Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
This document provides information about the features available and bug fixes of EnGeniusCloud Solution. To get started, click an item on the left side and browse the contents.
Resolved configuration changes on one SSID that could randomly cause Wi-Fi connection loss.
Resolved the Local Status Page (LSP) not properly displaying conflicts when GeoIP detection and the Network-wide country setting differed.
Resolved abnormal disconnections of MLO Wi-Fi clients when both AP MLO and the Fast Handover feature were enabled.
Resolved Mesh slave client connection instability during the firmware update process.
Support HT160 on 5 GHz.
Support operating channel width display on the EnGenius Cloud AP details page, which is targeted to be ready in mid-Sep.
160 MHz channel width is not supported on 5 GHz. When configured network-wide as 160 MHz, it will automatically downgrade to 80 MHz.
Resolved configuration changes on one SSID that could randomly cause Wi-Fi connection loss.
Resolved the Local Status Page (LSP) not properly displaying conflicts when GeoIP detection and the Network-wide country setting differed.
Resolved abnormal disconnections of MLO Wi-Fi clients when both AP MLO and the Fast Handover feature were enabled.
Resolved Mesh slave client connection instability during the firmware update process.
Support HT160 on 5 GHz.
Support operating channel width display on the EnGenius Cloud AP details page, which is targeted to be ready in mid-Sep.
This f/w version is for the first release.
Supports SmartCasting, enabling guests to effortlessly stream media from mobile devices to room TVs via a dedicated SSID and QR code.
Supports Wi-Fi Calling for seamless, high-quality voice communication over enterprise Wi-Fi
Support automatically detecting the country using GeoIP and displayed on the Local Status Page (LSP) and standalone UI.
Channel specification updates based on regulatory changes in different countries
India: Support 6GHz
Added MyPSK support for secure, personalized Wi-Fi access without multiple SSIDs.
Standalone GUI support enables flexible, quick setup in isolated networks
Added Layer 3 Outbound Firewall so admins can control where wireless client traffic goes or block it to improve network security.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Added JP country code to Auto Channel List to meet Japanese regulations
Deauthentication, enabling it to forcibly disconnect wireless clients from the network. Additionally, EnGenius Cloud offers an API for remote management of client Deauthentication.
Disabling mDNS when Local Web Pages are turned off to improved security.
Client information includes VLAN ID for improved visibility and troubleshooting.
Resolve the issue where the SysName object of the SNMP interface does not synchronize with the device name.
Improve AP performance and throughput when the AVXpress is enabled
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.
Reduced AP offline notification frequency for clearer, more actionable alerts.
Enlarge the RSSI threshold range for Fast Handover function providing more flexibility for to fine tune the roaming sensitivity special environments.
Fixed the issue with the captive-portal certificate update failing
Fixed an issue causing AP reboots or Wi-Fi instability when 40+ users were connected simultaneously
Improved WiFi stability
Fixed an issue where the ECW516L does not broadcast on the 6GHz radio when multiple SSIDs are enabled and some SSIDs are hidden.
Fix ths issue that BCMC Suppression function blocks mDNS packets when mDNS Forwarding is enabled, allowing seamless device discovery across different network environments.
Allows different AP-Lite models to be meshed together, increasing the flexibility of WiFi network deployment.
This f/w version is for the first release.
Fix the issue where, after the EXT loses connection with EnGenius Cloud, the management session cannot be reinitialized within 30 minutes.
Add default port priotiy for different network services, making massive deployment easier. Priority 5(VO): PD port, Port 2 Priority 4(VI): Port 3 Priority 0(BK): Other ports
Support Local Status Page (LSP) disable for users who want to secure their devices by restricting all local management access.
Support PoE legacy mode providing better interoperability with those legacy Powered Devices (PDs) that do not fully comply with the PoE standard.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Fix an issue where the device does not reinitialize the DHCP process to obtain a new IP address after the management VLAN setting is changed.
Enclosed fix for the incorrect front port LED blinking when pressing LED Blinking button on the cloud.
Fix the issue where, after the EXT loses connection with EnGenius Cloud, the management session cannot be reinitialized within 30 minutes.
Add default port priotiy for different network services, making massive deployment easier. Priority 5(VO): PD port, Port 2 Priority 4(VI): Port 3 Priority 0(BK): Other ports
Support Local Status Page (LSP) disable for users who want to secure their devices by restricting all local management access.
Support PoE legacy mode providing better interoperability with those legacy Powered Devices (PDs) that do not fully comply with the PoE standard.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Fix an issue where the device does not reinitialize the DHCP process to obtain a new IP address after the management VLAN setting is changed.
Enclosed fix for the incorrect front port LED blinking when pressing LED Blinking button on the cloud.
Supports SmartCasting, enabling guests to effortlessly stream media from mobile devices to room TVs via a dedicated SSID and QR code.
Supports Wi-Fi Calling for seamless, high-quality voice communication over enterprise Wi-Fi
Support automatically detecting the country using GeoIP and displayed on the Local Status Page (LSP) and standalone UI.
Support Casting on LAN feature to allow Wi-Fi clients to cast streaming content to casting devices (e.g., Chromecast, Apple TV, smart TVs) that are connected to the same LAN port (not uplink) when Layer 2 isolation is enabled. Supported on wall-plate and in-wall APs.
Support for enabling or disabling the LAN interface port for security purposes on wall-plate and in-wall APs.
Added MyPSK support for secure, personalized Wi-Fi access without multiple SSIDs.
Configuration changes may possibly cause Captive Portal to malfunction, leading to the splash page not functioning properly
Fixed the issue with the captive-portal certificate update failing
Standalone GUI support enables flexible, quick setup in isolated networks
Added Layer 3 Outbound Firewall so admins can control where wireless client traffic goes or block it to improve network security.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Added JP country code to Auto Channel List to meet Japanese regulations
Deauthentication, enabling it to forcibly disconnect wireless clients from the network. Additionally, EnGenius Cloud offers an API for remote management of client Deauthentication.
Disabling mDNS when Local Web Pages are turned off to improved security.
Client information includes VLAN ID for improved visibility and troubleshooting.
Resolve the issue where the SysName object of the SNMP interface does not synchronize with the device name.
Improve AP performance and throughput when the AVXpress is enabled
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.
Reduced AP offline notification frequency for clearer, more actionable alerts.
Enlarge the RSSI threshold range for Fast Handover function providing more flexibility for to fine tune the roaming sensitivity special environments.
Improved WiFi stability for client association with AP
Fixed an issue where the slave unit cannot connect to the master in a mesh network when the master uses a DFS channel.
Fixed an issue where firmware upgrades would fail in version 1.0.1-9. If the issue occurs, please contact the Support team
Fix ths issue that BCMC Suppression function blocks mDNS packets when mDNS Forwarding is enabled, allowing seamless device discovery across different network environments.
Allows different AP-Lite models to be meshed together, increasing the flexibility of WiFi network deployment.
This f/w version is for the first release.
Supports SmartCasting, enabling guests to effortlessly stream media from mobile devices to room TVs via a dedicated SSID and QR code.
Supports Wi-Fi Calling for seamless, high-quality voice communication over enterprise Wi-Fi
Support automatically detecting the country using GeoIP and displayed on the Local Status Page (LSP) and standalone UI.
Added MyPSK support for secure, personalized Wi-Fi access without multiple SSIDs
Fixed the issue to prevent device reboot caused by unstable or slow network
Fixed a connection issue where the ECW212L might lose connection with the EWS7952FP-FIT switch during link detection.
Fixed the issue with the captive-portal certificate update failing
Standalone GUI support enables flexible, quick setup in isolated networks
Added Layer 3 Outbound Firewall so admins can control where wireless client traffic goes or block it to improve network security.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Added JP country code to Auto Channel List to meet Japanese regulations
Deauthentication, enabling it to forcibly disconnect wireless clients from the network. Additionally, EnGenius Cloud offers an API for remote management of client Deauthentication.
Disabling mDNS when Local Web Pages are turned off to improved security.
Client information includes VLAN ID for improved visibility and troubleshooting.
Resolve the issue where the SysName object of the SNMP interface does not synchronize with the device name.
Improve AP performance and throughput when the AVXpress is enabled
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.
Reduced AP offline notification frequency for clearer, more actionable alerts.
Enlarge the RSSI threshold range for Fast Handover function providing more flexibility for to fine tune the roaming sensitivity special environments.
Improved WiFi stability for client association with AP
Fixed an issue where the slave unit cannot connect to the master in a mesh network when the master uses a DFS channel.
Fix ths issue that BCMC Suppression function blocks mDNS packets when mDNS Forwarding is enabled, allowing seamless device discovery across different network environments.
Allows different AP-Lite models to be meshed together, increasing the flexibility of WiFi network deployment.
This f/w version is for the first release.
Fix the issue where, after the EXT loses connection with EnGenius Cloud, the management session cannot be reinitialized within 30 minutes.
Add default port priotiy for different network services, making massive deployment easier. Priority 5(VO): PD port, Port 2 Priority 4(VI): Port 3 Priority 0(BK): Other ports
Support Local Status Page (LSP) disable for users who want to secure their devices by restricting all local management access.
Support PoE legacy mode providing better interoperability with those legacy Powered Devices (PDs) that do not fully comply with the PoE standard.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Fix an issue where the device does not reinitialize the DHCP process to obtain a new IP address after the management VLAN setting is changed.
Enclosed fix for the incorrect front port LED blinking when pressing LED Blinking button on the cloud.
This f/w version is for the first release.
Support Facebook Wi-Fi.
Able to setup device local GUI credential during Network creation.
Support to upgrade device firmware immediately.
Bug fix.
Support Switch PoE scheduling.
Support Switch PoE reset.
Support Switch PD lifeguard.
Language support Simplified Chinese.
Support Switch LED Light.
Support Network-wide Settings.
Support Traditional-Chinese.
Support Switch VLAN, port, and system settings.
Support new switch model icon: ECS1528P, ECS1552P.
Fix display issue when receiving notifications from different organizations.
Fix the crash issue when resetting the device.
Add Message Center.
Support Notification Settings.
Support SSID, Radio, and IP settings.
Support Management VLAN settings AP and Switch page.
Supports VLAN Trunking to bypass the 16-VLAN configuration limit, enabling traffic transmission for additional VLANs.
Supports IGMP Querier to efficiently manage multicast traffic by maintaining group memberships and preventing flooding in networks without a Layer 3 router.
Supports Port Isolation to enhance traffic security by strictly preventing communication between isolated port groups.
Be able to be managed by EnGenius Private Cloud (EPC).
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
First release.
Support to change feature plan for AP and Switch.
Support to create and delete Organization.
Support feature plans of Basic and PRO for device categories (AP and SW).
Fixed dashboard issues.
Add a new display option, "Last Update".
Support DCS and Zero-Wait DFS in Radio Settings of Network-wide Settings.
Support Channel Statistics of selected AP.
Language support Thai, Indonesia, Vietnamese, Burmese, and Turkish.
Support Google LDAP, Local LDAP server, and Active Directory for SSID security of WPA2/WAP3 Enterprise.
Support dark mode.
More languages support : Nederlands, Français, Deutsch, Italiano, Pу́сский, Español, Svenska.
Add reporting task to custom and scheduling network reports.
Support search keywords for monitor logs.
Support Block Random MAC Connectionof client access.
Support HTTPS login to Captive Portal.
Monitor Clients Enhancement.
Support Backup&Restore of Network configuration.
Added Diagnosis Tools for Switch
-Switch Activity
-Cable Diagnostics
-Traceroute
-ARP Table
-Live Clients
Added new events for AP Alert Settings
-Rogue SSID(s) is detected
-Evil Twins attack(s) is detected
-Malicious attack(s) is detected
-RF Jamming is detected
SSID support SmartCast.
Added 6G Radio and SSID settings.
Added diagnosis tools- Display All Channel Utilization.
New languages supported – Japanese, Norwegian.
Added Diagnosis tools for Access Point.
Unlock the rotate limitation for iPad display.
Fixed the issue where port 53 was opened on the WAN side when the Captive Portal or L7 rule was enabled
Added support for Gateway v6plus/Xpass (Japan’s VNE) with IPv6 IPIP tunneling for optimized connectivity.
Improved the rollback function event log title to make it more descriptive.
Fixed an issue where packet capture from WWAN failed or produced duplicate packets.
Fixed an issue where incorrect WAN information was displayed on the Detail page when VLAN is enabled in the WAN settings.
Support CloudBrink service to offer ZTNA (Zero Trust Network Access) solution
Adds MAP-E and DS-Lite support to enable IPv6 access in ISP networks using IPv4-based tunneling
Adds IPv6 Ping/ Traceroute support on WAN1 interface for troubleshooting purposes
Optimize the performance of the Diag Tool: CPU Usage
Allows Ping operations in Diag Tool to follow the active primary WAN interface instead of a fixed WAN1 interface.
Enhanced WAN logs to clearly record status: active, inactive, and unstable
Fixed the issue where Client VPN did not follow the default routing rule when Default Route to Remote Hub was enabled in auto S2S VPN configuration
Fixed the issue to reduce duplicated log entries when the WAN connection is unstable.
Fixed incorrect rule policy order between 1:1 NAT and Port Forwarding
Fixed the issue where only one SIP client can connect to SIP server if SIP client ‘s source port was not TCP/UDP 5060
Fixed Symmetric NAT type detection failed.
Fixed incorrect WAN2 IP address displayed after updating policy route rules
Fixed fail to establish 3rd party S2S VPN connection with IKEv1 when Primary WAN public IP changed.
Fixed an issue where full tunnel was restricted to Auto VPN mode. It now supports operation without Auto NAT Traversal enabled.
Fixed issue where Windows/macOS client cannot access ESG320 LSP (Local Status Page) when ESG320 is default configuration.
Support Static Route over VPN: Enables traffic control by manually defining routes over a VPN tunnel, optimizing network efficiency.
Support Default Route to Remote Hub: allows routing all traffic through the remote hub for enhanced security and centralized traffic management
Support to save device’s log to syslog server for centralized log management
Support real-time log download to easy troubleshooting
Changes ESG510/ESG610/ESG620 Ethernet LED definition to “Green is high speed; amber is lower speed”
Add warning message for WAN/LAN IP conflicts to alert users of potential network issues
Enhanced L7 firewall detection to improve accuracy in identifying Layer 7 packets
Fixed issue where only one L2TP connection from a LAN site could be established to an L2TP VPN server at the WAN site
Fixed issue where clients failed to obtain an IP address when switching WAN2 and LAN via the Local Status Page (LSP) while the internet was unreachable.
This f/w version is for the first release.
HQ and SQ video stream quality indicator
Snapshot failure could stop video streaming
Adds logging for animal detection events for easier review and analysis
Logs camera storage recording failures to simplify troubleshooting
Automatically clears stored footage when a camera is re-registered after deregistration
Enabling HDR may cause flickering under specific lighting conditions when the power frequency is set to 50Hz
Cloud AI failed to upload sufficient snapshots
eMMC mount failed for recording
Resolved an issue that could cause temporary power instability by improving night vision activation timing
Enabling HDR caused image flickering when the frequency was set to 60Hz
Cloud disconnection caused by internal eMMC read/write errors
Modifying certain configuration settings could intermittently halt video streaming
Upgrades firmware failed to initiate or complete
Camera snapshot preview failed to refresh, displaying outdated frames in the UI
Enabling HDR may cause flickering under specific lighting conditions when the power frequency is set to 50Hz
Rollback configuration
Static IP addressing and IP address fallback
Cloud AI min. dwell time and max. alert latency
System recording failure alert
Edge AI ON/OFF does not change video bit rate and resolution
Change timezone lead to playback faiure
Camera storage is full yet upgrade FW with new AI model will fail
Enable HDR could have flicker in few lighting conditions
Fix video query and play during daylight saving time
Improve video contrast
Will have option to enable 5MP while disable camera AI
1. Auto Reboot Functionality Optimization
Added the Host Condition function to ensure that host detection failures are not caused by intermediate network nodes, enabling more accurate identification of abnormal host IP status (local GUI only).
Added automatic restart for AutoReboot: when an outlet reaches the reboot attempt limit, Auto Reboot will automatically restart host monitoring after 24 hours, eliminating the need for manual intervention.
Added and optimized Event Logs.
2. Event Log Page Optimization (local GUI ONLY)
Improved the filtering interface and display for better usability.
The Support Rollback Configuration feature allows devices to revert to the previous configuration in case of disconnection caused by an incorrect configuration pushed from EnGenius Cloud.
For easier troubleshooting, add a Ping Failed event log for the AutoReboot feature.
Enhance the Never Power Off feature: when Never Power Off is enabled, AutoReboot and Schedule cannot be enabled (local GUI only).
Support the new model ECP106-INT.
Support enable/disable HTTPs-only for local web page access. Allowing users force web UI access encrypted for better security.
Support enable/disable Local Web Page. Allowing users forbid local managements to prevent the confliction with the central cloud management.
Add Retry and Reset options to AutoReboot, increasing the flexibility of device power management.
Support synchronize "Schedule" configurations in local GUI to Cloud when PDU first time check in Cloud.
Add a new event log when PDU detects outlet has no power supply after AutoReboot.
Add new event logs for firmware upgrade.
Configurations made via LCD will be kept even device reboot.
Supports LCD viewing angles of 0, 90, and 270 degrees in dark mode, ensuring that the content is easy to read regardless of the installation orientation.
Support displaying the Serial Number and Local Web Page on/off status on the LCD.
Provide email notification in case the connected device loses power from Auto-rebooting.
Improved the voltage safe range to accommodate varying default settings across different countries.
Fixed the issue to let event log record AMP safe range when exceeding configuration range.
Fixed the issue to let event log record the configured safe range of power and current.
Fixed the issue to correct the testing email's sending errors.
Extend Outlet and User Name Length to 64.
Add org license function.
Modify default max amp current from 4A to 12A.
Add schedule time slider in local GUI page.
This f/w version is for the first release.
1. Auto Reboot Functionality Optimization
Added the Host Condition function to ensure that host detection failures are not caused by intermediate network nodes, enabling more accurate identification of abnormal host IP status (local GUI only).
Added automatic restart for AutoReboot: when an outlet reaches the reboot attempt limit, Auto Reboot will automatically restart host monitoring after 24 hours, eliminating the need for manual intervention.
Added and optimized Event Logs.
2. Event Log Page Optimization (local GUI ONLY)
Improved the filtering interface and display for better usability.
The Support Rollback Configuration feature allows devices to revert to the previous configuration in case of disconnection caused by an incorrect configuration pushed from EnGenius Cloud.
For easier troubleshooting, add a Ping Failed event log for the AutoReboot feature.
Enhance the Never Power Off feature: when Never Power Off is enabled, AutoReboot and Schedule cannot be enabled (local GUI only).
Support the new model ECP212-INT.
Support enable/disable HTTPs-only for local web page access. Allowing users force web UI access encrypted for better security.
Support enable/disable Local Web Page. Allowing users forbid local managements to prevent the confliction with the central cloud management.
Add Retry and Reset options to AutoReboot, increasing the flexibility of device power management.
Support synchronize "Schedule" configurations in local GUI to Cloud when PDU first time check in Cloud.
Add a new event log when PDU detects outlet has no power supply after AutoReboot.
Add new event logs for firmware upgrade.
Configurations made via LCD will be kept even device reboot.
Support displaying the Serial Number and Local Web Page on/off status on the LCD.
Provide email notification in case the connected device loses power from Auto-rebooting.
Improved the voltage safe range to accommodate varying default settings across different countries.
Fixed the issue to let event log record AMP safe range when exceeding configuration range.
Fixed the issue to let event log record the configured safe range of power and current.
Fixed the issue to correct the testing email's sending errors.
Extend Outlet and User Name Length to 64.
Add org license function.
Modify default max amp current from 4A to 12A.
Add schedule time slider in local GUI page.
This f/w version is for the first release.
HQ and SQ video stream quality indicator
Snapshot failure could stop video streaming
Adds logging for animal detection events for easier review and analysis
Logs camera storage recording failures to simplify troubleshooting
Automatically clears stored footage when a camera is re-registered after deregistration
Enabling HDR may cause flickering under specific lighting conditions when the power frequency is set to 50Hz
Cloud AI failed to upload sufficient snapshots
eMMC mount failed for recording
Resolved an issue that could cause temporary power instability by improving night vision activation timing
Enabling HDR caused image flickering when the frequency was set to 60Hz
Cloud disconnection caused by internal eMMC read/write errors
Modifying certain configuration settings could intermittently halt video streaming
Upgrades firmware failed to initiate or complete
Camera snapshot preview failed to refresh, displaying outdated frames in the UI
Enabling HDR may cause flickering under specific lighting conditions when the power frequency is set to 50Hz
Rollback configuration
Static IP addressing and IP address fallback
Cloud AI min. dwell time and max. alert latency
System recording failure alert
Edge AI ON/OFF does not change video bit rate and resolution
Change timezone lead to playback faiure
Camera storage is full yet upgrade FW with new AI model will fail
Enable HDR could have flicker in few lighting conditions
Fix video query and play during daylight saving time
Improve video contrast
Will have option to enable 5MP while disable camera AI
Fixed an issue where PlayStation 4 (PS4) devices occasionally failed to connect properly to the PlayStation Network (PSN) through EnGenius APs.
Resolved an issue where modifying the configuration of one SSID could randomly cause WiFi connection loss.
Fix the issue to prevent abnormal disconnects of MLO Wi-Fi clients when both AP MLO and the Fast Handover feature are enabled.
Optimize ECW536/ECW526 radio power settings to extend thermal operating range to 0–50 °C.
Support operating channel width display on the EnGenius Cloud AP details page, which is targeted to be ready in mid-Sep.
Support 6 GHz support in India for faster speeds, lower latency, and a more reliable wireless experience.
Support automatically detecting the country using GeoIP and displayed on the Local Status Page (LSP).
Channel specification updates based on regulatory changes in different countries
Mexico: Support 6GHz.
Configuration changes may possibly cause Captive Portal to malfunction, leading to the splash page not functioning properly.
Channel specification updates based on regulatory changes in different countries
Australia: Added Channel 144
New Zealand: Added Channel 144
Canada: Removed Channels 120 / 124 / 128 and 5GHz EHT240Hz support
Vietnam: Added support for the 6GHz band
USA: Added support for 5GHz EHT 240 MHz
Japan: Added support for 6GHz EHT 320 MHz
Fixed the Wi-Fi client certificate error issue when accessing the Captive Portal page.
Fixed the Wi-Fi clients disconnect issue when Manage VLAN was enabled and a myPSK was added or modified.
Fixed an issue where disabling an SSID with 802.11w enabled caused disconnections on other SSIDs during myPSK updates.
Added Layer 3 Outbound Firewall so admins can control where wireless client traffic goes or block it to improve network security.
To comply with new regulations in Indonesia, the output power for Band 4 has been updated from EIRP 23 dBm to EIRP 36 dBm.
Optimize Wi-Fi reload after AP settings are changed, making wireless clients reinitial the connection more quickly.
Improve AP performance and throughput when the AVXpress is enabled.
Deauthentication, enabling it to forcibly disconnect wireless clients from the network. Additionally, EnGenius Cloud offers an API for remote management of client Deauthentication.
Disabling mDNS when Local Web Pages are turned off to improved security.
Resolve the issue where the SysName object of the SNMP interface does not synchronize with the device name.
Resolve the issue of abnormal analysis in Frequency Spectrum monitoring.
Resolved the random AP disconnection issue that occurred when encryption features (e.g., MYPSK) were enabled in heavy-traffic environments.
Enlarge the RSSI threshold range for Fast Handover function providing more flexibility for to fine tune the roaming sensitivity special environments.
Resolved the issue where enabling MyPSK function, AP will random drop wireless clients.
Resolved the issue when there are 50 Walled Garden entries were set, part of the entries may not take effect on APs.
Improves the Fast Roaming performance when there are thousands of MyPSK user in the network.
Resolved the issue where selecting too many channels in the 6G Auto Channel list caused the AP to fail to configure.
Fix the issue that AP will trigger error evil twin alarms of AirGuard function.
Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.
Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.
Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255(e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.
Support EnGenius fast-handover algorithm 2.0
Remove dropbear [email protected] encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.
Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.
Add support for SAMLv2 in Captive portal with Azure-AD
A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.
(a) What is SAMLv2?
SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.
(b) Implications of This Update
Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.
(c) Practical Applications
Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.
In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.
Support HTTPS-Only for local device page
To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.
(a) Importance of HTTPS for Security
HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:
Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.
(b) Implementation and Control
By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.
In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.
This f/w version is for the first release.
Add VIP function for client access control.
Support Wi-Fi (SSID) settings.
Add bandwidth limit for SSID(s) and Client(s).
Add client timeline feature for a specific client.
Support to block suspicious client.
Add animated LED behavior illustration for AP.
Support Team member settings.
Add event type filter in Logs page.
Add event type filter in device detail page.
1. Support TFA (two-factor authentication) for login method.
2. Allow users to delete account and related data.
3. Add “period of validity” for remote support (passcode) function.
4. Add “Network” in display options for Monitor> Devices list.
1. Increase Top N list for Monitor-Dashboard.
2. Add time period filter for Monitor- Client list.
3. Fix scroll down issue in Monitor-Dashboard page. (Android)
4. Fix account registration issue.
1. Fix Replace not showing in AP detail. (Android)
2. Fix Replace function does not work in Switch detail. (Android)
3. Fix an issue that caused Switch page crashes due to API spec changes. (iOS)
1. Add new category to Top Application dashboard.
2. Fix time zone synchronization issue for Event Log.
Monitor - Show detail information for Switch Device Page.
