Engenius Technologies FAQs

Yes. Power over ethernet (POE) will only power the unit so long as there is enough voltage to power the unit at the end of the cable run.

The maximum distance you can power a device will vary depending on the access point and its voltage required, as well as the voltage provided by the power supply, and the quality of the cable. Cat6 cable is recommended for long POE runs.

For passive POE you should use a 24V power supply. 24V passive POE will power an OM series AP up to about 50 meters or 100-150 feet.

802.3af and 802.3at PoE standards have a distance limit of 100 meters or 328ft which is also the limit for the data transmission for Ethernet cables.

Figure 1: EPE-24R proprietary 24V/1A PoE injector

Figure 2: EPA5006GAT 802.3af/at PoE injector

RSSI stands for Received Signal Strength Indicator. It is an estimated measure of power level that a RF client device is receiving from an access point or router.

At larger distances, the signal gets weaker and the wireless data rates get slower, leading to a lower overall data throughput. Signal is measured by the receive signal strength indicator (RSSI), which in most cases indicates how well a particular radio can hear the remote connected client radios.

Indoor RSSI Set-Up Best Practices

Indoor RSSI Maximums

For mixed use networks:

-75 dB to -80 dB

For session based networks:(Such as video conferencing, Wi-Fi calling, inventory management, etc.)

-60 dB to -65 dB

Recommended Tx Output Power on APs

For mixed use networks: (Such as web browsing, accessing email, etc.)

18 dBm to 20 dBm on the 5 GHz radio

11 dBm to 14 dBm on the 2.4 GHz radio

For session based networks:

11 dBm to 15 dBm on the 5 GHz radio

11 dBm on the 2.4 GHz radio

Channel Width Relation to RSSI

Wider channels normally have lower RSSI values. It is recommended to use smaller channel widths in all but some special circumstances; when configuring EnGenius APs.

Note: Special circumstances are low AP density deployments, such as a small home network. A wider channel setting should only be considered after the RF deployment has been qualified. (40 MHz - 80 MHz and channel widths)

Visualize your projects RSSI through the subscription-free network design tool, ezWiFi Planner. Try it now to measure your projects projected coverage.

To view Outdoor RSSI Best Practices, Click Here

http://community.engeniustech.com/topic/938-what-is-rssi-and-its-acceptable-signal-strength/

The link Quality Link lights will lit only if the operation mode is set to Client Bridge or Client Router.

http://community.engeniustech.com/topic/939-are-link-led-lights-supposed-to-light-up-if-the-engenius-aps-are-in-wds-bridge-mode/

Check out similar topics in EnGenius Community Forum

The switch PoE Power Budget is the total amount of power output available to the PoE ports of the switch. Please make sure that the total power required by all PoE devices powered via the switch PoE ports do not exceed the PoE power budget.

Below is a list of EnGenius PoE switches and their respective PoE Power Budget specifications:

Dropping wireless connections, frequent disconnections and losing wireless connectivity could be caused by wireless interference. Optimizing wireless settings may resolve this issue. Try setting the access points according to the recommended EnGenius AP Configuration Best Practices.

This document summarizes the best practices and procedures for configuring and deploying a standalone AP using EnGenius hardware. This document uses an ENH1750EXT version 2.0.5 for all figures. On other access point models and/or firmware versions, some specific items may be in a slightly different order or on different screens. For single-band access points, omit the sections on configuring the 5 GHz radio and band steering.

Network Usage Types

Even on relatively small networks, it is often a requirement to support different types of users with different levels of access. The following are the typical types of usage applications on Wi-Fi networks:

Staff: Intended for client devices belonging to staff at the facility location used for Security should be either WPA2-Personal or WPA2-Enterprise, depending on whether an external RADIUS server is in use.

Guest: Intended for public / semi-public access, and/or for personal BYOD devices belonging to No encryption should be used for ease of access. Client isolation should always be enabled.

Security: Intended for security cameras, access card readers, NVR servers, and fixed or mobile security WPA2-Personal should be used (many devices do not support WPA2- Enterprise). Client isolation should generally be enabled, unless security stations are connecting wirelessly.

Device: Intended for network appliances, such as SONOS, NEST Thermostats, Control4,, as well as IoT sensors and devices. WPA2-Personal should be used (many devices do not support WPA2-Enterprise). Client isolation should generally be enabled

Voice: Intended for VoIP / VoWiFi WPA2-Personal should be used to minimize roaming times. Client isolation should generally be disabled to enable phones to communicate with each other.

Configuring the Access Points: Dual-Band AP Mode

Log into the Access Point

- http://192.168.1.1

Username: admin

Password: admin

Figure 1: Login screen.

Firmware Check

On the device status screen, validate that the AP is at the latest firmware. If not, upgrade the firmware based on the procedure below.

Figure 2: Device status screen.

Network Settings

Go to the Network Basic Provide a unique static IP address, subnet mask, gateway, and DNS servers for the AP on your LAN. Using DHCP is not recommended, as a static IP address makes it easier to monitor and maintain the AP post-installation. Make sure spanning tree is disabled. Click save.

Wireless Settings: General

Figure 3: Network Basic Screen [bottom].

Go to the Network Wireless

Table 1: Summary table of Wireless settings: General

Variable

Recommended Setting

Explanation

Device Name

{location on property}

Indicates the location of the AP where it will be mounted. Recommended for ease of monitoring and maintenance of AP post-installation

Country / Region

{country}

Indicates country of operation, which restricts the available 2.4 GHz and 5 GHz channels.

Band Steering

Enabled

Band steering will ensure dual-band clients are connecting on the 5 GHz band, which has larger capacity and generally less interference. Note that all SSID settings on both bands must be identical for band steering to work.

Figure 4: Network Basic Screen [General settings].

Wireless Settings: Radio

Table 2: Summary table of Wireless settings: Radio

Vaiable

Recommended Setting 2.4 GHz

Recommended Setting 5 GHz

Explanation

Operation Mode

Access Point [default]

Access Point [default]

Indicates mode of operation.

Wireless Mode

802.11 N

802.11 N

(802.11n APs)

802.11 AC/N

(802.11ac APs)

Unless you have older Wi-Fi devices (e.g. warehouse barcode scanners) that the network must support, turn off connection for 802.11a/b/g devices to minimize protocol overhead.

Channel HT Mode

20 MHz

40 MHz

(802.11n APs)

80 MHz

(802.11ac APs)

The 2.4 GHz band is only 73 MHz wide in the USA, allowing for only 3 independent 20 MHz channels or only 1 independent 40 MHz channel. Never use 40 MHz channels on the 2.4 GHz band in any multi-AP deployment.

The 5 GHz band is 480 MHz wide (semi- contiguous) in the USA, allowing for 24 independent 20 MHz channels, 11

independent 40 MHz channels, 5

independent 80 MHz channels, and 2 independent 160 MHz channels. Never use 160 MHz channels on the 5 GHz band in any multi-AP deployment.

