homelab-optimized/docs/infrastructure/tplink-archer-be800-setup.md

🌐 TP-Link Archer BE800 v1.6 Router Setup Guide

🟡 Intermediate Guide

This guide provides specific instructions for configuring the TP-Link Archer BE800 v1.6 router for your homelab, including static IP assignments, port forwarding, and disaster recovery procedures.

📋 Router Specifications

TP-Link Archer BE800 v1.6

• WiFi Standard: WiFi 7 (802.11be)
• Speed: Up to 19 Gbps (11520 Mbps on 6 GHz + 5760 Mbps on 5 GHz + 1376 Mbps on 2.4 GHz)
• Ports: 1x 10 Gbps WAN/LAN, 4x 2.5 Gbps LAN, 1x USB 3.0
• CPU: Quad-core 2.2 GHz processor
• RAM: 2 GB
• Antennas: 8 high-gain antennas
• Default IP: 192.168.0.1 (can be changed to 192.168.1.1)

---

🚀 Initial Setup

Step 1: Physical Connection

# 1. Connect modem to WAN port (10 Gbps port - usually blue/different color)
# 2. Connect computer to any LAN port via Ethernet
# 3. Power on router and wait 2-3 minutes for full boot

Step 2: Access Router Interface

# Default access methods:
# Web Interface: http://192.168.0.1 or http://tplinkwifi.net
# Default Login: admin / admin (or blank password)

# If you can't access, find router IP:
ip route | grep default
# Look for: default via 192.168.0.1 dev eth0

Step 3: Quick Setup Wizard

# The BE800 will launch setup wizard on first access:

# 1. Set Time Zone
Time Zone: America/Los_Angeles (or your timezone)

# 2. Internet Connection Type
# Choose based on your ISP:
- Dynamic IP (DHCP) - Most common
- Static IP - If ISP provided specific settings
- PPPoE - DSL connections

# 3. Wireless Settings
2.4 GHz SSID: YourNetwork_2.4G
5 GHz SSID: YourNetwork_5G  
6 GHz SSID: YourNetwork_6G
Password: "REDACTED_PASSWORD" password - save to password manager]

# 4. Admin Password
Username: admin
Password: "REDACTED_PASSWORD" admin password - save to password manager]

---

🏗️ Network Configuration for Homelab

Step 1: Change Router IP to 192.168.1.1

# Navigate to: Advanced → Network → LAN

# Current Settings:
IP Address: 192.168.0.1
Subnet Mask: 255.255.255.0

# Change to:
IP Address: 192.168.1.1
Subnet Mask: 255.255.255.0

⚠️ Important: After changing IP, you'll need to reconnect at http://192.168.1.1

Step 2: DHCP Configuration

# Navigate to: Advanced → Network → DHCP Server

# DHCP Settings:
Enable DHCP Server: ✅ Enabled
IP Address Pool: 192.168.1.100 - 192.168.1.200
Default Gateway: 192.168.1.1
Primary DNS: 1.1.1.1
Secondary DNS: 8.8.8.8
Lease Time: 1440 minutes (24 hours)

Step 3: DNS Configuration

# Navigate to: Advanced → Network → Internet

# DNS Settings:
Primary DNS: 1.1.1.1 (Cloudflare)
Secondary DNS: 8.8.8.8 (Google)

# Or use your Pi-hole if running:
Primary DNS: 192.168.1.100 (Atlantis Pi-hole)
Secondary DNS: 1.1.1.1 (Fallback)

---

🖥️ Static IP Reservations (DHCP Reservations)

Navigate to: Advanced → Network → DHCP Server → Address Reservation

Add Reservations for All Homelab Hosts:

# Primary Infrastructure
Device Name: atlantis
MAC Address: [Find with: ip link show on Atlantis]
Reserved IP: 192.168.1.100
Status: Enabled

Device Name: calypso  
MAC Address: [Find with: ip link show on Calypso]
Reserved IP: 192.168.1.101
Status: Enabled

Device Name: concord-nuc
MAC Address: [Find with: ip link show on Concord]
Reserved IP: 192.168.1.102
Status: Enabled

# Virtual Machines
Device Name: homelab-vm
MAC Address: [Find in VM settings or with ip link show]
Reserved IP: 192.168.1.103
Status: Enabled

