

3. Click Import to import the Trusted Rogue APs list.

2.7 View Past Guest Authorization

The Past Guest Authorization page displays the details about all the clients that accessed the
network during a certain time period. You can select a period in the drop-down list.

23

2.8 View Logs

The logs of Omada Controller can effectively record, classify and manage the system information of
the managed EAPs, providing powerful support for you to monitor network operation and diagnose
malfunctions. The Logs page displays EAP's MAC address, level, occurred time and content.

2.9 View Alerts
You can see the status change of your EAPs on the Unarchived Alerts page. You can click

or

As follows, the Archived Alerts page displays the alerts archived by you. You can click
to delete the records.

or

to move unarchived alerts to the Archived Alerts page.

24

3

Configure the EAPs Globally

This chapter introduces the global configurations applied to all the managed EAPs. To configure a
specific EAP, please refer to Chapter 4 Configure the EAPs Separately.
In global configurations, you can configure the following items:
·Wireless Network
·Access Control
·Portal Authentication
·Free Authentication Policy
·MAC Filter
·Scheduler
·System

25

3.1 Wireless Network

In addition to the wireless network you created in Quick Start, you can add more wireless networks
and configure the advanced wireless parameters to improve the network quality.

3.1.1 Add Wireless Networks

To add wireless networks, follow the steps below.
1. Go to Wireless Settings > Basic Wireless Setting.

2. Select a band frequency

and click

at the right of

to add a

WLAN group. Different WLAN groups can be applied to different EAPs. If you have no need to
group your wireless networks, you can use the default WLAN group and skip this step.

3. Specify a name for the group and click Apply.

4. Select the brand frequency
5. Click

and WLAN group

to add an SSID to the specific WLAN group.

6. Configure the parameters in the following window.

26

.

SSID Name

Enter an SSID name contains up to 32 characters.

Wireless Vlan ID

Set a VLAN ID for the wireless network. Wireless networks with the same VLAN ID
are grouped to a VLAN.
The value ranges from 0 to 4094. 0 means VLAN function is disabled.

SSID Broadcast

With the option enabled, EAPs will broadcast the SSID to the nearby hosts, so that
those hosts can find the wireless network identified by this SSID. If this option is
disabled, users must enter the SSID manually to connect to the EAP.
Enabled by default.

Security Mode

Select the security mode of the wireless network.

None: The hosts can access the wireless network without authentication.

WEP/WPA-Enterprise/WPA-PSK: The hosts need to get authenticated before
accessing the wireless network. For the network security, you are suggested to
encrypt your wireless network. Settings vary in different security modes and the
details are in the following introduction.
Portal

With the option enabled, the configurations in Portal will be applied. Portal provides
authentication service for the clients who just need temporary access to the
wireless network, such as the customers in shopping mall and restaurant.
Disabled by default.

SSID Isolation

With the option enabled, the devices connected in the same SSID of the same AP
cannot communicate with each other.
Disabled by default.

Access Control

Select an Access Control rule for this SSID. For more information, refer to Access
Control.

27

Following is the detailed introduction of WEP, WPA-Enterprise and WPA-PSK.

WEP
WEP is based on the IEEE 802.11 standard and less safe than WPA-Enterprise and WPA-PSK.

Note

WEP is not supported in 802.11n mode or 802.11ac mode. If WEP is applied in 802.11n, 802.11 ac or 802.11n/
ac mixed mode, the clients may not be able to access the wireless network. If WEP is applied in 11b/g/n mode
(2.4GHz) or 11a/n (5GHz), the EAP device may work at a low transmission rate.

Type

Select the authentication type for WEP.

Auto: The Omada Controller can select Open System or Shared Key automatically
based on the wireless station's capability and request.

Open System: Clients can pass the authentication and associate with the wireless
network without password. However, correct password is necessary for data
transmission.
Shared Key: Clients have to input password to pass the authentication, otherwise it
cannot associate with the wireless network or transmit data.
Key Selected

Select one key to specify. You can configure four keys at most.

WEP Key Format

Select ASCII or Hexadecima as the WEP key format.

ASCII: ASCII format stands for any combination of keyboard characters of the
specified length.
Hexadecimal: Hexadecimal format stands for any combination of hexadecimal
digits (0-9, a-f, A-F) with the specified length.

Key Type

Select the WEP key length for encryption.

64Bit: Enter 10 hexadecimal digits or 5 ASCII characters.

128Bit: Enter 26 hexadecimal digits or 13 ASCII characters.
152Bit: Enter 32 hexadecimal digits or 16 ASCII characters.
Key Value

Enter the WEP keys. The length and valid characters are affected by key type.

28

WPA-Enterprise
The WPA-Enterprise mode requires a RADIUS server to authenticate clients. Since the WPA-

Enterprise can generate different passwords for different clients, it is much safer than WPA-PSK.
However, it costs much more to maintain and is usually used by enterprise.

Version

Select the version of WPA-Enterprise.

Auto: The EAP will automatically choose the version used by each client device.
WPA/WPA2: Two versions of Wi-Fi Protected Access.

Encryption

Select the Encryption type.

Auto: The default setting is Auto and the EAP will select TKIP or AES
automatically based on the client device's request.

TKIP: Temporal Key Integrity Protocol. TKIP is not supported in 802.11n mode,
802.11ac mode or 802.11n/ac mixed mode. If TKIP is applied in 802.11n,
802.11 ac or 802.11n/ac mixed mode, the clients may not be able to access the
wireless network of the EAP. If TKIP is applied in 11b/g/n mode (2.4GHz) or 11a/
n mode(5GHz), the device may work at a low transmission rate.
AES: Advanced Encryption Standard. We recommend you select AES as the
encryption type because it is more secure than TKIP.
RADIUS Server IP

Enter the IP address of the RADIUS Server.

RADIUS Port

Enter the port number of the RADIUS Server.

RADIUS Password

Enter the shared secret key of the RADIUS server.

Group Key Update
Period

Specify a group key update period, which instructs the EAP how often it should
change the encryption keys. The value can be either 0 or 30~8640000 seconds.
0 means no change of the encryption key anytime.

29

WPA-PSK
Based on a pre-shared key, WPA-PSK is characterized by high safety and simple settings and is
mostly used by common households and small businesses.

Version

Select the version of WPA-PSK.

Auto: The EAP will automatically choose the version for each client device.
WPA-PSK: Pre-shared key of WPA.

WAP2-PSK: Pre-shared key of WPA2.
Encryption

Select the Encryption type.

Auto: The default setting is Auto and the EAP will select TKIP or AES automatically
based on the client request.

TKIP: Temporal Key Integrity Protocol. TKIP is not supported in 802.11n mode,
802.11ac mode or 802.11n/ac mixed mode. If TKIP is applied in 802.11n, 802.11
ac or 802.11n/ac mixed mode, the clients may not be able to access the wireless
network of the EAP. If TKIP is applied in 11b/g/n mode (2.4GHz) or 11a/n mode(5GHz),
the device may work at a low transmission rate.
AES: Advanced Encryption Standard. We recommend you select AES as the
encryption type for it is more secure than TKIP.
Wireless
Password

Configure the wireless password with ASCII or Hexadecimal characters.

Group Key
Update Period

Specify a group key update period, which instructs the EAP how often it should
change the encryption keys. The value can be either 0 or 30~8640000 seconds. 0
means the encryption keys will not be changed all the time.

For ASCII, the length should be between 8 and 63 characters with combination of
numbers, letters (case-sensitive) and common punctuations. For Hexadecimal, the
length should be 64 characters (case-insensitive, 0-9, a-f, A-F).

7. Enable Rate Limit for the clients to guarantee the network balance. Enter the value for Download
Limit and Upload Limit. 0 means unlimited.

8. Click Apply.

30

3.1.2 Configure Advanced Wireless Parameters

Proper wireless parameters can improve the network's stability, reliability and communication

efficiency. The advanced wireless parameters consist of Beacon Interval, DTIM Period, RTS
Threshold, Fragmentation Threshold and Airtime Fairness.

To configure the advanced wireless parameters, follow the steps below.
1. Go to Wireless Settings > Advanced Wireless Setting.

2. Select the band frequency

.

3. Configure the following parameters.
Beacon Interval

Beacons are transmitted periodically by the EAP device to announce the
presence of a wireless network for the clients. Beacon Interval value determines
the time interval of the beacons sent by the device.
You can specify a value between 40 and 100ms. The default is 100ms.

DTIM Period

The DTIM (Delivery Traffic Indication Message) is contained in some Beacon
frames. It indicates whether the EAP device has buffered data for client devices.
The DTIM Period indicates how often the clients served by this EAP device
should check for buffered data still on the EAP device awaiting pickup.

You can specify the value between 1-255 Beacon Intervals. The default value is 1,
indicating clients check for buffered data on the EAP device at every beacon. An
excessive DTIM interval may reduce the performance of multicast applications,
so we recommend you keep it by default.
RTS Threshold

RTS (Request to Send) can ensure efficient data transmission. When RTS is
activated, the client will send a RTS packet to EAP to inform that it will send data
before it send packets. After receiving the RTS packet, the EAP notices other
clients in the same wireless network to delay their transmitting of data and
informs the requesting client to send data, thus avoiding the conflict of packet.
If the size of packet is larger than the RTS Threshold, the RTS mechanism will be
activated.
If you specify a low threshold value, RTS packets are sent more frequently
and help the network recover from interference or collisions that might occur
on a busy network. However, it also consumes more bandwidth and reduces
the throughput of the packet. We recommend you keep it by default. The
recommended and default value is 2347.

