This session will assist you in setting up a new network on the EnGenius Cloud web application. For easier, faster setup, use the EnGenius Cloud for iOS or EnGenius Cloud for Android mobile apps. No matter which version you start with, you can always switch seamlessly between the web and mobile.

Other Languages: 日本語

Before You Begin

To start using the EnGenius Cloud service, you must prepare the following:

• At least one supported EnGenius Cloud wireless access point or switch.

• An existing network with an Internet connection including DHCP and DNS configuration.

Supported Web Browsers

The EnGenius Cloud is primarily accessible with a web browser. Before signing up for the EnGenius Cloud service or logging on to the web interface to manage your network, first verify that you are using a supported browser.

The following table lists the web browsers that EnGenius Cloud supports:

If you use an unsupported web browser, you may experience issues displaying elements on the web interface.

Before devices on EnGenius Cloud can be managed and configured, they must be added to a network that you have created.

Adding Devices to a Network

1. Navigate to Organization > Inventory.

2. Select one or multiple devices as required.

3. Click Assign to Network.

ECW AP Installation

ECW AP Package Contents

-ECW115

Minimum Access Requirement

Power source option - An ECW AP device can be powered by an 802.3af/at-compliant PoE device or by DC12V input

Ethernet port:

• LAN (PoE): Uplink port accepts an 802.3af/at power source.

• LAN2: Data link if this port is built on a device.

Connect the AP to Internet:

You need to find a way to let the Cloud AP be able to access internet, so it can be managed by EnGenius Cloud.

• Connect the uplink LAN port to a switch port or port of router: This is the most common way to let AP be able to access Internet. (Note: please make sure the port is internet accessible by connecting a notebook to the port and browse the internet)

• Use your existing Cloud-managed ECW AP to mesh the new AP: Sometimes the place the AP installed is not accessible with Ethernet cable, then you can leverage EnGenius Mesh technology to mesh the new AP to your existing cloud-managed ECW AP.

• After internet connected, you will see Power LED blinking until the AP is able to communicate with EnGenius Cloud and the LED becomes steady lid. Usually it will take about 8 mins if there is new firmware available to upgrade.

• If the LED keeps blinking, then there could be some issues like no IP address, or local proxy server setting required...etc. To set static IP or Proxy, or managed VLAN, you can login to Local Access Page through Managed SSID of the AP.

ECS Switch Installation

ECS Switch Package Contents

Connecting to ECS Switch

A) Connect the supplied power adapter (or power cord) to the switch and plug the other end into an electrical outlet. Verify the power LED indicator is lit on the switch. Wait for the switch to complete boot up. It might take few minutes to complete the process.

B) Connect one end of a category 5/6 Ethernet cable into the gigabit (10/100/1000) Ethernet port on the switch’s front panel and the other end to the Ethernet port on the computer. Verify that the LED on the Ethernet port of the switch is green.

Login to the ECS Switch Local Access Page

The switch's default IP address setting is DHCP client mode, which will get an IP address from the DHCP server. It will automatically change to static IP address assignment if the switch cannot get an IP address from the DHCP server within two minutes of booting up.

If your switch cannot get an IP address from local DHCP server, or you would like to use static IP address assignment, you may follow the below procedures to manage your computer connection to the switch via a static IP address.

IP address configuration on your computer:

A) Once your computer is on, configure the settings of your network adapter. Open Network Connections > Local Area Connection > Internet Protocol Version 4 (TCP/IPv4) > Properties

B) Select Use the following IP address and make the following entries:

• IP Address: 192.168.0.10 (or any address in the 192.168.0.x network)

• Subnet mask: 255.255.255.0

Login to ECS Switch

A) Open a web browser on your computer. In the address bar of the web browser, enter the ECS switch IP address and hit enter.

B) The default username is admin and the password is password. We strongly recommend that you change these as soon as possible. Enter the username and password of the switch and then click Login.

*Your model number may be different in the web browser interface.

C) ECS Switch local access page will appear.

1. Check the to see if any problem encountered. If Power LED keeps flashing for over 10 minutes, then there could be Cloud connection issues.

2. Use your mobile phone to scan if Default SSID of the AP found. (you have to be around the AP location) From the Default SSID, you can also identify which stage the AP is stuck on. See .

3. To troubleshoot the connection issue, you may login to Local page:

   1. Use your client device (e.g., a laptop, mobile device, or tablet) to find the SSID: “EnMGMTxxxx” (xxxx is the last four digits of LAN MAC which can be found on the back of the device) and connect to it.

   2. Enter the URL in web browser: or the IP 192.168.1.1 to access the device’s user interface. You can review device status after logging into the AP with the default account/password ( default admin account/ password : admin/ admin.)

Issue: Cannot find Default SSID

1. Check for available wireless networks (Check if a known is being broadcast).

2. If a default SSID is being broadcast, connect your device to it.

3. If no known default SSIDs are present, set up a manual wireless network connection. For the SSID name, use 'EnMGMT', e.g. 'EnMGMTxxxx', where the x's are replaced with the last four digits of the LAN MAC address.

4. After connecting, open a web browser and connect to one of the local access page addresses.

Once your account has been created, you can login to EnGenius Cloud in the following steps:

1. Open a web browser to . This will bring up the main login page.

2. Enter your EnGenius Cloud email address and password and click the Sign in button.

3. For EnGenius Partner who has account on EnGenius Partner Portal already, you can simply click on "E Partner" button, and EnGenius Partner Portal will pop up login page for you to use Single-Sign-On capability of Partner Portal to log on to EnGenius Cloud

4. For Google and Facebook users, you can also click on "Google" or "Facebook" button to use your account on Google and Facebook to log on to EnGenius Cloud

5. EnGenius Cloud will create a new default Organization and Network for every new account based on the email address as unique user identification. (note: If someone is invited to an Organization or Network, this account won't have default Organization and Network.) If you have multiple accounts created on EnGenius Cloud, EnGenius Cloud will merge your accounts based on the "email address" of the account. For example, if you have created a new account on EnGenius Cloud using the same email address as your google account, then you're able to login to this email account either through Google account authentication with Google account password, or through EnGenius Cloud Login with the password while you created the EnGenius Cloud account.

Before devices can be assigned to the network, they must be registered to an Organization that you preferred in advance.

1. Locate the serial number located on the bottom of the device.

2. Navigate to Organization > Inventory & License and click the Register Device on the top of the table.

3. Enter the serial number that you located in the device and enter them. If you have multiple devices you can enter the SN one per row, so devices could be registered at once. And then click the Register button.

1. Use your client device (e.g., a laptop, mobile device, or tablet) to find the SSID: “EnMGMTxxxx” (xxxx is the last four digits of the MAC address, found on the back of the device) and connect to it.

2. Under your web browser, enter the URL or the localhost IP address (192.168.1.1) to access the device’s user interface. You can review device status after logging into the AP with the default admin account/password (default account & password: admin/admin)

By default, EnGenius cloud access points (ECW series) are assigned an IP address dynamically by the DHCP server. If you encounter issues with IP address assignment, please double check that the IP settings include IP address, subnet mask, gateway, proxy, and management VLAN. If any issues still exist, you may change your IP assignment from "DHCP mode" to "Static IP" via the following procedure:

Local Access Page Options

Every device's status page includes useful information about the status of the device, basic configuration options (such as setting a static IP), and other tools. The following section will explain the items available on the device status page.

ECW Access Points provide the following information and configuration options on their local status page:

Device Status Section

Contains information regarding the device overview, EnGenius Cloud overview, and network connectivity information.

Device Overview

Provides information regarding the name, model, serial number, IP address, MAC address, and current firmware.

Cloud Overview

Provides information about the Cloud registration status, date of registration, and time of last update.

Network Connectivity

Provides connectivity information to local network, Internet, and EnGenius Cloud.

Local Setting Section

Provides settings for IPv4 / IPv6 address, management VLAN, firmware upgrade, and other miscellaneous configuration items (such as HTTP/HTTPS Proxy). Users can also reboot the device or reset the device to factory default settings from here.

A network contains a list of devices and relevant information, such as configuration, SSID, radio settings, and firmware upgrade history. Each network contains a single configuration set for its devices, so if you have multiple configurations for devices, you can create a separate network to handle that.

