# 🌐 TP-Link Archer BE800 v1.6 Router Setup Guide **🟡 Intermediate Guide** This guide provides specific instructions for configuring the TP-Link Archer BE800 v1.6 router for your homelab, including static IP assignments, port forwarding, and disaster recovery procedures. ## 📋 Router Specifications ### **TP-Link Archer BE800 v1.6** - **WiFi Standard**: WiFi 7 (802.11be) - **Speed**: Up to 19 Gbps (11520 Mbps on 6 GHz + 5760 Mbps on 5 GHz + 1376 Mbps on 2.4 GHz) - **Ports**: 1x 10 Gbps WAN/LAN, 4x 2.5 Gbps LAN, 1x USB 3.0 - **CPU**: Quad-core 2.2 GHz processor - **RAM**: 2 GB - **Antennas**: 8 high-gain antennas - **Default IP**: 192.168.0.1 (can be changed to 192.168.1.1) --- ## 🚀 Initial Setup ### **Step 1: Physical Connection** ```bash # 1. Connect modem to WAN port (10 Gbps port - usually blue/different color) # 2. Connect computer to any LAN port via Ethernet # 3. Power on router and wait 2-3 minutes for full boot ``` ### **Step 2: Access Router Interface** ```bash # Default access methods: # Web Interface: http://192.168.0.1 or http://tplinkwifi.net # Default Login: admin / admin (or blank password) # If you can't access, find router IP: ip route | grep default # Look for: default via 192.168.0.1 dev eth0 ``` ### **Step 3: Quick Setup Wizard** ```bash # The BE800 will launch setup wizard on first access: # 1. Set Time Zone Time Zone: America/Los_Angeles (or your timezone) # 2. Internet Connection Type # Choose based on your ISP: - Dynamic IP (DHCP) - Most common - Static IP - If ISP provided specific settings - PPPoE - DSL connections # 3. Wireless Settings 2.4 GHz SSID: YourNetwork_2.4G 5 GHz SSID: YourNetwork_5G 6 GHz SSID: YourNetwork_6G Password: "REDACTED_PASSWORD" password - save to password manager] # 4. Admin Password Username: admin Password: "REDACTED_PASSWORD" admin password - save to password manager] ``` --- ## 🏗️ Network Configuration for Homelab ### **Step 1: Change Router IP to 192.168.1.1** ```bash # Navigate to: Advanced → Network → LAN # Current Settings: IP Address: 192.168.0.1 Subnet Mask: 255.255.255.0 # Change to: IP Address: 192.168.1.1 Subnet Mask: 255.255.255.0 ``` **⚠️ Important**: After changing IP, you'll need to reconnect at `http://192.168.1.1` ### **Step 2: DHCP Configuration** ```bash # Navigate to: Advanced → Network → DHCP Server # DHCP Settings: Enable DHCP Server: ✅ Enabled IP Address Pool: 192.168.1.100 - 192.168.1.200 Default Gateway: 192.168.1.1 Primary DNS: 1.1.1.1 Secondary DNS: 8.8.8.8 Lease Time: 1440 minutes (24 hours) ``` ### **Step 3: DNS Configuration** ```bash # Navigate to: Advanced → Network → Internet # DNS Settings: Primary DNS: 1.1.1.1 (Cloudflare) Secondary DNS: 8.8.8.8 (Google) # Or use your Pi-hole if running: Primary DNS: 192.168.1.100 (Atlantis Pi-hole) Secondary DNS: 1.1.1.1 (Fallback) ``` --- ## 🖥️ Static IP Reservations (DHCP Reservations) ### **Navigate to: Advanced → Network → DHCP Server → Address Reservation** #### **Add Reservations for All Homelab Hosts:** ```bash # Primary Infrastructure Device Name: atlantis MAC Address: [Find with: ip link show on Atlantis] Reserved IP: 192.168.1.100 Status: Enabled Device Name: calypso MAC Address: [Find with: ip link show on Calypso] Reserved IP: 192.168.1.101 Status: Enabled Device Name: concord-nuc MAC Address: [Find with: ip link show on Concord] Reserved IP: 192.168.1.102 Status: Enabled # Virtual Machines Device Name: homelab-vm MAC Address: [Find in VM settings or with ip link show] Reserved IP: 192.168.1.103 Status: Enabled Device Name: chicago-vm MAC Address: [Find in VM settings] Reserved IP: 192.168.1.104 Status: Enabled Device Name: bulgaria-vm MAC Address: [Find in VM settings] Reserved IP: 192.168.1.105 