31

Fragmentation
Threshold

The fragmentation function can limit the size of packets transmitted over the
network. If a packet exceeds the Fragmentation Threshold, the fragmentation
function is activated and the packet will be fragmented into several packets.

Fragmentation helps improve network performance if properly configured.
However, too low fragmentation threshold may result in poor wireless
performance caused by the extra work of dividing up and reassembling of
frames and increased message traffic. The recommended and default value is
2346 bytes.
Airtime Fairness

With this option enabled, each client connecting to the EAP can get the same
amount of time to transmit data, avoiding low-data-rate clients to occupy
too much network bandwidth and improving the network throughput. We
recommend you enable this function under multi-rate wireless networks.

4. Click Apply.

3.1.3 Configure Band Steering

A client device that is capable of communicating on both the 2.4GHz and 5GHz frequency bands
will typically connect to the 2.4 GHz band. However, if too many client devices are connected to an

EAP on the 2.4 GHz band, the efficiency of communication will be diminished. Band Steering can
steer clients capable of communication on both bands to the 5GHz frequency band which supports
higher transmission rates and more client devices, and thus to greatly improve the network quality.
To configure Band Steering, follow the steps below.
1. Go to Wireless Settings > Band Steering.

2. Check the box to enable the Band Steering function.
3. Configure the following parameters to balance the clients on both frequency bands:

32

Connection
Threshold/Difference
Threshold

When the number of clients on the 5GHz band reaches the value of
Connection Threshold and the difference value between the number
of clients on the 2.4GHz band and the 5GHz band reaches the value of
Difference Threshold, EAPs will refuse the requests of communication on
the 5GHz band from other clients and no longer steer other clients to the
5GHz band.
The value of Connection Threshold is from 2 to 40, and the default is 20.
The value of Difference Threshold is from 1 to 8, and the default is 4.

Max Failures

If a client repeatedly attempts to associate with the EAP on the 5GHz band
and the number of rejections reaches the value of Max Failures, the EAP will
accept the request.
The value is from 0 to 100, and the default is 10.

4. Click Apply.

3.2 Access Control

Access Control is used to block or allow the clients to access specific subnets. To configure
Access Control rules, follow the steps below.
1. Go to Wireless Control > Access Control.

2. Click

to add a new Access Control rule.

3. Configure the following parameters.

33

Rule Name

Specify a name for this rule.

Rule Mode

Select the mode for this rule.

Block: Select this mode to block clients to access the specific subnets.
Allow: Select this mode to allow clients to access the specific subnets.

Rule Memebers

Specify the member subnets for this rule.

Subnets: Enter the subnet that will follow the rule mode in the format X.X.X.X/X
and click
. Up to 16 subnets can be added.
Except Subnets: Enter the excepted subnet in the format X.X.X.X/X and click
. Up to 16 subnets can be added. The rule mode will not apply to the
subnet that is in both of the Subnets list and Except Subnets list.

4. Click Apply.
5. Go to Wireless Settings > Basic Wireless Setting and enable Access Control function of a
selected SSID.

3.3 Portal Authentication

Portal authentication enhances the network security by providing authentication service to the

clients that just need temporary access to the wireless network. Such clients have to log into a
web page to establish verification, after which they will access the network as guests. What's more,

you can customize the authentication login page and specify a URL which the newly authenticated
clients will be redirected to.

To configure Portal Authentication, go to Wireless Control > Portal and click

Then the following window will pop up:

34

.

These authentication methods are available: No Authentication, Simple Password, Local User,
Voucher, SMS, Facebook, External RADIUS Server and External Portal Server. The following
sections introduce how to configure each Portal authentication.

3.3.1 No Authentication
With No Authentication configured, clients can access the network without any authentication.
Follow the steps below to configure No Authentication:
1. Go to Wireless Settings > Basic Wireless Settings and create an SSID for the Portal.
2. Go back to the Portal configuration page. In the Basic Info section, complete the basic settings
for the portal authentication.

Configure the following parameters:
Portal Name

Specify a name for the Portal.

SSID

Select an SSID for the Portal.

35

Authentication Type

Select No Authentication.

Authentication
Timeout

With Daily Limit disabled, the client's authentication will expire after the time
period you set and the client needs to log in on the web authentication page
again to access the network.

Options include 1 Hour, 8 Hours, 24 Hours, 7 Days and Custom. Custom
allows you to define the time in days, hours and minutes. The default value is
one hour.
With Daily Limit enabled, the client’s authentication will expire after the time
period you set and the client cannot log in again in the same day.
Options include 30 Minutes, 1 Hour, 2 Hours, 4 Hours and 8 Hours, Custom.
Custom allows you to define the time in hours and minutes. The default value
is 30 minutes.
Daily Limit

With Daily Limit enabled, after authentication times out, the user cannot get
authenticated again in the same day.

HTTPS Redirect

With this function enabled, the unauthorized clients will be redirected to the
Portal page when they are trying to browse HTTPS websites.

With this function disabled, the unauthorized clients cannot browse HTTPS
websites or be redirected to the Portal page.
Redirect

If you enable this function, the portal will redirect the newly authenticated
clients to the configured URL.

Redirect URL

If the Redirect function above is enabled, enter the URL that a newly
authenticated client will be redirected to.

3. In the Login Page section, configure the login page for the Portal.

Configure the following parameters:
Background

Select the background type. Two types are supported: Solid Color and
Picture.

36

Background Color

If Solid Color is selected, configure your desired background color through
the color picker or by entering the RGB value manually.

Background Picture

If Picture is selected, click the Choose button and select a picture from
your PC. Drag and scale the clipping region to edit the picture and click
Confirm.

Logo Picture

Click the Choose button and select a picture from your PC. Drag and scale
the clipping region to edit the picture and click Confirm.
In addtion, you can click
and configure the logo position. The options
include Middle, Upper and Lower.

Welcome Information

Specify the welcome information.
and select your desired text color for the
In addtion, you can click
welcome information through the color picker or by entering the RGB value
manually.

Copyright

Specify the copyright information.
and select your desired text color for Copyright
In addtion, you can click
information through the color picker or by entering the RGB value manually.

37

Terms of Service

Enable or disable Terms of Service. With this option enabled, specify the
terms of service in the following box.

Button

Click

and configure the button.

Button Position: Set the position of the login button. The options include
Middle, Upper and Lower.

Button Color: Select your desired login button color through the color
picker or by entering the RGB value manually.
Button Text Color: Select your desired text color for the button through the
color picker or by entering the RGB value manually.

4. In the Advertisement section, select whether display advertisement pictures for users and
configure the related parameters.

Configure the following parameters:

38

Advertisement

Specify whether to enable the Advertisement feature. With this feature
enabled, you can add advertisement pictures on the authentication page.
These advertisement pictures will be displayed before the login page
appears. You can also allow users to skip the advertisement by enabling
Allow to Skip Advertisement.

Picture Resource

Upload advertisement pictures. When several pictures are added, they will
be played in a loop.

Advertisement
Duration Time

Specify how long the advertisement will be displayed for. For this duration,
the pictures will be played in a loop. If the duration time is not enough for all
the pictures, the rest will not be displayed.

Picture Careusel
Interval

Specify the picture carousel interval. For example, if this value is set as 5
seconds, the first picture will be displayed for 5 seconds, followed by the
second picture for 5 seconds, and so on.

Allow Users To Skip
Advertisement

Specify whether to enable this feature. With this feature enabled, the user
can click the Skip button to skip the advertisement.

5. Click Apply.

3.3.2 Simple Password

With this Simple Password configured, clients are required to enter the correct password to pass
the authentication.

Follow the steps below to configure No Simple Password Portal:
1. Go to Wireless Settings > Basic Wireless Settings and create an SSID for the Portal.
2. Go back to the Portal configuration page. In the Basic Info section, complete the basic settings
for the portal authentication.

Configure the following parameters:
Portal Name

Specify a name for the Portal.

SSID

Select an SSID for the Portal.

Authentication Type

Select Simple Password.

39

Password

Set the password for authentication.

Authentication
Timeout

The client's authentication will expire after the time period you set and
the client needs to log in the web authentication page again to access the
network.

Options include 1 Hour, 8 Hours, 24 Hours, 7 Days and Custom. Custom
allows you to define the time in days, hours and minutes. The default value is
one hour.
HTTPS Redirect

With this function enabled, the unauthorized clients will be redirected to the
Portal page when they are trying to browse HTTPS websites.

With this function disabled, the unauthorized clients cannot browse HTTPS
websites or be redirected to the Portal page.
Redirect

If you enable this function, the portal will redirect the newly authenticated
clients to the configured URL.

Redirect URL

If the Redirect function above is enabled, enter the URL that a newly
authenticated client will be redirected to.