Adding a network

1. Click Menu > Choose organization or hierarchy > Create network

2. Enter a name for the network, select the country, time zone, and then click Create.

Edit Network

Network name, country, and timezone can be edited as needed. Follow the steps below to edit a network.

Choose network > Edit

Delete Network

If you no longer need a network that you previously created, you can delete it.

Follow these steps to delete a network.

1. Click Menu > Choose network > Delete

2. Popup is displayed. Click Confirm.

Once you created Orgs and Networks to define the scope of managed networks, next step is to add the devices to the managed network and manage them. To manage the Access Points in a Network, trigger the toolbar menu at the left-hand side: Manage > Access Points.

Add an AP to Network

Click on Add from Inventory button. You can then pick the devices registered to the Org previously and add them to current Network.

Quickview Panel

Single click on the row of a AP (anywhere but hyperlink). It invokes a Quickview Panel that helps showing important status and key configurations for you. User can quickly finetune settings and do comparisons among different APs without going in and out different pages.

Customize Radio Settings

It's pretty common that for some cases you need to set channel or Tx power for specific APs. This would require the capability to override network's default radio settings.

Follow these steps to customize the radio settings for an AP.

1. Choose an access point from the list to show its expanded settings.

2. In the Radio section, click the checkbox below the lock icon to override default settings.

3.Configure the following settings for both the 2.4GHz and 5GHz radio band:

• Channel

• Tx Power

• Channel Width

4. Click Apply.

Customize SSID settings

Although APs in the same network share the same SSID settings, sometimes you just do not want a specific AP to enable all SSIDs in the network. For example, you don't want the SSID of financial department to be enabled and accessible everywhere. In the Quickview Panel, you can also finetune and override SSID settings.

Follow the steps to override network-wide settings and enable or hide the SSID of a network.

1. In the WLAN section, click on the checkbox near lock icon to override default settings.

2. Configure SSID to be enabled or hidden per your request.

3. Click Apply.

Manipulate APs in a Network

Once you have APs added to the network, you can apply more actions on the APs:

• Move

  Select one or multiple access points and click to move the AP(s) to another hierarchy view/network.

• Remove

  Select one or multiple access points and click to remove from the current org/hierarchy view/network.

EnGenius Cloud adopts an organization tree structure to let user define the scope of their managed networks. All device managing or monitoring functions can be applied to different scopes as laid out in the user's tree. That gives VAR or MSP users great flexibility in managing their networks.

The current organization tree structure consists of three levels, from largest to smallest:

• Organization - A grouping of one or more hierarchies under the umbrella of a single license.

• Hierarchy View - A cluster of networks, which may be geographically concentrated or spread out.

• Network - A set of network devices united by a single configuration set.

The organization tree definition is shown on the top left corner of the web GUI as follows:

How-to Videos

How to build your company networks in EnGenius Cloud

https://www.youtube.com/watch?v=sN2y44Yzi7s&feature=youtu.be&t=5

ECW AP's

The first step is to get the serial numbers of the Cloud equipment you want to add to your cloud account. The serial number can be found on the box of the Cloud AP (ECW) or Cloud switch (ECS). An example of each is below:

1. Model number of ECW AP

2. Serial Number of ECW AP (This string of information that is added in the Cloud GUI)

3. Hardware version on ECW AP

The serial number for an ECW AP can also be found on the sticker on the back on the unit (check where you plug in the Ethernet cords into the ECW AP)

Below is an example of the sticker on the back on an ECW220 AP.

As you can see the sticker on the back of the AP has the MAC address of the AP as well. It has the following items:

1.Model of AP

2.Serial number of ECW AP (This string of information that is added in the Cloud GUI)

You can also find the serial number of the ECW AP In the GUI of the ECW AP, when you login into the unit.

Highlighted below is the information needed to add the AP to the Cloud GUI, if the information is obtained via login to the ECW AP locally in the web GUI.

1. Model of the AP

2. Serial Number of ECW AP (This string of information that is added in the Cloud GUI)

3. Firmware version the AP is currently running

ECS Switches

Below is the sticker that is on the box of the ECS switch

1. Model of the ECS switch

2.Serial Number of ECW AP (This string of information that is added in the Gloud GUI)

3. Hardware version of the ECS switch

4.Firmware version that the switch came shipped with

Below is the information you find when you login to the ECS switch locally and go to System > Summary from the left hand column.

1. Model of ECS Switch

2. Serial Number of ECW AP (This string of information that is added in the Gloud GUI)

3.Firmware version the switch is currently running

A collection of hierarchy views and networks that are part of a single organizational entity, such as a company or school district. Each organization is the owner of a single license.

Adding an organization

Click Menu > Create Organization button to create organization

Edit Organization

Edit a organization if you need to update any its current settings (for example, if you want to change the Organization name, Country, TimeZone.)

Follow these steps to edit a Organization.

1. Click Menu > Find the Organization you want to edit > Edit

2. Update Network Settings as required

3. Click Apply

Delete Organization

If you no longer need a Organization that you previously created, you can delete it.

Follow these steps to delete a organization

1. Click Menu > Find the Organization you want to edit > Delete

2. Popup is displayed and click Confirm

AirGuard is EnGenius technology to detect the rogue source, evil twins, DoS attacks, and RF jamming. You can access this screen under Manage > AirGuard

Rules

1. Users should enable AirGuard first (by default: off) to activate AP to detect the rogue source

2. If Enabled "Contain all Rogue Devices", all rogue SSID devices will be contained automatically and Zero-Wait DFS will not be functional.

3. Scanning APs list down all APs who can do AirGuard (AirGuard AP), click “Details” will redirect to the AP detail page.

4. Users can set rules to categorize specific SSID or BSSIDs with a partial match or exact match.

Rogue SSID

• All SSID match “Rogue rules”

• All SSID match legitimate SSID but are not recognized by Cloud-managed device (It could be rogue AP, it also could be other vendors' legitimate AP)

• Broadcast MACs are the BSSID (MAC), detected by our AP, broadcasting the rogue SSID. It could be multiple BSSIDs. Click on the line to see detailed information.

• Seen by: the Rogue SSID might be detected by multiple EnGenius AP

• Severity: The rogue reason severity could be high and require the user’s attention. The color bar in front of the SSID indicates the severity: Very high: Red; High: Orange…

• Containment: Contained means the rogue SSID that your EnGenius AP is currently containing. Whenever a client attempts to connect to the rogue SSID, they will be forced off. Uncontained means the Rogue SSID is not currently contained.

• Move to Whitelist: If the user found the SSID should be legitimate, then he can select it and move to whitelist (move to “Other SSIDs”)

• Contain: This is the action that if you determine the Rogue SSIDs are threats to your network, you could click contain so the client will be forced off when the client attempts to connect the Rogue SSIDs.

• Uncontain: This is the action that the Rogue SSIDs were noticed during a scan, but has not been determined to be a threat to your network, so you could click Uncontain.

• More details: https://docs.engenius.ai/whitepapers/airguard/rules-and-classifications#rogue-ssids

Evil Twin

• AP impersonation: SSID = legitimate SSID and BSSID = legitimate BSSID, which means someone is using the legitimate AP’s MAC and SSID trying to steal client information

• AP spoofing: BSSID = legitimate BSSID, but not legitimate SSID

• The severity is always “Very High” and requires attention.

• More details: https://docs.engenius.ai/whitepapers/airguard/evil-twin

Malicious Attack

DoS attack trying to let clients or specific clients not able to connect to the AP

• De-Auth attack: The rogue client sends a high volume of “De-Auth” traffic, so clients are always de-auth.

• Dis-association attack: The rogue client sends a high volume of “Dis-association” traffic, so clients are always disassociated.

• Attacked Party: Either specific client (MAC address) or broadcast (all MAC ff:ff:ff:ff:ff:ff)

• More Details: https://docs.engenius.ai/whitepapers/airguard/malicious-attacks

RF Jamming

RF Jammer sends RF noise on a certain channel to increase the SNR rate or keep the SSID/channel busy, so the client cannot connect to SSIDs on the channel.