Status: Enabled # Specialized Hosts Device Name: anubis MAC Address: [Find with: ip link show on Anubis] Reserved IP: 192.168.1.106 Status: Enabled Device Name: guava MAC Address: [Find with: ip link show on Guava] Reserved IP: 192.168.1.107 Status: Enabled Device Name: setillo MAC Address: [Find with: ip link show on Setillo] Reserved IP: 192.168.1.108 Status: Enabled # Raspberry Pi Cluster Device Name: rpi-vish MAC Address: [Find with: cat /sys/class/net/eth0/address] Reserved IP: 192.168.1.109 Status: Enabled Device Name: rpi-kevin MAC Address: [Find with: cat /sys/class/net/eth0/address] Reserved IP: 192.168.1.110 Status: Enabled # Edge Devices Device Name: nvidia-shield MAC Address: [Find in Shield network settings] Reserved IP: 192.168.1.111 Status: Enabled ``` ### **Finding MAC Addresses:** ```bash # On Linux hosts: ip link show | grep -E "(ether|link)" # or cat /sys/class/net/eth0/address # On Synology NAS: # Control Panel → Network → Network Interface → View details # On Windows: ipconfig /all # On macOS: ifconfig en0 | grep ether # From router's DHCP client list: # Advanced → Network → DHCP Server → DHCP Client List ``` --- ## 🔌 Port Forwarding Configuration ### **Navigate to: Advanced → NAT Forwarding → Virtual Servers** #### **Essential Port Forwards (Configure First):** ```bash # VPN Access (Highest Priority) Service Name: WireGuard-Atlantis External Port: 51820 Internal IP: 192.168.1.100 Internal Port: 51820 Protocol: UDP Status: Enabled Service Name: WireGuard-Concord External Port: 51821 Internal IP: 192.168.1.102 Internal Port: 51820 Protocol: UDP Status: Enabled # Web Services (If needed for direct access) Service Name: HTTP-Proxy External Port: 80 Internal IP: 192.168.1.100 Internal Port: 8341 Protocol: TCP Status: Enabled Service Name: HTTPS-Proxy External Port: 443 Internal IP: 192.168.1.100 Internal Port: 8766 Protocol: TCP Status: Enabled ``` #### **Gaming Services (Optional):** ```bash # Satisfactory Server Service Name: Satisfactory-TCP External Port: 7777 Internal IP: 192.168.1.103 Internal Port: 7777 Protocol: TCP Status: Enabled Service Name: Satisfactory-UDP External Port: 7777 Internal IP: 192.168.1.103 Internal Port: 7777 Protocol: UDP Status: Enabled # Left 4 Dead 2 Server Service Name: L4D2-Game External Port: 27015 Internal IP: 192.168.1.103 Internal Port: 27015 Protocol: Both (TCP & UDP) Status: Enabled Service Name: L4D2-SourceTV External Port: 27020 Internal IP: 192.168.1.103 Internal Port: 27020 Protocol: UDP Status: Enabled Service Name: L4D2-Client External Port: 27005 Internal IP: 192.168.1.103 Internal Port: 27005 Protocol: UDP Status: Enabled ``` --- ## 🌐 Dynamic DNS Configuration ### **Navigate to: Advanced → Network → Dynamic DNS** #### **For Common DDNS Providers:** ```bash # Synology DDNS (if using vishinator.synology.me) Service Provider: Synology Domain Name: vishinator.synology.me Username: [Your Synology account] Password: "REDACTED_PASSWORD" Synology password] Status: Enabled # No-IP Service Provider: No-IP Domain Name: yourdomain.ddns.net Username: [Your No-IP username] Password: "REDACTED_PASSWORD" No-IP password] Status: Enabled # DynDNS Service Provider: DynDNS Domain Name: yourdomain.dyndns.org Username: [Your DynDNS username] Password: "REDACTED_PASSWORD" DynDNS password] Status: Enabled # Custom DDNS (if using other provider) Service Provider: Custom DDNS Server: your-ddns-provider.com Domain Name: yourdomain.example.com Username: [Your username] Password: "REDACTED_PASSWORD" password] Status: Enabled ``` ### **Test DDNS Configuration:** ```bash # Wait 5-10 minutes after configuration, then test: nslookup vishinator.synology.me dig vishinator.synology.me # Should return