Cloud Release Note

About Release Notes

This document provides information about the features available and bug fixes of EnGeniusCloud Solution. To get started, click an item on the left side and browse the contents.

Loading...

Cloud Features

2024/10/22

Layer 7 policy-based route is supported, so you can set the rules to direct specific applications to different WAN interfaces without specifying IP addresses or port ranges. Configure > Gateway > Interface > Policy Route > Layer 7 > Add the rules
Layer 7 firewall rules are supported, so you can block specific applications without specifying IP addresses or port ranges. Configure > Gateway > Firewall > Outbound Rules > Lay 7 > Set the rules
Disable RTS /CTS is supported Configure > Access Points > Radio > Enable/Disable RTS/CTS on outdoor APS

2024/08/08

Network template is supported , so you can easily copy the current network configuration as the template and then apply to multiple networks in the same organization at the same time. Organization > Backup & Restore > Configuration template > Add the network template > Click Apply then select the networks to be applied the network template configuration.
Firmware freeze is supported . Configure > Firmware > Enable freeze firmware version > select the Beta/Stable version firmware to be frozen then click apply
Enable / Disable Https only and access control on local web pages Configure > General settings> Network > Enable/Disable Https only and enable disable Local web pages.

2024/6/20

AVXpress offers an end-to-end Quality of Service (QoS) solution specifically designed for crucial audio/video (AV) applications, including video conferencing, multi-media streaming, and gaming. It enables users to prioritize traffic based on its importance. Configure > SSID > Application control > Adjust the priority on audio/video (AV) applications

RadSec support for the RADIUS server allows you to exchange RADIUS authentication, authorization, and accounting messages through a secure TLS tunnel between the RADIUS server and the AP. It requires AP firmware version 1.x.81 or higher and the addition of a RadSec certificate for functionality. Organization> Security > Certificates> Upload the certificate you get from the RADIUS server > Then go to Configure > AP > SSID > Wireless > WPA2/3 Enterprise/Captive portal > Custom RADIUS> Enable the RadSec on RADIUS Server.

2024/4/30

Beta version of the new dashboard has been released, so you can check the PDU device numbers, and power status, which include the PDU outlet and Switch PoE status. Dashboard > click the view beta version on the top right corner > New dashboard is displayed with PDU devices numbers , Power status and clients.
Hotspot 2.0 is a standard for Wi-Fi roaming between Wi-Fi and cellular networks with automatic authentication. It required AP firmware 1.x.75 or above. Configure >SSID > Hotspot2.0 > Enable Hotspot 2.0 .

2024/04/02

Support Policy Route, you can route traffic over preferred network paths, prioritize certain types of traffic, or balance traffic across multiple links for load balancing and optimization purposes. Configure > Gateway > Interface > Policy Route > Add Policy Rule

2024/02/29

Support PDU templates, so you can configure whole network PDUs at once with each PDU model template. Configure > PDU > Template
When the outlet auto-reboots and the powered device is not powered successfully , we will notify users by default.

2024/01/31

Auto Channel now allows you to pick the desired channel on Radio settings Configure > Radio > select auto > click Change ch. > pick the channel.
Support allowlist on Client Access Control. Configure > Client Access Control > Enter the mac address on allowlist.
Add MLO (Multi-Link Operation) options on each SSID. This allows Wi-fi 7 clients to create multiple links with different bands and transmit data concurrently. required AP firmware V1.x.70 or above on Wi-Fi 7 models. Configure > SSID > Wireless> Enable MLO.
Add DDNS for gateway passthrough mode. Configure > Gateway > Interfaces > select passthrough mode > Choose DDNS providers you want and configure it.

2024/01/04

Wired Client will display the clients that are directly connected to the downlink port on switches. ECS1xxx/2xxx requires switch firmware v1.2.85 or above. ECS5xxx requires switch firmware v2.2.15 or above.Manage > Client > Wired Client
SSID on LAN is supported on ECW115 and ECW215AP on LAN3 . Configure > General settings > AP > select the SSID you want to bind on LAN3
Gateway detail page support Log page. Manage > Gateway > Detail > Logs.
PDU & EXT supports photo as other product's detail page.

2023/11/30

The Network can be dragged and dropped to different HV in the same Organization. Click the menu icon on the left-top corner > drag the network and then move to different HV in the same organization.
PD lifeguard and Autocam lifeguard are supported. PD lifeguard is a function that will automatically reboot PD devices when the PoE switch found it was not responding. Auto cam lifeguard is one of the options in PDLG auto mode. By enabling ACLG, the switch also considers Onvif discovery results to verify if the connected PD is a surveillance device or not. if yes, apply the ACLG reboot profile to the corresponding port automatically.Manage > Switch > Details > PoE > PD lifeguard > Select Ports to enable PD lifeguard > Select Auto Mode > enable Autocam lifeguard.
Port Isolation Enhancement is supported, so you can configure the forward ports which can be separated into different groups where traffic between different group are blocked. Manage > Switch > Details > Ports > Select Ports to enable Isolation and set forward ports.
MSP change log is supported. Click MSP icon > Teams > Change log

2023/10/19

Topology view now can display PDU and Switch Extender. Manage > Topology > you can see the PDU/ Switch Extender icon displayed if you have the devices.
MSP Single Sign-On (SSO) is now supported.
BCMC is activated by default and available under the basic plan. Configure > SSID > Add SSID > Advanced settings> BCMC is enabled by default and no Pro license required
802.11r now can be enabled when select WPA3 Personal (SAE) or WPA3-Personal/WPA2-PSK mixed.
Gateway WWAN offers a statistical chart Manage > Gateway Detail > Summary > WWAN statistics is displayed on Throughput/ Latency/Packet Loss.
VLAN Trunking is available for both Switch and Switch Extender Manage > Switch/Switch EXT details> Ports> Select the port you want to enable VLAN Trunking and Apply.

2023/09/18

The outlet schedule is able to set three enabled periods in one day on PDU firmware v1.0.5 or above. Manage > PDU > detail > Schedule > edit the outlet schedule > select time slider to be 3
The outlet autoreboot is supported. Manage > PDU > detail > AutoReboot > Enable the AutoReboot on outlets and configure the hosts that you want to ping
SNMP v1/v2 is supported on PDU firmware v1.0.5 or above. Configure > General settings > SNMP > change SNMP state to V1/V2c and set the community
Switch Extender-related settings are now available to configure if your inventory has the extender registered in your organization.
Gateway EnGenius DDNS is supported when you update the ESG firmware to v1.1.36 on ESG510 or 1.2.36 on ESG610/620. Configure > Interface > WAN > DDNS > select the DDNS provider to EnGenius DDNS > hostname is displayed and able to edited.
Gateway PoE reset is supported Hover on port on the Gateway Panel on detail page > Reset PoE

2023/08/15

PDU-related settings are now available to configure if your inventory has the PDU registered in your organization.
MSP features include creating MSP teams, Inventory device management across Organizations, and cloning organizations.
Support Failover Preference for adjusting the preferred secondary WAN interface.
Support Per client application analysis Manage > Client > click the client name > Application Analysis
Support bandwidth limit on Gateway LAN Interface. Configure > Gateway > Interface > LAN > adjust the download / Upload limit on Bandwidth limit tab.

2023/07/17

Multiple Bridge is supported on the gateway, This allows you to create Multiple untagged subnet environments. Manage > Gateway > Interfaces > LAN > Change to Multiple bridge mode> Create other interfaces and set the interface type to Bridge

2023/07/07

Export “Outbound firewall rules” and “Port Forwarding rules” in CSV format. Configure > Gateway > Firewall > Outbound Rules/Port forwarding > Click on the Export button

2023/05/05

Multi-language is supported. Click on the account located in the upper-right corner of the GUI > Languages > select the language (Chinese, Japan, Indonesia, German, Italy, or Netherlands)

2023/04/28

Containment could prevent clients to connect to rogue APs listed in the Rogue lists. Manage > AirGuard > Contain all rogue devices. This is available on AP 1.x.55 on "S" models.
Contain selected APs only Manage >AirGuard > Rogue SSIDs > Expand the Rogue SSID to see all rogue AP’s detected > Choose the ones to be contained. This is available on AP 1.x.55 on "S" models.
Mail notification option for firmware upgrades is supported. If enabled, users will receive email notifications if there will be firmware upgrade happened. Configure > Alert > enable notification of firmware upgrade

2023/01/31

Support the option to disable NAT traversal in Site-To-Site VPN. Configure > Gateway > Site to Site VPN > Disable the NAT traversal
Site-To-Site VPN can be enabled under WAN passthrough mode.
Support the option to apply outbound firewall rules to all ESGs under the same Org. Configure > Gateway > Firewall > Click the " Apply to all ESG in the org > Click Apply
Support real-time VPN status under the Gateway Pro feature plan. Manage > VPN Status > VPN nodes > EnGenius Peers or Non-EnGenius Peers > Last Update : Realtime

2022/12/26

Azure AD supportedConfigure > SSID > Click on one SSID > Captive Portal > Authentication Type > Azure AD
Configure > SSID > Click on one SSID > Wireless > WPA2/3 Enterprise > Azure AD

2022/12/19

PoE Extended mode is supported Manage < Switches > Details > Ports > select the Ports > click Configure > find the speed/duplex settings > select Extended.

2022/12/7

Support Import/Export VLAN with JSON file, so you can import VLAN settings at a time.Manage> Switches > Detail > VLAN > export the JSON file > adjust the VLAN settings> import the JSON file. Configure> Switches > Template > click one of the template > VLAN > export the JSON file > adjust the VLAN settings> import the JSON file.

2022/11/14

Wi-Fi calling service allows cellular users to make or receive calls using a Wi-Fi network instead of using the cellular network of the carrier, This is available on AP 1.X.50 or later version. Configure > General Settings > AP > Enable WiFi calling.

2022/5/25

We provide Base DN allows you to specify the LDAP domain and type the LDAP login attribute to use for authentication. Configure > SSID > Click on one SSID > Captive portal > My LDAP Server > Specify the baseDN (format: dc=example,dc=com) and the login attrubute.

2022/5/12

We provide “Fail-over” when 1st Radius is not reachable, 2nd or 3rd Radius will be used. However, some conditions might need to have “Load balance” on the Radius servers due to a very large client list to do authentication. SSID > Captive Portal > Custom Radius > 3 Radius servers allowed > enable Radius Load balance

2022/4/29

SmartCast SSID allows users to stream their subscribed media to the TV through Chromecast in their room. This feature requires AP firmware V1.x.37 for ac models and v1.x.45 for ax models Configure > SSID > Create a SmartCast SSID and enable mDNS forwarding for all other SSIDs >add Chromecast to the lists > Download the QR code of the Chromecast and then install it on the corresponding Chromecast device > Scan QR-code
Support RADIUS VLAN override SSID > WPA2/3 enterprise > VLAN by RADIUS
Support Hidden SSID detection Manage > AirGuard > Rogure SSID

2022/4/12

Support Packet Capture with Switch firmware 1.2.61 or above. Manage > Switches > Detail > click Diag icon > Packet Capture Manage > Switches > Diag > Packet Capture
Allow users to reset the authenticator’s certificate to default on Google LDAP. SSID > WPA2/3 enterprise > Google LDAP SSID > Captive Portal > Authentication Type > Google LDAP
Support Advanced DCS settings. So you can schedule DCS by start time or time interval. Configure > Radio settings > DCS > Advanced settings

2022/3/31

Diag tool is supported on switch firmware 1.2.60 or above. So you can use it to troubleshoot errors. Manage > Switches > Diag

Manage > Switches > Detail> click Diag icon

2022/3/2

6G is supported by the country.

Configure > SSID > Click one SSID > Wireless > Enable 6G.

Configure > Radio Settings > Enable 6G

2022/1/18

DuraFon Roam management page is supported. Click the phone icon on the left panel.

2021/12/8

Diag tool is supported on AP firmware 1.x.35 or above. So you can use it to troubleshoot errors.

Manage > Access Ponts > Diag

Manage > Access Ponts > Detail>click Diag icon

Clear all logs on Organization is supported. Notification > click clear icon near the Organization

2021/12/1

Per device licensing added. We provide 1 year of free PRO licensing, so you can use PRO features. After 1 year, if you want to use the PRO feature, each device needs to assign a license.

Organization > Inventory & Licensing

2021/11/9

Dynamic Channel Selection supported. This will automatically change channels to avoid interference Configure > Radio settings > DCS > Enable DCS
Exclude DFS supported. This allows you to exclude DFS channels from Auto Channel on 5G Configure > Radio settings > Exclude DFS > Enable Exclude DCS

2021/10/19

New Firmware Trial Zone Supported.
Users can pick devices into New Firmware Trial Zone, so you can try the new Firmware on partial network devices and prevent the whole Network from going wrong.
Configure > Firware Upgrade > New Firmware Trial Zone > Add devices into Trial Zone

2021/09/02

AD/ LDAP supported (only 1 SSID can be enabled in a network)
Configure > SSID > Click on one SSID > Captive Portal > Authentication Type > My LDAP Server or Active directory
Configure > SSID > Click on one SSID > Wireless > WPA2 Enterprise > Security > My LDAP Server or Active directory
Support Bandwidth limit by RADIUS and RADIUS MAC Auth
Configure > SSID > Click on one SSID > Captive portal > Custom RADIUS

2021/08/24

Support Virtual AP on floor plans. This allows users to plan the Wi-Fi environment even if physical AP hasn't been registered. Once users have physical APs in the network, users can drag the physical AP to Virtual AP ( model needs to be the same) then physical AP could use the Virtual AP configuration. Manage > Map & Floor Plans > click Virtual AP icon on the tool bar > add the virtual AP then drag on the floor plan > adjust the Virtual AP configuration
Support to use polyline to draw an obstacle. Manage > Map & Floor Plans > Obstacle

2021/07/14

Support Google LDAP. If users have used Google Suite, then the users are able to choose google LDAP as their service. If users import Google Certificates from the EnGenius cloud then users can return to the Google Suite to manage the LDAP service. SSID > WPA2/3 enterprise > Google LDAP SSID > Captive Portal > Authentication Type > Google LDAP
Support System IP Range. Let users be aware of the EnGenius reserved IP range to prevent them from using it in their local LAN. and be able to change the System reserved range if they cannot change their local LAN IP address range. Configure > General settings > AP
Support RADIUS CoA (Change of Authorization). This allows a RADIUS server to change the access authorization of an active client session. Configure > SSID > click on one SSID > Captive Portal > Custom Radius > CoA

2021/5/19

Support switch template. This helps users to apply the same port configuration to all switches with the same models in the Network to save the time of configuration. Configure > Switch settings > Template
Support WIFI usage in Client Timeline.
Manage > Clients > then click on one client.

2021/4/12:

Support exporting client list to CSV. Manage > Clients > Export > CSV
Support SNMP in Configure > General settings > Network
Support network configuration backup/restore. Organization > Backup & Restore > Add a Network Backup with device backup

2021/3/17

Support Report Generation. Report > Task > New Task
Support Facebook WiFi Configure > SSID > click on one SSID > Captive Portal > Facebook Wi-Fi
Support WPA2-MyPSK Auth with External RADIUS SSID > WPA2-PSK> WP2-MyPSK > Auth with external RADIUS

2021/2/25

On Manage > Switch> Detail page, add a LED Blinking button to trigger an AP to blink its LED for 10 seconds. This could help users quickly identify the AP.
Support multicast and unicast General Settings > AP > Advanced Settings.
Support Switch POE Scheduling Manage > Switches > Detail > PoE Sched.

2021/1/14

Support WPA2-MyPSK. SSID > WPA2-PSK> WP2-MyPSK
Support BCMC Suppression. SSID > Wireless > Advanced Settings
Support Org License so you are able to try the Pro feature easily. Organization > Inventory & License > Click on Switch to Professional

2020/10/19

Support mesh topology and show third-party devices. Manage > Topology
Support NAS ID in custom RADIUS settings. SSID > click one SSID > Captive Portal > Custom RADIUS

2020/9/23

Support VIP in ACL Settings. Configure > Access Control > VIP > Add VIP

2020-08-26

Support the option to enable/disable switch local GUI in individual settings.
- Go to Switch detail page > System Settings > Local GUI (enable / disable)
- By default: Disabled, to prevent confusion on the settings from Cloud and Local GUI.
- If the user wants to set some advanced settings which Cloud doesn’t support yet, then the user can enable the Local GUI
Support both "Per Client" bandwidth limit and "Per SSID" bandwidth limit
- SSID > Bandwidth Limit > Enable "Per Client" and or "Per SSID" bandwidth limit > Upload / Download limit

2020-07-09

For Covid-19 infection control, Exposure Analysis, an extension of the Client Timeline, helps the Company to be able to identify who had been exposed to the infected in past days. Manage > Clients > click on one client to go to Client Timeline > Exposure Analysis (Exposure Analysis is by default disabled, go to below to enable: Organization > Privacy > Enable Exposure Analysis

2020-06-12

Bulk voucher list can be exported to .csv file Go to Voucher portal > user credential > auto generation > generate guest pass * N > create bulk voucher > Export to csv

2020-06-01

TFA (Two Factor Authentication) is enabled for Cloud users
Enable TFA of your own: User profile > Two Factor Authentication > install Google Authentication on mobile phone > enter TFA (or 2FA) code on Google Authentication APP > Activate
or to enforce TFA (2FA) for all users in Organization Organization > Security > Enable 2FA Enforcement
Client's name can be renamed

2020-05-07

Block function enables admin to block clients from access the networks, and the blocked-user will get blocked message. Manage > Clients > choose the clients to be blocked > Access Control > Block on SSID / Blocked on Network-wide
Add DNS setting under NAT mode, so user can add, say, content filtering service to filter content access of NAT clients. Manage > SSID > choose one SSID > Network > Client IP mode > NAT mode enabled > DNS settings

2020-04-27

Splash page editor is enhanced to "WYSWYG" style for user to define their own Logo and theme. Configure > SSID > click on one SSID > Splash Page > Local Splash Page
Global credential setting is now available to assign single credential to all AP and Switch in the Network for local access. Configure > General Settings > Network > Local Credential
"Mirror" and "Link Aggregation" function is enabled in Switch Manage > Switches > click on one Switch >under Switch Device Local Page > Mirror / Link Aggregation

2020-04-08

Client Timeline is available to track how client access to the network for easy-to-debug Manage > Clients > then click on one client
Dark mode supported

2020-03-10

User can block clients in Client List.
Support ACL Block List in SSID > Access Control
Support WYSIWYG Splash Page editor.
Add a “Clone From” button in SSID Setting page to speed up SSID manipulation by coping settings from other SSID.
TX Power tuning options now start from 1 to 10 dBm.
Support network-wide LED setting in General Settings > AP.
Support LAN Port settings in General Settings > AP for wall-mounted Access Points.
For 3rd party presence analytics or location-aware services, EnGenius Cloud now supports Presence Reporting settings inGeneral Settings > AP for integration in advance.
Syslog Server settings have been moved to General Settings under AP and Switch Tab.
Support Traffic Log to have AP sending more traffic info to syslog server. The feature is available in advanced settings of General Settings > AP.
In Firmware Upgrade page, clicking “Upgrade Now” button now also displays a summary of upgraded device number.
User can see logs of a Switch in Switch List > Detail > Logs.
Topology now automatically displays the port numbers when mouse is hovering the device icon.

2020-01-09

Support WPA3.
Support 802.11w.
In AP List > Detail page, add LED Blinking button to trigger an AP to blink its LED for 10 seconds. This could help user to quickly identify the AP.
User now can create and print vouchers in batch.
Client List now shows more details about client IP address and vendor info.
New EMail Alert format. Instead of sending all details in one mail, mail body now mainly contains the summary of managed networks. User can follow the link in the mail to browse details in advance.