More details: https://docs.engenius.ai/whitepapers/airguard/rf-jamming

Other SSID

• There are many BYOD devices (employee’s mobile phones) broadcasting SSID for their own use, which is harmless

• Whitelisted SSID

• More Details : https://docs.engenius.ai/whitepapers/airguard/rules-and-classifications#other-ssids

For each AP, there are more settings available to configure and fine-tune the system. In addition, EnGenius Cloud collects and aggregates lots of data reported by AP periodically. Sophisticated graphs and tables are available on the AP detail page to ease the monitoring and tracking of an AP. To get all the details, on AP list page, hover your mouse cursor on the row of AP you are interested in. A Details button is shown and clicks on it to get into AP detail page.

Summary

The first TAB page summarizes AP's current settings and states. All details of configurations and statistics are shown on this page.

SSID

The SSID section allows you to check and configure the exact SSID settings for this AP.

• SSID: shows the SSID name.

• Radio: shows the Radio (2.4GHz or 5GHz bands) turned on in this AP.

• Security: security type set on the SSID.

• Captive portal: shows authentication type for captive portal.

Throughput

The Throughput section allows you to check the throughput statistics for this AP. Note that you can control the filters to get different results based on your requirement:

• By SSID

• By Time (daily/weekly/monthly)

Radio

The Radio section allows you to configure individual radio settings. The default radio setting will be followed by the network radio setting. If you want the radio settings of an access point to be different from the default, you can override them with custom values.

IP Addressing

This section allows you to configure IP address settings for the AP individually.

• DHCP: You can choose to auto assign IP addresses if there is a DHCP server in the network.

• Static: Allows you to manually assign an IP address.

  Enter the IP address you wish to assign to the access point and fill in the subnet mask, default gateway, and DNS server address.

• IPV4 Address: Enter the IP address for the access point.

• Subnet Mask: Enter the subnet mask for the access point.

• Gateway: Enter the default gateway for the access point.

• DNS Server 1: Enter the primary DNS server name.

• DNS Server 2: Enter the secondary DNS server name.

Photos

When an AP is just installed, you can take a photo (or several) on the AP and uploaded it to EnGenius Cloud as a property data for the AP. It's helpful for the installer to memorize where and how he installed the AP.

Logs

Filtering

While the device log provides a thorough timeline of events on the AP, it is usually unnecessary to view all events. The following options are available to filter down the event log as needed.

Filtering By SSID or Client

Filtering events to a specific client can help troubleshoot individual connectivity issues. Entering the MAC address, hostname, or custom name in the Client field will display only events affecting that client, excluding other client information and device events. For the same reason, SSID field can be used to filter out events related with other SSIDs.

Filtering By Date and Time

The event log shows all events for clients and devices, starting with the most recent event by default. The date and time filters are useful to display only events that happened at or before the specified time.

Filtering By Severity

The event log are categorized in different severity:

• Error

• Warning

• General

You can also set the filter to only show the logs with dedicated severity.

Filtering By Event Type

The following types of events will be reported by ECW access points:

• WLAN Client Connection

• WLAN Client Control

• WLAN Radio

• Client Roaming

• Device Status

• Mesh

• AirGuard

The filter also support all types of events listed above.

Clients

Clients page provides comprehensive details of wireless clients that ever managed by the access point.

Realtime Diagnostics

EnGenius Cloud provides powerful diag tools to track every details of your network in REALTIME. To trigger the Diag Tools, simply click on the diag button shown below:

LED Control

On the top of AP detail page, the are two buttons available to control AP LEDs instantly.

• LED Light: This allows you to enable or disable all LEDs on the AP. This is helpful if users does not want to LEDs of AP interfering their vision at night.

• LED Blinking: Click light bulb icon. LEDs on the AP will blink for 10 seconds. This helps the installer to find and identify a AP.

Click Manage > Switches to access this screen and double-click the organization/hierarchy view/network on the tree to change the scope.

The Switch List page lists all switches within your organization/hierarchy view/network, and allows you to choose each switch to view the port status, VLAN , STP and PoE.

The following describes the functions in this screen:

Move to: Select one or multiple switches and click to move the switches to another hierarchy view/network.

Remove From Networks: Select one or multiple switches and click to remove the switches from the current organization/hierarchy view/network.

Add From Inventory: Click this button to add switches from your existing inventory.

Detail: Click to display the individual switch details.

For each Gateway, EnGenius Cloud collects and aggregates lots of data reported by the Gateway periodically. Sophisticated graphs and tables are available on the gateway detail page to ease the monitoring and tracking of a gateway. To get all the details, on the Gateway page, hover your mouse cursor on the row of Gateway you are interested in. A Detail button is shown click on it to get into the Gateway detail page.

WAN

This will display the WAN Info that you configured in the Configure > Gateway > Interface > WAN

WAN Info

• Interface: Display WAN1 or WAN2

• Name: The name of WAN1 or WAN2

• Connection: DHCP, PPPoE, or Static

• Public IP: This is the Internet public IP address of the WAN interface seen by the EnGenius Cloud. If there is an upstream NAT device, then this is the public IP address of the NAT device. If the gateway WAN interface is directly connected to the Internet, then this is the native IP address of the WAN interface.

• WAN IP: The native IP address of the WAN interface. If the WAN interface is directly connected to the Internet, then this IP address is the same as the Public IP. If the WAN interface is connected to an upstream NAT device, then this IP address is usually a private IP address.

• Gateway: the Gateway IP address of the WAN interface which is used as the next-hop gateway for Internet access through this WAN interface.

Latency

This graph shows the Latency between the EnGenius Security Gateway and Google Public DNS in a day/week/month view. Hover and click Day/Week/Month to see the latency graph view by Day/Week/Month.

LAN

The LAN tab displays the following information.

• LAN Interface: the name of the LAN Interface

• Subnet: the subnet IP address of the LAN Interface of the gateway

• Used: the number of leased DHCP IP addresses of the gateway DHCP server for this LAN interface

• Free: the number of remaining leasable DHCP IP addresses of the gateway DHCP server for this LAN interface

DHCP Lease

The DHCP Lease tab shows the current DHCP leasing status of the gateway. The following information is displayed.

• Client: the name of the DHCP client

• MAC: the MAC address of the DHCP client

• IP: the DHCP IP address of the DHCP client

• LAN Interface: the LAN interface that the DHCP client was connected to

• Expires in: the expiration time of the leased DHCP IP address

The following clients will not appear in the DHCP leases table:

• Clients with statically assigned addresses

• Clients with fixed DHCP assignments

• Clients receiving an address from another DHCP server

• Clients that have not successfully received an address from the EnGenius Gateway

• Clients connected over the client VPN

A hierarchy view is a group of networks and/or nested hierarchy views. It follows a tree-like structure much like folders on your computer's operating system.

Adding a hierarchy view

You can create hierarchy views for a new organization or an existing organization, or even within an existing hierarchy view. Click Menu > Choose organization or hierarchy view > Add hierarchy view

Edit hierarchy views

1. You can edit the name of a hierarchy view name by clicking Menu > Choose hierarchy view > Edit

2. Change the Hierarchy View name and click Apply.

Delete Hierarchy View

You can delete hierarchy views by clicking Menu > Choose hierarchy view and then clicking on the garbage icon.

Move Network under Hierarchy View

After created Networks and associate devices, if the HV is changed, say, the Network originally belongs to North Region, and now become North-East Region, users have to change the HV and would like to move the Network under North-Region to North-East-Region. This allows users to "drag & drop" any Network to new HV under same Organization.

This allows you to run the diagnostic tests that can help the Network administrator to troubleshoot.

Under switch detail page > you can easily see the “Diag Tools” icon

Under Manage > Switches > Diag

So the Full-screen tools are displayed, So you can use them.

Activity

Overall port status view - It’s a good way to let users see all ports throughput at a glance

The bar indicates the throughput of the port and the color of the bar indicates the speed of the port.

CRC error

This is an important indication to see if anything is wrong with the transmission including the cable issues. The red square indicates there are CRC errors found. Users can mouse over to the port and see more details of throughput and CRC error count.

