EAP Controller with EAP120s

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

EAP Controller with EAP120s

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
EAP Controller with EAP120s
EAP Controller with EAP120s
2017-05-11 19:44:09
Model : EAP120

Hardware Version :

Firmware Version : Latest downloaded

ISP :

Hi everyone, this is my first post, so please be gentle!.

So far I have upgraded the firmware on three of our seven EAP120 APs, and set them up on the EAP Controller. The remaining four continue running in the cluster mode (until we upgrade them too).

I have set up the EAP Controller on a server (= Host), and a copy on my laptop.

One issue using the Controller Host computer is that, when I try to start EAP Controller, it usually shows that "Write error" message and doesn't start properly. I then go into Task Manager to be sure that there are no instances already running, kill it if there is, then try again. The task doesn't show up in TM as EAP, but as a Java task. >> please make this clearer in the next version.

Then when it starts a browser, the browser instantly complains about the Bad Certificate and this does of course make me nervous to override the security messages. >> In the documentation and in the start-up dialogue, it would help to WARN users that they will have to override the security settings.

In a response to a forum question, Zaizai suggested turning off firewalls and anti-virus, but this too should be noted in the documentation and start-up dialogue, if this is indeed necessary.

For how long should they be turned off? Is there a way to tell the anti-virus and firewall to accept the EAP Controller?

Now I find that it is running, but has changed the displayed IP address to 127.0.0.0 instead of the static IP that I set for it (10.0.0.x), and again this should be warned in the documentation!

These may be small things, but it makes me feel nervous that the EAP Controller is not yet a reliable way to control these APs.

My question: using Edge on my laptop, and 8.1 on that server, what settings should I be putting into the firewalls, antivirus etc so that the EAP Controller doesn't keep triggering alarm bells like this?
  0      
  0      
#1
Options
5 Reply
Re:EAP Controller with EAP120s
2017-05-12 09:58:14

GNBC wrote



Then when it starts a browser, the browser instantly complains about the Bad Certificate and this does of course make me nervous to override the security messages.

For this concern, you may check this out: http://www.tp-link.com/en/faq-866.html


  0  
  0  
#2
Options
Re:EAP Controller with EAP120s
2017-05-12 10:25:16

GNBC wrote



Now I find that it is running, but has changed the displayed IP address to 127.0.0.0 instead of the static IP that I set for it (10.0.0.x), and again this should be warned in the documentation!



The static IP you set for the host PC(10.0.0.x) has nothing to do with the 127.0.0.1 displayed on browser. 127.0.0.1 is the loopback Internet protocol (IP) address also referred to as the “localhost.” The address is used to establish an IP connection to the same machine or computer being used by the end-user(EAP Controller is a "browser/server" architecture. Browser and server are both on the host pc ). So 117.0.0.1 should be displayed on the browser
  0  
  0  
#3
Options
How to fix certificate errors?
2017-05-12 17:00:30
Thanks Ferraigogo.

You wrote "For this concern, you may check this out: http://www.tp-link.com/en/faq-866.html"

That is what I had to do to get it going (and the Discovery Tool), but it doesn't seem like a proper solution to me, but I did find this as a potential solution:
http://forum.tp-link.com/showthread.php?96192-Hacking-a-valid-cert-into-the-EAP-controller-software&highlight=controller

It seems more complicated that I'd like, but my point is that a good quality product and producer should find a way to gain such a Certificate
  0  
  0  
#4
Options
Re:EAP Controller with EAP120s
2017-05-12 17:06:58

Ferrarigogo wrote

The static IP you set for the host PC(10.0.0.x) has nothing to do with the 127.0.0.1 displayed on browser. 127.0.0.1 is the loopback Internet protocol (IP) address also referred to as the “localhost.” The address is used to establish an IP connection to the same machine or computer being used by the end-user(EAP Controller is a "browser/server" architecture. Browser and server are both on the host pc ). So 117.0.0.1 should be displayed on the browser


Thanks, and yes I eventually found the loop-back idea with a websearch. My point was that these things should either be fixed to make it more straightforward for a newbie, else shown clearly in the docs so as the newbie doesn't go into panic mode when confronted by 127.0.0.1.

At the end you mentioned 117.0.0.1 but I assume that was a typo?

Thanks!
  0  
  0  
#5
Options
Re:EAP Controller with EAP120s
2017-05-12 19:18:35

GNBC wrote

The task doesn't show up in TM as EAP, but as a Java task. >> please make this clearer in the next version.


Since EAP is a Java application, it always will show up as a Java task. Usually you should not need to interact with task manager to start an application, so probably there are some weird settings on your Windows system causing this error message. -> Windows problem, not EAC-related.

Then when it starts a browser, the browser instantly complains about the Bad Certificate and this does of course make me nervous to override the security messages. >> In the documentation and in the start-up dialogue, it would help to WARN users that they will have to override the security settings.


Browsers don't recognize self-signed certificates unless you permanently accept this cert. Just save the certificate in your browsers certificate control list and the security message should disappear. -> Normal browser behavior on self-signed certs.

If you care, you could create your own certificate and install it into the EAC (you already saw the post). Of course, TP-Link could add a function in EAC to simplify installing own certificates, maybe they will do so in a future version.

In a response to a forum question, Zaizai suggested turning off firewalls and anti-virus, but this too should be noted in the documentation and start-up dialogue, if this is indeed necessary.


AFAIK almost any software recommends to turn of firewall/anti-virus during installation on Windows. Disallowing even basic administrative tasks such as software installation is Microsoft's way of trying to make Windows more "secure". -> Usual Windows weirdness, no EAC problem.

For how long should they be turned off? Is there a way to tell the anti-virus and firewall to accept the EAP Controller?


If you experience problems with EAPs not being able to connect to the EAC, open UDP port 29810 and TCP ports 29811 to 29813. If they are already open in the personal firewall, you can safely turn the firewall on again after installation of the EAC software, since browser access to the EAC should be possible even with an active firewall. -> But this is usual Windows weirdness, no EAC problem.

Now I find that it is running, but has changed the displayed IP address to 127.0.0.0 instead of the static IP that I set for it (10.0.0.x), and again this should be warned in the documentation!


If you access your server using the official IP, it ill show up the 10.0.0.x IP. If you access your server using the localhost IP, it will show up the 127.0.0.1 localhost IP. No need for a warning, since this is expected behavior and it has nothing to do with EAC, except that it fires up a browser with localhost IP if started on the same host the EAC is running on. This is so, b/c you are the one who has to decide which server to connect to and therefore you need to tell the browser to which server it has to connect in order to reach the EAC you want to reach.

These may be small things, but it makes me feel nervous that the EAP Controller is not yet a reliable way to control these APs.


Those "alarm bells", as you call it, are caused by Windows/your browser, b/c the guys at MS think they would know better than the user how their systems have to be used.:) It has nothing to do with the EAC, which not only must run on isolated PCs, but also on public servers or even in a cloud. And on the latter, no such rings & bells appear if you set up the software properly and add the self-signed certificate to your browser's cert control list, which is part of such a setup.

My question: using Edge on my laptop, and 8.1 on that server, what settings should I be putting into the firewalls, antivirus etc so that the EAP Controller doesn't keep triggering alarm bells like this?


See above, you should be able to access the EAP using a browser with firewall turned on if you really need this firewall thing on your system (usually a firewall belongs to the network's router, not to a system inside the network to be protected).
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#6
Options