Configuration Guide For Managing EAPs Via EAP Controller

Configuration Guide For Managing Eaps Via Eap Controller configuration_guide_for_managing_eaps_via_eap_controller configuration_guide_for_managing_eaps_via_eap_controller configurationguide static.tp-link.com 3:

2017-12-26

: Tp-Link Configuration Guide For Managing Eaps Via Eap Controller Configuration Guide for Managing EAPs via EAP Controller 20171226 201712 2017

Open the PDF directly: View PDF .
Page Count: 37

Download
Open PDF In Browser	View PDF

Configuration Guide
For Managing EAPs via EAP Controller

1910012313 REV1.0.0
December 2017

CONTENTS

Overview������������������������������������������������������������������������������������������������������������������������������������������������������������������� 1
Configuration���������������������������������������������������������������������������������������������������������������������������������������������������������� 2

2.1
2.2

Managing EAPs in the Same Subnet�������������������������������������������������������������������������������������������������������������������������� 2
Managing EAPs in Different Subnets�������������������������������������������������������������������������������������������������������������������������� 4
2.2.1

2.2.2

Managing EAPs at the Same Site����������������������������������������������������������������������������������������������������������������� 4
Using Discovery Utility to Discover EAPs������������������������������������������������������������������������������������������������ 4
Using DHCP Option 138 to Discover EAPs����������������������������������������������������������������������������������������� 10
Managing EAPs at Different Sites������������������������������������������������������������������������������������������������������������� 15
Using Discovery Utility to Discover EAPs via VPN Tunnel����������������������������������������������������������� 15
Using DHCP Option 138 to Discover EAPs via VPN Tunnel������������������������������������������������������� 21
Using Discovery Utility to Discover EAPs via NAT Port Forwarding�������������������������������������� 27
Using DHCP Option 138 to Discover EAPs via NAT Port Forwarding ��������������������������������� 30

Overview

Overview
The EAP provides specialized functions for maintenance and management. Users can
centrally monitor and manage the EAPs via EAP Controller’s management interface.
The EAP Controller is a management software for TP-Link EAP devices. The free EAP
Controller software allows users to manage hundreds of EAPs not only when they are in
the same network segment but also in different network segments.
Configuration procedures differ depending on the network topology. This guide
introduces how to manage EAPs via EAP Controller in various scenarios.

Configuration Guide

Configuration

Configuration
The application overview is as follows:
 Managing EAPs in the Same Subnet
 Managing EAPs in Different Subnets
●●Managing EAPs at the Same Site
a. Using Discovery Utility to Discover EAPs
b. Using DHCP Option 138 to Discover EAPs
●●Managing EAPs at Different Sites
a. Using Discovery Utility to Discover EAPs via VPN Tunnel
b. Using DHCP Option 138 to Discover EAPs via VPN Tunnel
c. Using Discovery Utility to Discover EAPs via NAT Port Forwarding
d. Using DHCP Option 138 to Discover EAPs via NAT Port Forwarding

Configuration Guideline:

 Please ensure that EAP Controller is in the white list of Windows built-in firewall or a
third-party antivirus/firewall. Generally, the EAP Controller will be automatically added
into the white list of Windows built-in firewall, while for other operating systems or
third-party antivirus/firewall, it may need a manual step.

 Please ensure that ports 8043, 8088, 29810, 29811, 29812 and 29813 are accessible
on the host where EAP Controller is installed. That is, these ports should not be
occupied by other applications.

2.1

Managing EAPs in the Same Subnet
Before configuring EAP Controller to centrally manage the EAPs, confirm whether EAPs
and EAP Controller are in same network segment or not.
In the following network topology, the EAP Controller and EAPs are in the same subnet.
A router functions as a DHCP server to assign IP addresses to EAPs and clients. The EAP
Controller should be installed on one host, known as Controller Host.

Configuration Guide

Configuration

EAP Controller

Host A (Controller Host)
IP:192.168.0.253/24

EAP

Clients

Layer 2 Switch

Router (DHCP Sever)

LAN IP:192.168.0.1/24

Internet

EAP

To ensure that all EAPs are adopted, follow the steps below:

1) Launch EAP Controller to load the login page, enter the username and password
which are set in the installation of EAP Controller and click Sign In.

