User Guide AC1200 Whole Home Mesh Wi-Fi AP HC220-G5 1910020928 REV1.0.
Contents About This Guide..........................................................................................................1 Chapter 1. Get to Know Your Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1. 1. 1. 2. Product Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Appearance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 10. Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 10. 1. 10. 2. 10. 3. 10. 4. Firewall & DoS Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Service Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14. 2. 14. 3. 14. 4. 14. 5. 14. 6. 14. 7. Control LED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Test Internet Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Update the Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Back Up and Restore Configuration Settings . . . . . . . . .
About This Guide This guide is a complement to Quick Installation Guide. The Quick Installation Guide provides instructions for quick internet setup, while this guide contains details of each function and demonstrates how to configure them. Your device supports two operation modes, access point mode and router mode.
Chapter 1 Get to Know Your Device This chapter introduces what your device can do and shows its appearance.
Chapter 1 Get to Know Your Device 1. 1. Product Overview 1. 2. Appearance The Whole Home Mesh Wi-Fi AP is designed to extend your network coverage. You can use multiple devices to create a seamless, intelligent and easy-to-configure mesh network that covers the entire home. The system consists of a controller, and one or more agents. The controller connects to a wired router, or a modem or gateway, the agent extends the wireless coverage of your network.
Chapter 1 Get to Know Your Device LED Explanation Status Indication Red The device has an issue. Off Power is off, or the status LED is turned off. For information about the button and ports, you can refer to the explanation table below. Item WPS button Power port Description Press the button to start a WPS or mesh connection process. For connecting the device to a power socket via the provided power adapter.
Chapter 2 Connect the Device This chapter contains the following sections: • Position the Device • Connect Your Device
Chapter 2 2. 1. Connect the Device Position the Device • The device should not be located in a place where it will be exposed to moisture or excessive heat. • Place the device in a location where it can be connected to multiple devices as well as to a power source. • Make sure the cables and power cord are safely placed out of the way so they do not create a tripping hazard.
Chapter 2 Connect the Device Internet Power Adapter POWER Wired Router WAN/LAN LAN1 LAN2 RESET AP (Controller) 1 2 1. Connect the power adapter to the AP device. 2. Connect the WAN/LAN port of the AP device to your wired router’s Ethernet port via an Ethernet cable. 3. Verify the status LED (on the bottom of the device) is flashing blue before continuing with the configuration. 4. Connect your computer to the router.
Chapter 2 Connect the Device Computer Smart Device < Settings Connections are available Wireless Network Connection OR TP-Link_XXXX Connect automatically Connect Wi-Fi Wi-Fi CHOOSE A NETWORK... TP-Link_XXXX Other... Note: In access point mode, functions like NAT, Parental Controls are not supported.
Chapter 3 Log In to Your Device This chapter introduces how to log in to the web management page of the device.
Chapter 3 Log In to Your Device With the web management page, it is easy to configure and manage your device. The web management page can be used on any Windows, Macintosh or UNIX OS with a Web browser, such as Microsoft the Internet Explorer, Mozilla Firefox or Apple Safari. Follow the steps below to log in to your device. 1. Set up the TCP/IP Protocol in Obtain an IP address automatically mode on your computer. 2. Launch a web browser and enter http://tplinkwifi.net in the address bar.
Chapter 4 Set Up Internet Connection This chapter introduces how to connect your router to the internet. The router is equipped with a web-based Quick Setup wizard. It includes the necessary configuration options of ISP, automates the setup process and verifies whether those settings have been successfully completed. Furthermore, you can also set up an IPv6 connection if your ISP provides IPv6 service.
Chapter 4 4. 1. Set Up Internet Connection Use Quick Setup Wizard The Quick Setup wizard will guide you through the process to set up your device. Tips: If you need the IPv6 internet connection, please refer to the section of Set Up an IPv6 Internet Connection. Follow the steps below to set up your router. 1. Visit http://tplinkwifi.net, and log in with the password you set for your device. 2. Click Quick Setup on the top of the page.