your external IP address # Compare with: curl ifconfig.me ``` --- ## 📶 WiFi Configuration ### **Navigate to: Wireless → Wireless Settings** #### **2.4 GHz Band:** ```bash Network Name (SSID): YourNetwork_2.4G Security: WPA3-Personal (or WPA2/WPA3-Personal if older devices) Password: "REDACTED_PASSWORD" password - save to password manager] Channel: Auto (or manually select 1, 6, or 11) Channel Width: 40 MHz Transmit Power: High ``` #### **5 GHz Band:** ```bash Network Name (SSID): YourNetwork_5G Security: WPA3-Personal Password: "REDACTED_PASSWORD" as 2.4G or different - your choice] Channel: Auto (or manually select DFS channels for less congestion) Channel Width: 160 MHz (for maximum speed) Transmit Power: High ``` #### **6 GHz Band (WiFi 7):** ```bash Network Name (SSID): YourNetwork_6G Security: WPA3-Personal (required for 6 GHz) Password: "REDACTED_PASSWORD" as others or different] Channel: Auto Channel Width: 320 MHz (WiFi 7 feature) Transmit Power: High ``` ### **Guest Network (Optional):** ```bash # Navigate to: Wireless → Guest Network 2.4 GHz Guest: Enable: ✅ Network Name: YourNetwork_Guest Security: WPA3-Personal Password: "REDACTED_PASSWORD" password] Access: Internet Only (no local network access) Bandwidth Control: 50 Mbps (limit guest usage) ``` --- ## 🔒 Security Configuration ### **Firewall Settings** ```bash # Navigate to: Advanced → Security → Firewall SPI Firewall: ✅ Enabled DoS Attack Protection: ✅ Enabled VPN Passthrough: ✅ Enabled (for WireGuard/Tailscale) UPnP: ✅ Enabled (for automatic port mapping) ``` ### **Access Control** ```bash # Navigate to: Advanced → Security → Access Control # Block malicious websites Online Security: ✅ Enabled # Time-based access control (optional) Parental Controls: Configure as needed # MAC Address Filtering (high security environments) Wireless MAC Filtering: Configure if needed ``` ### **Admin Security** ```bash # Navigate to: Advanced → System → Administration # Remote Management (disable for security) Web Management: Local Only SSH: Disabled (unless needed) Telnet: Disabled # Session Timeout Timeout: 10 minutes # HTTPS Management (enable for security) HTTPS: ✅ Enabled HTTP Redirect to HTTPS: ✅ Enabled ``` --- ## ⚡ Performance Optimization ### **QoS Configuration** ```bash # Navigate to: Advanced → QoS # Enable QoS for better performance QoS: ✅ Enabled # Set bandwidth limits (adjust for your internet speed) Upload Bandwidth: [Your upload speed - 10%] Download Bandwidth: [Your download speed - 10%] # Device Priority (set homelab hosts to high priority) High Priority Devices: - atlantis (192.168.1.100) - calypso (192.168.1.101) - concord-nuc (192.168.1.102) # Gaming Mode (if hosting game servers) Gaming Mode: ✅ Enabled Gaming Device: homelab-vm (192.168.1.103) ``` ### **Advanced Wireless Settings** ```bash # Navigate to: Wireless → Advanced # Optimize for performance Beamforming: ✅ Enabled Airtime Fairness: ✅ Enabled Band Steering: ✅ Enabled (automatically move devices to best band) Load Balancing: ✅ Enabled Fast Roaming: ✅ Enabled # WiFi 7 Features (BE800 specific) Multi-Link Operation (MLO): ✅ Enabled 320 MHz Channel Width: ✅ Enabled (6 GHz) 4K-QAM: ✅ Enabled ``` --- ## 🔧 Homelab-Specific Features ### **Port Aggregation (Link Aggregation)** ```bash # If you have multiple connections to NAS devices # Navigate to: Advanced → Network → Link Aggregation # Configure LACP for Synology NAS (if supported) Group Name: NAS-Bond Member Ports: LAN1, LAN2 Mode: 802.3ad (LACP) ``` ### **VLAN Configuration (Advanced)** ```bash # Navigate to: Advanced → Network → VLAN # Separate IoT devices (optional) VLAN ID: 10 VLAN Name: IoT IP Range: 192.168.10.1/24 DHCP: Enabled # Separate guest