Device Name: chicago-vm
MAC Address: [Find in VM settings]
Reserved IP: 192.168.1.104
Status: Enabled

Device Name: bulgaria-vm
MAC Address: [Find in VM settings]
Reserved IP: 192.168.1.105
Status: Enabled

# Specialized Hosts
Device Name: anubis
MAC Address: [Find with: ip link show on Anubis]
Reserved IP: 192.168.1.106
Status: Enabled

Device Name: guava
MAC Address: [Find with: ip link show on Guava]
Reserved IP: 192.168.1.107
Status: Enabled

Device Name: setillo
MAC Address: [Find with: ip link show on Setillo]
Reserved IP: 192.168.1.108
Status: Enabled

# Raspberry Pi Cluster
Device Name: rpi-vish
MAC Address: [Find with: cat /sys/class/net/eth0/address]
Reserved IP: 192.168.1.109
Status: Enabled

Device Name: rpi-kevin
MAC Address: [Find with: cat /sys/class/net/eth0/address]
Reserved IP: 192.168.1.110
Status: Enabled

# Edge Devices
Device Name: nvidia-shield
MAC Address: [Find in Shield network settings]
Reserved IP: 192.168.1.111
Status: Enabled

Finding MAC Addresses:

# On Linux hosts:
ip link show | grep -E "(ether|link)"
# or
cat /sys/class/net/eth0/address

# On Synology NAS:
# Control Panel → Network → Network Interface → View details

# On Windows:
ipconfig /all

# On macOS:
ifconfig en0 | grep ether

# From router's DHCP client list:
# Advanced → Network → DHCP Server → DHCP Client List

---

🔌 Port Forwarding Configuration

Navigate to: Advanced → NAT Forwarding → Virtual Servers

Essential Port Forwards (Configure First):

# VPN Access (Highest Priority)
Service Name: WireGuard-Atlantis
External Port: 51820
Internal IP: 192.168.1.100
Internal Port: 51820
Protocol: UDP
Status: Enabled

Service Name: WireGuard-Concord
External Port: 51821
Internal IP: 192.168.1.102
Internal Port: 51820
Protocol: UDP
Status: Enabled

# Web Services (If needed for direct access)
Service Name: HTTP-Proxy
External Port: 80
Internal IP: 192.168.1.100
Internal Port: 8341
Protocol: TCP
Status: Enabled

Service Name: HTTPS-Proxy
External Port: 443
Internal IP: 192.168.1.100
Internal Port: 8766
Protocol: TCP
Status: Enabled

Gaming Services (Optional):

# Satisfactory Server
Service Name: Satisfactory-TCP
External Port: 7777
Internal IP: 192.168.1.103
Internal Port: 7777
Protocol: TCP
Status: Enabled

Service Name: Satisfactory-UDP
External Port: 7777
Internal IP: 192.168.1.103
Internal Port: 7777
Protocol: UDP
Status: Enabled

# Left 4 Dead 2 Server
Service Name: L4D2-Game
External Port: 27015
Internal IP: 192.168.1.103
Internal Port: 27015
Protocol: Both (TCP & UDP)
Status: Enabled

Service Name: L4D2-SourceTV
External Port: 27020
Internal IP: 192.168.1.103
Internal Port: 27020
Protocol: UDP
Status: Enabled

Service Name: L4D2-Client
External Port: 27005
Internal IP: 192.168.1.103
Internal Port: 27005
Protocol: UDP
Status: Enabled

---

🌐 Dynamic DNS Configuration

Navigate to: Advanced → Network → Dynamic DNS

For Common DDNS Providers:

# Synology DDNS (if using vishinator.synology.me)
Service Provider: Synology
Domain Name: vishinator.synology.me
Username: [Your Synology account]
Password: "REDACTED_PASSWORD" Synology password]
Status: Enabled

# No-IP
Service Provider: No-IP
Domain Name: yourdomain.ddns.net
Username: [Your No-IP username]
Password: "REDACTED_PASSWORD" No-IP password]
Status: Enabled

# DynDNS
Service Provider: DynDNS
Domain Name: yourdomain.dyndns.org
Username: [Your DynDNS username]
Password: "REDACTED_PASSWORD" DynDNS password]
Status: Enabled