Extension Channel

Disabled [default]

Upper [default]

For 20 MHz channels, no extension channel is used. For larger 5 GHz channels, the extension channel will be determined automatically. When 5 GHz channels are properly selected, the extension channel will always be upper.

Channel

1, 6, or 11

36, 44, 52, 60,

100, 108, 116,

124, 132, 149,

or 157

(40 MHz Channel)

36, 52, 100,

116, 149, or 157

(80 MHz Channel)

Non-overlapping static channels should be assigned for both bands. Do not use auto channel.

Transmit Power

16 dBm [initial]

20 dBm [initial]

A static transmit power should be assigned for both bands. Do not use auto power. Avoid using maximum power, as client devices such as smartphones have weak transmitters and may not be able to talk back to the AP. Furthermore, 2.4 GHz propagates farther than 5 GHz, so the transmit power should be set 4-5 dB lower on the 2.4 GHz band. Initial recommended settings are indicated, but these may need to be tweaked slightly based on your environment.

Data Rate

Auto [default]

Auto [default]

Auto allows the AP and client to dynamically negotiate speed based on distance and other RF factors.

RTS / CTS

Threshold

2346 [default]

2346 [default]

RTS/CTS is a protection mechanism used for backwards compatibility with 802.11a/b/g clients.

Client Limits

127 [default]

127 [default]

Limits the maximum number of clients per radio. Best practice designs plan on 30

50 client devices per AP for typical smartphone / tablet / laptop usage.

Aggregation

Enable 32 Frames

50000 Bytes [default]

Enable 32 Frames

50000 Bytes [Default]

Frame aggregation is used to improve data speeds in 802.11n/ac. Always should be enabled.

Distance

1 km [default]

1 km [default]

Long distance WDS links require additional time to receive ACK frames. Not relevant when radios are in Access Point mode.

Figure 5: Network Wireless Screen [Radio settings].

Wireless Settings: 2.4 GHz & 5 GHz

These settings will depend on the network usage types that need to be supported on your network. If more than one network usage type is to be deployed, VLANs should be used.

Table 3: Summary table of typical network usage applications on Wi-Fi networks.

Network Usage Type

Purpose

Security Mode

Encryption

Passphrase

Group Key Update Interval

Hidden SSID

Client Isolation

L2

Isolation

VLAN

Isolation

VID

Staff

Staff devices at facility location

WPA2-PSK

AES

{8 - 63 characters}

3600

No

No

No

Yes

{2- 4094}

WPA2-Enterprise

AES

see security section

3600

No

No

No

Yes

{2- 4094}

Guest

Public / semi-public access for visitors or customers

Disabled {Open}

N/A

N/A

N/A

No

Yes

Yes

Yes

{2- 4094}

Security

IP cameras, access card scanners, NVR servers, security stations

WPA2-PSK

AES

{8 - 63 characters}

3600

No

No*

No*

Yes

{2- 4094}

Device

Network appliances (e.g. NEST thermostats, Control4, etc.) and IoT

WPA2-PSK

AES

{8 - 63 characters}

3600

No

Yes*

Yes*

Yes

{2- 4094}

Voice

VoIP / VoWiFi headsets

WPA2-PSK

AES

{8 - 63 characters}

3600

No

No

No

Yes

{2- 4094}

Table 4: Summary table of SSID settings.

Variable

Recommended Setting

Explanation

SSID

{1-32 characters}

Name of the network that devices will connect to. Best practice is to put distinguishing feature at front of SSID, since some client devices truncate long SSIDs in their displays. It is recommended to not define more than 4 SSIDs per band, to limit airtime overhead.

Security

None, WPA2-PSK, or WPA2-Enterprise

Depends on application. None recommended only for public / semi-public networks. WPA2-Enterprise recommended for staff devices when using external RADIUS server. WPA2-PSK used otherwise. Neverse WEP, WPA, or WPA mixed. WEP and WPA are deprecated. See next section on Security

Hidden SSID

No

When enabled, hides SSID in beacon frames. Many clients have trouble connecting to SSIDs that are hidden. Also, SSID is still available in association frames so can still be determined. Do not use.

Always disable.

Client Isolation

Yes*

When enabled, prevents client devices connected to the same SSID on the same AP from inter- communicating. Always use for public / semi-public networks. Recommended for security and device networks unless intercommunication is required.

L2 Isolation

Yes*

When enabled, prevents client devices connected to the same SSID across different AP from inter- communicating. Always use for public / semi-public networks. Recommended for security and device networks unless intercommunication is required.

VLAN Isolation

Yes

When more than one network usage type is being implemented, VLANs are required to isolate traffic between SSIDs. Each SSID is associated with a particular VLAN.

VID

{2 4094}

VLAN ID is a 12 bit number. VLAN 0 & 4095 are not used, and VLAN 1 is reserved for non-VLAN traffic. All other SSIDs should be assigned to a unique VLAN. Note your network switch(es) and router must also be configured to support these VLANs.

Security Settings

There are three types of security settings that may be used:

Disabled {Open}: This allows all clients to associate with the access point, but all traffic between the client and access point is Use only for public / semi-public access networks.

Personal {PSK}: This requires the client to have a passphrase (a.k.a pre-shared key or PSK) to access the All traffic is encrypted. This security setting is appropriate for all staff networks not utilizing RADIUS, and all security and device networks. Most Wi-Fi appliances (e.g. cameras, multimedia, IoT, etc.) do not support Enterprise security. Never use WEP, WPA, or Mixed Mode. WEP was cracked in 2001, and WPA-TKIP was implemented as a temporary fix for client devices hardcoded with the RC4/TKIP algorithm used in WEP. Always use WPA2-AES only.

Enterprise {RADIUS}: This requires the client to authenticate to a 3rd party authentication server, such as RADIUS or Appropriate for large corporate and facility networks with dedicated IT staff. Most Wi-Fi appliances (e.g. cameras, multimedia, IoT, etc.) do not support Enterprise security. Never use WEP, WPA, or Mixed Mode. WEP was cracked in 2001, and WPA-TKIP was implemented as a temporary fix for client devices hardcoded with the RC4/TKIP algorithm used in WEP. Always use WPA2-AES only.

Other Security Settings:

Wireless MAC Filter: Used to explicitly allow or deny devices based on pre-programmed MAC Hard to maintain current and MAC addresses easy to spoof on devices. Disabled by default. Do not use.

Wireless Traffic Shaping: This setting limits the amount of bandwidth that can be pushed over the access point for a particular This may be appropriate to use in certain instances where bandwidth into the property is limited and some bandwidth needs to be reserved for particular applications. Disabled by default.

Figure 6: Security setting screen: disabled {open} network.

Settings Specific to Personal (PSK) Security:

Table 5: Summary table of WPA2-Personal settings.

Variable

Recommended Setting

Explanation

Security Mode

WPA2-PSK

WPA has been deprecated. Do not use WPA-PSK or WPA-PSK Mixed. Only use WPA2-PSK.

