How to Manage CAPs at Different Sites across Internet Using TP-LINK AC Controller (with VPN Tunnel)?
As shown below, HQ and Branch Office are connected with each other through IPsec VPN tunnel. In HQ, there are TP-Link AC controller AC500, CAP300 and TL-ER6120 (VPN Router). In branch office, there are TL-ER6120 (VPN router), CAP1750 and TP-Link layer 3 switch T2600G-28TS.
Note: None of TP-LINK SMB Router supports DHCP Option60 and Option138 at present, so we use TP-Link layer 3 switch T2600G-28TS which supports DHCP Option60 and option138 as the DHCP Server in Branch Office instead of TL-ER6120. If your gateway router or the DHCP Server you have built supports Option60 and Option138, then TP-Link layer 3 switch T2600G-28TS is not necessary in this network topology.
This document will introduce how to manage CAPs at different sites across Internet using TP-LINK AC controller (with VPN Tunnel). About how to choose VPN Router and set up site to site IPsec VPN tunnel, please refer to: https://www.tp-link.com/it/faq-380.html
Step 1: Build IPSec VPN tunnel between HQ VPN router TL-ER6120 and Branch Office VPN router TL-ER6120.
Disable DHCP function on TL-ER6120 to avoid the conflict with the DHCP Server on the T2600G-28TS. (If your router’s DHCP Server function supports DHCP Option60 and Option138, you can use your Router as the DHCP Server instead of T2600G-28TS, which means T2600G-28TS can be deleted from your network topology.)
Step 2: Configurations on AC controller AC500
2.1 Configure the IP address of default gateway on AC500 as 192.168.1.1.
Step 3: Configurations on TP-Link layer 3 switch T2600G-28TS
3.1 Change the interface IP address of VLAN1 on T2600G-28TS to avoid conflict with TL-ER6120’s LAN IP.
3.2 Enable DHCP Server function, and set DHCP Option60 as TP-LINK while Option138 as AC controller AC500’s IP address (192.168.1.253).
3.3 Configure DHCP address Pool for 192.168.0.0/24, and set the default gateway IP address as 192.168.0.1.
Step 4: After all configurations, we can check CAP’s status in AC controller’s AP Status page. Here the following screenshot shows the CAP300 in HQ and CAP1750 at branch office managed by AC controller through LAN to LAN VPN tunnel.
4.1 Create two SSIDs. One is for HQ and the other one is for Branch Office.
4.2 Bind SSID “HQ-Network” to CAP300 and Bind SSID “Branch-Network” to CAP1750.
4.3 After all configurations, you can test if you can go to Internet normally through HQ and Branch Office’s wireless networks, and check if AC controller can successfully manage CAPs in HQ and at branch office.
Your feedback helps improve this site.