Gateway detail page support VPN Status.
Live Client support information of MLD device.
SSID Support AVX.
Support US partner login.
Network-wide Gateway Settings support Policy route.
Gateway/PDU detail page support Logs.
Dashboard support Clients/Power Status.
Access Control support Allow List and bug fix.
Support Network-wide Gateway Settings.
Interface-LAN, Static Route.
Site to Site VPN.
Firewall-Outbound Rules, Port Forwarding, 1:1 NAT, Allowed Services.
LED Behavior of AP support ECW526/ECW536.
Bugfix and UI issue adjustment.
Support Switch Extender.
Bugfix and UI issue adjustment.
Support Switch Extender.
Bugfix and UI issue adjustment.
Network-wide Radio Settings 6G support HT320.
Gateway detail page support WWAN/SFP status.
Network performance Throughput/Latency/Package Loss support WWAN.
Bug fix and improve user experience.
Supports PDU.
Supports Diagnostic tools and restart within the gateway.
Support application analysis on client details page.
Support PDUs in Inventory.
Bug fix.
Support Gateway LED Behavior.
Bug fix.
Support Model # and Model Name.
Bug fix.
Upgrade radar chart algorithmic of Dashboard.
Added Security Gateway management
- Inventory list with Gateway.
- Dashboard with Gateway info.
- Gateway detail page.
Support Language-Japanese.
Added 6G radio support.
Clone networks to multiple organizations for MSP portal.
Retain device configuration when moving to a new organization’s network (open to custom users domain)
Face recognition of cameras ECC500 (open to internal users).
Custom NTP server for general settings of devices (open to internal users).
EnGenius Cloud User Capacity: Increased the user limit from 10K to 20K, enabling customers to deploy larger network environments.
Camera Security: For security reasons, all footage will be deleted after a camera is deregistered.
Wi-Fi Optimization: Improved internal configuration handling to make Optimize Wi-Fi reload after AP settings are changed, making wireless clients reinitial the connection more quickly
Emergency Wi-Fi Support: Added support for Emergency Wi-Fi SSID with configurable SSID name, providing the flexibility for network service providers applying 00000JAPAN project in Japan.
Resolved an issue where the Gateway Captive Portal did not work on the EnGenius Japan server ().
Setting – Added detail information for AP setting for ECW510. When configured network-wide as 160 MHz, ECW510 will automatically downgrade to 80 MHz.
Google LDAP (SSID) – Enhance log readability when expired certificates uploaded
Dashboard (Clients section) – Fixed incorrect tooltips displayed when mouse over dashboard client chart.
Inventory & License (Replace flow) – Fixed issue where replacement failed if the replacing device was on a later pagination index.
AP Device Setting (ECW520) – Resolved issue where the ECW520 could not override network-wide configuration.
Inaccurate warning from camera:
Some event logs may show unexpected warnings or list SD-Alert conditions as event names.
Workaround:
Ignore those warning that NOT defined in your SD-Alert function.
Actual alert triggers and system behavior are not affected.
Support display 3rd party cameras managed by NVS on Video Wall function. Making it easier to integrate EnGenius new ai surveillance solutions with user existing systems.
Improve the Wi-Fi reload process to enable faster connection recovery when SSID settings are changed.
Add GeoIP detection results to the AP details page, providing a reference for network country configuration to ensure local regulatory domain compliance.
Providing more details in AI surveillance logs, making it easier to understand how AI token are consumed.
Refined the packet capture function descriptions to help users better understand the maximum limitations across different products.
Fixed an issue where the system rejected PoE port power limit configurations greater than 31W when set through the RESTful API.
Fixed an issue where the filter function did not work properly when applying the Email or Description filter on the Cloud User page.
Fixed issue with default “Natural” splash page template not applying in some cases.
Fixed the Casting on LAN options cannot be found in ECW115/215 settings.
Expand Gateway options in the Client Access Control List to enhance network security for clients connected through third-party devices or directly to the Gateway.
Support for HT160/240 options in floor plan AP Radio configurations making WiFi heatmap more accurate.
Support Unlimited AI License for cameras, simplifying AI usage planning by removing token calculation and forecasting complexity.
Increase bypass firmware upgrade option when device was assigned a new network, making device plug & play possible.
Renamed Azure AD to Microsoft Entra ID for consistency with Microsoft’s naming.
Fixed the issue where Tx power configuration was incorrectly applied to APs with DFS (JP).
Fixed the issue where only the first 20 cameras were displayed when adding a camera to the video wall list.
Client Access Control List behavior is inconsistent between APs and Gateways. On Gateway, VIP List has higher priority than Allow List. However, this behavior is the opposite on AP clients.
Workaround: To permit VIP clients under this strict client control scenario, please temporarily replicate their entries into the allow list. We will align and refine this behavior in future cloud updates.
Support LAN port disable settings for all wall-plate and in-wall APs, giving MSPs more flexibility when wired service is not required in MDU environments.
Supports 240MHz bandwidth on 5GHz for Wi-Fi 7 devices, providing higher throughput advanced WiFi clients (USA only).
Enlarge the maximum Scene Details description from 1,000 characters to 2,000 to improve the accuracy of image AI.
Extend maximum SD-Alert quantuty to 20 to cover more user defined contextual actions in different user scenarios.
Increase Cloud AI filter in Camera list, making it easier to find out which Cameras are running Cloud AI.
Add QR code for WPA3 Personal authentication function, making WiFi WPA3 deployment easier and more user friendly.
Change the Camera AI Search default range to Last 7 Days to improve response time. Users can extend the range to search older footage.
Fix the issue where 320 MHz configurations and status are displayed on APs that do not support 320 MHz when mixed with supporting APs in the same network.
Fixed an issue where the Series information of Cloud Lite devices incorrectly changed to Cloud when opening the device details page in device list.
Fixed an issue where pre-configured LAN port settings on ECW215 were not correctly applied during the device’s first check-in.
Fixed an issue where pagination did not function correctly on the Cloud Team Member page.
Fixed an issue where the advanced DCS settings could not be configured in networks located in countries that support 6GHz radio.
Fixed an issue where switching between different orgs or networks multiple times on the Team Member page sometimes caused all team members to display as having view-only authority, even if some had admin authority.
Fixed the wrong image displayed in ECW220v3 details page.
If there aren't enough AI tokens for the latest image analysis, the token pool will enter a "borrowed token" state and stop accepting new analysis requests. When new tokens are added, the system will deduct the deficit.
Add missing Packet Capture functon in the ECW520 Diag Tool.
Add Gateway v6plus/Xpass (Japan’s VNE) with IPv6 IPIP tunneling for optimized connectivity
Gateway supports CloudBrink to enable Zero Trust Network Access (ZTNA) for enhanced secure remote connectivity
Gateway WAN1 supports MAP-E and DS-Lite, enabling IPv6 access in ISP networks using IPv4-based tunneling.
Added IPv6 Ping/Traceroute on Gateway WAN1 for improved troubleshooting capabilities
Optimized first-time MOT (Motion Object Tracking) data request for cameras to improve efficiency.
Enhanced Camera API to support creating video share links, retrieving people/vehicle activity, and listing cameras, enabling easier integration, smarter monitoring, and streamlined device management.
Added support for “00000Japan” SSID (Japan’s national emergency Wi-Fi network), enabling open Wi-Fi access during disasters to ensure public connectivity and emergency communication.
AP supports Casting on LAN, allowing Wi-Fi clients to cast to LAN-connected devices even in Layer 2 isolated networks.
AP supports SSID Suffix, automatically appends unique suffixes to a central SSID across APs, simplifying setup and VLAN assignment in hospitality and MDU networks.
AP SmartCast has moved from Pro License to Basic License
Fixed the issue by enforcing that 320 MHz can only be enabled when 802.11be is active, ensuring proper WiFi standard compliance
Displays the actual current channel and radio performance instead of the configured values on the AP details status page to make troubleshoot easier.
Fixed an issue where entering numbers in the identity filter caused incorrect results in the wireless client list.
Channel specification updates based on regulatory changes in different countries
Australia: Added Channel 144
New Zealand: Added Channel 144
Canada: Removed Channels 120 / 124 / 128 and 5GHz EHT240Hz support
Vietnam: Added support for the 6GHz band
USA: Added support for 5GHz EHT 240 MHz
Japan: Added support for 6GHz EHT 320 MHz
Indonesia: To comply with new regulations in Indonesia, the output power for Band 4 has been updated from EIRP 23 dBm to EIRP 36 dBm.
The Basic Feature Plan supports up to 20 admin accounts , increased from the previous limit of 10.
Support Switch-Lite series.
Enhanced the device summary function on the MSP portal to simplify multi-tenant management for managed service providers.
Added VLAN information to the wireless client list and the search bar in the MyPSK user list to simplify troubleshooting in MyPSK environments.
Added online/offline sorting functionality to the device list, allowing quick identification of problematic devices for further action.
Support original/corp/stretch display camera modes for 4:3 video source.
Added safe configuration and rollback functionality for the ECC series to prevent management loss caused by improper configurations.
Added support for minimum dwell time and maximum alert latency settings in the camera Cloud AI feature, allowing users to optimize AI token consumption for different scenarios.
Supports Software-Defined Alerts (SD-Alert) for contextual AI surveillance events. Users are passively notified of critical events and can quickly access the associated video footage without the need for routine checks.
Added more options for video AI search, making it easier to locate target video footage.
Fixed an issue where the network topology was not displayed correctly in the report.
Fixed allowlist/ blocklist entry limit issue (over 100) in Client Access Control for Basic plan.
Remove the incorrect placeholder indicating FQDN support in the L3 outbound firewall function under SSID settings, as FQDN is not actually supported.
Fix the issue where the exported topology image becomes blurry when managing a large number of devices.
Fix the missing toggles for enabling/disabling Camera AI and Cloud AI on the camera details settings page.
Support 4:3 video display option for liveview and videowall, allowing user to keep correct aspect ration. Device Firmware Requirement: ECC: v1.1.20 or above
Support for the Layer 3 outbound firewall settings per SSID. Gives admins more control over wireless traffic to enhance network security. Device Firmware Requirement: ECW: v1.x.95 or above
Add a "Cloud AI" indicator in the camera list to make it easier to check whether the video AI feature is enabled for each camera.
Provide 120 minutes of free viewing time per month for cameras with only a basic license, and enhance the viewing counter to show users the remaining time.
Fix where disabling Telnet via the local UI, it will be re-enabled by Cloud a few minutes later.
Support disconnect & logout AP clients in RESTful API, make it easier to integrate with 3rd party IdP/authentication service provider for Change of Authentication (CoA) requirements. Device Firmware Requirement: ECW: v1.x.91 or above ECW-Lite: v1.x.10 or above
Fix the floorplan disappear issue when viewing floorplan and change network view to HV view in Org tree.
Support gateway device /firewall/traffic log record to syslog server. Configure > General settings > EnableDevice/Firewall/Traffic log on gateway
Support realtime firewall log download for identifying problems and confirming that the rules are working as expected. This requires gateway firmware 1.2.70 or later versions.Configure > Firewall > Enable syslog on outbound/port forwarding/1:1NAT firewall rules > Click Apply > Click Real-time logs
Support IP-Mac-port-binding to verify the correctness of network packets from authorized clients and forbid those packets that has been changed by hackers. Configure > Client Access Control > IP-MAC-Port Binding, adding a switchs/ports that you'd like to do IMPB to Protected Switch Port list, and then add client to IMPB Client List to bind it to cooresponding port.
Support LLDP on gateways. Configure > General Settings > Enable/Disable LLDP
Support BaseDN option in Google LDAP allows the server to know where to start searching for data and ensures that the search results include only the data within that specified range. CONFIGURE > Access Point > SSID > WPA2 / WPA3 enterprise / Captive portal > Google LDAP
Support SAML for using Azure AD and Microsoft Authticator for 2FA on Captive portal to enhancing your network security and user authentication process. CONFIGURE > AP > SSID > Captive Portal > Azure AD > Select SAML > Upload the IdP Metadata File which provided by external Idp server.
Support Fast handover to configure RSSI threshold on each band for a client to stay connected to the AP. This ensures that clients maintain stable and optimized connectivity. It required AP firware v1.x.82 or later CONFIGURE > Access Point > Radio Settings and adjust the Fast Handover settings. MANAGE > Access Point > AP List, select a specific AP, navigate to the Summary page, and access the FastHandover for that device.
Support to a "Reset" action to restart the AutoReboot mechanism when the outlet has reached the maximum number of AutoReboot attempts MANAGE > PDU > PDU List > Click Specific PDU > Detail > Timeout settings > click the reset on specific outlet.
Support DFS channel settings for both indoor and outdoor APs at the network-wide and individual device. Configure > Radio Settings > AutoChannels > Select / deselect DFS Channel. Configure > AP Detail > Radios / Select DFS Channels on 5G
Layer 7 policy-based route is supported, so you can set the rules to direct specific applications to different WAN interfaces without specifying IP addresses or port ranges. Configure > Gateway > Interface > Policy Route > Layer 7 > Add the rules
Layer 7 firewall rules are supported, so you can block specific applications without specifying IP addresses or port ranges. Configure > Gateway > Firewall > Outbound Rules > Lay 7 > Set the rules
Disable RTS /CTS is supported Configure > Access Points > Radio > Enable/Disable RTS/CTS on outdoor APS
Network template is supported , so you can easily copy the current network configuration as the template and then apply to multiple networks in the same organization at the same time. Organization > Backup & Restore > Configuration template > Add the network template > Click Apply then select the networks to be applied the network template configuration.
Firmware freeze is supported . Configure > Firmware > Enable freeze firmware version > select the Beta/Stable version firmware to be frozen then click apply
Enable / Disable Https only and access control on local web pages Configure > General settings> Network > Enable/Disable Https only and enable disable Local web pages.
AVXpress offers an end-to-end Quality of Service (QoS) solution specifically designed for crucial audio/video (AV) applications, including video conferencing, multi-media streaming, and gaming. It enables users to prioritize traffic based on its importance. Configure > SSID > Application control > Adjust the priority on audio/video (AV) applications
RadSec support for the RADIUS server allows you to exchange RADIUS authentication, authorization, and accounting messages through a secure TLS tunnel between the RADIUS server and the AP. It requires AP firmware version 1.x.81 or higher and the addition of a RadSec certificate for functionality. Organization> Security > Certificates> Upload the certificate you get from the RADIUS server > Then go to Configure > AP > SSID > Wireless > WPA2/3 Enterprise/Captive portal > Custom RADIUS> Enable the RadSec on RADIUS Server.
Beta version of the new dashboard has been released, so you can check the PDU device numbers, and power status, which include the PDU outlet and Switch PoE status. Dashboard > click the view beta version on the top right corner > New dashboard is displayed with PDU devices numbers , Power status and clients.
Hotspot 2.0 is a standard for Wi-Fi roaming between Wi-Fi and cellular networks with automatic authentication. It required AP firmware 1.x.75 or above. Configure >SSID > Hotspot2.0 > Enable Hotspot 2.0 .
Support Policy Route, you can route traffic over preferred network paths, prioritize certain types of traffic, or balance traffic across multiple links for load balancing and optimization purposes. Configure > Gateway > Interface > Policy Route > Add Policy Rule
Support PDU templates, so you can configure whole network PDUs at once with each PDU model template. Configure > PDU > Template
When the outlet auto-reboots and the powered device is not powered successfully , we will notify users by default.
Auto Channel now allows you to pick the desired channel on Radio settings Configure > Radio > select auto > click Change ch. > pick the channel.
Support allowlist on Client Access Control. Configure > Client Access Control > Enter the mac address on allowlist.
Add MLO (Multi-Link Operation) options on each SSID. This allows Wi-fi 7 clients to create multiple links with different bands and transmit data concurrently. required AP firmware V1.x.70 or above on Wi-Fi 7 models. Configure > SSID > Wireless> Enable MLO.
Add DDNS for gateway passthrough mode. Configure > Gateway > Interfaces > select passthrough mode > Choose DDNS providers you want and configure it.
Wired Client will display the clients that are directly connected to the downlink port on switches. ECS1xxx/2xxx requires switch firmware v1.2.85 or above. ECS5xxx requires switch firmware v2.2.15 or above.Manage > Client > Wired Client
SSID on LAN is supported on ECW115 and ECW215AP on LAN3 . Configure > General settings > AP > select the SSID you want to bind on LAN3
Gateway detail page support Log page. Manage > Gateway > Detail > Logs.
PDU & EXT supports photo as other product's detail page.
The Network can be dragged and dropped to different HV in the same Organization. Click the menu icon on the left-top corner > drag the network and then move to different HV in the same organization.
PD lifeguard and Autocam lifeguard are supported. PD lifeguard is a function that will automatically reboot PD devices when the PoE switch found it was not responding. Auto cam lifeguard is one of the options in PDLG auto mode. By enabling ACLG, the switch also considers Onvif discovery results to verify if the connected PD is a surveillance device or not. if yes, apply the ACLG reboot profile to the corresponding port automatically.Manage > Switch > Details > PoE > PD lifeguard > Select Ports to enable PD lifeguard > Select Auto Mode > enable Autocam lifeguard.
Port Isolation Enhancement is supported, so you can configure the forward ports which can be separated into different groups where traffic between different group are blocked. Manage > Switch > Details > Ports > Select Ports to enable Isolation and set forward ports.
MSP change log is supported. Click MSP icon > Teams > Change log
Topology view now can display PDU and Switch Extender. Manage > Topology > you can see the PDU/ Switch Extender icon displayed if you have the devices.
MSP Single Sign-On (SSO) is now supported.
BCMC is activated by default and available under the basic plan. Configure > SSID > Add SSID > Advanced settings> BCMC is enabled by default and no Pro license required
802.11r now can be enabled when select WPA3 Personal (SAE) or WPA3-Personal/WPA2-PSK mixed.
Gateway WWAN offers a statistical chart Manage > Gateway Detail > Summary > WWAN statistics is displayed on Throughput/ Latency/Packet Loss.
VLAN Trunking is available for both Switch and Switch Extender Manage > Switch/Switch EXT details> Ports> Select the port you want to enable VLAN Trunking and Apply.
The outlet schedule is able to set three enabled periods in one day on PDU firmware v1.0.5 or above. Manage > PDU > detail > Schedule > edit the outlet schedule > select time slider to be 3
The outlet autoreboot is supported. Manage > PDU > detail > AutoReboot > Enable the AutoReboot on outlets and configure the hosts that you want to ping
SNMP v1/v2 is supported on PDU firmware v1.0.5 or above. Configure > General settings > SNMP > change SNMP state to V1/V2c and set the community
Switch Extender-related settings are now available to configure if your inventory has the extender registered in your organization.
Gateway EnGenius DDNS is supported when you update the ESG firmware to v1.1.36 on ESG510 or 1.2.36 on ESG610/620. Configure > Interface > WAN > DDNS > select the DDNS provider to EnGenius DDNS > hostname is displayed and able to edited.
Gateway PoE reset is supported Hover on port on the Gateway Panel on detail page > Reset PoE
PDU-related settings are now available to configure if your inventory has the PDU registered in your organization.
MSP features include creating MSP teams, Inventory device management across Organizations, and cloning organizations.
Support Failover Preference for adjusting the preferred secondary WAN interface.
Support Per client application analysis Manage > Client > click the client name > Application Analysis
Support bandwidth limit on Gateway LAN Interface. Configure > Gateway > Interface > LAN > adjust the download / Upload limit on Bandwidth limit tab.
Multiple Bridge is supported on the gateway, This allows you to create Multiple untagged subnet environments. Manage > Gateway > Interfaces > LAN > Change to Multiple bridge mode> Create other interfaces and set the interface type to Bridge
Export “Outbound firewall rules” and “Port Forwarding rules” in CSV format. Configure > Gateway > Firewall > Outbound Rules/Port forwarding > Click on the Export button
Multi-language is supported. Click on the account located in the upper-right corner of the GUI > Languages > select the language (Chinese, Japan, Indonesia, German, Italy, or Netherlands)
Containment could prevent clients to connect to rogue APs listed in the Rogue lists. Manage > AirGuard > Contain all rogue devices. This is available on AP 1.x.55 on "S" models.
Contain selected APs only Manage >AirGuard > Rogue SSIDs > Expand the Rogue SSID to see all rogue AP’s detected > Choose the ones to be contained. This is available on AP 1.x.55 on "S" models.
Mail notification option for firmware upgrades is supported. If enabled, users will receive email notifications if there will be firmware upgrade happened. Configure > Alert > enable notification of firmware upgrade
Support the option to disable NAT traversal in Site-To-Site VPN. Configure > Gateway > Site to Site VPN > Disable the NAT traversal
Site-To-Site VPN can be enabled under WAN passthrough mode.
Support the option to apply outbound firewall rules to all ESGs under the same Org. Configure > Gateway > Firewall > Click the " Apply to all ESG in the org > Click Apply
Support real-time VPN status under the Gateway Pro feature plan. Manage > VPN Status > VPN nodes > EnGenius Peers or Non-EnGenius Peers > Last Update : Realtime
Azure AD supportedConfigure > SSID > Click on one SSID > Captive Portal > Authentication Type > Azure AD
Configure > SSID > Click on one SSID > Wireless > WPA2/3 Enterprise > Azure AD
PoE Extended mode is supported Manage < Switches > Details > Ports > select the Ports > click Configure > find the speed/duplex settings > select Extended.
Support Import/Export VLAN with JSON file, so you can import VLAN settings at a time.Manage> Switches > Detail > VLAN > export the JSON file > adjust the VLAN settings> import the JSON file. Configure> Switches > Template > click one of the template > VLAN > export the JSON file > adjust the VLAN settings> import the JSON file.
Wi-Fi calling service allows cellular users to make or receive calls using a Wi-Fi network instead of using the cellular network of the carrier, This is available on AP 1.X.50 or later version. Configure > General Settings > AP > Enable WiFi calling.
We provide Base DN allows you to specify the LDAP domain and type the LDAP login attribute to use for authentication. Configure > SSID > Click on one SSID > Captive portal > My LDAP Server > Specify the baseDN (format: dc=example,dc=com) and the login attrubute.
We provide “Fail-over” when 1st Radius is not reachable, 2nd or 3rd Radius will be used. However, some conditions might need to have “Load balance” on the Radius servers due to a very large client list to do authentication. SSID > Captive Portal > Custom Radius > 3 Radius servers allowed > enable Radius Load balance
SmartCast SSID allows users to stream their subscribed media to the TV through Chromecast in their room. This feature requires AP firmware V1.x.37 for ac models and v1.x.45 for ax models Configure > SSID > Create a SmartCast SSID and enable mDNS forwarding for all other SSIDs >add Chromecast to the lists > Download the QR code of the Chromecast and then install it on the corresponding Chromecast device > Scan QR-code
Support RADIUS VLAN override SSID > WPA2/3 enterprise > VLAN by RADIUS
Support Hidden SSID detection Manage > AirGuard > Rogure SSID
Support Packet Capture with Switch firmware 1.2.61 or above. Manage > Switches > Detail > click Diag icon > Packet Capture Manage > Switches > Diag > Packet Capture
Allow users to reset the authenticator’s certificate to default on Google LDAP. SSID > WPA2/3 enterprise > Google LDAP SSID > Captive Portal > Authentication Type > Google LDAP
Support Advanced DCS settings. So you can schedule DCS by start time or time interval. Configure > Radio settings > DCS > Advanced settings
Diag tool is supported on switch firmware 1.2.60 or above. So you can use it to troubleshoot errors. Manage > Switches > Diag
Manage > Switches > Detail> click Diag icon
6G is supported by the country.
Configure > SSID > Click one SSID > Wireless > Enable 6G.
Configure > Radio Settings > Enable 6G
DuraFon Roam management page is supported. Click the phone icon on the left panel.
Diag tool is supported on AP firmware 1.x.35 or above. So you can use it to troubleshoot errors.
Manage > Access Ponts > Diag
Manage > Access Ponts > Detail>click Diag icon
Clear all logs on Organization is supported. Notification > click clear icon near the Organization
Per device licensing added. We provide 1 year of free PRO licensing, so you can use PRO features. After 1 year, if you want to use the PRO feature, each device needs to assign a license.
Organization > Inventory & Licensing
Dynamic Channel Selection supported. This will automatically change channels to avoid interference Configure > Radio settings > DCS > Enable DCS
Exclude DFS supported. This allows you to exclude DFS channels from Auto Channel on 5G Configure > Radio settings > Exclude DFS > Enable Exclude DCS
New Firmware Trial Zone Supported.
Users can pick devices into New Firmware Trial Zone, so you can try the new Firmware on partial network devices and prevent the whole Network from going wrong.
