For network security, the hotels often set up the room network as a Guest Network with L2 isolation enabled to prevent guests from accessing each other's devices. Under the Guest Network, the guests will be blocked from casting multimedia of mobile devices onto the room TV, which causes inconvenience and a poor stay experience for the guests. The newly released EnGenius SmartCasting feature provides smooth, fast setup and streaming on Guest Networks for media sticks, game consoles, and other devices for an exceptional, personalized entertainment experience. This Intelligent feature of EnGenius Cloud is different from the simple technology of simply casting to a Chromecast and AppleTV.

How SmartCasting Works

1. Create the SmartCasting SSID in EnGenius Cloud, and the SmartCasting SSID will have all casting devices under this SSID and allow them to cast to the device.

2. The SSID of SmartCasting can be accessed with a predefined URL, and this URL will be available for guests via a QR code.

3. By scanning the QR code, the hotel guests will be able to quickly cast the media on mobile devices to the room TV screen.

Access and Enable SmartCasting

1. Go to CONFIGURE>SSID.

2. Create a new SSID for casting devices > choose the SSID type to “SmartCast” > Add casting devices

3. Connect all casting devices to the SSID. 4. Auto or manually add casting devices.

• Auto： Connect your casting devices to the SSID first > The Auto mode will scan the casting devices connecting to the SSID.

• Manual： Manually add the casting devices by their MAC address.

1. Download the “QR code” of each casting device and insert it into the backdrop of the casting device for guests to scan the code showing on the TV or print the QR code out and place it in each room.

Display for Smart Casting on SSID lists

The TV icon will display near the SSID name, which means this SSID has enabled SmartCasting.

Security Type

Click Configure > SSID > Click one of SSID > Wireless to access this screen.

​ The following describes the authentication types on this screen:

• Open: Allows any client to associate with this network without any data encryption or authentication.

• WPA2 PSK: Enter a pre-shared key of 8-64 case-sensitive characters to enable WPA2-PSK data encryption.

• WPA2 Enterprise: Select Custom Radius to use an external Radius server or select the EnGenius Cloud Radius to use the EnGenius Cloud for 802.1X authentication.

• OWE: When using hotspots in public, users are given better protection through the Wi-Fi Enhanced Open that provides unauthenticated encryption.

• WPA3 Personal (SAE): This type features easier password selection for users to easily remember. It also feats a higher level of security wherein data stored and data traffic in the network will not be compromised even if the password was hacked and data was already transmitted. The upgrade also enabled the Simultaneous Authentication of Equals (SAE) which replaced the Pre-shared Keys (PSK) in WPA2-Personal.

• WPA3/WPA2 Personal mixed: WPA2/WPA3 mixed mode allows for the coexistence of WPA2 and WPA3 clients on a common SSID. The passphrase for both WPA2 and WPA3 clients remains the same, the AP just advertises the different encryption cyphers available to be selected for use by the client. Clients choose which cypher to use for the wireless connection.

• WPA3 Enterprise: This type was mainly built for tighter and consistent application of security protocols across networks of governments, establishments, enterprises, and financial institutions. Offering optional 192-bit minimum security, the WPA3 will make cryptographic tools better. Hence, better protection for sensitive data.

WiFi Access QR code

This QR code allows you to use your mobile device to connect to the specific SSID.

Bandwidth Limit

Bandwidth Limitation ensures that users do not consume more bandwidth than they should. We integrated bandwidth Limitation that enforces upload and download limits. Bandwidth Limitation can be applied per SSID or per user or both. When both SSID and Per Client bandwidth limit are set, that means when the total sum of client bandwidth is less than SSID bandwidth limit, per client can have a maximum of “per client bandwidth limit”. If the total sum is over the SSID limit, then all users will share the upper limit of SSID bandwidth.

Use this screen to configure maximum bandwidth.

Click Configure > SSID > Bandwidth Limit to access this screen.

Download Limit

Set the maximum download stream limit for traffic from the SSID or Per user .