2019-12-05

Add "Global Settings" in Toolbar menu to support more network-wide configurations.
In "Global Settings", user can configure network-wide "Local Credential" to make all managed APs with the same username and password for local access.
Support the option to turn on/off LEDs of all managed APs in Global Settings > AP.
Add "VLAN Settings" in Toolbar menu to let user centrally manage all VLANs defined or used in the Network. If there is any VLAN binding with SSID or Voice VLAN defined in switch, all these VLANs would listed in the VLAN Settings page.
In Switch List > Detail > Summary, user can view all VLANs applied on dedicated switch (including VoiceVLAN).

2019-11-05

Support network-wide Switch Settings for spanning tree, LLDP, voice VLAN, QoS, IGMP snooping, and jumbo frames.
Support network-wide VLAN Settings. You can have an overview of the VLANs used in your network including SSIDs or Voice VLANs.
In the switch detail page, you can manually configure IP Address settings of the switch. Note that the settings only work for the firmware version after 1.1.16.
In the switch detail page, VLAN can be directly manipulated here. Any newly created VLAN will be also shown in the network-wide VLAN Settings.

2019-10-03

New Features

Client List now supports sophisticated search options.
New Sign-In, Sign-Up pages is online.
Have a dedicated button on the toolbar to manage team members intuitively.
Add a Help icon button at top right corner of menu bar. User can access user manual and get support ticket over there.
Support Delete My Account in the user setting menu.
User can rename Skykey on the management page.

2019-09-25

New Features

Network-wide Radio Settings now support Indoor and Outdoor profiles.
Support an option "Disable 11ax in 2.4G" in the Radio Setting. Some legacy wireless clients are not compatible with 11ax. Enabling this option makes the 11ax APs like ECW220 or ECW230 can still serve legacy client well in 2.4G channel.
Users can upload and display photos in AP Detail page of Web GUI now.

Loading...

Access Point Firmware

Loading...

ECW536

v1.8.85

[New Features]

Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.

v1.8.84

[Issues Fixed]

Support concurrent tri-band connection for MLO clients.

v1.7.84

[Issues Fixed]

Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.
Resolve the compatibility issue between the AP and iPhone 16 during MLO operation, which may lead to device crashes. Note. During MLO operation, ONLY dual bands are supported.

v1.7.83

[Issues Fixed]

Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.

v1.7.82

Support EnGenius fast-handover algorithm 2.0
Remove dropbear chacha20-poly1305@openssh.com encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.

v1.7.81

Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.

Appendix for v1.x.81

Add support for SAMLv2 in Captive portal with Azure-AD

A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.

(a) What is SAMLv2?

SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.

(b) Implications of This Update

Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.

(c) Practical Applications

Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.

In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.

Support HTTPS-Only for local device page

To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.

(a) Importance of HTTPS for Security

HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:

Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.

(b) Implementation and Control

By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.

In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.

v1.7.74

Fix the issue that AP sometimes goes offline even when the network is functioning normally.

v1.7.73

Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.

v1.7.71

Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.

mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.

Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Disable 6GHz radio if selected Wi-Fi encryption is not supported on the 6GHz band.
Support 6GHz all-channel-utilization scan in diag tool.

v1.7.60

This f/w version is for the first release.

Loading...

ECW526

v1.8.85

[New Features]

Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.

v1.8.84

[Issues Fixed]

Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.

v1.8.83

[Issues Fixed]

Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255(e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.

v1.8.82

Support EnGenius fast-handover algorithm 2.0
Remove dropbear chacha20-poly1305@openssh.com encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.

v1.8.81

Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.

Appendix for v1.x.81

Add support for SAMLv2 in Captive portal with Azure-AD

A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.

(a) What is SAMLv2?

SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.

(b) Implications of This Update

Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.

(c) Practical Applications

Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.

In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.

Support HTTPS-Only for local device page

To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.

(a) Importance of HTTPS for Security

HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:

Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.

(b) Implementation and Control

By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.

In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.

v1.8.75

This f/w version is for the first release.

Loading...

ECW336

v1.8.85

[New Features]

Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.

v1.8.84

[Issues Fixed]

Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.

v1.8.83

[Issues Fixed]

Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.

v1.8.82

Support EnGenius fast-handover algorithm 2.0
Remove dropbear chacha20-poly1305@openssh.com encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.

v1.6.81

Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.

Appendix for v1.x.81

Add support for SAMLv2 in Captive portal with Azure-AD

A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.

(a) What is SAMLv2?

SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.

(b) Implications of This Update

Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.

(c) Practical Applications

Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.

In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.

Support HTTPS-Only for local device page

To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.

(a) Importance of HTTPS for Security

HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:

Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.

(b) Implementation and Control

By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.

In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.

v1.6.80

Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.

Appendix for v1.x.80

Support wireless client MAC-based WMM

(a) Wi-Fi Multimedia (WMM) Overview:

Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:

Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.

(b) What Does "MAC-Based WMM Support" Mean?

The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.

(c) Practical Applications of Mac-Based WMM

Here are several scenarios where mac-based WMM can significantly enhance network management and performance:

Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.

Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.

Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.

Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.

Support application DSCP tagging

(a) What is DSCP?

DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.

DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.

(b) How Does DSCP Work?

When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.

(c) Benefits of DSCP Tagging

Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.

(d) Applications of DSCP Tagging in Enterprise Networks

Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.

Support hotspot2.0 and openRoaming

(a) What is Hotspot 2.0?

Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.

(b) Key Features of Hotspot 2.0

Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.

(c) What is OpenRoaming?

OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.

(d) Benefits of OpenRoaming

Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.

(e) Applications and Implications of Hotspot 2.0 and OpenRoaming

Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.

The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.

v1.6.74

Fix the issue that AP sometimes goes offline even when the network is functioning normally.

v1.6.73

Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.

v1.6.71

Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.

mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.

Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.
Disable 6GHz radio if selected Wi-Fi encryption is not supported on the 6GHz band.
Support 6GHz all-channel-utilization scan in diag tool.

v1.6.67

Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.

v1.6.66

Support WPA3-Enterprise on 6GHz band.
Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.

v1.6.61

Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.

v1.6.56

Fixed vulnerability issue (CVE-2022-38546).

v1.6.55

Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:

(a) WPA3 Personal (SAE)

(b) WPA3-Personal/WPA2-PSK mixed

(c) WPA3 Enterprise with suite-b disabled

Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.

v1.6.50

Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.

v1.6.48

Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.

v1.6.47

Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.

v1.6.46

Enhance IOT client association compatibility.

v1.6.45

Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.
6GHz supports HT160 bandwidth option.

Loading...

ECW270

v1.5.85

[New Features]

Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.

v1.5.84

[Issues Fixed]

Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.

v1.5.83

[Issues Fixed]

Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.

v1.5.82

Support EnGenius fast-handover algorithm 2.0
Remove dropbear chacha20-poly1305@openssh.com encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.

v1.5.81

Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.

Appendix for v1.x.81

Add support for SAMLv2 in Captive portal with Azure-AD

A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.

(a) What is SAMLv2?

SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.

(b) Implications of This Update

Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.

(c) Practical Applications

Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.

In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.

Support HTTPS-Only for local device page

To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.

(a) Importance of HTTPS for Security

HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:

Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.

(b) Implementation and Control

By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.

In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.

v1.5.80

Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.

Appendix for v1.x.80

Support wireless client MAC-based WMM

(a) Wi-Fi Multimedia (WMM) Overview:

Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:

Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.

(b) What Does "MAC-Based WMM Support" Mean?

The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.

(c) Practical Applications of Mac-Based WMM

Here are several scenarios where mac-based WMM can significantly enhance network management and performance:

Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.

Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.

Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.

Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.

Support application DSCP tagging

(a) What is DSCP?

DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.

DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.

(b) How Does DSCP Work?

When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.

(c) Benefits of DSCP Tagging

Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.

(d) Applications of DSCP Tagging in Enterprise Networks

Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.

Support hotspot2.0 and openRoaming

(a) What is Hotspot 2.0?

Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.

(b) Key Features of Hotspot 2.0

Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.

(c) What is OpenRoaming?

OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.

(d) Benefits of OpenRoaming

Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.

(e) Applications and Implications of Hotspot 2.0 and OpenRoaming

Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.

The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.

v1.5.74

Fix the issue that AP sometimes goes offline even when the network is functioning normally.

v1.5.73

Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.

v1.5.70

Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.

mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.

Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.

v1.5.67

Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.

v1.5.66

Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.

v1.5.61

Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.

v1.5.60

Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).

v1.5.56

Fixed vulnerability issue (CVE-2022-38546).

v1.5.55

Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:

(a) WPA3 Personal (SAE)

(b) WPA3-Personal/WPA2-PSK mixed

(c) WPA3 Enterprise with suite-b disabled

Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.

v1.5.50

Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.

Loading...

ECW260

v1.5.85

[New Features]

Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.

v1.5.84

[Issues Fixed]

Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.

v1.5.83

[Issues Fixed]

Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.

v1.5.82

Support EnGenius fast-handover algorithm 2.0
Remove dropbear chacha20-poly1305@openssh.com encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.

v1.5.81

Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.

Appendix for v1.x.81

Add support for SAMLv2 in Captive portal with Azure-AD

A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.

(a) What is SAMLv2?

SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.

(b) Implications of This Update

Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.

(c) Practical Applications

Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.

In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.

Support HTTPS-Only for local device page

To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.

(a) Importance of HTTPS for Security

HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:

Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.

(b) Implementation and Control

By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.

In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.

v1.5.80

Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.

Appendix for v1.x.80

Support wireless client MAC-based WMM

(a) Wi-Fi Multimedia (WMM) Overview:

Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:

Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.

(b) What Does "MAC-Based WMM Support" Mean?

The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.

(c) Practical Applications of Mac-Based WMM

Here are several scenarios where mac-based WMM can significantly enhance network management and performance:

Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.

Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.

Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.

Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.

Support application DSCP tagging

(a) What is DSCP?

DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.

DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.

(b) How Does DSCP Work?

When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.

(c) Benefits of DSCP Tagging

Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.

(d) Applications of DSCP Tagging in Enterprise Networks

Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.

Support hotspot2.0 and openRoaming

(a) What is Hotspot 2.0?

Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.

(b) Key Features of Hotspot 2.0

Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.

(c) What is OpenRoaming?

OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.

(d) Benefits of OpenRoaming

Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.

(e) Applications and Implications of Hotspot 2.0 and OpenRoaming

Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.

The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.

v1.5.74

Fix the issue that AP sometimes goes offline even when the network is functioning normally.

v1.5.73

Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.

v1.5.70

Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.

mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.

Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.

v1.5.67

Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.

v1.5.66

Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.

v1.5.61

Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.

v1.5.60

Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).

v1.5.56

Fixed vulnerability issue (CVE-2022-38546).

v1.5.55

Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:

(a) WPA3 Personal (SAE)

(b) WPA3-Personal/WPA2-PSK mixed

(c) WPA3 Enterprise with suite-b disabled

Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.

v1.5.50

Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.

v1.5.48

Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.

v1.5.47

Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.

v1.5.46

Enhance IOT client association compatibility.

v1.5.45

Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.

v1.5.41

Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue
Add configuration to accept RADIUS server's VLAN attribute or not.
Support wireless spectrum analysis.
Support DFS channel fallback scheme.
Support MAC-based authentication with RADIUS (OPEN).
WPA3-SAE and WAP3/WAP2 mixed mode support Dynamic Client VLAN Pooling.

v1.5.35

Support DCS (Dynamic Channel Selection) by background scanning.
Enhance bcmc function that may block DHCP broadcast OFFER/ACK packets.
Support auto-channel with "Exclude DFS" config.
Support EnGenius cloud diagnostic mode.
Enclose fix for FragAttacks security issue.

v1.5.30

Support system-reserved IP range pool.
Support RADIUS CoA disconnect-client requests.
Perform periodically scanning for 802.11k report without background scanning.
Support intelligent band-steering.
Support proxy ARP.
Support 802.1x/captive portal with Google Auth.
Support RADIUS WISPr traffic control and traffic quantity attributes.
Support RADIUS MAC-Auth in captive portal.
Support captive portal authentication by LDAP/AD server: single SSID, single server.
Update 2.4GHz HT20 auto-channel algorithm for using 1,6,11 channels.

v1.5.28

Optimized wireless connectivity for 11AX models.

v1.5.27

Fix target assert issue caused by iPhone11/iPhone12 for 802.11ax models.
Add log message for Wi-Fi reload event.
Add protection to prevent Wi-Fi interface could not be brought up.

v1.4.26

Support Facebook Wi-Fi.
Add client's TX/RX Byte information in disassociation event log.
Modify LSP Page about HTTP/HTTPS proxy setting.
Handle HTTP error code 504 upon check-in to cloud server.

v1.4.25

Handle private MAC address detection with blocked info messages.
Adjust mesh related syslog contents.
Support RSTP.
Support background scanning ON/OFF option.
Update certificate for HTTPS access to LSP page.
Remove unnecessary WLAN event logs.

v1.4.23

Handle larger max. client limit value from cloud server.
Fixed the issue that LED on/off would trigger network reload with specific configurations.

v1.4.22

Support MAC address authentication with RADIUS server.
Support MyPSK with RADIUS server authentication.
Handle VLAN ID attribute from RADIUS authentication responses.
Support SSDP responder and adjust mDNS response content.

v1.4.21

Band Steering feature encloses improvement for 802.11k/v and utilizes 802.11r fasting roaming technique to avoid re-authentication upon connection to different radio band.
Procedures of applying WLAN configuration has been optimized to shorten needed time for setting update.
Enhance Captive Portal secure login with HTTPS-based information exchange.
Support my-PSK with dynamic VLAN for WPA2-PSK authentication. (only available from EnGenius Cloud, not external radius)
Mesh AP node supports traffic shaping.
Support SNMP v2/v3 for local management with Get function.
Support multicast to unicast per radio.
Captive Portal feature supports client-leave-network timeout.
Support Client Balancing to steer the client to connect to best available AP.
Support dynamic VLAN (VLAN Pooling).
Support Broadcast/Multicast suppression.

v1.4.15

Adjust channel candidates of Auto-channel selection (ACS).
Adjust power table limitation of Malaysia and Indonesia.

v1.4.14

Apply auto-channel selection mechanism update

v1.4.12

Apply regulatory domain update

v1.4.11

Adjust DTIM from 2 to 3
Adjust amsdu parameter from 7 to 3 for Wi-Fi 6 models
Turn Uplink OFDMA on by default for Wi-Fi 6 models

Loading...

ECW230S

v1.5.85

[New Features]

Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.

v1.5.84

[Issues Fixed]

Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.

v1.5.83

[Issues Fixed]

Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.

v1.5.82

Support EnGenius fast-handover algorithm 2.0
Remove dropbear chacha20-poly1305@openssh.com encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.

v1.5.81

Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.

Appendix for v1.x.81

Add support for SAMLv2 in Captive portal with Azure-AD

A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.

(a) What is SAMLv2?

SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.

(b) Implications of This Update

Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.

(c) Practical Applications

Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.

In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.

Support HTTPS-Only for local device page

To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.

(a) Importance of HTTPS for Security

HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:

Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.

(b) Implementation and Control

By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.

In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.

v1.5.80

Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.

Appendix for v1.x.80

Support wireless client MAC-based WMM

(a) Wi-Fi Multimedia (WMM) Overview:

Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:

Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.

(b) What Does "MAC-Based WMM Support" Mean?

The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.

(c) Practical Applications of Mac-Based WMM

Here are several scenarios where mac-based WMM can significantly enhance network management and performance:

Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.

Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.

Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.

Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.

Support application DSCP tagging

(a) What is DSCP?

DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.

DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.

(b) How Does DSCP Work?

When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.

(c) Benefits of DSCP Tagging

Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.

(d) Applications of DSCP Tagging in Enterprise Networks

Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.

Support hotspot2.0 and openRoaming

(a) What is Hotspot 2.0?

Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.

(b) Key Features of Hotspot 2.0

Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.

(c) What is OpenRoaming?

OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.

(d) Benefits of OpenRoaming

Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.

(e) Applications and Implications of Hotspot 2.0 and OpenRoaming

Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.

The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.

v1.5.74

Fix the issue that AP sometimes goes offline even when the network is functioning normally.

v1.5.73

Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.

v1.5.70

Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.

mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.

Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.

v1.5.67

Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.

v1.5.66

Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.

v1.5.61

Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.

v1.5.60

Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).

v1.5.55

Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:

(a) WPA3 Personal (SAE)

(b) WPA3-Personal/WPA2-PSK mixed

(c) WPA3 Enterprise with suite-b disabled

Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.

v1.5.51

Fixed the issue with high CPU loading when users enabled Air-Guard function under multiple ECW-AP S model environment.

v1.5.50

Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.
Support BLE Presence Reporting.

v1.5.48

Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.

v1.5.47

Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.

v1.5.46

Enhance IOT client association compatibility.

v1.5.45

Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.
WIDS supports co-defense scheme.

v1.5.42

Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue
Add configuration to accept RADIUS server's VLAN attribute or not.
Support wireless spectrum analysis.
Support DFS channel fallback scheme.
Support MAC-based authentication with RADIUS (OPEN).
WPA3-SAE and WAP3/WAP2 mixed mode support Dynamic Client VLAN Pooling.
Support zero-wait DFS.
Support EnGenius Air Guard features.
Support instant WIDS event log report.
Execute diag tool/All Channel Utilization by scanning radio

Loading...

ECW230v3

v1.8.85

[New Features]

Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.

v1.8.84

[Issues Fixed]

Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.

v1.8.83

[Issues Fixed]

Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.

v1.8.82

Support EnGenius fast-handover algorithm 2.0
Remove dropbear chacha20-poly1305@openssh.com encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.

v1.8.81

Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.

Appendix for v1.x.81

Add support for SAMLv2 in Captive portal with Azure-AD

A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.

(a) What is SAMLv2?

SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.

(b) Implications of This Update

Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.

(c) Practical Applications

Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.

In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.

Support HTTPS-Only for local device page

To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.

(a) Importance of HTTPS for Security

HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:

Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.

(b) Implementation and Control

By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.

In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.

v1.5.80

Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.

Appendix for v1.x.80

Support wireless client MAC-based WMM

(a) Wi-Fi Multimedia (WMM) Overview:

Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:

Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.

(b) What Does "MAC-Based WMM Support" Mean?

The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.

(c) Practical Applications of Mac-Based WMM

Here are several scenarios where mac-based WMM can significantly enhance network management and performance:

Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.

Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.

Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.

Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.

Support application DSCP tagging

(a) What is DSCP?

DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.

DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.

(b) How Does DSCP Work?

When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.

(c) Benefits of DSCP Tagging

Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.

(d) Applications of DSCP Tagging in Enterprise Networks

Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.

Support hotspot2.0 and openRoaming

(a) What is Hotspot 2.0?

Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.

(b) Key Features of Hotspot 2.0

Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.

(c) What is OpenRoaming?

OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.

(d) Benefits of OpenRoaming

Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.

(e) Applications and Implications of Hotspot 2.0 and OpenRoaming

Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.

The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.

v1.5.74

Fix the issue that AP sometimes goes offline even when the network is functioning normally.

v1.5.73

Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.

v1.5.70

Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.

mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.

Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.

v1.5.67

Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.

v1.5.66

Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.

v1.5.61

Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.

v1.5.60

Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).

v1.5.56

Fixed vulnerability issue (CVE-2022-38546).

v1.5.55

Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:

(a) WPA3 Personal (SAE)

(b) WPA3-Personal/WPA2-PSK mixed

(c) WPA3 Enterprise with suite-b disabled

Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.

v1.5.50

Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.

v1.5.48

Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.

v1.5.47

Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.

v1.5.46

Enhance IOT client association compatibility.

v1.5.45

Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.

v1.5.41

Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue
Add configuration to accept RADIUS server's VLAN attribute or not.
Support wireless spectrum analysis.
Support DFS channel fallback scheme.
Support MAC-based authentication with RADIUS (OPEN).
WPA3-SAE and WAP3/WAP2 mixed mode support Dynamic Client VLAN Pooling.

v1.5.35

Support DCS (Dynamic Channel Selection) by background scanning.
Enhance bcmc function that may block DHCP broadcast OFFER/ACK packets.
Support auto-channel with "Exclude DFS" config.
Support EnGenius cloud diagnostic mode.
Enclose fix for FragAttacks security issue.

v1.5.30

Support system-reserved IP range pool.
Support RADIUS CoA disconnect-client requests.
Perform periodically scanning for 802.11k report without background scanning.
Support intelligent band-steering.
Support proxy ARP.
Support 802.1x/captive portal with Google Auth.
Support RADIUS WISPr traffic control and traffic quantity attributes.
Support RADIUS MAC-Auth in captive portal.
Support captive portal authentication by LDAP/AD server: single SSID, single server.
Update 2.4GHz HT20 auto-channel algorithm for using 1,6,11 channels.

v1.4.28

Optimized wireless connectivity for 11AX models.

v1.4.27

Fix target assert issue caused by iPhone11/iPhone12 for 802.11ax models.
Add log message for Wi-Fi reload event.
Add protection to prevent Wi-Fi interface could not be brought up.
Force client balancing disabled on ECW220/ECW230.

v1.4.26

Support Facebook Wi-Fi.
Add client's TX/RX Byte information in disassociation event log.
Modify LSP Page about HTTP/HTTPS proxy setting.
Handle HTTP error code 504 upon check-in to cloud server.

v1.4.25

Handle private MAC address detection with blocked info messages.
Adjust mesh related syslog contents.
Support RSTP.
Support background scanning ON/OFF option.
Update certificate for HTTPS access to LSP page.
ECW230v3 supports CE/FCC DFS channels.
Remove unnecessary WLAN event logs.

v1.4.23

Handle larger max. client limit value from cloud server.
Fixed the issue that LED on/off would trigger network reload with specific configurations.

v1.4.22

Support MAC address authentication with RADIUS server.
Support MyPSK with RADIUS server authentication.
Handle VLAN ID attribute from RADIUS authentication responses.
Support SSDP responder and adjust mDNS response content.

v1.4.21

Band Steering feature encloses improvement for 802.11k/v and utilizes 802.11r fasting roaming technique to avoid re-authentication upon connection to different radio band.
Procedures of applying WLAN configuration has been optimized to shorten needed time for setting update.
Enhance Captive Portal secure login with HTTPS-based information exchange.
Support my-PSK with dynamic VLAN for WPA2-PSK authentication. (only available from EnGenius Cloud, not external radius)
Mesh AP node supports traffic shaping.
Support SNMP v2/v3 for local management with Get function.
Support multicast to unicast per radio.
Captive Portal feature supports client-leave-network timeout.
Support Client Balancing to steer the client to connect to best available AP.
Support dynamic VLAN (VLAN Pooling).
Support Broadcast/Multicast suppression.

v1.4.15

Adjust channel candidates of Auto-channel selection (ACS).
Adjust power table limitation of Malaysia and Indonesia.

v1.4.14

Apply auto-channel selection mechanism update

v1.4.12

Apply regulatory domain update

v1.4.11

Adjust DTIM from 2 to 3
Adjust amsdu parameter from 7 to 3 for Wi-Fi 6 models
Turn Uplink OFDMA on by default for Wi-Fi 6 models

Loading...

ECW230

v1.5.85

[New Features]

Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.

v1.5.84

[Issues Fixed]

Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.

v1.5.83

[Issues Fixed]

Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.

v1.5.82

Support EnGenius fast-handover algorithm 2.0
Remove dropbear chacha20-poly1305@openssh.com encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.

v1.5.81

Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.

Appendix for v1.x.81

Add support for SAMLv2 in Captive portal with Azure-AD

A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.

(a) What is SAMLv2?

SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.

(b) Implications of This Update

Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.

(c) Practical Applications

Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.

In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.

Support HTTPS-Only for local device page

To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.

(a) Importance of HTTPS for Security

HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:

Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.

(b) Implementation and Control

By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.

In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.

v1.5.80

Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.

Appendix for v1.x.80

Support wireless client MAC-based WMM

(a) Wi-Fi Multimedia (WMM) Overview:

Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:

Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.

(b) What Does "MAC-Based WMM Support" Mean?

The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.

(c) Practical Applications of Mac-Based WMM

Here are several scenarios where mac-based WMM can significantly enhance network management and performance:

Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.

Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.

Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.

Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.

Support application DSCP tagging

(a) What is DSCP?

DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.

DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.

(b) How Does DSCP Work?

When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.

(c) Benefits of DSCP Tagging

Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.

(d) Applications of DSCP Tagging in Enterprise Networks

Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.

Support hotspot2.0 and openRoaming

(a) What is Hotspot 2.0?

Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.

(b) Key Features of Hotspot 2.0

Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.

(c) What is OpenRoaming?

OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.

(d) Benefits of OpenRoaming

Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.

(e) Applications and Implications of Hotspot 2.0 and OpenRoaming

Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.

The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.

v1.5.74

Fix the issue that AP sometimes goes offline even when the network is functioning normally.

v1.5.73

Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.

v1.5.70

Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.

mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.

Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.

v1.5.67

Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.

v1.5.66

Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.

v1.5.61

Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.

v1.5.60

Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).

v1.5.56

Fixed vulnerability issue (CVE-2022-38546).

v1.5.55

Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:

(a) WPA3 Personal (SAE)

(b) WPA3-Personal/WPA2-PSK mixed

(c) WPA3 Enterprise with suite-b disabled

Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.

v1.5.50

Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.

v1.5.48

Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.

v1.5.47

Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.

v1.5.46

Enhance IOT client association compatibility.

v1.5.45

Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.

v1.5.41

Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue
Add configuration to accept RADIUS server's VLAN attribute or not.
Support wireless spectrum analysis.
Support DFS channel fallback scheme.
Support MAC-based authentication with RADIUS (OPEN).
WPA3-SAE and WAP3/WAP2 mixed mode support Dynamic Client VLAN Pooling.

v1.5.35

Support DCS (Dynamic Channel Selection) by background scanning.
Enhance bcmc function that may block DHCP broadcast OFFER/ACK packets.
Support auto-channel with "Exclude DFS" config.
Support EnGenius cloud diagnostic mode.
Enclose fix for FragAttacks security issue.

v1.5.30

Support system-reserved IP range pool.
Support RADIUS CoA disconnect-client requests.
Perform periodically scanning for 802.11k report without background scanning.
Support intelligent band-steering.
Support proxy ARP.
Support 802.1x/captive portal with Google Auth.
Support RADIUS WISPr traffic control and traffic quantity attributes.
Support RADIUS MAC-Auth in captive portal.
Support captive portal authentication by LDAP/AD server: single SSID, single server.
Update 2.4GHz HT20 auto-channel algorithm for using 1,6,11 channels.

v1.4.28

Optimized wireless connectivity for 11AX models.

v1.4.27

Fix target assert issue caused by iPhone11/iPhone12 for 802.11ax models.
Add log message for Wi-Fi reload event.
Add protection to prevent Wi-Fi interface could not be brought up.
Force client balancing disabled on ECW220/ECW230.

v1.4.26

Support Facebook Wi-Fi.
Add client's TX/RX Byte information in disassociation event log.
Modify LSP Page about HTTP/HTTPS proxy setting.
Handle HTTP error code 504 upon check-in to cloud server.

v1.4.25

Handle private MAC address detection with blocked info messages.
Adjust mesh related syslog contents.
Support RSTP.
Support background scanning ON/OFF option.
Update certificate for HTTPS access to LSP page.
Remove unnecessary WLAN event logs.

v1.4.23

Handle larger max. client limit value from cloud server.
Fixed the issue that LED on/off would trigger network reload with specific configurations.

v1.4.22

Support MAC address authentication with RADIUS server.
Support MyPSK with RADIUS server authentication.
Handle VLAN ID attribute from RADIUS authentication responses.
Support SSDP responder and adjust mDNS response content.

v1.4.21

Band Steering feature encloses improvement for 802.11k/v and utilizes 802.11r fasting roaming technique to avoid re-authentication upon connection to different radio band.
Procedures of applying WLAN configuration has been optimized to shorten needed time for setting update.
Enhance Captive Portal secure login with HTTPS-based information exchange.
Support my-PSK with dynamic VLAN for WPA2-PSK authentication. (only available from EnGenius Cloud, not external radius)
Mesh AP node supports traffic shaping.
Support SNMP v2/v3 for local management with Get function.
Support multicast to unicast per radio.
Captive Portal feature supports client-leave-network timeout.
Support Client Balancing to steer the client to connect to best available AP.
Support dynamic VLAN (VLAN Pooling).
Support Broadcast/Multicast suppression.

v1.3.15

Adjust channel candidates of Auto-channel selection (ACS).
Adjust power table limitation of Malaysia and Indonesia.

v1.3.14

Apply auto-channel selection mechanism update

v1.3.12

Apply regulatory domain update

v1.3.11

Adjust DTIM from 2 to 3
Adjust amsdu parameter from 7 to 3 for Wi-Fi 6 models
Turn Uplink OFDMA on by default for Wi-Fi 6 models

v1.3.10

Support Client Balancing
Support scheduling system reboot
Support L2-Isolation exception rules for VIP feature
Support radius NAS-id/port/addr attributes
Support software reset-to-default for mobile App
Captive portal supports redirurl parameter

v1.3.8

Fixed the issue that AP may become unstable when some 2.4GHz-only WiFi clients try connecting to AP.
Fixed the issue that AP may hang up where the SSID profile included “hidden” and users downgrade firmware from v1.3.9 to v1.3.7

v1.3.7

Resolve connectivity issue when SSID included space character.

v1.3.6

Improvements

Add log for blocking message clients.
Add log for the action of kicking clients.

Bug Fixes

N/A

v1.3.5

Improvements

Adjust client isolation behavior in NAT mode.
Support DNS settings per SSID.
Support wireless association banned message.
Support https redirect of captive portal.

Bug Fixes

N/A

v1.3.4

Improvements

Add an option to disable 802.11ax in 5G Radio.
Support L2 (MAC Address) client Block List per SSID.
Support advanced feature called Traffic Log to send more wireless client information to dedicated syslog server.
Improve auto-channel algorithm to avoid multiple AP choosing the same channel in certain situation.
Support advanced feature called presence reporting which makes the AP continuously gathering 802.11 probe request frames sent by wireless clients and then sending the data to specific 3rd party server.
Improve the efficiency of applying traffic shaping rules.
Support new Client Timeline feature.
Adjust default DHCP lease time of SSID in NAT mode to 5 minutes.

Bug Fixes

Fix the captive portal issue that triggered RADIUS accounting events before an user is authenticated.
Fix the issue that caused limited IP address allocation for a SSID running in NAT mode.
Fix the issue that caused long duration of captive portal splash page redirection.
Fix driver layer log mechanism to avoid unexpected wireless performance drop.

v1.3.2

Improvements

Improve the efficiency of SSID running in bridge mode.
TX Power tuning options now start from 1 to 10 dBm.
Adjust WMM/DSCP/802.1p mappings to follow conventions.
Support LED Blinking function to trigger an AP to blink its LED for 10 seconds. This could help user to quickly identify the AP.

Bug Fixes

Fix the issue that caused system to get wrong 2.4G channel utilization data in some special cases.

v1.2.18

Improvements

Support WPA3.
Support Mesh Auto Pairing.
Support the way to access LSP (local support page) with URL http://EnGenius.local and discover AP with Bonjour protocol.
Support the way to show system status with specific SSID name to ease the troubleshooting on device on-boarding.
NAT/Bridge mode now is configurable per SSID. They are supported only in Captive Portal in previous version.
Support the option to discard association requests from legacy 802.11a/b/g clients.
Enhance the efficiency to apply idle-timeout and session-timeout settings of Captive Portal.

Bug Fixes

Fix the issue that caused memory leak in a special case.

v1.2.15

Improvements

Improve the accuracy of device fingerprint.
Support default configurations of EnGenius Cloud Radius.

Bug Fixes

Fix captive portal IOT issues for certain wireless clients.
Fix the malfunction of EnGenius Radius authentication that caused by firmware upgrade.
Fix the issue that wireless LED did not blink normally in certain situation.
Fix the issue that the 2nd radius server doesn't work.
Fix the issue that DUT may fail to reload configurations during the system applying mesh.

Loading...

ECW220S

v1.5.85

[New Features]

Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.

v1.5.84

[Issues Fixed]

Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.

v1.5.83

[Issues Fixed]

Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.

v1.5.82

Support EnGenius fast-handover algorithm 2.0
Remove dropbear chacha20-poly1305@openssh.com encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.

v1.5.81

Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.

Appendix for v1.x.81

Add support for SAMLv2 in Captive portal with Azure-AD

A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.

(a) What is SAMLv2?

SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.

(b) Implications of This Update

Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.

(c) Practical Applications

Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.

In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.

Support HTTPS-Only for local device page

To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.

(a) Importance of HTTPS for Security

HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:

Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.

(b) Implementation and Control

By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.

In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.

v1.5.80

Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.

Appendix for v1.x.80

Support wireless client MAC-based WMM

(a) Wi-Fi Multimedia (WMM) Overview:

Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:

Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.

(b) What Does "MAC-Based WMM Support" Mean?

The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.

(c) Practical Applications of Mac-Based WMM

Here are several scenarios where mac-based WMM can significantly enhance network management and performance:

Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.

Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.

Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.

Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.

Support application DSCP tagging

(a) What is DSCP?

DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.

DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.

(b) How Does DSCP Work?

When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.

(c) Benefits of DSCP Tagging

Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.

(d) Applications of DSCP Tagging in Enterprise Networks

Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.

Support hotspot2.0 and openRoaming

(a) What is Hotspot 2.0?

Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.

(b) Key Features of Hotspot 2.0

Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.

(c) What is OpenRoaming?

OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.

(d) Benefits of OpenRoaming

Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.

(e) Applications and Implications of Hotspot 2.0 and OpenRoaming

Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.

The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.

v1.5.74

Fix the issue that AP sometimes goes offline even when the network is functioning normally.

v1.5.73

Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.

v1.5.70

Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.

mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.

Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.

v1.5.67

Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.

v1.5.66

Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.

v1.5.61

Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.

v1.5.60

Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).

v1.5.55

Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:

(a) WPA3 Personal (SAE)

(b) WPA3-Personal/WPA2-PSK mixed

(c) WPA3 Enterprise with suite-b disabled

Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.

v1.5.51

Fixed the issue with high CPU loading when users enabled Air-Guard function under multiple ECW-AP S model environment.

v1.5.50

Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.
Support BLE Presence Reporting.

v1.5.48

Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.

v1.5.47

Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.

v1.5.46

Enhance IOT client association compatibility.

v1.5.45

Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.
WIDS supports co-defense scheme.

v1.5.42

Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue
Add configuration to accept RADIUS server's VLAN attribute or not.
Support wireless spectrum analysis.
Support DFS channel fallback scheme.
Support MAC-based authentication with RADIUS (OPEN).
WPA3-SAE and WAP3/WAP2 mixed mode support Dynamic Client VLAN Pooling.
Support zero-wait DFS.
Support EnGenius Air Guard features.
Support instant WIDS event log report.
Execute diag tool/All Channel Utilization by scanning radio

Loading...

ECW220v3

v1.8.85

[New Features]

Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.

v1.8.84

[Issues Fixed]

Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.

v1.8.83

[Issues Fixed]

Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.

v1.8.82

Support EnGenius fast-handover algorithm 2.0
Remove dropbear chacha20-poly1305@openssh.com encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.

v1.8.81

Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.

Appendix for v1.x.81

Add support for SAMLv2 in Captive portal with Azure-AD

A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.

(a) What is SAMLv2?

SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.

(b) Implications of This Update

Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.

(c) Practical Applications

Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.

In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.

Support HTTPS-Only for local device page

To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.

(a) Importance of HTTPS for Security

HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:

Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.

(b) Implementation and Control

By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.

In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.

v1.5.80

Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.

Appendix for v1.x.80

Support wireless client MAC-based WMM

(a) Wi-Fi Multimedia (WMM) Overview:

Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:

Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.

(b) What Does "MAC-Based WMM Support" Mean?

The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.

(c) Practical Applications of Mac-Based WMM

Here are several scenarios where mac-based WMM can significantly enhance network management and performance:

Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.

Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.

Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.

Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.

Support application DSCP tagging

(a) What is DSCP?

DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.

DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.

(b) How Does DSCP Work?

When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.

(c) Benefits of DSCP Tagging

Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.

(d) Applications of DSCP Tagging in Enterprise Networks

Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.

Support hotspot2.0 and openRoaming

(a) What is Hotspot 2.0?

Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.

(b) Key Features of Hotspot 2.0

Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.

(c) What is OpenRoaming?

OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.

(d) Benefits of OpenRoaming

Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.

(e) Applications and Implications of Hotspot 2.0 and OpenRoaming

Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.

The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.

v1.5.74

Fix the issue that AP sometimes goes offline even when the network is functioning normally.

v1.5.73

Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.

v1.5.70

Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.

mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.

Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.

v1.5.67

Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.

v1.5.66

Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.

v1.5.61

Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.

v1.5.60

Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).

v1.5.56

Fixed vulnerability issue (CVE-2022-38546).

v1.5.55

Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:

(a) WPA3 Personal (SAE)

(b) WPA3-Personal/WPA2-PSK mixed

(c) WPA3 Enterprise with suite-b disabled

Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.

v1.5.50

Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.

v1.5.48

Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.

v1.5.47

Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.

Loading...

ECW220v2

v1.8.85

[New Features]

Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.

v1.8.84

[Issues Fixed]

Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.

v1.8.83

[Issues Fixed]

Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.

v1.8.82

Support EnGenius fast-handover algorithm 2.0
Remove dropbear chacha20-poly1305@openssh.com encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.

v1.8.81

Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.

Appendix for v1.x.81

Add support for SAMLv2 in Captive portal with Azure-AD

A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.

(a) What is SAMLv2?

SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.

(b) Implications of This Update

Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.

(c) Practical Applications

Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.

In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.

Support HTTPS-Only for local device page

To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.

(a) Importance of HTTPS for Security

HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:

Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.

(b) Implementation and Control

By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.

In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.

v1.5.80

Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.

Appendix for v1.x.80

Support wireless client MAC-based WMM

(a) Wi-Fi Multimedia (WMM) Overview:

Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:

Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.

(b) What Does "MAC-Based WMM Support" Mean?

The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.

(c) Practical Applications of Mac-Based WMM

Here are several scenarios where mac-based WMM can significantly enhance network management and performance:

Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.

Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.

Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.

Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.

Support application DSCP tagging

(a) What is DSCP?

DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.

DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.

(b) How Does DSCP Work?

When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.

(c) Benefits of DSCP Tagging

Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.

(d) Applications of DSCP Tagging in Enterprise Networks

Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.

Support hotspot2.0 and openRoaming

(a) What is Hotspot 2.0?

Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.

(b) Key Features of Hotspot 2.0

Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.

(c) What is OpenRoaming?

OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.

(d) Benefits of OpenRoaming

Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.

(e) Applications and Implications of Hotspot 2.0 and OpenRoaming

Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.

The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.

v1.5.74

Fix the issue that AP sometimes goes offline even when the network is functioning normally.

v1.5.73

Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.

v1.5.70

Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.

mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.

Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.

v1.5.67

Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.

v1.5.66

Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.

v1.5.61

Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.

v1.5.60

Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).

v1.5.56

Fixed vulnerability issue (CVE-2022-38546).

v1.5.55

Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:

(a) WPA3 Personal (SAE)

(b) WPA3-Personal/WPA2-PSK mixed

(c) WPA3 Enterprise with suite-b disabled

Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.

v1.5.50

Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.

v1.5.48

Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.

v1.5.47

Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.

v1.5.46

Enhance IOT client association compatibility.

v1.5.45

Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.

v1.5.41

Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue
Add configuration to accept RADIUS server's VLAN attribute or not.
Support wireless spectrum analysis.
Support DFS channel fallback scheme.
Support MAC-based authentication with RADIUS (OPEN).
WPA3-SAE and WAP3/WAP2 mixed mode support Dynamic Client VLAN Pooling.

v1.5.35

Support DCS (Dynamic Channel Selection) by background scanning.
Enhance bcmc function that may block DHCP broadcast OFFER/ACK packets.
Support auto-channel with "Exclude DFS" config.
Support EnGenius cloud diagnostic mode.
Enclose fix for FragAttacks security issue.

v1.5.30

Support system-reserved IP range pool.
Support RADIUS CoA disconnect-client requests.
Perform periodically scanning for 802.11k report without background scanning.
Support intelligent band-steering.
Support proxy ARP.
Support 802.1x/captive portal with Google Auth.
Support RADIUS WISPr traffic control and traffic quantity attributes.
Support RADIUS MAC-Auth in captive portal.
Support captive portal authentication by LDAP/AD server: single SSID, single server.
Update 2.4GHz HT20 auto-channel algorithm for using 1,6,11 channels.

v1.5.28

Optimized wireless connectivity for 11AX models.

v1.5.27

Fix target assert issue caused by iPhone11/iPhone12 for 802.11ax models.
Add log message for Wi-Fi reload event.
Add protection to prevent Wi-Fi interface could not be brought up.
Force client balancing disabled on ECW220/ECW230.

v1.4.26

Support Facebook Wi-Fi.
Add client's TX/RX Byte information in disassociation event log.
Modify LSP Page about HTTP/HTTPS proxy setting.
Handle HTTP error code 504 upon check-in to cloud server.

v1.4.25

Handle private MAC address detection with blocked info messages.
Adjust mesh related syslog contents.
Support RSTP.
Support background scanning ON/OFF option.
Update certificate for HTTPS access to LSP page.
ECW220v2 supports CE/FCC DFS channels.
Remove unnecessary WLAN event logs.

v1.4.23

Handle larger max. client limit value from cloud server.
Fixed the issue that LED on/off would trigger network reload with specific configurations.

v1.4.22

Support MAC address authentication with RADIUS server.
Support MyPSK with RADIUS server authentication.
Handle VLAN ID attribute from RADIUS authentication responses.
Support SSDP responder and adjust mDNS response content.

v1.4.21

Band Steering feature encloses improvement for 802.11k/v and utilizes 802.11r fasting roaming technique to avoid re-authentication upon connection to different radio band.
Procedures of applying WLAN configuration has been optimized to shorten needed time for setting update.
Enhance Captive Portal secure login with HTTPS-based information exchange.
Support my-PSK with dynamic VLAN for WPA2-PSK authentication. (only available from EnGenius Cloud, not external radius)
Mesh AP node supports traffic shaping.
Support SNMP v2/v3 for local management with Get function.
Support multicast to unicast per radio.
Captive Portal feature supports client-leave-network timeout.
Support Client Balancing to steer the client to connect to best available AP.
Support dynamic VLAN (VLAN Pooling).
Support Broadcast/Multicast suppression.

v1.4.15

Adjust channel candidates of Auto-channel selection (ACS).
Adjust power table limitation of Malaysia and Indonesia.

v1.4.14

Apply auto-channel selection mechanism update

v1.4.12

Apply regulatory domain update

v1.4.11

Adjust DTIM from 2 to 3
Adjust amsdu parameter from 7 to 3 for Wi-Fi 6 models
Turn Uplink OFDMA on by default for Wi-Fi 6 models

Loading...

ECW220

v1.5.85

[New Features]

Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.

v1.5.84

[Issues Fixed]

Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.

v1.5.83

[Issues Fixed]

Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.

v1.5.82

Support EnGenius fast-handover algorithm 2.0
Remove dropbear chacha20-poly1305@openssh.com encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.

v1.5.81

Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.

Appendix for v1.x.81

Add support for SAMLv2 in Captive portal with Azure-AD

A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.

(a) What is SAMLv2?

SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.

(b) Implications of This Update

Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.

(c) Practical Applications

Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.

In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.

Support HTTPS-Only for local device page

To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.

(a) Importance of HTTPS for Security

HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:

Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.

(b) Implementation and Control

By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.

In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.

v1.5.80

Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.

Appendix for v1.x.80

Support wireless client MAC-based WMM

(a) Wi-Fi Multimedia (WMM) Overview:

Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:

Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.

(b) What Does "MAC-Based WMM Support" Mean?

The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.

(c) Practical Applications of Mac-Based WMM

Here are several scenarios where mac-based WMM can significantly enhance network management and performance:

Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.

Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.

Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.

Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.

Support application DSCP tagging

(a) What is DSCP?

DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.

DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.

(b) How Does DSCP Work?

When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.

(c) Benefits of DSCP Tagging

Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.

(d) Applications of DSCP Tagging in Enterprise Networks

Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.

Support hotspot2.0 and openRoaming

(a) What is Hotspot 2.0?

Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.

(b) Key Features of Hotspot 2.0

Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.

(c) What is OpenRoaming?

OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.

(d) Benefits of OpenRoaming

Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.

(e) Applications and Implications of Hotspot 2.0 and OpenRoaming

Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.

The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.

v1.5.74

Fix the issue that AP sometimes goes offline even when the network is functioning normally.

v1.5.73

Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.

v1.5.70

Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.

mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.

Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.

v1.5.67

Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.

v1.5.66

Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.

v1.5.61

Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.

v1.5.60

Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).

v1.5.56

Fixed vulnerability issue (CVE-2022-38546).

v1.5.55

Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:

(a) WPA3 Personal (SAE)

(b) WPA3-Personal/WPA2-PSK mixed

(c) WPA3 Enterprise with suite-b disabled

Support packet capture functions.
WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.

v1.5.50

Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.

v1.5.48

Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.

v1.5.47

Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.

v1.5.46

Enhance IOT client association compatibility.

v1.5.45

Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.

v1.5.41

Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue
Add configuration to accept RADIUS server's VLAN attribute or not.
Support wireless spectrum analysis.
Support DFS channel fallback scheme.
Support MAC-based authentication with RADIUS (OPEN).
WPA3-SAE and WAP3/WAP2 mixed mode support Dynamic Client VLAN Pooling.

v1.5.35

Support DCS (Dynamic Channel Selection) by background scanning.
Enhance bcmc function that may block DHCP broadcast OFFER/ACK packets.
Support auto-channel with "Exclude DFS" config.
Support EnGenius cloud diagnostic mode.
Enclose fix for FragAttacks security issue.

v1.5.30

Support system-reserved IP range pool.
Support RADIUS CoA disconnect-client requests.
Perform periodically scanning for 802.11k report without background scanning.
Support intelligent band-steering.
Support proxy ARP.
Support 802.1x/captive portal with Google Auth.
Support RADIUS WISPr traffic control and traffic quantity attributes.
Support RADIUS MAC-Auth in captive portal.
Support captive portal authentication by LDAP/AD server: single SSID, single server.
Update 2.4GHz HT20 auto-channel algorithm for using 1,6,11 channels.

v1.4.28

Optimized wireless connectivity for 11AX models.

v1.4.27

Fix target assert issue caused by iPhone11/iPhone12 for 802.11ax models.
Add log message for Wi-Fi reload event.
Add protection to prevent Wi-Fi interface could not be brought up.
Force client balancing disabled on ECW220/ECW230.

v1.4.26

Support Facebook Wi-Fi.
Add client's TX/RX Byte information in disassociation event log.
Modify LSP Page about HTTP/HTTPS proxy setting.
Handle HTTP error code 504 upon check-in to cloud server.

v1.4.25

Handle private MAC address detection with blocked info messages.
Adjust mesh related syslog contents.
Support RSTP.
Support background scanning ON/OFF option.
Update certificate for HTTPS access to LSP page.
Remove unnecessary WLAN event logs.

v1.4.23

Handle larger max. client limit value from cloud server.
Fixed the issue that LED on/off would trigger network reload with specific configurations.

v1.4.22

Support MAC address authentication with RADIUS server.
Support MyPSK with RADIUS server authentication.
Handle VLAN ID attribute from RADIUS authentication responses.
Support SSDP responder and adjust mDNS response content.

v1.4.21

Band Steering feature encloses improvement for 802.11k/v and utilizes 802.11r fasting roaming technique to avoid re-authentication upon connection to different radio band.
Procedures of applying WLAN configuration has been optimized to shorten needed time for setting update.
Enhance Captive Portal secure login with HTTPS-based information exchange.
Support my-PSK with dynamic VLAN for WPA2-PSK authentication. (only available from EnGenius Cloud, not external radius)
Mesh AP node supports traffic shaping.
Support SNMP v2/v3 for local management with Get function.
Support multicast to unicast per radio.
Captive Portal feature supports client-leave-network timeout.
Support Client Balancing to steer the client to connect to best available AP.
Support dynamic VLAN (VLAN Pooling).
Support Broadcast/Multicast suppression.

v1.3.15

Adjust channel candidates of Auto-channel selection (ACS).
Adjust power table limitation of Malaysia and Indonesia.

v1.3.14

Apply auto-channel selection mechanism update

v1.3.12

Apply regulatory domain update

v1.3.11

Adjust DTIM from 2 to 3
Adjust amsdu parameter from 7 to 3 for Wi-Fi 6 models
Turn Uplink OFDMA on by default for Wi-Fi 6 models

v1.3.10

Support Client Balancing
Support scheduling system reboot
Support L2-Isolation exception rules for VIP feature
Support radius NAS-id/port/addr attributes
Support software reset-to-default for mobile App
Captive portal supports redirurl parameter

v1.3.8

Fixed the issue that AP may become unstable when some 2.4GHz-only WiFi clients try connecting to AP.
Fixed the issue that AP may hang up where the SSID profile included “hidden” and users downgrade firmware from v1.3.9 to v1.3.7

v1.3.7

Resolve connectivity issue when SSID included space character.

v1.3.6

Improvements

Add log for blocking message clients.
Add log for the action of kicking clients.

Bug Fixes

N/A

v1.3.5

Improvements

Adjust client isolation behavior in NAT mode.
Support DNS settings per SSID.
Support wireless association banned message.
Support https redirect of captive portal.

Bug Fixes

N/A

v1.3.4

Improvements

Add an option to disable 802.11ax in 5G Radio.
Support L2 (MAC Address) client Block List per SSID.
Support advanced feature called Traffic Log to send more wireless client information to dedicated syslog server.
Improve auto-channel algorithm to avoid multiple AP choosing the same channel in certain situation.
Improve the efficiency of applying traffic shaping rules.
Support new Client Timeline feature.
Adjust default DHCP lease time of SSID in NAT mode to 5 minutes.

Bug Fixes

Fix the captive portal issue that triggered RADIUS accounting events before an user is authenticated.
Fix the issue that caused limited IP address allocation for a SSID running in NAT mode.
Fix the issue that caused long duration of captive portal splash page redirection.
Fix driver layer log mechanism to avoid unexpected wireless performance drop.

v1.3.2

Improvements

Improve the efficiency of SSID running in bridge mode.
TX Power tuning options now start from 1 to 10 dBm.
Adjust WMM/DSCP/802.1p mappings to follow conventions.
Support LED Blinking function to trigger an AP to blink its LED for 10 seconds. This could help user to quickly identify the AP.

Bug Fixes

Fix the issue that caused system to get wrong 2.4G channel utilization data in some special cases.

v1.2.18

Improvements

Support WPA3.
Support Mesh Auto Pairing.
NAT/Bridge mode now is configurable per SSID. They are supported only in Captive Portal in previous version.
Support the option to discard association requests from legacy 802.11a/b/g clients.
Enhance the efficiency to apply idle-timeout and session-timeout settings of Captive Portal.

Bug Fixes

Fix the issue that caused memory leak in a special case.

v1.2.15

Improvements

Improve the accuracy of device fingerprint.

Bug Fixes

Fix captive portal IOT issues for certain wireless clients.
Fix the malfunction of EnGenius Radius authentication that caused by firmware upgrade.
Fix the issue that wireless LED did not blink normally in certain situation.
Fix the issue that the 2nd radius server doesn't work.
Fix the issue that DUT may fail to reload configurations during the system applying mesh.

Loading...

ECW215

v1.6.85

[New Features]

Increased MyPSK entry to 5,000 to support larger MDU/Domitory environment.
Supports sub-option codes within DHCP Option 43, enabling EnGenius APs to identify the correct Access Controller (AC) in mixed environments with multiple AP and AC brands.
Support client traffic logs when SSID is set is set to NAT mode, providing more information for trouble shooting.
Supports Configuration Rollback function, allowing the device to automatically rollback to the last stable configuration if a misconfiguration causes a loss of Cloud connection.
Increase 802.11 RTS/CTS disable option to reduce signaling overhead and latency. This improves data transmission efficiency in environments with strong signals and minimal interference, such as those using directional antennas.

v1.6.84

[Issues Fixed]

Resolved mDNS loop issue. When there are multiple AP in a network with multiple SSID and mDNS Forwarding enabled, power cycle one of the AP may causes network unstable.

v1.6.83

[Issues Fixed]

Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.
Solve the issue that LSP can still access when Local Web Pages was disabled.
Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).
Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.
Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.

v1.6.82

Support EnGenius fast-handover algorithm 2.0
Remove dropbear chacha20-poly1305@openssh.com encryption due to security concern.
Fix the issue that clients may get disconnected after editing ACL rules.
Add country code for Japan.

v1.6.81

Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.
Support HTTPS-Only for local device page.
Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.
Speed up the LED turn-off time when the user disables the LED Light function.

Appendix for v1.x.81

Add support for SAMLv2 in Captive portal with Azure-AD

A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.

(a) What is SAMLv2?

SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.

(b) Implications of This Update

Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.
Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.
Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.

(c) Practical Applications

Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.

In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.

Support HTTPS-Only for local device page

To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.

(a) Importance of HTTPS for Security

HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:

Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.
Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.
Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.
User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.

(b) Implementation and Control

By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.

In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.

v1.6.80

Support wireless client MAC-based WMM.
Support application DSCP tagging.
Enhance Traffic Log to support additional NAT information to syslog server.
Support Radsec to provide TLS encryption for Radius connection initiated from AP.
Enhance MyPSK Radius requests for external Radius server to contain both RoamingIQ attribute and mac authentication attribute.
Support additional dolphin action to run Radius server existence test.
Support group of multiple AD configuration for single SSID.
Use dolphin subscribe actions for all channel utilization scan in diag tools.
Support malware URL Blocking.
Support website filtering.
Support hotspot2.0 and openRoaming.
Support client-balancing 2.0
Fix mesh topology that may sometimes display failed.
Enhance Multicast to Unicast function for legacy clients.

Appendix for v1.x.80

Support wireless client MAC-based WMM

(a) Wi-Fi Multimedia (WMM) Overview:

Wi-Fi Multimedia (WMM) is a QoS (Quality of Service) standard that is an integral part of modern Wi-Fi technology, based on the IEEE 802.11e standard. WMM is essential in environments where different types of data compete for bandwidth because it ensures that time-sensitive applications like voice and video conferencing perform well even in congested network conditions. This protocol prioritizes traffic according to four access categories:

Voice: Highest priority, dedicated to voice-over-IP (VoIP) services.
Video: High priority, allocated for streaming video.
Best Effort: Standard priority for general data traffic such as web browsing.
Background: Lowest priority, intended for data that is not time-sensitive, like backups or bulk data transfers.

(b) What Does "MAC-Based WMM Support" Mean?

The feature "Support wireless client mac-based WMM" refers to the capability of the wireless access point (AP) to apply WMM rules based on the MAC address of each connecting client device. A MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Implementing MAC-based WMM allows network administrators to assign different data priorities to devices according to their MAC addresses. This functionality is particularly useful in diverse operational environments where devices have varying bandwidth and latency requirements.

(c) Practical Applications of Mac-Based WMM

Here are several scenarios where mac-based WMM can significantly enhance network management and performance:

Tailored Experience: Enterprises can customize network performance based on the roles or departments within the organization. For example, devices belonging to the executive team or those used in critical operations might be assigned higher data priorities.

Enhanced Security: By controlling which devices have priority access, administrators can better manage network security protocols and reduce the risk of unauthorized data access.

Optimized Network Utilization: Mac-based WMM enables the network to adapt dynamically to changing conditions and user demands, prioritizing critical applications automatically.

Improved Scalability: As more devices join the network, administrators can manage traffic effectively without manual reconfiguration, ensuring consistent performance across all connected devices.

Support application DSCP tagging

(a) What is DSCP?

DSCP stands for Differentiated Services Code Point. It is a field in the IP header used to enable Quality of Service (QoS) on networks. DSCP replaces the older system of IP precedence with a more flexible and granular approach to traffic classification and prioritization. The DSCP field consists of six bits, allowing for 64 different traffic classes that can be defined and used to manage packet forwarding policies.

DSCP plays a crucial role in network traffic management by providing a mechanism for marking packets to receive different levels of service based on their assigned class. This capability is essential for managing congestion and ensuring that high-priority traffic, such as real-time voice or video, receives the necessary bandwidth and minimal latency.

(b) How Does DSCP Work?

When a packet is sent from a source, the DSCP value is set in its IP header, indicating the level of priority it should receive across the network. Network routers and switches read this DSCP value and make decisions about the packet's forwarding priority and queue placement. By doing so, networks can differentiate between various types of traffic, prioritizing them according to organizational policies and network requirements.

(c) Benefits of DSCP Tagging

Improved Network Performance: By prioritizing critical applications, DSCP helps in managing network resources efficiently, thus enhancing overall performance. Traffic like VoIP and video conferencing can operate smoothly even under heavy network load.
Enhanced Quality of Service: DSCP enables more granular control over packet forwarding decisions, allowing network administrators to fine-tune QoS policies. This leads to better service quality, especially for latency-sensitive applications.
Scalability: DSCP scales well with the size of the network, providing a consistent approach to QoS even as the network grows and traffic volume increases.
Flexibility: The ability to define multiple levels of service makes DSCP highly flexible. Organizations can customize their traffic management strategies to align with specific business needs.

(d) Applications of DSCP Tagging in Enterprise Networks

Voice and Video Prioritization: DSCP is extensively used to ensure that voice and video traffic is given priority over other types of data, reducing delays and improving communication quality.
Data Center Traffic Management: In data centers, DSCP can help manage the flow of traffic between servers, storage systems, and external networks, optimizing response times and service delivery.
Remote Work Solutions: With the rise of remote work, DSCP can play a pivotal role in prioritizing VPN traffic to ensure that business-critical applications have the bandwidth they need.

Support hotspot2.0 and openRoaming

(a) What is Hotspot 2.0?

Hotspot 2.0, also known as Wi-Fi Certified Passpoint, is a standard created by the Wi-Fi Alliance to streamline and secure the process of connecting to Wi-Fi hotspots. It allows mobile devices to automatically discover and connect to Wi-Fi networks without user intervention, using a seamless, secure authentication process based on the credentials issued by the service provider, much like cellular networks.

(b) Key Features of Hotspot 2.0

Seamless Connectivity: Hotspot 2.0 enables devices to automatically connect to Wi-Fi networks with robust security protocols, without requiring users to manually search for and select networks.
Enhanced Security: It supports advanced security protocols, such as WPA2-Enterprise and WPA3-Enterprise, providing end-to-end encryption and preventing unauthorized access.
Simplified User Experience: By automating the discovery and connection process, Hotspot 2.0 eliminates the need for users to repeatedly enter login credentials.
Interoperability: Designed to work across different wireless service providers and geographies, facilitating easier roaming and connectivity.

(c) What is OpenRoaming?

OpenRoaming is a federation service that allows users to seamlessly roam between Wi-Fi and cellular networks, removing the need to manually connect to different Wi-Fi networks. It is a collaboration spearheaded by the Wireless Broadband Alliance (WBA) that brings together a consortium of companies aiming to create a globally interconnected network.