Clients list (FDB)

This is the real-time client list of the Switch or the content of the forwarding table. Users can refresh the table by clicking the refresh button

Cable Diag

Cable diag helps to check the Cable status of selected ports. (It can be multiple selections) and will show the possible distance of breaking points.

ARP Table

In order to send packets on LAN, network devices need to know the IP and MAC address of the hosts they intend to communicate with. Address Resolution Protocol provides the mechanism to determine the MAC address associated with an IP address. These IP to MAC bindings are stored in each switch's ARP cache.

Packet Capture

The packet capture utility can be used to observe live network traffic passed by EnGenius Switches. Since captures provide a live snapshot of traffic on the network, they can be immensely helpful in diagnosing and troubleshooting network issues. This article outlines how to remotely take a packet capture in Diag tools.

How to use it

1. Choose ports to capture packets > input Duration in sec > click on “Capture”, then the Switch will collect the packets and download them with the .pcap file

2. Download Wireshark or other packet analysis tools to open up the .pcap file

Manually Configuring VLANs individually

you can access this page through Configure > Switches > Detail > VLAN

Using the VLAN tab, you can manually configure VLANs on the switch. Click Add to add another VLAN.

enter the VLAN ID and VLAN name of the switch.

Click the edit button to have the Port Assignment.

You can click the Tagged field or Untagged field to assign the tagged / Untagged port.

The (T) indicates the ports that will have Tagged data.

The (U) indicates the ports that will have data Untagged

If you used to input manually. You can click the pencil icon to input the port numbers.

Remember to click Apply to finalize the settings

Configure multiple VLANs at a time using a JSON file

For Apartments or other network environments, a network administrator might need to create VLANs for each unit, so needs to create hundreds of VLANs for the whole network switches. This will help the network admin to configure VLAN at a time instead of creating the VLAN one by one in each switch.

VLAN Export

This will export the current VLAN JSON file of the switch and allows you to edit locally.

VLAN Import

You can manually set up multiple VLANs for a specific switch by importing a JSON file.

Click the example hyperlink to download the JSON file

and then adjust the VLAN settings locally

then click JSON file upload to import your custom JSON file.

So you can import VLAN settings at a time instead use the current Web GUI to edit them one by one. Please notice that It will override your VLAN settings if you ever create the VLAN manually.

After a single configuration, you can go to another Switch VLAN setting page to import the same text file, so to save time to go over the creation.

ECW120

ECW115

ECW160

ECW215

ECW220

ECW220S

ECW230

ECW230S

ECW260

ECW270

ECW336

From the Switches page, you can click Details on the web interface to display detailed information about a switch.

Summary

PoE reset from the Switch Panel : User can mouse-over to the PoE port of the switch port panel and power-cycle the port, so the device attached to the port will be rebooted

Total PoE Usage: This bar graph displays the consumed, remaining, and total wattage utilized by Power over Ethernet.

Total PoE Utilization by Port: Displays the current PoE utilization by each port, in watts.

System Setting

The System Settings section allows you to configure all primary networking options for your switch.

Spanning Tree Protocol

A Spanning Tree Protocol is a Layer 2 protocol that prevents loops in a network with redundant paths created by multiple switches. We recommend using this feature if your environment incorporates multiple switches.

Procedure

1. Enable the STP option

2. Select a Protocol

3. Select a Bridge Priority value

4. Click Apply

LLDP

The Link Layer Discovery Protocol (LLDP) is a Layer 2, vendor-neutral protocol that allows network devices to advertise capabilities, identity, and other information. This data can potentially be queried by SNMP.

Procedure

1. Enable the LLDP option

2. Click Apply

Voice VLAN

The Voice VLAN feature configures switches to automatically allow and prioritize voice traffic over a designated VLAN. This keeps voice traffic separate and prioritized over other traffic types.

Mode: Allows you to define the Voice VLAN mode.

• Auto: Automatically advertises the Voice VLAN to connected devices via the LLDP-MED protocol.

• OUIs: Determines whether a received packet is a voice packet by checking its source MAC address.

Switch Voice VLAN: Allows you to choose what VLAN is used for Voice VLAN. You can set up VLANs in Port Settings.

QoS Priority: Lets you define whether the switch will use the Quality of Service CoS value of the incoming packet, or tag the packet with a CoS value between 1-7.

OUIs: VoIP traffic has a pre-configured Organizationally Unique Identifier (OUI) prefix in the source MAC address. You can manually add a specific manufacturer's MAC address and description to the OUI table. All traffic received on the Voice VLAN ports from the specific IP phone with a listed OUI is forwarded on the voice VLAN.

QoS

Quality of service (QoS) allows operators to prioritize application traffic to ensure that latency-affected data, such as VoIP and video conferencing, is uninterrupted during periods of network congestion. Switches implement this by reading tagged packets and prioritizing them accordingly. Packets are classified using Class of Service (CoS) on the data link layer, and Differentiated Services Code Points (DSCP) on the network layer, mapped to a queue, then sent out accordingly as per QoS.

Trust Mode: Allows you to define whether the switch will use CoS, DSCP, or both trust modes for QoS.

Scheduling Method: Allows you to define what method the switch will use when assessing transmitting incoming packets in queues. Strict priority always prioritizes queues with a higher priority, while Weighted Round Robin (WRR) weights each queue by priority, then applies a round-robin policy when choosing packets for transmission. The queues are weighted as follows:

Queue Mapping: Tagged packets are sent to queues defined in this setting. For each CoS or DSCP value, you can choose the queue to which tagged packets are mapped.

IGMP

IGMP Snooping is used for controlling multicast traffic. It listens to IGMP messages being processed by the switch and prevents these messages from being sent to hosts not part of the respective multicast.

Version: The available IGMP Snooping versions are v2 and v3. You can select either/or in the Version dropdown.

VLANS: You can enable IGMP Snooping for any VLAN by selecting the corresponding checkbox next to the VLAN ID.

Jumbo Frame

Ethernet has used the 1500 byte frame size since its inception. Jumbo frames are network layer PDUs that have a size much larger than the typical 1500 byte Ethernet Maximum Transmission Unit (MTU) size. Jumbo frames extend Ethernet to 9000 bytes, making them large enough to carry an 8 KB application datagram plus packet header overhead. If you intend to leave the local area network at high speeds, the dynamics of TCP will require you to use large frame sizes.

The switch supports a jumbo frame size of up to 9216 bytes. Jumbo frames need to be configured to work on the ingress and egress port of each device along the end-to-end transmission path. Furthermore, all devices in the network must also be consistent on the maximum jumbo frame size, so it is important to do a thorough investigation of all your devices in the communication paths to validate their settings.

Jumbo Frame : Enter the size of a jumbo frame. The range is from 1522 to 9216 bytes.

Port Settings

Selecting one or more ports and clicking Configure will display the following settings:

Enabled: Allows you to enable or disable the connection for this port.

Label: Allows you to add a descriptor for this port.

Speed/Duplex: Allows you to define the following speed/duplex communication settings for this port:

• Auto: Speed/Duplex will auto-negotiate based on the connected node.

• 1Gbps / Full Duplex

• 100 Mbps / Full Duplex

• 100 Mbps / Half Duplex

• 10 Mbps / Full Duplex

• 10 Mbps / Half Duplex

Power over Ethernet (PoE): Allows you to power a connected device through an Ethernet cable using your switch.

VLANs: Allows you to group devices to create a partitioned network on the same LAN.

Forward Ports: By configuring the forward ports, ports can be separated into different groups where traffic between different group are blocked.

Rate Limit: Allows you to limit the amount of incoming and outgoing traffic in Mbps.

Flow Control: Enabling this will have the switch regulate traffic during times of congestion.

QoS: If QoS is enabled in Switch Settings, you can configure additional settings per port.

• CoS Value: All incoming packets that lack a CoS value will use the one set in this dropdown.

• Trust CoS: If checked, the switch will queue packets tagged with CoS into their designated queues. If unchecked, all packets will leave the same queue.

VLAN Trunking: This allows the specific ports to receive/forward VLAN without adding this port to the member port of a specific VLAN. please notice that VLAN trunking will override the current VLAN port member setting except management VLAN.