Upload Limit

Set the maximum upload stream limit for traffic from the SSID or Per user .

A captive portal can intercept network traffic until a user authenticates his/her connection, usually through a specifically designated login page.

Click Configure > SSID > Captive Portal to access this screen.

Authentication Type

• Click-through: Users must view and acknowledge your splash page before being allowed on the network.

• EnGenius Authentication: Users must enter a username and password before being allowed on the network. You could edit user settings through Configure > Cloud RADIUS User.

• Custom RADIUS: Enter the host (IP address of your RADIUS server, reachable from the access points), port (UDP port the RADIUS server listens on for access requests, 1812 by default), and secret (RADIUS client shared secret). Optionally, the Accounting Server can be enabled on an SSID that's using WPA2-Enterprise with RADIUS authentication.

• Voucher Service: Edit the access plan for guests for the front desk manager.

• Google LDAP: https://app.gitbook.com/o/-LgVsbFz9VHz6Tj66C_6/s/-Lo1AtG4HHv3uJq1FqqB/authentication-with-google-secure-ldap-server

Redirect URL

Configure the URL to which users will be redirected after successful login.

Redirect to the original URL: Select this option to cache the initial website from the client during the authentication process and then forward it to the originally targeted web server after the user successfully authenticates.

Redirect users to a new URL: Select this option to redirect users to a pre-designated URL after the user successfully authenticates.

Advanced Setting

Session Timeout: Specify a time limit after which users will be disconnected and required to log in again.

Idle Timeout: Specify a time limit for an idle client after which users will be disconnected and required to log in again.

Walled Garden: This option allows users to define network destinations that users can access before authenticating. For example, your company's website.

HTTPS Login: This option allows users to log in through HTTPS. When you enable it, your password is encrypted, so others could not retrieve your information.

NAT Mode

In NAT mode, the EnGenius APs run as DHCP servers to assign IP addresses to wireless clients out of a private 172.x.x.x IP address pool behind a NAT.

NAT mode should be enabled when any of the following is true:

• Wireless clients associated to the SSID only require Internet access, not access to local wired or wireless resources.

• There is no DHCP server on the LAN that can assign IP addresses to the wireless clients.

• There is a DHCP server on the LAN, but it does not have enough IP addresses to assign to wireless clients

The implications of enabling NAT mode are as follows:

1. No NAT client can be talked to the other NAT client, neither same SSID nor different SSID (client isolation enabled and block internal routing)

2. Change the IP range of CP DNS to be same as AP DNS (172.16-23.0.0/16)

Use Cases

NAT mode works well for providing a wireless guest network since it puts clients on a private wireless network with automatic addressing.

Diagram

When an SSID is configured in NAT Mode, wireless clients will point to the access point as their DNS server. The AP then acts as a DNS proxy and will forward clients' DNS queries to its configured DNS server.

Configuring Custom DNS for an SSID in NAT Mode

This allows you to set custom DNS servers for a NAT SSID, instead of using the AP's DNS server. This is typically used to forward NAT SSID clients to a DNS server with custom content filtering.

Configuration

1. Navigate to Configure > SSID, then choose one SSID to customize the DNS settings.

2. Locate the Client IP mode and choose NAT mode then click Custom DNS.

3. Enter the preferred Custom DNS IP addresses.

4. Click Apply.

Bridge Mode

In bridge mode, the APs act as bridges, allowing wireless clients to obtain their IP addresses from an upstream DHCP server.

Bridge mode should be enabled when the following is true:

• Wired and wireless clients in the network need to reach each other (e.g., a wireless laptop needs to discover the IP address of a network printer, or wired desktop needs to connect to a wireless surveillance camera).

The implications of enabling Bridge mode are as follows:

• Wired and wireless clients have IP addresses in the same subnet

User Cases

Bridge mode works well in most circumstances, particularly for Roaming. and is the simplest option to put wireless clients on the LAN.