Chapter 4 Set Up Internet Connection 4. Connect the power adapter to the AP device. 5. Connect a computer to the AP device via an Ethernet cable or wirelessly by using the SSID (network name) and Wireless Password. 6. Launch a web browser and enter http://tplinkwifi.net in the address bar, and log in to your AP device using the password you set. 7. Go to Settings > Operation Mode, select Router and click Save.
Chapter 4 Set Up Internet Connection 2 ) If you choose Static IP, enter the information provided by your ISP in the corresponding fields. 3 ) If you choose PPPoE, enter the Username and Password provided by your ISP. PPPoE users usually have DSL cable modems. 4 ) If you choose L2TP, enter the Username and Password, and select the DNS Address Mode provided by your ISP. Different parameters are needed according to the DNS address mode you selected.
Chapter 4 Set Up Internet Connection 5 ) If you choose PPTP, enter the Username and Password, and select the DNS Address Mode provided by your ISP. Different parameters are needed according to the DNS address mode you selected. 5. Click Save to make the settings effective, and you can refer to Test Internet Connectivity to test if the internet connection works. Note: It may take 1-2 minutes to save the settings. Tips: 3.
Chapter 4 Set Up Internet Connection If your ISP provides an IPv4-only connection or IPv6 tunnel service, permit IPv6 connection by referring to Set Up the IPv6 Tunnel. 1. Visit http://tplinkwifi.net, and log in with the password you set for the router. 2. Go to Advanced > Network > Internet. 3. Select your WAN Interface Name (Status should be Connected) and click the icon. (Edit) 4. Scroll down the page to enable IPv6, and configure the IPv6 parameters.
Chapter 5 Create Mesh Wi-Fi System This chapter describes how you can add the agent to create a mesh Wi-Fi system and extend the wireless coverage.
Chapter 5 Create Mesh Wi-Fi System The Whole Home Mesh Wi-Fi System includes a controller, one or more agents. If you have more than one mesh AP devices, you can add the remaining ones as agents to create a mesh Wi-Fi system and extend your Wi-Fi coverage. Please note that you can only add the AP device as agent when it is in factory default settings. ¾¾ To add a agent to your network • Method 1: Wireless Connection 1.
Chapter 5 1. 2. 3. 4. Create Mesh Wi-Fi System Tips: If the agent’s status LED still flashes blue, please repeat the synchronizing process. The agent automatically follows the Wi-Fi settings of the controller. You can also synchronize the add-on agent with the agent in your existing mesh Wi-Fi system. You can log in to the controller if you want to manage your mesh network. You can place the agent in appropriate places to extend the wireless signal coverage.
Chapter 6 Multi-SSID Multi-SSID function allows you to provide Wi-Fi access for your visitors without disclosing your main network. When you have guests in your house, apartment, or workplace, you can create a multi-SSID wireless network for them. In addition, you can customize the network settings to ensure your network security and privacy.
Chapter 6 Multi-SSID ¾¾ To create a multi-SSID network: 1. Visit http://tplinkwifi.net, and log in with the password you set for the router. 2. Go to Basic > Multi-SSID or Advanced > Wireless > Multi-SSID. 3. Create the multi-SSID network as needed. 1 ) Select the Enable check box to create the corresponding multi-SSID network. You can create three multi-SSID wireless networks at most. 2 ) Enter a new Network Name (SSID) or use the default name, this field is casesensitive.
Chapter 7 TP-Link Cloud Service TP-Link Cloud service provides a better way to manage your cloud devices. Log in to your router with a TP-Link ID, and you can easily monitor and manage your home network when you are out and about via the Tether app. To ensure that your router stays new and gets better over time, the TP-Link Cloud will notify you when an important firmware upgrade is available. Surely you can also manage multiple TP-Link Cloud devices with a single TP-Link ID.
Chapter 7 7. 1. TP-Link Cloud Service Register a TP-Link ID If you have skipped the registration during the Quick Setup process, you can: 1. Visit http://tplinkwifi.net, and log in with the password you set for the router. 2. Go to Advanced > TP-Link ID or click TP-Link ID on the very top of the page. 3. Click Sign Up and follow the instructions to register a TP-Link ID. 4. After activating your TP-Link ID, come back to the TP-Link ID page to log in.