Override System setting on the Switch Network-wide setting

System setting is followed by Switch setting from the Configure > Switch settings as default settings. If you want individual AP System settings to be different from the Switch Network- wide setting , you can click below part in the screen to override the setting .

This allows you to run the diagnostic tests that can help the Network administrator to troubleshoot.

Under AP detail page > you can easily see the “Diag Tools” icon

Under Manage > Access Points > Diag

So the Full-screen tools are displayed, So you can use them.

• Diag Tools are all “real-time”

• AP diagnostic tools includes (1) Activity: CPU/Memory/Throughput/Channel Utilization(2) Speed test / Ping (3) traceroute (4) All channel utilization (5) Live Clients + (6) Spectrum Analyzer

• Except Spectrum Analyzer is for “S” models only, (1)-(5) are all available for all models

• Activity: The info is as now and we add “non-WiFi” channel utilization % to let users know how much of the total channel utilization rate is from non-WiFi, so users can know if the interfering is from other AP or the environment of the channel is dirty and got high white noise.

• For the Speed test, users can choose one from the “Test Server” list (detected by AP) and do a speed test, so when users have an issue on “slow connectivity” issue, the admin can check if it’s due to “Slow uplink” of AP or due to dirty WiFi between client and AP.

• Ping: We put 3 default servers for users to check the latency change. User can also define their own server for the ping test.

• Traceroute: By default, we set the destination site to Google for the traceroute, and max hop is set to 8, which can be changed by the user. Traceroute allows user to know “the path” from the AP to the destination and will list every router/gateway (hop) and its latency, so if the destination is unreachable, then there must be some setting issue on router/gateway; and from the latency of each hop, the user will know the “slow uplink” is caused by which router/gateway. When the latency is over 10ms, the color will change to yellow, and if > 40ms, the color will change to red.

• All channel utilization: This is a useful tool that user can easily see how dirty each channel is at a glance, and decide if he wants to change the channel of the AP manually. “Green” is “WiFi” traffic and “Orange” is “non-WiFi” interfering. By mouse-over, you can see the details of how much the % of WiFi and non-WiFi.

• For the spectrum analysis tool (spectrogram or waterfall graph), we provide a rolling timeline view of signal strengths measured. The upper part shows the signal strength (RSSI) detected and the color indicates how many sources have been detected. The Lower part is the timeline view to let users know that, for example, channel 8 is dirtier than others, which might not be able to show from glance view of all channel utilization at the time, because the interfering source might not emit continuously but in high frequency.

In the Live clients, you can monitor the clients that are connected to specific AP. You can use it when the AP feature plan is PRO.

There’s a lot that EnGenius Cloud can do to customize a network to meet your specific needs. We’ll walk you through the most common settings here.

EnGenius Cloud AP can leverage Microsoft Azure AD to provide a highly secure authentication process for WPA2/WPA3-Enterprise or Captive Portal. The benefit of using Azure AD is that users may integrate WPA2/WPA3-Enterprise or Captive Portal with Azure AD to identify the specified domain/credentials quickly and account Emails for authentication management.

There are two ways to enable Azure AD to authenticate wireless users with EnGenius Cloud.

• Enable Security Type WPA2/WPA3-Enterprise with Azure AD.

• Enable Captive Portal for user authentication with Azure AD.

WPA2/WPA3-Enterprise with Azure AD

To get started:

• Go to Configure > SSID and select a specific SSID name from the list

• From the Wireless tab, select WPA2 /3 Enterprise for Security Type

• Select Azure AD for user authentication

• Enter the configuration (Host, Port, Account, and Password) for the Azure AD.

Host: IP address or domain name of your Azure AD

Port: Azure AD listening port

Username: Azure admin account (admin@example.com )

Password: Azure admin password

Base DN: dc=example,dc=com (Corresponding to the domain service, such as example.com)

• Click the Apply button to save SSID configurations.

Captive Portal Authentication with Azure AD

To get started:

• Go to Configure > SSID and select a specific SSID name from the list.

• Enable Captive Portal from the Captive Portal tab.

• Select Azure AD for Authentication Type

• Enter the configuration (Host, Port, Account, and Password) for the Azure AD.

Host: IP address or domain name of your Azure AD

Port: Azure AD listening port

Username: Azure admin account (admin@example.com )

Password: Azure admin password

Base DN: dc=example,dc=com (Corresponding to the domain service, such as example.com)

• Click the Apply button to save SSID configurations.

Note: Authentication with Active Directory is a feature in Pro Plan, and it requires a PRO license to enable it.

If Outlet AutoReboot is Enabled, PDU will perform a power cycle for outlets that are ON when communication with the assigned Website/IP Address is lost.

You can access this page from Manage > PDUs > Detail > AutoReboot

Configuring the Outlet Reboot

To configure the outlet reboot, complete the following steps:

1. Select the outlet from the list and click Edit.

1. Enable the AutoReboot function.

2. Specify the condition that prompts an auto reboot and enter the host details.

1. Click OK and then click Apply.

Outlet Timeout settings

This allows you to configure the Autoreboot timeout settings.

• AutoReboot Ping interval: the time period that will ping to the connected devices.

• AutoReboot Delay time: Sets the amount of time before AutoReboot resumes pinging once an auto reboot has been performed.

• AutoReboot Attempts: Amount of Auto Reboots to attempt when communication with a Website/IP Address is lost.

Port Mirroring allows you to copy packets on one or more ports to a mirroring destination port. You can attach a monitoring device to the mirroring destination port to view details about the packets passing through the copied ports. This is useful for network monitoring and troubleshooting purposes. The feature is available is at Manage > Switch < Details > Mirror

The following describe the labels on this screen :

Session id : A number identifying the mirror session. Switch supports up to 3 mirror sessions.

Session State : Select whether to enable or disable port mirroring.

Destination Port : The port which all mirrored data is sent to .

Ingress : indicates that only data being received will be mirrored.

Egress : indicates that only data being sent will be mirrored

How to configure

1. Click the edit icon towards the right .

2. Enable the Session state.

3. Select the Destination port

4. Select the Ingress and Egress port

5. Click Apply

Port state

There are four types of port that you configured .

This allows you to view and configure outlet schedules that can be applied to the outlets. Below screens display the existing schedules visually. Click Manage > PDUs > detail > Schedule to access this screen

Edit Outlet Scheduling

1. Select the outlets to be set for the outlet scheduling then click Edit

2. Enable scheduling and customize the outlet on or Off by dragging the bar. This behavior is the same when you configure the SSID/ PoE scheduling.

• Available: the outlet will be powered on according to the scheduled criteria.

• Unavailable: the outlet will be powered off according to the scheduled criteria.

3. If you want to do the outlet reset, click outlet reset and then drag the icon to the specific time.

• Outlet reset: Specify when to temporarily disable and enable the outlet when the outlet's availability is set to Available.

4. Click Apply.

Outlet Schedule can be configured up to three timeslots in a day

Provide a more flexible schedule configuration, allowing users to adjust the specific days of the week for each outlet according to environmental needs to set up to three available time slots.

How to do it:

1. Navigate to MANAGE > PDUs > Schedule to select the specific outlet and then click the Edit Button.

2. Use the parameters of the "Time Slider" to adjust the availability of time slots for each day.

Available firmware: PDU firmware v1.0.5 or later version.

Link aggregation groups multiple ports together in parallel to act as a single logical link. Aggregation-enabled devices treat all physical links (ports) in an aggregation group entirely as a single logical link (port). Member ports in an aggregation group share egress/ingress traffic load, delivering a bandwidth that is multiple of a single physical link. The feature is available is at Manage > Switch < Details > Link Aggregation

How to Configure

To Configure trunk , you must select aggregation type . Select from the following options:

• LACP: LACP is a dynamic protocol which helps to automate the configuration and maintenance of LAG’s. The main purpose of LACP is to automatically configure individual links to an aggregate bundle, while adding new links and helping to recover from link failures if the need arises. LACP can monitor to verify if all the links are connected to the authorized group. LACP is a standard in computer networking, hence LACP should be enabled on the Switch's trunk ports initially in order for both the participating Switches/devices that support the standard to use it.