3. In the Login Page section, configure the login page for the Portal.

Configure the following parameters:
Background

Select the background type. Two types are supported: Solid Color and
Picture.

Background Color

If Solid Color is selected, configure your desired background color through
the color picker or by entering the RGB value manually.

Background Picture

If Picture is selected, click the Choose button and select a picture from
your PC. Drag and scale the clipping region to edit the picture and click
Confirm.

40

Logo Picture

Click the Choose button and select a picture from your PC. Drag and scale
the clipping region to edit the picture and click Confirm.
In addtion, you can click
and configure the logo position. The options
include Middle, Upper and Lower.

Welcome Information

Specify the welcome information.
and select your desired text color for the
In addtion, you can click
welcome information through the color picker or by entering the RGB value
manually.

Copyright

Specify the copyright information.
and select your desired text color for Copyright
In addtion, you can click
information through the color picker or by entering the RGB value manually.

Terms of Service

Enable or disable Terms of Service. With this option enabled, specify the
terms of service in the following box.

41

Input Box

Click

and configure the input box.

Button

Click

and configure the button.

Select your desired color for the input box through the color picker or by
entering the RGB value manually.

Button Position: Set the position of the login button. The options include
Middle, Upper and Lower.

Button Color: Select your desired login button color through the color
picker or by entering the RGB value manually.
Button Text Color: Select your desired text color for the button through the
color picker or by entering the RGB value manually.

4. In the Advertisement section, select whether display advertisement pictures for users and
configure the related parameters.

Configure the following parameters:
42

Advertisement

Specify whether to enable the Advertisement feature. With this feature
enabled, you can add advertisement pictures on the authentication page.
These advertisement pictures will be displayed before the login page
appears. You can also allow users to skip the advertisement by enabling
Allow to Skip Advertisement.

Picture Resource

Upload advertisement pictures. When several pictures are added, they will
be played in a loop.

Advertisement
Duration Time

Specify how long the advertisement will be displayed for. For this duration,
the pictures will be played in a loop. If the duration time is not enough for all
the pictures, the rest will not be displayed.

Picture Careusel
Interval

Specify the picture carousel interval. For example, if this value is set as 5
seconds, the first picture will be displayed for 5 seconds, followed by the
second picture for 5 seconds, and so on.

Allow Users To Skip
Advertisement

Specify whether to enable this feature. With this feature enabled, the user
can click the Skip button to skip the advertisement.

5. Click Apply.

3.3.3 Local User

With this Local User configured, clients are required to enter the correct username and password of

the login account to pass the authentication. You can create multiple accounts and assign different
accounts for different users.

Configure Local User Portal
Follow the steps below to configure Local User Portal:
1. Go to Wireless Settings > Basic Wireless Settings and create an SSID for the Portal.
2. Go back to the Portal configuration page. In the Basic Info section, complete the basic settings
for the portal authentication.

Configure the following parameters:
Portal Name

Specify a name for the Portal.

SSID

Select an SSID for the Portal.

43

Authentication Type

Select Local User.

User Management

You can click this button to configure user accounts for authentication later.
Please refer to Create Local User Accounts.

HTTPS Redirect

With this function enabled, the unauthorized clients will be redirected to the
Portal page when they are trying to browse HTTPS websites.

With this function disabled, the unauthorized clients cannot browse HTTPS
websites or be redirected to the Portal page.
Redirect

If you enable this function, the portal will redirect the newly authenticated
clients to the configured URL.

Redirect URL

If the Redirect function above is enabled, enter the URL that a newly
authenticated client will be redirected to.

3. In the Login Page section, configure the login page for the Portal.

Configure the following parameters:
Background

Select the background type. Two types are supported: Solid Color and
Picture.

Background Color

If Solid Color is selected, configure your desired background color through
the color picker or by entering the RGB value manually.

Background Picture

If Picture is selected, click the Choose button and select a picture from
your PC. Drag and scale the clipping region to edit the picture and click
Confirm.

Logo Picture

Click the Choose button and select a picture from your PC. Drag and scale
the clipping region to edit the picture and click Confirm.
In addtion, you can click
and configure the logo position. The options
include Middle, Upper and Lower.

44

Welcome Information

Specify the welcome information.
and select your desired text color for the
In addtion, you can click
welcome information through the color picker or by entering the RGB value
manually.

Copyright

Specify the copyright information.
and select your desired text color for Copyright
In addtion, you can click
information through the color picker or by entering the RGB value manually.

Terms of Service

Enable or disable Terms of Service. With this option enabled, specify the
terms of service in the following box.

45

Input Box

Click

and configure the input box.

Button

Click

and configure the button.

Select your desired color for the input box through the color picker or by
entering the RGB value manually.

Button Position: Set the position of the login button. The options include
Middle, Upper and Lower.

Button Color: Select your desired login button color through the color
picker or by entering the RGB value manually.
Button Text Color: Select your desired text color for the button through the
color picker or by entering the RGB value manually.

4. In the Advertisement section, select whether display advertisement pictures for users and
configure the related parameters.

Configure the following parameters:
46

Advertisement

Specify whether to enable the Advertisement feature. With this feature
enabled, you can add advertisement pictures on the authentication page.
These advertisement pictures will be displayed before the login page
appears. You can also allow users to skip the advertisement by enabling
Allow to Skip Advertisement.

Picture Resource

Upload advertisement pictures. When several pictures are added, they will
be played in a loop.

Advertisement
Duration Time

Specify how long the advertisement will be displayed for. For this duration,
the pictures will be played in a loop. If the duration time is not enough for all
the pictures, the rest will not be displayed.

Picture Careusel
Interval

Specify the picture carousel interval. For example, if this value is set as 5
seconds, the first picture will be displayed for 5 seconds, followed by the
second picture for 5 seconds, and so on.

Allow Users To Skip
Advertisement

Specify whether to enable this feature. With this feature enabled, the user
can click the Skip button to skip the advertisement.

5. Click Apply.

Create Local User Accounts
Follow the steps below to create the user accounts for authentication:
1. In the Basic Info section on the portal configuration page, click User Management. The
management page will appear. Go to the User page and click

.

2. The following window will pop up. Configure the required parameters and click Apply.

47

Configure the following parameters:
Username

Specify the username. The username should not be the same as any
existing one.

Password

Specify the password. Users will be required to enter the username and
password when they attempt to access the network.

Authentication
Timeout

Specify the authentication timeout for formal users. After timeout, the users
need to log in at the web authentication page again to access the network.

MAC Address Binding
Type

There are three types of MAC binding: No Binding, Static Binding and
Dynamic Binding.
Static Binding: Specify a MAC address for this user account. Then only the
user with the this MAC address can use the username and password to
pass the authentication.

Dynamic Binding: The MAC address of the first user that passes the
authentication will be bound. Then only this user can use the username and
password to pass the authentication.
Maximum Users

Specify the maximum number of users able to use this account to pass the
authencitation.

Name

Specify a name for identification.

Telephone

Specify a telephone number for identification.

Rate Limit (Download)

Select whether to enable download rate limit. With this option enabled, you
can specify the limit of download rate.

48

Rate Limit (Upload)

Select whether to enable upload rate limit. With this option enabled, you
can specify the limit of upload rate.

Traffic Limit

Select whether to enable traffic limit. With this option enabled, you can
specify the total traffic limit for the user. Once the limit is reached, the user
can no longer use this account to access the network.

3. In the same way, you can add more user accounts. The created user accounts will be displayed
in the list. Users can use the username and password of the account to pass the portal
authentication.

By default, the account Status is

, which means that the user account is enabled and valid.

You can also click this button to disable the user account. The icon will be changed to
means that the user account is disabled.

Additionally, you can click

, which

to backup all the user account information into a CSV

file or XLS file and save the file to your PC. If needed, you can click
file to import the account information to the list.

and select the


Note

Using Excel to open the CSV file may cause some numerical format changes, and the number may be
displayed incorrectly. If you use Excel to edit the CSV file, please set the cell format as text.

Manage the Guests
On the Guest page, you can view the information of clients that have passed the portal
authentication and manage the clients.

You can select an icon to execute the corresponding operation:
Disconnect client.
Extend the effective time.

49

Create Operator Accounts
Operator account can be used to remotely manage the Local User Portal and Voucher Portal. Other

users can visit the URL https://Omada Controller Host’s IP Address:8043/hotspot (For example:
https://192.168.0.64:8043/hotspot) and use the Operator account to enter the portal management
page.


Note

The users who enter the portal management page by Operator account can only create local user accounts
and vouchers and manage the clients.

Follow the steps below to create Operator account.
1. Go to the Operator page.

2. Click

and the following window will pop up.

3. Specify the Name, Password and Notes of the Operator account.
4. Choose Site Privileges (more than one options can be chosen) for the Operator account.
5. Click Apply to create an Operator account. Then other users can use this account to enter the
hotspot management page.

3.3.4 Voucher

With Voucher configured, you can distribute the vouchers automatically generated by the Omada
Controller to the clients. Clients can use the vouchers to access the network.