Configure > Firware Upgrade > New Firmware Trial Zone > Add devices into Trial Zone
AD/ LDAP supported (only 1 SSID can be enabled in a network)
Configure > SSID > Click on one SSID > Captive Portal > Authentication Type > My LDAP Server or Active directory
Configure > SSID > Click on one SSID > Wireless > WPA2 Enterprise > Security > My LDAP Server or Active directory
Support Bandwidth limit by RADIUS and RADIUS MAC Auth
Configure > SSID > Click on one SSID > Captive portal > Custom RADIUS
Support Virtual AP on floor plans. This allows users to plan the Wi-Fi environment even if physical AP hasn't been registered. Once users have physical APs in the network, users can drag the physical AP to Virtual AP ( model needs to be the same) then physical AP could use the Virtual AP configuration. Manage > Map & Floor Plans > click Virtual AP icon on the tool bar > add the virtual AP then drag on the floor plan > adjust the Virtual AP configuration
Support to use polyline to draw an obstacle. Manage > Map & Floor Plans > Obstacle
Support Google LDAP. If users have used Google Suite, then the users are able to choose google LDAP as their service. If users import Google Certificates from the EnGenius cloud then users can return to the Google Suite to manage the LDAP service. SSID > WPA2/3 enterprise > Google LDAP SSID > Captive Portal > Authentication Type > Google LDAP
Support System IP Range. Let users be aware of the EnGenius reserved IP range to prevent them from using it in their local LAN. and be able to change the System reserved range if they cannot change their local LAN IP address range. Configure > General settings > AP
Support RADIUS CoA (Change of Authorization). This allows a RADIUS server to change the access authorization of an active client session. Configure > SSID > click on one SSID > Captive Portal > Custom Radius > CoA
Support switch template. This helps users to apply the same port configuration to all switches with the same models in the Network to save the time of configuration. Configure > Switch settings > Template
Support WIFI usage in Client Timeline.
Manage > Clients > then click on one client.
Support exporting client list to CSV. Manage > Clients > Export > CSV
Support SNMP in Configure > General settings > Network
Support network configuration backup/restore. Organization > Backup & Restore > Add a Network Backup with device backup
Support Report Generation. Report > Task > New Task
Support Facebook WiFi Configure > SSID > click on one SSID > Captive Portal > Facebook Wi-Fi
Support WPA2-MyPSK Auth with External RADIUS SSID > WPA2-PSK> WP2-MyPSK > Auth with external RADIUS
On Manage > Switch> Detail page, add a LED Blinking button to trigger an AP to blink its LED for 10 seconds. This could help users quickly identify the AP.
Support multicast and unicast General Settings > AP > Advanced Settings.
Support Switch POE Scheduling Manage > Switches > Detail > PoE Sched.
Support WPA2-MyPSK. SSID > WPA2-PSK> WP2-MyPSK
Support BCMC Suppression. SSID > Wireless > Advanced Settings
Support Org License so you are able to try the Pro feature easily. Organization > Inventory & License > Click on Switch to Professional
Support mesh topology and show third-party devices. Manage > Topology
Support NAS ID in custom RADIUS settings. SSID > click one SSID > Captive Portal > Custom RADIUS
Support VIP in ACL Settings. Configure > Access Control > VIP > Add VIP
Support the option to enable/disable switch local GUI in individual settings.
Go to Switch detail page > System Settings > Local GUI (enable / disable)
By default: Disabled, to prevent confusion on the settings from Cloud and Local GUI.
If the user wants to set some advanced settings which Cloud doesn’t support yet, then the user can enable the Local GUI
Support both "Per Client" bandwidth limit and "Per SSID" bandwidth limit
SSID > Bandwidth Limit > Enable "Per Client" and or "Per SSID" bandwidth limit > Upload / Download limit
For Covid-19 infection control, Exposure Analysis, an extension of the Client Timeline, helps the Company to be able to identify who had been exposed to the infected in past days. Manage > Clients > click on one client to go to Client Timeline > Exposure Analysis (Exposure Analysis is by default disabled, go to below to enable: Organization > Privacy > Enable Exposure Analysis
Bulk voucher list can be exported to .csv file Go to Voucher portal > user credential > auto generation > generate guest pass * N > create bulk voucher > Export to csv
TFA (Two Factor Authentication) is enabled for Cloud users
Enable TFA of your own: User profile > Two Factor Authentication > install Google Authentication on mobile phone > enter TFA (or 2FA) code on Google Authentication APP > Activate
or to enforce TFA (2FA) for all users in Organization Organization > Security > Enable 2FA Enforcement
Client's name can be renamed
Block function enables admin to block clients from access the networks, and the blocked-user will get blocked message. Manage > Clients > choose the clients to be blocked > Access Control > Block on SSID / Blocked on Network-wide
Add DNS setting under NAT mode, so user can add, say, content filtering service to filter content access of NAT clients. Manage > SSID > choose one SSID > Network > Client IP mode > NAT mode enabled > DNS settings
Splash page editor is enhanced to "WYSWYG" style for user to define their own Logo and theme. Configure > SSID > click on one SSID > Splash Page > Local Splash Page
Global credential setting is now available to assign single credential to all AP and Switch in the Network for local access. Configure > General Settings > Network > Local Credential
"Mirror" and "Link Aggregation" function is enabled in Switch Manage > Switches > click on one Switch >under Switch Device Local Page > Mirror / Link Aggregation
Client Timeline is available to track how client access to the network for easy-to-debug Manage > Clients > then click on one client
Dark mode supported
User can block clients in Client List.
Support ACL Block List in SSID > Access Control
Support WYSIWYG Splash Page editor.
Add a “Clone From” button in SSID Setting page to speed up SSID manipulation by coping settings from other SSID.
TX Power tuning options now start from 1 to 10 dBm.
Support network-wide LED setting in General Settings > AP.
Support LAN Port settings in General Settings > AP for wall-mounted Access Points.
For 3rd party presence analytics or location-aware services, EnGenius Cloud now supports Presence Reporting settings inGeneral Settings > AP for integration in advance.
Syslog Server settings have been moved to General Settings under AP and Switch Tab.
Support Traffic Log to have AP sending more traffic info to syslog server. The feature is available in advanced settings of General Settings > AP.
In Firmware Upgrade page, clicking “Upgrade Now” button now also displays a summary of upgraded device number.
User can see logs of a Switch in Switch List > Detail > Logs.
Topology now automatically displays the port numbers when mouse is hovering the device icon.
Support WPA3.
Support 802.11w.
In AP List > Detail page, add LED Blinking button to trigger an AP to blink its LED for 10 seconds. This could help user to quickly identify the AP.
User now can create and print vouchers in batch.
Client List now shows more details about client IP address and vendor info.
New EMail Alert format. Instead of sending all details in one mail, mail body now mainly contains the summary of managed networks. User can follow the link in the mail to browse details in advance.
Add "Global Settings" in Toolbar menu to support more network-wide configurations.
In "Global Settings", user can configure network-wide "Local Credential" to make all managed APs with the same username and password for local access.
Support the option to turn on/off LEDs of all managed APs in Global Settings > AP.
Add "VLAN Settings" in Toolbar menu to let user centrally manage all VLANs defined or used in the Network. If there is any VLAN binding with SSID or Voice VLAN defined in switch, all these VLANs would listed in the VLAN Settings page.
In Switch List > Detail > Summary, user can view all VLANs applied on dedicated switch (including VoiceVLAN).
Support network-wide Switch Settings for spanning tree, LLDP, voice VLAN, QoS, IGMP snooping, and jumbo frames.
Support network-wide VLAN Settings. You can have an overview of the VLANs used in your network including SSIDs or Voice VLANs.
In the switch detail page, you can manually configure IP Address settings of the switch. Note that the settings only work for the firmware version after 1.1.16.
In the switch detail page, VLAN can be directly manipulated here. Any newly created VLAN will be also shown in the network-wide VLAN Settings.
Client List now supports sophisticated search options.
New Sign-In, Sign-Up pages is online.
Have a dedicated button on the toolbar to manage team members intuitively.
Add a Help icon button at top right corner of menu bar. User can access user manual and get support ticket over there.
Support Delete My Account in the user setting menu.
User can rename Skykey on the management page.
Network-wide Radio Settings now support Indoor and Outdoor profiles.
Support an option "Disable 11ax in 2.4G" in the Radio Setting. Some legacy wireless clients are not compatible with 11ax. Enabling this option makes the 11ax APs like ECW220 or ECW230 can still serve legacy client well in 2.4G channel.
Users can upload and display photos in AP Detail page of Web GUI now.
Improve DHCP server detection when L2 isolation is enabled, ensuring reliable IP assignment for wireless clients.
Support for EnGenius Private Cloud (EPC)
Fix the issue that AP sometimes goes offline even when the network is functioning normally.
Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.
Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.
mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.
Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.
Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.
Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).
Fixed vulnerability issue (CVE-2022-38546).
Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:
(a) WPA3 Personal (SAE)
(b) WPA3-Personal/WPA2-PSK mixed
(c) WPA3 Enterprise with suite-b disabled
This f/w version is for the first release.
Fixed the issue where port 53 was opened on the WAN side when the Captive Portal or L7 rule was enabled
Added support for Gateway v6plus/Xpass (Japan’s VNE) with IPv6 IPIP tunneling for optimized connectivity.
Improved the rollback function event log title to make it more descriptive.
Fixed an issue where packet capture from WWAN failed or produced duplicate packets.
Fixed an issue where incorrect WAN information was displayed on the Detail page when VLAN is enabled in the WAN settings.
Support CloudBrink service to offer ZTNA (Zero Trust Network Access) solution
Adds MAP-E and DS-Lite support to enable IPv6 access in ISP networks using IPv4-based tunneling
Adds IPv6 Ping/ Traceroute support on WAN1 interface for troubleshooting purposes
Optimize the performance of the Diag Tool: CPU Usage
Allows Ping operations in Diag Tool to follow the active primary WAN interface instead of a fixed WAN1 interface.
Enhanced WAN logs to clearly record status: active, inactive, and unstable
Fixed the issue where Client VPN did not follow the default routing rule when Default Route to Remote Hub was enabled in auto S2S VPN configuration
Fixed the issue to reduce duplicated log entries when the WAN connection is unstable.
Fixed incorrect rule policy order between 1:1 NAT and Port Forwarding
Fixed the issue where only one SIP client can connect to SIP server if SIP client ‘s source port was not TCP/UDP 5060
Fixed Symmetric NAT type detection failed.
Fixed incorrect WAN2 IP address displayed after updating policy route rules
Fixed fail to establish 3rd party S2S VPN connection with IKEv1 when Primary WAN public IP changed.
Fixed an issue where full tunnel was restricted to Auto VPN mode. It now supports operation without Auto NAT Traversal enabled.
Support Static Route over VPN: Enables traffic control by manually defining routes over a VPN tunnel, optimizing network efficiency.
Support Default Route to Remote Hub: allows routing all traffic through the remote hub for enhanced security and centralized traffic management
Support to save device’s log to syslog server for centralized log management
Support real-time log download to easy troubleshooting
Changes ESG510/ESG610/ESG620 Ethernet LED definition to “Green is high speed; amber is lower speed”
Add warning message for WAN/LAN IP conflicts to alert users of potential network issues
Enhanced L7 firewall detection to improve accuracy in identifying Layer 7 packets
Fixed issue where only one L2TP connection from a LAN site could be established to an L2TP VPN server at the WAN site
Fixed issue where clients failed to obtain an IP address when switching WAN2 and LAN via the Local Status Page (LSP) while the internet was unreachable.
Fix the WAN disconnect issue when connecting to Verizon network.
Fixed the issue where Captive Portal's click-through authentication failed when many users were logging in
Fixing the NTP Mode 6 Scanner enhances system security and reduces potential attack risks.
Fixed the issue where ICMP Timestamp Request Disclosure exposed system time
Support Layer 7 Policy Based Route, allows administrator to designate which WAN port to be used for different applications.
Support Layer 7 firewall rule to block specific application that may hurt you network.
Support rollback configuration to prevent configuration errror that impact cloud connections.
Increase Layer 3 and Layer 7 firewall event logs, improving traffic visibility and easier for administrator troubleshoot their network.
Direct SecuPoint VPN user traffic using the gateway's PBR settings to ensure that all user traffic follows the same rules
Enhanced WAN disconnected log making WAN troubleshoot easier.
Support to disable LLDP for specific environment that do not allow auto discovery protocols. (Cloud does not support yet)
Support mDNS function making ESG easier to be found in local network. (Cloud does not support yet)
Fixed the issue where LAN subnets matching PBR rules could not route to other local subnets.
Fixed the issue that SecuPoint remote client can't access ESG’s local LAN if Passthrough mode and Split tunnel are enabled.
Enhanced firewall logs to output as a text file in real-time. (Cloud does not support yet)
Auto VPN Hub-and-Spoke supports full tunnel mode. (Cloud does not support yet)
Added support for static routing over VPN. (Cloud does not support yet)
When a rogue DHCP server is detected, an event log notification will be generated.
Added support to export NAT logs to an external syslog server. (Cloud does not support yet)
New dashboard displays WWAN information when WWAN is the primary WAN.
Added a new event log for reaching the maximum number of SecuPoint client seats.
Added a new event log for when the public IP and WAN IP are configured the same in NAT.
Support enable/disable HTTPs-only for local web page access. Allowing users force web UI access encrypted for better security.
Support enable/disable Local Web Page. Allowing users forbid local managements to prevent the confliction with the central cloud management.
Resolved an issue where the DDNS hostname was not displayed in the SecuPoint VPN client when passthrough mode was enabled.
Fixed an issue where the SecuPoint VPN client was non-functional when the primary WAN2 connection type was set to DHCP or a static IP address.
Addressed an issue where an Android phone (SecuPoint VPN client) could not access the internal server when SecuPoint VPN and port forwarding were enabled.
Corrected an issue where the latency monitor was inaccurate when the PBR function was enabled.
Fixed a problem with the Diag tool to prevent response failures.
Resolved an issue where the S2S VPN connection failed when the ESG uplink gateway changed its WAN IP address.
Fixed an issue where the VPN connection failed when the primary WAN was WAN2.
Fixed the issue for Auto Site-to-Site VPN connection sometimes getting disconnected upon WAN function reloaded with the following conditions:
Case 1: WAN IP is being changed (e.g., PPPoE IP changed)
Case 2: Fail-over under dual WAN
Case 3: IP getting changed in front end of Gateway
Fixed the issue for Diag Tool sometimes showing "This device is unavailable".
Fixed the issue for Site to Site VPN and IPsec Client VPN function that do not work properly with BASIC license.
Support Policy Route.
Support Gateway Access Control: VIP List and Block List.
Support Firewall Traffic Log - syslog server.
Support Packet Capture for WAN interfaces.
Adjust the definition and behavior of "System Name" and "Device Name"
Remove System Name setting from LSP.
Revise DHCP client hostname to {ModelName}-{MAC_last_4_digits}.
System Name support multi-language.
Automatically add a GRE port forwarding rule while adding PPTP TCP port: 1723
Revise Subnet Mask format of Static IP in LSP.
Optimize reset button behavior.
Fixed Gateway status issue when it shows online, it doesn't show WAN1/WAN2 IP information in Cloud UI.
Fixed the issue for Auto VPN where it failed if the number of ESG devices is more than 11.
Fixed the issue where the system becomes stuck upon continuously adding two bridge interfaces without assigning any Ethernet ports.
Use System Name as Host name for WAN via DHCP.
Enhance WAN security to close port 53 if Outbound FQDN rules are set.
Fixed the issue for Site-to-Site VPN connection not established after system reloading in some cases.
Fixed the issue for SecuPoint server to let it work in Passthrough Mode or under NAT.
Fixed the issue for ESG620 not able to connect to EnGenius Cloud via WAN2 connection when an unsupported SFP+ module is plugged into WAN1 port.
Support URL filtering and Block page. (Cloud page to be updated)
Support EnGenius and 3rd-party DDNS function in Passthrough Mode. (Cloud page to be updated)
Support Client traffic statistics. (Cloud page to be updated)
This f/w version is for the first release.
Supports importing shared configurations via local UIs. Users can modify a configuration file and distribute it to other devices, greatly simplifying large-scale deployments.
Adds support for MAC-based VLAN to provide more precise client authorization for untagged network devices.
Increased IPv6 host route capacity from 128 to 256 to support larger Layer 3 environments.
Support Static IGMP/MLD Group configuration via local GUI and CLI, ensuring multicast traffic reaches designated clients.
Improve the accuracy of wired client list on EnGenius Cloud.
Support new model ECS2530FP. A 24-port 2.5G PoE switch that providing higher backbone capacity for WiFi 7 networks.
Support dual controller for High Availability (HA) function of EnGenius Private Cloud (EPC). Minimize the downtime of on-premises network management.
Fix device crash issue when there are over 20 clients request DHCP IP through switch DHCP relay function.
Supports IP-MAC-Port Binding for EnGenius Cloud, ensuring strict client management and protecting against ARP spoofing and Man-in-the-Middle attacks..
Supports Rogue DHCP Server Prevention (RDSP) in the local UI, blocking unauthorized DHCP servers or routers from disrupting clients and ensuring proper network access.
Support detailed PoE class setting for PoE ports.
Support RADIUS Change of Authentication (CoA), allow admin force RADIUS clients reauthentication when authentication policy is changed.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Fix IP Source Guard Rules cannot be completed cleared when deleting rules.
Fix the issue where the MAC FDB sometimes fails to update correctly when a client moves from one port to another.
Support Surveillance VLAN in local GUI and CLI to automatically detect surveillance devices and assign them to a predefined VLAN with enhanced QoS, ensuring the security and quality of surveillance traffic.
Enhance PoE detection mechanisms to improve interoperability with legacy PDs that may not fully comply with PoE negotiation standards.
Enhance LLDP-MED and port power limit algorithms to improve interoperability with PDs that do not accurately report power demands with their redistributed PDs.
Support HTTPs-only function (from device side).
Fixed the issue that switch may not sync all configurations with Cloud at the first check-in.
Fixed OSPFv3 Area Setting page display error. (Configure → L3 Protocols → OSPFv3 → Area Settings)
Fixed CPU loading issue upon parsing DHCP traffics for wired client information.
Add CLI command for wired client-list function: wired client list { enable | disable }
Modify DHCP packet's host name (Option 12) to include model name and add 4 MAC address digits (2-bytes).
Change default configurations:
DHCP snooping is disabled by default.
Wired client list is enabled by default.
Add CLI command to support config VLAN range.
Implement CLI commands that can show current config of specified feature.
Add CLI commands to support displaying 5-min port utilization records for past 24 hours.
Add CLI command to support showing different running config.
Modify the LLDP-MED TLV value content when connecting to Senao Extender.
Support manually disable / enable cloud agent by CLI and Local GUI.
Change default config to disable IPv6 default route.
Enhance Cloud agent to support 802.1x+MAB feature.
Change STP default config from MSTP to RSTP.
Integrate ACLG (Auto-CAM life-guard) into the PDLG.
Add ONVIF discovery feature.
Change the jumbo frame size to 12KB.
Support VTP (VLAN trunking port) for 1 ~ 4094 VLAN ID.
Enclose system name for displaying in syslog messages.
Support system name using UTF-8.
Support port isolation and grouping (Please be advised the isolation settings will need re-configuration due to feature update where forward ports can be specified for a chosen port when port isolation is enabled).
Support MDNS and SSDP discovery protocols.
Support LBD function per port setting.
Add Private-VLAN function. (via CLI and local GUI for now)
Support LSP function.
Fine-tune the ping delay time issue.
Fine-tune the abnormal last update time issue for cloud_agent.
Support Gratuitous ARP function.
Support single port binding to trunking member via local GUI.
Add RIP/OSPF feature.
Add RIPng/OSPFv3 feature.
Enclose config update:
IPv4:
Maximum ARP (Host Route) : 2048
Maximum Static Route : 256
Maximum Dynamic + Static Route : 1024
IPv6:
Maximum Neighbor (Host Route) : 1024
Maximum Static Route : 128
Maximum Dynamic + Static Route : 512
Add IPv4 multiple interface configurations for cloud agent.
Add RIP/OSPF configurations for cloud agent.
Add IPv4 routing table for cloud agent.
Add IPv4 static route configurations for cloud agent.
Enhance multiple interface & address for L3-series. (IPv4 address: 4 → 16, IPv6 address: 20 → 32)
Enhance Cloud Agent to support MAF. (MAC address filtering)
Known Issue: in [MLD Snooping][Router Settings], when adding a port into static port list, the port will show as "T", instead of "S".
Known Issue: in [Web][Port Settings], Fiber ports will stop working after setting 1Gbps/Full from web then changing to other speed; this can be recovered by disabling/enabling the port.
Fix abnormal gateway configuration in the DHCP relay environment.
Fix abnormal LLDP TLV format for SFP port.
Fixed the issue of VLAN name synchronization when the VLAN name contains special characters such as parentheses (e.g., '()').
Add BPDU Guard / Root Guard for STP protocol feature.
Add SNMPv3 configurations for cloud agent.
Add MVR feature.
Enclose fix for CVE-related issue (no_dirlist).
Support multiple Regions (including Japan).
Revise system name to be “Model Name” followed by “-“ with last 4 digits of device MAC address (for example, ECS5512-38f8).
Support web proxy server feature in local GUI for cloud agent.
Enhance switch sync mechanism with cloud and cloud check-in time.
Enclose fix to prevent switch hang upon configuring static IPv4 address to switch device.
Modify the action when schedule.db changes for scheduled PoE feature.
Modify the log handling with Cloud about flick reboot.
Fix switch hang issue with IGMP and MLD for IPTV integration.
Fix potential segmentation fault issue for the routing feature.
This version is for the first release.
Fixed the issue where port 53 was opened on the WAN side when the Captive Portal or L7 rule was enabled
Added support for Gateway v6plus/Xpass (Japan’s VNE) with IPv6 IPIP tunneling for optimized connectivity.
Improved the rollback function event log title to make it more descriptive.
Fixed an issue where packet capture from WWAN failed or produced duplicate packets.
Fixed an issue where incorrect WAN information was displayed on the Detail page when VLAN is enabled in the WAN settings.
Support CloudBrink service to offer ZTNA (Zero Trust Network Access) solution
Adds MAP-E and DS-Lite support to enable IPv6 access in ISP networks using IPv4-based tunneling
Adds IPv6 Ping/ Traceroute support on WAN1 interface for troubleshooting purposes
Optimize the performance of the Diag Tool: CPU Usage
Allows Ping operations in Diag Tool to follow the active primary WAN interface instead of a fixed WAN1 interface.
Enhanced WAN logs to clearly record status: active, inactive, and unstable
Fixed the issue where Client VPN did not follow the default routing rule when Default Route to Remote Hub was enabled in auto S2S VPN configuration
Fixed the issue to reduce duplicated log entries when the WAN connection is unstable.
Fixed incorrect rule policy order between 1:1 NAT and Port Forwarding
Fixed the issue where only one SIP client can connect to SIP server if SIP client ‘s source port was not TCP/UDP 5060
Fixed Symmetric NAT type detection failed.
Fixed incorrect WAN2 IP address displayed after updating policy route rules
Fixed fail to establish 3rd party S2S VPN connection with IKEv1 when Primary WAN public IP changed.
Fixed an issue where full tunnel was restricted to Auto VPN mode. It now supports operation without Auto NAT Traversal enabled.
Support Static Route over VPN: Enables traffic control by manually defining routes over a VPN tunnel, optimizing network efficiency.
Support Default Route to Remote Hub: allows routing all traffic through the remote hub for enhanced security and centralized traffic management
Support to save device’s log to syslog server for centralized log management
Support real-time log download to easy troubleshooting
Changes ESG510/ESG610/ESG620 Ethernet LED definition to “Green is high speed; amber is lower speed”
Add warning message for WAN/LAN IP conflicts to alert users of potential network issues
Enhanced L7 firewall detection to improve accuracy in identifying Layer 7 packets
Fixed issue where only one L2TP connection from a LAN site could be established to an L2TP VPN server at the WAN site
Fixed issue where clients failed to obtain an IP address when switching WAN2 and LAN via the Local Status Page (LSP) while the internet was unreachable.
Fix the WAN disconnect issue when connecting to Verizon network.
Fixed the issue where Captive Portal's click-through authentication failed when many users were logging in
Fixing the NTP Mode 6 Scanner enhances system security and reduces potential attack risks.
Fixed the issue where ICMP Timestamp Request Disclosure exposed system time
Support Layer 7 Policy Based Route, allows administrator to designate which WAN port to be used for different applications.
Support Layer 7 firewall rule to block specific application that may hurt you network.
Support rollback configuration to prevent configuration errror that impact cloud connections.
Increase Layer 3 and Layer 7 firewall event logs, improving traffic visibility and easier for administrator troubleshoot their network.
Direct SecuPoint VPN user traffic using the gateway's PBR settings to ensure that all user traffic follows the same rules
Enhanced WAN disconnected log making WAN troubleshoot easier.
Support to disable LLDP for specific environment that do not allow auto discovery protocols. (Cloud does not support yet)
Support mDNS function making ESG easier to be found in local network. (Cloud does not support yet)
Fixed the issue where LAN subnets matching PBR rules could not route to other local subnets.
Fixed the issue that SecuPoint remote client can't access ESG’s local LAN if Passthrough mode and Split tunnel are enabled.
Enhanced firewall logs to output as a text file in real-time. (Cloud does not support yet)
Auto VPN Hub-and-Spoke supports full tunnel mode. (Cloud does not support yet)
Added support for static routing over VPN. (Cloud does not support yet)
When a rogue DHCP server is detected, an event log notification will be generated.
Added support to export NAT logs to an external syslog server. (Cloud does not support yet)
New dashboard displays WWAN information when WWAN is the primary WAN.
Added a new event log for reaching the maximum number of SecuPoint client seats.
Added a new event log for when the public IP and WAN IP are configured the same in NAT.
Support enable/disable HTTPs-only for local web page access. Allowing users force web UI access encrypted for better security.
Support enable/disable Local Web Page. Allowing users forbid local managements to prevent the confliction with the central cloud management.
Resolved an issue where the DDNS hostname was not displayed in the SecuPoint VPN client when passthrough mode was enabled.
Fixed an issue where the SecuPoint VPN client was non-functional when the primary WAN2 connection type was set to DHCP or a static IP address.
