Chapter 10 OneMesh with Seamless Roaming TP-Link OneMesh router and TP-Link OneMesh extenders work together to form one unified Wi-Fi network. Walk through your home and stay connected with the fastest possible speeds thanks to OneMesh’s seamless coverage. SAME INTERNE T Network Name & Password for seamless roaming Unified Wi-Fi Network Router and extenders share the same wireless settings, including network name, password, access control settings and more.
Chapter 10 OneMesh with Seamless Roaming 3. Connect a OneMesh extender to this router by following the setup instructions in the extender’s manual. The extender will be listed on the router’s OneMesh page. Note: To check full list of TP-Link OneMesh devices, visit https://www.tp-link.com/onemesh/compatibility. 4. If you have set up the extender to join the OneMesh network, it will be listed on the router’s OneMesh page.
Chapter 10 OneMesh with Seamless Roaming 10. 2. Manage Devices in the OneMesh Network In a OneMesh network, you can manage all mesh devices and connected clients on your router’s web page. • To view mesh devices and connected clients in the network: 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 2. Go to Network Map. 3. Click • to view all mesh devices, and click to view all connected clients. To manage a OneMesh device in the network: 1.
Chapter 10 OneMesh with Seamless Roaming 4. Manage the OneMesh device as needed. You can: • Change device information. • Click Leave OneMesh to delete this device from the OneMesh network. • Click Manage Device to redirect to the web management page of this device.
Chapter 11 Network Security This chapter guides you on how to protect your home network from cyber attacks and unauthorized users by implementing these three network security functions. You can protect your home network from cyber attacks, block or allow specific client devices to access your network using Access Control, or you can prevent ARP spoofing and ARP attacks using IP & MAC Binding.
Chapter 11 Network Security 11. 1. Protect the Network from Cyber Attacks The SPI (Stateful Packet Inspection) Firewall protects the router from cyber attacks and validate the traffic that is passing through the router based on the protocol. This function is enabled by default. 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 2. Go to Advanced > Security > Firewall. It’s recommended to keep the default settings. 11. 2.
Chapter 11 2 ) Click Network Security and select devices you want to be blocked and Click ADD. 3 ) The Operation Succeeded message will appear on the screen, which means the selected devices have been successfully added to the blacklist. To allow specific device(s): 1 ) Select Whitelist and click SAVE. 2 ) Your own device is in the whitelist by default and cannot be deleted. Click to add other devices to the whitelist. • Add connected devices 1 ) Click Select From Device List.
Chapter 11 Network Security 3 ) The Operation Succeeded message will appear on the screen, which means the selected devices have been successfully added to the whitelist. • Add unconnected devices 1 ) Click Add Manually. 2 ) Enter the Device Name and MAC Address of the device you want to be allowed and click ADD. 3 ) The Operation Succeeded message will appear on the screen, which means the device has been successfully added to the whitelist.
Chapter 11 Network Security I want to: Prevent ARP spoofing and ARP attacks. How can I do that? 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 2. Go to Advanced > Security > IP & MAC Binding. 3. Enable IP & MAC Binding. 4. Bind your device(s) according to your need. To bind the connected device(s): 1 ) Click in the Binding List section. 2 ) Click VIEW CONNECTED DEVICES and select the device you want to bind.
Chapter 11 Network Security To bind the unconnected device: 1 ) Click in the Binding List section. 2 ) Enter the MAC Address and IP Address that you want to bind. 3 ) Click SAVE. Done! Now you don’t need to worry about ARP spoofing and ARP attacks! 11. 4. ALG ALG allows customized Network Address Translation (NAT) traversal filters to be plugged into the gateway to support address and port translation for certain application layer “control/data” protocols such as FTP, TFTP, H323 etc.
Chapter 11 Network Security 61
Chapter 12 NAT Forwarding The router’s NAT (Network Address Translation) feature makes devices on the LAN use the same public IP address to communicate with devices on the internet, which protects the local network by hiding IP addresses of the devices. However, it also brings about the problem that an external host cannot initiatively communicate with a specified device on the local network.
Chapter 12 NAT Forwarding 12. 1. Share Local Resources on the Internet by Port Forwarding When you build up a server on the local network and want to share it on the internet, Port Forwarding can realize the service and provide it to internet users. At the same time Port Forwarding can keep the local network safe as other services are still invisible from the internet. Port Forwarding can be used for setting up public services on your local network, such as HTTP, FTP, DNS, POP3/SMTP and Telnet.