Configuration

1. Navigate to Configure > SSID , then choose one SSID.

2. Locate the Client IP mode and choose Bridge mode then click Apply.

EoGRE

the EoGRE (Ethernet over GRE, or Layer 2 GRE tunnel ) is to build a GRE tunnel between AP and the remote site, so all traffic of the “EoGRE-enabled” SSID will go through the encrypted tunnel to the remote service center

EoGRE tunnel

When SSID’s EoGRE is enabled, all traffic of connecting clients will be tunneled by EoGRE to forward to TGW (Tunnel Gateway)

The connected client then sends a DHCP request to TGW to get an IP address

Option 82 can be enabled to provide more information for the DHCP server to assign IP accordingly.

DHCP Option 82

DHCP option 82 (also known as the DHCP relay agent information option) is used to prevent DHCP client requests from untrusted sources. The DHCP relay agent will insert more information of “circuit ID” to identify the request is from, say, which AP BSSID (radio mac), which SSID name, and which VLAN ID…, so the DHCP server can identify if the request is from an authorized source, and bases on the information to assign IP.

Circuit ID usually includes which ESSID (SSID name) and VLAN ID the client is connecting to. Remote ID usually includes which AP (AP MAC and BSSID - Radio MAC) is relaying the DHCP requests.

Users can define the fields to add to the Circuit ID and Remote ID. EnGenius Option 82 provides options as below:

• AP Ethernet MAC

• AP Radio MAC

• SSID Name

• SSID Type

• VLAN ID

Configuration

1. Navigate to Configure > SSID , then choose one SSID.

2. Locate the Client IP mode and choose Tunnel (EoGRE).

3. Choose the VLAN (the default value of “VLAN” is SSID default VLAN. If the value is changed, then it will override the SSID default VLAN ).

4. Input the Tunnel Gateway IP ( the IP of the remote site the GRE tunnel will be connecting to ).

5. Decide to enable the DHCP option-82, if yes, Input Delimiter ( how the field is separated in the option 82 frames) and select the Circuit ID and Remote ID and then click Apply.

Captive Portal supports the way to authenticate with an externally hosted LDAP server. The option is available at Configure > SSID > Captive Portal > my LDAP server

Follow the steps below to configure the LDAP service:

1. Click Add a server to add a new LDAP server.

2. Enter the IP address or domain name of your LDAP server in the Host field and the LDAP listening port in the Port field.

3. For LDAP admin, enter the distinguished name of the administrative account to bind your LDAP server, for example, cn=admin,dc=example,dc=com, and the password.

4. Click OK and then click Apply button.

Base DN and Login Attribute

Base DN: When you configure the LDAP server, you can set a Base DN. For example, If your domain name is example.com, you can use the Base DN dc=example,dc=com.

Login Attribute:

1. UID: (default ) use unique ID as the login attribute for user authentication

2. Email: use email format

3. Other text: Use user-defined string

Captive Portal supports the way to authenticate via an externally hosted AD server. The option is available at Configure > SSID > Captive Portal > Active Directory.

Follow the steps below to configure your AD service.

1. Click Add a server to add a new AD server in the list.

2. Enter the IP address or domain name of your AD server in the Host field and the AD server listening port in the Port field.

3. For AD admin, enter the AD format: admin@example.com, and the password.

4. Click OK and then click Apply button.

VLAN pooling is a feature of EnGenius Cloud that allows you to split a large network into smaller virtual networks (VLANs) to reduce traffic and improve performance. To enable VLAN pooling, you need to select Dynamic Client VLAN Pooling in the WLAN settings and enter the VLAN IDs that you want to add to the pool.

Each client connected to the WLAN will be assigned a random VLAN ID based on MAC hashing algorithm. This helps to isolate broadcast packets and balance the load across different VLANs.

L2 isolation

L2 isolation is a feature to prevent wireless client from communicating with any other devices in the network except gateway. With this feature enabled, not only clients associating with the same SSID cannot communicate with each other (this is so called client isolation conventionally) but also clients cannot access other devices in the same LAN. Another exception is that wired devices added to VIP list are still accessible.

