Home » TP-Link Manuals » Bridges & Routers » TP-Link ER7212PC » Manual Viewer

TP-Link ER7212PC ER7212PCUN V1 User Guide - Page 123

For Phase-2 Settings, Local ID, Remote ID Type, IP Address, Remote ID, SA Lifetime, DPD Interval

Add to My Manuals
Save this manual to your list of manuals

Page 123 highlights

Chapter 3 Configure the Network with Omada SDN Controller Local ID Remote ID Type Remote ID SA Lifetime DPD DPD Interval When the Local ID Type is configured as Name, enter a name for the local device as the ID in IKE negotiation. The name should be in the format of FQDN (Fully Qualified Domain Name). Specify the type of Remote ID which indicates the authentication identifier received from the peer for IKE negotiation. IP Address: Select IP Address to use the IP address for authentication. Name: Select Name, and then enter the name in the Remote ID field to use the name as the ID for authentication. Note that the type and value of Remote ID should be the same as Local ID given for the remote peer of the VPN tunnel. When the Remote ID Type is configured as Name, enter a name of the remote peer as the ID in IKE negotiation. The name should be in the format of FQDN (Fully Qualified Domain Name). Specify ISAKMP SA (Security Association) Lifetime in IKE negotiation. If the SA lifetime expired, the related ISAKMP SA will be deleted. Check the box to enable DPD (Dead Peer Detect) function. If enabled, the IKE endpoint can send a DPD request to the peer to inspect whether the IKE peer is alive. Specify the interval between sending DPD requests with DPD enabled. If the IKE endpoint receives a response from the peer during this interval, it considers the peer alive. If the IKE endpoint does not receive a response during the interval, it considers the peer dead and deletes the SA. For Phase-2 Settings: Phase-2 Settings The purpose of Phase 2 negotiations is to establish the Phase-2 SA (also called the IPsec SA). The IPsec SA is a set of traffic specifications that tell the device what traffic to send over the VPN, and how to encrypt and authenticate that traffic. Encapsulation Mode Specify the Encapsulation Mode as Tunnel Mode or Transport Mode. When both ends of the tunnel are hosts, either mode can be chosen. When at least one of the endpoints of a tunnel is a security gateway, such as a router or firewall, Tunnel Mode is recommended to ensure safety. Proposal Specify the proposal for IKE negotiation phase-2. An IPsec proposal lists the encryption algorithm, authentication algorithm and protocol to be negotiated with the remote IPsec peer. Note that both peer gateways must be configured to use the same Proposal. PFS Select the DH group to enable PFS (Perfect Forward Security) for IKE mode, then the key generated in phase-2 will be irrelevant with the key in phase-1, which enhance the network security. With None selected, it means PFS is disabled and the key in phase-2 will be generated based on the key in phase-1. SA Lifetime Specify IPsec SA (Security Association) Lifetime in IKE negotiation. If the SA lifetime expired, the related IPsec SA will be deleted. 117