2) The EAP Controller and EAPs are in the same subnet, thus once the EAP is powered
on, it can be discovered by EAP Controller automatically. The EAP Controller will
automatically adopt the EAP using the default username and password (both are
admin).

3) If the Retry button shows in the Action column, it means that the username and
password of the EAP have been changed.

You should enter the current username and password of the EAP.

Configuration Guide

Configuration

After successful adoption, the EAP will be displayed in the Connected list.

2.2

Managing EAPs in Different Subnets
When EAP Controller and EAPs are in different subnets, the problem is how the EAPs find
EAP Controller. There are two solutions:
 Running EAP Discovery Utility on a host which is in the same network segment with
the EAPs to help the EAPs find the Controller Host.
 Configure DHCP option 138 on a DHCP server which supports DHCP option 138
feature, thus the DHCP server will tell the EAPs where EAP Controller is.
The EAP Controller can manage multiple EAP networks, which are called sites. Generally
multiple sites are logically separated and located in different physical places. The
following section will introduce how to manage EAPs when they are at the same site and
different subnets.

2.2.1 Managing EAPs at the Same Site
Using Discovery Utility to Discover EAPs

Demonstrated with the network topology below, this section provides configuration
procedures for managing EAPs in different subnets at the same site with EAP Discovery
Utility.
There are three VLANs (three subnets), which are VLAN1 (192.168.0.0/24), VLAN2
(192.168.1.0/24) and VLAN3 (172.30.30.0/24). The three VLANs are divided by switch
T2600G-28TS. Now we want the EAP Controller in VLAN1 to manage the EAP in VLAN2.
The computer that is running EAP Discovery Utility and the EAP to be managed should
be in the same VLAN. The gateway router is TP-Link router TL-ER6120.

Configuration Guide

Configuration

EAP Controller

Controller Host
192.168.0.253/24

Switch
(DHCP Server)

VLAN 1
192.168.0.0/24
Gi1/0/4

Gi1/0/16

VLAN 3
172.30.30.0/24

Gi1/0/15

Gi1/0/7

LAN
172.30.30.1/24

Router
WAN

Internet

EAP Discovery
Utility

Clients

EAP

Discovery Host
VLAN 2
192.168.1.0/24

Step 1: Configurations on Switch

1) Go to VLAN > 802.1Q VLAN > VLAN Config to create VLAN2 and VLAN3. VLAN2
includes port4 and port5. VLAN3 includes port7. The detailed VLAN settings are
shown as below.

2) Go to VLAN > 802.1Q VLAN > Port Config to make sure that port 4, 5, 7 and 16 have
been configured as “Access“ type ports. Make sure that the PVID of port4 and 5 have
been configured as 2, and the PVID of port7 has been configured as 3.

Configuration Guide

Configuration

3) Go to Routing > Interface to enter the IP interface for VLAN1,VLAN2 and VLAN3, and
configure relevant IP addresses for these three interfaces as shown below.

4) Go to Routing > Static Routing > IPv4 Static Routing Config to configure the static
default routing entry which leads to the gateway router.

Configuration Guide

Configuration

5) Go to Routing > DHCP Server > Global Config to enable DHCP Server function.

6) Go to Routing > DHCP Server > Pool Setting to configure 192.168.1.0/24 IP address
pool for EAPs.

Configuration Guide

Configuration

Note:

Do not forget to fill in the default gateway address and DNS server address.

Step 2: Configurations on the Router

1) Go to Transmission > Static Route to add Static Routing for VLAN1 and VLAN 2
subnets.

2) Go to Transmission >NAT > Multi-NAT to configure multi-nets NAT for subnets
192.168.0.0/24 and 192.168.1.0/24.

Configuration Guide

Configuration

Step 3: Configurations on EAP Discovery Host

1) Connect the computer that is running EAP Discovery Utility to port5 of the switch,
and connect the EAP to port4. In this way, both EAP Discovery Utility and EAP are in
the same subnet (192.168.1.0/24). Then open EAP Discovery Utility to let it discover
the EAP as shown below.