# Custom DDNS (if using other provider)
Service Provider: Custom
DDNS Server: your-ddns-provider.com
Domain Name: yourdomain.example.com
Username: [Your username]
Password: "REDACTED_PASSWORD" password]
Status: Enabled

Test DDNS Configuration:

# Wait 5-10 minutes after configuration, then test:
nslookup vishinator.synology.me
dig vishinator.synology.me

# Should return your external IP address
# Compare with:
curl ifconfig.me

---

📶 WiFi Configuration

Navigate to: Wireless → Wireless Settings

2.4 GHz Band:

Network Name (SSID): YourNetwork_2.4G
Security: WPA3-Personal (or WPA2/WPA3-Personal if older devices)
Password: "REDACTED_PASSWORD" password - save to password manager]
Channel: Auto (or manually select 1, 6, or 11)
Channel Width: 40 MHz
Transmit Power: High

5 GHz Band:

Network Name (SSID): YourNetwork_5G
Security: WPA3-Personal
Password: "REDACTED_PASSWORD" as 2.4G or different - your choice]
Channel: Auto (or manually select DFS channels for less congestion)
Channel Width: 160 MHz (for maximum speed)
Transmit Power: High

6 GHz Band (WiFi 7):

Network Name (SSID): YourNetwork_6G
Security: WPA3-Personal (required for 6 GHz)
Password: "REDACTED_PASSWORD" as others or different]
Channel: Auto
Channel Width: 320 MHz (WiFi 7 feature)
Transmit Power: High

Guest Network (Optional):

# Navigate to: Wireless → Guest Network

2.4 GHz Guest:
Enable: ✅
Network Name: YourNetwork_Guest
Security: WPA3-Personal
Password: "REDACTED_PASSWORD" password]
Access: Internet Only (no local network access)
Bandwidth Control: 50 Mbps (limit guest usage)

---

🔒 Security Configuration

Firewall Settings

# Navigate to: Advanced → Security → Firewall

SPI Firewall: ✅ Enabled
DoS Attack Protection: ✅ Enabled
VPN Passthrough: ✅ Enabled (for WireGuard/Tailscale)
UPnP: ✅ Enabled (for automatic port mapping)

Access Control

# Navigate to: Advanced → Security → Access Control

# Block malicious websites
Online Security: ✅ Enabled

# Time-based access control (optional)
Parental Controls: Configure as needed

# MAC Address Filtering (high security environments)
Wireless MAC Filtering: Configure if needed

Admin Security

# Navigate to: Advanced → System → Administration

# Remote Management (disable for security)
Web Management: Local Only
SSH: Disabled (unless needed)
Telnet: Disabled

# Session Timeout
Timeout: 10 minutes

# HTTPS Management (enable for security)
HTTPS: ✅ Enabled
HTTP Redirect to HTTPS: ✅ Enabled

---

⚡ Performance Optimization

QoS Configuration

# Navigate to: Advanced → QoS

# Enable QoS for better performance
QoS: ✅ Enabled

# Set bandwidth limits (adjust for your internet speed)
Upload Bandwidth: [Your upload speed - 10%]
Download Bandwidth: [Your download speed - 10%]

# Device Priority (set homelab hosts to high priority)
High Priority Devices:
- atlantis (192.168.1.100)
- calypso (192.168.1.101)
- concord-nuc (192.168.1.102)

# Gaming Mode (if hosting game servers)
Gaming Mode: ✅ Enabled
Gaming Device: homelab-vm (192.168.1.103)

Advanced Wireless Settings

# Navigate to: Wireless → Advanced

# Optimize for performance
Beamforming: ✅ Enabled
Airtime Fairness: ✅ Enabled
Band Steering: ✅ Enabled (automatically move devices to best band)
Load Balancing: ✅ Enabled
Fast Roaming: ✅ Enabled

# WiFi 7 Features (BE800 specific)
Multi-Link Operation (MLO): ✅ Enabled
320 MHz Channel Width: ✅ Enabled (6 GHz)
4K-QAM: ✅ Enabled

---

🔧 Homelab-Specific Features

Port Aggregation (Link Aggregation)