Encryption

AES

WEP and TKIP have been deprecated. Only use AES.

Passphrase

{8 63 characters}

Best practices for security is to use a mixture of capital letters, lower case letters, numbers, and special characters. Passphrase ideally should be at least 15 characters in length, and not be a dictionary word or phrase.

Group Key Update Interval

3600 seconds [default]

Frequency at which AP should generate a new group key for broadcast messages to all connected clients.

Figure 7: Security setting screen: WPA2 Personal.

Settings Specific to Enterprise (RADIUS) Security:

Table 6: Summary table of WPA2-Enterprise settings.

Variable

Recommended Setting

Explanation

Security Mode

WPA2-Enterprise

WPA has been deprecated. Do not use WPA- Enterprise or WPA Mixed-Enterprise. Only use WPA2-PSK.

Encryption

AES

WEP and TKIP have been deprecated. Only use AES.

Group Key Update Interval

3600 seconds [default]

Frequency at which AP should generate a new group key for broadcast messages to all connected clients.

Radius Server

{IP Address}

IP address of RADIUS server.

Radius Port

1812 [default]

UDP Port of RADIUS server. Most installations use UDP/1812.

Radius Secret

{8 63 characters}

Best practices for security is to use a mixture of capital letters, lower case letters, numbers, and special characters. Ideally should be at least 15 characters in length, and not be a dictionary word or phrase, and different for each SSID.

Radius Accounting

Disable [default]

Enable if RADIUS Accounting server is used on the network.

Radius Accounting Server

{IP Address}

IP address of RADIUS Accounting server. May be same or different than RADIUS server.

Radius Accounting Port

1813 [default]

UDP Port of RADIUS Accounting server. Most installations use UDP/1813.

Radius Accounting Secret

{8 63 characters}

Best practices for security is to use a mixture of capital letters, lower case letters, numbers, and special characters. Ideally should be at least 15 characters in length, and not be a dictionary word or phrase.

Interim Accounting Interval

600 [default]

Polling interval used by RADIUS accounting server

Figure 8: Security setting screen: WPA2 Enterprise.

The following figure shows a representative network set up for 4 SSIDs.

Figure 9: SSID setting example.

Wireless Settings: Other

Guest Network Settings: Leave disabled [default]. This is included to provide for a separate guest access network on a separate This is intended for a single AP environment where only a guest and staff network are needed. Do not use in a multi-AP environment.

Fast Handover / RSSI Threshold: Leave disabled [default]. Per the 11 standard, roaming is triggered by a client device. Some client devices can be “sticky” by not triggering a roam, even when an AP with a significantly stronger signal is available. When enabled, a client device that falls below the RSSI threshold will be disassociated from the access point, to force the device to roam to another access point with a stronger signal. Only use this feature in multi-AP

environments with good Wi-Fi coverage and sticky clients. The RSSI threshold should generally be set for -80 dBm to -90 dBm.

Management VLAN: A management VLAN is a separate VLAN / subnet for your managed network When implementing VLANs, an explicit management VLAN is recommended to prevent wireless users from accessing network equipment.

Figure 10: Wireless Settings: Other.

Apply Changes

Click on the “Changes” button in the upper left and click “Apply” to apply all changes made under Network Basic and Network Wireless. The AP will reboot and come back online with the new settings. Log into the AP with the new IP address.

Management Settings: SNMP

Click on the Management Advanced tab and proceed to the section on SNMP Settings.

Table 7: Summary table of Advanced settings: SNMP.

Variable

Recommended Setting

Explanation

Status

Disable*

SNMP is a valuable and powerful monitoring and management tool. If you are using an NMS or other SNMP software (e.g. Nagios), then enable and change the default settings. If you are not using SNMP, then disable it for security.

Contact

{company name}

The name or web address of the company installing and maintaining the access point.

Location

{property name}

The name of the property or facility where the AP is installed.

Port

161

UDP port for SNMP. Typical implementations use UDP/161.

Community Name (Read Only)

{R/O community string}

String for SNMP read-only access. Always change this from the default “public” for security.

Community Name (Read Write)

{R/W community string}

String for SNMP read-write access. Always change this from the default “private” for security.

Trap Destination Port

162

UDP port for SNMP traps. Typical implementations use UDP/162.

Trap Destination IP Address

{IP Address}

IP address of server set up to receive SNMP traps

Trap Destination Community Name

{community string}

String for SNMP traps. Always change this from the default “public” for security.

SNMPv3 Status

Disable*

SNMPv3 is an enhancement of the SNMP protocol to incorporate encryption. If you are using an NMS or other SNMP software (e.g. Nagios), then enable and change the default settings. If you are not using SNMPv3, then disable it for security.

SNMPv3 Username

{username}

Username for SNMPv3 queries

SNMPv3 Authorized Protocol

MD5 or SHA

Encryption key to be used with SNMPv3 queries.

Always use encryption with SNMPv3.

SNMPv3 Authorized Key

{password}

Password key for SNMPv3 queries. Always change from the default “12345678” for security.

SNMPv3 Private Protocol

DES

Encryption key to be used with SNMPv3 queries.

Always use encryption with SNMPv3.

SNMPv3 Private Key

{password}

Password key for SNMPv3 queries. Always change from the default “12345678” for security.

Engine ID

{unique hex string}

Unique hexadecimal string. It is customary to use the MAC address of the device.

Figure 11: Management Advanced: SNMP Settings.

Management Settings: Other

Table 8: Summary table of Advanced settings: Other.

Variable

Recommended Setting

Explanation

CLI Setting Status

Disable

Allows access to the command line interface via telnet. This should be disabled because telnet is unencrypted.

SSH Setting Status

Enable

Allows access to the command line interface via ssh. This should be enabled if CLI access is desired, because SSH is unencrypted.

HTTPS Setting Status

Enable [default]

Allows access to the web interface of the AP via HTTPS.

HTTPS Forward

Enable

Prevents access to the web interface via HTTP and forwards any attempted HTTP connections to HTTPS. This should always be enabled to ensure encrypted access to the AP settings.

Email Alert

Enable*

If enabled, email alerts are sent to a user when there is an event on the AP. When using this feature, make sure to use a valid “To” address and a valid email account from which to send the emails. It is recommended that an encrypted email service be used for security.

Figure 12: Advanced Settings: Other.

After hitting apply, you may need to initiate an explicit https connection to the AP.

Management Settings: Time Zone

Table 9: Summary table of Time Zone Settings

Variable

Recommended Setting

Explanation

Date and Time Settings

Automatically get Date and Time [default]

When enabled, syncs the clock on the AP with an Internet time server.

NTP Server

209.81.9.7 [default]

NTP time server clock.via.net. Any valid NTP time server is acceptable.

Time Zone

{time zone of NOC}

The time zone of the NOC monitoring the property (or the time zone of the property).