Configure Voucher Portal
Follow the steps below to configure Voucher Portal:
1. Go to Wireless Settings > Basic Wireless Settings and create an SSID for the Portal.
2. Go back to the Portal configuration page. In the Basic Info section, complete the basic settings
for the portal authentication.

50

Configure the following parameters:
Portal Name

Specify a name for the Portal.

SSID

Select an SSID for the Portal.

Authentication Type

Select Voucher.

User Management

You can click this button to configure vouchers for authentication later.
Please refer to Create Vouchers .

HTTPS Redirect

With this function enabled, the unauthorized clients will be redirected to the
Portal page when they are trying to browse HTTPS websites.

With this function disabled, the unauthorized clients cannot browse HTTPS
websites or be redirected to the Portal page.
Redirect

If you enable this function, the portal will redirect the newly authenticated
clients to the configured URL.

Redirect URL

If the Redirect function above is enabled, enter the URL that a newly
authenticated client will be redirected to.

3. In the Login Page section, configure the login page for the Portal.

Configure the following parameters:
Background

Select the background type. Two types are supported: Solid Color and
Picture.

51

Background Color

If Solid Color is selected, configure your desired background color through
the color picker or by entering the RGB value manually.

Background Picture

If Picture is selected, click the Choose button and select a picture from
your PC. Drag and scale the clipping region to edit the picture and click
Confirm.

Logo Picture

Click the Choose button and select a picture from your PC. Drag and scale
the clipping region to edit the picture and click Confirm.
In addtion, you can click
and configure the logo position. The options
include Middle, Upper and Lower.

Welcome Information

Specify the welcome information.
and select your desired text color for the
In addtion, you can click
welcome information through the color picker or by entering the RGB value
manually.

Copyright

Specify the copyright information.
and select your desired text color for Copyright
In addtion, you can click
information through the color picker or by entering the RGB value manually.

52

Terms of Service

Enable or disable Terms of Service. With this option enabled, specify the
terms of service in the following box.

Input Box

Click

and configure the input box.

Button

Click

and configure the button.

Select your desired color for the input box through the color picker or by
entering the RGB value manually.

Button Position: Set the position of the login button. The options include
Middle, Upper and Lower.

Button Color: Select your desired login button color through the color
picker or by entering the RGB value manually.
Button Text Color: Select your desired text color for the button through the
color picker or by entering the RGB value manually.

53

4. In the Advertisement section, select whether display advertisement pictures for users and
configure the related parameters.

Configure the following parameters:
Advertisement

Specify whether to enable the Advertisement feature. With this feature
enabled, you can add advertisement pictures on the authentication page.
These advertisement pictures will be displayed before the login page
appears. You can also allow users to skip the advertisement by enabling
Allow to Skip Advertisement.

Picture Resource

Upload advertisement pictures. When several pictures are added, they will
be played in a loop.

Advertisement
Duration Time

Specify how long the advertisement will be displayed for. For this duration,
the pictures will be played in a loop. If the duration time is not enough for all
the pictures, the rest will not be displayed.

Picture Careusel
Interval

Specify the picture carousel interval. For example, if this value is set as 5
seconds, the first picture will be displayed for 5 seconds, followed by the
second picture for 5 seconds, and so on.

Allow Users To Skip
Advertisement

Specify whether to enable this feature. With this feature enabled, the user
can click the Skip button to skip the advertisement.

5. Click Apply.

Create Vouchers
Follow the steps below to create vouchers for authentication:
1. In the Basic Info section, click Voucher Manager. The voucher management page will appear. Go
to the Voucher page and click

.

2. The following window will pop up. Configure the required parameters and click Apply.

54

Configure the following parameters:
Code Length

Specify the length of the voucher codes to be created.

Amount

Enter the voucher amount to be generated.

Type

Select Single Use or Multi Use.

Single Use means one voucher can only be distributed to one client. Multi Use
means one voucher can be distributed to several clients, who can use the
same voucher to access the network at the same time.
If you select Multi Use, enter the value of Max Users. When the number of
clients who are connected to the network with the same voucher reaches the
value, no more clients can use this voucher to access the network.

Duration

Select the period of validity of the Voucher.

Rate Limit
(Download)

Select whether to enable download rate limit. With this option enabled, you
can specify the limit of download rate.

Rate Limit (Upload)

Select whether to enable upload rate limit. With this option enabled, you can
specify the limit of upload rate.

Traffic Limit

Specify the total traffic limit for one voucher. Once the limit is reached, the
client can no longer access the network using the voucher.

Notes

Enter a description for the Voucher (optional).

The options include 8 hours, 2 days and User-defined. The period of valid of
the voucher is reckoned from the time when it is used for the first time.

3. The Vouchers will be generated and displayed on the page.
55

4. Click

to print a single voucher; click

vouchers; click

to print all unused vouchers.

to print your selected

5. Distribute the vouchers to clients, and then they can use the codes to pass authentication.
6. When the vouchers are invalid, you can click
delete the selected vouchers.

to delete the Voucher or click

to

Manage the Guests
On the Guest page, you can view the information of clients that have passed the portal
authentication and manage the clients.

You can select an icon to execute the corresponding operation:
56

Restrict the client to access the network.
Extend the effective time.

Create Operator Accounts
Operator account can be used to remotely manage the Local User Portal and Voucher Portal. Other

users can visit the URL https://Omada Controller Host’s IP Address:8043/hotspot (For example:
https://192.168.0.64:8043/hotspot) and use the Operator account to enter the portal management
page.


Note

The users who enter the portal management page by Operator account can only create local user accounts
and vouchers and manage the clients.

Follow the steps below to create Operator account.
1. Go to the Operator page.

2. Click

and the following window will pop up.

3. Specify the Name, Password and Notes of the Operator account.
4. Choose Site Privileges (more than one options can be chosen) for the Operator account.
5. Click Apply to create an Operator account. Then other users can use this account to enter the
hotspot administrative system.

57

3.3.5 SMS

With SMS portal configured, client can get verification codes using their mobile phones and enter
the received codes to pass the authentication.

Follow the steps below to configure SMS Portal:
1. Go to www.twilio.com/try-twilio and get a Twilio account. Buy the Twilio service for SMS. Then
get the account information, including ACCOUNT SID, AUTH TOKEN and Phone number.

2. Go to Wireless Settings > Basic Wireless Settings and create an SSID for the Portal.
3. Go back to the Portal configuration page. In the Basic Info section, complete the basic settings
for the portal authentication.

Configure the following parameters:
Portal Name

Specify a name for the Portal.

SSID

Select an SSID for the Portal.

Authentication Type

Select SMS.

Twilio SID

Enter the Account SID for Twilio API Credentials.

Auth Token

Enter the Authentication Token for Twilio API Credentials.

Phone Number

Enter the phone number that is used to send verification messages to the
clients.

Maximum Users

A telephone can get several codes via messages one by one, and different
clients can use different codes to pass the authentication. However, the
number of clients that are allowed to be authenticated using the same
telephone at the same time has a upper limit.
Specify the upper limit in this field.

58

Authentication
Timeout

The client's authentication will expire after the time period you set and
the client needs to log in the web authentication page again to access the
network.

Options include 1 Hour, 8 Hours, 24 Hours, 7 Days and Custom. Custom
allows you to define the time in days, hours and minutes. The default value is
one hour.
Preset Country Code

Set the default country code that will be filled automatically on the
authentication page.

HTTPS Redirect

With this function enabled, the unauthorized clients will be redirected to the
Portal page when they are trying to browse HTTPS websites.

With this function disabled, the unauthorized clients cannot browse HTTPS
websites or be redirected to the Portal page.
Redirect

If you enable this function, the portal will redirect the newly authenticated
clients to the configured URL.

Redirect URL

If the Redirect function above is enabled, enter the URL that a newly
authenticated client will be redirected to.

4. In the Login Page section, configure the login page for the Portal.

Configure the following parameters:
Background

Select the background type. Two types are supported: Solid Color and
Picture.

Background Color

If Solid Color is selected, configure your desired background color through
the color picker or by entering the RGB value manually.

Background Picture

If Picture is selected, click the Choose button and select a picture from
your PC. Drag and scale the clipping region to edit the picture and click
Confirm.

59

Logo Picture

Click the Choose button and select a picture from your PC. Drag and scale
the clipping region to edit the picture and click Confirm.
In addtion, you can click
and configure the logo position. The options
include Middle, Upper and Lower.

Welcome Information

Specify the welcome information.
and select your desired text color for the
In addtion, you can click
welcome information through the color picker or by entering the RGB value
manually.

Copyright

Specify the copyright information.
and select your desired text color for Copyright
In addtion, you can click
information through the color picker or by entering the RGB value manually.

Terms of Service

Enable or disable Terms of Service. With this option enabled, specify the
terms of service in the following box.

60

Input Box

Click

and configure the input box.

Button

Click

and configure the button.

Select your desired color for the input box through the color picker or by
entering the RGB value manually.

Button Position: Set the position of the login button. The options include
Middle, Upper and Lower.

Button Color: Select your desired login button color through the color
picker or by entering the RGB value manually.
Button Text Color: Select your desired text color for the button through the
color picker or by entering the RGB value manually.

5. In the Advertisement section, select whether display advertisement pictures for users and
configure the related parameters.