Chapter 7 • TP-Link Cloud Service To change your password: 1. Click behind the Password. 7. 3. Manage the User TP-Link IDs 2. Enter the current password, then a new password twice. And click SAVE. The TP-Link ID used to log in to the router for the first time will be automatically bound as the Admin account.
Chapter 7 TP-Link Cloud Service from the same router as Users. All accounts can monitor and manage the router locally or remotely, but user accounts cannot: • Reset the router to its factory default settings either on the web management page or in the Tether app. • Add/remove other TP-Link IDs to/from the router. 7. 3. 1. Add TP-Link ID to Manage the Router 1. Visit http://tplinkwifi.net, and log in with your TP-Link ID. 2. Go to Advanced > TP-Link ID, and focus on the Bound Accounts section. 3.
Chapter 7 7. 4. TP-Link Cloud Service Manage the Router via the TP-Link Tether App The Tether app runs on iOS and Android devices, such as smartphones and tablets. 1. Launch the Apple App Store or Google Play store and search “TP-Link Tether” or simply scan the QR code to download and install the app. OR 2. Launch the Tether app and log in with your TP-Link ID. Note: If you don’t have a TP-Link ID, create one first. 3. Connect your device to the router’s wireless network. 4.
Chapter 8 EasyMesh with Seamless Roaming
Chapter 8 EasyMesh with Seamless Roaming TP-Link EasyMesh router and EasyMesh supported routers or extenders work together to form one unified Wi-Fi network. Walk through your home and stay connected with the fastest possible speeds thanks to its seamless coverage. SAME INTERNE T Network Name & Password for seamless roaming Unified Wi-Fi Network Router and extenders share the same wireless settings, including network name, password, access control settings and more.
Chapter 8 EasyMesh with Seamless Roaming 3. Click Add Mesh Device. 4. Follow the setup instructions on the web page to add the new AP device. Or you can follow the setup instructions in the user manual of the new AP. Note: Please make sure the new mesh device to be added has not been used in other mesh network. 5. If you have added the mesh device to join the EasyMesh network, it will be listed on the router’s Network Map page.
Chapter 9 Parental Controls This function allows you to block inappropriate, explicit and malicious websites, and control access to specified websites at specified time.
Chapter 9 I want to: Parental Controls Control what types of websites my children or other home network users can visit and the time of day they are allowed to access the internet. For example, I want to allow my children’s devices (e.g. a computer or a tablet) to access only www.tp-link.com and Wikipedia.org from 18:00 (6 PM) to 22:00 (10 PM) on the weekdays and not other time. How can I do that? 1. Visit http://tplinkwifi.net, and log in with the password you set for the controller. 2.
Chapter 9 Parental Controls 5. Enter a Description for the entry, keep the Enable This Entry check box selected, and then click Save. 6. Enable Content Restriction, and select Whitelist as the restriction policy. Tips: • With Blacklist selected, the controlled devices cannot access any websites containing the specified keywords during the Effective Time period. • With Whitelist selected, the controlled devices can only access websites containing the specified keywords during the Effective Time period.
Chapter 9 Parental Controls 8. You can add up to 32 keywords for either Blacklist or Whitelist. Below are some sample entries for your reference. • For Whitelist: Enter a web address (e.g. wikipedia.org) to allow access only to its related websites. If you wish to block all internet browsing access, do not add any keyword to the Whitelist. Done! • For Blacklist: Specify a web address (e.g. wikipedia.org), a web address keyword (e.g. wikipedia) or a domain suffix (e.g. .edu or .
Chapter 10 Network Security This chapter guides you on how to protect your home network from unauthorized users by implementing network security functions. You can block or allow specific client devices to access your wireless network using MAC Filtering, or using Access Control for wired and wireless networks, or you can prevent ARP spoofing and ARP attacks by using IP & MAC Binding.