Daylight Savings

Enable

Enable if Daylight Savings is active in your time zone. For the USA, daylight savings starts on the 2nd Sunday of March at 2:00 am, and ends on the 1st Sunday of November at 2:00 am.

Figure 13: Time Zone settings.

Management Settings: Wi-Fi Scheduler

If using the Wi-Fi Scheduler or Auto Reboot features, make sure the access point is synchronized with an Internet time server.

Table 10: Summary table of Wi-Fi Scheduler Settings

Variable

Recommended Setting

Explanation

Auto Reboot Settings Status

Disable [default]

When enabled, automatically reboots the access point on specified days at a specified time.

Wi-Fi Scheduler

Disable [default]

When enabled, allows only one SSID on only one radio to be active during set intervals, instead of

full time. Templates are available, but intervals can be specified for each day of the week.

Figure 14: Wi-Fi Scheduler settings.

System Manager: Account

It is recommended that the system password be changed from the default password of “admin” for security purposes. The username can also be changed if desired.

System Manager: Firmware

Figure 15: Account password screen.

From this screen, new firmware can be loaded, a backup configuration file can be generated or loaded, and the AP can be reset to factory default.

System Manager: Log

Figure 16: Firmware screen.

From this screen, the local event log can be seen. Logging events to a remote syslog server can also be enabled on this screen.

Figure 17: Log screen.

Configuring the 5 GHz Radio for WDS Backhaul

In scenarios where the 5 GHz radio is being configured for WDS backhaul, the following settings should be changed.

Table 11: Summary table of WDS Settings changes for 5 GHz WDS mode

Variable

Recommended Setting

Explanation

Operation Mode (Radio)

WDS Bridge

WDS Bridge Mode should be used when configuring the radio for wireless backhaul.

Security

AES

AES encryption should always be used for WDS links.

WEP Key

{disabled}

Not relevant when AES encryption used

AES Passphrase

{8 63 characters}

Best practices for security is to use a mixture of capital letters, lower case letters, numbers, and special characters. Passphrase ideally should be at least 15 characters in length, and not be a dictionary word or phrase.

ID 1 4

{MAC Address of remote link}

WDS bridging requires specification of the MAC address of the device(s) being connected to wirelessly. Up to 4 remote nodes can connect to a root node. Avoid daisy chaining multiple remote nodes.

Figure 18: Wireless settings for a WDS link on the 5 GHz radio.

Default Settings

IoT Gateways and Routers

Access Points

Managed Switches

IP Cameras

Managed Access Points (Neutron)

IP Address

192.168.0.1

192.168.1.1

192.168.0.239

If connected to a DHCP Server/Router, the camera will get DHCP address. Find the IP address from the router's DHCP Client's Table.

If it cannot detect DHCP after 60 seconds. It will change to its fixed IP which is 192.168.1.200

If connected to a DHCP Server, it will get DHCP address. If the access point would not detect any DHCP, it will use its default IP which is 192.168.1.1

Username

admin

admin

admin

admin

admin

Password

admin

admin

password

admin

admin

http://community.engeniustech.com/topic/1255-what-is-the-max-recommended-length-of-coaxial-cable-can-be-used-for-engenius-phone-systems/

The max recommended length is using 2 cables or 40 meters/130 feet. Use the SN-ULTRA-ACP to couple the cables together. EnGenius do not sell cable by itself, customer would need to purchase 2 antenna kits to accomplish this.

You can reach EnGenius support via:

Email: [email protected]

Forum: community.engeniustech.com

Phone:1-888-735-7888

There are two ways to reset the ENH900EXT back to factory default.

1. The first way is through the built-in software or graphical user interface (GUI).

2. The second way is by pressing the reset button on the EPE-48GR PoE injector. Power on the ENH900EXT and wait for 90 seconds to allow for the device to boot up. Press and hold the reset button for over 11 seconds and the ENH900EXT will reset and reboot.

Yes, the router login username can be changed:

Steps:

Access the setup page using a browser. Use the IP address set for the router. The default IP address is 192.168.0.1.

Enter the username and password. Default username and password is admin.

On the Home screen, click on the Network Settings Button.

Click on Tools>Admin. Change the Login Name and click Apply.

Like the ENH200/ENH202/ENH500, the ENS202EXT has two Ethernet ports: LAN (PoE) and LAN. The proprietary PoE injector for the ENS202EXT must be connected to the LAN (PoE) port to power the AP.

In this case, the user did not connect the PoE injector to the ENS202EXT LAN (PoE) port. The ENS series LAN (PoE) port placement is different from the ENH series. Facing the back panel of the ENH200/ENH202/ENH500, the LAN (PoE) is on the left while facing the back panel of an ENS series AP/Bridge the LAN (PoE) is on the right.

Figure 1: ENS202EXT Bottom view

Figure 2: Connecting the proprietary PoE injector to the ENS202EXT

Before managing a remote AP/switch, you must first bind the AP to ezMaster's Device Inventory by ‘registering’ the device. Skip this section if you are managing only local devices or if you are manually redirecting each AP to ezMaster.

1. Once ezMaster has been registered with the ezRegistration server, you can start registering your APs and adding them to ezMaster’s device inventory by clicking on the ‘Device Inventory’ icon.

http://community.engeniustech.com/topic/920-adding-devices-to-ezmaster-device-inventory/

2. Next, click on the ‘Add Device’ button.

3. Enter the MAC Address, Check Code and Description of the device you want to register using a semi-colon (;) to separate each field. eg. MAC Address;Check Code;Description To register more than one device at the same time, enter the information of one device per row by pressing Enter. Click the "Register" button once you are done.

Note: The 'check code' of the AP can be found on either the device label at the bottom of the AP. If not, access the AP's user interface and find it under the "Management > Controller Settings". Contact your local dealer if you are having problems locating the check code.

4. The message below will be displayed upon successfully claiming an AP. Click on "OK" to proceed.

5. The registered AP will be listed in your Device Inventory.

Assess, Analyze & Optimize Your Wireless Networks

With wireless technology constantly changing, wireless network design is imperative. The intuitive web-based network design tool, ezWiFi Planner, allows you to easily plan for your indoor and outdoor wireless deployments. Start designing your wireless projects using the license-free software by logging into the partner portal.

Start your projects by uploading your site floor plans and set your scale to accurately plan AP distribution and placement. The tools algorithm will auto place devices and will intuitively set your channels to the location of your project to adhere to country standards. Finish off your design with easy reporting you can export and customize to meet your clients needs.

Features of the ezWiFi Planner:

Upload your floor plan and set your scale to plan your project sites to kickstart planning

Design for indoor and outdoor projects

Draw Wi-Fi coverage areas and any site obstacles

ezWiFi Planner algorithm will accurately place devices throughout your project to accommodate coverage and output needs identified

Auto channelize your project

Add multiple product models and optimize your site

Heat map coverage for visualization of projects

Inventory reports to showcase devices deployed in project as well as device settings for easy deployment

Customizable reporting for easy proposals to customers

Reporting includes site floor plan overview, inventory lists, channelization, heat map coverage and WDS coverage.

