LAN

LAN allows you to partition your network into different subnets such that downstream hosts are separated into different broadcast domains based on the VLAN they operate in. VLAN-based network separation can be an effective tool for isolating and identifying different segments of your network and therefore provides an additional layer of security and control. The EnGenius Gateway can have multiple LAN IPs, each of which is the default gateway address on its particular VLAN.

You can access this page through Configure > Gateway > Interface > LAN

There are two modes for the LAN Interface

Hybrid Port

The ESG can support a single Bridge and multiple VLANs. The same LAN port can be added to both a bridge and VLAN simultaneously.

Multiple Bridge

the ESG provides the flexibility to operate in multiple untagged subnets (Bridges) and multiple tagged subnets (VLANs) on the LAN side. If you want to have multi-untagged subnet environments, you can use Multiple bridge mode. However, The same LAN port cannot be added to both a bridge and VLAN simultaneously.

How to configure Multiple untagged subnets on your network

  1. Select the "Multiple Bridge"

  1. Add another interface and set Bridge mode

  1. Verify the Untagged subnets if this is OK

How to Add an Interface

To add a new Interface, click Add Interface at the top right of the LAN table. To modify an existing LAN, click the Interface name in the LAN table.

Good to know

  1. The max LAN Interface will be 128.

  2. The default LAN(VLAN 1) sends and receives untagged Ethernet frames only. The other VLANs must be tagged with 802.1Q VLAN ID.

Addressing

You can click the LAN interface name to access the below screens.

Name: Enter the LAN interface name

IP address: Use this option to enter the IP subnet and IP address of the gateway for the LAN Interface. For example, if the IP subnet is 192.168.100.0/24 and the gateway's IP Address is 192.168.100.1/24, please enter 192.168.100.1/24.

Use VPN: Determines whether the EnGenius Gateway advertises this LAN Interface to site-to-site VPN peers.

Port: select the port to use the LAN Interface.

DHCP

The EnGenius gateway provides a fully-featured DHCP service when configured in Routed mode on the Configure > Gateway > Interface > WAN > Operation mode page. You can enable and configure the DHCP service on each LAN Interface individually, You can access this screen on the Configure >Gateway > Interface > DHCP page.

The configuration options include:

  • Client Addressing: Choose Run a DHCP server to enable DHCP services on that particular VLAN

  • DNS Servers: DNS servers that the DHCP server will instruct the clients to use

  • Reserved IP range: IP ranges that are reserved and therefore will not be assigned to clients.

  • Fixed IP List: IP addresses that are allocated to specific devices by MAC address to ensure that these devices always get the same IP address when they make a DHCP request.

Advanced Setting:

  • Lease Time: Specify the DHCP address lease time, the default is 1 day. You can select 30 minutes,1 hour, 4 hours, 12 hours, 1 day, and 1 week.

  • Additional Options: Specify additional DHCP options sent to the DHCP client by clicking +Add

The Largest DHCP pool the EnGenius Gateway will serve is equivalent in size to a /19 subnet, even on a LAN configured with a larger subnet.

DHCP Relay

If you want to forward DHCP requests for a configured subnet or VLAN to another DHCP server rather than serving DHCP on the EnGenius Gateway, you can do so by choosing the Relay DHCP to another subnet DHCP server option for Client addressing and entering the IP address of the DHCP server you wish to forward requests to.

The DHCP relay server must be reachable in one of the following three ways:

  • The DHCP server is in a local VLAN configured on the EnGenius Gateway

  • EnGenius Gateway's DHCP server in all LAN interfaces is disabled.

  • The DHCP server is in a subnet for which a static LAN route is configured on the EnGenius Gateway.

This option will only appear if you have VLANs enabled at the EnGenius Gateway.

Captive Portal

Authentication Type

There are 2 options, Click-through and Custom RADIUS (External)

Click-through: After a client opens and enters a URL on his/her browser, the Client browser will be redirected to a Captive Portal splash page without username/password authentication required. But the client must view and acknowledge the splash page before being allowed to access the network.

Custom RADIUS (External): After a client opens and enters a URL on his/her browser, the client will be redirected to a Captive Portal splash page where username/password authentication is required before being allowed to access the network. An external RADIUS server must be set up to authenticate the client’s username/password. Enter the following settings for your gateway to access external RADIUS servers for authentication. You can configure 2 RADIUS servers for redundancy.

  • Server 1: IP address, Port number, and shared secret

  • Server 2: IP address, Port number, and shared secret

  • NAS ID: For NAS(Network Access Server) ID, please enter an ID for your gateway to access the RADIUS servers specified.

  • NAS IP: For NAS(Network Access Server) IP, please enter a VLAN IP address of your gateway for your gateway to access the RADIUS servers specified as the source IP address.

  • NAS Port: For NAS(Network Access Server) port, please enter a port number for your gateway to access the RADIUS servers specified as the source TCP port number.

Redirect URL

Select one of the 2 options below to redirect the client after successfully passing the Cut-through splash page or the Custom RADIUS (External) splash authentication page.

Redirect to the original URL: Select this option to cache the initial website from the client during the authentication process and then forward it to the originally targeted web server after the user successfully authenticates.

Redirect users to a new URL: Select this option to redirect users to a pre-designated URL after the user successfully authenticates.

Advanced Setting

Session Timeout: Specify a time limit after which users will be disconnected and required to log in again.

Idle Timeout: Specify a time limit for an idle client after which users will be disconnected and required to log in again.

Walled Garden: This option allows users to define network destinations that users can access before authenticating. For example, your company's website.

Splash Page

With a splash page, you can channel LAN users to see a custom page before they can access the Internet.

You can click here to see the details

Last updated