Chapter 12 NAT Forwarding 5. Click VIEW COMMON SERVICES and select HTTP. The External Port, Internal Port and Protocol will be automatically filled in. 6. Click VIEW CONNECTED DEVICES and select your home PC. The Device IP Address will be automatically filled in. Or enter the PC’s IP address 192.168.0.100 manually in the Device IP Address field. 7. Click SAVE. Tips: It is recommended to keep the default settings of Internal Port and Protocol if you are not clear about which port and protocol to use.
Chapter 12 NAT Forwarding Tips: The WAN IP should be a public IP address. For the WAN IP is assigned dynamically by the ISP, it is recommended to apply and register a domain name for the WAN referring to Set Up a Dynamic DNS Service Account. Then users on the internet can use http:// domain name to visit the website. • If you have changed the default External Port, you should use http:// WAN IP: External Port or http:// domain name: External Port to visit the website. • 12. 2.
Chapter 12 NAT Forwarding 4. Click SAVE. Tips: • You can add multiple port triggering rules according to your network need. • The triggering ports can not be overlapped. • If the application you need is not listed in the Existing Applications list, please enter the parameters manually. You should verify the external ports the application uses first and enter them into External Port field according to the format the page displays. 12. 3.
Chapter 12 NAT Forwarding How can I do that? 1. Assign a static IP address to your PC, for example 192.168.0.100. 2. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 3. Go to Advanced > NAT Forwarding > DMZ and tick to enable DMZ. 4. Click VIEW CONNECTED DEVICES and select your PC. The Device IP Address will be automatically filled in. Or enter the PC’s IP address 192.168.0.100 manually in the DMZ Host IP Address field. 5. Click SAVE.
Chapter 12 NAT Forwarding corresponding ports allowing the following data penetrating the NAT to transmit. Therefore, you can play Xbox online games without a hitch. INTERNET If necessary, you can follow the steps to change the status of UPnP. 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 2. Go to Advanced > NAT Forwarding > UPnP and toggle on or off according to your needs.
Chapter 13 VPN Server&Client The router offers several ways to set up VPN connections: VPN Server allows remote devices to access your home network in a secured way through the internet. The router supports three types of VPN Server: OpenVPN is somewhat complex but with higher security and more stability, suitable for restricted environments such as campus network and company intranet.
Chapter 13 VPN Server&Client 13. 1. Use OpenVPN to Access Your Home Network OpenVPN Server is used to create an OpenVPN connection for remote devices to access your home network. To use the VPN feature, you need to enable OpenVPN Server on your router, and install and run VPN client software on remote devices. Please follow the steps below to set up an OpenVPN connection. INTERNET Home Network Router (VPN Server) Remote Devices Step1. Set up OpenVPN Server on Your Router 1.
Chapter 13 VPN Server&Client 6. Select your Client Access type. Select Home Network Only if you only want the remote device to access your home network; select Internet and Home Network if you also want the remote device to access internet through the VPN Server. 7. Click SAVE. 8. Click GENERATE to get a new certificate. Note: If you have already generated one, please skip this step, or click GENERATE to update the certificate. 9.
Chapter 13 VPN Server&Client 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router. 2. Go to Advanced > VPN Server > PPTP, and tick the Enable box of PPTP. Note: Before you enable VPN Server, we recommend you configure Dynamic DNS Service (recommended) or assign a static IP address for router’s WAN port and synchronize your System Time with internet. 3.
Chapter 13 VPN Server&Client 3 ) Click ADD. Step 2. Configure PPTP VPN Connection on Your Remote Device The remote device can use the Windows built-in PPTP software or a third-party PPTP software to connect to PPTP Server. Here we use the Windows built-in PPTP software as an example. 1. Go to Start > Control Panel > Network and Internet > Network and Sharing Center. 2. Select Set up a new connection or network. 3. Select Connect to a workplace and click Next.
Chapter 13 VPN Server&Client 4. Select Use my Internet connection (VPN). 5. Enter the internet IP address of the router (for example: 218.18.1.73) in the Internet address field. Click Next.
Chapter 13 VPN Server&Client 6. Enter the User name and Password you have set for the PPTP VPN server on your router, and click Connect. 7. Click Connect Now when the VPN connection is ready to use.
Chapter 13 VPN Server&Client 13. 3. Use L2TP/IPSec VPN to Access Your Home Network L2TP/IPSec VPN Server is used to create a L2TP/IPSec VPN connection for remote devices to access your home network. To use the VPN feature, you need to set up L2TP/IPSec VPN Server on your router, and configure the L2TP/IPSec connection on remote devices. Please follow the steps below to set up the L2TP/IPSec VPN connection. INTERNET Home Network Router (VPN Server) Remote Devices Step 1.