Configure the following parameters:
61

Advertisement

Specify whether to enable the Advertisement feature. With this feature
enabled, you can add advertisement pictures on the authentication page.
These advertisement pictures will be displayed before the login page
appears. You can also allow users to skip the advertisement by enabling
Allow to Skip Advertisement.

Picture Resource

Upload advertisement pictures. When several pictures are added, they will
be played in a loop.

Advertisement
Duration Time

Specify how long the advertisement will be displayed for. For this duration,
the pictures will be played in a loop. If the duration time is not enough for all
the pictures, the rest will not be displayed.

Picture Careusel
Interval

Specify the picture carousel interval. For example, if this value is set as 5
seconds, the first picture will be displayed for 5 seconds, followed by the
second picture for 5 seconds, and so on.

Allow Users To Skip
Advertisement

Specify whether to enable this feature. With this feature enabled, the user
can click the Skip button to skip the advertisement.

6. Click Apply.
For more details about how to configure SMS Portal, you can go to https://www.tp-link.com/en/
configuration-guides.html and download the configuration guide for SMS Portal.

3.3.6 Facebook

With Facebook Portal configured, when clients connect to your Wi-Fi, they will be
redirected to your Facebook page. To access the internet, clients need to pass the
authentication on the page.

Note

Omada Controller will automatically create Free Authentication Policy entries for the Facebook Portal. You don’t
need to create them manually.

Follow the steps below to configure Facebook Portal:
1. Go to www.facebook.com and get a Facebook account. Create your Facebook page according
to your needs.

2. Go to Wireless Settings > Basic Wireless Settings and create an SSID for the Portal.
3. Go back to the Portal configuration page. In the Basic Info section, complete the settings for the
portal authentication.

62

Configure the following parameters:
Portal Name

Specify a name for the Portal.

SSID

Select an SSID for the Portal.

Authentication Type

Select Facebook.

Facebook Page
Configuration

Click this button to specify the Facebook Page.

Facebook Checkin
Location

If the Facebook page is successfully got by the Omada Controller, the name
of the Facebook page will be displayed here.

HTTPS Redirect

With this function enabled, the unauthorized clients will be redirected to the
Portal page when they are trying to browse HTTPS websites.

With this function disabled, the unauthorized clients cannot browse HTTPS
websites or be redirected to the Portal page.

For more details about how to configure Facebook Portal, you can go to https://www.tp-link.com/
en/configuration-guides.html and download the configuration guide for Facebook Portal.

3.3.7 External RADIUS Server

If you have a RADIUS server, you can configure External RADIUS Server Portal. With this type of

portal, you can get two types of portal customization: Local Web Portal and External Web Portal.
The authentication login page of Local Web Portal is provided by the built-in portal server of the
EAP. The External Web Portal is provided by external portal server.

Note

Omada Controller will automatically create Free Authentication Policy entries for the External RADIUS Portal.

Follow the steps below to configure External RADIUS Server Portal:
1. Go to Wireless Settings > Basic Wireless Settings and create an SSID for the Portal.
2. Go back to the Portal configuration page. In the Basic Info section, complete the basic settings
for the portal authentication.

63

Configure the following parameters:
Portal Name

Specify a name for the Portal.

SSID

Select an SSID for the Portal.

Authentication Type

Select Simple Password.

RADIUS Server IP

Enter the IP address of the RADIUS server.

RADIUS Port

Enter the port number you have set on the RADIUS server.

RADIUS Password

Enter the password you have set on the RADIUS Server.

Authentication
Timeout

The client's authentication will expire after the time period you set and
the client needs to log in the web authentication page again to access the
network.

Options include 1 Hour, 8 Hours, 24 Hours, 7 Days, Custom. Custom allows
you to define the time in days, hours, and minutes. The default value is one
hour.
HTTPS Redirect

With this function enabled, the unauthorized clients will be redirected to the
Portal page when they are trying to browse HTTPS websites.

With this function disabled, the unauthorized clients cannot browse HTTPS
websites or be redirected to the Portal page.
Redirect

If you enable this function, the portal will redirect the newly authenticated
clients to the configured URL.
Disabled by default.

Redirect URL

If the Redirect function above is enabled, enter the URL that a newly
authenticated client will be redirected to.

64

Portal Customization

Select Local Web Portal or External Web Portal.

Local Web Portal: If this option is selected, refer to step 4 to configure the
login page and step 5 to configure the advertisement.
External Web Portal: If this option is selected, follow the steps below.
1. Configure the external RADIUS server.

2. Enter the authentication login page's URL provided by the external portal
server in the External Web Portal URL field.
3. Put the external web portal server to a whitelist of Free Authentication
Policy, otherwise clients cannot access it before authenticated.

4. Local Web Portal is configured, configure the login page for the Portal in the Login Page section.

Configure the following parameters:
Background

Select the background type. Two types are supported: Solid Color and
Picture.

Background Color

If Solid Color is selected, configure your desired background color through
the color picker or by entering the RGB value manually.

Background Picture

If Picture is selected, click the Choose button and select a picture from
your PC. Drag and scale the clipping region to edit the picture and click
Confirm.

Logo Picture

Click the Choose button and select a picture from your PC. Drag and scale
the clipping region to edit the picture and click Confirm.
In addtion, you can click
and configure the logo position. The options
include Middle, Upper and Lower.

65

Welcome Information

Specify the welcome information.
and select your desired text color for the
In addtion, you can click
welcome information through the color picker or by entering the RGB value
manually.

Copyright

Specify the copyright information.
and select your desired text color for Copyright
In addtion, you can click
information through the color picker or by entering the RGB value manually.

Terms of Service

Enable or disable Terms of Service. With this option enabled, specify the
terms of service in the following box.

66

Input Box

Click

and configure the input box.

Button

Click

and configure the button.

Select your desired color for the input box through the color picker or by
entering the RGB value manually.

Button Position: Set the position of the login button. The options include
Middle, Upper and Lower.

Button Color: Select your desired login button color through the color
picker or by entering the RGB value manually.
Button Text Color: Select your desired text color for the button through the
color picker or by entering the RGB value manually.

5. If Local Web Portal is configured, select whether display advertisement pictures for users and
configure the related parameters in the Advertisement section, .

Configure the following parameters:
67

Advertisement

Specify whether to enable the Advertisement feature. With this feature
enabled, you can add advertisement pictures on the authentication page.
These advertisement pictures will be displayed before the login page
appears. You can also allow users to skip the advertisement by enabling
Allow to Skip Advertisement.

Picture Resource

Upload advertisement pictures. When several pictures are added, they will
be played in a loop.

Advertisement
Duration Time

Specify how long the advertisement will be displayed for. For this duration,
the pictures will be played in a loop. If the duration time is not enough for all
the pictures, the rest will not be displayed.

Picture Careusel
Interval

Specify the picture carousel interval. For example, if this value is set as 5
seconds, the first picture will be displayed for 5 seconds, followed by the
second picture for 5 seconds, and so on.

Allow Users To Skip
Advertisement

Specify whether to enable this feature. With this feature enabled, the user
can click the Skip button to skip the advertisement.

6. Click Apply.

3.3.8 External Portal Server

The option of External Portal Server is designed for the developers. They can customized their

own authentication type according to the interface provided by Omada Controller, e.g. message
authentication and WeChat authentication etc.

1. Go to Wireless Settings > Basic Wireless Settings and create an SSID for the Portal.
2. Go back to the Portal configuration page. In the Basic Info section, complete the settings for the
portal authentication.

Portal Name

Specify a name for the Portal.

SSID

Select an SSID for the Portal.

Authentication
Type

Select External Portal Server.

68

External Portal
Server

Enter the complete authentication URL that redirect to an external portal
server, for example:

HTTPS Redirect

With this function enabled, the unauthorized clients will be redirected to the
Portal page when they are trying to browse HTTPS websites.

http://192.168.0.147:8880/portal/index.php or http://192.168.0.147/portal/
index.html

With this function disabled, the unauthorized clients cannot browse HTTPS
websites or be redirected to the Portal page.

3. Click Apply.

3.4 Free Authentication Policy

Free Authentication Policy allows some specified clients to access the network resources without
authentication. Follow the steps below to add free authentication policy.
1. Go to Wireless Control > Free Authentication Policy.

2. Click

and the following window will pop up.

3. Configure the following parameters. When all conditions are met, the client can access the
network without authentication.

69

Policy Name

Specify a name for the policy.

Match Mode

Select the match mode for the policy. Two options are provided:

URL: With this option selected, configure an URL that is allowed to be visited
by the clients without authentication.

IP-MAC Based: With this option selected, configure Source IP Range,
Destination IP Range, Source MAC and Destination MAC to specify the
specific clients and service that will follow the Free Authentication feature.
URL

Set the URL.

Source IP Range

Set the Source IP Range with the subnet and mask length of the clients.

Destination IP Range

Set the Destination IP Range with the subnet and mask length of the server.

Source MAC

Set the MAC address of client.

Destination Port

Enter the port the service uses.

Status

Check the box to enable the policy.