2) After EAP Discovery Utility has found the EAP, click Manage, then fill in the IP address
of Controller host and the Username/Password of the EAP (admin/admin by default)
so EAP Controller can manage this EAP.

Configuration Guide

Configuration

Note:

After the EAP has been successfully adopted by EAP Controller, you no longer need EAP
Discovery Utility. Thus, you can remove the computer that’s running EAP Discovery Utility from
the network.

Step 4: Adopt and Manage EAP

1) Run EAP Controller. The EAP which has been configured by EAP Discovery Utility in
the last step will appear in the Pending list as shown below, which means the EAP can
be adopted and managed by EAP Controller.

2) The EAP Controller will automatically adopt the EAP using the default username and
password (both are admin). If the Retry button appears in the Action column, it means
that the username and password of the EAP have been changed. You should enter
the current username and password of the EAP. If the EAP appears in the Connected
list as shown below, it means the EAP has been adopted and can be managed by EAP
Controller.

Using DHCP Option 138 to Discover EAPs

Demonstrated with the network topology below, this section provides configuration
procedures for managing EAPs in different subnets at the same site with DHCP option
138. There are three VLANs (three subnets), which are VLAN1 (192.168.0.0/24), VLAN2
(192.168.1.0/24) and VLAN3 (172.30.30.0/24). The three VLANs (three subnets) are
divided by switch T2600G-28TS. Now we want the EAP Controller in VLAN1 to manage
the EAP in VLAN2. The gateway router is TP-Link SMB router TL-ER6120.
VLAN 1
192.168.0.0/24
Gi1/0/16

EAP Controller

192.168.0.253/24
Controller Host

Switch
(DHCP Server)

Gi1/0/4

VLAN 3
172.30.30.0/24

LAN
172.30.30.1/24

Router

Internet

Gi1/0/7

VLAN 2
192.168.1.0/24

Clients

EAP

Configuration Guide

Configuration

Step 1: Configurations on Switch

1) Go to VLAN > 802.1Q VLAN > VLAN Config to create VLAN2 and VLAN3.
VLAN2 includes port4. VLAN3 includes port7. The detailed VLAN settings are shown
as below.

2) Go to VLAN > 802.1Q VLAN > Port Config to make sure that port 4, 7 and 16 have
been configured as “Access“ type ports. Make sure that the PVID of port4 and 5 has
been configured as 2, the PVID of port7 has been configured as 3.

3) Go to Routing > Interface to enter the IP interface for VLAN1,VLAN2 and VLAN3, and
configure relevant IP addresses for these three interfaces as shown below.

Configuration Guide

Configuration

4) Go to Routing > Static Routing > IPv4 Static Routing Config to configure the static
default routing entry which leads to the gateway router.

5) Go to Routing > DHCP Server to enable DHCP Server function. For Option138, you
should fill in the IP address of the Controller Host which is “192.168.0.253”. The DHCP
Server will then tell the EAPs where EAP Controller is, so that EAP Controller and
EAPs can communicate with each other among different subnets.

Configuration Guide

Configuration

6) Go to Routing > DHCP Server > Pool Setting to configure 192.168.1.0/24 IP address
pool for EAPs.

Configuration Guide

Configuration

Note:

Do not forget to fill in the default gateway address and DNS server address.

Step 2: Configurations on the Router

1) Go to Transmission > Static Route to add Static Routing for VLAN1 and VLAN2
subnets.

2) Go to Transmission >NAT > Multi-NAT to configure multi-nets NAT for
192.168.0.0/24 and 192.168.1.0/24 subnets.

Step 3: Adopt and Manage EAP

1) Run EAP Controller. The EAP which has DHCP option 138 configured from the last
step will appear in the Pending list as shown below, which means the EAP can be
adopted and managed by EAP Controller.

