Home » TP-Link Manuals » Networking » TP-Link OC200 » Manual Viewer

TP-Link OC200 Omada Controller Software 4.1.5Windows/Linux User Guide - Page 125

For Phase-2 Settings, Local ID Type, IP Address, Local ID, Remote ID Type, Remote ID, SA Lifetime

Add to My Manuals
Save this manual to your list of manuals

Page 125 highlights

Chapter 4 Configure the Network with Omada SDN Controller Local ID Type Local ID Remote ID Type Remote ID SA Lifetime DPD DPD Interval Specify the type of Local ID which indicates the authentication identifier sent to the peer for IKE negotiation. IP Address: Select IP Address to use the IP address for authentication. Name: Select Name, and then enter the name in the Local ID field to use the name as the ID for authentication. Note that the type and value of Local ID should be the same as Remote ID given for the remote peer of the VPN tunnel. When the Local ID Type is configured as Name, enter a name for the local device as the ID in IKE negotiation. The name should be in the format of FQDN (Fully Qualified Domain Name). Specify the type of Remote ID which indicates the authentication identifier received from the peer for IKE negotiation. IP Address: Select IP Address to use the IP address for authentication. Name: Select Name, and then enter the name in the Remote ID field to use the name as the ID for authentication. Note that the type and value of Remote ID should be the same as Local ID given for the remote peer of the VPN tunnel. When the Remote ID Type is configured as Name, enter a name of the remote peer as the ID in IKE negotiation. The name should be in the format of FQDN (Fully Qualified Domain Name). Specify ISAKMP SA (Security Association) Lifetime in IKE negotiation. If the SA lifetime expired, the related ISAKMP SA will be deleted. Check the box to enable DPD (Dead Peer Detect) function. If enabled, the IKE endpoint can send a DPD request to the peer to inspect whether the IKE peer is alive. Specify the interval between sending DPD requests with DPD enabled. If the IKE endpoint receives a response from the peer during this interval, it considers the peer alive. If the IKE endpoint does not receive a response during the interval, it considers the peer dead and deletes the SA. For Phase-2 Settings: Phase-2 Settings The purpose of Phase 2 negotiations is to establish the Phase-2 SA (also called the IPsec SA). The IPsec SA is a set of traffic specifications that tell the device what traffic to send over the VPN, and how to encrypt and authenticate that traffic. Encapsulation Mode Specify the Encapsulation Mode as Tunnel Mode or Transport Mode. When both ends of the tunnel are hosts, either mode can be chosen. When at least one of the endpoints of a tunnel is a security gateway, such as a router or firewall, Tunnel Mode is recommended to ensure safety. 123