• Static: Static configuration is used when connecting to a switch that doesn't support LACP.

• Disable : Disable the trunk that you configured previously.

Then select the Member Ports to add into the trunk group. There are two ways to select the ports

1. Click on the port picker to select multiple ports.

2. Click Pencil icon to input port numbers

After you complete the trunk settings , remember to click Apply to take effect .

PDLG is a function that will automatically reboot PD devices when PoE switch found it was not responding. Which minimizes the downtime of network services and reduces admin effort via automatic processes.

• In PDLG force ping mode, user have to set PD device IP manually. By keep pinging PDs, switch knows if PD is still alive or has to be rebooted.

• PDLG also support auto mode which allows switch collecting PD information/status through LLDP preventing any PD IP changes under DHCP environment.

• By fine tuning the reboot profiles, PDLG can correctly detects/reboot various PDs since every PD devices may have different response or bootup time.

ACLG is one of the option in PDLG auto mode. By enable ACLG, switch also considers Onvif discovery result to verify if the connected PD is surveillance device or not. Once switch make sure it is a surveillance device, it applies a ACLG reboot profile to corresponding port automatically.

• Specified IP: Setting specified IP on a specific port.

• Ping Interval: Setting ping IP interval on a specific port.

• Ping Max Count: Setting ping max count on a specific port.

• Power Recovery Interval: The waiting time between power off and power on a specific port.

• PD BootUp Time: Setting Powered Device boot-up time on a specific port.

• Reboot Max retry count : Setting the max number of reboot

• LLDP/ACLG Expiry pending time: Settings the corresponding LLDP expiry pending time.

The default value of PDLG ＆ ACLG is from the network wide profile settings

You can click lock icon to override the settings

When the actual Amp/Voltage exceeds the configured Voltage/Amp safe range, Cloud will log the events.

You can access this page from Manage > PDUs > Detail > Alerts

Overall Voltage Safe Range

You can drag the bar to adjust the safe range and enable to logging the event that exceeds the configured voltage safe range.

Outlet Amp Safe Range

You can drag the bar to adjust the amp safe range and enable to logging the event that exceeds the configured Amp safe range.

The LCD panel on the front of the PDU allows you to quickly access information about the PDU and its outlets. When you power on the PDU for the first time, the EnGenius logo will appear, followed by a QR code. You can scan the QR code to access the PDU quick start guide.

To access the Home page, long press the bottom of the control buttons beside the LCD panel. The Home page shows the current PDU usage, including the usage percentage, wattage, electric current, and voltage. The usage percentage is divided into four levels to indicate the overall power consumption status:

• Green: Low usage.

• Orange: Moderate high usage.

• Red: High usage.

• Dark red: Critical usage.

You can check the usage of each outlet by pressing the upper control button. Pressing the upper control button again will show the usage of the next outlet. The following screenshot shows the Outlet 6 details of an EnGenius switch (the model name is ECS1008P) that is plugged into the PDU.

The next time you power on the LCD panel, the Home page will be displayed automatically.

Using the LCD Panel

See below for how to use the LCD panel.

Understanding the Different Icons

See below for the different icon definitions.

Navigating the Menu

To access the Menu, complete the following steps:

1. Go to the Home page.

2. Press the lower control button.

To navigate through the options, use the upper control button, which functions as the Next button. To view the details of a selected topic, use the lower control button as the Enter button. In some cases, you may need to drill down further to view more specific details.

Full Menu List

The following shows the available options displayed on the Menu.

Outlets

Displays the following information when an Outlet is selected.

Press Menu > Outlets > (Select an outlet).

• Peak Data: Recorded the highest current and power usage over a specific time interval.

• Data Interval: Frequency at which the PDU collects and reports power/current usage information. This information is used to create the line charts in Peak Data.

• Enable: Enables the outlet, so outlet is able to provide power to the connected device.

• Disable: Disables the outlet, so the outlet will be powered off.

• Reset: This will temporarily disable and enable the outlets.

Schedule

Displays the power on / power off/ reset time on the schedule for each outlet.

Press Menu > Schedule

Alert

Displays the alert message for each outlet.

Press Menu > Alert

Information

Displays the PDU details, which include the IP address, MAC address, software version, and time zone.

Press Menu > Information

Display Settings

Displays the following configurable display settings:

Press Menu > Display Settings

• Orientation: Configures the content on the screen to be presented in a horizontal or vertical orientation.

• Theme: Choose between a dark or light theme for the content display.

• Screen saver: the idle time that the LCD will turn off.

QR Code

Displays the QR code to view the PDU quick start guide or product web page.

Press Menu > QR Code

Reboot

Reboots the PDU. The outlets still provide power during a PDU reboot.

Press Menu > Reboot

Factory Reset

The PDU will be restored to its default settings, and all the data will be deleted. The power supply will be temporarily interrupted until the reset process is completed.

Press Menu > Factory Reset

The Summary page displays the outlet information and configuration of the PDU(s) that are under the management of the EnGenius Cloud.

You can access this page from Manage > PDU > Details > Summary

Outlet Panel

• Power on: this means the outlet is enabled but not connected to any device.

• Powered off: this means the outlet is disabled and not able to provide power to the connected device.

• Powered: this means the outlet is providing power to the connected device.

Viewing the Outlet Power/Current History

Click the outlet icon to view the outlet power and current usage history or reset the individual outlet.

The graph can be displayed based on different time intervals such as days, weeks, or months. Reset is only available when the outlet is enabled and never power off is disabled.

Editing the Outlet Details

• Name: Specify the outlet name.

• Enabled: If you enabled the outlets, this means enabling full control of the outlets. Disabling the outlet means this outlet will be shut down and is not able to provide power to the connected device.

• Never Power Off: The Outlet is always providing power. This function prevents users from accidentally powering off the outlet, which could cause the connected device to shut down suddenly. When enabled, the following happens:

  • The ability to power the outlet on or off via a time schedule is disabled.

  • The ability to power off the outlet from the LCD on the PDU is disabled.

  • The scheduled outlet reset function is disabled.

  • Rebooting the outlet will not stop it from providing power.

  • Pressing the power button on the PDU will not stop it from providing power.

  • Resetting the outlet from the LCD on the PDU will not stop it from providing power.

  • The autoreboot function will not work.

  • The hardware reset button is the sole method to disable the "never power off" function and deactivate the outlet. To perform a factory reset, press the button for 15 seconds.

• Current: The measured electric current flowing through the device that is connected to the outlet. A current of zero amps means that there is no device connected to the outlet.

• Consumed Power: Power consumption of the device that is connected to the outlet.

• Power On Delay: Delays the outlet enabled time after the outlet has been powered on.

• Power Off Delay: Delays the outlet disabled time after the outlet has been powered off.

• Connected Device: the type of device connected to the outlet, which could be an EnGenius or non-EnGenius device. If an EnGenius device is connected, you can specify its model by clicking the chain icon and selecting the model name from the list.

Schedule: This will display what the outlet going to do according to the outlet scheduling.

Reset outlets: This will temporarily power off and power on the enabled outlet(s) that never power off is disabled.

IP Addressing

Configures the following IP address settings:

• IP Assignment: There are two IP assignments to choose from:

  • DHCP: Auto assigns the IP addresses if there is a DHCP server in the network.

  • Static: Manually assigns an IP address. The following fields need to be filled in:

    • IPV4 Address: PDU IP address.

    • Subnet Mask: PDU subnet mask.

    • Gateway: PDU default gateway.

    • DNS Server 1: Primary DNS server name.

    • DNS Server 2: Secondary DNS server name.

This allows you to run the diagnostic tests that can help the Network administrator to troubleshoot.

Under the PDU detail page > you can easily see the “Diag Tools” icon

or Under Manage > PDUs > Diag

Click it and then the Full-screen tools are displayed, So you can use them.

• Diag Tools are all “real-time”

• PDU diagnostic tools include (1) Activity: CPU/Memory/Power/Current (2) Ping (3) Traceroute

• Ping: We put 3 default servers for users to check the latency change. User can also define their own server for the ping test.