Addressed an issue where an Android phone (SecuPoint VPN client) could not access the internal server when SecuPoint VPN and port forwarding were enabled.
Corrected an issue where the latency monitor was inaccurate when the PBR function was enabled.
Fixed a problem with the Diag tool to prevent response failures.
Resolved an issue where the S2S VPN connection failed when the ESG uplink gateway changed its WAN IP address.
Fixed the issue for Auto Site-to-Site VPN connection sometimes getting disconnected upon WAN function reloaded with the following conditions:
Case 1: WAN IP is being changed (e.g., PPPoE IP changed)
Case 2: Fail-over under dual WAN
Case 3: IP getting changed in front end of Gateway
Fixed the issue for Diag Tool sometimes showing "This device is unavailable".
Fixed the issue for Site to Site VPN and IPsec Client VPN function that do not work properly with BASIC license.
Support Policy Route.
Support Gateway Access Control: VIP List and Block List.
Support Firewall Traffic Log - syslog server.
Support Packet Capture for WAN interfaces.
Adjust the definition and behavior of "System Name" and "Device Name"
Remove System Name setting from LSP.
Revise DHCP client hostname to {ModelName}-{MAC_last_4_digits}.
System Name support multi-language.
Automatically add a GRE port forwarding rule while adding PPTP TCP port: 1723
Revise Subnet Mask format of Static IP in LSP.
Optimize reset button behavior.
Fixed Gateway status issue when it shows online, it doesn't show WAN1/WAN2 IP information in Cloud UI.
Fixed the issue for Auto VPN where it failed if the number of ESG devices is more than 11.
Fixed the issue where the system becomes stuck upon continuously adding two bridge interfaces without assigning any Ethernet ports.
Use System Name as Host name for WAN via DHCP.
Enhance WAN security to close port 53 if Outbound FQDN rules are set.
Fixed the issue for Site-to-Site VPN connection not established after system reloading in some cases.
Fixed the issue for SecuPoint server to let it work in Passthrough Mode or under NAT.
Support URL filtering and Block page. (Cloud page to be updated)
Support EnGenius and 3rd-party DDNS function in Passthrough Mode. (Cloud page to be updated)
Support Client traffic statistics. (Cloud page to be updated)
Support Site-to-Site VPN Failover for ESG and Non-EnGenius Gateway.
Support EnGenius DDNS.
Support EnGenius SecuPoint VPN.
Fixed the routing issue upon enabling dual WAN where WAN interfaces have the same WAN gateway.
Note for Enhanced Security: The new firmware version (1.2.37) will remove the support for the less secure 3DES and MD5 options in IPSec Site-to-Site VPN Phase 2 settings, enhancing your data protection.
Add WWAN Failover Preference setting.
Add WWAN information for network statistics, packet loss, latency, and throughput.
Add USB port status for cellular dongle information.
Support PoE Reset function.
Support WAN1, WAN2, and WWAN Speed Test in Diag Tool.
Revise System Name synchronization mechanism: (1) ESG610 will always set "System Name" according to cloud configuration. (2) ESG610 will synchronize "System Name" ONLY ONCE from DUT to Cloud if user manually revises it through LSP.
Revise LSP GUI style.
Fixed the Failover function fail issue when WAN1 or WAN2 has been assigned an IP address but is unable to access the Internet.
Fixed the Failover function when it sometimes fails to resume the primary WAN connection.
Fixed the issue that ESG610 is unable to reconnect to Non-EnGenius peer after Site-to-Site VPN connection is disconnected.
Fixed the issue for incorrect type setting of Local / Remote ID in Non-EnGenius Site-to-Site VPN settings.
Fixed the issue for incorrect DHCP Client ID on the WAN interface where the content of Option 61 should be the MAC address of ESG610 rather than "ESG610".
Fixed the issue for Event Log where it continuously displays firmware upgrade and applied configuration messages while the device is being upgraded.
Fixed the issue for captive portal page not able to redirect to external splash page.
Add a function to override WAN MAC address setting on LSP.
Add a function to support Multi-Bridge function.
Add a function to support Per-Client bandwidth limitation.
Adjust the algorithm of Dual WAN failover function.
Revise Diag Tools for CPU loading stability.
Fixed the connection status issue where Non-EnGenius Peers' connection is connected but status is incorrect.
Fixed incorrect throughput result of WAN speed in Diag Tools.
Remove VPN disconnect message if it is caused by Re-Authentication.
Client VPN function failed in Passthrough mode.
Fail to set up DNS servers in WAN2 when WAN2's DNS server is set up to "Using Google Public DNS" or set up to "8.8.8.8/8.8.4.4" manually.
SIP compatibility issue.
Auto VPN function sometimes doesn't work.
This f/w version is for the first release.
Fixed an issue where PlayStation 4 (PS4) devices occasionally failed to connect properly to the PlayStation Network (PSN) through EnGenius APs.
Resolved an issue where modifying the configuration of one SSID could randomly cause WiFi connection loss.
Fix the issue to prevent abnormal disconnects of MLO Wi-Fi clients when both AP MLO and the Fast Handover feature are enabled.
Optimize ECW536/ECW526 radio power settings to extend thermal operating range to 0–50 °C.
Support operating channel width display on the EnGenius Cloud AP details page, which is targeted to be ready in mid-Sep.
Support 6 GHz support in India for faster speeds, lower latency, and a more reliable wireless experience.
Support automatically detecting the country using GeoIP and displayed on the Local Status Page (LSP).
Channel specification updates based on regulatory changes in different countries
Mexico: Support 6GHz.
Configuration changes may possibly cause Captive Portal to malfunction, leading to the splash page not functioning properly.
Channel specification updates based on regulatory changes in different countries
Australia: Added Channel 144
New Zealand: Added Channel 144
Canada: Removed Channels 120 / 124 / 128 and 5GHz EHT240Hz support
Vietnam: Added support for the 6GHz band
USA: Added support for 5GHz EHT 240 MHz
Japan: Added support for 6GHz EHT 320 MHz
Fixed the Wi-Fi client certificate error issue when accessing the Captive Portal page.
Fixed the Wi-Fi clients disconnect issue when Manage VLAN was enabled and a myPSK was added or modified.
Fixed an issue where disabling an SSID with 802.11w enabled caused disconnections on other SSIDs during myPSK updates.
Added Layer 3 Outbound Firewall so admins can control where wireless client traffic goes or block it to improve network security.
To comply with new regulations in Indonesia, the output power for Band 4 has been updated from EIRP 23 dBm to EIRP 36 dBm.
Optimize Wi-Fi reload after AP settings are changed, making wireless clients reinitial the connection more quickly.
Improve AP performance and throughput when the AVXpress is enabled.
Deauthentication, enabling it to forcibly disconnect wireless clients from the network. Additionally, EnGenius Cloud offers an API for remote management of client Deauthentication.
Disabling mDNS when Local Web Pages are turned off to improved security.
Resolve the issue where the SysName object of the SNMP interface does not synchronize with the device name.
Resolve the issue of abnormal analysis in Frequency Spectrum monitoring.
Resolved the random AP disconnection issue that occurred when encryption features (e.g., MYPSK) were enabled in heavy-traffic environments.
Enlarge the RSSI threshold range for Fast Handover function providing more flexibility for to fine tune the roaming sensitivity special environments.
Resolved the issue where enabling MyPSK function, AP will random drop wireless clients.
Resolved the issue when there are 50 Walled Garden entries were set, part of the entries may not take effect on APs.
Improves the Fast Roaming performance when there are thousands of MyPSK user in the network.
Resolved the issue where selecting too many channels in the 6G Auto Channel list caused the AP to fail to configure.
Fix the issue that AP will trigger error evil twin alarms of AirGuard function.
Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.
Support concurrent tri-band connection for MLO clients.
Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.
Resolve the compatibility issue between the AP and iPhone 16 during MLO operation, which may lead to device crashes. Note. During MLO operation, ONLY dual bands are supported.
Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.
Support EnGenius fast-handover algorithm 2.0
Remove dropbear [email protected] encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.
Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.
Add support for SAMLv2 in Captive portal with Azure-AD
A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.
(a) What is SAMLv2?
SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.
(b) Implications of This Update
Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.
(c) Practical Applications
Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.
In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.
Support HTTPS-Only for local device page
To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.
(a) Importance of HTTPS for Security
HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:
Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.
(b) Implementation and Control
By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.
In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.
Fix the issue that AP sometimes goes offline even when the network is functioning normally.
Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.
Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.
mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.
Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Disable 6GHz radio if selected Wi-Fi encryption is not supported on the 6GHz band.
Support 6GHz all-channel-utilization scan in diag tool.
This f/w version is for the first release.
Supports importing shared configurations via local UIs. Users can modify a configuration file and distribute it to other devices, greatly simplifying large-scale deployments.
Adds support for MAC-based VLAN to provide more precise client authorization for untagged network devices.
Support Static IGMP/MLD Group configuration via local GUI and CLI, ensuring multicast traffic reaches designated clients.
Improve the accuracy of wired client list on EnGenius Cloud.
Support new model ECS2530FP. A 24-port 2.5G PoE switch that providing higher backbone capacity for WiFi 7 networks.
Support dual controller for High Availability (HA) function of EnGenius Private Cloud (EPC). Minimize the downtime of on-premises network management.
Fix device crash issue when there are over 20 clients request DHCP IP through switch DHCP relay function.
Supports IP-MAC-Port Binding for EnGenius Cloud, ensuring strict client management and protecting against ARP spoofing and Man-in-the-Middle attacks..
Supports Rogue DHCP Server Prevention (RDSP) in the local UI, blocking unauthorized DHCP servers or routers from disrupting clients and ensuring proper network access.
Support detailed PoE class setting for PoE ports.
Support RADIUS Change of Authentication (CoA), allow admin force RADIUS clients reauthentication when authentication policy is changed.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Fix IP Source Guard Rules cannot be completed cleared when deleting rules.
Fix the issue where the MAC FDB sometimes fails to update correctly when a client moves from one port to another.
Support Surveillance VLAN in local GUI and CLI to automatically detect surveillance devices and assign them to a predefined VLAN with enhanced QoS, ensuring the security and quality of surveillance traffic.
Enhance PoE detection mechanisms to improve interoperability with legacy PDs that may not fully comply with PoE negotiation standards.
Enhance LLDP-MED and port power limit algorithms to improve interoperability with PDs that do not accurately report power demands with their redistributed PDs.
Support HTTPs-only function (from device side).
Fixed the issue that switch may not sync all configurations with Cloud at the first check-in.
Fixed the issue where IPv6 address in network settings cannot be saved after reboot.
Fixed CPU loading issue upon parsing DHCP traffics for wired client information.
Add CLI command for wired client-list function: wired client list { enable | disable }
Modify DHCP packet's host name (Option 12) to include model name and add 4 MAC address digits (2-bytes).
Change default configurations:
DHCP snooping is disabled by default.
Wired client list is enabled by default.
Add CLI command to support config VLAN range.
Implement CLI commands that can show current config of specified feature.
Add CLI commands to support displaying 5-min port utilization records for past 24 hours.
Add CLI command to support showing different running config.
Modify the LLDP-MED TLV value content when connecting to Senao Extender.
Support manually disable / enable cloud agent by CLI and Local GUI.
Change default config to disable IPv6 default route.
Enhance Cloud agent to support 802.1x+MAB feature.
Support the wired client list feature.
Disable both flow control and 802.1x on ECS switch's default configurations.
Adjust the system-name parameter to read-only on LSP page.
Integrate ACLG (Auto-CAM life-guard) into the PDLG.
Add ONVIF discovery feature.
Change the jumbo frame size to 12KB.
Support VTP (VLAN trunking port) for 1 ~ 4094 VLAN ID.
Enclose system name for displaying in syslog messages.
Support system name using UTF-8.
Support port isolation and grouping (Please be advised the isolation settings will need re-configuration due to feature update where forward ports can be specified for a chosen port when port isolation is enabled).
Support MDNS and SSDP discovery protocols.
Support LBD function per port setting.
Add Private-VLAN function. (via CLI and local GUI for now)
Support LSP function.
Fine-tune the ping delay time issue.
Fine-tune the abnormal last update time issue for cloud_agent.
Support Gratuitous ARP function.
Support single port binding to trunking member via local GUI.
Enhance Cloud Agent to support MAF. (MAC address filtering)
Known Issue: in [MLD Snooping][Router Settings], when adding a port into static port list, the port will show as "T", instead of "S".
Known Issue: in [Web][Port Settings], Fiber ports will stop working after setting 1Gbps/Full from web then changing to other speed; this can be recovered by disabling/enabling the port.
Fix abnormal gateway configuration in the DHCP relay environment.
Fix abnormal LLDP TLV format for SFP port. (e.g., ECS2512FP)
Fixed the issue of VLAN name synchronization when the VLAN name contains special characters such as parentheses (e.g., '()').
Add BPDU Guard / Root Guard for STP protocol feature.
Add SNMPv3 configurations for cloud agent.
Add MVR feature.
Enclose fix for CVE-related issue (no_dirlist).
Support multiple Regions (including Japan).
Revise system name to be “Model Name” followed by “-“ with last 4 digits of device MAC address (for example, ECS5512-38f8).
Support web proxy server feature in local GUI for cloud agent.
Enhance switch sync mechanism with cloud and cloud check-in time.
Enclose fix to prevent switch hang upon configuring static IPv4 address to switch device.
Modify the action when schedule.db changes for scheduled PoE feature.
Modify the log handling with Cloud about flick reboot.
Fix switch hang issue with IGMP and MLD for IPTV integration.
Fix potential segmentation fault issue for the routing feature.
Packet capture supports both Tx/Rx feature.
Fix the issue when an user configured VLAN name with a space character via the cloud, it will not sync to the device.
Add MAC-Authentication-Bypass feature.
Add ONVIF camera discovery feature.
Modified the trunk binding rule to bypass the media type check mechanism, allowing binding with different link speeds.
Update the number of VLAN entries to 2048.
Fix the firmware upgrade issue when the switch current firmware version is from very early version.
Support Packet Capture in Diag Tools on EnGenius Cloud for cloud-managed ECS switch.
Support Diag Tools on EnGenius Cloud for cloud-managed ECS switch.
Apply new GUI design to device's web management pages.
Add DHCP IP auto-renew mechanism when cloud agent cannot check-in to server.
Support optimized IGMP fast leave.
Fine-tune ARP-validation mechanism to accommodate Mesh feature with ECW Cloud AP.
Enhance PD Lifeguard feature with pending expiration.
Add "Version ID" for IGMP feature.
Add supported model for ECS1552FPv2 and ECS1528FPv2
Change Syslog write to flash level from INFO to Critical.
Support VLAN 0 to facilitate forwarding behavior.
Disable SSDP and mDNS features temporarily to avoid memory sizing issues.
For Multi-G series switches, PHY settings are adjusted to keep better ability of Interconnection to support most link-partners.
Adjust header parsing rule for time-zone parameter. (cloud agent)
Adjust the SSDP and mDNS default configuration to disable. (It won't handle SSDP and mDNS packets by default setting.)
Switch PoE scheduling feature will let user configure schedule via Cloud GUI when the device is powered by PoE of the port.
Switch LED on/off feature allows switch LED to be turned off at the upper-right corner in switch device detail page via Cloud GUI. (please be advised PoE Mode/LAN Mode LED cannot be turned off due to hardware limitation.)
Reset PoE from the port panel allows user to mouse-over PoE ports on switch port panel via Cloud GUI and power-cycle the port so the device attached to the port can be rebooted.
Add GET/SET SNMP community for cloud agent.
Fix abnormal static route entry issue.
Fix abnormal default gateway issue.
Fix abnormal uplink port issue.
Fix EEE feature not able to save power issue. (for all ECS Multi-G series)
Add Connection Diagnostic page in ECS local web management.
Add “Extend” link-speed mode in port setting page. (Not supported in multi-G series because it is without 10Mbps-speed.)
Support 2K static VLAN entries.
Adjust the hybrid service priority for Cloud Agent and WTP process.
Add "On", "Off" action for Scheduled PoE.
Add DHCP snooping / relay features for Cloud Agent.
Update LED behavior code to cope with multi-G (5Gbps/2.5Gbps) LED color change from green to amber. 10Gbps LED remains green and 100Mbps/1Gbps remain amber as in previous v1.1.35.
Fix DHCP client function that may cause system crash issue.
Resolve LBD behavior issue when STP enabled.
Add LLDP remote information ''system description'', ''remote capability support'', and ''remote capability enable''.
Renew the DNS server IP when receiving DHCP offer packet.
Resolve memory leak caused by abnormal DHCP packets.
Accommodate loop back detection mechanism for IOT devices.
Support trunk and mirror settings for cloud management.
Improve the efficiency to initiate cloud management service.
Add system warm start log to denote an expected software reboot.
Adjust default value of port rate limit to 1Mbps.
Web GUI now follows new 2020 California Password Law (SB-327) to force user changing password for a first time login.
Improve the way to show STP block/unblock status.
Support configure local credential in Cloud. Note that if the cloud already configured a different credential, the local credential will be synced to the cloud one automatically.
Fix the issue of packet buffer leak which may cause a system reboot.
Fix the issue that some specific DHCP packets sent by Mikrotik or Huawei router may cause system reboot.
Fix the bug that recurring setting of daylight saving does not work when SNTP service is not available.
Support cloud configuration on per port PVID and vlan members.
Correct the syslog timestamp issue.
Fix GUI and CLI issue by limiting the input format of User Account to Letters, Numbers, and underline character '_' only.
Fix GUI and CLI issue by excluding character '@' from password string.
Enhance DHCP settings to accommodate 2 sets of DNS server IP upon receiving multiple sets of DNS server IP from DHCP server.
Add system restart logs.
N/A
Supports importing shared configurations via local UIs. Users can modify a configuration file and distribute it to other devices, greatly simplifying large-scale deployments.
Adds support for MAC-based VLAN to provide more precise client authorization for untagged network devices.
Support Static IGMP/MLD Group configuration via local GUI and CLI, ensuring multicast traffic reaches designated clients.
Improve the accuracy of wired client list on EnGenius Cloud.
Support new model ECS2530FP. A 24-port 2.5G PoE switch that providing higher backbone capacity for WiFi 7 networks.
Support dual controller for High Availability (HA) function of EnGenius Private Cloud (EPC). Minimize the downtime of on-premises network management.
Fix device crash issue when there are over 20 clients request DHCP IP through switch DHCP relay function.
Supports IP-MAC-Port Binding for EnGenius Cloud, ensuring strict client management and protecting against ARP spoofing and Man-in-the-Middle attacks..
Supports Rogue DHCP Server Prevention (RDSP) in the local UI, blocking unauthorized DHCP servers or routers from disrupting clients and ensuring proper network access.
Support detailed PoE class setting for PoE ports.
Support RADIUS Change of Authentication (CoA), allow admin force RADIUS clients reauthentication when authentication policy is changed.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Fix IP Source Guard Rules cannot be completed cleared when deleting rules.
Fix the issue where the MAC FDB sometimes fails to update correctly when a client moves from one port to another.
Enhance PoE detection mechanisms to improve interoperability with legacy PDs that may not fully comply with PoE negotiation standards.
Enhance LLDP-MED and port power limit algorithms to improve interoperability with PDs that do not accurately report power demands with their redistributed PDs.
Support HTTPs-only function (from device side).
Fixed the issue that switch may not sync all configurations with Cloud at the first check-in.
Add enhancement to prevent switch out of memory.
Fixed the issue where IPv6 address in network settings cannot be saved after reboot.
Fixed CPU loading issue upon parsing DHCP traffics for wired client information.
Fixed the error display for CPU loading on EnGenius cloud dashboard.
Add CLI command for wired client-list function: wired client list { enable | disable }
Modify DHCP packet's host name (Option 12) to include model name and add 4 MAC address digits (2-bytes).
Change default configurations:
DHCP snooping is disabled by default.
Wired client list is enabled by default.
Add CLI command to support config VLAN range.
Implement CLI commands that can show current config of specified feature.
Add CLI commands to support displaying 5-min port utilization records for past 24 hours.
Add CLI command to support showing different running config.
Modify the LLDP-MED TLV value content when connecting to Senao Extender.
Support manually disable / enable cloud agent by CLI and Local GUI.
Change default config to disable IPv6 default route.
Enhance Cloud agent to support 802.1x+MAB feature.
Support the wired client list feature.
Disable both flow control and 802.1x on ECS switch's default configurations.
Adjust the system-name parameter to read-only on LSP page.
Integrate ACLG (Auto-CAM life-guard) into the PDLG.
Add ONVIF discovery feature.
Support VTP (VLAN trunking port) for 1 ~ 4094 VLAN ID.
Enclose system name for displaying in syslog messages.
Support system name using UTF-8.
Support port isolation and grouping (Please be advised the isolation settings will need re-configuration due to feature update where forward ports can be specified for a chosen port when port isolation is enabled).
Support MDNS and SSDP discovery protocols.
Support LBD function per port setting.
Add Private-VLAN function. (via CLI and local GUI for now)
Support LSP function.
Fine-tune the abnormal last update time issue for cloud_agent.
Support Gratuitous ARP function.
Support single port binding to trunking member via local GUI.
Enhance ECS1008P (v2) to support AT mode.
Enhance Cloud Agent to support MAF. (MAC address filtering)
Known Issue: in [MLD Snooping][Router Settings], when adding a port into static port list, the port will show as "T", instead of "S".
Known Issue: in [Web][Port Settings], Fiber ports will stop working after setting 1Gbps/Full from web then changing to other speed; this can be recovered by disabling/enabling the port.
Fix abnormal gateway configuration in the DHCP relay environment.
Fixed the issue of VLAN name synchronization when the VLAN name contains special characters such as parentheses (e.g., '()').
Add BPDU Guard / Root Guard for STP protocol feature.
Add SNMPv3 configurations for cloud agent.
Add MVR feature.
Enclose fix for CVE-related issue (no_dirlist).
Support multiple Regions (including Japan).
Revise system name to be “Model Name” followed by “-“ with last 4 digits of device MAC address (for example, ECS5512-38f8).
Support web proxy server feature in local GUI for cloud agent.
Enhance switch sync mechanism with cloud and cloud check-in time.
Enclose fix to prevent switch hang upon configuring static IPv4 address to switch device.
Modify the action when schedule.db changes for scheduled PoE feature.
Modify the log handling with Cloud about flick reboot.
Fix switch hang issue with IGMP and MLD for IPTV integration.
Fix potential segmentation fault issue for the routing feature.
Packet capture supports both Tx/Rx feature.
Fix the issue when an user configured VLAN name with a space character via the cloud, it will not sync to the device.
Add MAC-Authentication-Bypass feature.
Add ONVIF camera discovery feature.
Modified the trunk binding rule to bypass the media type check mechanism, allowing binding with different link speeds.
Update the number of VLAN entries to 1024.
Fix the firmware upgrade issue when the switch current firmware version is from very early version.
Support Packet Capture in Diag Tools on EnGenius Cloud for cloud-managed ECS switch.
Support Diag Tools on EnGenius Cloud for cloud-managed ECS switch.
Apply new GUI design to device's web management pages.
Add DHCP IP auto-renew mechanism when cloud agent cannot check-in to server.
Support optimized IGMP fast leave.
Fine-tune ARP-validation mechanism to accommodate Mesh feature with ECW Cloud AP.
Enhance PD Lifeguard feature with pending expiration.
Add "Version ID" for IGMP feature.
Change Syslog write to flash level from INFO to Critical.
Support VLAN 0 to facilitate forwarding behavior.
Disable SSDP and mDNS features temporarily to avoid memory sizing issues.
For Multi-G series switches, PHY settings are adjusted to keep better ability of Interconnection to support most link-partners.
Adjust header parsing rule for time-zone parameter. (cloud agent)
Adjust the SSDP and mDNS default configuration to disable. (It won't handle SSDP and mDNS packets by default setting.)
Switch PoE scheduling feature will let user configure schedule via Cloud GUI when the device is powered by PoE of the port.
Switch LED on/off feature allows switch LED to be turned off at the upper-right corner in switch device detail page via Cloud GUI. (please be advised PoE Mode/LAN Mode LED cannot be turned off due to hardware limitation.)
Reset PoE from the port panel allows user to mouse-over PoE ports on switch port panel via Cloud GUI and power-cycle the port so the device attached to the port can be rebooted.
Add GET/SET SNMP community for cloud agent.
Fix abnormal static route entry issue.
Fix abnormal default gateway issue.
Fix abnormal uplink port issue.
Add Connection Diagnostic page in ECS local web management.
Add “Extend” link-speed mode in port setting page. (Not supported in multi-G series because it is without 10Mbps-speed.)
Support 2K static VLAN entries.
Adjust the hybrid service priority for Cloud Agent and WTP process.
Add "On", "Off" action for Scheduled PoE.
Add DHCP snooping / relay features for Cloud Agent.
Update LED behavior code to cope with multi-G (5Gbps/2.5Gbps) LED color change from green to amber. 10Gbps LED remains green and 100Mbps/1Gbps remain amber as in previous v1.1.35.
Fix DHCP client function that may cause system crash issue.
Resolve LBD behavior issue when STP enabled.
Add LLDP remote information ''system description'', ''remote capability support'', and ''remote capability enable''.
Renew the DNS server IP when receiving DHCP offer packet.
Resolve memory leak caused by abnormal DHCP packets.
Accommodate loop back detection mechanism for IOT devices.
Support trunk and mirror settings for cloud management.
Improve the efficiency to initiate cloud management service.
Add system warm start log to denote an expected software reboot.
Adjust default value of port rate limit to 1Mbps.