4. Click Apply and the policy is successfully added.

3.5 MAC Filter

MAC filter can be used to allow or block the listed clients to access the network. Thereby it can
effectively control client's access to the wireless network.
Follow the steps below to configure MAC Filter.
1. Go to Wireless Control > MAC Filter to add MAC Filter group and group members.

1 ) Click

and specify a name for the group.

2 ) Click Apply and the group will be successfully added as shown below.

70

3 ) Click

and enter a MAC address in the format as shown below.

4 ) Click Apply to add the MAC address into the MAC filter group.

2. You can add more groups or members according to your need.

Note

You can click
needed, you can also click

to export the group members to a excel file and save the file on your PC. If
to import the group members to the Omada Controller.

3. Go to Wireless Control > MAC Filter Association to associate the added MAC Filter group with
SSID.

1 ) Check the box and click Apply to enable MAC Filtering function.

71

2 ) Select a band frequency (2.4GHz or 5GHz) and a WLAN group.
3 ) In the MAC Filter Name column of the specified SSID, select a MAC Filter group in the drop-

down list. Then select Allow/Deny in the Action column to allow/deny the clients in the MAC
Filter group to access the network.

4 ) Click Apply in the Setting column.

3.6 Scheduler

With the Scheduler, the EAPs or its’ wireless network can automatically turn on or off at the time you

set. For example, you can use this feature to schedule the radio to operate only during the office
working time in order to achieve security goals and reduce power consumption. You can also use

the Scheduler to make clients can only access the wireless network during the time period you set
in the day.

Follow the steps below to configure Scheduler.
1. Go to Wireless Control > Scheduler.

1 ) Click

and specify a name for the profile.

2 ) Click Apply and the profile will be added.

3 ) Click

and configure the parameters to specify a period of time.

72

4 ) Click Apply and the profile is successfully added in the list.
2. Go to Wireless Control > Scheduler Association.

1 ) Check the box to enable Scheduler function.
2 ) Select Associated with SSID (the profile will be applied to the specific SSID on all the EAPs)
or Associated with AP (the profile will be applied to all SSIDs on the specific EAP). Then click

Apply.

3 ) Select a band frequency (2.GHz or 5GHz) and a WLAN group.
4 ) In the Profile Name column of the specified SSID or AP, select a profile you added before in

the drop-down list. Select Radio Off/Radio On to turn on or off the wireless network during
the time interval set for the profile.

5 ) Click Apply in the Setting column.

3.7 QoS

The Omada Controller software allows you to configure the quality of service (QoS) on the EAP
device for optimal throughput and performance when handling differentiated wireless traffic, such
as Voice-over-IP (VoIP), other types of audio, video, streaming media, and traditional IP data.

To configure QoS on the EAP device, you should set parameters on the transmission queues for
different types of wireless traffic and specify minimum and maximum wait times (through contention
73

windows) for transmission. In normal use, we recommend you keep the default values for the EAP
devices and station EDCA (Enhanced Distributed Channel Access).
Follow the steps below to configure QoS.
1. Go to Wireless Control > QoS.

2. Enable or disable the following features.
Wi-Fi Multimedia (WMM)

By default enabled. With WMM enabled, the EAP devices have the QoS
function to guarantee the high priority of the transmission of audio and
video packets.

If 802.11n only mode is selected in 2.4GHz (or 802.11n only, 802.11ac
only, or 802.11 n/ac mixed mode in 5GHz), the WMM should be enabled. If
WMM is disabled, the 802.11n only mode cannot be selected in 2.4GHz (or
802.11n only, 802.11ac only, or 802.11 n/ac mixed mode in 5GHz).
NoAcknowledgement

By default disabled. You can enable this function to specify that
the EAP devices should not acknowledge frames with QosNoAck.
NoAcknowledgement is recommended if VoIP phones access the network
through the EAP device.

Unscheduled Automatic
Power Save Delivery

By default enabled. As a power management method, it can greatly
improve the energy-saving capacity of clients.

3. Click AP EDCA Parameters and the following page will appear. AP EDCA parameters affect
traffic flowing from the EAP device to the client station. We recommend you use the defaults.

74

Queue

Queue displays the transmission queue. By default, the priority from high to
low is Data 0, Data 1, Data 2, and Data 3. The priority may be changed if you
reset the EDCA parameters.

Data 0 (Voice)—Highest priority queue, minimum delay. Time-sensitive data
such as VoIP and streaming media are automatically sent to this queue.

Data 1 (Video)—High priority queue, minimum delay. Time-sensitive video
data is automatically sent to this queue.
Data 2 (Best Effort)—Medium priority queue, medium throughput and delay.
Most traditional IP data is sent to this queue.

Data 3 (Background)—Lowest priority queue, high throughput. Bulk data that
requires maximum throughput and is not time-sensitive is sent to this queue
(FTP data, for example).
Arbitration InterFrame Space

A wait time for data frames. The wait time is measured in slots. Valid values
for Arbitration Inter-Frame Space are from 0 to 15.

Minimum Contention
Window

A list to the algorithm that determines the initial random backoff wait time
(window) for retry of a transmission.

Maximum Contention
Window

The upper limit (in milliseconds) for the doubling of the random backoff value.
This doubling continues until either the data frame is sent or the Maximum
Contention Window size is reached.

This value can not be higher than the value for the Maximum Contention
Window.

This value must be higher than the value for the Minimum Contention
Window.
Maximum Burst

Maximum Burst specifies the maximum burst length allowed for packet
bursts on the wireless network. A packet burst is a collection of multiple
frames transmitted without header information. The decreased overhead
results in higher throughput and better performance.

4. Click Station EDCA Parameters and the following page will appear. Station EDCA parameters
affect traffic flowing from the client station to the EAP device. We recommend you use the
defaults.

75

Queue

Queue displays the transmission queue. By default, the priority from high to
low is Data 0, Data 1, Data 2, and Data 3. The priority may be changed if you
reset the EDCA parameters.

Data 0 (Voice)—Highest priority queue, minimum delay. Time-sensitive data
such as VoIP and streaming media are automatically sent to this queue.

Data 1 (Video)—High priority queue, minimum delay. Time-sensitive video
data is automatically sent to this queue.
Data 2 (Best Effort)—Medium priority queue, medium throughput and delay.
Most traditional IP data is sent to this queue.

Data 3 (Background)—Lowest priority queue, high throughput. Bulk data that
requires maximum throughput and is not time-sensitive is sent to this queue
(FTP data, for example).
Arbitration InterFrame Space

A wait time for data frames. The wait time is measured in slots. Valid values
for Arbitration Inter-Frame Space are from 0 to 15.

Minimum Contention
Window

A list to the algorithm that determines the initial random backoff wait time
(window) for retry of a transmission. This value can not be higher than the
value for the Maximum Contention Window.

Maximum Contention
Window

The upper limit (in milliseconds) for the doubling of the random backoff value.
This doubling continues until either the data frame is sent or the Maximum
Contention Window size is reached.
This value must be higher than the value for the Minimum Contention
Window.

TXOP Limit

The TXOP Limit is a station EDCA parameter and only applies to traffic
flowing from the client station to the EAP device. The Transmission
Opportunity (TXOP) is an interval of time, in milliseconds, when a WME client
station has the right to initiate transmissions onto the wireless medium (WM)
towards the EAP device. The valid values are multiples of 32 between 0 and
8192.

5. Click Apply.

3.8 System
3.8.1 Reboot Schedule

You can reboot all the EAPs in the network periodically as needed. Follow the steps below to
configure Reboot Schedule.

1. Go to System > Reboot Schedule.

76

2. Check the box to enable the function.
3. Choose Daily, Weekly or Monthly in the Timing Mode drop-down list and set a specific time to
reboot the EAPs.

4. Click Apply.

3.8.2 Log Setting

Follow the steps below to choose the way to receive system logs.
1. Go to System > Log Setting.

2. Check the box to choose the way to receive system logs (you can choose more than one) and
click Apply. Two ways are available: Auto Mail Feature and Server.

Auto Mail Feature
If Auto Mail Feature is enabled, system logs will be sent to a specified mailbox. Check the box to
enable the feature and configure the parameters.

77

From Address

Enter the sender's E-mail address.

To Address

Enter the receiver's E-mail address.

SMTP Server

Enter the IP address of the SMTP server.

Enable
Authentication

You can check the box to enable mail server authentication. Enter the sender's
mail account name and password.

Time Mode

Select Time Mode. System logs can be sent at specific time or time interval.

Fixation Time

If you select Fixation Time, specify a fixed time to send the system log mails. For
example, 08:30 indicates that the mail will be sent at 8:30 am everyday.

Period Time

If you select Period Time, specify a period time to regularly send the system log
mail. For example, 6 indicates that the mail will be sent every six hours.

Server
If Server is enabled, system logs will be sent to a server. You can enable the feature and enter its IP
address and port.

3.8.3 Device Account
When the EAP devices are adopted at the first time, their username and password will become

the same as those of the Omada Controller which are specified at Basic Configurations. You can
specify a new username and password for the adopted EAPs in batches.

Follow the steps below to change EAP devices' username and password.
1. Go to System > Device Account.

78

2. Specify a new username and password for the EAP devices.
3. Click Apply.

Note
:

The new account will be applied to EAP devices but not the Omada Controller. To change the Omada
Controller's username and password, please refer to User Account.

