The two methods in the manual describe using the Archer C9 as a wireless extender, and connecting directly into the service provider's cable/DSL modem, such that all network traffic going to the Internet would end up going through the router. This is problematic for me, as I have my own firewall connected to the cable modem, and I don't really want to put this new device out in the wild, with a public IP address.
My particular use case involves simply connecting the wireless to a switch on my network, then enabling the wireless so anyone connecting can get access to the internal network, and Internet, but enjoy the protection of the firewall. It looks like this:
In order to get this to work, we have to deviate from the instruction manual just a bit.
Step 1: Connect the Device to the Network
Plug a standard network cable into any of the 4 LAN ports on the back (it doesn't matter which one; just don't connect to the Internet or WAN port). Plug the other end of the cable into a switch that supplies the rest of the house with network connectivity. Plug the power adapter into the wall, then into the device. Turn the power on.
Step 2: Connect to the Wireless
In order to connect for the first time, you'll want to connect to the wireless, first. You'll see the default SSIDs show up. Select one, then when asked for a password, type the device's PIN (the 8-digit code printed on the back label).
Step 3: Configure a Password
The router is delivered with a default password. It's the same 8-digit PIN used as the wireless password. When starting the configuration for the first time, you'll be asked to configure a new password. Type in each of the provided boxes on the screen.
Step 4: Configure the LAN Interface
Once you are logged in, you will be presented with a page that has three tabs, Quick Setup, Basic, and Advanced. We'll be working strictly in the Advanced tab. Once in Advanced, select the Network item in the left menu, then select LAN. Here, you can set up the device's IP address and Subnet mask. Select an IP address that is 1) in the same subnet as your firewall or cable modem, and 2) is not being served through DHCP. (If you don't know, check your cable modem configuration or that of your firewall, if you have one. If DHCP is enabled, there will be a set of starting and ending IP addresses for the range. The TP Link's IP address must be outside of this range.) Finally, click Save.
Step 5: Configure DHCP
I'm serving addresses via DHCP from my internal firewall, so I don't need a second DHCP server. I just disabled it. If you need to assign IP addresses to new devices automatically, perform 5b, otherwise perform 5a.
5a. Click the DHCP Server link further down in the Network group of options we opened earlier. Uncheck the Enable DHCP Server checkbox, then hit Save.
5b. Select a starting and ending IP range in the IP Address Pool boxes. Set the Default Gateway to be the IP address of your firewall or cable modem. Set the Primary and Secondary DNS addresses. Normally, if you have a device connected to the cable modem, it will obtain these addresses from your service provider's DNS servers. You can also look around the Internet for a couple of publicly-available DNS servers. Once complete, hit the Done button.
6: Set Up the Wireless Radios
Next, Click on the Wireless item on the left menu, and select Wireless Settings. You'll want to set the Network Name(SSID) field to something you can easily recognize on your phone, tablet, or laptop. Next set the Security to WPA/WPA2-Personal (the other options are for older technologies, and are not nearly as secure). Version and Encryption can bot be left on Auto. Give the wireless a good password. Generally, a 20-character (or longer) password is considered appropriate. Use a combination of Upper and lower case characters, numbers, and one or more special characters. I have found that combining a word with a number with a nonsense word that is easy to remember tends to be a good method. For example:
BoBcat.8675309-XPEKT
This is relatively easy to remember, but long enough, and using enough different types of characters that it will be difficult to crack using a brute-force attack. Also, change this password every quarter or every 6 months at the latest. The longer it sits on the router, the more time people have to try to figure it out. Leave the remaining settings as they are, and click Save. If you look in the upper right corner, you should see a line that looks like:
2.4GHz | 5 GHz
This allows you to switch between each radio's configuration settings. (I'm running version 1.2.4; earlier versions just put the 5GHz radio settings underneath the 2.4GHz radio settings.) Click on the 5GHz to show that radio's settings. repeat the steps in this section for that radio, with a few differences: specifically, use a different SSID and a different password. Everything else can remain as set above, or on the defaults.
Step 7: Set Up the Time
At the bottom of the left menu is a tab called System Tools. Select that, then select Time Settings. Select your timezone, then hit Save.
Step 8: Reboot
Click the Reboot icon in the upper right corner of the configuration page, then wait. This step is critical, as if there are any settings that did not get saved, they will be lost the next time the router loses power.
Step 9: Test
You should now be able to connect to the Wireless, and access the Internet.