Take your plan and put it to action! With the floor plan overview you can easily import to ezMaster software for easy configuration for your deployments as well as future management.

Design your indoor projects and visualize with heat map coverage. Plan multiple floor plans / levels within a single project design.

Try it Now!

Need to connect multiple buildings? The WDS bridge algorithm within the tool will allow you to design P2P project sites for accurate coverage and device placement.

Ensure coverage where you need it! With optional external antennas, the tool will design and plan for both device and antenna settings and project needs. Know the best devices and placement of your devices through designing your projects to increase efficiencies on deployment!

Check out all of the features of the ezWiFi Planner and

Within the ezWiFi Planner you have access to expert support from EnGenius as well as step-by-step instructions on all product features.

1. Log in to the EAP1300 Graphical User Interface and go to Wireless. Notice that the Country/Region setting is greyed out and cannot be selected.

http://community.engeniustech.com/topic/1249-how-do-i-change-the-country-setting-on-the-eap1300eap1300ext-stand-alone-ap/

2. Uncheck the Green options next to the 2.4GHz and 5GHz Operation Modes.

3. Select the Country/Region.

The above options are also available when being managed by either a Neutron switch or EZMaster though the GUI would differ.

EnGenius Community Forum Link:

Neutron firmware code c1.8.53 (and later) supports Mesh feature for Neutron Access Points. Mesh provides a network topology in which remote nodes relay data for the network wirelessly (i.e. without an Ethernet wire).

EnGenius Neutron APs, such as the EWS360AP, can be configured either as a Mesh AP or Mesh Point.

http://community.engeniustech.com/topic/963-what-is-the-difference-between-mesh-ap-and-mesh-point/

A “Mesh AP” is an AP that uses its wired interface to reach the wired network, while a “Mesh Point” is an AP that establishes an all-wireless path to the Mesh AP. These are also called Mesh Nodes.

Mesh AP

The Mesh AP is the gateway between the wireless mesh network and the enterprise wired LAN. The Neutron AP is configured to perform the Mesh AP/Gateway role, which uses its wired interface to establish a link to the wired LAN. One can (and should) deploy multiple Mesh APs to support redundant mesh paths (mesh links between neighboring mesh points that establish the best path to the mesh portal) from the wireless mesh network to the wired LAN.

The Mesh AP broadcasts the configured mesh service set identifier (MSSID/mesh cluster name) and advertises the mesh network service to available Mesh Points. Neighboring Mesh Points that have been provisioned with the same MSSID authenticate to the Gateway and establish a secure mesh link over which traffic is forwarded. The authentication process requires secure key negotiation, common to all APs, and the mesh link is established and secured using Advanced Encryption Standard (AES) encryption.

Mesh Point

Depending on the AP model, configuration parameters, and how it was provisioned, the Mesh Point can perform multiple tasks. The Mesh Point provides traditional WLAN services to clients and performs mesh backhaul/network connectivity. A mesh radio can be configured to carry mesh-backhaul traffic only. Additionally, a Mesh Point can provide LAN-to-LAN Ethernet bridging by sending tagged/untagged VLAN traffic across a mesh backhaul/network to a Mesh AP.

Mesh Points use one of their wireless interfaces to carry traffic and reach the controller. Mesh Points are also aware of potential neighbors and can form new mesh links if the current mesh link is no longer preferred or available.

Check out EnGenius Forum about similar topic:

Wireless devices can be blocked from connecting to managed Neutron APs by adding their wireless MAC addresses to the Access Control list on the Controller.

The MAC Address filter list on the Controller has a limit of up to 32 entries. Entries are devices which will be blocked from connecting to the managed Neutron APs. There is no option to “Allow Only”. The MAC Address filter list applies to all SSIDs on all managed Neutron APs including the Guest Networks.

On the Controller, go to Access Control and click on Add.

http://community.engeniustech.com/topic/1178-how-to-set-up-mac-address-filtering-on-the-neutron-controller/

Type in the wireless MAC address of the wireless device and add a description. Click on the check mark the APPLY.

EnGenius Community Forum Link:

This articleprovides guidelines on best practices for configuring and deploying wireless backhaul on Wi-Fi networks, and goes through the differences between and appropriate scenarios for client bridges, repeaters, WDS Bridge links, and mesh networks.

The Options for Wi-Fi Backhaul

In a conventional wireless network, each access point (AP) requires a wired Ethernet connection to provide backhaul to the wired network infrastructure and ultimately the Internet. In some environments, however, it is either impossible or prohibitively expensive to run an Ethernet cable to each AP. In such cases, Wi-Fi itself can be used to provide wireless backhaul from the AP (or other network appliance, such as a remote IP camera) to the wired network. Each Wi-Fi backhaul link is referred to as a hop, and it is possible to have a chain of multiple hops between the remote wireless AP to the root wireless AP that has a wired connection to the network.

There are multiple options for providing Wi-Fi backhaul to the remote APs. Naturally, each option has both benefits and limitations. Most critically, each wireless hop introduces latency, which adds in a linear fashion with the number of hops. Repeaters and mesh also inherently lower with throughput and user capacity, often as a square of the number of hops.

It is critical to understand your technical requirements and constraints, as well as the benefits and limitations of each wireless backhaul option, when designing a Wi-Fi network and selecting a particular Wi-Fi backhaul approach.

Option 1: Client Bridge

An access point operating in Client Bridge mode provides Wi-Fi connectivity for a wired client device. A Client Bridge is intended to connect an individual wired client device to a Wi-Fi network. This is depicted in Figure 1.

link

Figure 1: Example of a network utilizing a client bridge.

When multiple wired client devices are connected through a single Client Bridge, they share the same MAC address on the network, namely the WLAN MAC address of the Client Bridge itself. The multiple wired client devices can still be configured with different Layer 3 static IP addresses, and each wired device may or may not be able to obtain an independent Layer 3 DHCP address, depending on the DHCP server.

Best Practice: When using an AP in Client Bridge mode, only connect one wired client device.

For typical applications, Client Bridge mode is only utilized on single-band APs. For dual-band access points, one radio (typically 5 GHz) will be configured to operate in client bridge mode, while the other radio (typically 2.4 GHz) will be used for providing Wi-Fi connectivity on an independent SSID to wireless client devices. Client Bridge mode is generally only available on standalone APs, meaning that each AP must be configured individually and cannot be managed or monitored from a centralized controller. Client Bridge mode is available on all EnGenius single-band Electron and EnStation access points, as well as dual-band APs in the Electron ECB series.

Option 2: Repeaters

An access point operating in Repeater mode provides both Wi-Fi connectivity to client devices as well as providing a wireless backhaul connection to one or more wired APs. This is depicted in Figure 2. Repeaters are intended for very small networks (e.g. home environments), where individual repeater APs are used to fill in particular coverage gaps. Individual client MAC addresses are preserved, though the VLAN (if any) is defined by the main access point’s SSID that is being repeated.

