TP-Link EAP Series

Set up standalone TP-Link EAP access points with IronWifi for independent WiFi deployment. This guide covers RADIUS server configuration, external portal setup, free authentication (walled garden) configuration, SSID creation with portal enabled, and WPA2-Enterprise deployment for EAPs operating without Omada Controller management.

Prerequisites

In TP-Link EAP:

• TP-Link EAP access point (any model in EAP series)
• Admin access to EAP web interface
• EAP operating in standalone mode (not adopted by Omada Controller)
• Network connectivity to reach IronWifi RADIUS servers

In IronWifi Console (complete these first):

1. Create a Network in IronWifi Console
2. Create a Captive Portal with vendor TP-Link
3. Note your RADIUS settings (Primary IP, Secret) and Splash Page URL

EAP Configuration (Standalone Mode)

Access Web Interface

1. Connect to the EAP management network
2. Navigate to the EAP's IP address
3. Log in as administrator

Step 1: Configure RADIUS Server

1. Navigate to Wireless → Portal
2. Enable Portal
3. Configure:
   • Authentication Type: External RADIUS Server
   • RADIUS Server IP: {Primary IP}
   • RADIUS Port: 1812
   • RADIUS Password: {Secret}

Step 2: Configure External Portal

1. In Portal settings:
   • External Portal Server: 107.178.250.42
   • Portal URL: {Splash Page URL}

Step 3: Configure Free Auth

Configure addresses that guests can access before authentication. This is essential for the captive portal to function correctly.

Add allowed addresses before authentication:

• 107.178.250.42

If you're using social login or payment providers, add these domains to your Free Auth list:

Provider	Required Entries
Google	*.google.com, *.googleapis.com, *.gstatic.com, accounts.google.com
Facebook	*.facebook.com, *.fbcdn.net, connect.facebook.net, facebook.com
LinkedIn	*.linkedin.com, *.licdn.com, linkedin.com
Twitter/X	*.twitter.com, *.twimg.com, twitter.com, *.x.com, x.com
Apple	*.apple.com, *.icloud.com, appleid.apple.com
Microsoft/Azure AD	*.microsoft.com, *.microsoftonline.com, *.msftauth.net, login.microsoftonline.com
Stripe	*.stripe.com, js.stripe.com
PayPal	*.paypal.com, *.paypalobjects.com
Twilio (SMS)	*.twilio.com

Step 4: Create SSID

1. Navigate to Wireless → Wireless Settings
2. Create or edit SSID
3. Enable Portal for this SSID

EAP Controller (Omada)

If using Omada Controller, see the Omada Controller guide.

WPA-Enterprise

For 802.1X:

1. Navigate to Wireless → Wireless Security
2. Configure:
   • Security Mode: WPA2-Enterprise
   • RADIUS Server IP: {Primary IP}
   • RADIUS Port: 1812
   • RADIUS Password: {Secret}

Troubleshooting

If you encounter issues after configuration, use this table to diagnose and resolve common problems:

Symptom	Cause	Solution
Cannot access portal	Portal not enabled or misconfigured	Verify portal is enabled on SSID, check external server IP is 107.178.250.42, confirm RADIUS configuration is correct
Authentication failed	RADIUS connectivity or credential issues	Test RADIUS connectivity from EAP, verify shared secret matches IronWifi Console, check user credentials in IronWifi Console
Portal shows but login doesn't work	Missing Free Auth entries	Ensure 107.178.250.42 is in Free Auth list, add authentication provider domains if using social login

Related Topics

• TP-Link Omada Controller
• RADIUS Authentication Basics
• Captive Portal Configuration
• WPA-Enterprise Setup