Configuration Guide

Configuration

2.2.2 Managing EAPs at Different Sites
When the devices are at different sites, we will manage EAPs using EAP Controller across
the internet. In this case, there are two ways to achieve remote management:
 Create a VPN connection between the local and remote networks by site to site IPsec
VPN.
 Transmit traffic between the inside and outside networks by NAT Port Forwarding.
The two remote communication methods can achieve the purpose of managing EAP via
EAP Discovery Utility or DHCP option138 respectively with EAP Controller. The section
will give the detailed configuration steps in different cases.

Using Discovery Utility to Discover EAPs via VPN Tunnel

Demonstrated with the network topology below, this section provides configuration
procedures for managing EAPs at different sites via VPN Tunnel with EAP Discovery
Utility. As shown below, the HQ and branch office are located in different places which
is connected with each other through IPsec VPN tunnel. The EAP Controller and a VPN
router (TL-ER6120) are in the subnet 192.168.1.0/24 of HQ. TP-Link EAP Discovery
Utility, EAP and a VPN router (TL-ER6120 ) are in the subnet 192.168.0.0/24 of branch
office.
HQ
Router

Branch Office

Internet
WAN 192.168.2.13

LAN 192.168.1.0/24

Router

WAN 192.168.2.10

LAN To LAN IPsec VPN Tunnel

LAN 192.168.0.0/24

EAP

Switch

EAP Discovery
Utility

Discovery Host
192.168.0.253/24

EAP Controller

Controller Host
192.168.0.253/24
Clients

Configuration Guide

Configuration

Step 1: VPN Settings for the Router in Branch Office

1) Go to VPN > IPsec > IPsec Policy to add an IPsec VPN Policy as the following picture
shows.

Note:
•

Remote Gateway should be configured with the WAN IP address of the VPN router in
HQ.

•

Local Subnet should be configured with the IP subnet of the branch office.

•

Remote Subnet should be configured with the IP subnet of HQ.

Configuration Guide

Configuration

Step 2: VPN Settings for the Router in HQ

Configuring VPN settings on TL-ER6120 in HQ is similar to “Step 1”. We won’t describe
this in detail here.

Configuration Guide

Configuration

Configuration Guide

Configuration

Note:
•

Remote Gateway should be configured with the WAN IP address of the VPN router in branch
office.

•

Local Subnet should be configured with the IP subnet of HQ.

•

Remote Subnet should be configured with the IP subnet of the branch office.

•

Negotiation Mode should be chosen the Responder Mode in HQ (Negotiation Mode has
been chosen as Initiator Mode in the branch office.

•

Pre-shared key should be filled with the same number string.

After all settings are done, the VPN tunnel will be established between HQ and the branch
office as shown below.

Step 3: Configurations on EAP Discovery Host

1) Connect the computer that is running EAP Discovery Utility and the EAP to the switch
in the branch office. Then open EAP Discovery Utility to let it discover the EAP as
shown below.

Configuration Guide

Configuration

2) After EAP Discovery Utility finds the EAP, click Manage, and then fill in the IP address
of the Controller Host and the Username/Password of the EAP (admin/admin by
default) to let EAP Controller find and manage this EAP.

Note:

After the EAP is successfully adopted by EAP Controller, you don’t need EAP Discovery Utility

any more, thus you can remove the computer that is running EAP Discovery Utility from the
network.

Step 4: Adopt and Manage EAP

Configuration

Using DHCP Option 138 to Discover EAPs via VPN Tunnel

Demonstrated with the network topology below, this section provides configuration
procedures for managing EAPs at different sites via VPN Tunnel with DHCP Option
138. As shown below, the HQ and branch office are connected with each other through
IPsec VPN tunnel. The EAP Controller and VPN router TL-ER6120 are in the subnet
192.168.1.0/24 of HQ. EAP, switch T2600G-28TS as DHCP Server (supporting DHCP
option 138) and another VPN router TL-ER6120 are in the subnet 192.168.0.0/24 of
branch office.
HQ
Router

Branch Office

Internet
WAN 192.168.2.13

LAN 192.168.1.0/24

WAN 192.168.2.10

LAN To LAN IPsec VPN Tunnel

Router

LAN 192.168.0.0/24

Switch
(DHCP Server)

EAP

EAP Controller

Controller Host
192.168.0.253/24
Clients

Configuration Guide

Configuration

Step 1: Configurations on the Switch in Branch Office

1) Go to Routing > DHCP Server > DHCP Server to enable DHCP Server function.
For Option138, you should fill in the IP address of Controller Host which is
“192.168.1.253”. The DHCP Server will then tell the EAPs where EAP Controller is,
so that EAP Controller and EAPs can communicate with each other among different
subnets.