Figure 2: Example of a network utilizing a wireless repeater.

For dual-band access points, one radio (typically 5 GHz) will be configured to operate in repeater mode, while the other radio (typically 2.4 GHz) will be exclusively for providing Wi-Fi connectivity to client devices. Note that both Wi-Fi bands depend upon the repeater radio for backhaul. Since the repeater radio must spend half its time providing Wi-Fi connectivity to client devices and half its time providing wireless backhaul, the data capacity of a repeater radio for both backhaul and for Wi-Fi client connectivity is reduced by 50\%. When there are multiple hops, the data capacity is reduced by 50\% at each hop. Thus, for two hops, the total data capacity is only 1/4, for three hops it is 1/8, for four hops it is 1/16, and so forth.

Repeater mode is generally only available on standalone APs, meaning that each AP must be configured individually and cannot be managed or monitored from a centralized controller. Repeater mode is available on all EnGenius Electron ECB series access points.

Option 3: Point-to-(multi)point WDS Bridge Links

A dedicated pair of APs, usually with integrated directional antennas (such as the EnGenius EnStationAC), are configured to operate in WDS Bridge mode to create a point-to-point link to provide wireless backhaul. The WDS Bridge link on the remote end is connected to the remote AP via its wired Ethernet interface. From the perspective of the rest of the network, this wireless connection looks like a wired connection; in WDS Bridge mode, the wired Ethernet frame is encapsulated and encrypted in a Wi-Fi packet on one end, transmitted across the wireless link, and then de-encapsulated and decrypted on the other end. Thus, all wired Layer 2 information (i.e. client MAC addresses, VLANs, etc.) are preserved across the WDS Bridge link. Point-to-multipoint WDS Bridge links ae also readily possible, though be aware the remote links collectively share the total available airtime bandwidth of the link. This is depicted in Figure 3.

Figure 3: Examples of point-to-point and point-to-multipoint networks utilizing WDS Bridge links.

The WDS Bridge links are statically established, so that each WDS Bridge AP only accepts connections from pre-defined radios. WDS Bridge usually requires dedicated hardware at each remote location operating on independent channels, though some APs allow for one radio (typically the 5 GHz) to be in WDS bridge mode and the other radio (typically the 2.4 GHz) to be in AP mode to provide Wi-Fi service client devices.

Best Practice: WDS Bridge with dedicated 5 GHz only access points is generally recommended for most networks requiring both wireless backhaul and high bandwidth and/or high user capacity Wi-Fi. While each hop adds latency, there is no throughput or user capacity degradation, since the point-to-(multi)point backhaul link is solely dedicated to wireless backhaul, with Wi-Fi access for client devices being handled by separate access points.

For more information on deploying a point-to-multipoint backhaul network, download the EnGenius white paper from this .

For large networks consisting of multiple remote nodes, a WDS Bridge backhaul network requires its own design effort to ensure appropriate bandwidth capacity and channel utilization. WDS Bridge mode is generally only available on standalone APs, meaning that each AP must be configured individually and cannot be managed or monitored from a centralized controller. WDS Bridge mode is available on all EnGenius Electron and EnStation access points.

Point-to-Multipoint WDS Bridge Network Example

Figure 4 shows an example of an outdoor Wi-Fi network at an RV park utilizing point-to-(multi)point links to provide wireless backhaul to APs mounted on light poles. The colored lines indicate the point-to-(multi)point WDS Bridge links implemented with EnGenius EnStationAC access points.

Figure 4: Example of a wireless network utilizing point-to-(multi)point links for backhaul to outdoor wireless APs.

Red markers indicate the location of outdoor dual-band APs, and yellow markers indicate the location of additional light poles that were available at the property. To maximize wireless backhaul capacity, all of the WDS Bridge links utilized 80 MHz channels in the UNII-2 and UNII-2e bands (i.e. DFS channels 52-64, 100-112, and 116-128). The 5 GHz radios on the dual-band APs were set to use 40 MHz channels on the UNII-1 and UNII-3 bands (i.e. channels 36-40, 44-48, 149-153, and 157-161), so as to avoid co-channel interference with the point-to-multipoint backhaul network.

Option 4: Mesh Networks

In a mesh network, the AP uses its own radio to provide a wireless backhaul to other APs on the network, eventually reaching an AP with a wired Ethernet connection to the wired backhaul infrastructure and the network. In this sense, a mesh network is a network of repeaters, though mesh is designed to operate automatically and more intelligently on a large scale. A mesh network creates a set of “dynamic WDS Bridge” links, using routing algorithms to automatically calculate the most optimal wireless path through the network back to a wired root node. This makes mesh networks relatively robust to the failure of an individual AP; in a process referred to as “self-healing”, the routing algorithms will automatically calculate the “next best” path through the network if an AP in the path goes offline. Since the routing functions are done automatically within the mesh software, mesh networks are actually fairly straightforward to set up and are thus scalable to cover large geographic areas. All wired Layer 2 information (i.e. client MAC addresses, VLANs, etc.) are preserved across the mesh link. Examples of mesh networks are shown in Figure 5 (for home / SOHO environments) and Figure 6 (for larger campus-wide environments).

Figure 5: An example of a home / SOHO mesh network, utilizing EnGenius EMR3000 mesh routers.

Figure 6: An example of a large campus mesh network, utilizing EnGenius EWS1025CAM mesh cameras.

The mesh network control architecture can either be centralized or distributed. With a centralized control architecture, an AP controller is required to calculate and coordinate the mesh parameters for each AP. This architecture, however, limits the scalability of the mesh network to the capacity of the AP controller. In a distributed control architecture, such as the EnGenius Neutron series and EMR3000 product, each AP operationally acts like a router, continuously sharing information about its connection status to its neighbors, and each AP uses this information to compute its own optimal mesh path. In a distributed architecture, an AP controller can be optional, though is generally extremely useful in providing centralized real-time monitoring of the mesh network, as well as establishing the core initial mesh network parameters, such as mesh ID, encryption, etc.

Unfortunately, mesh networks have significant limitations, most notably in the loss of throughput and user capacity, which scales geometrically as the number of wireless hops increase, as well as the increase in latency, which scales linearly as the number of wireless hops increase. Accordingly, mesh networks are not suitable for high bandwidth or latency-sensitive applications. Because of these performance limitations, it is generally recommended that mesh networks be avoided unless no other viable backhaul options are available. Mesh networks should only be used in environments where providing Ethernet data wiring to access points or cameras is impossible or cost-prohibitive.

Mesh networks were originally trendy in the mid-2000s, as a way of both providing metropolitan Wi-Fi coverage as well as coverage for large outdoor properties where wiring was prohibitively expensive, such as RV parks, garden-style apartment complexes, marinas, etc. While many mesh networks were successfully deployed, most of these efforts ultimately failed, especially in metropolitan Wi-Fi. Early mesh networks relied upon single-radio APs on 2.4 GHz using 802.11g. When dual-band APs were introduced, only 802.11a was available on the 5 GHz band, which still led to very low throughputs as the number of hops increased.