3.8.4 Backup&Restore

You can save the current configuration of the EAPs as a backup file and if necessary, and restore
the configuration using the backup file. We recommend you back up the settings before upgrading
the device.

Follow the steps below to backup and restore the configuration.
1. Go to System > Backup&Restore.

2. Click Backup and save the backup file.
3. If necessary, click Browse to locate and choose the backup file. Then click Restore to restore
the configuration.

3.8.5 Batch Upgrade

Follow the steps below to upgrade the EAP devices in batches according to their model.
1. Visit http://www.tp-link.com/en/support/download/ to download the latest firmware file of the
corresponding model.

2. Go to System > Batch Upgrade.

79

3. Select the EAP model.
4. Click Browse to locate and choose the proper firmware file for the model.
5. Click Upgrade to upgrade the device.
6. After upgrading, the device will reboot automatically.

Note
:

To avoid damage, please do not turn off the device while upgrading.

3.8.6 More Settings

You can configure the following features on the More Settings page: Historical Data Retention, LED,
SSH and Management VLAN.

Go to System > More Settings.

Historical Data Retention
With this feature, logs and client statistics beyond the specified number of days will be cleared.
Follow the steps below to configure Historical Data Retention:

1. Select the number of days beyond which logs and client statistics will be cleared.
2. Click Apply.

LED
Follow the steps below to turn on or off the LED lights of the EAPs.

80

1. Check the box to change the LED light status. By default, the LED lights are on.
2. Click Apply.

SSH
You can log in to the Omada Controller via SSH. Follow the steps below to configure SSH on the
Omada Controller:

1. Enter the port number of the SSH server.
2. Check the box to enable SSH Login.
3. Click Apply.

Management VLAN
Management VLAN provides a safer way for you to manage the EAP. With Management VLAN

enabled, only the hosts in the management VLAN can manage the EAP. Since most hosts cannot

process VLAN TAGs, connect the management host to the network via a switch, and set up correct

VLAN settings for the switches on the network to ensure the communication between the host and
the EAP in the management VLAN.

Follow the steps below to configure Management VLAN.
1. Check the box to enable Management VLAN.
2. Specify the Management VLAN ID.
3. Click Apply.

81

4

Configure the EAPs Separately

In addition to global configuration, you can configure the EAPs separately and the configuration
results will be applied to a specified EAP device.

To configure a specified EAP, please click the EAP's name on the Access Points tab or click

of

connected EAP on the map. Then you can view the EAP's detailed information and configure the
EAP on the pop-up window.

This chapter includes the following contents:
·View the Information of the EAP
·View Clients Connecting to the EAP
·Configure the EAP

82

4.1 View the Information of the EAP
4.1.1 Overview

Click Overview to view the basic information including EAP's MAC address (or name you set), IP
address, model, firmware version, the usage rate of CPU and Memory and uptime (indicates how
long the EAP has been running without interruption).

4.1.2 LAN

Click LAN to view the traffic information of the LAN port, including the total number of packets, the
total size of data, the total number of packets loss, and the total size of error data in the process of
receiving and transmitting data.

83

4.1.3 Radio
Click Radio to view the radio information including the frequency band, the wireless mode, the

channel width, the channel, and the transmitting power. At 2.4GHz, you can also view parameters of
receiving/transmitting data.

4.2 View Clients Connecting to the EAP
4.2.1 User
The User page displays the information of clients connecting to the SSID with Portal disabled,
including their MAC addresses and connected SSIDs. You can click the client's MAC address to get
its connection history.

84

4.2.2 Guest

The Guest page displays the information of clients connecting to the SSID with Portal enabled,
including their MAC addresses and connected SSIDs. You can click the client's MAC address to get
its connection history.

4.3 Configure the EAP

The Configuration page allows you to configure the EAP. All the configurations will only take effect
on this device.

4.3.1 Basic Config

Here you can change the name of the EAP.

85

4.3.2 IP Setting

You can configure an IP address for this EAP. Two options are provided: DHCP and Static.

Get a Dynamic IP Address From the DHCP Server
1. Configure your DHCP server.
2. Select DHCP on the page above.
3. Enable the Fallback IP feature. When the device cannot get a dynamic IP address, the fallback IP
address will be used.

4. Set IP address, IP mask and gateway for the fallback address and click Apply.

Manually Set a Static IP Address for the EAP
1. Select Static.
2. Set the IP address, IP mask and gateway for the static address and click Apply.

4.3.3 Radio
Radio settings directly control the behavior of the radio in the EAP device and its interaction with
the physical medium; that is, how and what type of signal the EAP device emits.

Select the frequency band (2.4GHz/5GHz) and configure the following parameters.
86

Status

Enabled by default. If you disable the option, the radio on the frequency band
will turn off.

Mode

Select the IEEE 802.11 mode the radio uses.

When the frequency of 2.4GHz is selected, 802.11b/g/n mixed, 802.11b/g mixed,
and 802.11n only modes are available:

802.11b/g/n mixed: All of 802.11b, 802.11g, and 802.11n clients operating in the
2.4GHz frequency can connect to the EAP device. We recommend you select
the 802.11b/g/n mixed mode.

802.11b/g mixed: Both 802.11b and 802.11g clients can connect to the EAP
device.
802.11n only: Only 802.11n clients can connect to the EAP device.

When the frequency of 5GHz is selected, 802.11 n/ac mixed, 802.11a/n mixed,
802.11 ac onl7, 802.11a only, and 802.11n only modes are available:

802.11n/ac mixed: Both 802.11n clients and 802.11ac clients operating in the
5GHz frequency can connect to the EAP device.
802.11a/n mixed: Both 802.11a clients and 802.11n clients operating in the
5GHz frequency can connect to the EAP device.
802.11ac only: Only 802.11ac clients can connect to the EAP device.
802.11a only: Only 802.11a clients can connect to the EAP device.

802.11n only: Only 802.11n clients can connect to the EAP device.
Channel Width

Select the channel width of the EAP device. The available options differ among
different EAPs.
For some EAPs, available options include 20MHz, 40MHz and 20/40MHz.

For other EAPs, available options include 20MHz, 40MHz, 80MHz and
20/40/80MHz.

The 20/40 MHz and 20/40/80MHz channels enable higher data rates but leave
fewer channels available for use by other 2.4GHz and 5GHz devices. When the
radio mode includes 802.11n, we recommend you set the channel bandwidth to
20/40 MHz or 20/40/80MHz to improve the transmission speed.
Channel

Select the channel used by the EAP device to improve wireless performance.
The range of available channels is determined by the radio mode and the
country setting. If you select Auto for the channel setting, the EAP device scans
available channels and selects a channel where the least amount of traffic is
detected.

Channel Limit

For the EAPs that support DFS in EU version, there is a Channel Limit option. If
you want to use your EAP outdoors, enable this option to comply with the laws
in your country.

87

Tx Power (EIRP)

Select the Tx Power (Transmit Power) in the 4 options: Low, Medium, High and
Custom. Low, Medium and High are based on the Max TxPower (maximum
transmit power. It may vary among different countries and regions).

Low: Max TxPower * 20% (round off the value)

Medium: Max TxPower * 60% (round off the value)
High: Max TxPower

Custom: Enter a value manually.

4.3.4 Load Balance

By setting the maximum number of clients accessing the EAPs, Load Balance helps to achieve
rational use of network resources.

Select the frequency band (2.4GHz/5GHz) and configure the parameters.
Max Associated
Clients

Enable this function and specify the maximum number of connected clients. While
more clients requesting to connect, the EAP will disconnect those with weaker
signals.

RSSI Threshold

Enable this function and enter the threshold of RSSI (Received Signal Strength
Indication). When the clients' signal is weaker than the RSSI Threshold you've set,
the clients will be disconnected from the EAP.

4.3.5 WLANs

You can specify a different SSID name and password to override the previous SSID. After that,

clients can only see the new SSID and use the new password to access the network. Follow the
steps below to override the SSID.

1. Select the frequency band and WLAN group.
88

2. Click

and the following window will pop up.

3. Check the box to enable the feature.
4. You can join the overridden SSID in to a VLAN. Check the Use VLAN ID box and specify a VLAN
ID.

5. Specify a new name and password for the SSID.
6. Click Apply to save the configuration.

4.3.6 Trunk Settings

Only EAP330 supports this function.
The trunk function can bundles multiple Ethernet links into a logical link to increase bandwidth and
improve network reliability.

Status

Enable this function.

Mode

Select the applied mode of Trunk Arithmetic.

The EAP330 has two 1000Mbps Ethernet ports. If the Trunk function is enabled
and the ports are in the speed of 1000Mbps Full Duplex, the whole bandwidth of
the trunk link is up to 4Gbps (2000Mbps * 2).

• SRC MAC + DST MAC: When this option is selected, the arithmetic will be based
on the source and destination MAC addresses of the packets.

• DST MAC: When this option is selected, the arithmetic will be based on the
destination MAC addresses of the packets.
• SRC MAC: When this option is selected, the arithmetic will be based on the
source MAC addresses of the packets.