Note:

Change switch’s default IP address from 192.168.0.1 to 192.168.0.2 to avoid IP conflict with
gateway router.

2) Go to Routing > DHCP Server > Pool Setting to configure 192.168.0.0/24 IP address
pool for EAPs.

Configuration Guide

Configuration

Note:

Change switch’s default IP address from 192.168.0.1 to 192.168.0.2 to avoid IP conflict with
gateway router.

Step 2: VPN Settings for the Router in Branch Office

Before you configure VPN, you should disable the DHCP server on the router in branch
office.
1) Go to VPN > IPSec > IPSec Policy to add a IPSec VPN Policy as the following page.

Configuration Guide

Configuration

Configuration Guide

Configuration

Note:
•

Remote Gateway should be configured with the WAN IP address of the VPN router in
HQ.

•

Local Subnet should be configured with the IP subnet of the Branch Office.

•

Remote Subnet should be configured with the IP subnet of HQ.

Step 3: VPN Settings for the Router in HQ

Configuring VPN settings on TL-ER6120 in HQ is similar to “Step 1”. We won’t describe
this in detail here.

Configuration Guide

Configuration

Note:
•

Remote Gateway should be filled in with the WAN IP address of the VPN router in the
branch office.

•

Local Subnet should be filled in the IP subnet of HQ.

•

Remote Subnet should be filled in the IP subnet of the Branch Office.

•

Negotiation Mode should be chosen the Responder Mode in HQ (Negotiation Mode
has been chosen as the Initiator Mode in Branch Office.

•

Pre-shared key should be filled with the same number string.

Configuration Guide

Configuration

After all settings are done, the VPN tunnel will be established between the HQ and branch
office as shown below.

Step 4: Adopt and Manage EAP

Using Discovery Utility to Discover EAPs via NAT Port Forwarding

Demonstrated with the network topology below, this section provides configuration
procedures for managing EAPs at different sites via NAT Port Forwarding with EAP
Discovery Utility. the HQ and branch office are connected with each other. The EAP
Controller and TL-ER6120 (VPN router) are in subnet 192.168.1.0/24 of HQ. The EAP
Configuration Guide

Configuration

Discovery Utility, EAP and TL-ER6120 (VPN router) are in subnet 192.168.0.0/24 of the
branch office.
HQ
Router

Branch Office

Internet

Router

WAN 192.168.2.8

Switch

EAP
EAP Discovery
Utility

EAP Controller

Controller Host
192.168.1.253/24

Discovery Host

Clients

Step 1: Configure Port Forwarding Rules on the Router in HQ

1) Go to Advanced > NAT > Virtual Server and configure virtual server for All ports,
ranging from 29810 to 29814. Configure Internal Server IP with 192.168.01.253,
which is the IP of the Controller Host.

Click OK and the configured NAT Port Forwarding rules will be displayed on the
following page.

Step 2：Configurations on the Discovery Host

1) Connect the computer that is running EAP Discovery Utility and EAP to the switch in
branch office. Then open EAP Discovery Utility to let it discover the EAP as shown
below.
Configuration Guide

Configuration

2) After EAP Discovery Utility finds the EAP, click Manage, and then fill in the WAN IP
address of the router in HQ and the Username/Password of the EAP (admin/admin by
default) to let EAP Controller find and manage this EAP.