# If you have multiple connections to NAS devices
# Navigate to: Advanced → Network → Link Aggregation

# Configure LACP for Synology NAS (if supported)
Group Name: NAS-Bond
Member Ports: LAN1, LAN2
Mode: 802.3ad (LACP)

VLAN Configuration (Advanced)

# Navigate to: Advanced → Network → VLAN

# Separate IoT devices (optional)
VLAN ID: 10
VLAN Name: IoT
IP Range: 192.168.10.1/24
DHCP: Enabled

# Separate guest network
VLAN ID: 20
VLAN Name: Guest
IP Range: 192.168.20.1/24
DHCP: Enabled

VPN Server (Built-in)

# Navigate to: Advanced → VPN Server

# OpenVPN Server (alternative to WireGuard)
OpenVPN: ✅ Enabled
Service Type: UDP
Service Port: 1194
Client Access: Internet and Home Network
Max Clients: 10

# Generate certificates and download client config

---

📊 Monitoring and Maintenance

System Monitoring

# Navigate to: Advanced → System → System Log

# Enable logging
System Log: ✅ Enabled
Log Level: Notice
Remote Log: Configure if using centralized logging

# Monitor these logs:
- DHCP assignments
- Port forwarding activity
- Security events
- System errors

Traffic Analysis

# Navigate to: Advanced → Network → Traffic Analyzer

# Monitor bandwidth usage
Traffic Analyzer: ✅ Enabled
Real-time Monitor: ✅ Enabled

# Set up alerts for unusual traffic
Bandwidth Monitor: ✅ Enabled
Alert Threshold: 80% of total bandwidth

Firmware Updates

# Navigate to: Advanced → System → Firmware Update

# Check for updates monthly
Auto Update: ✅ Enabled (or manual for stability)
Update Check: Weekly
Backup Settings: ✅ Before each update

# Current firmware info:
Hardware Version: Archer BE800 v1.6
Firmware Version: [Check TP-Link website for latest]

---

🚨 Disaster Recovery Procedures

Backup Router Configuration

# Navigate to: Advanced → System → Backup & Restore

# Export current configuration
Backup: Click "Backup"
Save file as: archer-be800-config-$(date +%Y%m%d).bin
Store in: ~/homelab-recovery/router-backups/

# Schedule regular backups (monthly)

Factory Reset Procedure

# If router becomes unresponsive:

# Method 1: Web Interface
# Navigate to: Advanced → System → Backup & Restore
# Click "Factory Restore"

# Method 2: Hardware Reset
# 1. Power on router
# 2. Hold Reset button for 10 seconds while powered on
# 3. Release button and wait for reboot (2-3 minutes)
# 4. Router will return to default settings (192.168.0.1)

Quick Recovery Checklist

# After factory reset or new router installation:

☐ Connect to http://192.168.0.1 (default IP)
☐ Run initial setup wizard
☐ Change router IP to 192.168.1.1
☐ Reconnect to http://192.168.1.1
☐ Configure DHCP pool (192.168.1.100-200)
☐ Add all static IP reservations
☐ Configure port forwarding rules
☐ Set up Dynamic DNS
☐ Configure WiFi networks
☐ Enable security features
☐ Restore from backup if available
☐ Test all services and external access
☐ Update documentation with any changes

---

🔍 Troubleshooting

Common Issues and Solutions

Can't Access Router Interface

# Check connection
ping 192.168.1.1  # or 192.168.0.1 for default

# Clear browser cache
Ctrl+F5 (Windows) or Cmd+Shift+R (Mac)

# Try different browser or incognito mode
# Try direct IP: http://192.168.1.1
# Try hostname: http://tplinkwifi.net

# Reset network adapter
sudo dhclient -r && sudo dhclient  # Linux
ipconfig /release && ipconfig /renew  # Windows

Slow WiFi Performance

# Check channel congestion
# Use WiFi analyzer app to find best channels

# Optimize settings:
# - Use 160 MHz on 5 GHz
# - Use 320 MHz on 6 GHz (WiFi 7)
# - Enable all performance features
# - Update device drivers
# - Position router centrally and elevated

Port Forwarding Not Working

# Verify settings:
# 1. Correct internal IP address
# 2. Service is running on internal host
# 3. Firewall allows traffic on internal host
# 4. External port is not blocked by ISP