Web GUI now follows new 2020 California Password Law (SB-327) to force user changing password for a first time login.
Improve the way to show STP block/unblock status.
Support configure local credential in Cloud. Note that if the cloud already configured a different credential, the local credential will be synced to the cloud one automatically.
Fix the issue of packet buffer leak which may cause a system reboot.
Fix the issue that some specific DHCP packets sent by mikrotik router may cause system reboot.
Fix the bug that recurring setting of daylight saving does not work when SNTP service is not available.
Support cloud configuration on per port PVID and vlan members.
Correct the syslog timestamp issue.
Fix GUI and CLI issue by limiting the input format of User Account to Letters, Numbers, and underline character '_' only.
Fix GUI and CLI issue by excluding character '@' from password string.
Enhance DHCP settings to accommodate 2 sets of DNS server IP upon receiving multiple sets of DNS server IP from DHCP server.
Add system restart logs.
N/A
Fixed the issue where port 53 was opened on the WAN side when the Captive Portal or L7 rule was enabled
Added support for Gateway v6plus/Xpass (Japan’s VNE) with IPv6 IPIP tunneling for optimized connectivity.
Improved the rollback function event log title to make it more descriptive.
Fixed an issue where packet capture from WWAN failed or produced duplicate packets.
Fixed an issue where incorrect WAN information was displayed on the Detail page when VLAN is enabled in the WAN settings.
Support CloudBrink service to offer ZTNA (Zero Trust Network Access) solution
Adds MAP-E and DS-Lite support to enable IPv6 access in ISP networks using IPv4-based tunneling
Adds IPv6 Ping/ Traceroute support on WAN1 interface for troubleshooting purposes
Optimize the performance of the Diag Tool: CPU Usage
Allows Ping operations in Diag Tool to follow the active primary WAN interface instead of a fixed WAN1 interface.
Enhanced WAN logs to clearly record status: active, inactive, and unstable
Fixed the issue where Client VPN did not follow the default routing rule when Default Route to Remote Hub was enabled in auto S2S VPN configuration
Fixed the issue to reduce duplicated log entries when the WAN connection is unstable.
Fixed incorrect rule policy order between 1:1 NAT and Port Forwarding
Fixed the issue where only one SIP client can connect to SIP server if SIP client ‘s source port was not TCP/UDP 5060
Fixed Symmetric NAT type detection failed.
Fixed incorrect WAN2 IP address displayed after updating policy route rules
Fixed fail to establish 3rd party S2S VPN connection with IKEv1 when Primary WAN public IP changed.
Fixed an issue where full tunnel was restricted to Auto VPN mode. It now supports operation without Auto NAT Traversal enabled.
Support Static Route over VPN: Enables traffic control by manually defining routes over a VPN tunnel, optimizing network efficiency.
Support Default Route to Remote Hub: allows routing all traffic through the remote hub for enhanced security and centralized traffic management
Support to save device’s log to syslog server for centralized log management
Support real-time log download to easy troubleshooting
Changes ESG510/ESG610/ESG620 Ethernet LED definition to “Green is high speed; amber is lower speed”
Add warning message for WAN/LAN IP conflicts to alert users of potential network issues
Enhanced L7 firewall detection to improve accuracy in identifying Layer 7 packets
Fixed issue where only one L2TP connection from a LAN site could be established to an L2TP VPN server at the WAN site
Fixed issue where clients failed to obtain an IP address when switching WAN2 and LAN via the Local Status Page (LSP) while the internet was unreachable.
Fix the WAN disconnect issue when connecting to Verizon network.
Fixed the issue where Captive Portal's click-through authentication failed when many users were logging in
Fixing the NTP Mode 6 Scanner enhances system security and reduces potential attack risks.
Fixed the issue where ICMP Timestamp Request Disclosure exposed system time
Support Layer 7 Policy Based Route, allows administrator to designate which WAN port to be used for different applications.
Support Layer 7 firewall rule to block specific application that may hurt you network.
Support rollback configuration to prevent configuration errror that impact cloud connections.
Increase Layer 3 and Layer 7 firewall event logs, improving traffic visibility and easier for administrator troubleshoot their network.
Direct SecuPoint VPN user traffic using the gateway's PBR settings to ensure that all user traffic follows the same rules
Enhanced WAN disconnected log making WAN troubleshoot easier.
Support to disable LLDP for specific environment that do not allow auto discovery protocols. (Cloud does not support yet)
Support mDNS function making ESG easier to be found in local network. (Cloud does not support yet)
Fixed the issue where LAN subnets matching PBR rules could not route to other local subnets.
Fixed the issue that SecuPoint remote client can't access ESG’s local LAN if Passthrough mode and Split tunnel are enabled.
Enhanced firewall logs to output as a text file in real-time. (Cloud does not support yet)
Auto VPN Hub-and-Spoke supports full tunnel mode. (Cloud does not support yet)
Added support for static routing over VPN. (Cloud does not support yet)
When a rogue DHCP server is detected, an event log notification will be generated.
Added support to export NAT logs to an external syslog server. (Cloud does not support yet)
New dashboard displays WWAN information when WWAN is the primary WAN.
Added a new event log for reaching the maximum number of SecuPoint client seats.
Added a new event log for when the public IP and WAN IP are configured the same in NAT.
Support enable/disable HTTPs-only for local web page access. Allowing users force web UI access encrypted for better security.
Support enable/disable Local Web Page. Allowing users forbid local managements to prevent the confliction with the central cloud management.
Resolved an issue where the DDNS hostname was not displayed in the SecuPoint VPN client when passthrough mode was enabled.
Fixed an issue where the SecuPoint VPN client was non-functional when the primary WAN2 connection type was set to DHCP or a static IP address.
Addressed an issue where an Android phone (SecuPoint VPN client) could not access the internal server when SecuPoint VPN and port forwarding were enabled.
Corrected an issue where the latency monitor was inaccurate when the PBR function was enabled.
Fixed a problem with the Diag tool to prevent response failures.
Resolved an issue where the S2S VPN connection failed when the ESG uplink gateway changed its WAN IP address.
Fixed an issue where third-party DDNS updates failed at the first update after an ESG510 reboot.
Fixed the issue for Auto Site-to-Site VPN connection sometimes getting disconnected upon WAN function reloaded with the following conditions:
Case 1: WAN IP is being changed (e.g., PPPoE IP changed)
Case 2: Fail-over under dual WAN
Case 3: IP getting changed in front end of Gateway
Fixed the issue for Diag Tool sometimes showing "This device is unavailable".
Fixed the issue for Site to Site VPN and IPsec Client VPN function that do not work properly with BASIC license.
Support Policy Route.
Support Gateway Access Control: VIP List and Block List.
Support Firewall Traffic Log - syslog server.
Support Packet Capture for WAN interfaces.
Adjust the definition and behavior of "System Name" and "Device Name"
Remove System Name setting from LSP.
Revise DHCP client hostname to {ModelName}-{MAC_last_4_digits}.
System Name support multi-language.
Automatically add a GRE port forwarding rule while adding PPTP TCP port: 1723
Revise Subnet Mask format of Static IP in LSP.
Optimize reset button behavior.
Fixed Gateway status issue when it shows online, it doesn't show WAN1/WAN2 IP information in Cloud UI.
Fixed the issue for Auto VPN where it failed if the number of ESG devices is more than 11.
Fixed the issue where the system becomes stuck upon continuously adding two bridge interfaces without assigning any Ethernet ports.
Use System Name as Host name for WAN via DHCP.
Enhance WAN security to close port 53 if Outbound FQDN rules are set.
Fixed the issue for Site-to-Site VPN connection not established after system reloading in some cases.
Fixed the issue for SecuPoint server to let it work in Passthrough Mode or under NAT.
Support URL filtering and Block page. (Cloud page to be updated)
Support EnGenius and 3rd-party DDNS function in Passthrough Mode. (Cloud page to be updated)
Support Client traffic statistics. (Cloud page to be updated)
Support Site-to-Site VPN Failover for ESG and Non-EnGenius Gateway.
Support EnGenius DDNS.
Support EnGenius SecuPoint VPN.
Revise LSP GUI style.
Fixed the issue for captive portal page not able to redirect to external splash page.
Fixed the routing issue upon enabling dual WAN where WAN interfaces have the same WAN gateway.
Note for Enhanced Security: The new firmware version (1.2.37) will remove the support for the less secure 3DES and MD5 options in IPSec Site-to-Site VPN Phase 2 settings, enhancing your data protection.
Add WWAN Failover Preference setting.
Add WWAN information for network statistics, packet loss, latency, and throughput.
Add USB port status for cellular dongle information.
Support PoE Reset function.
Revise System Name synchronization mechanism: (1) ESG510 will always set "System Name" according to cloud configuration. (2) ESG510 will synchronize "System Name" ONLY ONCE from DUT to Cloud if user manually revises it through LSP.
Fixed system hang-up issue occurred in some conditions when Captive Portal function enabled.
Fixed the Failover function fail issue when WAN1 or WAN2 has been assigned an IP address but is unable to access the Internet.
Fixed the Failover function when it sometimes fails to resume the primary WAN connection.
Fixed the Firewall function when FQDN string length is over 32 characters in the Outbound Rules and it causes Client VPN function fail.
Fixed the expiration time of DHCP Lease when it showed incorrect remaining time.
Fixed the Site-to-Site VPN Status that showed disconnection when static routing rule is added.
Fixed the issue that it is failed to establish Site-to-Site VPN connection when using non-EnGenius Gateway in Passthrough mode.
Fixed the issue that ESG510 is unable to reconnect to Non-EnGenius peer after Site-to-Site VPN connection is disconnected.
Fixed the issue for incorrect type setting of Local / Remote ID in Non-EnGenius Site-to-Site VPN settings.
Fixed the issue for incorrect DHCP Client ID on the WAN interface where the content of Option 61 should be the MAC address of ESG510 rather than "ESG510".
Add a function to override WAN MAC address setting on LSP.
Add a function to support Multi-Bridge function.
Add a function to support Per-Client bandwidth limitation.
Improve PPPoE throughput performance on Dual WAN (DHCP & PPPoE) case.
Revise Diag Tools for CPU loading stability.
Fixed the connection status issue where Non-EnGenius Peers' connection is connected but status is incorrect.
Fixed incorrect throughput result of WAN speed in Diag Tools.
Remove VPN disconnect message if it is caused by Re-Authentication.
Fixed the issue that Gateway Client will become empty when ESG510 is set to dual WAN but WAN2 port didn't plug in Ethernet cable.
Fixed the issue that is failed to set up DNS servers in WAN2 when WAN2's DNS server is set up to "Using Google Public DNS" or set up to "8.8.8.8/8.8.4.4" manually.
Fixed the issue that Site-to-Site VPN will use non-Primary WAN to establish VPN tunnels sometimes.
Fixed SIP compatibility issue.
Fixed the issue that VPN Client list is empty when VPN client connected to ESG510 in Passthrough mode.
Fixed the issue that SIP Phone failed to register.
Fixed the issue that Firewall Outbound Rules will be failed to apply if setting up multiple source and destination IPs in a rule.
Fixed the issue for LAN-to-LAN communication where an untagged VLAN (Default LAN) client is not able to communicate with other tagged VLAN clients.
Fixed the issue when there’s a configured VLAN-tagged LAN interface in Gateway>Interfaces/LAN settings, the device will not boot up properly when this LAN interface is disabled.
Fixed the issue that Client VPN user will fail to query domains if a FQDN rule added in Firewall settings.
Error messages are now shown on LSP when ESG NTP, ICMP, HTTP, and HTTPS Internet connection health check fails.
Default System Name is now changed to "Model name" + "-" + “last 4 digits of MAC address”.
Fixed the issue that Client VPN and Allowed Services fail when a particular character is included in the ESG VPN user description.
Fixed the issue that mDNS floodings when ESG and downstream ECW AP are both performing mDNS forwarding.
Fixed the issue for Site-to-Site VPN with 3rd party VPN device.
Supports FQDN specification in firewall outbound rule.
Character set is revised to allow in LSP System Name setting: ‘0’-‘9’, ‘a’-‘z’, ‘A’-‘Z’ and '-'
Enables System Name synchronization with Cloud setting.
Fixed the issue that DHCP Lease information is not correctly displayed.
Fixed the issue that is unable to search APs across ESG LAN ports when using the EnGenius Locator tool .
Fixed the issue that mDNS Repeater does not work properly when WAN2 is enabled.
Fixed the issue that Captive Portal Walled Garden does not work properly in some cases.
Supports FQDN Hostname and wildcard specification in Walled Garden for Captive Portal service.
Adds new function for mDNS(multicast DNS) Repeater(default is enabled).
It is revised to send “WAN1”, ”WAN2” instead of “P4”, ”P3” in LLDP port description.
Fixed the issue for Client VPN service not active after firmware upgrade.
Adds Site-to-Site VPN in Passthrough mode.
Adds “Disable” option to disable Auto NAT Traversal.
Adds Diagnostic Tool with multiple WANs/LANs.
Fixed the issue to let VPN Peer "Network Name" correctly display in the Event Log and Notifications.
Fixed the issue that Captive Portal service occasionally does not work when WAN2 is toggled between enable/disable.
Fixed the issue where wrong ID/password is not displayed on the Captive Portal splash page.
Fixed the issue that incorrect WAN1 IP is displayed in LSP while VLAN is enabled in Passthrough mode.
Fixed the issue that firewall outbound rule does not work for Client VPN users in Passthrough mode.
Fixed the issue that DDNS update fails when DDNS is set to Custom.
Fixed the issue for Captive Portal and RADIUS service not working after firmware upgrade.
Adds Passthrough mode with the following features:
WAN1 uplink port setting
Client VPN
Outbound firewall rules to filter traffic from LAN clients
Filtering traffic from Client VPN users is not supported with Passthrough mode in this release.
Supports HTTPS login for LSP(Local Status Page).
DDNS update error message is displayed in the Event Log.
Revised function to make DDNS update on hourly basis, and when the WAN status is changed.
Fixed the issue that Gateway Client traffic record is incorrect.
Solve network topology display issue.
Solve synchronization issues between the local GUI account and the EnGeniusn Cloud server.
Solve DDNS hostname not displayed in Client VPN.
Improve DHCP server detection when L2 isolation is enabled, ensuring reliable IP assignment for wireless clients.
Support for EnGenius Private Cloud (EPC)
Fix the issue that AP sometimes goes offline even when the network is functioning normally.
Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.
Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.
mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.
Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.
Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.
Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).
Fixed vulnerability issue (CVE-2022-38546).
Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:
(a) WPA3 Personal (SAE)
(b) WPA3-Personal/WPA2-PSK mixed
(c) WPA3 Enterprise with suite-b disabled
Fixed the issue that PSE function doesn’t work.
Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Resolved Fragattack vulnerability issues.
Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.
Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.
Enhance IOT client association compatibility.
Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue
Support DCS (Dynamic Channel Selection) by background scanning.
Enhance bcmc function that may block DHCP broadcast OFFER/ACK packets.
Support auto-channel with "Exclude DFS" config.
Support EnGenius cloud diagnostic mode.
Support system-reserved IP range pool.
Improve Wi-Fi performance while enabling app-detection.
Support RADIUS CoA disconnect-client requests.
Perform periodically scanning for 802.11k report without background scanning.
Support intelligent band-steering.
Support proxy ARP.
Support 802.1x/captive portal with Google Auth.
Support RADIUS WISPr traffic control and traffic quantity attributes.
Support RADIUS MAC-Auth in captive portal.
Support captive portal authentication by LDAP/AD server: single SSID, single server.
Support fail-safe image upgrade from cloud server.
Update 2.4GHz HT20 auto-channel algorithm for using 1,6,11 channels.
Resolved FragAttack vulnerability issues.
Add log message for Wi-Fi reload event.
Add protection to prevent Wi-Fi interface could not be brought up.
Update failsafe image for Dakota platform to accommodate management VLAN.
Support Facebook Wi-Fi.
Add client's TX/RX Byte information in disassociation event log.
Modify LSP Page about HTTP/HTTPS proxy setting.
Handle HTTP error code 504 upon check-in to cloud server.
Handle private MAC address detection with blocked info messages.
Adjust mesh related syslog contents.
Allow SSID profile applied to LAN port for wired clients (Phase-1 enhancement for ECW115).
Support RSTP.
Support background scanning ON/OFF option.
Update certificate for HTTPS access to LSP page.
Handle larger max. client limit value from cloud server.
Fixed the issue that LED on/off would trigger network reload with specific configurations.
Fixed IPTV streaming issue for trunk port.
Support SSDP responder and adjust mDNS response content.
Band Steering feature encloses improvement for 802.11k/v and utilizes 802.11r fasting roaming technique to avoid re-authentication upon connection to different radio band.
Procedures of applying WLAN configuration has been optimized to shorten needed time for setting update.
Enhance Captive Portal secure login with HTTPS-based information exchange.
Support my-PSK with dynamic VLAN for WPA2-PSK authentication. (only available from EnGenius Cloud, not external radius)
Mesh AP node supports traffic shaping.
Support SNMP v2/v3 for local management with Get function.
Support multicast to unicast per radio.
Captive Portal feature supports client-leave-network timeout.
Support Client Balancing to steer the client to connect to best available AP.
Support Broadcast/Multicast suppression.
Adjust channel candidates of Auto-channel selection (ACS).
Adjust power table limitation of Malaysia and Indonesia.
Apply auto-channel selection mechanism update
Apply regulatory domain update
Improve throughput performance
Adjust DTIM from 2 to 3
Support Client Balancing
Support scheduling system reboot
Support L2-Isolation exception rules for VIP feature
Support radius NAS-id/port/addr attributes
Support software reset-to-default for mobile App
Captive portal supports redirurl parameter
Fixed the issue that AP may become unstable when some 2.4GHz-only WiFi clients try connecting to AP.
Fixed the issue that AP may hang up where the SSID profile included “hidden” and users downgrade firmware from v1.3.9 to v1.3.7
Resolve connectivity issue when SSID included space character.
Add log for blocking message clients.
Add log for the action of kicking clients.
N/A
Adjust client isolation behavior in NAT mode.
Support DNS settings per SSID.
Support wireless association banned message.
Support https redirect of captive portal.
N/A
Support L2 (MAC Address) client Block List per SSID.
Support advanced feature called Traffic Log to send more wireless client information to dedicated syslog server.
Improve auto-channel algorithm to avoid multiple AP choosing the same channel in certain situation.
Support advanced feature called which makes the AP continuously gathering 802.11 probe request frames sent by wireless clients and then sending the data to specific 3rd party server.
Improve the efficiency of applying traffic shaping rules.
Support new Client Timeline feature.
Adjust default DHCP lease time of SSID in NAT mode to 5 minutes.
Fix the captive portal issue that triggered RADIUS accounting events before an user is authenticated.
Fix the issue that caused limited IP address allocation for a SSID running in NAT mode.
Fix the issue that caused long duration of captive portal splash page redirection.
Fix driver layer log mechanism to avoid unexpected wireless performance drop.
Improve the efficiency of SSID running in bridge mode.
TX Power tuning options now start from 1 to 10 dBm.
Adjust WMM/DSCP/802.1p mappings to follow conventions.
Support LED Blinking function to trigger an AP to blink its LED for 10 seconds. This could help user to quickly identify the AP.
Fix the issue that caused system to get wrong 2.4G channel utilization data in some special cases.
Improve DHCP server detection when L2 isolation is enabled, ensuring reliable IP assignment for wireless clients.
Support for EnGenius Private Cloud (EPC)
Fix the issue that AP sometimes goes offline even when the network is functioning normally.
Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.
Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.
mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.
Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.
Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.
Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).
Fixed vulnerability issue (CVE-2022-38546).
Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:
(a) WPA3 Personal (SAE)
(b) WPA3-Personal/WPA2-PSK mixed
(c) WPA3 Enterprise with suite-b disabled
Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Resolved Fragattack vulnerability issues.
Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.
Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.
Enhance IOT client association compatibility.
Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue
Support DCS (Dynamic Channel Selection) by background scanning.
Enhance bcmc function that may block DHCP broadcast OFFER/ACK packets.
Support auto-channel with "Exclude DFS" config.
Support EnGenius cloud diagnostic mode.
Support system-reserved IP range pool.
Improve Wi-Fi performance while enabling app-detection.
Support RADIUS CoA disconnect-client requests.
Perform periodically scanning for 802.11k report without background scanning.
Support intelligent band-steering.
Support proxy ARP.
Support 802.1x/captive portal with Google Auth.
Support RADIUS WISPr traffic control and traffic quantity attributes.
Support RADIUS MAC-Auth in captive portal.
Support captive portal authentication by LDAP/AD server: single SSID, single server.
Support fail-safe image upgrade from cloud server.
Update 2.4GHz HT20 auto-channel algorithm for using 1,6,11 channels.
Resolved FragAttack vulnerability issues.
Add log message for Wi-Fi reload event.
Add protection to prevent Wi-Fi interface could not be brought up.
Update failsafe image for Dakota platform to accommodate management VLAN.
Optimize FW upgrade procedures on Dakota models.
Support Facebook Wi-Fi.
Add client's TX/RX Byte information in disassociation event log.
Modify LSP Page about HTTP/HTTPS proxy setting.
Handle HTTP error code 504 upon check-in to cloud server.
Handle private MAC address detection with blocked info messages.
Adjust mesh related syslog contents.
Support RSTP.
Support background scanning ON/OFF option.
Handle larger max. client limit value from cloud server.
Fixed the issue that LED on/off would trigger network reload with specific configurations.
Support SSDP responder and adjust mDNS response content.
Band Steering feature encloses improvement for 802.11k/v and utilizes 802.11r fasting roaming technique to avoid re-authentication upon connection to different radio band.
Procedures of applying WLAN configuration has been optimized to shorten needed time for setting update.
Enhance Captive Portal secure login with HTTPS-based information exchange.
Support my-PSK with dynamic VLAN for WPA2-PSK authentication. (only available from EnGenius Cloud, not external radius)
Mesh AP node supports traffic shaping.
Support SNMP v2/v3 for local management with Get function.
Support multicast to unicast per radio.
Captive Portal feature supports client-leave-network timeout.
Support Client Balancing to steer the client to connect to best available AP.
Support Broadcast/Multicast suppression.
Adjust channel candidates of Auto-channel selection (ACS).
Adjust power table limitation of Malaysia and Indonesia.
Apply auto-channel selection mechanism update
Apply regulatory domain update
Improve throughput performance
Adjust DTIM from 2 to 3
Support Client Balancing
Support scheduling system reboot
Support L2-Isolation exception rules for VIP feature
Support radius NAS-id/port/addr attributes
Support software reset-to-default for mobile App
Captive portal supports redirurl parameter
Fixed the issue that AP may become unstable when some 2.4GHz-only WiFi clients try connecting to AP.
Fixed the issue that AP may hang up where the SSID profile included “hidden” and users downgrade firmware from v1.3.9 to v1.3.7
Resolve connectivity issue when SSID included space character.
Add log for blocking message clients.
Add log for the action of kicking clients.
N/A
Adjust client isolation behavior in NAT mode.
Support DNS settings per SSID.
Support wireless association banned message.
Support https redirect of captive portal.
N/A
Support L2 (MAC Address) client Block List per SSID.
Support advanced feature called Traffic Log to send more wireless client information to dedicated syslog server.
Improve auto-channel algorithm to avoid multiple AP choosing the same channel in certain situation.
Support advanced feature called presence reporting which makes the AP continuously gathering 802.11 probe request frames sent by wireless clients and then sending the data to specific 3rd party server.
Improve the efficiency of applying traffic shaping rules.
Support new Client Timeline feature.
Adjust default DHCP lease time of SSID in NAT mode to 5 minutes.
Fix the captive portal issue that triggered RADIUS accounting events before an user is authenticated.
Fix the issue that caused limited IP address allocation for a SSID running in NAT mode.
Fix the issue that caused long duration of captive portal splash page redirection.
Fix driver layer log mechanism to avoid unexpected wireless performance drop.
Improve the efficiency of SSID running in bridge mode.
TX Power tuning options now start from 1 to 10 dBm.
Adjust WMM/DSCP/802.1p mappings to follow conventions.
Support LED Blinking function to trigger an AP to blink its LED for 10 seconds. This could help user to quickly identify the AP.
Fix the issue that caused system to get wrong 2.4G channel utilization data in some special cases.
Support WPA3.
Support Mesh Auto Pairing.
Support the way to access LSP (local support page) with URL http://EnGenius.local and discover AP with Bonjour protocol.
Support the way to show system status with specific SSID name to ease the troubleshooting on device on-boarding.
NAT/Bridge mode now is configurable per SSID. They are supported only in Captive Portal in previous version.
Support the option to discard association requests from legacy 802.11a/b/g clients.
Enhance the efficiency to apply idle-timeout and session-timeout settings of Captive Portal.
Fix the issue that caused memory leak in a special case.
Improve the accuracy of device fingerprint.
Support default configurations of EnGenius Cloud Radius.
Fix captive portal IOT issues for certain wireless clients.
Fix the malfunction of EnGenius Radius authentication that caused by firmware upgrade.
Fix the issue that wireless LED did not blink normally in certain situation.
Fix the issue that the 2nd radius server doesn't work.
Fix the issue that DUT may fail to reload configurations during the system applying mesh.
Improve DHCP server detection when L2 isolation is enabled, ensuring reliable IP assignment for wireless clients.
Support for EnGenius Private Cloud (EPC)
Fix the issue that AP sometimes goes offline even when the network is functioning normally.
Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.
Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.
mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.
Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.
Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.
Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).
Fixed vulnerability issue (CVE-2022-38546).
Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:
(a) WPA3 Personal (SAE)
(b) WPA3-Personal/WPA2-PSK mixed
(c) WPA3 Enterprise with suite-b disabled
Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Resolved Fragattack vulnerability issues.
Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.
Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.
Enhance IOT client association compatibility.
Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue
Support DCS (Dynamic Channel Selection) by background scanning.
Enhance bcmc function that may block DHCP broadcast OFFER/ACK packets.
Support auto-channel with "Exclude DFS" config.
Support EnGenius cloud diagnostic mode.
Support system-reserved IP range pool.
Improve Wi-Fi performance while enabling app-detection.
Support RADIUS CoA disconnect-client requests.
Perform periodically scanning for 802.11k report without background scanning.
Support intelligent band-steering.
Support proxy ARP.
Support 802.1x/captive portal with Google Auth.
Support RADIUS WISPr traffic control and traffic quantity attributes.
Support RADIUS MAC-Auth in captive portal.
Support captive portal authentication by LDAP/AD server: single SSID, single server.
Support fail-safe image upgrade from cloud server.
Update 2.4GHz HT20 auto-channel algorithm for using 1,6,11 channels.
Resolved FragAttack vulnerability issues.
Add log message for Wi-Fi reload event.
Add protection to prevent Wi-Fi interface could not be brought up.
Update failsafe image for Dakota platform to accommodate management VLAN.
Optimize FW upgrade procedures on Dakota models.
Support Facebook Wi-Fi.
Add client's TX/RX Byte information in disassociation event log.
Modify LSP Page about HTTP/HTTPS proxy setting.
Handle HTTP error code 504 upon check-in to cloud server.
Handle private MAC address detection with blocked info messages.
Adjust mesh related syslog contents.
Support RSTP.
Support background scanning ON/OFF option.
Update certificate for HTTPS access to LSP page.
Handle larger max. client limit value from cloud server.
Fixed the issue that LED on/off would trigger network reload with specific configurations.
Support SSDP responder and adjust mDNS response content.
Band Steering feature encloses improvement for 802.11k/v and utilizes 802.11r fasting roaming technique to avoid re-authentication upon connection to different radio band.
Procedures of applying WLAN configuration has been optimized to shorten needed time for setting update.
Enhance Captive Portal secure login with HTTPS-based information exchange.
Support my-PSK with dynamic VLAN for WPA2-PSK authentication. (only available from EnGenius Cloud, not external radius)
Mesh AP node supports traffic shaping.
Support SNMP v2/v3 for local management with Get function.
Support multicast to unicast per radio.
Captive Portal feature supports client-leave-network timeout.
Support Client Balancing to steer the client to connect to best available AP.
Support Broadcast/Multicast suppression.
Adjust channel candidates of Auto-channel selection (ACS).
Adjust power table limitation of Malaysia and Indonesia.
Apply auto-channel selection mechanism update
Apply regulatory domain update
Improve throughput performance
Adjust DTIM from 2 to 3
Support Client Balancing
Support scheduling system reboot
Support L2-Isolation exception rules for VIP feature
Support radius NAS-id/port/addr attributes
Support software reset-to-default for mobile App
Captive portal supports redirurl parameter
Fixed the issue that AP may become unstable when some 2.4GHz-only WiFi clients try connecting to AP.
Fixed the issue that AP may hang up where the SSID profile included “hidden” and users downgrade firmware from v1.3.9 to v1.3.7
Resolve connectivity issue when SSID included space character.
Add log for blocking message clients.
Add log for the action of kicking clients.
N/A
Adjust client isolation behavior in NAT mode.
Support DNS settings per SSID.
Support wireless association banned message.
Support https redirect of captive portal.
N/A
Support L2 (MAC Address) client Block List per SSID.
Support advanced feature called Traffic Log to send more wireless client information to dedicated syslog server.
Improve auto-channel algorithm to avoid multiple AP choosing the same channel in certain situation.
Support advanced feature called presence reporting which makes the AP continuously gathering 802.11 probe request frames sent by wireless clients and then sending the data to specific 3rd party server.
Improve the efficiency of applying traffic shaping rules.
Support new Client Timeline feature.
Adjust default DHCP lease time of SSID in NAT mode to 5 minutes.
Fix the captive portal issue that triggered RADIUS accounting events before an user is authenticated.
Fix the issue that caused limited IP address allocation for a SSID running in NAT mode.
Fix the issue that caused long duration of captive portal splash page redirection.
Fix driver layer log mechanism to avoid unexpected wireless performance drop.
Improve the efficiency of SSID running in bridge mode.
TX Power tuning options now start from 1 to 10 dBm.
Adjust WMM/DSCP/802.1p mappings to follow conventions.
Support LED Blinking function to trigger an AP to blink its LED for 10 seconds. This could help user to quickly identify the AP.
Fix the issue that caused system to get wrong 2.4G channel utilization data in some special cases.
Support WPA3.
Support Mesh Auto Pairing.
Support the way to access LSP (local support page) with URL http://EnGenius.local and discover AP with Bonjour protocol.
Support the way to show system status with specific SSID name to ease the troubleshooting on device on-boarding.
NAT/Bridge mode now is configurable per SSID. They are supported only in Captive Portal in previous version.
Support the option to discard association requests from legacy 802.11a/b/g clients.
Enhance the efficiency to apply idle-timeout and session-timeout settings of Captive Portal.
Fix the issue that caused memory leak in a special case.
Improve the accuracy of device fingerprint.
Support default configurations of EnGenius Cloud Radius.
Fix captive portal IOT issues for certain wireless clients.
Fix the malfunction of EnGenius Radius authentication that caused by firmware upgrade.
Fix the issue that wireless LED did not blink normally in certain situation.
Fix the issue that the 2nd radius server doesn't work.
Fix the issue that DUT may fail to reload configurations during the system applying mesh.
Fixed an issue where PlayStation 4 (PS4) devices occasionally failed to connect properly to the PlayStation Network (PSN) through EnGenius APs.
Resolved an issue where modifying the configuration of one SSID could randomly cause WiFi connection loss.
Support operating channel width display on the EnGenius Cloud AP details page, which is targeted to be ready in mid-Sep.
Support 6 GHz support in India for faster speeds, lower latency, and a more reliable wireless experience.
Support automatically detecting the country using GeoIP and displayed on the Local Status Page (LSP).
Channel specification updates based on regulatory changes in different countries
Mexico: Support 6GHz.
Configuration changes may possibly cause Captive Portal to malfunction, leading to the splash page not functioning properly.
Channel specification updates based on regulatory changes in different countries
Australia: Added Channel 144
New Zealand: Added Channel 144
Canada: Removed Channels 120 / 124 / 128 and 5GHz EHT240Hz support
Vietnam: Added support for the 6GHz band
USA: Added support for 5GHz EHT 240 MHz
Japan: Added support for 6GHz EHT 320 MHz
Fixed the Wi-Fi client certificate error issue when accessing the Captive Portal page.
Fixed the Wi-Fi clients disconnect issue when Manage VLAN was enabled and a myPSK was added or modified.
Fixed an issue where disabling an SSID with 802.11w enabled caused disconnections on other SSIDs during myPSK updates.
Added Layer 3 Outbound Firewall so admins can control where wireless client traffic goes or block it to improve network security.
To comply with new regulations in Indonesia, the output power for Band 4 has been updated from EIRP 23 dBm to EIRP 36 dBm.
Optimize Wi-Fi reload after AP settings are changed, making wireless clients reinitial the connection more quickly.
Improve AP performance and throughput when the AVXpress is enabled.
Deauthentication, enabling it to forcibly disconnect wireless clients from the network. Additionally, EnGenius Cloud offers an API for remote management of client Deauthentication.
Disabling mDNS when Local Web Pages are turned off to improved security.
Resolve the issue where the SysName object of the SNMP interface does not synchronize with the device name.
Resolve the issue of abnormal analysis in Frequency Spectrum monitoring.
Resolved the random AP disconnection issue that occurred when encryption features (e.g., MYPSK) were enabled in heavy-traffic environments.
Enlarge the RSSI threshold range for Fast Handover function providing more flexibility for to fine tune the roaming sensitivity special environments.
Resolved the issue where enabling MyPSK function, AP will random drop wireless clients.
Resolved the issue when there are 50 Walled Garden entries were set, part of the entries may not take effect on APs.
Improves the Fast Roaming performance when there are thousands of MyPSK user in the network.
Resolved the issue where selecting too many channels in the 6G Auto Channel list caused the AP to fail to configure.
Fix the issue that AP will trigger error evil twin alarms of AirGuard function.
Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.
Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.
Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.
Support EnGenius fast-handover algorithm 2.0
Remove dropbear [email protected] encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.
Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.
Add support for SAMLv2 in Captive portal with Azure-AD
A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.
(a) What is SAMLv2?
SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.
(b) Implications of This Update
Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.
(c) Practical Applications
Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.
In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.
Support HTTPS-Only for local device page
To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.
(a) Importance of HTTPS for Security
HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:
Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.
(b) Implementation and Control
By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.
In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.
Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.
Support wireless client MAC-based WMM
(a) Wi-Fi Multimedia (WMM) Overview:
Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:
Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.
(b) What Does "MAC-Based WMM Support" Mean?
The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.
(c) Practical Applications of Mac-Based WMM
Here are several scenarios where mac-based WMM can significantly enhance network management and performance:
Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.
Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.
Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.
Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.
Support application DSCP tagging
(a) What is DSCP?
DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.
DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.
(b) How Does DSCP Work?
When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.
(c) Benefits of DSCP Tagging
Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.
(d) Applications of DSCP Tagging in Enterprise Networks
Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.
Support hotspot2.0 and openRoaming
(a) What is Hotspot 2.0?
Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.
(b) Key Features of Hotspot 2.0
Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.
(c) What is OpenRoaming?
OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.
(d) Benefits of OpenRoaming
Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.
(e) Applications and Implications of Hotspot 2.0 and OpenRoaming
Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.
The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.
Fix the issue that AP sometimes goes offline even when the network is functioning normally.
Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.
Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.
mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.
Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Disable 6GHz radio if selected Wi-Fi encryption is not supported on the 6GHz band.
Support 6GHz all-channel-utilization scan in diag tool.
Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.
Support WPA3-Enterprise on 6GHz band.
Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.
Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.
Fixed vulnerability issue (CVE-2022-38546).
Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:
(a) WPA3 Personal (SAE)
(b) WPA3-Personal/WPA2-PSK mixed
(c) WPA3 Enterprise with suite-b disabled
Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.
Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.
Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.
Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.
Enhance IOT client association compatibility.
Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.
6GHz supports HT160 bandwidth option.
Fixed an issue where PlayStation 4 (PS4) devices occasionally failed to connect properly to the PlayStation Network (PSN) through EnGenius APs.
Resolved an issue where modifying the configuration of one SSID could randomly cause WiFi connection loss.
Support operating channel width display on the EnGenius Cloud AP details page, which is targeted to be ready in mid-Sep.
Support 6 GHz support in India for faster speeds, lower latency, and a more reliable wireless experience.
Support automatically detecting the country using GeoIP and displayed on the Local Status Page (LSP).
Channel specification updates based on regulatory changes in different countries
Mexico: Support 6GHz.
Configuration changes may possibly cause Captive Portal to malfunction, leading to the splash page not functioning properly.
Channel specification updates based on regulatory changes in different countries
Australia: Added Channel 144
New Zealand: Added Channel 144
Canada: Removed Channels 120 / 124 / 128 and 5GHz EHT240Hz support
Vietnam: Added support for the 6GHz band
USA: Added support for 5GHz EHT 240 MHz
Japan: Added support for 6GHz EHT 320 MHz
Fixed the Wi-Fi client certificate error issue when accessing the Captive Portal page.
Fixed the Wi-Fi clients disconnect issue when Manage VLAN was enabled and a myPSK was added or modified.
Fixed an issue where disabling an SSID with 802.11w enabled caused disconnections on other SSIDs during myPSK updates.
Added Layer 3 Outbound Firewall so admins can control where wireless client traffic goes or block it to improve network security.
To comply with new regulations in Indonesia, the output power for Band 4 has been updated from EIRP 23 dBm to EIRP 36 dBm.
Optimize Wi-Fi reload after AP settings are changed, making wireless clients reinitial the connection more quickly.
Improve AP performance and throughput when the AVXpress is enabled.
Deauthentication, enabling it to forcibly disconnect wireless clients from the network. Additionally, EnGenius Cloud offers an API for remote management of client Deauthentication.
Disabling mDNS when Local Web Pages are turned off to improved security.
Resolve the issue where the SysName object of the SNMP interface does not synchronize with the device name.
Resolve the issue of abnormal analysis in Frequency Spectrum monitoring.
Resolved the random AP disconnection issue that occurred when encryption features (e.g., MYPSK) were enabled in heavy-traffic environments.
Enlarge the RSSI threshold range for Fast Handover function providing more flexibility for to fine tune the roaming sensitivity special environments.
Resolved the issue where enabling MyPSK function, AP will random drop wireless clients.
Resolved the issue when there are 50 Walled Garden entries were set, part of the entries may not take effect on APs.
Fix the issue that AP will trigger error evil twin alarms of AirGuard function.
Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.
Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.
Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.
Support EnGenius fast-handover algorithm 2.0
Remove dropbear [email protected] encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.
Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.
Add support for SAMLv2 in Captive portal with Azure-AD
A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.
(a) What is SAMLv2?
SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.
(b) Implications of This Update
Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.
(c) Practical Applications
Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.
In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.
Support HTTPS-Only for local device page
To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.
(a) Importance of HTTPS for Security
HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:
Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.
(b) Implementation and Control
By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.
In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.
Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.
Support wireless client MAC-based WMM
(a) Wi-Fi Multimedia (WMM) Overview:
Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:
Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.
(b) What Does "MAC-Based WMM Support" Mean?
The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.
(c) Practical Applications of Mac-Based WMM
Here are several scenarios where mac-based WMM can significantly enhance network management and performance:
Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.
Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.
Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.
Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.
Support application DSCP tagging
(a) What is DSCP?
DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.
DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.
(b) How Does DSCP Work?
When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.
(c) Benefits of DSCP Tagging
Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.
(d) Applications of DSCP Tagging in Enterprise Networks
Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.
Support hotspot2.0 and openRoaming
(a) What is Hotspot 2.0?
Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.
(b) Key Features of Hotspot 2.0
Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.
(c) What is OpenRoaming?
OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.
(d) Benefits of OpenRoaming
Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.
(e) Applications and Implications of Hotspot 2.0 and OpenRoaming
Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.
The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.
Fix the issue that AP sometimes goes offline even when the network is functioning normally.
Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.
Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.
mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.
Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.
Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.
Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.
Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).
Fixed vulnerability issue (CVE-2022-38546).
Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:
(a) WPA3 Personal (SAE)
(b) WPA3-Personal/WPA2-PSK mixed
(c) WPA3 Enterprise with suite-b disabled
Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.
Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.
Fixed an issue where PlayStation 4 (PS4) devices occasionally failed to connect properly to the PlayStation Network (PSN) through EnGenius APs.
Resolved an issue where modifying the configuration of one SSID could randomly cause WiFi connection loss.
Support operating channel width display on the EnGenius Cloud AP details page, which is targeted to be ready in mid-Sep.
Support 6 GHz support in India for faster speeds, lower latency, and a more reliable wireless experience.
Support automatically detecting the country using GeoIP and displayed on the Local Status Page (LSP).
Channel specification updates based on regulatory changes in different countries
Mexico: Support 6GHz.
Configuration changes may possibly cause Captive Portal to malfunction, leading to the splash page not functioning properly.
Channel specification updates based on regulatory changes in different countries
Australia: Added Channel 144
New Zealand: Added Channel 144
Canada: Removed Channels 120 / 124 / 128 and 5GHz EHT240Hz support
Vietnam: Added support for the 6GHz band
USA: Added support for 5GHz EHT 240 MHz
Japan: Added support for 6GHz EHT 320 MHz
Fixed the Wi-Fi client certificate error issue when accessing the Captive Portal page.
Fixed the Wi-Fi clients disconnect issue when Manage VLAN was enabled and a myPSK was added or modified.
Fixed an issue where disabling an SSID with 802.11w enabled caused disconnections on other SSIDs during myPSK updates.
Added Layer 3 Outbound Firewall so admins can control where wireless client traffic goes or block it to improve network security.
To comply with new regulations in Indonesia, the output power for Band 4 has been updated from EIRP 23 dBm to EIRP 36 dBm.
Optimize Wi-Fi reload after AP settings are changed, making wireless clients reinitial the connection more quickly.
Improve AP performance and throughput when the AVXpress is enabled.
Deauthentication, enabling it to forcibly disconnect wireless clients from the network. Additionally, EnGenius Cloud offers an API for remote management of client Deauthentication.
Disabling mDNS when Local Web Pages are turned off to improved security.
Resolve the issue where the SysName object of the SNMP interface does not synchronize with the device name.
Resolve the issue of abnormal analysis in Frequency Spectrum monitoring.
Resolved the random AP disconnection issue that occurred when encryption features (e.g., MYPSK) were enabled in heavy-traffic environments.
Enlarge the RSSI threshold range for Fast Handover function providing more flexibility for to fine tune the roaming sensitivity special environments.
Resolved the issue where enabling MyPSK function, AP will random drop wireless clients.
Resolved the issue when there are 50 Walled Garden entries were set, part of the entries may not take effect on APs.
Fix the issue that AP will trigger error evil twin alarms of AirGuard function.
Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.
Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.
Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.
Support EnGenius fast-handover algorithm 2.0
Remove dropbear [email protected] encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.
Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.
Add support for SAMLv2 in Captive portal with Azure-AD
A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.
(a) What is SAMLv2?
SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.
(b) Implications of This Update
Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.
(c) Practical Applications
Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.
In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.
Support HTTPS-Only for local device page
To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.
(a) Importance of HTTPS for Security
HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:
Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.
(b) Implementation and Control
By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.
In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.
Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.
Support wireless client MAC-based WMM
(a) Wi-Fi Multimedia (WMM) Overview:
Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:
Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.
(b) What Does "MAC-Based WMM Support" Mean?
The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.
(c) Practical Applications of Mac-Based WMM
Here are several scenarios where mac-based WMM can significantly enhance network management and performance:
Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.
Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.
Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.
Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.
Support application DSCP tagging
(a) What is DSCP?
DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.
DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.
(b) How Does DSCP Work?
When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.
(c) Benefits of DSCP Tagging
Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.
(d) Applications of DSCP Tagging in Enterprise Networks
Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.
Support hotspot2.0 and openRoaming
(a) What is Hotspot 2.0?
Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.
(b) Key Features of Hotspot 2.0
Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.
(c) What is OpenRoaming?
OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.
(d) Benefits of OpenRoaming
Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.
(e) Applications and Implications of Hotspot 2.0 and OpenRoaming
Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.
The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.
Fix the issue that AP sometimes goes offline even when the network is functioning normally.
Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.
Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.
mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.
Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.
Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.
Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.
Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).
Fixed vulnerability issue (CVE-2022-38546).
Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:
(a) WPA3 Personal (SAE)
(b) WPA3-Personal/WPA2-PSK mixed
(c) WPA3 Enterprise with suite-b disabled
Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.
Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.
Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.
Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.
Fixed an issue where PlayStation 4 (PS4) devices occasionally failed to connect properly to the PlayStation Network (PSN) through EnGenius APs.
Resolved an issue where modifying the configuration of one SSID could randomly cause WiFi connection loss.
Support operating channel width display on the EnGenius Cloud AP details page, which is targeted to be ready in mid-Sep.
Support automatically detecting the country using GeoIP and displayed on the Local Status Page (LSP).
Channel specification updates based on regulatory changes in different countries
Mexico: Support 6GHz
Support Casting on LAN feature to allow Wi-Fi clients to cast streaming content to casting devices (e.g., Chromecast, Apple TV, smart TVs) that are connected to the same LAN port (not uplink) when Layer 2 isolation is enabled. Supported on wall-plate and in-wall APs.
Support for enabling or disabling the LAN interface port for security purposes on wall-plate and in-wall APs.
Configuration changes may possibly cause Captive Portal to malfunction, leading to the splash page not functioning properly.
Channel specification updates based on regulatory changes in different countries
Australia: Added Channel 144
New Zealand: Added Channel 144
Canada: Removed Channels 120 / 124 / 128 and 5GHz EHT240Hz support
Vietnam: Added support for the 6GHz band
USA: Added support for 5GHz EHT 240 MHz
Japan: Added support for 6GHz EHT 320 MHz
Fixed the Wi-Fi client certificate error issue when accessing the Captive Portal page.
Fixed the Wi-Fi clients disconnect issue when Manage VLAN was enabled and a myPSK was added or modified.
Fixed an issue where disabling an SSID with 802.11w enabled caused disconnections on other SSIDs during myPSK updates.
Added Layer 3 Outbound Firewall so admins can control where wireless client traffic goes or block it to improve network security.
To comply with new regulations in Indonesia, the output power for Band 4 has been updated from EIRP 23 dBm to EIRP 36 dBm.
Optimize Wi-Fi reload after AP settings are changed, making wireless clients reinitial the connection more quickly.
Improve AP performance and throughput when the AVXpress is enabled.
Deauthentication, enabling it to forcibly disconnect wireless clients from the network. Additionally, EnGenius Cloud offers an API for remote management of client Deauthentication.
Disabling mDNS when Local Web Pages are turned off to improved security.
Resolve the issue where the SysName object of the SNMP interface does not synchronize with the device name.
Resolve the issue of abnormal analysis in Frequency Spectrum monitoring.
Resolved the random AP disconnection issue that occurred when encryption features (e.g., MYPSK) were enabled in heavy-traffic environments.
Enlarge the RSSI threshold range for Fast Handover function providing more flexibility for to fine tune the roaming sensitivity special environments.
Resolved the issue where enabling MyPSK function, AP will random drop wireless clients.
Resolved the issue when there are 50 Walled Garden entries were set, part of the entries may not take effect on APs.
Fix the issue that AP will trigger error evil twin alarms of AirGuard function.
Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.
Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.
Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.
Support EnGenius fast-handover algorithm 2.0
Remove dropbear [email protected] encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.
Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.
Add support for SAMLv2 in Captive portal with Azure-AD
A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.
(a) What is SAMLv2?
SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.
(b) Implications of This Update
Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.
(c) Practical Applications
Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.
In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.
Support HTTPS-Only for local device page
To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.
(a) Importance of HTTPS for Security
HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:
Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.
(b) Implementation and Control
By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.
In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.
Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.
Support wireless client MAC-based WMM
(a) Wi-Fi Multimedia (WMM) Overview:
Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:
Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.
(b) What Does "MAC-Based WMM Support" Mean?
The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.
(c) Practical Applications of Mac-Based WMM
Here are several scenarios where mac-based WMM can significantly enhance network management and performance:
Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.
Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.
Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.
Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.
Support application DSCP tagging
(a) What is DSCP?
DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.
DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.
(b) How Does DSCP Work?
When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.
(c) Benefits of DSCP Tagging
Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.
(d) Applications of DSCP Tagging in Enterprise Networks
Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.
Support hotspot2.0 and openRoaming
(a) What is Hotspot 2.0?
Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.
(b) Key Features of Hotspot 2.0
Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.
(c) What is OpenRoaming?
OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.
(d) Benefits of OpenRoaming
Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.
(e) Applications and Implications of Hotspot 2.0 and OpenRoaming
Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.
The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.
Fix the issue that AP sometimes goes offline even when the network is functioning normally.
Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.
Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.
mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.
Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.
Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.
Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.
Fixed vulnerability issue (CVE-2022-38546).
Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:
(a) WPA3 Personal (SAE)
(b) WPA3-Personal/WPA2-PSK mixed
(c) WPA3 Enterprise with suite-b disabled
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.
Fixed the issue that Wi-Fi STA can’t access internet with MyPSK+VLAN SSID at some environment.
Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.
Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.
Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.
Enhance IOT client association compatibility.
Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.
Fixed an issue where PlayStation 4 (PS4) devices occasionally failed to connect properly to the PlayStation Network (PSN) through EnGenius APs.
Resolved an issue where modifying the configuration of one SSID could randomly cause WiFi connection loss.
Support operating channel width display on the EnGenius Cloud AP details page, which is targeted to be ready in mid-Sep.
Fixed an issue in firmware 1.8.85-1.8.101 where running spectrum analysis could cause Wi-Fi clients to disconnect.
Support 6 GHz support in India for faster speeds, lower latency, and a more reliable wireless experience.
Support automatically detecting the country using GeoIP and displayed on the Local Status Page (LSP).
Channel specification updates based on regulatory changes in different countries
Mexico: Support 6GHz.
Configuration changes may possibly cause Captive Portal to malfunction, leading to the splash page not functioning properly.
Channel specification updates based on regulatory changes in different countries
Australia: Added Channel 144
New Zealand: Added Channel 144
Canada: Removed Channels 120 / 124 / 128 and 5GHz EHT240Hz support
Vietnam: Added support for the 6GHz band
USA: Added support for 5GHz EHT 240 MHz
Japan: Added support for 6GHz EHT 320 MHz
Fixed the Wi-Fi client certificate error issue when accessing the Captive Portal page.
Fixed the Wi-Fi clients disconnect issue when Manage VLAN was enabled and a myPSK was added or modified.
Fixed an issue where disabling an SSID with 802.11w enabled caused disconnections on other SSIDs during myPSK updates.
Added Layer 3 Outbound Firewall so admins can control where wireless client traffic goes or block it to improve network security.
To comply with new regulations in Indonesia, the output power for Band 4 has been updated from EIRP 23 dBm to EIRP 36 dBm.
Optimize Wi-Fi reload after AP settings are changed, making wireless clients reinitial the connection more quickly.
Improve AP performance and throughput when the AVXpress is enabled.