(d) Benefits of OpenRoaming

Effortless Network Transition: With OpenRoaming, devices can automatically switch between Wi-Fi and cellular networks without user interaction, depending on the best available network.
Universal Coverage: It aims to combine the benefits of both private and public Wi-Fi networks with cellular service, expanding network coverage dramatically.
Secure Connectivity: OpenRoaming ensures that security standards such as WPA3 are met, keeping the user's data protected during transmission across different networks.
Enhanced User Experience: Provides a smooth, uninterrupted service as users move between different network environments, ideal for travelling users and mobile professionals.

(e) Applications and Implications of Hotspot 2.0 and OpenRoaming

Travel and Hospitality: For travelers, Hotspot 2.0 and OpenRoaming can significantly enhance connectivity in airports, hotels, and public spaces, offering seamless access to high-quality Wi-Fi.
Urban Mobility: In smart cities, these technologies can facilitate uninterrupted internet access across different urban spaces, improving navigation, streaming, and communication services.
Enterprise Connectivity: Businesses can provide secure, seamless Wi-Fi access to employees and visitors, improving productivity and user satisfaction.
Telecommunications: For telecom operators, integrating Hotspot 2.0 and OpenRoaming can reduce the load on cellular networks and provide a better balance of traffic across networks.

The inclusion of "Support for Hotspot 2.0 and OpenRoaming" in our firmware underlines our commitment to enhancing connectivity and user experience. These features enable devices to leverage advanced network technologies to automatically connect to the best available network, securely and effortlessly. By adopting these standards, we are setting a new benchmark for seamless and secure mobile connectivity, catering to the needs of modern users who require reliable and effortless internet access wherever they go.

v1.6.74

Fix the issue that AP sometimes goes offline even when the network is functioning normally.

v1.6.73

Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.

v1.6.71

Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.

mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.

Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.

v1.6.67

Fixed the issue for encountering failure when selecting specific country: Liechtenstein, Montenegro, or Angola.

v1.6.66

Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.

v1.6.61

Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.

v1.6.56

Fixed vulnerability issue (CVE-2022-38546).

v1.6.55

Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:

(a) WPA3 Personal (SAE)

(b) WPA3-Personal/WPA2-PSK mixed

(c) WPA3 Enterprise with suite-b disabled

WPA3-Personal supports Dynamic Client VLAN Pooling.
WPA3-Enterprise supports external Radius with VLAN assignment.
Support DFS channel 144.

v1.6.51

Fixed the issue that Wi-Fi STA can’t access internet with MyPSK+VLAN SSID at some environment.

v1.6.50

Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Support SSID-based IPSec VPN tunneling (StrongSWAN).
Support EnGenius auto VPN (mediator).
Support SMBv2/v3 for AD authentication.

v1.6.48

Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.

v1.6.47

Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.

v1.6.46

Enhance IOT client association compatibility.

v1.6.45

Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.
Resolved Fragattack vulnerability issues.
Support EoGRE tunnel and DHCP option 82.

Loading...

ECW160

v1.3.75

[New Features]

Support for EnGenius Private Cloud (EPC)

v1.3.74

Fix the issue that AP sometimes goes offline even when the network is functioning normally.

v1.3.73

Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.

v1.3.72

Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.

mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.

Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.

v1.3.65

Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.

v1.3.61

Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.

v1.3.60

Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).

v1.3.56

Fixed vulnerability issue (CVE-2022-38546).

v1.3.55

Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:

(a) WPA3 Personal (SAE)

(b) WPA3-Personal/WPA2-PSK mixed

(c) WPA3 Enterprise with suite-b disabled

v1.3.50

Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Resolved Fragattack vulnerability issues.

v1.3.42

Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.

v1.3.41

Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.

v1.3.39

Enhance IOT client association compatibility.

v1.3.38

Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.

v1.3.36

Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue

v1.3.35

Support DCS (Dynamic Channel Selection) by background scanning.
Enhance bcmc function that may block DHCP broadcast OFFER/ACK packets.
Support auto-channel with "Exclude DFS" config.
Support EnGenius cloud diagnostic mode.

v1.3.30

Support system-reserved IP range pool.
Improve Wi-Fi performance while enabling app-detection.
Support RADIUS CoA disconnect-client requests.
Perform periodically scanning for 802.11k report without background scanning.
Support intelligent band-steering.
Support proxy ARP.
Support 802.1x/captive portal with Google Auth.
Support RADIUS WISPr traffic control and traffic quantity attributes.
Support RADIUS MAC-Auth in captive portal.
Support captive portal authentication by LDAP/AD server: single SSID, single server.
Support fail-safe image upgrade from cloud server.
Update 2.4GHz HT20 auto-channel algorithm for using 1,6,11 channels.

v1.3.28

Resolved FragAttack vulnerability issues.

v1.3.27

Add log message for Wi-Fi reload event.
Add protection to prevent Wi-Fi interface could not be brought up.
Update failsafe image for Dakota platform to accommodate management VLAN.
Optimize FW upgrade procedures on Dakota models.

v1.3.26

Support Facebook Wi-Fi.
Add client's TX/RX Byte information in disassociation event log.
Modify LSP Page about HTTP/HTTPS proxy setting.
Handle HTTP error code 504 upon check-in to cloud server.

v1.3.25

Handle private MAC address detection with blocked info messages.
Adjust mesh related syslog contents.
Support RSTP.
Support background scanning ON/OFF option.

v1.3.23

Handle larger max. client limit value from cloud server.
Fixed the issue that LED on/off would trigger network reload with specific configurations.

v1.3.22

Support SSDP responder and adjust mDNS response content.

v1.3.21

Band Steering feature encloses improvement for 802.11k/v and utilizes 802.11r fasting roaming technique to avoid re-authentication upon connection to different radio band.
Procedures of applying WLAN configuration has been optimized to shorten needed time for setting update.
Enhance Captive Portal secure login with HTTPS-based information exchange.
Support my-PSK with dynamic VLAN for WPA2-PSK authentication. (only available from EnGenius Cloud, not external radius)
Mesh AP node supports traffic shaping.
Support SNMP v2/v3 for local management with Get function.
Support multicast to unicast per radio.
Captive Portal feature supports client-leave-network timeout.
Support Client Balancing to steer the client to connect to best available AP.
Support Broadcast/Multicast suppression.

v1.3.15

Adjust channel candidates of Auto-channel selection (ACS).
Adjust power table limitation of Malaysia and Indonesia.

v1.3.14

Apply auto-channel selection mechanism update

v1.3.12

Apply regulatory domain update

v1.3.11

Improve throughput performance
Adjust DTIM from 2 to 3

v1.3.10

Support Client Balancing
Support scheduling system reboot
Support L2-Isolation exception rules for VIP feature
Support radius NAS-id/port/addr attributes
Support software reset-to-default for mobile App
Captive portal supports redirurl parameter

v1.3.8

Fixed the issue that AP may become unstable when some 2.4GHz-only WiFi clients try connecting to AP.
Fixed the issue that AP may hang up where the SSID profile included “hidden” and users downgrade firmware from v1.3.9 to v1.3.7

v1.3.7

Resolve connectivity issue when SSID included space character.

v1.3.6

Improvements

Add log for blocking message clients.
Add log for the action of kicking clients.

Bug Fixes

N/A

v1.3.5

Improvements

Adjust client isolation behavior in NAT mode.
Support DNS settings per SSID.
Support wireless association banned message.
Support https redirect of captive portal.

Bug Fixes

N/A

v1.3.4

Improvements

Support L2 (MAC Address) client Block List per SSID.
Support advanced feature called Traffic Log to send more wireless client information to dedicated syslog server.
Improve auto-channel algorithm to avoid multiple AP choosing the same channel in certain situation.
Improve the efficiency of applying traffic shaping rules.
Support new Client Timeline feature.
Adjust default DHCP lease time of SSID in NAT mode to 5 minutes.

Bug Fixes

Fix the captive portal issue that triggered RADIUS accounting events before an user is authenticated.
Fix the issue that caused limited IP address allocation for a SSID running in NAT mode.
Fix the issue that caused long duration of captive portal splash page redirection.
Fix driver layer log mechanism to avoid unexpected wireless performance drop.

v1.3.2

Improvements

Improve the efficiency of SSID running in bridge mode.
TX Power tuning options now start from 1 to 10 dBm.
Adjust WMM/DSCP/802.1p mappings to follow conventions.
Support LED Blinking function to trigger an AP to blink its LED for 10 seconds. This could help user to quickly identify the AP.

Bug Fixes

Fix the issue that caused system to get wrong 2.4G channel utilization data in some special cases.

v1.2.18

Improvements

Support WPA3.
Support Mesh Auto Pairing.
NAT/Bridge mode now is configurable per SSID. They are supported only in Captive Portal in previous version.
Support the option to discard association requests from legacy 802.11a/b/g clients.
Enhance the efficiency to apply idle-timeout and session-timeout settings of Captive Portal.

Bug Fixes

Fix the issue that caused memory leak in a special case.

v1.2.15

Improvements

Improve the accuracy of device fingerprint.

Bug Fixes

Fix captive portal IOT issues for certain wireless clients.
Fix the malfunction of EnGenius Radius authentication that caused by firmware upgrade.
Fix the issue that wireless LED did not blink normally in certain situation.
Fix the issue that the 2nd radius server doesn't work.
Fix the issue that DUT may fail to reload configurations during the system applying mesh.

Loading...

ECW130

v1.3.75

[New Features]

Support for EnGenius Private Cloud (EPC)

v1.3.74

Fix the issue that AP sometimes goes offline even when the network is functioning normally.

v1.3.73

Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.

v1.3.72

Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.

mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.

Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.

v1.3.65

Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.

v1.3.61

Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.

v1.3.60

Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).

v1.3.56

Fixed vulnerability issue (CVE-2022-38546).

v1.3.55

Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:

(a) WPA3 Personal (SAE)

(b) WPA3-Personal/WPA2-PSK mixed

(c) WPA3 Enterprise with suite-b disabled

v1.3.51

This f/w version is for the first release.

Loading...

ECW120

v1.3.75

[New Features]

Support for EnGenius Private Cloud (EPC)

v1.3.74

Fix the issue that AP sometimes goes offline even when the network is functioning normally.

v1.3.73

Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.

v1.3.72

Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.

mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.

Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.

v1.3.65

Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.

v1.3.61

Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.

v1.3.60

Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).

v1.3.56

Fixed vulnerability issue (CVE-2022-38546).

v1.3.55

Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:

(a) WPA3 Personal (SAE)

(b) WPA3-Personal/WPA2-PSK mixed

(c) WPA3 Enterprise with suite-b disabled

v1.3.50

Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Resolved Fragattack vulnerability issues.

v1.3.42

Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.

v1.3.41

Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.

v1.3.39

Enhance IOT client association compatibility.

v1.3.38

Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.

v1.3.36

Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue

v1.3.35

Support DCS (Dynamic Channel Selection) by background scanning.
Enhance bcmc function that may block DHCP broadcast OFFER/ACK packets.
Support auto-channel with "Exclude DFS" config.
Support EnGenius cloud diagnostic mode.

v1.3.30

Support system-reserved IP range pool.
Improve Wi-Fi performance while enabling app-detection.
Support RADIUS CoA disconnect-client requests.
Perform periodically scanning for 802.11k report without background scanning.
Support intelligent band-steering.
Support proxy ARP.
Support 802.1x/captive portal with Google Auth.
Support RADIUS WISPr traffic control and traffic quantity attributes.
Support RADIUS MAC-Auth in captive portal.
Support captive portal authentication by LDAP/AD server: single SSID, single server.
Support fail-safe image upgrade from cloud server.
Update 2.4GHz HT20 auto-channel algorithm for using 1,6,11 channels.

v1.3.28

Resolved FragAttack vulnerability issues.

v1.3.27

Add log message for Wi-Fi reload event.
Add protection to prevent Wi-Fi interface could not be brought up.
Update failsafe image for Dakota platform to accommodate management VLAN.
Optimize FW upgrade procedures on Dakota models.

v1.3.26

Support Facebook Wi-Fi.
Add client's TX/RX Byte information in disassociation event log.
Modify LSP Page about HTTP/HTTPS proxy setting.
Handle HTTP error code 504 upon check-in to cloud server.

v1.3.25

Handle private MAC address detection with blocked info messages.
Adjust mesh related syslog contents.
Support RSTP.
Support background scanning ON/OFF option.
Update certificate for HTTPS access to LSP page.

v1.3.23

Handle larger max. client limit value from cloud server.
Fixed the issue that LED on/off would trigger network reload with specific configurations.

v1.3.22

Support SSDP responder and adjust mDNS response content.

v1.3.21

Band Steering feature encloses improvement for 802.11k/v and utilizes 802.11r fasting roaming technique to avoid re-authentication upon connection to different radio band.
Procedures of applying WLAN configuration has been optimized to shorten needed time for setting update.
Enhance Captive Portal secure login with HTTPS-based information exchange.
Support my-PSK with dynamic VLAN for WPA2-PSK authentication. (only available from EnGenius Cloud, not external radius)
Mesh AP node supports traffic shaping.
Support SNMP v2/v3 for local management with Get function.
Support multicast to unicast per radio.
Captive Portal feature supports client-leave-network timeout.
Support Client Balancing to steer the client to connect to best available AP.
Support Broadcast/Multicast suppression.

v1.3.15

Adjust channel candidates of Auto-channel selection (ACS).
Adjust power table limitation of Malaysia and Indonesia.

v1.3.14

Apply auto-channel selection mechanism update

v1.3.12

Apply regulatory domain update

v1.3.11

Improve throughput performance
Adjust DTIM from 2 to 3

v1.3.10

Support Client Balancing
Support scheduling system reboot
Support L2-Isolation exception rules for VIP feature
Support radius NAS-id/port/addr attributes
Support software reset-to-default for mobile App
Captive portal supports redirurl parameter

v1.3.8

Fixed the issue that AP may become unstable when some 2.4GHz-only WiFi clients try connecting to AP.
Fixed the issue that AP may hang up where the SSID profile included “hidden” and users downgrade firmware from v1.3.9 to v1.3.7

v1.3.7

Resolve connectivity issue when SSID included space character.

v1.3.6

Improvements

Add log for blocking message clients.
Add log for the action of kicking clients.

Bug Fixes

N/A

v1.3.5

Improvements

Adjust client isolation behavior in NAT mode.
Support DNS settings per SSID.
Support wireless association banned message.
Support https redirect of captive portal.

Bug Fixes

N/A

v1.3.4

Improvements

Support L2 (MAC Address) client Block List per SSID.
Support advanced feature called Traffic Log to send more wireless client information to dedicated syslog server.
Improve auto-channel algorithm to avoid multiple AP choosing the same channel in certain situation.
Support advanced feature called presence reporting which makes the AP continuously gathering 802.11 probe request frames sent by wireless clients and then sending the data to specific 3rd party server.
Improve the efficiency of applying traffic shaping rules.
Support new Client Timeline feature.
Adjust default DHCP lease time of SSID in NAT mode to 5 minutes.

Bug Fixes

Fix the captive portal issue that triggered RADIUS accounting events before an user is authenticated.
Fix the issue that caused limited IP address allocation for a SSID running in NAT mode.
Fix the issue that caused long duration of captive portal splash page redirection.
Fix driver layer log mechanism to avoid unexpected wireless performance drop.

v1.3.2

Improvements

Improve the efficiency of SSID running in bridge mode.
TX Power tuning options now start from 1 to 10 dBm.
Adjust WMM/DSCP/802.1p mappings to follow conventions.
Support LED Blinking function to trigger an AP to blink its LED for 10 seconds. This could help user to quickly identify the AP.

Bug Fixes

Fix the issue that caused system to get wrong 2.4G channel utilization data in some special cases.

v1.2.18

Improvements

Support WPA3.
Support Mesh Auto Pairing.
Support the way to access LSP (local support page) with URL http://EnGenius.local and discover AP with Bonjour protocol.
Support the way to show system status with specific SSID name to ease the troubleshooting on device on-boarding.
NAT/Bridge mode now is configurable per SSID. They are supported only in Captive Portal in previous version.
Support the option to discard association requests from legacy 802.11a/b/g clients.
Enhance the efficiency to apply idle-timeout and session-timeout settings of Captive Portal.

Bug Fixes

Fix the issue that caused memory leak in a special case.

v1.2.15

Improvements

Improve the accuracy of device fingerprint.
Support default configurations of EnGenius Cloud Radius.

Bug Fixes

Fix captive portal IOT issues for certain wireless clients.
Fix the malfunction of EnGenius Radius authentication that caused by firmware upgrade.
Fix the issue that wireless LED did not blink normally in certain situation.
Fix the issue that the 2nd radius server doesn't work.
Fix the issue that DUT may fail to reload configurations during the system applying mesh.

Loading...

ECW115

v1.3.75

[New Features]

Support for EnGenius Private Cloud (EPC)

v1.3.74

Fix the issue that AP sometimes goes offline even when the network is functioning normally.

v1.3.73

Fix the device online status issue where certificates may sometimes disappear after device firmware update.
Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.
Fix AP offline issue caused by UTF-8 device name.
Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.

v1.3.72

Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field
Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.
Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.
If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.

mDNS (Multicast DNS) Overview:
mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.
In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.
BCMC (Broadcast/Multicast Control) suppression Functionality:
On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.
BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.
Interplay between mDNS and BCMC:
In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.

Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.
SSID on LAN : support AD and LDAP captive portal authentication.

v1.3.65

Update openssl version (from 1.1.1n to 3.0.9) to support TLS1.2
Optimize captive portal re-authentication with backup cache.
Improve client balance background scan algorithm: optimize the algorithm flow by reducing unnecessary actions in client balance background scan algorithm to increase the efficiency.
Set BCMC suppression enabled by default. Enabling BCMC suppression may eliminate unnecessary broadcast and multicast packets from Ethernet to wireless interface and result in less wireless interference.
Set min. bitrate value as 12Mbps for each radio interface. Higher minimum bitrate value can help reduce the client connections with lower signal strength and result in faster roaming to other AP to avoid AP sticky connection issue.

v1.3.61

Fixed traffic log for wrong format issue.
Fixed abnormal banned message displaying when message length is more than one line.
Don't force disabling accounting server in voucher service.
Fixed Wi-Fi crash issue in v1.x.60 FW which caused system reboot.
Adjust DHCP Discover-packet sending scheme when both L2 isolation and portal are enabled.

v1.3.60

Update channel spec to v230404.
Revise L2-Isolation to allow broadcast and multicast traffics to go through.
Add a new function for channel candidate list.
Enhance Application Analysis to support per-client statistics.
Disable default open Management SSID.
Enhance DCS mechanism to support CSA (Channel Switching Announcement).

v1.3.56

Fixed vulnerability issue (CVE-2022-38546).

v1.3.55

Support SNMPv3 with multiple user accounts.
Support application blocking feature.
Support 802.11r in more security types:

(a) WPA3 Personal (SAE)

(b) WPA3-Personal/WPA2-PSK mixed

(c) WPA3 Enterprise with suite-b disabled

v1.3.51

Fixed the issue that PSE function doesn’t work.

v1.3.50

Update openssl to 1.1.1n
Support AD server with multi-group feature.
Optimize Wi-Fi reload time.
Support Wi-Fi Calling QoS.
Support 1000 myPSK rules per AP.
Resolved Fragattack vulnerability issues.

v1.3.42

Adjust EAP-Enterprise rekey interval to avoid wireless IOT issues.

v1.3.41

Fix hostapd daemon dead issue.
Add protection for hostapd zombie symptom.
Fix VLAN by RADIUS issue.

v1.3.39

Enhance IOT client association compatibility.

v1.3.38

Support RADIUS CoA disconnect-client requests (802.1x)
Support SmartTV SSID
LSP page encloses language support for Japanese language.

v1.3.36

Support multiple domains of AD server.
Adjust DCS algorithm.
Recognize new iOS/MAC OS version.
Fixed captive portal for IPv6 issue.
Adjust log messages.
Fixed diag tool/Speed Test issue

v1.3.35

Support DCS (Dynamic Channel Selection) by background scanning.
Enhance bcmc function that may block DHCP broadcast OFFER/ACK packets.
Support auto-channel with "Exclude DFS" config.
Support EnGenius cloud diagnostic mode.

v1.3.30

Support system-reserved IP range pool.
Improve Wi-Fi performance while enabling app-detection.
Support RADIUS CoA disconnect-client requests.
Perform periodically scanning for 802.11k report without background scanning.
Support intelligent band-steering.
Support proxy ARP.
Support 802.1x/captive portal with Google Auth.
Support RADIUS WISPr traffic control and traffic quantity attributes.
Support RADIUS MAC-Auth in captive portal.
Support captive portal authentication by LDAP/AD server: single SSID, single server.
Support fail-safe image upgrade from cloud server.
Update 2.4GHz HT20 auto-channel algorithm for using 1,6,11 channels.

v1.3.28

Resolved FragAttack vulnerability issues.

v1.3.27

Add log message for Wi-Fi reload event.
Add protection to prevent Wi-Fi interface could not be brought up.
Update failsafe image for Dakota platform to accommodate management VLAN.

v1.3.26

Support Facebook Wi-Fi.
Add client's TX/RX Byte information in disassociation event log.
Modify LSP Page about HTTP/HTTPS proxy setting.
Handle HTTP error code 504 upon check-in to cloud server.

v1.3.25

Handle private MAC address detection with blocked info messages.
Adjust mesh related syslog contents.
Allow SSID profile applied to LAN port for wired clients (Phase-1 enhancement for ECW115).
Support RSTP.
Support background scanning ON/OFF option.
Update certificate for HTTPS access to LSP page.

v1.3.23

Handle larger max. client limit value from cloud server.
Fixed the issue that LED on/off would trigger network reload with specific configurations.
Fixed IPTV streaming issue for trunk port.

v1.3.22

Support SSDP responder and adjust mDNS response content.

v1.3.21

Band Steering feature encloses improvement for 802.11k/v and utilizes 802.11r fasting roaming technique to avoid re-authentication upon connection to different radio band.
Procedures of applying WLAN configuration has been optimized to shorten needed time for setting update.
Enhance Captive Portal secure login with HTTPS-based information exchange.
Support my-PSK with dynamic VLAN for WPA2-PSK authentication. (only available from EnGenius Cloud, not external radius)
Mesh AP node supports traffic shaping.
Support SNMP v2/v3 for local management with Get function.
Support multicast to unicast per radio.
Captive Portal feature supports client-leave-network timeout.
Support Client Balancing to steer the client to connect to best available AP.
Support Broadcast/Multicast suppression.

v1.3.15

Adjust channel candidates of Auto-channel selection (ACS).
Adjust power table limitation of Malaysia and Indonesia.

v1.3.14

Apply auto-channel selection mechanism update

v1.3.12

Apply regulatory domain update

v1.3.11

Improve throughput performance
Adjust DTIM from 2 to 3

v1.3.10

Support Client Balancing
Support scheduling system reboot
Support L2-Isolation exception rules for VIP feature
Support radius NAS-id/port/addr attributes
Support software reset-to-default for mobile App
Captive portal supports redirurl parameter

v1.3.8

Fixed the issue that AP may become unstable when some 2.4GHz-only WiFi clients try connecting to AP.
Fixed the issue that AP may hang up where the SSID profile included “hidden” and users downgrade firmware from v1.3.9 to v1.3.7

v1.3.7

Resolve connectivity issue when SSID included space character.

v1.3.6

Improvements

Add log for blocking message clients.
Add log for the action of kicking clients.

Bug Fixes

N/A

v1.3.5

Improvements

Adjust client isolation behavior in NAT mode.
Support DNS settings per SSID.
Support wireless association banned message.
Support https redirect of captive portal.

Bug Fixes

N/A

v1.3.4

Improvements

Support L2 (MAC Address) client Block List per SSID.
Support advanced feature called Traffic Log to send more wireless client information to dedicated syslog server.
Improve auto-channel algorithm to avoid multiple AP choosing the same channel in certain situation.
Support advanced feature called presence reporting which makes the AP continuously gathering 802.11 probe request frames sent by wireless clients and then sending the data to specific 3rd party server.
Improve the efficiency of applying traffic shaping rules.
Support new Client Timeline feature.
Adjust default DHCP lease time of SSID in NAT mode to 5 minutes.

Bug Fixes

Fix the captive portal issue that triggered RADIUS accounting events before an user is authenticated.
Fix the issue that caused limited IP address allocation for a SSID running in NAT mode.
Fix the issue that caused long duration of captive portal splash page redirection.
Fix driver layer log mechanism to avoid unexpected wireless performance drop.

v1.3.2

Improvements

Improve the efficiency of SSID running in bridge mode.
TX Power tuning options now start from 1 to 10 dBm.
Adjust WMM/DSCP/802.1p mappings to follow conventions.
Support LED Blinking function to trigger an AP to blink its LED for 10 seconds. This could help user to quickly identify the AP.

Bug Fixes

Fix the issue that caused system to get wrong 2.4G channel utilization data in some special cases.

Loading...

Switch Firmware

Loading...

ECS15XX/ECS25XX Series

v1.2.96

[Issue Fixed]

Fix the issue where the MAC FDB sometimes fails to update correctly when a client moves from one port to another.

v1.2.95

[New Features]

Support Surveillance VLAN in local GUI and CLI to automatically detect surveillance devices and assign them to a predefined VLAN with enhanced QoS, ensuring the security and quality of surveillance traffic.
Enhance PoE detection mechanisms to improve interoperability with legacy PDs that may not fully comply with PoE negotiation standards.
Enhance LLDP-MED and port power limit algorithms to improve interoperability with PDs that do not accurately report power demands with their redistributed PDs.

v1.2.90

Support HTTPs-only function (from device side).
Fixed the issue that switch may not sync all configurations with Cloud at the first check-in.

v1.2.88

Fixed the issue where IPv6 address in network settings cannot be saved after reboot.
Fixed CPU loading issue upon parsing DHCP traffics for wired client information.

v1.2.85 (Obsolete, replaced by v1.2.88)

Add CLI command for wired client-list function: wired client list { enable | disable }
Modify DHCP packet's host name (Option 12) to include model name and add 4 MAC address digits (2-bytes).
Change default configurations:
1. DHCP snooping is disabled by default.
2. Wired client list is enabled by default.
Add CLI command to support config VLAN range.
Implement CLI commands that can show current config of specified feature.
Add CLI commands to support displaying 5-min port utilization records for past 24 hours.
Add CLI command to support showing different running config.
Modify the LLDP-MED TLV value content when connecting to Senao Extender.
Support manually disable / enable cloud agent by CLI and Local GUI.
Change default config to disable IPv6 default route.
Enhance Cloud agent to support 802.1x+MAB feature.
Support the wired client list feature.
Disable both flow control and 802.1x on ECS switch's default configurations.
Adjust the system-name parameter to read-only on LSP page.

v1.2.76

Integrate ACLG (Auto-CAM life-guard) into the PDLG.
Add ONVIF discovery feature.
Change the jumbo frame size to 12KB.
Support VTP (VLAN trunking port) for 1 ~ 4094 VLAN ID.
Enclose system name for displaying in syslog messages.
Support system name using UTF-8.
Support port isolation and grouping (Please be advised the isolation settings will need re-configuration due to feature update where forward ports can be specified for a chosen port when port isolation is enabled).

v1.2.73

Support MDNS and SSDP discovery protocols.
Support LBD function per port setting.
Add Private-VLAN function. (via CLI and local GUI for now)
Support LSP function.
Fine-tune the ping delay time issue.
Fine-tune the abnormal last update time issue for cloud_agent.
Support Gratuitous ARP function.
Support single port binding to trunking member via local GUI.

v1.2.72

Enhance Cloud Agent to support MAF. (MAC address filtering)
Known Issue: in [MLD Snooping][Router Settings], when adding a port into static port list, the port will show as "T", instead of "S".
Known Issue: in [Web][Port Settings], Fiber ports will stop working after setting 1Gbps/Full from web then changing to other speed; this can be recovered by disabling/enabling the port.

v1.2.71

Fix abnormal gateway configuration in the DHCP relay environment.
Fix abnormal LLDP TLV format for SFP port. (e.g., ECS2512FP)
Fixed the issue of VLAN name synchronization when the VLAN name contains special characters such as parentheses (e.g., '()').
Add BPDU Guard / Root Guard for STP protocol feature.
Add SNMPv3 configurations for cloud agent.
Add MVR feature.
Enclose fix for CVE-related issue (no_dirlist).

v1.2.70

Support multiple Regions (including Japan).
Revise system name to be “Model Name” followed by “-“ with last 4 digits of device MAC address (for example, ECS5512-38f8).

v1.2.69

Support web proxy server feature in local GUI for cloud agent.
Enhance switch sync mechanism with cloud and cloud check-in time.
Enclose fix to prevent switch hang upon configuring static IPv4 address to switch device.
Modify the action when schedule.db changes for scheduled PoE feature.
Modify the log handling with Cloud about flick reboot.
Fix switch hang issue with IGMP and MLD for IPTV integration.
Fix potential segmentation fault issue for the routing feature.

v1.2.68

Packet capture supports both Tx/Rx feature.
Fix the issue when an user configured VLAN name with a space character via the cloud, it will not sync to the device.

v1.2.65

Add MAC-Authentication-Bypass feature.

v1.2.64

Add ONVIF camera discovery feature.
Modified the trunk binding rule to bypass the media type check mechanism, allowing binding with different link speeds.

v1.2.63

Update the number of VLAN entries to 2048.

v1.2.62

Fix the firmware upgrade issue when the switch current firmware version is from very early version.

v1.2.61

Support Packet Capture in Diag Tools on EnGenius Cloud for cloud-managed ECS switch.

v1.2.60

Support Diag Tools on EnGenius Cloud for cloud-managed ECS switch.

v1.2.59

Apply new GUI design to device's web management pages.
Add DHCP IP auto-renew mechanism when cloud agent cannot check-in to server.

v1.1.58

Support optimized IGMP fast leave.

v1.1.57

Fine-tune ARP-validation mechanism to accommodate Mesh feature with ECW Cloud AP.

v1.1.55

Enhance PD Lifeguard feature with pending expiration.
Add "Version ID" for IGMP feature.

v1.1.52 (obsolete and will be updated soon)

Add supported model for ECS1552FPv2 and ECS1528FPv2
Change Syslog write to flash level from INFO to Critical.
Support VLAN 0 to facilitate forwarding behavior.
Disable SSDP and mDNS features temporarily to avoid memory sizing issues.
For Multi-G series switches, PHY settings are adjusted to keep better ability of Interconnection to support most link-partners.

v1.1.49

Adjust header parsing rule for time-zone parameter. (cloud agent)
Adjust the SSDP and mDNS default configuration to disable. (It won't handle SSDP and mDNS packets by default setting.)

v1.1.47

Switch PoE scheduling feature will let user configure schedule via Cloud GUI when the device is powered by PoE of the port.
Switch LED on/off feature allows switch LED to be turned off at the upper-right corner in switch device detail page via Cloud GUI. (please be advised PoE Mode/LAN Mode LED cannot be turned off due to hardware limitation.)
Reset PoE from the port panel allows user to mouse-over PoE ports on switch port panel via Cloud GUI and power-cycle the port so the device attached to the port can be rebooted.

v1.1.42

Add GET/SET SNMP community for cloud agent.
Fix abnormal static route entry issue.
Fix abnormal default gateway issue.
Fix abnormal uplink port issue.
Fix EEE feature not able to save power issue. (for all ECS Multi-G series)

v1.1.40

Add Connection Diagnostic page in ECS local web management.
Add “Extend” link-speed mode in port setting page. (Not supported in multi-G series because it is without 10Mbps-speed.)
Support 2K static VLAN entries.
Adjust the hybrid service priority for Cloud Agent and WTP process.
Add "On", "Off" action for Scheduled PoE.
Add DHCP snooping / relay features for Cloud Agent.

v1.1.36

Update LED behavior code to cope with multi-G (5Gbps/2.5Gbps) LED color change from green to amber. 10Gbps LED remains green and 100Mbps/1Gbps remain amber as in previous v1.1.35.

v1.1.35

Bug Fixes

Fix DHCP client function that may cause system crash issue.

v1.1.31

Improvements

Resolve LBD behavior issue when STP enabled.
Add LLDP remote information ''system description'', ''remote capability support'', and ''remote capability enable''.
Renew the DNS server IP when receiving DHCP offer packet.

Bug Fixes

Resolve memory leak caused by abnormal DHCP packets.

v1.1.29

Improvements

Accommodate loop back detection mechanism for IOT devices.
Support trunk and mirror settings for cloud management.
Improve the efficiency to initiate cloud management service.
Add system warm start log to denote an expected software reboot.
Adjust default value of port rate limit to 1Mbps.
Web GUI now follows new 2020 California Password Law (SB-327) to force user changing password for a first time login.
Improve the way to show STP block/unblock status.
Support configure local credential in Cloud. Note that if the cloud already configured a different credential, the local credential will be synced to the cloud one automatically.

Bug Fixes

Fix the issue of packet buffer leak which may cause a system reboot.
Fix the issue that some specific DHCP packets sent by Mikrotik or Huawei router may cause system reboot.
Fix the bug that recurring setting of daylight saving does not work when SNTP service is not available.

v1.1.21

Improvements

Support cloud configuration on per port PVID and vlan members.

Bug Fixes

Correct the syslog timestamp issue.
Fix GUI and CLI issue by limiting the input format of User Account to Letters, Numbers, and underline character '_' only.
Fix GUI and CLI issue by excluding character '@' from password string.

v1.1.19

Improvements

Enhance DHCP settings to accommodate 2 sets of DNS server IP upon receiving multiple sets of DNS server IP from DHCP server.
Add system restart logs.

Bug Fixes

N/A

Loading...

ECS5512F/ECS5512FP/ECS5512

v2.2.26

[Issue Fixed]

Fix the issue where the MAC FDB sometimes fails to update correctly when a client moves from one port to another.

v2.2.25

[New Features]

Support Surveillance VLAN in local GUI and CLI to automatically detect surveillance devices and assign them to a predefined VLAN with enhanced QoS, ensuring the security and quality of surveillance traffic.
Enhance PoE detection mechanisms to improve interoperability with legacy PDs that may not fully comply with PoE negotiation standards.
Enhance LLDP-MED and port power limit algorithms to improve interoperability with PDs that do not accurately report power demands with their redistributed PDs.

v2.2.20

Support HTTPs-only function (from device side).
Fixed the issue that switch may not sync all configurations with Cloud at the first check-in.

v2.2.18

Fixed OSPFv3 Area Setting page display error. (Configure → L3 Protocols → OSPFv3 → Area Settings)
Fixed CPU loading issue upon parsing DHCP traffics for wired client information.

v2.2.15 (Obsolete, replaced by v2.2.18)

Add CLI command for wired client-list function: wired client list { enable | disable }
Modify DHCP packet's host name (Option 12) to include model name and add 4 MAC address digits (2-bytes).
Change default configurations:
1. DHCP snooping is disabled by default.
2. Wired client list is enabled by default.
Add CLI command to support config VLAN range.
Implement CLI commands that can show current config of specified feature.
Add CLI commands to support displaying 5-min port utilization records for past 24 hours.
Add CLI command to support showing different running config.
Modify the LLDP-MED TLV value content when connecting to Senao Extender.
Support manually disable / enable cloud agent by CLI and Local GUI.
Change default config to disable IPv6 default route.
Enhance Cloud agent to support 802.1x+MAB feature.
Change STP default config from MSTP to RSTP.

v2.2.6

Integrate ACLG (Auto-CAM life-guard) into the PDLG.
Add ONVIF discovery feature.
Change the jumbo frame size to 12KB.
Support VTP (VLAN trunking port) for 1 ~ 4094 VLAN ID.
Enclose system name for displaying in syslog messages.
Support system name using UTF-8.
Support port isolation and grouping (Please be advised the isolation settings will need re-configuration due to feature update where forward ports can be specified for a chosen port when port isolation is enabled).

v2.2.2

Support MDNS and SSDP discovery protocols.
Support LBD function per port setting.
Add Private-VLAN function. (via CLI and local GUI for now)
Support LSP function.
Fine-tune the ping delay time issue.
Fine-tune the abnormal last update time issue for cloud_agent.
Support Gratuitous ARP function.
Support single port binding to trunking member via local GUI.

v2.2.1

Add RIP/OSPF feature.
Add RIPng/OSPFv3 feature.
Enclose config update:

IPv4:

Maximum ARP (Host Route) : 2048

Maximum Static Route : 256

Maximum Dynamic + Static Route : 1024

IPv6:

Maximum Neighbor (Host Route) : 1024

Maximum Static Route : 128

Maximum Dynamic + Static Route : 512

Add IPv4 multiple interface configurations for cloud agent.
Add RIP/OSPF configurations for cloud agent.
Add IPv4 routing table for cloud agent.
Add IPv4 static route configurations for cloud agent.
Enhance multiple interface & address for L3-series. (IPv4 address: 4 → 16, IPv6 address: 20 → 32)
Enhance Cloud Agent to support MAF. (MAC address filtering)
Known Issue: in [MLD Snooping][Router Settings], when adding a port into static port list, the port will show as "T", instead of "S".
Known Issue: in [Web][Port Settings], Fiber ports will stop working after setting 1Gbps/Full from web then changing to other speed; this can be recovered by disabling/enabling the port.
Fix abnormal gateway configuration in the DHCP relay environment.
Fix abnormal LLDP TLV format for SFP port.
Fixed the issue of VLAN name synchronization when the VLAN name contains special characters such as parentheses (e.g., '()').
Add BPDU Guard / Root Guard for STP protocol feature.
Add SNMPv3 configurations for cloud agent.
Add MVR feature.
Enclose fix for CVE-related issue (no_dirlist).
Support multiple Regions (including Japan).
Revise system name to be “Model Name” followed by “-“ with last 4 digits of device MAC address (for example, ECS5512-38f8).
Support web proxy server feature in local GUI for cloud agent.
Enhance switch sync mechanism with cloud and cloud check-in time.
Enclose fix to prevent switch hang upon configuring static IPv4 address to switch device.
Modify the action when schedule.db changes for scheduled PoE feature.
Modify the log handling with Cloud about flick reboot.
Fix switch hang issue with IGMP and MLD for IPTV integration.
Fix potential segmentation fault issue for the routing feature.

v1.2.68

This version is for the first release.

Loading...