Chapter 10 Network Security 10. 1. Firewall & DoS Protection The SPI (Stateful Packet Inspection) Firewall and DoS (Denial of Service) Protection protect the controller from cyber attacks. The SPI Firewall can prevent cyber attacks and validate the traffic that is passing through the controller based on the protocol. This function is enabled by default, and it is recommended to keep the default settings.
Chapter 10 Network Security 2. The protection will be triggered immediately when the number of packets exceeds the preset threshold value, and the vicious host will be displayed in the Blocked DoS Host List. 10. 2. Service Filtering With Service Filtering, you can prevent certain users from accessing the specified service, and even block internet access completely. 1. Visit http://tplinkwifi.net, and log in with the password you set for the controller. 2. Go to Advanced > Security > Service Filtering.
Network Security Chapter 10 5. Select a Service Type from the drop-down list and the following four boxes will be automatically filled in. Select Custom when your desired service type is not listed, and enter the information manually. 6. Specify the IP address(es) that this filtering rule will apply to. 7. Click OK to make the settings effective. Note: If you want to disable an entry, click the icon. 10. 3.
Network Security Chapter 10 3. Select the access mode to either block (recommended) or allow the device(s) to access your network. To block specific device(s): 1 ) Select Blacklist and click Save. 2 ) Select the device(s) to be blocked in the Online Devices table (or click the Add under the Devices in Blacklist and enter the Device Name and MAC Address manually). 3 ) Click Block above the Online Devices table. The selected devices will be added to Devices in Blacklist automatically.
Network Security Chapter 10 3 ) Enter the Device Name and MAC Address. (You can copy and paste the information from Online Devices table if the device is connected to your network.) Done! 4 ) Click OK. Now you can block or allow specific client devices to access your network (via wired or wireless) by Blacklist or Whitelist. 10. 4. IP & MAC Binding IP & MAC Binding, namely, ARP (Address Resolution Protocol) Binding, is used to bind a network device’s IP address to its MAC address.
Network Security Chapter 10 3. Bind your device(s) according to your needs. To bind the connected device(s): 1 ) Select the device(s) to be bound in the ARP List. 2 ) Click Bind to add to the Binding List. To bind the unconnected device 1 ) Click Add. 2 ) Enter the MAC address and IP address that you want to bind. 3 ) Select the Enable This Entry check box to enable the entry and click OK. Done! Enjoy the internet without worrying about ARP spoofing and ARP attacks.
Chapter 11 NAT Forwarding Router’s NAT (Network Address Translation) feature makes the devices in the LAN use the same public IP address to communicate in the internet, which protects the local network by hiding IP addresses of the devices. However, it also brings about the problem that external host cannot initiatively communicate with the specified device in the local network.
Chapter 11 NAT Forwarding 11. 1. Translate Address and Port by ALG ALG (Application Layer Gateway) allows customized NAT (Network Address Translation) traversal filters to be plugged into the gateway to support address and port translation for certain application layer “control/data” protocols: FTP, TFTP etc. Enabling ALG is recommended. Visit http://tplinkwifi.net, and log in with the password you set for the controller. Go to Advanced > NAT Forwarding > ALG.
Chapter 11 NAT Forwarding 11. 2. Share Local Resources over the Internet by Virtual Server When you build up a server in the local network and want to share it on the internet, Virtual Server can realize the service and provide it to the internet users. At the same time virtual server can keep the local network safe as other services are still invisible from the internet. Virtual server can be used for setting up public services in your local network, such as HTTP, FTP, DNS, POP3/SMTP and Telnet.
Chapter 11 NAT Forwarding 4. Click View Existing Applications, and choose HTTP. The external port, internal port and protocol will be automatically filled in. Enter the PC’s IP address 192.168.0.100 in the Internal IP field. 5. Click OK to make the settings effective. Done! Tips: 1. It is recommended to keep the default settings of Internal Port and Protocol if you are not clear about which port and protocol to use. 2.
Chapter 11 NAT Forwarding address of the host. When the data from the internet returns to the external ports, the router can forward them to the corresponding host. Port triggering is mainly applied to online games, VoIPs and video players. Common applications include MSN Gaming Zone, Dialpad, Quick Time 4 players, and so on. Follow the steps below to configure the port triggering rules: 1. Visit http://tplinkwifi.net, and log in with the password you set for the controller. 2.