Deauthentication, enabling it to forcibly disconnect wireless clients from the network. Additionally, EnGenius Cloud offers an API for remote management of client Deauthentication.
Disabling mDNS when Local Web Pages are turned off to improved security.
Resolve the issue where the SysName object of the SNMP interface does not synchronize with the device name.
Resolve the issue of abnormal analysis in Frequency Spectrum monitoring.
Resolved the random AP disconnection issue that occurred when encryption features (e.g., MYPSK) were enabled in heavy-traffic environments.
Enlarge the RSSI threshold range for Fast Handover function providing more flexibility for to fine tune the roaming sensitivity special environments.
Resolved the issue where enabling MyPSK function, AP will random drop wireless clients.
Resolved the issue when there are 50 Walled Garden entries were set, part of the entries may not take effect on APs.
Fix the issue that AP will trigger error evil twin alarms of AirGuard function.
Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.
Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.
Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.
Support EnGenius fast-handover algorithm 2.0
Remove dropbear [email protected] encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.
Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.
Add support for SAMLv2 in Captive portal with Azure-AD
A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.
(a) What is SAMLv2?
SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.
(b) Implications of This Update
Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.
(c) Practical Applications
Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.
In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.
Support HTTPS-Only for local device page
To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.
(a) Importance of HTTPS for Security
HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:
Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.
(b) Implementation and Control
By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.
In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.
Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.
Support wireless client MAC-based WMM
(a) Wi-Fi Multimedia (WMM) Overview:
Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:
Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.
(b) What Does "MAC-Based WMM Support" Mean?
The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.
(c) Practical Applications of Mac-Based WMM
Here are several scenarios where mac-based WMM can significantly enhance network management and performance:
Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.
Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.
Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.
Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.
Support application DSCP tagging
(a) What is DSCP?
DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.
DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.
(b) How Does DSCP Work?
When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.
(c) Benefits of DSCP Tagging
Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.
(d) Applications of DSCP Tagging in Enterprise Networks
Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.
Support hotspot2.0 and openRoaming
(a) What is Hotspot 2.0?
Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.
(b) Key Features of Hotspot 2.0
Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.
(c) What is OpenRoaming?
OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.
(d) Benefits of OpenRoaming
Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.
(e) Applications and Implications of Hotspot 2.0 and OpenRoaming
Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.
The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.
Fix the issue that AP sometimes goes offline even when the network is functioning normally.
Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.
Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.
mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.
Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.
Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.
Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.
Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).
Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:
(a) WPA3 Personal (SAE)
(b) WPA3-Personal/WPA2-PSK mixed
(c) WPA3 Enterprise with suite-b disabled
Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.
Fixed the issue with high CPU loading when users enabled Air-Guard function under multiple ECW-AP S model environment.
Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.
Support BLE Presence Reporting.
Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.
Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.
Enhance IOT client association compatibility.
Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.
WIDS supports co-defense scheme.
Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue
Add configuration to accept RADIUS server's VLAN attribute or not.
Support wireless spectrum analysis.
Support DFS channel fallback scheme.
Support MAC-based authentication with RADIUS (OPEN).
WPA3-SAE and WAP3/WAP2 mixed mode support Dynamic Client VLAN Pooling.
Support zero-wait DFS.
Support EnGenius Air Guard features.
Support instant WIDS event log report.
Execute diag tool/All Channel Utilization by scanning radio
Supports SmartCasting, enabling guests to effortlessly stream media from mobile devices to room TVs via a dedicated SSID and QR code.
Supports Wi-Fi Calling for seamless, high-quality voice communication over enterprise Wi-Fi
Support automatically detecting the country using GeoIP and displayed on the Local Status Page (LSP) and standalone UI.
Added MyPSK support for secure, personalized Wi-Fi access without multiple SSIDs
Fixed the issue with the captive-portal certificate update failing
Standalone GUI support enables flexible, quick setup in isolated networks
Added Layer 3 Outbound Firewall so admins can control where wireless client traffic goes or block it to improve network security.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Added JP country code to Auto Channel List to meet Japanese regulations
Deauthentication, enabling it to forcibly disconnect wireless clients from the network. Additionally, EnGenius Cloud offers an API for remote management of client Deauthentication.
Disabling mDNS when Local Web Pages are turned off to improved security.
Client information includes VLAN ID for improved visibility and troubleshooting.
Resolve the issue where the SysName object of the SNMP interface does not synchronize with the device name.
Reduced AP offline notification frequency for clearer, more actionable alerts.
Enlarge the RSSI threshold range for Fast Handover function providing more flexibility for to fine tune the roaming sensitivity special environments.
Support VLAN by Radius in WAP2/WAP3
Support Radesc
Fixed an issue where the per-user bandwidth limit was not working
Fix ths issue that BCMC Suppression function blocks mDNS packets when mDNS Forwarding is enabled, allowing seamless device discovery across different network environments.
Allows different AP-Lite models to be meshed together, increasing the flexibility of WiFi network deployment.
This f/w version is for the first release.
Fixed an issue where PlayStation 4 (PS4) devices occasionally failed to connect properly to the PlayStation Network (PSN) through EnGenius APs.
Resolved an issue where modifying the configuration of one SSID could randomly cause WiFi connection loss.
Support operating channel width display on the EnGenius Cloud AP details page, which is targeted to be ready in mid-Sep.
Fixed an issue where running spectrum analysis could cause Wi-Fi clients disconnected.
Support 6 GHz support in India for faster speeds, lower latency, and a more reliable wireless experience.
Support automatically detecting the country using GeoIP and displayed on the Local Status Page (LSP).
Channel specification updates based on regulatory changes in different countries
Mexico: Support 6GHz.
Configuration changes may possibly cause Captive Portal to malfunction, leading to the splash page not functioning properly.
Channel specification updates based on regulatory changes in different countries
Australia: Added Channel 144
New Zealand: Added Channel 144
Canada: Removed Channels 120 / 124 / 128 and 5GHz EHT240Hz support
Vietnam: Added support for the 6GHz band
USA: Added support for 5GHz EHT 240 MHz
Japan: Added support for 6GHz EHT 320 MHz
Fixed the Wi-Fi client certificate error issue when accessing the Captive Portal page.
Fixed the Wi-Fi clients disconnect issue when Manage VLAN was enabled and a myPSK was added or modified.
Fixed an issue where disabling an SSID with 802.11w enabled caused disconnections on other SSIDs during myPSK updates.
Added Layer 3 Outbound Firewall so admins can control where wireless client traffic goes or block it to improve network security.
To comply with new regulations in Indonesia, the output power for Band 4 has been updated from EIRP 23 dBm to EIRP 36 dBm.
Optimize Wi-Fi reload after AP settings are changed, making wireless clients reinitial the connection more quickly.
Improve AP performance and throughput when the AVXpress is enabled.
Deauthentication, enabling it to forcibly disconnect wireless clients from the network. Additionally, EnGenius Cloud offers an API for remote management of client Deauthentication.
Disabling mDNS when Local Web Pages are turned off to improved security.
Resolve the issue where the SysName object of the SNMP interface does not synchronize with the device name.
Resolve the issue of abnormal analysis in Frequency Spectrum monitoring.
Resolved the random AP disconnection issue that occurred when encryption features (e.g., MYPSK) were enabled in heavy-traffic environments.
Enlarge the RSSI threshold range for Fast Handover function providing more flexibility for to fine tune the roaming sensitivity special environments.
Resolved the issue where enabling MyPSK function, AP will random drop wireless clients.
Resolved the issue when there are 50 Walled Garden entries were set, part of the entries may not take effect on APs.
Fix the issue that AP will trigger error evil twin alarms of AirGuard function.
Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.
Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.
Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.
Support EnGenius fast-handover algorithm 2.0
Remove dropbear [email protected] encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.
Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.
Add support for SAMLv2 in Captive portal with Azure-AD
A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.
(a) What is SAMLv2?
SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.
(b) Implications of This Update
Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.
(c) Practical Applications
Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.
In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.
Support HTTPS-Only for local device page
To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.
(a) Importance of HTTPS for Security
HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:
Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.
(b) Implementation and Control
By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.
In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.
Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.
Support wireless client MAC-based WMM
(a) Wi-Fi Multimedia (WMM) Overview:
Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:
Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.
(b) What Does "MAC-Based WMM Support" Mean?
The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.
(c) Practical Applications of Mac-Based WMM
Here are several scenarios where mac-based WMM can significantly enhance network management and performance:
Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.
Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.
Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.
Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.
Support application DSCP tagging
(a) What is DSCP?
DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.
DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.
(b) How Does DSCP Work?
When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.
(c) Benefits of DSCP Tagging
Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.
(d) Applications of DSCP Tagging in Enterprise Networks
Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.
Support hotspot2.0 and openRoaming
(a) What is Hotspot 2.0?
Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.
(b) Key Features of Hotspot 2.0
Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.
(c) What is OpenRoaming?
OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.
(d) Benefits of OpenRoaming
Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.
(e) Applications and Implications of Hotspot 2.0 and OpenRoaming
Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.
The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.
Fix the issue that AP sometimes goes offline even when the network is functioning normally.
Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.
Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.
mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.
Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.
Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.
Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.
Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).
Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:
(a) WPA3 Personal (SAE)
(b) WPA3-Personal/WPA2-PSK mixed
(c) WPA3 Enterprise with suite-b disabled
Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.
Fixed the issue with high CPU loading when users enabled Air-Guard function under multiple ECW-AP S model environment.
Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.
Support BLE Presence Reporting.
Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.
Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.
Enhance IOT client association compatibility.
Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.
WIDS supports co-defense scheme.
Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue
Add configuration to accept RADIUS server's VLAN attribute or not.
Support wireless spectrum analysis.
Support DFS channel fallback scheme.
Support MAC-based authentication with RADIUS (OPEN).
WPA3-SAE and WAP3/WAP2 mixed mode support Dynamic Client VLAN Pooling.
Support zero-wait DFS.
Support EnGenius Air Guard features.
Support instant WIDS event log report.
Execute diag tool/All Channel Utilization by scanning radio
Fixed an issue where PlayStation 4 (PS4) devices occasionally failed to connect properly to the PlayStation Network (PSN) through EnGenius APs.
Resolved an issue where modifying the configuration of one SSID could randomly cause WiFi connection loss.
Support operating channel width display on the EnGenius Cloud AP details page, which is targeted to be ready in mid-Sep.
Support 6 GHz support in India for faster speeds, lower latency, and a more reliable wireless experience.
Support automatically detecting the country using GeoIP and displayed on the Local Status Page (LSP).
Channel specification updates based on regulatory changes in different countries
Mexico: Support 6GHz.
DFS channels under the FCC domain are now supported on the ECW260.
Channel specification updates based on regulatory changes in different countries
Australia: Added Channel 144
New Zealand: Added Channel 144
Canada: Removed Channels 120 / 124 / 128 and 5GHz EHT240Hz support
Vietnam: Added support for the 6GHz band
USA: Added support for 5GHz EHT 240 MHz
Japan: Added support for 6GHz EHT 320 MHz
Fixed the Wi-Fi client certificate error issue when accessing the Captive Portal page.
Fixed the Wi-Fi clients disconnect issue when Manage VLAN was enabled and a myPSK was added or modified.
Fixed an issue where disabling an SSID with 802.11w enabled caused disconnections on other SSIDs during myPSK updates.
Added Layer 3 Outbound Firewall so admins can control where wireless client traffic goes or block it to improve network security.
To comply with new regulations in Indonesia, the output power for Band 4 has been updated from EIRP 23 dBm to EIRP 36 dBm.
Optimize Wi-Fi reload after AP settings are changed, making wireless clients reinitial the connection more quickly.
Improve AP performance and throughput when the AVXpress is enabled.
Deauthentication, enabling it to forcibly disconnect wireless clients from the network. Additionally, EnGenius Cloud offers an API for remote management of client Deauthentication.
Disabling mDNS when Local Web Pages are turned off to improved security.
Resolve the issue where the SysName object of the SNMP interface does not synchronize with the device name.
Resolve the issue of abnormal analysis in Frequency Spectrum monitoring.
Resolved the random AP disconnection issue that occurred when encryption features (e.g., MYPSK) were enabled in heavy-traffic environments.
Enlarge the RSSI threshold range for Fast Handover function providing more flexibility for to fine tune the roaming sensitivity special environments.
Resolved the issue where enabling MyPSK function, AP will random drop wireless clients.
Resolved the issue when there are 50 Walled Garden entries were set, part of the entries may not take effect on APs.
Fix the issue that AP will trigger error evil twin alarms of AirGuard function.
Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.
Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.
Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.
Support EnGenius fast-handover algorithm 2.0
Remove dropbear [email protected] encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.
Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.
Add support for SAMLv2 in Captive portal with Azure-AD
A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.
(a) What is SAMLv2?
SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.
(b) Implications of This Update
Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.
(c) Practical Applications
Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.
In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.
Support HTTPS-Only for local device page
To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.
(a) Importance of HTTPS for Security
HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:
Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.
(b) Implementation and Control
By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.
In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.
Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.
Support wireless client MAC-based WMM
(a) Wi-Fi Multimedia (WMM) Overview:
Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:
Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.
(b) What Does "MAC-Based WMM Support" Mean?
The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.
(c) Practical Applications of Mac-Based WMM
Here are several scenarios where mac-based WMM can significantly enhance network management and performance:
Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.
Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.
Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.
Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.
Support application DSCP tagging
(a) What is DSCP?
DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.
DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.
(b) How Does DSCP Work?
When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.
(c) Benefits of DSCP Tagging
Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.
(d) Applications of DSCP Tagging in Enterprise Networks
Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.
Support hotspot2.0 and openRoaming
(a) What is Hotspot 2.0?
Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.
(b) Key Features of Hotspot 2.0
Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.
(c) What is OpenRoaming?
OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.
(d) Benefits of OpenRoaming
Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.
(e) Applications and Implications of Hotspot 2.0 and OpenRoaming
Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.
The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.
Fix the issue that AP sometimes goes offline even when the network is functioning normally.
Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.
Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.
mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.
Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.
Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.
Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.
Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).
Fixed vulnerability issue (CVE-2022-38546).
Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:
(a) WPA3 Personal (SAE)
(b) WPA3-Personal/WPA2-PSK mixed
(c) WPA3 Enterprise with suite-b disabled
Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.
Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.
Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.
Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.
Enhance IOT client association compatibility.
Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.
Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue
Add configuration to accept RADIUS server's VLAN attribute or not.
Support wireless spectrum analysis.
Support DFS channel fallback scheme.
Support MAC-based authentication with RADIUS (OPEN).
WPA3-SAE and WAP3/WAP2 mixed mode support Dynamic Client VLAN Pooling.
Support DCS (Dynamic Channel Selection) by background scanning.
Enhance bcmc function that may block DHCP broadcast OFFER/ACK packets.
Support auto-channel with "Exclude DFS" config.
Support EnGenius cloud diagnostic mode.
Enclose fix for FragAttacks security issue.
Support system-reserved IP range pool.
Support RADIUS CoA disconnect-client requests.
Perform periodically scanning for 802.11k report without background scanning.
Support intelligent band-steering.
Support proxy ARP.
Support 802.1x/captive portal with Google Auth.
Support RADIUS WISPr traffic control and traffic quantity attributes.
Support RADIUS MAC-Auth in captive portal.
Support captive portal authentication by LDAP/AD server: single SSID, single server.
Update 2.4GHz HT20 auto-channel algorithm for using 1,6,11 channels.
Optimized wireless connectivity for 11AX models.
Fix target assert issue caused by iPhone11/iPhone12 for 802.11ax models.
Add log message for Wi-Fi reload event.
Add protection to prevent Wi-Fi interface could not be brought up.
Support Facebook Wi-Fi.
Add client's TX/RX Byte information in disassociation event log.
Modify LSP Page about HTTP/HTTPS proxy setting.
Handle HTTP error code 504 upon check-in to cloud server.
Handle private MAC address detection with blocked info messages.
Adjust mesh related syslog contents.
Support RSTP.
Support background scanning ON/OFF option.
Update certificate for HTTPS access to LSP page.
Remove unnecessary WLAN event logs.
Handle larger max. client limit value from cloud server.
Fixed the issue that LED on/off would trigger network reload with specific configurations.
Support MAC address authentication with RADIUS server.
Support MyPSK with RADIUS server authentication.
Handle VLAN ID attribute from RADIUS authentication responses.
Support SSDP responder and adjust mDNS response content.
Band Steering feature encloses improvement for 802.11k/v and utilizes 802.11r fasting roaming technique to avoid re-authentication upon connection to different radio band.
Procedures of applying WLAN configuration has been optimized to shorten needed time for setting update.
Enhance Captive Portal secure login with HTTPS-based information exchange.
Support my-PSK with dynamic VLAN for WPA2-PSK authentication. (only available from EnGenius Cloud, not external radius)
Mesh AP node supports traffic shaping.
Support SNMP v2/v3 for local management with Get function.
Support multicast to unicast per radio.
Captive Portal feature supports client-leave-network timeout.
Support Client Balancing to steer the client to connect to best available AP.
Support dynamic VLAN (VLAN Pooling).
Support Broadcast/Multicast suppression.
Adjust channel candidates of Auto-channel selection (ACS).
Adjust power table limitation of Malaysia and Indonesia.
Apply auto-channel selection mechanism update
Apply regulatory domain update
Adjust DTIM from 2 to 3
Adjust amsdu parameter from 7 to 3 for Wi-Fi 6 models
Turn Uplink OFDMA on by default for Wi-Fi 6 models
Fixed an issue where PlayStation 4 (PS4) devices occasionally failed to connect properly to the PlayStation Network (PSN) through EnGenius APs.
Resolved an issue where modifying the configuration of one SSID could randomly cause WiFi connection loss.
Support operating channel width display on the EnGenius Cloud AP details page, which is targeted to be ready in mid-Sep.
Support 6 GHz support in India for faster speeds, lower latency, and a more reliable wireless experience.
Support automatically detecting the country using GeoIP and displayed on the Local Status Page (LSP).
Channel specification updates based on regulatory changes in different countries
Mexico: Support 6GHz.
Configuration changes may possibly cause Captive Portal to malfunction, leading to the splash page not functioning properly.
Channel specification updates based on regulatory changes in different countries
Australia: Added Channel 144
New Zealand: Added Channel 144
Canada: Removed Channels 120 / 124 / 128 and 5GHz EHT240Hz support
Vietnam: Added support for the 6GHz band
USA: Added support for 5GHz EHT 240 MHz
Japan: Added support for 6GHz EHT 320 MHz
Fixed the Wi-Fi client certificate error issue when accessing the Captive Portal page.
Fixed the Wi-Fi clients disconnect issue when Manage VLAN was enabled and a myPSK was added or modified.
Fixed an issue where disabling an SSID with 802.11w enabled caused disconnections on other SSIDs during myPSK updates.
Added Layer 3 Outbound Firewall so admins can control where wireless client traffic goes or block it to improve network security.
To comply with new regulations in Indonesia, the output power for Band 4 has been updated from EIRP 23 dBm to EIRP 36 dBm.
Optimize Wi-Fi reload after AP settings are changed, making wireless clients reinitial the connection more quickly.
Improve AP performance and throughput when the AVXpress is enabled.
Deauthentication, enabling it to forcibly disconnect wireless clients from the network. Additionally, EnGenius Cloud offers an API for remote management of client Deauthentication.
Disabling mDNS when Local Web Pages are turned off to improved security.
Resolve the issue where the SysName object of the SNMP interface does not synchronize with the device name.
Resolve the issue of abnormal analysis in Frequency Spectrum monitoring.
Resolved the random AP disconnection issue that occurred when encryption features (e.g., MYPSK) were enabled in heavy-traffic environments.
Enlarge the RSSI threshold range for Fast Handover function providing more flexibility for to fine tune the roaming sensitivity special environments.
Resolved the issue where enabling MyPSK function, AP will random drop wireless clients.
Resolved the issue when there are 50 Walled Garden entries were set, part of the entries may not take effect on APs.
Fix the issue that AP will trigger error evil twin alarms of AirGuard function.
Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.
Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.
Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.
Support EnGenius fast-handover algorithm 2.0
Remove dropbear [email protected] encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.
Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.
Add support for SAMLv2 in Captive portal with Azure-AD
A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.
(a) What is SAMLv2?
SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.
(b) Implications of This Update
Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.
(c) Practical Applications
Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.
In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.
Support HTTPS-Only for local device page
To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.
(a) Importance of HTTPS for Security
HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:
Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.
(b) Implementation and Control
By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.
In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.
Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.
Support wireless client MAC-based WMM
(a) Wi-Fi Multimedia (WMM) Overview:
Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:
Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.
(b) What Does "MAC-Based WMM Support" Mean?
The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.
(c) Practical Applications of Mac-Based WMM
Here are several scenarios where mac-based WMM can significantly enhance network management and performance:
Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.
Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.
Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.
Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.
Support application DSCP tagging
(a) What is DSCP?
DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.
DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.
(b) How Does DSCP Work?
When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.
(c) Benefits of DSCP Tagging
Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.
(d) Applications of DSCP Tagging in Enterprise Networks
Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.
Support hotspot2.0 and openRoaming
(a) What is Hotspot 2.0?
Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.
(b) Key Features of Hotspot 2.0
Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.
(c) What is OpenRoaming?
OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.
(d) Benefits of OpenRoaming
Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.
(e) Applications and Implications of Hotspot 2.0 and OpenRoaming
Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.
The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.
Fix the issue that AP sometimes goes offline even when the network is functioning normally.
Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.
Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.
mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.
Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.
Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.
Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.
Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).
Fixed vulnerability issue (CVE-2022-38546).
Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:
(a) WPA3 Personal (SAE)
(b) WPA3-Personal/WPA2-PSK mixed
(c) WPA3 Enterprise with suite-b disabled
Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.
Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.
Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.
Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.
Enhance IOT client association compatibility.
Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.
Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue
Add configuration to accept RADIUS server's VLAN attribute or not.
Support wireless spectrum analysis.
Support DFS channel fallback scheme.
Support MAC-based authentication with RADIUS (OPEN).
WPA3-SAE and WAP3/WAP2 mixed mode support Dynamic Client VLAN Pooling.
Support DCS (Dynamic Channel Selection) by background scanning.
Enhance bcmc function that may block DHCP broadcast OFFER/ACK packets.
Support auto-channel with "Exclude DFS" config.
Support EnGenius cloud diagnostic mode.
Enclose fix for FragAttacks security issue.
Support system-reserved IP range pool.
Support RADIUS CoA disconnect-client requests.
Perform periodically scanning for 802.11k report without background scanning.
Support intelligent band-steering.
Support proxy ARP.
Support 802.1x/captive portal with Google Auth.
Support RADIUS WISPr traffic control and traffic quantity attributes.
Support RADIUS MAC-Auth in captive portal.
Support captive portal authentication by LDAP/AD server: single SSID, single server.
Update 2.4GHz HT20 auto-channel algorithm for using 1,6,11 channels.
Optimized wireless connectivity for 11AX models.
Fix target assert issue caused by iPhone11/iPhone12 for 802.11ax models.
Add log message for Wi-Fi reload event.
Add protection to prevent Wi-Fi interface could not be brought up.
Force client balancing disabled on ECW220/ECW230.
Support Facebook Wi-Fi.
Add client's TX/RX Byte information in disassociation event log.
Modify LSP Page about HTTP/HTTPS proxy setting.
Handle HTTP error code 504 upon check-in to cloud server.
Handle private MAC address detection with blocked info messages.
Adjust mesh related syslog contents.
Support RSTP.
Support background scanning ON/OFF option.
Update certificate for HTTPS access to LSP page.
ECW230v3 supports CE/FCC DFS channels.
Remove unnecessary WLAN event logs.
Handle larger max. client limit value from cloud server.
Fixed the issue that LED on/off would trigger network reload with specific configurations.
Support MAC address authentication with RADIUS server.
Support MyPSK with RADIUS server authentication.
Handle VLAN ID attribute from RADIUS authentication responses.
Support SSDP responder and adjust mDNS response content.
Band Steering feature encloses improvement for 802.11k/v and utilizes 802.11r fasting roaming technique to avoid re-authentication upon connection to different radio band.
Procedures of applying WLAN configuration has been optimized to shorten needed time for setting update.
Enhance Captive Portal secure login with HTTPS-based information exchange.
Support my-PSK with dynamic VLAN for WPA2-PSK authentication. (only available from EnGenius Cloud, not external radius)
Mesh AP node supports traffic shaping.
Support SNMP v2/v3 for local management with Get function.
Support multicast to unicast per radio.
Captive Portal feature supports client-leave-network timeout.
Support Client Balancing to steer the client to connect to best available AP.
Support dynamic VLAN (VLAN Pooling).
Support Broadcast/Multicast suppression.
Adjust channel candidates of Auto-channel selection (ACS).
Adjust power table limitation of Malaysia and Indonesia.
Apply auto-channel selection mechanism update
Apply regulatory domain update
Adjust DTIM from 2 to 3
Adjust amsdu parameter from 7 to 3 for Wi-Fi 6 models
Turn Uplink OFDMA on by default for Wi-Fi 6 models
Fixed an issue where PlayStation 4 (PS4) devices occasionally failed to connect properly to the PlayStation Network (PSN) through EnGenius APs.
Resolved an issue where modifying the configuration of one SSID could randomly cause WiFi connection loss.
Support operating channel width display on the EnGenius Cloud AP details page, which is targeted to be ready in mid-Sep.
Support 6 GHz support in India for faster speeds, lower latency, and a more reliable wireless experience.
Support automatically detecting the country using GeoIP and displayed on the Local Status Page (LSP).
Channel specification updates based on regulatory changes in different countries
Mexico: Support 6GHz.
Configuration changes may possibly cause Captive Portal to malfunction, leading to the splash page not functioning properly.