Example Use Cases

• Guest SSID to isolate clients and also stop them accessing corporation LAN resources

• Free WiFi service in which administrator want to keep the authentication simple, e.g., WPA2_PSK, such that customer can access the SSID via QR-code scanning.

Band Steering

Dual band operation with Band Steering detects clients capable of dual band operation and steers them to another frequency which leaves the more crowded band available for communication. This helps improve the end-user experience by reducing channel utilization, especially in high-density environments. Band Steering is configured on a per-SSID basis.

RSSI Threshold

This value defines the minimum RSSI required for dual-band wireless clients to associate to 5G band. If the client's RSSI drops below this threshold, it is only allowed to connect to 2.4G band. The recommended value is -60~-80.

BCMC Suppression

BCMC suppression is a feature to drop all the broadcast and multicast frames on a VLAN except for ARP, DHCP, IPv6 router advertisement, and IPv6 neighbor solicitation.

Broadcast-Multicast traffic from APs, remote APs, or distributions terminating on the same VLAN floods all VLAN member ports. This causes critical bandwidth wastage, especially when the APs are connected to an L3 cloud where the available bandwidth is limited or expensive. Suppressing the VLAN broadcast-multicast traffic to prevent flooding can result in loss of client connectivity.

To effectively prevent flooding of broadcast-multicast traffic on all VLAN member ports, use BCMC Suppression to ensure controlled flooding of broadcast-multicast traffic without compromising the client connectivity. This option is for the controlled flooding of broadcast-multicast traffic and is enabled by default.

Example Use Cases

• Enterprise network with over 1000 active wired or wireless clients in different VLANs.

• Campus network with over 1000 active wired or wireless clients in different VLANs.

EnGenius Cloud AP can leverage Microsoft Azure AD to provide a highly secure authentication process for WPA2/WPA3-Enterprise or Captive Portal. The benefit of using Azure AD is that users may integrate WPA2/WPA3-Enterprise or Captive Portal with Azure AD to identify the specified domain/credentials quickly and account Emails for authentication management.

There are two ways to enable Azure AD to authenticate wireless users with EnGenius Cloud.

• Enable Security Type WPA2/WPA3-Enterprise with Azure AD.

• Enable Captive Portal for user authentication with Azure AD.

WPA2/WPA3-Enterprise with Azure AD

To get started:

• Go to Configure > SSID and select a specific SSID name from the list

• From the Wireless tab, select WPA2 /3 Enterprise for Security Type

• Select Azure AD for user authentication

• Enter the configuration (Host, Port, Account, and Password) for the Azure AD.

Host: IP address or domain name of your Azure AD

Port: Azure AD listening port

Username: Azure admin account (admin@example.com )

Password: Azure admin password

Base DN: dc=example,dc=com (Corresponding to the domain service, such as example.com)

• Click the Apply button to save SSID configurations.

Captive Portal Authentication with Azure AD

To get started:

• Go to Configure > SSID and select a specific SSID name from the list.

• Enable Captive Portal from the Captive Portal tab.

• Select Azure AD for Authentication Type

• Enter the configuration (Host, Port, Account, and Password) for the Azure AD.

Host: IP address or domain name of your Azure AD

Port: Azure AD listening port

Username: Azure admin account (admin@example.com )

Password: Azure admin password

Base DN: dc=example,dc=com (Corresponding to the domain service, such as example.com)

• Click the Apply button to save SSID configurations.

Note: Authentication with Active Directory is a feature in Pro Plan, and it requires a PRO license to enable it.

This guide is intended to help you set up your network to generate and accept vouchers. With vouchers, you control access on a per-user basis by generating guest passes you can provide to users.

Vouchers can be set to specific time increments and are ideal for hotels, coffee shops, apartments, etc. where you want to limit network access to users for a specific period of time.

Enable Voucher Service

Enable the voucher service by clicking Configure > SSID > Captive portal > Voucher Service.

Remember to click on the Apply button at the top-right corner to confirm your change on SSID settings.