# Test internal connectivity first:
telnet 192.168.1.100 8341  # Test from inside network

# Test external connectivity:
# Use online port checker or different network

DDNS Not Updating

# Check DDNS status in router logs
# Verify credentials are correct
# Test manual update:
curl -u "username:password" \
  "https://your-ddns-provider.com/update?hostname=yourdomain&myip=$(curl -s ifconfig.me)"

# Check if external IP changed:
curl ifconfig.me
nslookup yourdomain.ddns.net

---

📱 Mobile App Management

TP-Link Tether App

# Download from app store: "TP-Link Tether"

# Features available:
- Remote router management
- Guest network control
- Device management
- Parental controls
- Speed test
- Network map
- Firmware updates

# Setup:
# 1. Connect phone to router WiFi
# 2. Open Tether app
# 3. Create TP-Link ID account
# 4. Add router to account
# 5. Enable remote management

Remote Management Setup

# Navigate to: Advanced → System → TP-Link Cloud

# Enable cloud management
TP-Link Cloud: ✅ Enabled
Account: [Your TP-Link ID]
Device Name: Homelab-Router-BE800

# Security considerations:
# - Use strong TP-Link ID password
# - Enable 2FA on TP-Link account
# - Regularly review connected devices
# - Disable if not needed for security

---

🔗 Integration with Homelab Services

Pi-hole Integration

# If running Pi-hole on Atlantis (192.168.1.100):

# Method 1: Router DNS Settings
Primary DNS: 192.168.1.100
Secondary DNS: 1.1.1.1

# Method 2: DHCP DNS Override
# Advanced → Network → DHCP Server
Primary DNS: 192.168.1.100
Secondary DNS: 1.1.1.1

# This will make all devices use Pi-hole for DNS

Tailscale Subnet Routing

# Configure router to work with Tailscale subnet routing

# 1. Ensure UPnP is enabled (for automatic port mapping)
# 2. Add static route if needed:
#    Advanced → Network → Routing
#    Destination: 100.64.0.0/10 (Tailscale network)
#    Gateway: 192.168.1.100 (Atlantis - Tailscale exit node)
#    Interface: LAN

Monitoring Integration

# Enable SNMP for monitoring (if needed)
# Advanced → Network → SNMP

SNMP: ✅ Enabled
Community: public (change for security)
Contact: admin@yourdomain.com
Location: Home Lab

# Add router to Prometheus monitoring:
# - SNMP exporter configuration
# - Router metrics in Grafana
# - Bandwidth monitoring
# - Device count tracking

---

📋 Configuration Summary

Quick Reference Settings

# Network Configuration
Router IP: 192.168.1.1
Subnet: 192.168.1.0/24
DHCP Range: 192.168.1.100-200
DNS: 1.1.1.1, 8.8.8.8 (or Pi-hole)

# WiFi Networks
2.4 GHz: YourNetwork_2.4G (WPA3, 40 MHz)
5 GHz: YourNetwork_5G (WPA3, 160 MHz)
6 GHz: YourNetwork_6G (WPA3, 320 MHz)

# Essential Port Forwards
51820/UDP → 192.168.1.100:51820 (WireGuard Atlantis)
51821/UDP → 192.168.1.102:51820 (WireGuard Concord)
80/TCP → 192.168.1.100:8341 (HTTP Proxy)
443/TCP → 192.168.1.100:8766 (HTTPS Proxy)

# Static IP Assignments
Atlantis: 192.168.1.100
Calypso: 192.168.1.101
Concord-NUC: 192.168.1.102
Homelab-VM: 192.168.1.103
[... all other hosts as documented]

---

🔗 Related Documentation

• Disaster Recovery Guide - Complete router failure recovery
• Port Forwarding Guide - Detailed port configuration theory
• Tailscale Setup Guide - Alternative to port forwarding
• Network Architecture - Overall network design
• Security Model - Security considerations

---

💡 Pro Tip: The TP-Link Archer BE800 is a powerful WiFi 7 router with advanced features. Take advantage of the 320 MHz channels on 6 GHz for maximum performance with compatible devices, and use the multiple 2.5 Gbps ports for high-speed connections to your NAS devices!