Step 3: Adopt and Manage EAP

Configuration Guide

Configuration

Using DHCP Option 138 to Discover EAPs via NAT Port Forwarding

Demonstrated with the network topology below, this section provides configuration
procedures for managing EAPs at different sites via NAT Port Forwarding with DHCP
option 138. As shown below, the EAP Controller and a VPN router (TL-ER6120) are in the
subnet 192.168.1.0/24 of HQ. EAP, switch T2600G-28TS as DHCP Server (supporting
DHCP option138) and another VPN router (TL-ER6120) are in the subnet 192.168.0.0/24
of Branch Office.
HQ
Router

Internet
WAN 192.168.2.8

Branch Office
Router

Switch

EAP

EAP Controller

Controller Host
192.168.1.253/24

Clients

Configuration Guide

Configuration

Step 1：Configure Port Forwarding Rules on the Router in HQ

1) Go to Advanced > NAT > Virtual Server and configure virtual server for All, ranging
from 29810 to 29814. Configure Internal Server IP with 192.168.01.253, which is the
IP of the Controller Host.

Click OK, the configured NAT Port Forwarding rules will be displayed on the following
page.

Step 2: Configurations on Switch in Branch Office

1) Go to Routing > DHCP Server > DHCP Server to enable DHCP Server function. Set
DHCP option 138 as the WAN IP (192.168.2.8) address of the router which is behind
the EAP Controller in HQ.

Configuration Guide

Configuration

Note:

Change switch’s default IP address from 192.168.0.1 to 192.168.0.2 to avoid IP conflict with
gateway router.

2) Go to Routing > DHCP Server > Pool Setting to configure 192.168.0.0/24 IP address
pool for EAPs, and Click Apply.

Configuration Guide

Configuration

Step 3: Adopt and Manage EAP

1) Run EAP Controller. The EAP which has been configured by DHCP option 138 in the
last step will appear in the Pending list as shown below, which means the EAP can be
adopted and managed by the EAP Controller.

Configuration Guide

Configuration

Configuration Guide

Specifications are subject to change without notice.
is a registered
trademark of TP-Link Technologies Co., Ltd. Other brands and product names are
trademarks or registered trademarks of their respective holders.
No part of the specifications may be reproduced in any form or by any means or used
to make any derivative such as translation, transformation, or adaptation without
permission from TP-Link Technologies Co., Ltd. Copyright © 2018 TP-Link Technologies
Co., Ltd.. All rights reserved.

Source Exif Data:

File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.5
Linearized                      : No
XMP Toolkit                     : Adobe XMP Core 5.4-c005 78.147326, 2012/08/23-13:03:03
Create Date                     : 2017:12:26 10:16:49+08:00
Metadata Date                   : 2017:12:26 10:17:36+08:00
Modify Date                     : 2017:12:26 10:17:36+08:00
Creator Tool                    : Adobe InDesign CC 2015 (Windows)
Instance ID                     : uuid:d71d0b8d-a962-4f80-ae66-91d3fe06d517
Original Document ID            : xmp.did:87be8f24-5325-9340-979e-1582ec906699
Document ID                     : xmp.id:468cb6cf-5138-4349-83d9-1ca258138a74
Rendition Class                 : proof:pdf
History Action                  : converted
History Parameters              : from application/x-indesign to application/pdf
History Software Agent          : Adobe InDesign CC 2015 (Windows)
History Changed                 : /
History When                    : 2017:12:26 10:16:49+08:00
Derived From Instance ID        : xmp.iid:75900610-1658-0943-a884-23b03e87ce95
Derived From Document ID        : xmp.did:87be8f24-5325-9340-979e-1582ec906699
Derived From Original Document ID: xmp.did:87be8f24-5325-9340-979e-1582ec906699
Derived From Rendition Class    : default
Format                          : application/pdf
Producer                        : Adobe PDF Library 15.0
Trapped                         : False
Page Mode                       : UseOutlines
Page Count                      : 37
Creator                         : Adobe InDesign CC 2015 (Windows)

EXIF Metadata provided by EXIF.tools

Configuration Guide For Managing EAPs Via EAP Controller

Configuration Guide For Managing Eaps Via Eap Controller configuration_guide_for_managing_eaps_via_eap_controller configuration_guide_for_managing_eaps_via_eap_controller configurationguide static.tp-link.com 3:

Navigation menu

Versions of this User Manual:

Views

Navigation