LAN
Last updated
Last updated
LAN allows you to partition your network into different subnets such that downstream hosts are separated into different broadcast domains based on the VLAN they operate in. VLAN-based network separation can be an effective tool for isolating and identifying different segments of your network and therefore provides an additional layer of security and control. The EnGenius Gateway can have multiple LAN IPs, each of which is the default gateway address on its particular VLAN.
You can access this page through Configure > Gateway > Interface > LAN
There are two modes for the LAN Interface
The ESG can support a single Bridge and multiple VLANs. The same LAN port can be added to both a bridge and VLAN simultaneously.
the ESG provides the flexibility to operate in multiple untagged subnets (Bridges) and multiple tagged subnets (VLANs) on the LAN side. If you want to have multi-untagged subnet environments, you can use Multiple bridge mode. However, The same LAN port cannot be added to both a bridge and VLAN simultaneously.
Select the "Multiple Bridge"
Add another interface and set Bridge mode
Verify the Untagged subnets if this is OK
To add a new Interface, click Add Interface at the top right of the LAN table. To modify an existing LAN, click the Interface name in the LAN table.
Good to know
The max LAN Interface will be 128.
The default LAN(VLAN 1) sends and receives untagged Ethernet frames only. The other VLANs must be tagged with 802.1Q VLAN ID.
You can click the LAN interface name to access the below screens.
Name: Enter the LAN interface name
IP address: Use this option to enter the IP subnet and IP address of the gateway for the LAN Interface. For example, if the IP subnet is 192.168.100.0/24 and the gateway's IP Address is 192.168.100.1/24, please enter 192.168.100.1/24.
Use VPN: Determines whether the EnGenius Gateway advertises this LAN Interface to site-to-site VPN peers.
Port: select the port to use the LAN Interface.
The EnGenius gateway provides a fully-featured DHCP service when configured in Routed mode on the Configure > Gateway > Interface > WAN > Operation mode page. You can enable and configure the DHCP service on each LAN Interface individually, You can access this screen on the Configure >Gateway > Interface > DHCP page.
The configuration options include:
Client Addressing: Choose Run a DHCP server to enable DHCP services on that particular VLAN
DNS Servers: DNS servers that the DHCP server will instruct the clients to use
Reserved IP range: IP ranges that are reserved and therefore will not be assigned to clients.
Fixed IP List: IP addresses that are allocated to specific devices by MAC address to ensure that these devices always get the same IP address when they make a DHCP request.
Lease Time: Specify the DHCP address lease time, the default is 1 day. You can select 30 minutes,1 hour, 4 hours, 12 hours, 1 day, and 1 week.
Additional Options: Specify additional DHCP options sent to the DHCP client by clicking +Add
The Largest DHCP pool the EnGenius Gateway will serve is equivalent in size to a /19 subnet, even on a LAN configured with a larger subnet.
If you want to forward DHCP requests for a configured subnet or VLAN to another DHCP server rather than serving DHCP on the EnGenius Gateway, you can do so by choosing the Relay DHCP to another subnet DHCP server option for Client addressing and entering the IP address of the DHCP server you wish to forward requests to.
The DHCP relay server must be reachable in one of the following three ways:
The DHCP server is in a local VLAN configured on the EnGenius Gateway
EnGenius Gateway's DHCP server in all LAN interfaces is disabled.
The DHCP server is in a subnet for which a static LAN route is configured on the EnGenius Gateway.
This option will only appear if you have VLANs enabled at the EnGenius Gateway.
There are 2 options, Click-through and Custom RADIUS (External)
Click-through: After a client opens and enters a URL on his/her browser, the Client browser will be redirected to a Captive Portal splash page without username/password authentication required. But the client must view and acknowledge the splash page before being allowed to access the network.
Custom RADIUS (External): After a client opens and enters a URL on his/her browser, the client will be redirected to a Captive Portal splash page where username/password authentication is required before being allowed to access the network. An external RADIUS server must be set up to authenticate the client’s username/password. Enter the following settings for your gateway to access external RADIUS servers for authentication. You can configure 2 RADIUS servers for redundancy.
Server 1: IP address, Port number, and shared secret
Server 2: IP address, Port number, and shared secret
NAS ID: For NAS(Network Access Server) ID, please enter an ID for your gateway to access the RADIUS servers specified.
NAS IP: For NAS(Network Access Server) IP, please enter a VLAN IP address of your gateway for your gateway to access the RADIUS servers specified as the source IP address.
NAS Port: For NAS(Network Access Server) port, please enter a port number for your gateway to access the RADIUS servers specified as the source TCP port number.
Select one of the 2 options below to redirect the client after successfully passing the Cut-through splash page or the Custom RADIUS (External) splash authentication page.
Redirect to the original URL: Select this option to cache the initial website from the client during the authentication process and then forward it to the originally targeted web server after the user successfully authenticates.
Redirect users to a new URL: Select this option to redirect users to a pre-designated URL after the user successfully authenticates.
Session Timeout: Specify a time limit after which users will be disconnected and required to log in again.
Idle Timeout: Specify a time limit for an idle client after which users will be disconnected and required to log in again.
Walled Garden: This option allows users to define network destinations that users can access before authenticating. For example, your company's website.
With a splash page, you can channel LAN users to see a custom page before they can access the Internet.
You can click here to see the details