Management URL and Access Plan

Management URL

For each enabled voucher service, a dedicated Management URL is created. Any team members who have permissions of Front-desk Manager or Administrator can log in that specific URL and manage Voucher Users there.

Access Plan

In addition, you can create different Plans for voucher user to identify how long a voucher user can access the network (Access Time) and how many simultaneous login are allowed for that user (Simultaneous Login).

Plan Start Time

The plan start time is an option that defines the plan of voucher service is activated when an account is created or after the account's first login.

Managing Voucher Users

Generating Guest Pass

The first page after you login the Management URL of Voucher Service allows you to generate guest account/password with different manners:

A network Administrator or Front-desk Manager can firstly select a access plan and then select to generate account/password of voucher user automatically or manually. Auto Generation allows you to generate Guest pass in batch , you can fill in the number of the Guest Pass you want to create.

Managing Voucher User

Click on the User Management Button in the toolbar.

A Guest Management Page is performed to list all generated voucher user. You can edit the properties of a voucher user by clicking the user_id of that user or pick the users in that list to delete.

Print the Voucher User Info

In the Guest Management Page, you can also select the users and click on the print button to print the voucher info for end-user. This feature allows you to print voucher users in batch.

AVExpress offers an end-to-end Quality of Service (QoS) solution specifically designed for crucial audio/video (AV) applications, including video conferencing, multi-media streaming, and gaming. It enables users to prioritize traffic based on its importance, ensuring that critical applications receive the necessary bandwidth and low latency for uninterrupted operation.

EnGenius AP will mark DSCP to those traffic to make sure it also gets the same level of priority through EnGenius Switches to reach end-to-end priority

you can access this page through Configure > SSID > Application Control

Application Aware: This allows users to see the application analysis on the client page . Disabling application awareness may improve WiFi performance.

AVXpress: Voice-related traffic will be prioritized as the highest level (Express), other traffic will be under General as normal applications, just like AVXpress is disabled. Fast is in the midst between Express and General ; it gets higher priority than General, but less than Express

802.11r

802.11r is a standards-based fast roaming technology that is leveraged when using a secure SSID (WPA2-PSK & WPA2-Enterprise). This option improves client device roaming by reducing the handoff delay in situations where client devices roam from one access point to another. 802.11r is disabled by default on EnGenius Cloud.

This feature can be enabled from the Configure > Access Point > SSID page under Network Scope.

If this option cannot be enabled, please go to Wireless > Security Type to select WPA2 PSK/ WPA2 Enterprise /WPA3 Personal (SAE) /WPA3-Personal/WPA2-PSK mixed in advance.

802.11w

802.11w is enabled when Security Type is not Open. 802.11w enables Protected Management Frames (PMF) for management frames such as authentication, de-authentication, association, disassociation, beacon, and probe traffic. This enables APs to help prevent rogue devices from spoofing management frames from APs. Enable 802.11w will allow APs to begin utilizing Protected Management Frames for any clients that support 802.11w.

This page allows you to block clients in mac based on current SSID.

The following describes the functions on this screen:

• Add : The entry for you to add the Mac address to be blocked.

• Reset : Clean all the Block list .

• Delete : Delete the list that you selected .

After you add the block list , remember to click Apply to take effect .

How to Configure Captive Portal

1. Before you begin configuring a captive portal, you need to create a SSID. Navigate to Configure > SSID (If you can't click configure, please make sure you are on network scope).

2. Select one of the SSIDs from the list. If one is not available, please click Add SSID to create one.

3. Navigate to the captive portal and click Enabled and then select the authentication type.

4. Click Apply.

The Cloud RADIUS User is used when you select the EnGenius authentication from Configure > SSID > Captive portal > Authenticated type

Double-click one of the networks on Org-Trees > Configure > EnGenius Auth.> Cloud RADIUS Users to access this screen to view and manage user accounts authenticated using EnGenius Authentication.