• Traceroute: By default, we set the destination site to Google for the traceroute, and max hop is set to 8, which can be changed by the user. Traceroute allows users to know “the path” from the PDU to the destination and will list every router/gateway (hop) and its latency, so if the destination is unreachable, then there must be some setting issue on the router/gateway; and from the latency of each hop, the user will know the “slow uplink” is caused by which router/gateway. When the latency is over 10ms, the color will change to yellow, and if > 40ms, the color will change to red. These color variations help you quickly identify potential performance issues in the network path. To conduct a trace, click the Trace icon.

The Client Timeline is a great feature that aggregates and analyzes activities of a specific wireless client to provide an intuitive and historical view. With Client Timeline, user can easily know how clients associate, authenticate, and roam among Access Points. It is extremely useful when you need to debug or trace your wireless network. The feature is available at Manage > Client > Client name.

Client States

The EnGenius Cloud AI system categorizes client activities into five different states:

Client was connecting to an AP. Client was roaming and connecting to another AP. Client changed to associate with different radio or SSID of the same AP. Client failed to authenticate with an SSID. Client was denied because of it is in block list.

The states are displayed at the left hand side of timeline. User can easily see how a client transited its states among APs.

Radio Color Conventions

The drawing and content of client timeline follows the color conventions as below:

• Green: represent a 5G session.

• Blue: represent a 2.4G session.

Transition Details

The communication between wireless client and AP could be very complicated. Different clients with different wifi chips and wireless drivers can behave very differently while communicating with the same AP. The intelligent engine behind Client Timeline is capable of analyzing communication packets effectively and performs clean and human readable transition details for the user.

User can click on the event summary inside a connection session to expand the sequence of transition details:

Table below displays client leave patterns when client leaves each connection session.

Network topology is a powerful tool to provide administrators a graphic overview of the logical network topology and the status of EnGenius devices.

Use this screen to view the topology of the Org/Network. Click Manage > Topology to access this screen and double-click the organization/hierarchy view/network on the tree to change the scope.

Learn which physical links in your network are most heavily-trafficked; simply hover over individual network links and devices to learn statistics about that connection’s negotiated speed, usage, and a number of directly connected clients using it in the past 5 minutes.

The following describes the functions on this screen:

Show label: Click to display or hide the device name & HW status on each device.

HW status: Click to display or hide the POE utilization on each switch.

Redundant: Click to display or hide the redundant link .

Other Devices: Click to display the third party devices as well as EWS series devices. This requires switch PRO license and switch feature plan to PRO on switches.

Export : Click to download topology as PDF format .

Floor plans allow you to simulate the heatmap. This article will discuss how to upload custom floor plans, pin them on the map, and place devices within these floor plans.

Uploading Floor Plans

Before uploading floor plans, a building must be created to contain them (see Managing Devices > Device Map Location in the user manual).

To upload a custom floor plan/map:

1. Navigate to Manage > Map & Floor plans.

2. Click Building and click Add.

3. Enter a name and then click Create.

4. Find the building you have just created in the building list and click the picture icon.

5. Enter a name and upload the floor plan, then click Apply.

Deleting a Floor Plan

If you no longer use a floor plan that you previously imported, you can delete it.

Follow these steps to delete a floor plan:

1. Find the building you created in the building list.

2. When the floor plan appears, hover over it and click Delete.

Virtual AP

Virtual AP” is now available for users to add virtual AP together with “physical AP”, so users can simulate the heat map if he adds more AP to increase the coverage

Add Virtual AP and choose units of models to add

The Tool icon for users to modify the tx power and channel for heat map simulation

Drag the physical AP to Virtual AP (model needs to be the same) then physical AP could use the Virtual AP configuration.

Polyline in Obstacle

When drawing the walls, users used to draw the line one by one by click “start” and “end” for straight lines, now with the “Polyline” option available, users can simply click on the turning point to draw lines quicker.

This screen allows you to locate a device on the world map to show the relationship between the space and EnGenius Devices. Maps provide a visualization for buildings and access points.

Create Buildings

A building means a group of floor plans. You can create a new building with the + button.

After you create a building, you can drag it to the map. Single-click on the building icon and a hyperlink will appear to allow you to edit floor plans.

How to Place Access Points or Buildings on the Map

1. Click access point list or buildings list.

2. Enter the street address in the address field.

3. Drag the access point/building onto the map.

Navigation

There are a number of ways to navigate through the map display.

Single Click: If the user single-clicks on the focus icon on the access point or building lists, it will auto-locate the same item in the map.

Double Click: If the user double-clicks on the building icon in the access point list, the UI will auto-navigate to the floor plans of that building.

Wireless Clients

EnGenius Cloud provides management views that collect information about connected clients in your organization/hierarchy view/network.

Click Manage -> Clients to access this screen and double-click the organization/hierarchy view/network on the tree to change the scope.

Filtering the Clients List

The list of clients can be customized based on time intervals, and the chart can be customized based on time intervals and SSIDs. To change these parameters, use the appropriate dropdown menu at the top of the screen.

Searching for Clients

You can search for a client in the current client list by using the search. You can search by any parameter included in the search options, and it will attempt to match your query across all fields. You can also specify multiple parameters by clicking on the icon in the search box, as seen below:

Block Clients

This allows you to block clients on the current SSID that clients connected.

Once you want to unblock clients, please go to Configure > SSID > Access control to delete the Mac Address from the Block list.

VIP Clients

This allows you to make clients VIP on the current SSID or on Network-wide that clients are connected.

Once you want to delete clients from the VIP list, please go to Configure > Access control to delete the Mac Address from the VIP list.

Kick Clients

If you don't want to block clients permanently, you could just kick them so that they can connect again if they want to.

Wired Client

This will display the clients that are directly connected to the downlink port on switches.

Gateway Clients

This will display clients that are assigned by the Gateway DHCP server.

You can also see this information regarding the client:

• MAC Address - The MAC address of the client device in the packets sent from the device.

• IP - Assigned IP address of the client device.

• Hostname - Host Name of the client device.

• OS - Operating System that the device is Running.

VPN Clients

After configuring the client VPN and users are starting to connect, it may be useful to see how many and which client devices are connected to your network. To see connected client VPN devices, navigate to Manage > Clients > VPN Client

You can also see this information regarding the client:

• Name: the name of the VPN client.

• VPN IP: the IP of the VPN client.

• Remote IP: the external IP of the VPN client.

For network security, the hotels often set up the room network as a Guest Network with L2 isolation enabled to prevent guests from accessing each other's devices. Under the Guest Network, the guests will be blocked from casting multimedia of mobile devices onto the room TV, which causes inconvenience and a poor stay experience for the guests. The newly released EnGenius SmartCasting feature provides smooth, fast setup and streaming on Guest Networks for media sticks, game consoles, and other devices for an exceptional, personalized entertainment experience. This Intelligent feature of EnGenius Cloud is different from the simple technology of simply casting to a Chromecast and AppleTV.

How SmartCasting Works

1. Create the SmartCasting SSID in EnGenius Cloud, and the SmartCasting SSID will have all casting devices under this SSID and allow them to cast to the device.

2. The SSID of SmartCasting can be accessed with a predefined URL, and this URL will be available for guests via a QR code.

3. By scanning the QR code, the hotel guests will be able to quickly cast the media on mobile devices to the room TV screen.

Access and Enable SmartCasting

1. Go to CONFIGURE>SSID.

2. Create a new SSID for casting devices > choose the SSID type to “SmartCast” > Add casting devices

3. Connect all casting devices to the SSID. 4. Auto or manually add casting devices.

• Auto： Connect your casting devices to the SSID first > The Auto mode will scan the casting devices connecting to the SSID.

• Manual： Manually add the casting devices by their MAC address.

1. Download the “QR code” of each casting device and insert it into the backdrop of the casting device for guests to scan the code showing on the TV or print the QR code out and place it in each room.

Display for Smart Casting on SSID lists

The TV icon will display near the SSID name, which means this SSID has enabled SmartCasting.