Chapter 11 NAT Forwarding all ports opened. When you are not clear about which ports to open in some special applications, like IP camera and database software, you can set the PC to be a DMZ host. Note: DMZ is most applicable when you don’t know which ports to open. When it is enabled, the DMZ host is totally exposed to the internet, which may bring some potential safety hazards. If DMZ is not in use, please disable it in time.
Chapter 11 NAT Forwarding connection of the network. You need to enable the UPnP if you want to use applications such as multiplayer gaming, peer-to-peer connections, real-time communication (for example, VoIP or telephone conference), or remote assistance. Tips: 1. UPnP is enabled by default in this device. 2. Only the application supporting UPnP protocol can use this feature. 3. UPnP feature needs the support of operating system (e.g. Windows Vista/ Windows 7/ Windows 8, etc.
Chapter 12 VPN Server The VPN (Virtual Private Networking) Server allows you to access your home network in a secured way through internet when you are out of home. The router offers two ways to setup VPN connection: OpenVPN and PPTP (Point to Point Tunneling Protocol) VPN. OpenVPN is somewhat complex but with greater security and more stable. It is suitable for restricted environment, such as campus network and company intranet.
Chapter 12 VPN Server 12. 1. Use OpenVPN to Access Your Home Network In the OpenVPN connection, the home network can act as a server, and the remote device can access the server through the router which acts as an OpenVPN Server gateway. To use the VPN feature, you should enable OpenVPN Server on your router, and install and run VPN client software on the remote device. Please follow the steps below to set up an OpenVPN connection. Home Network Controller Remote Device Step1.
Chapter 12 VPN Server 7. Click Save. 8. Click Generate to get a new certificate. Note: If you have already generated one, please skip this step, or click Generate to update the certificate. 9. Click Export to save the OpenVPN configuration file which will be used by the remote device to access your controller. Step 2. Configure OpenVPN Connection on Your Remote Device 1. Visit http://openvpn.net/index.php/download/community-downloads.
Chapter 12 VPN Server Note: Before you enable VPN Server, we recommend you configure Dynamic DNS Service (recommended) or assign a static IP address for controller’s WAN port and synchronize your System Time with internet. 3. In the Client IP Address filed, enter the range of IP addresses (up to 10) that can be leased to the devices by the PPTP VPN server. 4. Enter the Username and Password to authenticate clients to the PPTP VPN server. 5. Click Save to make the settings effective. Step 2.
Chapter 12 VPN Server 4. Select Use my Internet connection (VPN). 5. Enter the internet IP address of the controller (for example: 218.18.1.73) in the Internet address field. Click Next.
Chapter 12 VPN Server 6. Enter the User name and Password you have set for the PPTP VPN server on your controller, and click Connect. 7. The PPTP VPN connection is created and ready to use.
Chapter 12 VPN Server Tips: You can go to Advanced > VPN > VPN Connections to view the clients that are currently connected to the PPTP VPN servers.
Chapter 13 Customize Your Network Settings This chapter introduces how to change the default settings or adjust the basic configuration of the network setting of the controller using the web management page.
Chapter 13 Customize Your Network Settings 13. 1. Change LAN Settings 13. 1. 1. Change the LAN IP Address The controller is preset with a default LAN IP 192.168.0.1 in router mode and three guest IP address, which you can use to log in to its web management page. The LAN IP address together with the Subnet Mask also defines the subnet that the connected devices are on. If the IP address conflicts with another device in your local network or your network requires a specific IP subnet, you can change it.
Chapter 13 Customize Your Network Settings Follow the steps below to configure DHCP server. 1. Visit http://tplinkwifi.net, and log in with the password you set for the controller. 2. Go to Advanced > Network > LAN Settings page and select IPv4. 3. Enable DHCP function and select DHCP Server. 4. Specify the IP Address Pool, the start address and end address must be on the same subnet with LAN IP. The controller will assign addresses within this specified range to its clients. It is from 192.168.0.
