TPLink - AC Controller

CONFIGURATION GUIDE

The purpose of the following manual is to describe the necessary configuration of AC500 de TP-Link equipment for integration with Octopus Platform

1- Pre-requisites

• If there is a firewall in the network that might block the traffic, you will need to allow access to some domains to enable user's authentication:

  • Radius Servers:

    • Primary: <IP_Radius_1> 1812 and 1813 UDP ports

    • Secondary: <IP_Radius_2> 1812 and 1813 UDP ports

  • Splash Portal server: 

    • Domain <captive_portal_domain> 80 and 443 TCP ports

• For the operation of the Guest and Enterprise modules configuration, it will be necessary to previously contract the Octopus platform licenses with the respective modules.

 2- Guest module configuration

2.1 Radius Servers

Next, it is necessary to include the Radius Server to which the authentication requests of the users will be sent. To do this, go to the Authentication> Authentication Server section and first access the Radius Server tab. Once inside this section click on "Add" to add a new Radius Server and configure the following parameters:

Once the Radius Server has been added, you must associate it with a group.To do so, go to the Authentication> Authentication Server section and in this case access the Authentication Server Group tab. After clicking Add to add a new group of servers configure the following parameters:

2.2 WLAN Settings

The first step to carry out the configuration in the TP-Link equipment is to create a new SSID or modify an existing one. For this, go to the Wireless> Wireless Service section and click on "Add" to add a new WLAN with the following parameters:

2.3 Captive Portal

The next step is the configuration of the external Captive Portal. You have to go to: Authentication> Portal Authentication section and access the Remote Portal tab. Once inside this section click on Add, to add a new external captive portal and configure the following parameters:

2.4 Walled Garden

Finally it is necessary to indicate the domains to which the user will have free access before authenticating in the network. To do this go to the Authentication> Authentication Config section and access the Free Authentication Policy tab.

Once inside this section click on Add to add each of the necessary domains with the following configuration:

Once these changes have been made, go to the Authentication Parameters tab, within the same Authentication Config section, and configure the following parameters:

2.5 AP Group

2.6 Authorized MAC Addresses

To get these MAC addresses easily go to the Status> AP Status section and after selecting the AP Group of the installation that contains the Access Points you can obtain all the MAC addresses of the APs in the MAC Address column. In order to allow the users to authenticate themselves in the captive portal correctly, it is necessary to identify the NAS that will send the authentication requests to the Radius Server. In TP-LINK, it is required to add the MAC address of every access point that will broadcast the configured SSID 

3- Enterprise module configuration

In order to integrate the configurations of this module with the platform, it is necessary to contract the Octopus Wifi Enterprise Module.

3.1 Configuration of “Access Profiles” funtionality in the Octopus Platform

Through the Octopus platform it is possible to configure a series of reply attributes of the Access-Accept packages, grouped in the so-called Access Profile. These Access Profiles allow to activate a series of functionalities in the Omada. Although the most common and proprietary Omada radius dictionaries are available, the following is a list of some of the most interesting ones:

Example of an Access Profile configuration with the attributes explained above:

Open