Bandwidth Limit

Bandwidth Limitation ensures that users do not consume more bandwidth than they should. We integrated bandwidth Limitation that enforces upload and download limits. Bandwidth Limitation can be applied per SSID or per user or both. When both SSID and Per Client bandwidth limit are set, that means when the total sum of client bandwidth is less than SSID bandwidth limit, per client can have a maximum of “per client bandwidth limit”. If the total sum is over the SSID limit, then all users will share the upper limit of SSID bandwidth.

Use this screen to configure maximum bandwidth.

Click Configure > SSID > Bandwidth Limit to access this screen.

Download Limit

Set the maximum download stream limit for traffic from the SSID or Per user .

Upload Limit

Set the maximum upload stream limit for traffic from the SSID or Per user .

Security Type

Click Configure > SSID > Click one of SSID > Wireless to access this screen.

​ The following describes the authentication types on this screen:

• Open: Allows any client to associate with this network without any data encryption or authentication.

• WPA2 PSK: Enter a pre-shared key of 8-64 case-sensitive characters to enable WPA2-PSK data encryption.

• WPA2 Enterprise: Select Custom Radius to use an external Radius server or select the EnGenius Cloud Radius to use the EnGenius Cloud for 802.1X authentication.

• OWE: When using hotspots in public, users are given better protection through the Wi-Fi Enhanced Open that provides unauthenticated encryption.

• WPA3 Personal (SAE): This type features easier password selection for users to easily remember. It also feats a higher level of security wherein data stored and data traffic in the network will not be compromised even if the password was hacked and data was already transmitted. The upgrade also enabled the Simultaneous Authentication of Equals (SAE) which replaced the Pre-shared Keys (PSK) in WPA2-Personal.

• WPA3/WPA2 Personal mixed: WPA2/WPA3 mixed mode allows for the coexistence of WPA2 and WPA3 clients on a common SSID. The passphrase for both WPA2 and WPA3 clients remains the same, the AP just advertises the different encryption cyphers available to be selected for use by the client. Clients choose which cypher to use for the wireless connection.

• WPA3 Enterprise: This type was mainly built for tighter and consistent application of security protocols across networks of governments, establishments, enterprises, and financial institutions. Offering optional 192-bit minimum security, the WPA3 will make cryptographic tools better. Hence, better protection for sensitive data.

WiFi Access QR code

This QR code allows you to use your mobile device to connect to the specific SSID.

A captive portal can intercept network traffic until a user authenticates his/her connection, usually through a specifically designated login page.

Click Configure > SSID > Captive Portal to access this screen.

Authentication Type

• Click-through: Users must view and acknowledge your splash page before being allowed on the network.

• EnGenius Authentication: Users must enter a username and password before being allowed on the network. You could edit user settings through Configure > Cloud RADIUS User.

• Custom RADIUS: Enter the host (IP address of your RADIUS server, reachable from the access points), port (UDP port the RADIUS server listens on for access requests, 1812 by default), and secret (RADIUS client shared secret). Optionally, the Accounting Server can be enabled on an SSID that's using WPA2-Enterprise with RADIUS authentication.

• Voucher Service: Edit the access plan for guests for the front desk manager.

Redirect URL

Configure the URL to which users will be redirected after successful login.

Redirect to the original URL: Select this option to cache the initial website from the client during the authentication process and then forward it to the originally targeted web server after the user successfully authenticates.

Redirect users to a new URL: Select this option to redirect users to a pre-designated URL after the user successfully authenticates.

Advanced Setting

Session Timeout: Specify a time limit after which users will be disconnected and required to log in again.

Idle Timeout: Specify a time limit for an idle client after which users will be disconnected and required to log in again.

Walled Garden: This option allows users to define network destinations that users can access before authenticating. For example, your company's website.

HTTPS Login: This option allows users to log in through HTTPS. When you enable it, your password is encrypted, so others could not retrieve your information.

Captive Portal supports the way to authenticate with an externally hosted LDAP server. The option is available at Configure > SSID > Captive Portal > my LDAP server

Follow the steps below to configure the LDAP service:

1. Click Add a server to add a new LDAP server.

2. Enter the IP address or domain name of your LDAP server in the Host field and the LDAP listening port in the Port field.

3. For LDAP admin, enter the distinguished name of the administrative account to bind your LDAP server, for example, cn=admin,dc=example,dc=com, and the password.

4. Click OK and then click Apply button.

Base DN and Login Attribute

Base DN: When you configure the LDAP server, you can set a Base DN. For example, If your domain name is example.com, you can use the Base DN dc=example,dc=com.

Login Attribute:

1. UID: (default ) use unique ID as the login attribute for user authentication

2. Email: use email format

3. Other text: Use user-defined string

NAT Mode

In NAT mode, the EnGenius APs run as DHCP servers to assign IP addresses to wireless clients out of a private 172.x.x.x IP address pool behind a NAT.

NAT mode should be enabled when any of the following is true:

• Wireless clients associated to the SSID only require Internet access, not access to local wired or wireless resources.

• There is no DHCP server on the LAN that can assign IP addresses to the wireless clients.

• There is a DHCP server on the LAN, but it does not have enough IP addresses to assign to wireless clients

The implications of enabling NAT mode are as follows:

1. No NAT client can be talked to the other NAT client, neither same SSID nor different SSID (client isolation enabled and block internal routing)

2. Change the IP range of CP DNS to be same as AP DNS (172.16-23.0.0/16)

Use Cases

NAT mode works well for providing a wireless guest network since it puts clients on a private wireless network with automatic addressing.

Diagram

When an SSID is configured in NAT Mode, wireless clients will point to the access point as their DNS server. The AP then acts as a DNS proxy and will forward clients' DNS queries to its configured DNS server.

Configuring Custom DNS for an SSID in NAT Mode

This allows you to set custom DNS servers for a NAT SSID, instead of using the AP's DNS server. This is typically used to forward NAT SSID clients to a DNS server with custom content filtering.

Configuration

1. Navigate to Configure > SSID, then choose one SSID to customize the DNS settings.

2. Locate the Client IP mode and choose NAT mode then click Custom DNS.

3. Enter the preferred Custom DNS IP addresses.

4. Click Apply.

Bridge Mode

In bridge mode, the APs act as bridges, allowing wireless clients to obtain their IP addresses from an upstream DHCP server.

Bridge mode should be enabled when the following is true:

• Wired and wireless clients in the network need to reach each other (e.g., a wireless laptop needs to discover the IP address of a network printer, or wired desktop needs to connect to a wireless surveillance camera).

The implications of enabling Bridge mode are as follows:

• Wired and wireless clients have IP addresses in the same subnet

User Cases

Bridge mode works well in most circumstances, particularly for Roaming. and is the simplest option to put wireless clients on the LAN.

Configuration

1. Navigate to Configure > SSID , then choose one SSID.

2. Locate the Client IP mode and choose Bridge mode then click Apply.

EoGRE

the EoGRE (Ethernet over GRE, or Layer 2 GRE tunnel ) is to build a GRE tunnel between AP and the remote site, so all traffic of the “EoGRE-enabled” SSID will go through the encrypted tunnel to the remote service center

EoGRE tunnel

When SSID’s EoGRE is enabled, all traffic of connecting clients will be tunneled by EoGRE to forward to TGW (Tunnel Gateway)

The connected client then sends a DHCP request to TGW to get an IP address

Option 82 can be enabled to provide more information for the DHCP server to assign IP accordingly.

DHCP Option 82

DHCP option 82 (also known as the DHCP relay agent information option) is used to prevent DHCP client requests from untrusted sources. The DHCP relay agent will insert more information of “circuit ID” to identify the request is from, say, which AP BSSID (radio mac), which SSID name, and which VLAN ID…, so the DHCP server can identify if the request is from an authorized source, and bases on the information to assign IP.

Circuit ID usually includes which ESSID (SSID name) and VLAN ID the client is connecting to. Remote ID usually includes which AP (AP MAC and BSSID - Radio MAC) is relaying the DHCP requests.

Users can define the fields to add to the Circuit ID and Remote ID. EnGenius Option 82 provides options as below:

• AP Ethernet MAC

• AP Radio MAC

• SSID Name

• SSID Type

• VLAN ID

Configuration

1. Navigate to Configure > SSID , then choose one SSID.

2. Locate the Client IP mode and choose Tunnel (EoGRE).