network VLAN ID: 20 VLAN Name: Guest IP Range: 192.168.20.1/24 DHCP: Enabled ``` ### **VPN Server (Built-in)** ```bash # Navigate to: Advanced → VPN Server # OpenVPN Server (alternative to WireGuard) OpenVPN: ✅ Enabled Service Type: UDP Service Port: 1194 Client Access: Internet and Home Network Max Clients: 10 # Generate certificates and download client config ``` --- ## 📊 Monitoring and Maintenance ### **System Monitoring** ```bash # Navigate to: Advanced → System → System Log # Enable logging System Log: ✅ Enabled Log Level: Notice Remote Log: Configure if using centralized logging # Monitor these logs: - DHCP assignments - Port forwarding activity - Security events - System errors ``` ### **Traffic Analysis** ```bash # Navigate to: Advanced → Network → Traffic Analyzer # Monitor bandwidth usage Traffic Analyzer: ✅ Enabled Real-time Monitor: ✅ Enabled # Set up alerts for unusual traffic Bandwidth Monitor: ✅ Enabled Alert Threshold: 80% of total bandwidth ``` ### **Firmware Updates** ```bash # Navigate to: Advanced → System → Firmware Update # Check for updates monthly Auto Update: ✅ Enabled (or manual for stability) Update Check: Weekly Backup Settings: ✅ Before each update # Current firmware info: Hardware Version: Archer BE800 v1.6 Firmware Version: [Check TP-Link website for latest] ``` --- ## 🚨 Disaster Recovery Procedures ### **Backup Router Configuration** ```bash # Navigate to: Advanced → System → Backup & Restore # Export current configuration Backup: Click "Backup" Save file as: archer-be800-config-$(date +%Y%m%d).bin Store in: ~/homelab-recovery/router-backups/ # Schedule regular backups (monthly) ``` ### **Factory Reset Procedure** ```bash # If router becomes unresponsive: # Method 1: Web Interface # Navigate to: Advanced → System → Backup & Restore # Click "Factory Restore" # Method 2: Hardware Reset # 1. Power on router # 2. Hold Reset button for 10 seconds while powered on # 3. Release button and wait for reboot (2-3 minutes) # 4. Router will return to default settings (192.168.0.1) ``` ### **Quick Recovery Checklist** ```bash # After factory reset or new router installation: ☐ Connect to http://192.168.0.1 (default IP) ☐ Run initial setup wizard ☐ Change router IP to 192.168.1.1 ☐ Reconnect to http://192.168.1.1 ☐ Configure DHCP pool (192.168.1.100-200) ☐ Add all static IP reservations ☐ Configure port forwarding rules ☐ Set up Dynamic DNS ☐ Configure WiFi networks ☐ Enable security features ☐ Restore from backup if available ☐ Test all services and external access ☐ Update documentation with any changes ``` --- ## 🔍 Troubleshooting ### **Common Issues and Solutions** #### **Can't Access Router Interface** ```bash # Check connection ping 192.168.1.1 # or 192.168.0.1 for default # Clear browser cache Ctrl+F5 (Windows) or Cmd+Shift+R (Mac) # Try different browser or incognito mode # Try direct IP: http://192.168.1.1 # Try hostname: http://tplinkwifi.net # Reset network adapter sudo dhclient -r && sudo dhclient # Linux ipconfig /release && ipconfig /renew # Windows ``` #### **Slow WiFi Performance** ```bash # Check channel congestion # Use WiFi analyzer app to find best channels # Optimize settings: # - Use 160 MHz on 5 GHz # - Use 320 MHz on 6 GHz (WiFi 7) # - Enable all performance features # - Update device drivers # - Position router centrally and elevated ``` #### **Port Forwarding Not Working** ```bash # Verify settings: # 1. Correct internal IP address # 2. Service is running on internal host # 3. Firewall allows traffic on internal host # 4. External port is not blocked by ISP # Test internal connectivity first: telnet 192.168.1.100 8341 # Test from inside network # Test external connectivity: # Use