ECS1008P/ECS1112FP

v1.2.96

[Issue Fixed]

Fix the issue where the MAC FDB sometimes fails to update correctly when a client moves from one port to another.

v1.2.95

[New Features]

Enhance PoE detection mechanisms to improve interoperability with legacy PDs that may not fully comply with PoE negotiation standards.
Enhance LLDP-MED and port power limit algorithms to improve interoperability with PDs that do not accurately report power demands with their redistributed PDs.

v1.2.90

Support HTTPs-only function (from device side).
Fixed the issue that switch may not sync all configurations with Cloud at the first check-in.
Add enhancement to prevent switch out of memory.

v1.2.88

Fixed the issue where IPv6 address in network settings cannot be saved after reboot.
Fixed CPU loading issue upon parsing DHCP traffics for wired client information.
Fixed the error display for CPU loading on EnGenius cloud dashboard.

v1.2.85 (Obsolete, replaced by v1.2.88)

Add CLI command for wired client-list function: wired client list { enable | disable }
Modify DHCP packet's host name (Option 12) to include model name and add 4 MAC address digits (2-bytes).
Change default configurations:
1. DHCP snooping is disabled by default.
2. Wired client list is enabled by default.
Add CLI command to support config VLAN range.
Implement CLI commands that can show current config of specified feature.
Add CLI commands to support displaying 5-min port utilization records for past 24 hours.
Add CLI command to support showing different running config.
Modify the LLDP-MED TLV value content when connecting to Senao Extender.
Support manually disable / enable cloud agent by CLI and Local GUI.
Change default config to disable IPv6 default route.
Enhance Cloud agent to support 802.1x+MAB feature.
Support the wired client list feature.
Disable both flow control and 802.1x on ECS switch's default configurations.
Adjust the system-name parameter to read-only on LSP page.

v1.2.76

Integrate ACLG (Auto-CAM life-guard) into the PDLG.
Add ONVIF discovery feature.
Support VTP (VLAN trunking port) for 1 ~ 4094 VLAN ID.
Enclose system name for displaying in syslog messages.
Support system name using UTF-8.
Support port isolation and grouping (Please be advised the isolation settings will need re-configuration due to feature update where forward ports can be specified for a chosen port when port isolation is enabled).

v1.2.73

Support MDNS and SSDP discovery protocols.
Support LBD function per port setting.
Add Private-VLAN function. (via CLI and local GUI for now)
Support LSP function.
Fine-tune the abnormal last update time issue for cloud_agent.
Support Gratuitous ARP function.
Support single port binding to trunking member via local GUI.
Enhance ECS1008P (v2) to support AT mode.

v1.2.72

Enhance Cloud Agent to support MAF. (MAC address filtering)
Known Issue: in [MLD Snooping][Router Settings], when adding a port into static port list, the port will show as "T", instead of "S".
Known Issue: in [Web][Port Settings], Fiber ports will stop working after setting 1Gbps/Full from web then changing to other speed; this can be recovered by disabling/enabling the port.

v1.2.71

Fix abnormal gateway configuration in the DHCP relay environment.
Fixed the issue of VLAN name synchronization when the VLAN name contains special characters such as parentheses (e.g., '()').
Add BPDU Guard / Root Guard for STP protocol feature.
Add SNMPv3 configurations for cloud agent.
Add MVR feature.
Enclose fix for CVE-related issue (no_dirlist).

v1.2.70

Support multiple Regions (including Japan).
Revise system name to be “Model Name” followed by “-“ with last 4 digits of device MAC address (for example, ECS5512-38f8).

v1.2.69

Support web proxy server feature in local GUI for cloud agent.
Enhance switch sync mechanism with cloud and cloud check-in time.
Enclose fix to prevent switch hang upon configuring static IPv4 address to switch device.
Modify the action when schedule.db changes for scheduled PoE feature.
Modify the log handling with Cloud about flick reboot.
Fix switch hang issue with IGMP and MLD for IPTV integration.
Fix potential segmentation fault issue for the routing feature.

v1.2.68

Packet capture supports both Tx/Rx feature.
Fix the issue when an user configured VLAN name with a space character via the cloud, it will not sync to the device.

v1.2.65

Add MAC-Authentication-Bypass feature.

v1.2.64

Add ONVIF camera discovery feature.
Modified the trunk binding rule to bypass the media type check mechanism, allowing binding with different link speeds.

v1.2.63

Update the number of VLAN entries to 1024.

v1.2.62

Fix the firmware upgrade issue when the switch current firmware version is from very early version.

v1.2.61

Support Packet Capture in Diag Tools on EnGenius Cloud for cloud-managed ECS switch.

v1.2.60

Support Diag Tools on EnGenius Cloud for cloud-managed ECS switch.

v1.2.59

Apply new GUI design to device's web management pages.
Add DHCP IP auto-renew mechanism when cloud agent cannot check-in to server.

v1.1.58

Support optimized IGMP fast leave.

v1.1.57

Fine-tune ARP-validation mechanism to accommodate Mesh feature with ECW Cloud AP.

v1.1.55

Enhance PD Lifeguard feature with pending expiration.
Add "Version ID" for IGMP feature.

v1.1.52 (obsolete and will be updated soon)

Change Syslog write to flash level from INFO to Critical.
Support VLAN 0 to facilitate forwarding behavior.
Disable SSDP and mDNS features temporarily to avoid memory sizing issues.
For Multi-G series switches, PHY settings are adjusted to keep better ability of Interconnection to support most link-partners.

v1.1.49

Adjust header parsing rule for time-zone parameter. (cloud agent)
Adjust the SSDP and mDNS default configuration to disable. (It won't handle SSDP and mDNS packets by default setting.)

v1.1.47

Switch PoE scheduling feature will let user configure schedule via Cloud GUI when the device is powered by PoE of the port.
Switch LED on/off feature allows switch LED to be turned off at the upper-right corner in switch device detail page via Cloud GUI. (please be advised PoE Mode/LAN Mode LED cannot be turned off due to hardware limitation.)
Reset PoE from the port panel allows user to mouse-over PoE ports on switch port panel via Cloud GUI and power-cycle the port so the device attached to the port can be rebooted.

v1.1.42

Add GET/SET SNMP community for cloud agent.
Fix abnormal static route entry issue.
Fix abnormal default gateway issue.
Fix abnormal uplink port issue.

v1.1.40

Add Connection Diagnostic page in ECS local web management.
Add “Extend” link-speed mode in port setting page. (Not supported in multi-G series because it is without 10Mbps-speed.)
Support 2K static VLAN entries.
Adjust the hybrid service priority for Cloud Agent and WTP process.
Add "On", "Off" action for Scheduled PoE.
Add DHCP snooping / relay features for Cloud Agent.

v1.1.36

Update LED behavior code to cope with multi-G (5Gbps/2.5Gbps) LED color change from green to amber. 10Gbps LED remains green and 100Mbps/1Gbps remain amber as in previous v1.1.35.

v1.1.35

Bug Fixes

Fix DHCP client function that may cause system crash issue.

v1.1.31

Improvements

Resolve LBD behavior issue when STP enabled.
Add LLDP remote information ''system description'', ''remote capability support'', and ''remote capability enable''.
Renew the DNS server IP when receiving DHCP offer packet.

Bug Fixes

Resolve memory leak caused by abnormal DHCP packets.

v1.1.29

Improvements

Accommodate loop back detection mechanism for IOT devices.
Support trunk and mirror settings for cloud management.
Improve the efficiency to initiate cloud management service.
Add system warm start log to denote an expected software reboot.
Adjust default value of port rate limit to 1Mbps.
Web GUI now follows new 2020 California Password Law (SB-327) to force user changing password for a first time login.
Improve the way to show STP block/unblock status.
Support configure local credential in Cloud. Note that if the cloud already configured a different credential, the local credential will be synced to the cloud one automatically.

Bug Fixes

Fix the issue of packet buffer leak which may cause a system reboot.
Fix the issue that some specific DHCP packets sent by mikrotik router may cause system reboot.
Fix the bug that recurring setting of daylight saving does not work when SNTP service is not available.

v1.1.21

Improvements

Support cloud configuration on per port PVID and vlan members.

Bug Fixes

Correct the syslog timestamp issue.
Fix GUI and CLI issue by limiting the input format of User Account to Letters, Numbers, and underline character '_' only.
Fix GUI and CLI issue by excluding character '@' from password string.

v1.1.19

Improvements

Enhance DHCP settings to accommodate 2 sets of DNS server IP upon receiving multiple sets of DNS server IP from DHCP server.
Add system restart logs.

Bug Fixes

N/A

Loading...

SD-WAN Gateway Firmware

Loading...

ESG510

v1.2.65

[New Features]

Support Layer 7 Policy Based Route, allows administrator to designate which WAN port to be used for different applications.
Support Layer 7 firewall rule to block specific application that may hurt you network.
Support rollback configuration to prevent configuration errror that impact cloud connections.
Increase Layer 3 and Layer 7 firewall event logs, improving traffic visibility and easier for administrator troubleshoot their network.
Direct SecuPoint VPN user traffic using the gateway's PBR settings to ensure that all user traffic follows the same rules
Enhanced WAN disconnected log making WAN troubleshoot easier.
Support to disable LLDP for specific environment that do not allow auto discovery protocols. (Cloud does not support yet)
Support mDNS function making ESG easier to be found in local network. (Cloud does not support yet)

[Issues Fixed]

Fixed the issue where LAN subnets matching PBR rules could not route to other local subnets.
Fixed the issue that SecuPoint remote client can't access ESG’s local LAN if Passthrough mode and Split tunnel are enabled.

v1.2.60

[New Features]

Enhanced firewall logs to output as a text file in real-time. (Cloud does not support yet)
Auto VPN Hub-and-Spoke supports full tunnel mode. (Cloud does not support yet)
Added support for static routing over VPN. (Cloud does not support yet)
When a rogue DHCP server is detected, an event log notification will be generated.
Added support to export NAT logs to an external syslog server. (Cloud does not support yet)
New dashboard displays WWAN information when WWAN is the primary WAN.
Added a new event log for reaching the maximum number of SecuPoint client seats.
Added a new event log for when the public IP and WAN IP are configured the same in NAT.
Support enable/disable HTTPs-only for local web page access. Allowing users force web UI access encrypted for better security.
Support enable/disable Local Web Page. Allowing users forbid local managements to prevent the confliction with the central cloud management.

[Issues Fixed]

Resolved an issue where the DDNS hostname was not displayed in the SecuPoint VPN client when passthrough mode was enabled.
Fixed an issue where the SecuPoint VPN client was non-functional when the primary WAN2 connection type was set to DHCP or a static IP address.
Addressed an issue where an Android phone (SecuPoint VPN client) could not access the internal server when SecuPoint VPN and port forwarding were enabled.
Corrected an issue where the latency monitor was inaccurate when the PBR function was enabled.
Fixed a problem with the Diag tool to prevent response failures.
Resolved an issue where the S2S VPN connection failed when the ESG uplink gateway changed its WAN IP address.
Fixed an issue where third-party DDNS updates failed at the first update after an ESG510 reboot.

v1.2.48

Fixed the issue for Auto Site-to-Site VPN connection sometimes getting disconnected upon WAN function reloaded with the following conditions:
- Case 1: WAN IP is being changed (e.g., PPPoE IP changed)
- Case 2: Fail-over under dual WAN
- Case 3: IP getting changed in front end of Gateway
Fixed the issue for Diag Tool sometimes showing "This device is unavailable".

v1.2.47

Fixed the issue for Site to Site VPN and IPsec Client VPN function that do not work properly with BASIC license.

v1.2.46

Support Policy Route.
Support Gateway Access Control: VIP List and Block List.
Support Firewall Traffic Log - syslog server.
Support Packet Capture for WAN interfaces.
Adjust the definition and behavior of "System Name" and "Device Name"
- Remove System Name setting from LSP.
- Revise DHCP client hostname to {ModelName}-{MAC_last_4_digits}.
- System Name support multi-language.
Automatically add a GRE port forwarding rule while adding PPTP TCP port: 1723
Revise Subnet Mask format of Static IP in LSP.
Optimize reset button behavior.
Fixed Gateway status issue when it shows online, it doesn't show WAN1/WAN2 IP information in Cloud UI.
Fixed the issue for Auto VPN where it failed if the number of ESG devices is more than 11.
Fixed the issue where the system becomes stuck upon continuously adding two bridge interfaces without assigning any Ethernet ports.

v1.2.40

Use System Name as Host name for WAN via DHCP.
Enhance WAN security to close port 53 if Outbound FQDN rules are set.
Fixed the issue for Site-to-Site VPN connection not established after system reloading in some cases.
Fixed the issue for SecuPoint server to let it work in Passthrough Mode or under NAT.
Support URL filtering and Block page. (Cloud page to be updated)
Support EnGenius and 3rd-party DDNS function in Passthrough Mode. (Cloud page to be updated)
Support Client traffic statistics. (Cloud page to be updated)

v1.2.37

Support Site-to-Site VPN Failover for ESG and Non-EnGenius Gateway.
Support EnGenius DDNS.
Support EnGenius SecuPoint VPN.
Revise LSP GUI style.
Fixed the issue for captive portal page not able to redirect to external splash page.
Fixed the routing issue upon enabling dual WAN where WAN interfaces have the same WAN gateway.
Note for Enhanced Security: The new firmware version (1.2.37) will remove the support for the less secure 3DES and MD5 options in IPSec Site-to-Site VPN Phase 2 settings, enhancing your data protection.

v1.1.35

Add WWAN Failover Preference setting.
Add WWAN information for network statistics, packet loss, latency, and throughput.
Add USB port status for cellular dongle information.
Support PoE Reset function.
Revise System Name synchronization mechanism: (1) ESG510 will always set "System Name" according to cloud configuration. (2) ESG510 will synchronize "System Name" ONLY ONCE from DUT to Cloud if user manually revises it through LSP.
Fixed system hang-up issue occurred in some conditions when Captive Portal function enabled.
Fixed the Failover function fail issue when WAN1 or WAN2 has been assigned an IP address but is unable to access the Internet.
Fixed the Failover function when it sometimes fails to resume the primary WAN connection.
Fixed the Firewall function when FQDN string length is over 32 characters in the Outbound Rules and it causes Client VPN function fail.
Fixed the expiration time of DHCP Lease when it showed incorrect remaining time.
Fixed the Site-to-Site VPN Status that showed disconnection when static routing rule is added.
Fixed the issue that it is failed to establish Site-to-Site VPN connection when using non-EnGenius Gateway in Passthrough mode.
Fixed the issue that ESG510 is unable to reconnect to Non-EnGenius peer after Site-to-Site VPN connection is disconnected.
Fixed the issue for incorrect type setting of Local / Remote ID in Non-EnGenius Site-to-Site VPN settings.
Fixed the issue for incorrect DHCP Client ID on the WAN interface where the content of Option 61 should be the MAC address of ESG510 rather than "ESG510".

v1.1.33

Add a function to override WAN MAC address setting on LSP.
Add a function to support Multi-Bridge function.
Add a function to support Per-Client bandwidth limitation.
Improve PPPoE throughput performance on Dual WAN (DHCP & PPPoE) case.
Revise Diag Tools for CPU loading stability.
Fixed the connection status issue where Non-EnGenius Peers' connection is connected but status is incorrect.
Fixed incorrect throughput result of WAN speed in Diag Tools.

v1.1.32

Remove VPN disconnect message if it is caused by Re-Authentication.
Fixed the issue that Gateway Client will become empty when ESG510 is set to dual WAN but WAN2 port didn't plug in Ethernet cable.
Fixed the issue that is failed to set up DNS servers in WAN2 when WAN2's DNS server is set up to "Using Google Public DNS" or set up to "8.8.8.8/8.8.4.4" manually.
Fixed the issue that Site-to-Site VPN will use non-Primary WAN to establish VPN tunnels sometimes.
Fixed SIP compatibility issue.
Fixed the issue that VPN Client list is empty when VPN client connected to ESG510 in Passthrough mode.

v1.1.31

Fixed the issue that SIP Phone failed to register.
Fixed the issue that Firewall Outbound Rules will be failed to apply if setting up multiple source and destination IPs in a rule.
Fixed the issue for LAN-to-LAN communication where an untagged VLAN (Default LAN) client is not able to communicate with other tagged VLAN clients.
Fixed the issue when there’s a configured VLAN-tagged LAN interface in Gateway>Interfaces/LAN settings, the device will not boot up properly when this LAN interface is disabled.
Fixed the issue that Client VPN user will fail to query domains if a FQDN rule added in Firewall settings.

v1.1.30

Error messages are now shown on LSP when ESG NTP, ICMP, HTTP, and HTTPS Internet connection health check fails.
Default System Name is now changed to "Model name" + "-" + “last 4 digits of MAC address”.
Fixed the issue that Client VPN and Allowed Services fail when a particular character is included in the ESG VPN user description.
Fixed the issue that mDNS floodings when ESG and downstream ECW AP are both performing mDNS forwarding.
Fixed the issue for Site-to-Site VPN with 3rd party VPN device.

v1.1.28

Supports FQDN specification in firewall outbound rule.
Character set is revised to allow in LSP System Name setting: ‘0’-‘9’, ‘a’-‘z’, ‘A’-‘Z’ and '-'
Enables System Name synchronization with Cloud setting.
Fixed the issue that DHCP Lease information is not correctly displayed.
Fixed the issue that is unable to search APs across ESG LAN ports when using the EnGenius Locator tool .
Fixed the issue that mDNS Repeater does not work properly when WAN2 is enabled.
Fixed the issue that Captive Portal Walled Garden does not work properly in some cases.

v1.1.27

Supports FQDN Hostname and wildcard specification in Walled Garden for Captive Portal service.
Adds new function for mDNS(multicast DNS) Repeater(default is enabled).
It is revised to send “WAN1”, ”WAN2” instead of “P4”, ”P3” in LLDP port description.
Fixed the issue for Client VPN service not active after firmware upgrade.

V1.1.26

Adds Site-to-Site VPN in Passthrough mode.
Adds “Disable” option to disable Auto NAT Traversal.
Adds Diagnostic Tool with multiple WANs/LANs.
Fixed the issue to let VPN Peer "Network Name" correctly display in the Event Log and Notifications.
Fixed the issue that Captive Portal service occasionally does not work when WAN2 is toggled between enable/disable.
Fixed the issue where wrong ID/password is not displayed on the Captive Portal splash page.
Fixed the issue that incorrect WAN1 IP is displayed in LSP while VLAN is enabled in Passthrough mode.
Fixed the issue that firewall outbound rule does not work for Client VPN users in Passthrough mode.
Fixed the issue that DDNS update fails when DDNS is set to Custom.
Fixed the issue for Captive Portal and RADIUS service not working after firmware upgrade.

v1.1.25

New Functions:

Adds Passthrough mode with the following features:
- WAN1 uplink port setting
- Client VPN
- Outbound firewall rules to filter traffic from LAN clients

Filtering traffic from Client VPN users is not supported with Passthrough mode in this release.

Supports HTTPS login for LSP(Local Status Page).
DDNS update error message is displayed in the Event Log.
Revised function to make DDNS update on hourly basis, and when the WAN status is changed.
Fixed the issue that Gateway Client traffic record is incorrect.

v1.1.24

Solve network topology display issue.
Solve synchronization issues between the local GUI account and the EnGeniusn Cloud server.
Solve DDNS hostname not displayed in Client VPN.

Loading...

ESG610

v1.2.65

[New Features]

Support Layer 7 Policy Based Route, allows administrator to designate which WAN port to be used for different applications.
Support Layer 7 firewall rule to block specific application that may hurt you network.
Support rollback configuration to prevent configuration errror that impact cloud connections.
Increase Layer 3 and Layer 7 firewall event logs, improving traffic visibility and easier for administrator troubleshoot their network.
Direct SecuPoint VPN user traffic using the gateway's PBR settings to ensure that all user traffic follows the same rules
Enhanced WAN disconnected log making WAN troubleshoot easier.
Support to disable LLDP for specific environment that do not allow auto discovery protocols. (Cloud does not support yet)
Support mDNS function making ESG easier to be found in local network. (Cloud does not support yet)

[Issues Fixed]

Fixed the issue where LAN subnets matching PBR rules could not route to other local subnets.
Fixed the issue that SecuPoint remote client can't access ESG’s local LAN if Passthrough mode and Split tunnel are enabled.

v1.2.60

[New Features]

Enhanced firewall logs to output as a text file in real-time. (Cloud does not support yet)
Auto VPN Hub-and-Spoke supports full tunnel mode. (Cloud does not support yet)
Added support for static routing over VPN. (Cloud does not support yet)
When a rogue DHCP server is detected, an event log notification will be generated.
Added support to export NAT logs to an external syslog server. (Cloud does not support yet)
New dashboard displays WWAN information when WWAN is the primary WAN.
Added a new event log for reaching the maximum number of SecuPoint client seats.
Added a new event log for when the public IP and WAN IP are configured the same in NAT.
Support enable/disable HTTPs-only for local web page access. Allowing users force web UI access encrypted for better security.
Support enable/disable Local Web Page. Allowing users forbid local managements to prevent the confliction with the central cloud management.