With the wide adoption of dual-band access points with 802.11ac, there has been renewed interest in mesh for both Wi-Fi access and surveillance applications. Accordingly, several startup companies, as well as established vendors like EnGenius, have introduced mesh Wi-Fi products utilizing 802.11ac. While the data rates of 802.11ac are approximately 25 times larger than the 802.11a data rates of a decade ago, the number of client devices and their bandwidth demands have also grown exponentially during that time. The fundamental limitations of mesh networks are therefore still the same, and thus mesh may ultimately again prove to be a passing fad.

Nonetheless, mesh networks are the only viable option in many cases. The sections below highlight how to best design and deploy mesh networks, so as to maximize their performance and mitigate their inherent limitations.

Mesh Network Terminology and Best Practices

The access points in a mesh network are categorized as either root nodes or remote nodes:

Root Node (a.k.a. Gateway Node): This is an access point with a wired connection to the wired switch infrastructure. The remote nodes establish wireless backhaul connections to the root node. Note that the wired connection utilized by a root node can either be (1) a direct Ethernet or fiber-optic connection to the wired switch infrastructure or (2) a wired connection to a separate WDS Bridge wireless point-to-(multi)point link on an independent channel.

Remote Node: This is an access point without a wired Ethernet connection. Backhaul to the network is established via a wireless connection to a root node or to other remote nodes. Note that the remote AP still requires electrical power, so an Ethernet connection to a PoE injector is common, though the “network” end of the PoE injector may not be connected at all or may only be connected to a wired client device, such as an IP camera.

The path from a particular remote node back to a particular root node can require connections via multiple intermediate remote nodes, and this wireless link in this chain is referred to as a hop. The mesh routing algorithm selects the most optimal route through the network. The optimization function used by the mesh APs is generally proprietary to each AP vendor, but typically attempts to balance several, often conflicting, parameters, such as the following:

Minimize the number of hops, so as to minimize the total wireless latency and throughput penalty of the network

Maximize the signal strength of each hop, so as to maximize the achievable Wi-Fi data rates between the mesh radios on each hop. For maximum data rates in 802.11ac, the received signal strength indicator (RSSI) would ideally be in the -40 dBm to -50 dBm range, though this is usually unachievable in practice since omni-directional antennas are typically used to create the widest field of view to neighboring APs. Data rates should be above -65 dBm for decent data rate performance between hops.

Balance the load on each AP, so as to account for the number of associated client devices and the total throughput consumption on each AP. The throughput load stacks as the number of hops increase, so intermediate remote nodes that are heavily utilized with client traffic will not give as many resources to downstream remote nodes.

Because of the competing tradeoffs in this optimization process, mesh networks can often result in counter-intuitive and/or sub-optimal topologies.

Best Practice: The network design should cluster the APs into groups consisting of up to four remote nodes that are only one hop away from a root node. Thus, at least 20\% of your APs, distributed roughly evenly throughout the property, should be root nodes. Each remote node is therefore nominally only one hop away from a root node. In the event of a failure of a root node, the nearby remote nodes will then only be 2-3 hops away from another root node. This approach generally requires creating additional root nodes, which can be done either by running Ethernet or fiber-optic cable to the particular remote locations, or by establishing dedicated point-to-(multi)point WDS Bridge links to create “wireless wires” from the root AP back to the wired network.

Best Practice: Each root node should be set on a static independent channel, and each remote node should be set to “auto channel”. This is done to maximize the airtime capacity of the overall network, so that multiple neighboring root nodes do not create self-interference. The remote nodes are set to auto-channel so that they can fail over to a different root nodes in the event of the failure of their primary root node. When utilizing point-to-(multi)point WDS Bridge links to establish root nodes, these must also be on static independent channels, and thus must be accounted for in the overall channelization plan.

Both root nodes and remote nodes can operate in one of two modes:

Mesh AP Mode: In this mode, the wireless radio acts like a repeater, providing both Wi-Fi connectivity to client devices as well as providing a backhaul connection to one or more remote APs. For single-band mesh access points, this is the only operational mode available. For dual-band access points, one of the bands (typically 5 GHz) will be configured to operate in this mode. The other band (typically 2.4 GHz) will be exclusively for providing Wi-Fi connectivity to client devices. Note that both Wi-Fi bands depend upon the mesh radio for backhaul. Since the mesh radio must spend half its time providing connectivity to client devices and half its time providing backhaul, the data capacity of the mesh radio for both backhaul and for Wi-Fi client connectivity is reduced by 50\%. When there are multiple hops, the data capacity is reduced by 50\% per hop. Thus, for two hops, the total data capacity is only 1/4, for three hops it is 1/8, for four hops it is 1/16, and so forth.

Mesh Point Mode: In this mode, available only in dual-band APs, the wireless mesh radio (typically 5 GHz) only provides wireless backhaul, and the other radio (typically 2.4 GHz) only provides Wi-Fi connectivity to client devices. Operationally, the mesh radio operates like a dynamic WDS bridge link, so while each hop still introduces latency which adds linearly, there is no 50\% throughput penalty per hop, since the mesh radio is not also servicing client devices on the same radio and can be devoted exclusively to backhaul. Since Wi-Fi access to client devices is restricted to only one radio (typically 2.4 GHz), the overall client capacity of the AP is that of a single-band AP. Furthermore, even dual-band 802.11ac client devices will only be able to connect at 802.11n data rates on the 2.4 GHz radio.

Best Practice: Mesh APs should generally be configured to operate in Mesh Point mode. The loss of bandwidth capacity from lacking wireless 5 GHz wireless connectivity is minor compared to the loss of bandwidth capacity from losing 50\% of bandwidth per hop. This also allows for the transmit power of the mesh radios to be set at their maximum value, so as to provide the maximum signal strength between nodes without being imbalanced with the low transmit power capability of most 5 GHz client devices.

In both operational modes, the overall data capacity of a mesh AP is reduced as compared to the same AP operating in a conventional configuration with a wired Ethernet connection to a wired switch infrastructure. Accordingly, a mesh Wi-Fi network will never have the same level of throughput and client capacity of a conventional Wi-Fi network.

Mesh Network Example

Figure 7 shows an example mesh network deployed using the Best Practices highlighted above. This is an RV park with 437 spaces spread across a roughly 2000’ x 1000’ area. The main distribution frame (MDF) is in the southwest corner of the property, and trees in parts of the property preclude direct line-of-sight to many locations.

Figure 7: Example of a mesh network, utilizing point-to-multipoint links to create additional root nodes.