The following describes the labels on this screen:

1. Email: Shows the email of the user account.

2. Authorized SSID: This shows the SSID numbers that the user has authorized.

3. Create Date: This shows the date and time that the user was created.

4. Status: This shows whether the user has been blocked or not.

The following describes the functions on this screen:

• Add User: Add users and authorize users to SSIDs.

• Authorize: This allows you to authorize users to SSIDs.

• Delete: Delete users.

• Block: Block users.

• Unblock: Unblock users.

Use this screen to configure radio settings for all access points in the network.

Double-click one of the networks on Org-Trees > Configure > Radio Settings.

The settings and options in the Radio Setting page apply to all access points in a network, and you can configure the following settings:

Channel

This option allows users to customize the channels. On the Auto setting, EnGenius access points automatically adjust the channels of their radios to avoid RF interference.

Exclude DFS

Some use cases may require that Dynamic Frequency Selection (DFS) channels be excluded from the Auto Channel algorithm. DFS channels can be allowed or excluded on the radio settings page.

Since DFS channels can only be used until radar communication is heard, disabling DFS may be useful if the wireless network is in close proximity to a harbor, airport, or weather radar station. Administrators may also want to disable DFS if most local wireless clients do not support DFS channels.

Preferred Scanning Channels (PSC)

With 1200 MHz of spectrum and 59 new 20 MHz channels, a station with a dwell time of 100 ms per channel would require almost 6 seconds to complete a passive scan of the entire band. The standard implements a new efficient process for clients to discover nearby access points (APs). In Wi-Fi 6E, a process called fast passive scanning is being used to focus on a reduced set of channels called preferred scanning channels (PSC). PSCs are a set of 15 20-MHz channels that are spaced every 80 MHz. The APs will set their primary channel to coincide with the PSC so that it can be easily discovered by a client, and clients will use passive scanning in order to just scan PSCs to look for an AP.

Channel HT Mode

The use of 40 MHz channels on the 2.4 GHz band does not provide for multiple independent channels in multi-AP deployments for 2.4GHz. The recommended setting is 20MHz. To maximize throughput, use 40 MHz for 802.11n and 80 MHz for 802.11ac for 5GHz. Note that higher density deployments should use 20 MHz or 40 MHz channels on 5 GHz.

Tx Power

Using this option, users can set a custom range for Tx power.

The higher the transmission power (Tx power) of the access point, the bigger the coverage of the WiFi signal, so usually maximum power is set for an access point to connect to another access point for WDS or mesh purposes.

However, it might not be the best practice if the access point serves the purpose of being a client access point because usually client devices (notebooks, mobile phones, etc.) might not have the same transmission power to be able to communicate back.

If your enterprise environment is comprised mainly of notebooks and mobile phones, then it is better to turn down your access point transmission power to 15-17dBm on 5G, and 10-12dBm for 2.4G (so the coverage area of 5G and 2.4G is about the same). If you keep the same transmission power of 5G and 2.4G, it also means the signal strength of 2.4G is about 6 dB higher than 5G at the same location. Then the client device might roam from 5G to 2.4G because it detects better signal strength. It is highly recommended to leverage the EnGenius ezWiFiPlanner tool to simulate coverage with different transmission power settings.

Minimum Bit Rate

EnGenius access points can adjust the minimum bit rate for each radio (2.4G and 5G separately). When the minimum bitrate is set, an access point will send out beacons based on the minimum bit rate.

For example, if the bit rate is set to 6Mbps, then those clients with slower than 6Mbps bit rate will not be able to connect to the WiFi and will not slow down other clients' performance. 802.11b max bit rate is 11Mbps, so if 12Mbps is set per radio, then 802.11b clients will not be able to connect to the network.

The other benefit is to help better roaming, because when a client roams to a weaker RSSI signal and causes slower performance, then the access point will be kicked out, and the client will search the available SSIDs again to connect to a stronger signal SSID.

If the value is set too high, then it also means a greater density of access points are required to cover the area with the minimum bit rate. This may potentially cause more channel conflict because the transmission power of the access point remains the same, so the RF coverage area is the same and more RF areas overlap.

