Instructions for SSID security settings on Omada Controller
Contents
Configuration for WPA-Personal
Configuration for WPA-Enterprise
Objective
This article introduces five different encryption methods available in Omada Controller for New Wireless Network: None, WPA-Personal, WPA-Enterprise, PPSK without RADIUS, and PPSK with RADIUS.
Requirements
- Omada Software Controller / Hardware Controller / Cloud-Based Controller (V5.14 and above)
- Omada AP
Introduction
Users can choose different types of encryption based on their needs. Below are the application scenarios for each encryption method:
None:
Suitable for public spaces or environments requiring an open network. In this scenario, the network can be accessed without a password, allowing users to connect quickly. However, this type of encryption lacks security and is not recommended for transmitting sensitive information.
WPA-Personal:
It is ideal for small offices or home networks that require basic security and have a limited number of connected users. WPA-Personal uses a pre-shared key (PSK) for encryption, which is suitable for small networks that do not require complex authentication mechanisms.
WPA-Enterprise:
It is designed for enterprise and organizational scenarios that require high security and scalable user management. WPA-Enterprise uses the 802.1X standard for authentication via a RADIUS server, suitable for medium to large enterprise networks.
PPSK with RADIUS:
Applicable for enterprise networks that require high security and client access control. Each user has a unique pre-shared key (PPSK) and is authenticated through a RADIUS server.
PPSK without RADIUS:
Suitable for small to medium-sized enterprise networks that do not require complex RADIUS server setups, simplifying user management. Each user still has a unique pre-shared key but does not rely on the RADIUS server for authentication, offering higher security than WPA-Personal and convenient for scenarios without the need for enterprise-level management.
Configuration
Step 1. Log in Controller, select a site, go to Settings > Wireless Networks > WLAN, and click Create New Wireless Network to create a new SSID.
Step 2. Select an encryption method from the drop-down list for Security.
Configuration for None
Step 1. If you select None as the encryption method, you can connect your client devices to the network without a password.
Step 2. With None as the encryption, you can choose whether to enable Opportunistic Wireless Encryption (OWE), with which data transmitted in this wireless network will be encrypted. OWE can protect your data without a password.
Note: The 6 GHz band supports OWE by default, while for the 2.4 GHz and 5 GHz bands, check whether the EAP firmware is compatible with the Omada Controller version 5.14 or above. Refer to the firmware release notes for details.
Configuration for WPA-Personal
Step 1. Select WPA-Personal as the encryption method and enter a password that ranges from 8-63 ASCII characters.
Step 2. Click Advanced Settings. In the WPA Mode, you can choose different modes: WPA is applicable for devices or network adapters that only support WPA; WPA2 is suitable for most home and enterprise networks; WPA3 is a better choice for scenarios with higher security requirements, such as enterprises and government agencies.
Configuration for WPA-Enterprise
Step 1. Select WPA-Enterprise as the encryption method.
Step 2. Select the existing RADIUS Profile or create a new RADIUS Profile.
Note: The RADIUS Profile can also be created in Settings > Profiles > RADIUS Profile.
Step 3. Select a NAS ID, which is used to identify different network service providers during the RADIUS authentication process.
Step 4. Select a WPA Mode in Advanced Settings according to the network scenario. WPA-Enterprise has higher security than WPA-Personal
Configuration for PPSK
Refer to the guide【Omada SDN Controller】Configure PPSK for PPSK without RADIUS and PPSK with RADIUS configuration.
Note: Since the 6 GHz band uses WPA3 for encryption and PPSK only supports WPA and WPA2, PPSK can only be configured in the 2.4 GHz and 5 GHz bands.
Conclusion
You have successfully selected a proper encryption method for the SSID on the Controller.
Get to know more details of each function and configuration please go to Download Center to download the manual of your product.
Is this faq useful?
Your feedback helps improve this site.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.