Instructions for SSID security settings on Omada Controller
EAP610GP-Desktop , EAP683 UR , EAP225-Wall , EAP620-Outdoor HD , EAP225-Outdoor , EAP245 , EAP783 , EAP265 HD , EAP115-Bridge KIT , EAP620 HD , EAP215-Bridge KIT , EAP613 , EAP610 , EAP653 , EAP650-Outdoor , EAP211-Bridge KIT , EAP655-Wall , EAP615-Wall , EAP653 UR , EAP660 HD , EAP773 , EAP625-Outdoor HD , EAP772 , EAP650 , EAP670 , EAP235-Wall , EAP690E HD , EAP723 , EAP225 , EAP623-Outdoor HD , EAP625GP-Wall , EAP650-Wall , EAP610-Outdoor , EAP650-Desktop
Recent updates may have expanded access to feature(s) discussed in this FAQ. Visit your product's support page, select the correct hardware version for your device and check either the Datasheet or the firmware section for the latest improvements added to your product.
Contents
Configuration for WPA-Personal
Configuration for WPA-Enterprise
Objective
This article introduces five different encryption methods available in Omada Controller for New Wireless Network: None, WPA-Personal, WPA-Enterprise, PPSK without RADIUS, and PPSK with RADIUS.
Requirements
- Omada Software Controller / Hardware Controller / Cloud-Based Controller (V5.14 and above)
- Omada AP
Introduction
Users can choose different types of encryption based on their needs. Below are the application scenarios for each encryption method:
None:
Suitable for public spaces or environments requiring an open network. In this scenario, the network can be accessed without a password, allowing users to connect quickly. However, this type of encryption lacks security and is not recommended for transmitting sensitive information.
WPA-Personal:
It is ideal for small offices or home networks that require basic security and have a limited number of connected users. WPA-Personal uses a pre-shared key (PSK) for encryption, which is suitable for small networks that do not require complex authentication mechanisms.
WPA-Enterprise:
It is designed for enterprise and organizational scenarios that require high security and scalable user management. WPA-Enterprise uses the 802.1X standard for authentication via a RADIUS server, suitable for medium to large enterprise networks.
PPSK with RADIUS:
Applicable for enterprise networks that require high security and client access control. Each user has a unique pre-shared key (PPSK) and is authenticated through a RADIUS server.
PPSK without RADIUS:
Suitable for small to medium-sized enterprise networks that do not require complex RADIUS server setups, simplifying user management. Each user still has a unique pre-shared key but does not rely on the RADIUS server for authentication, offering higher security than WPA-Personal and convenient for scenarios without the need for enterprise-level management.
Configuration
Step 1. Log in Controller, select a site, go to Settings > Wireless Networks > WLAN, and click Create New Wireless Network to create a new SSID.
Step 2. Select an encryption method from the drop-down list for Security.
Configuration for None
Step 1. If you select None as the encryption method, you can connect your client devices to the network without a password.
Step 2. With None as the encryption, you can choose whether to enable Opportunistic Wireless Encryption (OWE), with which data transmitted in this wireless network will be encrypted. OWE can protect your data without a password.
Note: The 6 GHz band supports OWE by default, while for the 2.4 GHz and 5 GHz bands, check whether the EAP firmware is compatible with the Omada Controller version 5.14 or above. Refer to the firmware release notes for details.
Configuration for WPA-Personal
Step 1. Select WPA-Personal as the encryption method and enter a password that ranges from 8-63 ASCII characters.
Step 2. Click Advanced Settings. In the WPA Mode, you can choose different modes: WPA is applicable for devices or network adapters that only support WPA; WPA2 is suitable for most home and enterprise networks; WPA3 is a better choice for scenarios with higher security requirements, such as enterprises and government agencies.
Configuration for WPA-Enterprise
Step 1. Select WPA-Enterprise as the encryption method.
Step 2. Select the existing RADIUS Profile or create a new RADIUS Profile.
Note: The RADIUS Profile can also be created in Settings > Profiles > RADIUS Profile.
Step 3. Select a NAS ID, which is used to identify different network service providers during the RADIUS authentication process.
Step 4. Select a WPA Mode in Advanced Settings according to the network scenario. WPA-Enterprise has higher security than WPA-Personal
Configuration for PPSK
Refer to the guide【Omada SDN Controller】Configure PPSK for PPSK without RADIUS and PPSK with RADIUS configuration.
Note: Since the 6 GHz band uses WPA3 for encryption and PPSK only supports WPA and WPA2, PPSK can only be configured in the 2.4 GHz and 5 GHz bands.
Conclusion
You have successfully selected a proper encryption method for the SSID on the Controller.
Get to know more details of each function and configuration please go to Download Center to download the manual of your product.
Is this faq useful?
Your feedback helps improve this site.
What’s your concern with this article?
- Dissatisfied with product
- Too Complicated
- Confusing Title
- Does not apply to me
- Too Vague
- Other
We'd love to get your feedback, please let us know how we can improve this content.
Thank you
We appreciate your feedback.
Click here to contact TP-Link technical support.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.
We have updated our Policies. Read Privacy Policy and Terms of Use here.
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .
We have updated our Policies. Read Privacy Policy and Terms of Use here.
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .
Basic Cookies
These cookies are necessary for the website to function and cannot be deactivated in your systems.
TP-Link
accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType
Livechat
__livechat, __lc2_cid, __lc2_cst, __lc_cid, __lc_cst, CASID
Youtube
id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ
Analysis and Marketing Cookies
Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.
The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.
Google Analytics & Google Tag Manager
_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>
Google Ads & DoubleClick
test_cookie, _gcl_au
Meta Pixel
_fbp
Crazy Egg
cebsp_, _ce.s, _ce.clock_data, _ce.clock_event, cebs
Hotjar
OptanonConsent, _sctr, _cs_s, _hjFirstSeen, _hjAbsoluteSessionInProgress, _hjSessionUser_14, _fbp, ajs_anonymous_id, _hjSessionUser_<hotjar-id>, _uetsid, _schn, _uetvid, NEXT_LOCALE, _hjSession_14, _hjid, _cs_c, _scid, _hjAbsoluteSessionInProgress, _cs_id, _gcl_au, _ga, _gid, _hjIncludedInPageviewSample, _hjSession_<hotjar-id>, _hjIncludedInSessionSample_<hotjar-id>
lidc, AnalyticsSyncHistory, UserMatchHistory, bcookie, li_sugr, ln_or