Wi5stars-Configuring TP-Link Omada Controller and EAP AP >= V4.0
www.wi5stars.com
Gateway & AP – Set-Up Guide
Configuring TP-Link Omada Controller and EAP AP >= V4.0

This chapter describes how to configure TP-Link Omada Controller and EAP AP with a software version lower than 4.0.
Before proceeding further with the configuration, you need to have Wi5stars with a domain and a gateway as described in Adding a New Gateway.

Prerequisites

The prerequisites required for configuration are:

  • Omada controller software version equal to or greater than 4.0
  • Wi5stars gateway configured with TP-Link Omada hardware type
  • APs compatible with Omada controller https://www.tp-link.com/us/business-networking/all-omada/#omada-acces-points
  • For HTTPS pages (for social login and payments) the SSL certificate and the DNS must point to the controller IP
  • If the controller is behind a NAT, its ports configured in the Access Config section must be reachable from Wi5stars (port forward).

Installing the Radius Profile of the Omada Software Controller

Step 1

Download the Omada controller from TP-Link official website: https://www.tp-link.com/it/support/download/eap-controller/#Controller_Software

Step 2

Access the controller and click on Authentication – RADIUS Profile

Step 3

Click on Create New RADIUS Profile

Step 4

Complete as follows:

  • Name– Enter the name
  • Authentication Server IP– Enter the IP address to reach Wi5stars
  • Authentication Port– Digit 1812
  • Authentication Password– Enter the secret inside your Wi5stars
  • RADIUS Accounting– Tick it
  • Interim Update– Tick it
  • Interim Update Interval– Digit 300
  • Accounting Server IP– Enter again the IP Address to reach Wi5stars
  • Accounting Port– Leave 1813
  • Accounting Password– Enter again the secret inside your Wi5stars

In order to add the Secret you need to get it from your Wi5stars as described in the Radius Secret paragraph.

Configuring the Wireless Networks of the Controller

Step 1

From the contextual menu on the left, click on Wireless Networks

Step 2

Select Create New Wireless Network

Step 3

Complete as follows:

  • Network Name (SSID)– Digit the requested SSID
  • Security– Select None
  • Expand Advanced Settings menu
  • SSID Broadcast– Enable it

Step 4

Save

Configuring the Authentication Portal

Step 1

From the contextual menu on the left, click on Authentication>Portal

Step 2

Click on Create New Portal

Step 3

Complete as follows:

  • Portal Name– Enter the name
  • Portal– Activate it
  • SSID & Networks– Select the SSID previously created
  • Authentication Type– Select External RADIUS Server
  • Authentication Timeout– Select 1 Hour
  • RADIUS Profile– Select the profile previously created
  • NAS ID– Enter a value of your choice
  • Disconnect Requests– Do not tick it
  • Authentication Mode– Select CHAP
  • Portal Customization– Select External Web Portal and choose https:// if you want to perform the authentication in HTTPS. Enter the URL of our Welcome Portal: HSNM_DOMAIN_OR_IP/
    portal/index.php?domain=DomainName&hotspotname=HotSpotName where instead of Wi5stars_DOMAIN_OR_IP you must enter the public IP address of your Wi5stars or the IP to reach it and, instead of GATEWAY_NAME_SET_IN_Wi5stars, you must enter the name you set for your Gateway in the Wi5stars configuration
  • HTTPS Redirection– Tick it if you want to perform the authentication in HTTPS.
  • Landing Page– Choose The Original URL

Step 4

Click Apply

From Access Config section, set in the Controller Hostname/IP field the DNS that point to your controller. To complete the procedure for HTTPS authentication, select Controller>HTTPS Certificate from the contextual menu on the left. Upload your valid certificate, in the requested format, for your hostname nearly configured.

Please be sure that your certificate is valid for your hostname and the hostname is correctly pointed to your controller IP, (Wi5stars must reach your controller via HTTPS port with a valid hostname and certificate), otherwise the authentication via HTTPS will not work

Configuring the Walled Garden

TP-Link Omada Software Controller has a walled garden entry limitation. So, you may face some problems getting more than one social login or payment system running.

Step 1

From the contextual menu on the left, click on Authentication>Portal

Step 2

From the Access Control section enable Pre-Authentication Access and click on the Information icon button.

Step 3

Click Add in order to add your Walled Garden

To know the accurate and relevant Walled Garden you need to add one by one, access your Wi5stars platform and click the Copy to use barscontextual dropdown menu of your gateway. Select Download Walled Garden to get a .txt file with your accurate walled garden list as shown Figure Download Walled Garden.

Prometeo, Wi5stars and logos Wi5stars | Privacy Policy | Cookie Policy