Client Limit

This is a hardware limitation, commonly applied to most access points in the market. There can be 254 clients connected to an access point at a maximum (127 clients to each 2.4G and 5G band). To serve more than 127 2.4/5G clients in a space, a higher density of access points must be deployed.

Discard 802.11 a/b/g

This option allows users to discard 802.11 a/b/g devices to use network to prevent the impact of performance on other 802.11ac/ax clients.

Disable 11ax

Some legacy wireless clients are not compatible with 11ax. This option allows legacy equipment to connect with your network as usual, we suggest you disable 11ax in 2.4G of your Radio settings. In this way, you can have equipment working in 5G with better performance and get legacy devices served well in 2.4G.

Disable 11be

Some legacy wireless clients are not compatible with 11be. This option allows legacy equipment to connect with your network as usual.

Disable RTS/CTS

Disabling RTS/CTS can reduce additional signaling overhead and latency, thereby increasing data transmission efficiency, especially in environments with strong signals and minimal interference, such as in directional antennas.

DCS (Dynamic Channel Selection)

Dynamic Channel Selection allows a Wireless Access Point to monitor traffic and noise levels on the channel which is current operating and also keeps watching utilization of other channels with background scanning.

When DCS is enabled and traffic or noise levels of current channel exceed predefined threshold (50%) for a period (15 mins), the AP ceases operating on the current channel and hops to an alternative channel with best utilization in statistics. If you want to schedule the DCS, you could expand the advanced settings and select 2 timeslots in a day or do the DCS every time interval.

When to use it

DCS is useful for the complex and dynamic wireless environment where numerous APs and travel routers broadcast and transmit packets in the same area. It usually comes with high radio interference and the situation changes from time to time. In this case, DCS could be helpful to react for unexpected interference with a short-term mechanism and jump to a cleaner channel to operate.

Client Balancing

After you enable Client Balancing, AP will use information about the state of the network and wireless protocol 802.11V to steer the clients to the best available access point during association. Require firmware v 1.x.20 or above, and only support on ECW220v2/ECW220v3.

Mesh

This option will allow users to enable meshing on the 2.4GHz, 5GHz or 6GHz bands. Auto Pairing will assist in wirelessly connecting (meshing) to an access point (AP) that is not connected to a LAN connection.

Once you enable mesh and click Apply, an Auto Pairing button will appear. The Auto Pairing button will trigger access points that are connected to the internet to scan and mesh with neighboring access points that are not connected to the internet.

How to enable mesh node

1. Locate an AP that is wired and connected to a LAN (i.e., connected to Cloud, Power LED is steady orange).

2. Place the new unwired AP, which is already registered to an organization (Org) and assigned to a network, within 10 meters of the LAN-connected AP.

3. Power on the new unwired AP and the “mesh” LED will begin flashing.

4. Click the Auto Pairing button under Radio Settings in cloud to begin the meshing process. The connected AP will attempt to find and mesh with the new unwired AP.

a. There must be a cloud-connected AP nearby for the new AP to wirelessly connect.

b. All APs must be on the same “network” so that the mesh configuration can be pushed to all

APs in the mesh group.

c. It will take approximately 4-10 minutes for an AP to complete the meshing process due to

firmware upgrade and reboot.

5. Once complete and successful, the mesh LED will be on, and the power LED will be blue on all

mesh-connected APs.

Hotspot 2.0, also known as Passpoint, is a service provider feature that assists with carrier offloading. Hotspot 2.0 SSIDs include additional 802.11u information that supported client devices can use to determine if they are able to join the network automatically.

Operation Name : Input the displayed Hotspot 2.0 network name

Venue Name / Type : Input the Venue Name .

Venue Type : Specify the venue groups to be advertised in the IEs from APs associated with this hotspot profile.

Network Type : Access the network type in beacon.

Domain List : This information element specifies the APs domain name.