online port checker or different network ``` #### **DDNS Not Updating** ```bash # Check DDNS status in router logs # Verify credentials are correct # Test manual update: curl -u "username:password" \ "https://your-ddns-provider.com/update?hostname=yourdomain&myip=$(curl -s ifconfig.me)" # Check if external IP changed: curl ifconfig.me nslookup yourdomain.ddns.net ``` --- ## 📱 Mobile App Management ### **TP-Link Tether App** ```bash # Download from app store: "TP-Link Tether" # Features available: - Remote router management - Guest network control - Device management - Parental controls - Speed test - Network map - Firmware updates # Setup: # 1. Connect phone to router WiFi # 2. Open Tether app # 3. Create TP-Link ID account # 4. Add router to account # 5. Enable remote management ``` ### **Remote Management Setup** ```bash # Navigate to: Advanced → System → TP-Link Cloud # Enable cloud management TP-Link Cloud: ✅ Enabled Account: [Your TP-Link ID] Device Name: Homelab-Router-BE800 # Security considerations: # - Use strong TP-Link ID password # - Enable 2FA on TP-Link account # - Regularly review connected devices # - Disable if not needed for security ``` --- ## 🔗 Integration with Homelab Services ### **Pi-hole Integration** ```bash # If running Pi-hole on Atlantis (192.168.1.100): # Method 1: Router DNS Settings Primary DNS: 192.168.1.100 Secondary DNS: 1.1.1.1 # Method 2: DHCP DNS Override # Advanced → Network → DHCP Server Primary DNS: 192.168.1.100 Secondary DNS: 1.1.1.1 # This will make all devices use Pi-hole for DNS ``` ### **Tailscale Subnet Routing** ```bash # Configure router to work with Tailscale subnet routing # 1. Ensure UPnP is enabled (for automatic port mapping) # 2. Add static route if needed: # Advanced → Network → Routing # Destination: 100.64.0.0/10 (Tailscale network) # Gateway: 192.168.1.100 (Atlantis - Tailscale exit node) # Interface: LAN ``` ### **Monitoring Integration** ```bash # Enable SNMP for monitoring (if needed) # Advanced → Network → SNMP SNMP: ✅ Enabled Community: public (change for security) Contact: admin@yourdomain.com Location: Home Lab # Add router to Prometheus monitoring: # - SNMP exporter configuration # - Router metrics in Grafana # - Bandwidth monitoring # - Device count tracking ``` --- ## 📋 Configuration Summary ### **Quick Reference Settings** ```bash # Network Configuration Router IP: 192.168.1.1 Subnet: 192.168.1.0/24 DHCP Range: 192.168.1.100-200 DNS: 1.1.1.1, 8.8.8.8 (or Pi-hole) # WiFi Networks 2.4 GHz: YourNetwork_2.4G (WPA3, 40 MHz) 5 GHz: YourNetwork_5G (WPA3, 160 MHz) 6 GHz: YourNetwork_6G (WPA3, 320 MHz) # Essential Port Forwards 51820/UDP → 192.168.1.100:51820 (WireGuard Atlantis) 51821/UDP → 192.168.1.102:51820 (WireGuard Concord) 80/TCP → 192.168.1.100:8341 (HTTP Proxy) 443/TCP → 192.168.1.100:8766 (HTTPS Proxy) # Static IP Assignments Atlantis: 192.168.1.100 Calypso: 192.168.1.101 Concord-NUC: 192.168.1.102 Homelab-VM: 192.168.1.103 [... all other hosts as documented] ``` --- ## 🔗 Related Documentation - [Disaster Recovery Guide](../troubleshooting/disaster-recovery.md) - Complete router failure recovery - [Port Forwarding Guide](port-forwarding-guide.md) - Detailed port configuration theory - [Tailscale Setup Guide](tailscale-setup-guide.md) - Alternative to port forwarding - [Network Architecture](networking.md) - Overall network design - [Security Model](security.md) - Security considerations --- **💡 Pro Tip**: The TP-Link Archer BE800 is a powerful WiFi 7 router with advanced features. Take advantage of the 320 MHz channels on 6 GHz for maximum performance with compatible devices, and use the multiple 2.5 Gbps ports for high-speed connections to your NAS devices!