Section	Page
About this Guide	2
Accessing the Controller	7
Web Interface Access	8
Determine the Network Topology	8
Start and Log in to Your Controller	8
Manage Omada Managed Devices and Sites	12
Create Sites	13
Adopt Devices	17
Configure the Network with Omada SDN Controller	27
Navigate the UI	28
Modify the Current Site Configuration	33
Site Configuration	33
Services	34
Advanced Features	36
Device Account	39
Configure Wired Networks	41
Set Up an Internet Connection	41
Configure LAN Networks	60
Configure Wireless Networks	72
Set Up Basic Wireless Networks	72
Advanced Settings	79
WLAN Schedule	80
802.11 Rate Control	81
MAC Filter	82
AI WLAN Optimization	83
Network Security	85
ACL	85
URL Filtering	93
Attack Defense	96
Firewall	100
Transmission	103
Routing	103
NAT	106
Session Limit	110
Bandwidth Control	111
Configure VPN	114
VPN	114
VPN User	137
Create Profiles	140
Time Range	140
Groups	142
Rate Limit	145
PPSK	147
Authentication	151
Portal	151
802.1X	185
MAC-Based Authentication	188
RADIUS Profile	190
Services	193
DHCP Reservation	193
Dynamic DNS	194
mDNS	196
SNMP	197
UPnP	198
SSH	199
Reboot Schedule	199
PoE Schedule	200
IPTV	201
Upgrade Schedule	203
Export Data	204
Configure the Omada SDN Controller	207
Manage the Controller	208
General Settings	208
Controller Capacity	208
User Interface	209
Mail Server	210
History Data Retention	212
Join User Experience Improvement Program	213
Controller Status	214
HTTPS Certificate	215
Access Config	216
Integrated Router	218
Manage Your Controller Remotely via Cloud Access	220
Maintenance	222
Backup & Restore	222
Auto Backup	223
Export for Support	225
Migration	226
Site Migration	226
Controller Migration	231
Configure and Monitor Omada Managed Devices	239
Introduction to the Devices Page	240
Configure and Monitor the Gateway	245
Configure the Gateway	245
Monitor the Gateway	250
Configure and Monitor Switches	253
Configure Switches	253
Monitor Switches	278
Configure and Monitor EAPs	283
Configure EAPs	283
Monitor EAPs	295
Monitor and Manage the Clients	308
Manage Wired and Wireless Clients in Clients Page	309
Introduction to Clients Page	309
Using the Clients Table to Monitor and Manage the Clients	309
Using the Properties Window to Monitor and Manage the Clients	311
Manage Client Authentication in Hotspot Manager	316
Dashboard	316
Authorized Clients	317
Vouchers	317
Local Users	320
Form Auth Data	324
Operators	325
Monitor the Network	327
View the Status of Network with Dashboard	328
Page Layout of Dashboard	328
Explanation of Widgets	330
View the Statistics of the Network	342
Performance	342
Switch Statistics	345
Monitor the Network with Map	348
Topology	348
Heat Map	350
Device Map	355
Site Map	358
Monitor the Network with Report	361
View the Statistics During Specified Period with Insight	362
Known Clients	362
Past Connections	363
Past Portal Authorizations	364
Switch Status	365
Port Forwarding Status	369
VPN Status	370
Routing Table	372
Dynamic DNS	374
Rogue APs	374
View and Manage Logs	377
Alerts	378
Events	379
Notifications	380
Manage Administrator Accounts of Omada SDN Controller	386
Introduction to User Accounts	387
Create and Manage Custom Account Roles	388
Manage and Create Local User Accounts	388
Edit the Master Administrator Account	389
Create and Manage Other Local Accounts	390
Manage and Create Cloud User Accounts	393
Set Up the Cloud Master Administrator	393

Match case Limit results 1 per page

117

Chapter 3

Conﬁgure the Network with Omada SDN Controller

Local ID

When the Local ID Type is configured as Name, enter a name for the local device

as the ID in IKE negotiation. The name should be in the format of FQDN (Fully

Qualified Domain Name).

Remote ID Type

Specify the type of Remote ID which indicates the authentication identifier

received from the peer for IKE negotiation.

IP Address:

Select IP Address to use the IP address for authentication.

Name:

Select Name, and then enter the name in the Remote ID field to use the

name as the ID for authentication.

Note that the type and value of Remote ID should be the same as Local ID given

for the remote peer of the VPN tunnel.

Remote ID

When the Remote ID Type is configured as Name, enter a name of the remote

peer as the ID in IKE negotiation. The name should be in the format of FQDN (Fully

Qualified Domain Name).

SA Lifetime

Specify ISAKMP SA (Security Association) Lifetime in IKE negotiation. If the SA

lifetime expired, the related ISAKMP SA will be deleted.

DPD

Check the box to enable DPD (Dead Peer Detect) function. If enabled, the IKE

endpoint can send a DPD request to the peer to inspect whether the IKE peer is

alive.

DPD Interval

Specify the interval between sending DPD requests with DPD enabled. If the IKE

endpoint receives a response from the peer during this interval, it considers the

peer alive. If the IKE endpoint does not receive a response during the interval, it

considers the peer dead and deletes the SA.

For Phase-2 Settings:

Phase-2 Settings

The purpose of Phase 2 negotiations is to establish the Phase-2 SA (also called

the IPsec SA). The IPsec SA is a set of traffic specifications that tell the device

what traffic to send over the VPN, and how to encrypt and authenticate that traffic.

Encapsulation Mode

Specify the Encapsulation Mode as Tunnel Mode or Transport Mode. When both

ends of the tunnel are hosts, either mode can be chosen. When at least one of

the endpoints of a tunnel is a security gateway, such as a router or firewall, Tunnel

Mode is recommended to ensure safety.

Proposal

Specify the proposal for IKE negotiation phase-2. An IPsec proposal lists the

encryption algorithm, authentication algorithm and protocol to be negotiated with

the remote IPsec peer.

Note that both peer gateways must be configured to use the same Proposal.

PFS

Select the DH group to enable PFS (Perfect Forward Security) for IKE mode, then

the key generated in phase-2 will be irrelevant with the key in phase-1, which

enhance the network security. With None selected, it means PFS is disabled and

the key in phase-2 will be generated based on the key in phase-1.

SA Lifetime

Specify IPsec SA (Security Association) Lifetime in IKE negotiation. If the SA

lifetime expired, the related IPsec SA will be deleted.