4.3.7 Rogue AP Detection

With this option enabled, the EAP device will detect rogue APs in all channels.
89

4.3.8 Local LAN Port Settings
You can configure the LAN port of the EAP.

VLAN

Enable this feature and specify the VLAN that the EAP is added to, and then the
hosts connected to this EAP can only communicate with the devices in this VLAN.
The valid values are from 1 to 4094, and the default is 1.

PoE Out

If your EAP has PoE OUT port, you can enable this option to supply power to the
connected device on this port.
The EAP that has no PoE OUT port does not support this feature.

4.3.9 Forget this AP

If you no longer want to manage this EAP, you may remove it. All the configurations and history
about this EAP will be deleted. It is recommended to back up the configurations of this EAP before
you forget it.

90

5

Manage the Omada Controller

This chapter mainly introduces how to manage the user account and configure system settings.
This chapter includes the following contents.
·Information About the Software
·User Account
·Controller Settings

91

5.1 Information About the Software

You can view the Omada Controller's version and copyright information on the About
page.

5.2 User Account

You can use different user account to log in to the Omada Controller. User has three roles:
administrator, operator and observer. The administration authority varies among different roles.
Administrator

The first administrator account is created in the Basic Configuration process
and this account can not be deleted. An administrator can change the settings
of the EAP network and create and delete user accounts.

Operator

An operator account can be created or deleted by the administrator. The
operator can change the settings of the EAP network.

Observer

An observer account can be created or deleted by the administrator. The
observer can only view the status and settings of the EAP network but not
change the settings.

Follow the steps below to add user account.
1. Go to Admin > User Settings.

2. Click

and the following window will pop up.

92

3. Specify the username, Email and password of the account.
4. Select the role from the drop-down list.
·If you select operator or observer, you also need to select the Site Privileges.
·If you select administrator, the Site Privileges option will not appear and all sites are available for
the administrator user.

5. Click Apply to add the user account.

Note

You can refer to the Role page to view the user role's type, description information, permission scope and
created time.

5.3 Controller Settings

You can configure the Omada Controller's hostname and IP address. In addition, we recommend
you configure the Mail server to reset your login password when you forget it.

5.3.1 Configure Controller Hostname/IP

Follow the steps below to configure the hostname or IP address of the Omada Controller.
1. Go to Admin > Controller Settings and click Omada Controller.

2. Enter the hostname or IP address of the Omada Controller.
3. Click Apply to save the configuration.

93

5.3.2 Configure Mail Server

With the Mail Server, you can reset the password of the user account and receive notifications from
the Omada Controller. It is different from the SMTP Server, which is just for the system log emails
sending.

Follow the steps below to configure mail server.
1. Go to Admin > Controller Settings.
2. Click Mail Server, check the box to enable SMTP Server, and then the following screen will
appear.

3. Configure the following parameters.
Mail Server

Enter the IP address or domain of SMTP Server.

Port

The default is 25.

Enable Auth

Select this option to enable authentication.

Username/Password

If you enable authentication, enter the username and password required by
the mail server.

Specify Sender
Address

Specify the sender's mail address. Enter the email address that will appear
as the sender of the warning email.

You can enable SSL (Security Socket Layer) to enhance secure
communications over the Internet. If SSL is enabled, the port number will
automatically change to 465.

4. Click Apply to save the configuration.

Note

Specify the account email address based on the Mail server to receive the notifications.

94

6

Application Example

A restaurant has a wireless network with three EAPs managed by the Omada Controller. The
network administrator wants to :

·Monitor the EAPs with the Map.
·Enable Portal function to drive customers' attention to the ads of the supermarket when

customers attempt to access the network. The costumers need to use a simple password to
pass the authentication.

·Allow the employees of the restaurant to access the network resources without portal
authentication.

·Schedule the radio to operate only during the working time (8:00 am to 22:00 pm) in order to
reduce power consumption.

Follow the steps below to achieve the requirements above.

95

6.1 Basic Configuration

Follow the steps below to do the basic configuration.
1. Connect the hardware by referring to the following topology.
Host A (Controller Host)
IP: 192.168.0.100

Switch

Router (DHCP Server)
LAN IP:192.168.0.1

Internet

Omada Controller

EAPs

2. Install the Omada Controller on Host A.
3. Launch the software and follow the instructions to complete some initial configurations.
4. Log into the management interface.
5. Adopt the pending EAP devices.

6.2 Advanced Settings

After the basic configuration, refer to the following content to meet the network administrator's
requirements.

6.2.1 Monitor the EAPs with Map

Follow the steps below to create a map and monitor the EAPs with the map.
1. Go to the Map.
2. Import a local map and set the map scale.
3. Drag the EAPs to the appropriate locations on the map.
4. Click Coverage and you can see the representation of the EAPs’ wireless coverage.

96

6.2.2 Configure Portal Authentication

Follow the steps below to configure Portal function.
1. Go to Basic Wireless Settings and edit the SSID we created in the basic configuration.

To make it easier for customers to connect, change the Security Mode from WPA-PSK to

None. Customers can connect to the EAPs without password and be redirected to the Portal
Authentication where the correct password will be required.

2. Open the global configuration window and go to Portal. Click
window will pop up.

3. In the Basic Info section, complete the basic settings for the portal.

97

. The configuration

1 ) Specify a name for the portal.
2 ) Select an SSID for the portal.
3 ) Select the Authentication Type as Simple Password. Specify a simple password for the
guests.

4 ) Select the Authentication Timeout. For example, 1 Hour is suitable for the customers at the
restaurant.

5 ) Enable the Redirect to drive the costumers to the restaurant's homepage after successful
login. We can put some promotion information on the page.

4. In the Login Page section, configure the login page.

5. In the Advertisement section, upload two pictures of the restaurant and set the related
parameters.

98

6. Click Apply.

6.2.3 Create a SSID for the Employees

We have created a SSID in the basic configuration for the customers. Here we need to create

another SSID for the employees to allow them to access the network without portal authentication.
In addition, the new SSID should be invisible for the customers.
Follow the steps below to create a SSID for the employees.
1. Open the global configuration window and go to Basic Wireless Settings.
2. Click Add to add a new SSID.

Configure the parameters.
1 ) Disable the SSID Broadcast to hide this SSID from the customers.
2 ) Specify the SSID Name, Security Mode and Wireless Password. Let the employees manually

enter the SSID name and password, and choose the security mode you set to access the
network.

3 ) Click Apply to save the configuration.

99

6.2.4 Configure Scheduler

Follow the steps below to schedule the radio to operate only during the working time (from 8:00 to
22:00).

1. Open the global configuration window and go to Scheduler.
1 ) Add a profile.

2 ) Add an item for the profile. The parameters are set as shown on the following screen.

2. Go to Scheduler Association tab.

1 ) Enable the function and select Associated with SSID. Click Apply.
2 ) In the Profile Name column of both SSIDs, select the profile we just created.
3 ) In the Action column of both SSIDs, select Radio On.
4 ) Click Apply in the Setting column of both SSIDs.
5 ) Select 5GHz and do the same configurations as above.
100

COPYRIGHT & TRADEMARKS
Specifications are subject to change without notice.
is a registered trademark of TP-Link
Technologies Co., Ltd. Other brands and product names are trademarks or registered trademarks of their
respective holders.

No part of the specifications may be reproduced in any form or by any means or used to make any

derivative such as translation, transformation, or adaptation without permission from TP-Link Technologies
Co., Ltd. Copyright © 2018 TP-Link Technologies Co., Ltd.. All rights reserved.



Source Exif Data:
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.5
Linearized                      : No
XMP Toolkit                     : Adobe XMP Core 5.4-c005 78.147326, 2012/08/23-13:03:03
Create Date                     : 2018:03:07 09:32:23+08:00
Metadata Date                   : 2018:03:07 09:32:57+08:00
Modify Date                     : 2018:03:07 09:32:57+08:00
Creator Tool                    : Adobe InDesign CC 2015 (Windows)
Instance ID                     : uuid:2293bd8a-3aeb-4f00-ae45-83468ecb8e1a
Original Document ID            : xmp.did:065405c0-55dc-eb4f-b42b-bfb41f8e0dcd
Document ID                     : xmp.id:16681434-e892-c445-8936-813ba73304c3
Rendition Class                 : proof:pdf
Derived From Instance ID        : xmp.iid:6b92e26a-23f4-1c41-91fd-4306e8a6ca0c
Derived From Document ID        : xmp.did:12c9f396-a8d4-1d45-81a4-82fbb521c516
Derived From Original Document ID: xmp.did:065405c0-55dc-eb4f-b42b-bfb41f8e0dcd
Derived From Rendition Class    : default
History Action                  : converted
History Parameters              : from application/x-indesign to application/pdf
History Software Agent          : Adobe InDesign CC 2015 (Windows)
History Changed                 : /
History When                    : 2018:03:07 09:32:23+08:00
Format                          : application/pdf
Producer                        : Adobe PDF Library 15.0
Trapped                         : False
Page Mode                       : UseOutlines
Page Count                      : 106
Creator                         : Adobe InDesign CC 2015 (Windows)
EXIF Metadata provided by EXIF.tools

Navigation menu