Chapter 13 VPN Server&Client 3. In the Client IP Address field, enter the range of IP addresses (up to 10) that can be leased to the devices by the L2TP/IPSec VPN server. 4. Keep IPSec Encryption as Encrypted and create an IPSec Pre-Shared Key. 5. Click SAVE. 6. Configure the L2TP/IPSec VPN connection account for the remote device. You can create up to 16 accounts. 4 ) Click Add. 5 ) Enter the Username and Password to authenticate devices to the L2TP/IPSec VPN Server. 6 ) Click ADD. Step 2.
Chapter 13 VPN Server&Client The remote device can use the Windows or Mac OS built-in L2TP/IPSec software or a third-party L2TP/IPSec software to connect to L2TP/IPSec Server. Here we use the Windows built-in L2TP/IPSec software as an example. 1. Go to Start > Control Panel > Network and Internet > Network and Sharing Center. 2. Select Set up a new connection or network. 3. Select Connect to a workplace and click Next.
Chapter 13 VPN Server&Client 4. Select Use my Internet connection (VPN). 5. Enter the internet IP address of the router (for example: 218.18.1.73) in the Internet address field, and select the checkbox Don’t connect now; just set it up so I can connect later. Click Next. 6. Enter the User name and Password you have set for the L2TP/IPSec VPN server on your router, and click Connect.
Chapter 13 VPN Server&Client 7. Click Close when the VPN connection is ready to use 8. Go to Network and Sharing Center and click Change adapter settings.
Chapter 13 VPN Server&Client 9. Find the VPN connection you created, then double-click it. 10. Enter the User name and Password you have set for the L2TP/IPSec VPN server on your router, and click Properties.
Chapter 13 VPN Server&Client 11. Switch to the Security tab, select Layer 2 Tunneling Protocol with IPsec (L2TP/ IPSec) and click Advanced settings. 12. Select Use preshared key for authentication and enter the IPSec Pre-Shared Key you have set for the L2TP/IPSec VPN server on your router. Then click OK. Done! Click Connect to start VPN connection.
Chapter 13 VPN Server&Client 13. 4. Use VPN Client to Access a Remote VPN Server VPN Client is used to create VPN connections for devices in your home network to access a remote VPN server. To use the VPN feature, simply configure a VPN connection and choose your desired devices on your router, then these devices can access the remote VPN server. Please follow the steps below: INTERNET Home Devices Router (VPN Client) VPN Servers 1. Visit http://tplinkwifi.
Chapter 13 VPN Server&Client 3 ) Enter the VPN information provided by your VPN provider. • OpenVPN: Enter the VPN username and password if required by your VPN provider, otherwise simply leave them empty. Then import the configuration file provided by your VPN provider. • PPTP: Enter the VPN server address (for example: 218.18.1.73) and the VPN username and password provided by your VPN provider.
Chapter 13 • VPN Server&Client L2TP/IPSec VPN: Enter the VPN server address (for example: 218.18.1.73), VPN username and password, and IPSec pre-shared key provided by your VPN provider. 4 ) Save the settings. 5 ) In the server list, enable the one you need.
Chapter 13 VPN Server&Client 5. Add and manage the devices that will use the VPN function. 1 ) In the Device List section, click Add. 2 ) Choose and add the devices that will access the VPN server you have configured. 6. Save the settings.
Chapter 13 VPN Server&Client Done! Now the devices you specified can access the VPN server you enabled.
Chapter 14 Customize Your Network Settings This chapter guides you on how to configure advanced network features.
Chapter 14 Customize Your Network Settings 14. 1. Change the LAN Settings The router is preset with a default LAN IP 192.168.0.1, which you can use to log in to its web management page. The LAN IP address together with the Subnet Mask also defines the subnet that the connected devices are on. If the IP address conflicts with another device on your local network or your network requires a specific IP subnet, you can change it. 1. Visit http://tplinkwifi.
Chapter 14 Customize Your Network Settings 2 ) Click SAVE. 3 ) After configuring IGMP proxy, IPTV can work behind your router now. You can connect your set-top box to any of the router’s Ethernet port. If IGMP is not the technology your ISP applies to provide IPTV service: 1 ) Tick Enable IPTV/VLAN. 2 ) Select the appropriate Mode according to your ISP. • Select Bridge if your ISP is not listed and no other parameters are required.
Chapter 14 Customize Your Network Settings 14. 3. Specify DHCP Server Settings By default, the DHCP (Dynamic Host Configuration Protocol) Server is enabled and the router acts as a DHCP server; it dynamically assigns TCP/IP parameters to client devices from the IP Address Pool. You can change the settings of the DHCP Server if necessary, and you can reserve LAN IP addresses for specified client devices. 1. Visit http://tplinkwifi.