Channel specification updates based on regulatory changes in different countries
Australia: Added Channel 144
New Zealand: Added Channel 144
Canada: Removed Channels 120 / 124 / 128 and 5GHz EHT240Hz support
Vietnam: Added support for the 6GHz band
USA: Added support for 5GHz EHT 240 MHz
Japan: Added support for 6GHz EHT 320 MHz
Fixed the Wi-Fi client certificate error issue when accessing the Captive Portal page.
Fixed the Wi-Fi clients disconnect issue when Manage VLAN was enabled and a myPSK was added or modified.
Fixed an issue where disabling an SSID with 802.11w enabled caused disconnections on other SSIDs during myPSK updates.
Added Layer 3 Outbound Firewall so admins can control where wireless client traffic goes or block it to improve network security.
To comply with new regulations in Indonesia, the output power for Band 4 has been updated from EIRP 23 dBm to EIRP 36 dBm.
Optimize Wi-Fi reload after AP settings are changed, making wireless clients reinitial the connection more quickly.
Improve AP performance and throughput when the AVXpress is enabled.
Deauthentication, enabling it to forcibly disconnect wireless clients from the network. Additionally, EnGenius Cloud offers an API for remote management of client Deauthentication.
Disabling mDNS when Local Web Pages are turned off to improved security.
Resolve the issue where the SysName object of the SNMP interface does not synchronize with the device name.
Resolve the issue of abnormal analysis in Frequency Spectrum monitoring.
Resolved the random AP disconnection issue that occurred when encryption features (e.g., MYPSK) were enabled in heavy-traffic environments.
Enlarge the RSSI threshold range for Fast Handover function providing more flexibility for to fine tune the roaming sensitivity special environments.
Resolved the issue where enabling MyPSK function, AP will random drop wireless clients.
Resolved the issue when there are 50 Walled Garden entries were set, part of the entries may not take effect on APs.
Fix the issue that AP will trigger error evil twin alarms of AirGuard function.
Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.
Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.
Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.
Support EnGenius fast-handover algorithm 2.0
Remove dropbear [email protected] encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.
Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.
Add support for SAMLv2 in Captive portal with Azure-AD
A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.
(a) What is SAMLv2?
SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.
(b) Implications of This Update
Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.
(c) Practical Applications
Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.
In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.
Support HTTPS-Only for local device page
To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.
(a) Importance of HTTPS for Security
HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:
Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.
(b) Implementation and Control
By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.
In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.
Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.
Support wireless client MAC-based WMM
(a) Wi-Fi Multimedia (WMM) Overview:
Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:
Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.
(b) What Does "MAC-Based WMM Support" Mean?
The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.
(c) Practical Applications of Mac-Based WMM
Here are several scenarios where mac-based WMM can significantly enhance network management and performance:
Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.
Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.
Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.
Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.
Support application DSCP tagging
(a) What is DSCP?
DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.
DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.
(b) How Does DSCP Work?
When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.
(c) Benefits of DSCP Tagging
Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.
(d) Applications of DSCP Tagging in Enterprise Networks
Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.
Support hotspot2.0 and openRoaming
(a) What is Hotspot 2.0?
Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.
(b) Key Features of Hotspot 2.0
Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.
(c) What is OpenRoaming?
OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.
(d) Benefits of OpenRoaming
Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.
(e) Applications and Implications of Hotspot 2.0 and OpenRoaming
Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.
The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.
Fix the issue that AP sometimes goes offline even when the network is functioning normally.
Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.
Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.
mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.
Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.
Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.
Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.
Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).
Fixed vulnerability issue (CVE-2022-38546).
Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:
(a) WPA3 Personal (SAE)
(b) WPA3-Personal/WPA2-PSK mixed
(c) WPA3 Enterprise with suite-b disabled
Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.
Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.
Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.
Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.
Enhance IOT client association compatibility.
Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.
Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue
Add configuration to accept RADIUS server's VLAN attribute or not.
Support wireless spectrum analysis.
Support DFS channel fallback scheme.
Support MAC-based authentication with RADIUS (OPEN).
WPA3-SAE and WAP3/WAP2 mixed mode support Dynamic Client VLAN Pooling.
Support DCS (Dynamic Channel Selection) by background scanning.
Enhance bcmc function that may block DHCP broadcast OFFER/ACK packets.
Support auto-channel with "Exclude DFS" config.
Support EnGenius cloud diagnostic mode.
Enclose fix for FragAttacks security issue.
Support system-reserved IP range pool.
Support RADIUS CoA disconnect-client requests.
Perform periodically scanning for 802.11k report without background scanning.
Support intelligent band-steering.
Support proxy ARP.
Support 802.1x/captive portal with Google Auth.
Support RADIUS WISPr traffic control and traffic quantity attributes.
Support RADIUS MAC-Auth in captive portal.
Support captive portal authentication by LDAP/AD server: single SSID, single server.
Update 2.4GHz HT20 auto-channel algorithm for using 1,6,11 channels.
Optimized wireless connectivity for 11AX models.
Fix target assert issue caused by iPhone11/iPhone12 for 802.11ax models.
Add log message for Wi-Fi reload event.
Add protection to prevent Wi-Fi interface could not be brought up.
Force client balancing disabled on ECW220/ECW230.
Support Facebook Wi-Fi.
Add client's TX/RX Byte information in disassociation event log.
Modify LSP Page about HTTP/HTTPS proxy setting.
Handle HTTP error code 504 upon check-in to cloud server.
Handle private MAC address detection with blocked info messages.
Adjust mesh related syslog contents.
Support RSTP.
Support background scanning ON/OFF option.
Update certificate for HTTPS access to LSP page.
ECW220v2 supports CE/FCC DFS channels.
Remove unnecessary WLAN event logs.
Handle larger max. client limit value from cloud server.
Fixed the issue that LED on/off would trigger network reload with specific configurations.
Support MAC address authentication with RADIUS server.
Support MyPSK with RADIUS server authentication.
Handle VLAN ID attribute from RADIUS authentication responses.
Support SSDP responder and adjust mDNS response content.
Band Steering feature encloses improvement for 802.11k/v and utilizes 802.11r fasting roaming technique to avoid re-authentication upon connection to different radio band.
Procedures of applying WLAN configuration has been optimized to shorten needed time for setting update.
Enhance Captive Portal secure login with HTTPS-based information exchange.
Support my-PSK with dynamic VLAN for WPA2-PSK authentication. (only available from EnGenius Cloud, not external radius)
Mesh AP node supports traffic shaping.
Support SNMP v2/v3 for local management with Get function.
Support multicast to unicast per radio.
Captive Portal feature supports client-leave-network timeout.
Support Client Balancing to steer the client to connect to best available AP.
Support dynamic VLAN (VLAN Pooling).
Support Broadcast/Multicast suppression.
Adjust channel candidates of Auto-channel selection (ACS).
Adjust power table limitation of Malaysia and Indonesia.
Apply auto-channel selection mechanism update
Apply regulatory domain update
Adjust DTIM from 2 to 3
Adjust amsdu parameter from 7 to 3 for Wi-Fi 6 models
Turn Uplink OFDMA on by default for Wi-Fi 6 models
Resolved the random AP disconnection issue that occurred when encryption features (e.g., MYPSK) were enabled in heavy-traffic environments.
Enlarge the RSSI threshold range for Fast Handover function providing more flexibility for to fine tune the roaming sensitivity special environments.
Resolved the issue where enabling MyPSK function, AP will random drop wireless clients.
Resolved the issue when there are 50 Walled Garden entries were set, part of the entries may not take effect on APs.
Fix the issue that AP will trigger error evil twin alarms of AirGuard function.
Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.
Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.
Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.
Support EnGenius fast-handover algorithm 2.0
Remove dropbear [email protected] encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.
Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.
Add support for SAMLv2 in Captive portal with Azure-AD
A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.
(a) What is SAMLv2?
SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.
(b) Implications of This Update
Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.
(c) Practical Applications
Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.
In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.
Support HTTPS-Only for local device page
To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.
(a) Importance of HTTPS for Security
HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:
Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.
(b) Implementation and Control
By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.
In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.
Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.
Support wireless client MAC-based WMM
(a) Wi-Fi Multimedia (WMM) Overview:
Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:
Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.
(b) What Does "MAC-Based WMM Support" Mean?
The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.
(c) Practical Applications of Mac-Based WMM
Here are several scenarios where mac-based WMM can significantly enhance network management and performance:
Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.
Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.
Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.
Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.
Support application DSCP tagging
(a) What is DSCP?
DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.
DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.
(b) How Does DSCP Work?
When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.
(c) Benefits of DSCP Tagging
Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.
(d) Applications of DSCP Tagging in Enterprise Networks
Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.
Support hotspot2.0 and openRoaming
(a) What is Hotspot 2.0?
Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.
(b) Key Features of Hotspot 2.0
Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.
(c) What is OpenRoaming?
OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.
(d) Benefits of OpenRoaming
Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.
(e) Applications and Implications of Hotspot 2.0 and OpenRoaming
Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.
The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.
Fix the issue that AP sometimes goes offline even when the network is functioning normally.
Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.
Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.
mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.
Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.
Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.
Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.
Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).
Fixed vulnerability issue (CVE-2022-38546).
Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:
(a) WPA3 Personal (SAE)
(b) WPA3-Personal/WPA2-PSK mixed
(c) WPA3 Enterprise with suite-b disabled
Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.
Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.
Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.
Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.
Enhance IOT client association compatibility.
Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.
Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue
Add configuration to accept RADIUS server's VLAN attribute or not.
Support wireless spectrum analysis.
Support DFS channel fallback scheme.
Support MAC-based authentication with RADIUS (OPEN).
WPA3-SAE and WAP3/WAP2 mixed mode support Dynamic Client VLAN Pooling.
Support DCS (Dynamic Channel Selection) by background scanning.
Enhance bcmc function that may block DHCP broadcast OFFER/ACK packets.
Support auto-channel with "Exclude DFS" config.
Support EnGenius cloud diagnostic mode.
Enclose fix for FragAttacks security issue.
Support system-reserved IP range pool.
Support RADIUS CoA disconnect-client requests.
Perform periodically scanning for 802.11k report without background scanning.
Support intelligent band-steering.
Support proxy ARP.
Support 802.1x/captive portal with Google Auth.
Support RADIUS WISPr traffic control and traffic quantity attributes.
Support RADIUS MAC-Auth in captive portal.
Support captive portal authentication by LDAP/AD server: single SSID, single server.
Update 2.4GHz HT20 auto-channel algorithm for using 1,6,11 channels.
Optimized wireless connectivity for 11AX models.
Fix target assert issue caused by iPhone11/iPhone12 for 802.11ax models.
Add log message for Wi-Fi reload event.
Add protection to prevent Wi-Fi interface could not be brought up.
Force client balancing disabled on ECW220/ECW230.
Support Facebook Wi-Fi.
Add client's TX/RX Byte information in disassociation event log.
Modify LSP Page about HTTP/HTTPS proxy setting.
Handle HTTP error code 504 upon check-in to cloud server.
Handle private MAC address detection with blocked info messages.
Adjust mesh related syslog contents.
Support RSTP.
Support background scanning ON/OFF option.
Update certificate for HTTPS access to LSP page.
Remove unnecessary WLAN event logs.
Handle larger max. client limit value from cloud server.
Fixed the issue that LED on/off would trigger network reload with specific configurations.
Support MAC address authentication with RADIUS server.
Support MyPSK with RADIUS server authentication.
Handle VLAN ID attribute from RADIUS authentication responses.
Support SSDP responder and adjust mDNS response content.
Band Steering feature encloses improvement for 802.11k/v and utilizes 802.11r fasting roaming technique to avoid re-authentication upon connection to different radio band.
Procedures of applying WLAN configuration has been optimized to shorten needed time for setting update.
Enhance Captive Portal secure login with HTTPS-based information exchange.
Support my-PSK with dynamic VLAN for WPA2-PSK authentication. (only available from EnGenius Cloud, not external radius)
Mesh AP node supports traffic shaping.
Support SNMP v2/v3 for local management with Get function.
Support multicast to unicast per radio.
Captive Portal feature supports client-leave-network timeout.
Support Client Balancing to steer the client to connect to best available AP.
Support dynamic VLAN (VLAN Pooling).
Support Broadcast/Multicast suppression.
Adjust channel candidates of Auto-channel selection (ACS).
Adjust power table limitation of Malaysia and Indonesia.
Apply auto-channel selection mechanism update
Apply regulatory domain update
Adjust DTIM from 2 to 3
Adjust amsdu parameter from 7 to 3 for Wi-Fi 6 models
Turn Uplink OFDMA on by default for Wi-Fi 6 models
Support Client Balancing
Support scheduling system reboot
Support L2-Isolation exception rules for VIP feature
Support radius NAS-id/port/addr attributes
Support software reset-to-default for mobile App
Captive portal supports redirurl parameter
Fixed the issue that AP may become unstable when some 2.4GHz-only WiFi clients try connecting to AP.
Fixed the issue that AP may hang up where the SSID profile included “hidden” and users downgrade firmware from v1.3.9 to v1.3.7
Resolve connectivity issue when SSID included space character.
Add log for blocking message clients.
Add log for the action of kicking clients.
N/A
Adjust client isolation behavior in NAT mode.
Support DNS settings per SSID.
Support wireless association banned message.
Support https redirect of captive portal.
N/A
Add an option to disable 802.11ax in 5G Radio.
Support L2 (MAC Address) client Block List per SSID.
Support advanced feature called Traffic Log to send more wireless client information to dedicated syslog server.
Improve auto-channel algorithm to avoid multiple AP choosing the same channel in certain situation.
Support advanced feature called presence reporting which makes the AP continuously gathering 802.11 probe request frames sent by wireless clients and then sending the data to specific 3rd party server.
Improve the efficiency of applying traffic shaping rules.
Support new Client Timeline feature.
Adjust default DHCP lease time of SSID in NAT mode to 5 minutes.
Fix the captive portal issue that triggered RADIUS accounting events before an user is authenticated.
Fix the issue that caused limited IP address allocation for a SSID running in NAT mode.
Fix the issue that caused long duration of captive portal splash page redirection.
Fix driver layer log mechanism to avoid unexpected wireless performance drop.
Improve the efficiency of SSID running in bridge mode.
TX Power tuning options now start from 1 to 10 dBm.
Adjust WMM/DSCP/802.1p mappings to follow conventions.
Support LED Blinking function to trigger an AP to blink its LED for 10 seconds. This could help user to quickly identify the AP.
Fix the issue that caused system to get wrong 2.4G channel utilization data in some special cases.
Support WPA3.
Support Mesh Auto Pairing.
Support the way to access LSP (local support page) with URL http://EnGenius.local and discover AP with Bonjour protocol.
Support the way to show system status with specific SSID name to ease the troubleshooting on device on-boarding.
NAT/Bridge mode now is configurable per SSID. They are supported only in Captive Portal in previous version.
Support the option to discard association requests from legacy 802.11a/b/g clients.
Enhance the efficiency to apply idle-timeout and session-timeout settings of Captive Portal.
Fix the issue that caused memory leak in a special case.
Improve the accuracy of device fingerprint.
Support default configurations of EnGenius Cloud Radius.
Fix captive portal IOT issues for certain wireless clients.
Fix the malfunction of EnGenius Radius authentication that caused by firmware upgrade.
Fix the issue that wireless LED did not blink normally in certain situation.
Fix the issue that the 2nd radius server doesn't work.
Fix the issue that DUT may fail to reload configurations during the system applying mesh.
Fixed an issue where PlayStation 4 (PS4) devices occasionally failed to connect properly to the PlayStation Network (PSN) through EnGenius APs.
Resolved an issue where modifying the configuration of one SSID could randomly cause WiFi connection loss.
Support operating channel width display on the EnGenius Cloud AP details page, which is targeted to be ready in mid-Sep.
Support 6 GHz support in India for faster speeds, lower latency, and a more reliable wireless experience.
Support automatically detecting the country using GeoIP and displayed on the Local Status Page (LSP).
Channel specification updates based on regulatory changes in different countries
Mexico: Support 6GHz.
Configuration changes may possibly cause Captive Portal to malfunction, leading to the splash page not functioning properly.
Channel specification updates based on regulatory changes in different countries
Australia: Added Channel 144
New Zealand: Added Channel 144
Canada: Removed Channels 120 / 124 / 128 and 5GHz EHT240Hz support
Vietnam: Added support for the 6GHz band
USA: Added support for 5GHz EHT 240 MHz
Japan: Added support for 6GHz EHT 320 MHz
Fixed the Wi-Fi client certificate error issue when accessing the Captive Portal page.
Fixed the Wi-Fi clients disconnect issue when Manage VLAN was enabled and a myPSK was added or modified.
Fixed an issue where disabling an SSID with 802.11w enabled caused disconnections on other SSIDs during myPSK updates.
Added Layer 3 Outbound Firewall so admins can control where wireless client traffic goes or block it to improve network security.
To comply with new regulations in Indonesia, the output power for Band 4 has been updated from EIRP 23 dBm to EIRP 36 dBm.
Optimize Wi-Fi reload after AP settings are changed, making wireless clients reinitial the connection more quickly.
Improve AP performance and throughput when the AVXpress is enabled.
Deauthentication, enabling it to forcibly disconnect wireless clients from the network. Additionally, EnGenius Cloud offers an API for remote management of client Deauthentication.
Disabling mDNS when Local Web Pages are turned off to improved security.
Resolve the issue where the SysName object of the SNMP interface does not synchronize with the device name.
Resolve the issue of abnormal analysis in Frequency Spectrum monitoring.
Resolved the random AP disconnection issue that occurred when encryption features (e.g., MYPSK) were enabled in heavy-traffic environments.
Enlarge the RSSI threshold range for Fast Handover function providing more flexibility for to fine tune the roaming sensitivity special environments.
Resolved the issue where enabling MyPSK function, AP will random drop wireless clients.
Resolved the issue when there are 50 Walled Garden entries were set, part of the entries may not take effect on APs.
Fix the issue that AP will trigger error evil twin alarms of AirGuard function.
Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.
Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.
Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.
Support EnGenius fast-handover algorithm 2.0
Remove dropbear [email protected] encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.
Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.
Add support for SAMLv2 in Captive portal with Azure-AD
A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.
(a) What is SAMLv2?
SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.
(b) Implications of This Update
Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.
(c) Practical Applications
Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.
In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.
Support HTTPS-Only for local device page
To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.
(a) Importance of HTTPS for Security
HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:
Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.
(b) Implementation and Control
By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.
In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.
Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.
Support wireless client MAC-based WMM
(a) Wi-Fi Multimedia (WMM) Overview:
Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:
Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.
(b) What Does "MAC-Based WMM Support" Mean?
The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.
(c) Practical Applications of Mac-Based WMM
Here are several scenarios where mac-based WMM can significantly enhance network management and performance:
Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.
Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.
Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.
Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.
Support application DSCP tagging
(a) What is DSCP?
DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.
DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.
(b) How Does DSCP Work?
When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.
(c) Benefits of DSCP Tagging
Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.
(d) Applications of DSCP Tagging in Enterprise Networks
Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.
Support hotspot2.0 and openRoaming
(a) What is Hotspot 2.0?
Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.
(b) Key Features of Hotspot 2.0
Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.
(c) What is OpenRoaming?
OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.
(d) Benefits of OpenRoaming
Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.
(e) Applications and Implications of Hotspot 2.0 and OpenRoaming
Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.
The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.
Fix the issue that AP sometimes goes offline even when the network is functioning normally.
Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.
Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.
mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.
Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.
Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.
Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.
Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).
Fixed vulnerability issue (CVE-2022-38546).
Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:
(a) WPA3 Personal (SAE)
(b) WPA3-Personal/WPA2-PSK mixed
(c) WPA3 Enterprise with suite-b disabled
Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.
Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.
Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.
Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.
Enhance IOT client association compatibility.
Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.
Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue
Add configuration to accept RADIUS server's VLAN attribute or not.
Support wireless spectrum analysis.
Support DFS channel fallback scheme.
Support MAC-based authentication with RADIUS (OPEN).
WPA3-SAE and WAP3/WAP2 mixed mode support Dynamic Client VLAN Pooling.
Support DCS (Dynamic Channel Selection) by background scanning.
Enhance bcmc function that may block DHCP broadcast OFFER/ACK packets.
Support auto-channel with "Exclude DFS" config.
Support EnGenius cloud diagnostic mode.
Enclose fix for FragAttacks security issue.
Support system-reserved IP range pool.
Support RADIUS CoA disconnect-client requests.
Perform periodically scanning for 802.11k report without background scanning.
Support intelligent band-steering.
Support proxy ARP.
Support 802.1x/captive portal with Google Auth.
Support RADIUS WISPr traffic control and traffic quantity attributes.
Support RADIUS MAC-Auth in captive portal.
Support captive portal authentication by LDAP/AD server: single SSID, single server.
Update 2.4GHz HT20 auto-channel algorithm for using 1,6,11 channels.
Optimized wireless connectivity for 11AX models.
Fix target assert issue caused by iPhone11/iPhone12 for 802.11ax models.
Add log message for Wi-Fi reload event.
Add protection to prevent Wi-Fi interface could not be brought up.
Force client balancing disabled on ECW220/ECW230.
Support Facebook Wi-Fi.
Add client's TX/RX Byte information in disassociation event log.
Modify LSP Page about HTTP/HTTPS proxy setting.
Handle HTTP error code 504 upon check-in to cloud server.
Handle private MAC address detection with blocked info messages.
Adjust mesh related syslog contents.
Support RSTP.
Support background scanning ON/OFF option.
Update certificate for HTTPS access to LSP page.
Remove unnecessary WLAN event logs.
Handle larger max. client limit value from cloud server.
Fixed the issue that LED on/off would trigger network reload with specific configurations.
Support MAC address authentication with RADIUS server.
Support MyPSK with RADIUS server authentication.
Handle VLAN ID attribute from RADIUS authentication responses.
Support SSDP responder and adjust mDNS response content.
Band Steering feature encloses improvement for 802.11k/v and utilizes 802.11r fasting roaming technique to avoid re-authentication upon connection to different radio band.
Procedures of applying WLAN configuration has been optimized to shorten needed time for setting update.
Enhance Captive Portal secure login with HTTPS-based information exchange.
Support my-PSK with dynamic VLAN for WPA2-PSK authentication. (only available from EnGenius Cloud, not external radius)
Mesh AP node supports traffic shaping.
Support SNMP v2/v3 for local management with Get function.
Support multicast to unicast per radio.
Captive Portal feature supports client-leave-network timeout.
Support Client Balancing to steer the client to connect to best available AP.
Support dynamic VLAN (VLAN Pooling).
Support Broadcast/Multicast suppression.
Adjust channel candidates of Auto-channel selection (ACS).
Adjust power table limitation of Malaysia and Indonesia.
Apply auto-channel selection mechanism update
Apply regulatory domain update
Adjust DTIM from 2 to 3
Adjust amsdu parameter from 7 to 3 for Wi-Fi 6 models
Turn Uplink OFDMA on by default for Wi-Fi 6 models
Support Client Balancing
Support scheduling system reboot
Support L2-Isolation exception rules for VIP feature
Support radius NAS-id/port/addr attributes
Support software reset-to-default for mobile App
Captive portal supports redirurl parameter
Fixed the issue that AP may become unstable when some 2.4GHz-only WiFi clients try connecting to AP.
Fixed the issue that AP may hang up where the SSID profile included “hidden” and users downgrade firmware from v1.3.9 to v1.3.7
Resolve connectivity issue when SSID included space character.
Add log for blocking message clients.
Add log for the action of kicking clients.
N/A
Adjust client isolation behavior in NAT mode.
Support DNS settings per SSID.
Support wireless association banned message.
Support https redirect of captive portal.
N/A
Add an option to disable 802.11ax in 5G Radio.
Support L2 (MAC Address) client Block List per SSID.
Support advanced feature called Traffic Log to send more wireless client information to dedicated syslog server.
Improve auto-channel algorithm to avoid multiple AP choosing the same channel in certain situation.
Support advanced feature called which makes the AP continuously gathering 802.11 probe request frames sent by wireless clients and then sending the data to specific 3rd party server.
Improve the efficiency of applying traffic shaping rules.
Support new Client Timeline feature.
Adjust default DHCP lease time of SSID in NAT mode to 5 minutes.
Fix the captive portal issue that triggered RADIUS accounting events before an user is authenticated.
Fix the issue that caused limited IP address allocation for a SSID running in NAT mode.
Fix the issue that caused long duration of captive portal splash page redirection.
Fix driver layer log mechanism to avoid unexpected wireless performance drop.
Improve the efficiency of SSID running in bridge mode.
TX Power tuning options now start from 1 to 10 dBm.
Adjust WMM/DSCP/802.1p mappings to follow conventions.
Support LED Blinking function to trigger an AP to blink its LED for 10 seconds. This could help user to quickly identify the AP.
Fix the issue that caused system to get wrong 2.4G channel utilization data in some special cases.
Support WPA3.
Support Mesh Auto Pairing.
Support the way to access LSP (local support page) with URL and discover AP with Bonjour protocol.
Support the way to show system status with to ease the troubleshooting on device on-boarding.
NAT/Bridge mode now is configurable per SSID. They are supported only in Captive Portal in previous version.
Support the option to discard association requests from legacy 802.11a/b/g clients.
Enhance the efficiency to apply idle-timeout and session-timeout settings of Captive Portal.
Fix the issue that caused memory leak in a special case.
Improve the accuracy of device fingerprint.
Support default configurations of .
Fix captive portal IOT issues for certain wireless clients.
Fix the malfunction of EnGenius Radius authentication that caused by firmware upgrade.
Fix the issue that wireless LED did not blink normally in certain situation.
Fix the issue that the 2nd radius server doesn't work.
Fix the issue that DUT may fail to reload configurations during the system applying mesh.