Roaming Consortium List : This information element contains information identifying the network and service provider, whose security credentials can be used to authenticate with the AP transmitting this element. Input the Roaming Consortium Organization Identifier

3GPP Cellular Network Info: This information element defines information for a 3GPP Cellular Network for hotspots that have roaming relationships with cellular operators. Input the mobile country code and mobile network code.

NAI Realm : This information element identifies and describes a NAI realm accessible using the AP and the method that this NAI realm uses for authentication. Input the Network Access Identifier Realm Names.

This setting allows you to configure VLAN to all devices in the network at once . Table displays all VLANs have been configure in selected network .

Use this screen to add and delete VLANs for network.

Click Configure > VLAN Settings to access this screen.

The VLAN Settings page contains the following information :

• VLAN ID : VLAN ID.

• NAME : VLAN name.

• Voice VLAN : This shows if VLAN has been assigned to Voice VLAN or not.

• SSID : the SSID that has been assigned the VLAN.

Add VLAN

1. Click Add VLAN button.

2. Input VLAN ID and VLAN Name.

3. Click Apply to complete the settings.

This guide is intended to help you set up your splash page. With a splash page, you can channel network users to see a custom page before they can access the Internet.

Before you start configuring a splash page, please make sure the captive portal is enabled in advance.

External Splash Page URL: The external splash page enables the administrator to host their own splash page web server, rather than having it hosted by EnGenius Cloud.

Local Splash page : Local Splash page provides the HTML for a splash page that will be hosted internally on the Access Point . For example , allows you to customize your splash page.

After you complete the splash page, please remember to click Apply.

Using the WYSIWYG editor

You can choose different template from the drop-down menu at the top of the editor.

Once you select your starting template, you can customize it with your message, colors, fonts, and images. EnGenius uses a WYSIWYG (what-you-see-is-what-you-get) editor that also supports HTML editing.

In addition to the standard editing tools along the top toolbar , you can click HTML icon to start editing .

Choosing a starting template

Choose a template from the drop-down menu at the top of the editor. You can customize the content and presentation of these templates to suit your needs . Any edits you make will be a copy of the template, you can go back to the default at any time.

Adding and modifying images

Each splash page template comes with a library of stock images. You can also use the Insert Image tool to add your images and logos.

1. Click the Insert Image button, then navigate to a file, or drag and drop it into the upload images.

2.Double-Click on the image or click insert icon to add the image.

This allows you to clone SSID configuration which you created previously. So you can create Multiple SSID with same configuration easily.

Follow steps to clone SSID

1. Click Clone From

2. Select SSID to be cloned => Click apply in popup

3. Click Apply on tab bar to take effect

When setting up an enterprise wireless network, it is common to configure WPA2-PSK authentication in order to onboard different users on to the wireless network. However, IT administrators may still encounter some drawbacks with this method of authentication when they need to use different PSKs in order to assign different VLANs. MyPSK allows a network administrator to use multiple PSKs and assigned different VLANs per SSID.

Before Configuring the MyPSK Users, please make sure you have chosen the Cloud myPSK user From Configure > SSID > Wireless > Security Type > WPA2-MyPSK

Create my PSK Users

You can access this screen from Configure > EnGenius.Auth > MyPSK Users > Add Users

The following describes the labels on the popup.

Auto-Generated: Click the checkbox and then input the number of the users you want to create. Auto-Generated Users are limited to 50 per time.

PSK: Input the password for the user to log in, Auto-Generated Users will have PSK automatically.

VLAN: By SSID means the user is assigned the VLAN from the SSID which you choose to authorize. If you see the VLAN you wanted is not displayed, you could add the VLAN from Configure > VLAN Settings, then you could select from the dropdown list.

Allowed MAC: Only the User with this Mac Address could access the SSID, leave it blank if you don't want to restrict it.

Expired Date: Default is Permanent, click the checkbox to choose the expired date

User note: Add note to map “the user” to the “PSK” to “identify” the person

SSID Authorized: The SSIDs you want users to access

Edit MyPSK Users

1.Click the number on the Authorized SSIDs or each PSK

2. Allows you to edit the details of each user.