Search icon Choose location
 
Search icon

Instructions for SSID security settings on Omada Controller

Configuration Guide
Updated 11-08-2024 03:37:11 AM 2190
This Article Applies to: 

Contents

Objective

Requirements

Introduction

Configuration

Configuration for None

Configuration for WPA-Personal

Configuration for WPA-Enterprise

Configuration for PPSK

Conclusion

Objective

This article introduces five different encryption methods available in Omada Controller for New Wireless Network: None, WPA-Personal, WPA-Enterprise, PPSK without RADIUS, and PPSK with RADIUS.

Requirements

  • Omada Software Controller / Hardware Controller / Cloud-Based Controller (V5.14 and above)
  • Omada AP

Introduction

Users can choose different types of encryption based on their needs. Below are the application scenarios for each encryption method:

None:

Suitable for public spaces or environments requiring an open network. In this scenario, the network can be accessed without a password, allowing users to connect quickly. However, this type of encryption lacks security and is not recommended for transmitting sensitive information.

WPA-Personal:

It is ideal for small offices or home networks that require basic security and have a limited number of connected users. WPA-Personal uses a pre-shared key (PSK) for encryption, which is suitable for small networks that do not require complex authentication mechanisms.

WPA-Enterprise:

It is designed for enterprise and organizational scenarios that require high security and scalable user management. WPA-Enterprise uses the 802.1X standard for authentication via a RADIUS server, suitable for medium to large enterprise networks.

PPSK with RADIUS:

Applicable for enterprise networks that require high security and client access control. Each user has a unique pre-shared key (PPSK) and is authenticated through a RADIUS server.

PPSK without RADIUS:

Suitable for small to medium-sized enterprise networks that do not require complex RADIUS server setups, simplifying user management. Each user still has a unique pre-shared key but does not rely on the RADIUS server for authentication, offering higher security than WPA-Personal and convenient for scenarios without the need for enterprise-level management.

Configuration

Step 1. Log in Controller, select a site, go to Settings > Wireless Networks > WLAN, and click Create New Wireless Network to create a new SSID.

The position to create a new wireless network in Controller.

Step 2. Select an encryption method from the drop-down list for Security.

Configurations of wireless network, including SSID/Device Type/Band/Security and so on. Here choose the security as WPA-Personal.

Configuration for None

Step 1. If you select None as the encryption method, you can connect your client devices to the network without a password.

Step 2. With None as the encryption, you can choose whether to enable Opportunistic Wireless Encryption (OWE), with which data transmitted in this wireless network will be encrypted. OWE can protect your data without a password.

Note: The 6 GHz band supports OWE by default, while for the 2.4 GHz and 5 GHz bands, check whether the EAP firmware is compatible with the Omada Controller version 5.14 or above. Refer to the firmware release notes for details.

Configurations of wireless network, including SSID/Device Type/Band/Security and so on. Here, choose the security as None.

Configuration for WPA-Personal

Step 1. Select WPA-Personal as the encryption method and enter a password that ranges from 8-63 ASCII characters.

Step 2. Click Advanced Settings. In the WPA Mode, you can choose different modes: WPA is applicable for devices or network adapters that only support WPA; WPA2 is suitable for most home and enterprise networks; WPA3 is a better choice for scenarios with higher security requirements, such as enterprises and government agencies.

Configurations of wireless network, including SSID/Device Type/Band/Security and so on. Here, choose the security as WPA-Personal.

Configuration for WPA-Enterprise

Step 1. Select WPA-Enterprise as the encryption method.

Step 2. Select the existing RADIUS Profile or create a new RADIUS Profile.

Note: The RADIUS Profile can also be created in Settings > Profiles > RADIUS Profile.

Configurations of wireless network, including SSID/Device Type/Band/Security and so on. Here, choose the security as WPA-Enterprise.

Step 3. Select a NAS ID, which is used to identify different network service providers during the RADIUS authentication process.

Step 4. Select a WPA Mode in Advanced Settings according to the network scenario. WPA-Enterprise has higher security than WPA-Personal

Configurations of wireless network, including SSID/Device Type/Band/Security and so on. Here, choose the security as WPA-Enterprise.

Configuration for PPSK

Refer to the guide【Omada SDN Controller】Configure PPSK for PPSK without RADIUS and PPSK with RADIUS configuration.

Note: Since the 6 GHz band uses WPA3 for encryption and PPSK only supports WPA and WPA2, PPSK can only be configured in the 2.4 GHz and 5 GHz bands.

Conclusion

You have successfully selected a proper encryption method for the SSID on the Controller.

Get to know more details of each function and configuration please go to Download Center to download the manual of your product.

Related FAQs

Is this faq useful?

Your feedback helps improve this site.

Recommend Products

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

We have updated our Policies. Read Privacy Policy and Terms of Use here.
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .

We have updated our Policies. Read Privacy Policy and Terms of Use here.
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .

Basic Cookies

These cookies are necessary for the website to function and cannot be deactivated in your systems.

TP-Link

accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType

Livechat

__livechat, __lc2_cid, __lc2_cst, __lc_cid, __lc_cst, CASID

Youtube

id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ

Analysis and Marketing Cookies

Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.

The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.

Google Analytics & Google Tag Manager

_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>

Google Ads & DoubleClick

test_cookie, _gcl_au

Meta Pixel

_fbp

Crazy Egg

cebsp_, _ce.s, _ce.clock_data, _ce.clock_event, cebs

Hotjar

OptanonConsent, _sctr, _cs_s, _hjFirstSeen, _hjAbsoluteSessionInProgress, _hjSessionUser_14, _fbp, ajs_anonymous_id, _hjSessionUser_<hotjar-id>, _uetsid, _schn, _uetvid, NEXT_LOCALE, _hjSession_14, _hjid, _cs_c, _scid, _hjAbsoluteSessionInProgress, _cs_id, _gcl_au, _ga, _gid, _hjIncludedInPageviewSample, _hjSession_<hotjar-id>, _hjIncludedInSessionSample_<hotjar-id>

Linkedin

lidc, AnalyticsSyncHistory, UserMatchHistory, bcookie, li_sugr, ln_or