[Issues Fixed]

Resolved an issue where the DDNS hostname was not displayed in the SecuPoint VPN client when passthrough mode was enabled.
Fixed an issue where the SecuPoint VPN client was non-functional when the primary WAN2 connection type was set to DHCP or a static IP address.
Addressed an issue where an Android phone (SecuPoint VPN client) could not access the internal server when SecuPoint VPN and port forwarding were enabled.
Corrected an issue where the latency monitor was inaccurate when the PBR function was enabled.
Fixed a problem with the Diag tool to prevent response failures.
Resolved an issue where the S2S VPN connection failed when the ESG uplink gateway changed its WAN IP address.

v1.2.48

Fixed the issue for Auto Site-to-Site VPN connection sometimes getting disconnected upon WAN function reloaded with the following conditions:
- Case 1: WAN IP is being changed (e.g., PPPoE IP changed)
- Case 2: Fail-over under dual WAN
- Case 3: IP getting changed in front end of Gateway
Fixed the issue for Diag Tool sometimes showing "This device is unavailable".

v1.2.47

Fixed the issue for Site to Site VPN and IPsec Client VPN function that do not work properly with BASIC license.

v1.2.46

Support Policy Route.
Support Gateway Access Control: VIP List and Block List.
Support Firewall Traffic Log - syslog server.
Support Packet Capture for WAN interfaces.
Adjust the definition and behavior of "System Name" and "Device Name"
- Remove System Name setting from LSP.
- Revise DHCP client hostname to {ModelName}-{MAC_last_4_digits}.
- System Name support multi-language.
Automatically add a GRE port forwarding rule while adding PPTP TCP port: 1723
Revise Subnet Mask format of Static IP in LSP.
Optimize reset button behavior.
Fixed Gateway status issue when it shows online, it doesn't show WAN1/WAN2 IP information in Cloud UI.
Fixed the issue for Auto VPN where it failed if the number of ESG devices is more than 11.
Fixed the issue where the system becomes stuck upon continuously adding two bridge interfaces without assigning any Ethernet ports.

v1.2.40

Use System Name as Host name for WAN via DHCP.
Enhance WAN security to close port 53 if Outbound FQDN rules are set.
Fixed the issue for Site-to-Site VPN connection not established after system reloading in some cases.
Fixed the issue for SecuPoint server to let it work in Passthrough Mode or under NAT.
Support URL filtering and Block page. (Cloud page to be updated)
Support EnGenius and 3rd-party DDNS function in Passthrough Mode. (Cloud page to be updated)
Support Client traffic statistics. (Cloud page to be updated)

v1.2.37

Support Site-to-Site VPN Failover for ESG and Non-EnGenius Gateway.
Support EnGenius DDNS.
Support EnGenius SecuPoint VPN.
Fixed the routing issue upon enabling dual WAN where WAN interfaces have the same WAN gateway.
Note for Enhanced Security: The new firmware version (1.2.37) will remove the support for the less secure 3DES and MD5 options in IPSec Site-to-Site VPN Phase 2 settings, enhancing your data protection.

v1.2.35

Add WWAN Failover Preference setting.
Add WWAN information for network statistics, packet loss, latency, and throughput.
Add USB port status for cellular dongle information.
Support PoE Reset function.
Support WAN1, WAN2, and WWAN Speed Test in Diag Tool.
Revise System Name synchronization mechanism: (1) ESG610 will always set "System Name" according to cloud configuration. (2) ESG610 will synchronize "System Name" ONLY ONCE from DUT to Cloud if user manually revises it through LSP.
Revise LSP GUI style.
Fixed the Failover function fail issue when WAN1 or WAN2 has been assigned an IP address but is unable to access the Internet.
Fixed the Failover function when it sometimes fails to resume the primary WAN connection.
Fixed the issue that ESG610 is unable to reconnect to Non-EnGenius peer after Site-to-Site VPN connection is disconnected.
Fixed the issue for incorrect type setting of Local / Remote ID in Non-EnGenius Site-to-Site VPN settings.
Fixed the issue for incorrect DHCP Client ID on the WAN interface where the content of Option 61 should be the MAC address of ESG610 rather than "ESG610".
Fixed the issue for Event Log where it continuously displays firmware upgrade and applied configuration messages while the device is being upgraded.
Fixed the issue for captive portal page not able to redirect to external splash page.

v1.2.33

Add a function to override WAN MAC address setting on LSP.
Add a function to support Multi-Bridge function.
Add a function to support Per-Client bandwidth limitation.
Adjust the algorithm of Dual WAN failover function.
Revise Diag Tools for CPU loading stability.
Fixed the connection status issue where Non-EnGenius Peers' connection is connected but status is incorrect.
Fixed incorrect throughput result of WAN speed in Diag Tools.

v1.2.31

Remove VPN disconnect message if it is caused by Re-Authentication.
Client VPN function failed in Passthrough mode.
Fail to set up DNS servers in WAN2 when WAN2's DNS server is set up to "Using Google Public DNS" or set up to "8.8.8.8/8.8.4.4" manually.
SIP compatibility issue.
Auto VPN function sometimes doesn't work.

v1.2.30

This f/w version is for the first release.

Loading...

ESG620

v1.2.65

[New Features]

Support Layer 7 Policy Based Route, allows administrator to designate which WAN port to be used for different applications.
Support Layer 7 firewall rule to block specific application that may hurt you network.
Support rollback configuration to prevent configuration errror that impact cloud connections.
Increase Layer 3 and Layer 7 firewall event logs, improving traffic visibility and easier for administrator troubleshoot their network.
Direct SecuPoint VPN user traffic using the gateway's PBR settings to ensure that all user traffic follows the same rules
Enhanced WAN disconnected log making WAN troubleshoot easier.
Support to disable LLDP for specific environment that do not allow auto discovery protocols. (Cloud does not support yet)
Support mDNS function making ESG easier to be found in local network. (Cloud does not support yet)

[Issues Fixed]

Fixed the issue where LAN subnets matching PBR rules could not route to other local subnets.
Fixed the issue that SecuPoint remote client can't access ESG’s local LAN if Passthrough mode and Split tunnel are enabled.

v1.2.60

[New Features]

Enhanced firewall logs to output as a text file in real-time. (Cloud does not support yet)
Auto VPN Hub-and-Spoke supports full tunnel mode. (Cloud does not support yet)
Added support for static routing over VPN. (Cloud does not support yet)
When a rogue DHCP server is detected, an event log notification will be generated.
Added support to export NAT logs to an external syslog server. (Cloud does not support yet)
New dashboard displays WWAN information when WWAN is the primary WAN.
Added a new event log for reaching the maximum number of SecuPoint client seats.
Added a new event log for when the public IP and WAN IP are configured the same in NAT.
Support enable/disable HTTPs-only for local web page access. Allowing users force web UI access encrypted for better security.
Support enable/disable Local Web Page. Allowing users forbid local managements to prevent the confliction with the central cloud management.

[Issues Fixed]

Resolved an issue where the DDNS hostname was not displayed in the SecuPoint VPN client when passthrough mode was enabled.
Fixed an issue where the SecuPoint VPN client was non-functional when the primary WAN2 connection type was set to DHCP or a static IP address.
Addressed an issue where an Android phone (SecuPoint VPN client) could not access the internal server when SecuPoint VPN and port forwarding were enabled.
Corrected an issue where the latency monitor was inaccurate when the PBR function was enabled.
Fixed a problem with the Diag tool to prevent response failures.
Resolved an issue where the S2S VPN connection failed when the ESG uplink gateway changed its WAN IP address.
Fixed an issue where the VPN connection failed when the primary WAN was WAN2.

v1.2.48

Fixed the issue for Auto Site-to-Site VPN connection sometimes getting disconnected upon WAN function reloaded with the following conditions:
- Case 1: WAN IP is being changed (e.g., PPPoE IP changed)
- Case 2: Fail-over under dual WAN
- Case 3: IP getting changed in front end of Gateway
Fixed the issue for Diag Tool sometimes showing "This device is unavailable".

v1.2.47

Fixed the issue for Site to Site VPN and IPsec Client VPN function that do not work properly with BASIC license.

v1.2.46

Support Policy Route.
Support Gateway Access Control: VIP List and Block List.
Support Firewall Traffic Log - syslog server.
Support Packet Capture for WAN interfaces.
Adjust the definition and behavior of "System Name" and "Device Name"
- Remove System Name setting from LSP.
- Revise DHCP client hostname to {ModelName}-{MAC_last_4_digits}.
- System Name support multi-language.
Automatically add a GRE port forwarding rule while adding PPTP TCP port: 1723
Revise Subnet Mask format of Static IP in LSP.
Optimize reset button behavior.
Fixed Gateway status issue when it shows online, it doesn't show WAN1/WAN2 IP information in Cloud UI.
Fixed the issue for Auto VPN where it failed if the number of ESG devices is more than 11.
Fixed the issue where the system becomes stuck upon continuously adding two bridge interfaces without assigning any Ethernet ports.

v1.2.40

Use System Name as Host name for WAN via DHCP.
Enhance WAN security to close port 53 if Outbound FQDN rules are set.
Fixed the issue for Site-to-Site VPN connection not established after system reloading in some cases.
Fixed the issue for SecuPoint server to let it work in Passthrough Mode or under NAT.
Fixed the issue for ESG620 not able to connect to EnGenius Cloud via WAN2 connection when an unsupported SFP+ module is plugged into WAN1 port.
Support URL filtering and Block page. (Cloud page to be updated)
Support EnGenius and 3rd-party DDNS function in Passthrough Mode. (Cloud page to be updated)
Support Client traffic statistics. (Cloud page to be updated)

v1.2.37

This f/w version is for the first release.

Loading...

PDU Firmware

Loading...

ECP106/ECP106-INT

v1.0.20

[New Features]

Support the new model ECP106-INT.
Support enable/disable HTTPs-only for local web page access. Allowing users force web UI access encrypted for better security.
Support enable/disable Local Web Page. Allowing users forbid local managements to prevent the confliction with the central cloud management.
Add Retry and Reset options to AutoReboot, increasing the flexibility of device power management.
Support synchronize "Schedule" configurations in local GUI to Cloud when PDU first time check in Cloud.
Add a new event log when PDU detects outlet has no power supply after AutoReboot.
Add new event logs for firmware upgrade.
Configurations made via LCD will be kept even device reboot.
Supports LCD viewing angles of 0, 90, and 270 degrees in dark mode, ensuring that the content is easy to read regardless of the installation orientation.
Support displaying the Serial Number and Local Web Page on/off status on the LCD.

v1.0.15

Provide email notification in case the connected device loses power from Auto-rebooting.

v1.0.10

Improved the voltage safe range to accommodate varying default settings across different countries.

v1.0.7

Fixed the issue to let event log record AMP safe range when exceeding configuration range.
Fixed the issue to let event log record the configured safe range of power and current.
Fixed the issue to correct the testing email's sending errors.

v1.0.5

Extend Outlet and User Name Length to 64.
Add org license function.
Modify default max amp current from 4A to 12A.
Add schedule time slider in local GUI page.

v1.0.0

This f/w version is for the first release.

Loading...

ECP214/ECP212-INT

v1.0.20

[New Features]

Support the new model ECP212-INT.
Support enable/disable HTTPs-only for local web page access. Allowing users force web UI access encrypted for better security.
Support enable/disable Local Web Page. Allowing users forbid local managements to prevent the confliction with the central cloud management.
Add Retry and Reset options to AutoReboot, increasing the flexibility of device power management.
Support synchronize "Schedule" configurations in local GUI to Cloud when PDU first time check in Cloud.
Add a new event log when PDU detects outlet has no power supply after AutoReboot.
Add new event logs for firmware upgrade.
Configurations made via LCD will be kept even device reboot.
Support displaying the Serial Number and Local Web Page on/off status on the LCD.

v1.0.15

Provide email notification in case the connected device loses power from Auto-rebooting.

v1.0.10

Improved the voltage safe range to accommodate varying default settings across different countries.

v1.0.7

Fixed the issue to let event log record AMP safe range when exceeding configuration range.
Fixed the issue to let event log record the configured safe range of power and current.
Fixed the issue to correct the testing email's sending errors.

v1.0.5

Extend Outlet and User Name Length to 64.
Add org license function.
Modify default max amp current from 4A to 12A.
Add schedule time slider in local GUI page.

v1.0.0

This f/w version is for the first release.

Loading...

Switch Extender Firmware

Loading...

EXT1105P

v1.0.11

Enclosed fix for the incorrect front port LED blinking when pressing LED Blinking button on the cloud.

v1.0.10

This f/w version is for the first release.

Loading...

EXT1106

v1.0.11

Enclosed fix for the incorrect front port LED blinking when pressing LED Blinking button on the cloud.

Loading...

EXT1109P

v1.0.11

Enclosed fix for the incorrect front port LED blinking when pressing LED Blinking button on the cloud.

Loading...

Camera Firmware

Cloud To-Go Mobile App

Release notes here are for Cloud To-Go mobile app iOS and Android, including bug fixes, enhancement, and new features.

Loading...

v1.5x

v1.52.21 (2024/07/09)

Gateway detail page support VPN Status.
Live Client support information of MLD device.

v1.52.20 (2024/06/20)

SSID Support AVX.
Support US partner login.

v1.52.16 (2024/06/10)

Network-wide Gateway Settings support Policy route.
Gateway/PDU detail page support Logs.
Dashboard support Clients/Power Status.

v1.52.13-15 (2024/04/02)

Access Control support Allow List and bug fix.

v1.52.11-12 (2024/03/11)

Support Network-wide Gateway Settings.
Interface-LAN, Static Route.
Site to Site VPN.
Firewall-Outbound Rules, Port Forwarding, 1:1 NAT, Allowed Services.

v1.52.10 (2024/01/15)

LED Behavior of AP support ECW526/ECW536.
Bugfix and UI issue adjustment.

v1.52.09 (2023/12/25)

Support Switch Extender.
Bugfix and UI issue adjustment.

v1.52.08 (2023/12/11)

Support Switch Extender.
Bugfix and UI issue adjustment.

v1.52.07 (2023/12/04)

Network-wide Radio Settings 6G support HT320.
Gateway detail page support WWAN/SFP status.
Network performance Throughput/Latency/Package Loss support WWAN.

v1.52.02-06 (2023/11/21)

Bug fix and improve user experience.

v1.52.01 (2023/10/19)

Supports PDU.
Supports Diagnostic tools and restart within the gateway.
Support application analysis on client details page.

v1.51.21 (2023/7/27)

Support PDUs in Inventory.
Bug fix.

v1.51.16 (2023/05/11)

Support Gateway LED Behavior.
Bug fix.

v1.51.14 (2023/03/29)

Support Model # and Model Name.
Bug fix.

v1.51.08 (2022/10/11)

Upgrade radar chart algorithmic of Dashboard.

v1.51.07 (2022/09/14)

Added Security Gateway management
- Inventory list with Gateway.
- Dashboard with Gateway info.
- Gateway detail page.
Support Language-Japanese.

v1.50 (2022/06/14)

Added 6G radio support.

Loading...

v1.4x

v1.49 (2022/05/13)

Added Diagnosis Tools for Switch
-Switch Activity
-Cable Diagnostics
-Traceroute
-ARP Table
-Live Clients

v1.48 (2022/04/22)

Added new events for AP Alert Settings
-Rogue SSID(s) is detected
-Evil Twins attack(s) is detected
-Malicious attack(s) is detected
-RF Jamming is detected

v1.47 (2022/04/18)

SSID support SmartCast.

v1.46 (2022/03/18)

Added 6G Radio and SSID settings.
Added diagnosis tools- Display All Channel Utilization.
New languages supported – Japanese, Norwegian.

v1.41 (01/26/2022)

Added Diagnosis tools for Access Point.
Unlock the rotate limitation for iPad display.

Loading...

v1.3x

v1.39 (2021/12/22)

Support to change feature plan for AP and Switch.
Support to create and delete Organization.

v1.38 (2021/12/05)

Support feature plans of Basic and PRO for device categories (AP and SW).
Fixed dashboard issues.
Add a new display option, "Last Update".

v1.35 (2021/11/10)

Support DCS and Zero-Wait DFS in Radio Settings of Network-wide Settings.

v1.34 (2021/10/26)

Support Channel Statistics of selected AP.
Language support Thai, Indonesia, Vietnamese, Burmese, and Turkish.
Support Google LDAP, Local LDAP server, and Active Directory for SSID security of WPA2/WAP3 Enterprise.

v1.33 (2021/10/05)

Support dark mode.
More languages support : Nederlands, Français, Deutsch, Italiano, Pу́сский, Español, Svenska.

v1.31 (2021/08/18)

Add reporting task to custom and scheduling network reports.

v1.30 (2021/06/17)

Support search keywords for monitor logs.
Support Block Random MAC Connectionof client access.
Support HTTPS login to Captive Portal.
Monitor Clients Enhancement.
Support Backup&Restore of Network configuration.

Loading...

v1.2x

v1.29 (2021/05/19)

Support Facebook Wi-Fi.

v1.28 (2021/04/30)

Able to setup device local GUI credential during Network creation.
Support to upgrade device firmware immediately.
Bug fix.

v1.24 (2021/04/06)

Support Switch PoE scheduling.
Support Switch PoE reset.
Support Switch PD lifeguard.
Language support Simplified Chinese.

v1.23 (2021/02/26)

Support Switch LED Light.

v1.22 (2021/02/22)

Support Network-wide Settings.
Support Traditional-Chinese.

v1.21 (2020/12/12)

Support Switch VLAN, port, and system settings.
Support new switch model icon: ECS1528P, ECS1552P.
Fix display issue when receiving notifications from different organizations.
Fix the crash issue when resetting the device.

v1.20 (2020/10/16)

Add Message Center.
Support Notification Settings.
Support SSID, Radio, and IP settings.
Support Management VLAN settings AP and Switch page.

Loading...

v1.1x

v1.19 (2020/09/25)

Add VIP function for client access control.

v1.17 (2020/09/05)

Support Wi-Fi (SSID) settings.
Add bandwidth limit for SSID(s) and Client(s).
Add client timeline feature for a specific client.
Support to block suspicious client.
Add animated LED behavior illustration for AP.

v1.16 (2020/06/17)

Support Team member settings.
Add event type filter in Logs page.
Add event type filter in device detail page.

v1.15 (2020/05/28)

1. Support TFA (two-factor authentication) for login method.
2. Allow users to delete account and related data.
3. Add “period of validity” for remote support (passcode) function.
4. Add “Network” in display options for Monitor> Devices list.

v1.14 (2020/05/05)

1. Increase Top N list for Monitor-Dashboard.
2. Add time period filter for Monitor- Client list.
3. Fix scroll down issue in Monitor-Dashboard page. (Android)
4. Fix account registration issue.

v1.13 (2020/03/12)

1. Fix Replace not showing in AP detail. (Android)
2. Fix Replace function does not work in Switch detail. (Android)
3. Fix an issue that caused Switch page crashes due to API spec changes. (iOS)

v1.12 (2020/02/27)

1. Add new category to Top Application dashboard.
2. Fix time zone synchronization issue for Event Log.

v1.11 (2020/01/22)

Monitor - Show detail information for Switch Device Page.

Loading...