Section	Page
About this Guide	2
Omada SDN Controller Solution Overview	3
Overview of Omada SDN Controller Solution	4
Core Components	5
Get Started with Omada SDN Controller	10
Set Up Your Software Controller	11
Determine the Network Topology	11
Install Omada Software Controller	12
Start and Log In to the Omada Software Controller	14
Set Up Your Hardware Controller	19
Determine the Network Topology	19
Deploy Omada Hardware Controller	19
Start and Log in to the Controller	20
Set up Your Cloud-Based Controller	24
Manage Omada Managed Devices and Sites	25
Create Sites	26
Adopt Devices	30
For Omada Software Controller / Omada Hardware Controller	30
For Omada Cloud-Based Controller	42
Configure the Network with Omada SDN Controller	45
Navigate the UI	46
Modify the Current Site Configuration	49
Site Configuration	49
Services	49
Advanced Features	52
Device Account	54
Configure Wired Networks	55
Set Up an Internet Connection	55
Configure LAN Networks	69
Configure Wireless Networks	78
Set Up Basic Wireless Networks	78
Advanced Settings	84
WLAN Schedule	86
802.11 Rate Control	86
MAC Filter	87
Network Security	89
ACL	89
URL Filtering	97
Attack Defense	100
Transmission	105
Routing	105
NAT	108
Session Limit	111
Bandwidth Control	112
Configure VPN	116
Create Profiles	143
Time Range	143
Groups	144
Authentication	149
Portal	149
802.1X	180
MAC-Based Authentication	183
RADIUS Profile	184
Services	187
Dynamic DNS	187
SNMP	189
UPnP	190
SSH	191
Reboot Schedule	191
PoE Schedule	192
Export Data	193
Configure the Omada SDN Controller	195
Manage the Controller	196
General Settings	196
Mail Server	197
History Data Retention	199
Customer Experience Improvement Program	199
HTTPS Certificate	200
Access Port Config	200
Manage Your Controller Remotely via Cloud Access	202
Maintenance	204
Controller Status	204
User Interface	204
Backup & Restore	206
Migration	207
Site Migration	207
Controller Migration	212
Configure and Monitor Omada Managed Devices	219
Introduction to the Devices Page	220
Configure and Monitor the Gateway	224
Configure the Gateway	224
Monitor the Gateway	228
Configure and Monitor Switches	232
Configure Switches	232
Monitor Switches	249
Configure and Monitor EAPs	253
Configure EAPs	253
Monitor EAPs	263
Monitor and Manage the Clients	270
Manage Wired and Wireless Clients in Clients Page	271
Introduction to Clients Page	271
Using the Clients Table to Monitor and Manage the Clients	271
Using the Properties Window to Monitor and Manage the Clients	273
Manage Client Authentication in Hotspot Manager	278
Authorized Clients	278
Vouchers	278
Local Users	281
Operators	284
Monitor the Network	287
View the Status of Network with Dashboard	288
Page Layout of Dashboard	288
Explanation of Widgets	290
View the Statistics of the Network	298
Performance	298
Switch Statistics	301
Speed Test Statistics	303
Monitor the Network with Map	305
Topology	305
Map	307
View the Statistics During Specified Period with Insight	310
Known Clients	310
Past Portal Authorizations	311
Rogue APs	312
View and Manage Logs	314
Alerts	315
Events	316
Notifications	317
Manage Administrator Accounts of Omada SDN Controller	323
Introduction to User Accounts	324
Manage and Create Local User Accounts	325
Edit the Master Administrator Account	325
Create and Manage Administrator and Viewer	327
Manage and Create Cloud User Accounts	330
Set Up the Cloud Master Administrator	330

Match case Limit results 1 per page

123

Chapter 4

Conﬁgure the Network with Omada SDN Controller

Local ID Type

Specify the type of Local ID which indicates the authentication identifier sent to

the peer for IKE negotiation.

IP Address:

Select IP Address to use the IP address for authentication.

Name:

Select Name, and then enter the name in the Local ID field to use the name

as the ID for authentication.

Note that the type and value of Local ID should be the same as Remote ID given

for the remote peer of the VPN tunnel.

Local ID

When the Local ID Type is configured as Name, enter a name for the local device

as the ID in IKE negotiation. The name should be in the format of FQDN (Fully

Qualified Domain Name).

Remote ID Type

Specify the type of Remote ID which indicates the authentication identifier

received from the peer for IKE negotiation.

IP Address:

Select IP Address to use the IP address for authentication.

Name:

Select Name, and then enter the name in the Remote ID field to use the

name as the ID for authentication.

Note that the type and value of Remote ID should be the same as Local ID given

for the remote peer of the VPN tunnel.

Remote ID

When the Remote ID Type is configured as Name, enter a name of the remote

peer as the ID in IKE negotiation. The name should be in the format of FQDN (Fully

Qualified Domain Name).

SA Lifetime

Specify ISAKMP SA (Security Association) Lifetime in IKE negotiation. If the SA

lifetime expired, the related ISAKMP SA will be deleted.

DPD

Check the box to enable DPD (Dead Peer Detect) function. If enabled, the IKE

endpoint can send a DPD request to the peer to inspect whether the IKE peer is

alive.

DPD Interval

Specify the interval between sending DPD requests with DPD enabled. If the IKE

endpoint receives a response from the peer during this interval, it considers the

peer alive. If the IKE endpoint does not receive a response during the interval, it

considers the peer dead and deletes the SA.

For Phase-2 Settings:

Phase-2 Settings

The purpose of Phase 2 negotiations is to establish the Phase-2 SA (also called

the IPsec SA). The IPsec SA is a set of traffic specifications that tell the device

what traffic to send over the VPN, and how to encrypt and authenticate that traffic.

Encapsulation Mode

Specify the Encapsulation Mode as Tunnel Mode or Transport Mode. When both

ends of the tunnel are hosts, either mode can be chosen. When at least one of

the endpoints of a tunnel is a security gateway, such as a router or firewall, Tunnel

Mode is recommended to ensure safety.