The red links and bubbles indicate WDS Bridge links from the MDF to each of the root APs. In some cases, multiple WDS Bridge links in series need to be established. The point to point links are designated by Master or Slave with a letter and number index. (For example, the WDS Bridge link going between the MDF and G8-R is designated link D, with [Master D] connected to [Slave D1]).

The other colors and bubbles represent the root and remote APs in Mesh Point mode, and the nominal mesh links between the remote APs and the root APs. In the figure, each group is designated with a group number and an index to indicate that it is a root node or remote node. (For example, in the right, the root node is designated [G8-R] and the nominal remote nodes are designated [G8-1] to [G8-4].)

The point-to-(multi)point WDS Bridge utilizing 80 MHz channels on the UNII-2 and UNII-2e bands (i.e. channels 52-64, 100-112, 116-128). Each root AP is set to a static 40 MHz channel on the 5 GHz band in the UNII-1 and UNII-3 bands (i.e. channels 36-40, 44-48, 149-153, and 157-161).

EnGenius AP Models Operational Modes

These tables indicate the operational mode and therefore wireless backhaul capabilities of Electron and Neutron access points.

First thing you need to know when connecting a brand new wireless device to the network is the wireless network password.

This article will walk you through the process of getting the wireless network password.

This applies to the following model: EPG600, EPG5000, ESR600, ESR350 and ESR300.

Step 1

We need to login to the setup page of the router. Using a computer that is connected to the router (wired or wireless), open a web browser. It can be Google Chrome, Mozilla Firefox, Safari, Edge or Internet Explorer. It can be any browser.

Find the Address bar. It should look like the one below:

http://community.engeniustech.com/topic/991-how-do-i-find-the-wireless-network-password-on-engenius-routers/

This time, you will be asked for the username and password. Enter the username and password setup for the router. The default username is admin and the default password is admin.

On the Home Page, click on the Cogwheel button (Network Settings)

Step 2

Under Device Management, navigate to Wireless 2.4 GHz>Security.

If using the WEP, check the Default Key. If the Default Key is Key 1, the value on Encryption Key 1 is the Wireless Network Password.

If WPA is being used, the value on Pre-Shared Key is the wireless network password.

If the router is Dual Band, you need to navigate to Wireless 5GHz>Securityto knowthe wireless network password for the 5 GHz band.

You can now connect your new device to the network using the wireless network password.

Check out EnGenius Forum about similar topic:

The Neutron Controller Captive Portal Feature is only available for the 2.4GHz and 5GHz SSIDs of the Guest Network feature, not for the SSID profiles.

For the main 2.4 GHz and 5 GHz SSIDs, please check out the article, “Routers and Network Controllers (3rd party)”.

CIDR or Classless Inter-Domain Routing another IP addressing system that allows more flexible allocation of IP addresses compared to the original Classful addressing scheme(A, B, C, D and E). The Classful IP addressing scheme can be wasteful. For example, givingthe minimum IP address allocation of 256 (Class C) to a network which only requires 15 addresses.

The table below shows us how many available addresses are there in subnet for a specific CIDR notation.

http://community.engeniustech.com/topic/1024-subnet-mask-and-cidr-how-many-valid-hosts-can-be-used-on-a-specific-subnet-classless-addressing/

2(32-CIDR)= number of devices on the local network

Number of valid host is always two less than the subnet block

The ENH1750EXT does not have a physical reset button on the AP casing. The physical reset button is located on the EPE-48GR PoE injector.

http://community.engeniustech.com/topic/719-does-the-enh1750ext-have-a-physical-reset-button/

1. To reset the ENH1750EXT, power on the ENH1750EXT and wait for 90 seconds to allow the device to boot up.

2. Press and hold the RESET button on the EPE-48GR for over 10 seconds.

This document provides guidelines on best practices for configuring EnGenius Neutron and Electron

access points, along with guidelines to select the best access point models for particular applications.

Application Guidelines

When should you select 802.11n, 802.11ac wave 1, vs. 802.11ac wave 2 access points?

802.11ac only operates on the 5 GHz band. All EnGenius 802.11ac access points are dual band 2.4 GHz / 5 GHz, utilizing 802.11n on the 2.4 GHz band. In most deployments, dual-band access points are recommended so as to shift all dual-band client devices (including all modern smartphones, tablets, and laptops) to the less crowded and higher capacity 5 GHz band.

802.11ac wave 1 is appropriate for most SMB networks which require good throughput and performancedriven from requirements for signal coverage. EnGenius recommends using 802.11ac wave 1 access points in applications with up to 30-50 simultaneous users per access point.

802.11ac wave 2 utilizes a technology called MU-MIMO which is good for very high user capacity environments (e.g. lecture halls, conference centers, houses of worship, stadiums, etc.), where a significant number of the client devices in the application also support MU-MIMO capabilities. 802.11ac wave 2 is appropriate for environments that typically will have >>50 users per access point.

What’s the difference in MIMO rating between 2x2:2, 3x3:3, and 4x4:4?

MIMO (Multi-In, Multi-Out) technology in 802.11n and 802.11ac allows for the throughput to be increased by increasing the number of parallel spatial streams connecting a transmitter and a receiver.

Each spatial stream requires its own antenna (positioned out of phase with the other antennas). Thus, a two-stream (2x2:2) device has two antennas per band, a three-stream (3x3:3) device has three antennas per band, and a four-stream (4x4:4) device has four antennas per band. The nomenclature is as follows:

{# transmit radios} x {# receive radios} : {max # spatial streams}

The maximum throughput enhancement is dictated by whichever wireless station (i.e. access point or client device) has the lower number of spatial streams. Thus, to get double the throughput performance, both the AP and the client device must each support 2x2:2. Similarly, to triple the throughput performance requires both the AP and the client device to each support 3x3:3, and to quadruple the throughput performance requires both the AP and the client device to each support 4x4:4.

Whenever there is a mismatch in capabilities, the wireless station with the fewer number of spatial streams dictates the maximum throughput enhancement. As an example, in a situation where a two-stream client device is associated to a three-stream access point, only two of the access point streams are used. That said, a different three-stream client device associated to the same three-stream access point will be able to utilize all three streams for communication.

Most smartphones and tablet devices are only single stream (1x1:1), though higher end smartphones and tablets (e.g. iPhone 6s/6s+, Samsung Galaxy 4) support dual stream (2x2:2) communication. Most modern laptops support two stream (2x2:2), with some higher end laptops supporting three stream (3x3:3). In most SMB environments, a two stream 802.11ac wave 1 access point is appropriate. In environments with higher-end 3x3:3 clients (e.g. schools, offices, etc.), a three stream 802.11ac wave 1 access point is appropriate.

In 802.11ac wave 2, the additional streams are used by the access point to communicate to multiple single stream and dual stream client devices simultaneously with MU-MIMO technology. However, MU-MIMO requires active support and feedback from the client devices, so its applications are currently still limited.

For more information on MU-MIMO, please check out the following blogs at Network Computing:

- How Does MU-MIMO Work?

http://www.networkcomputing.com/wireless-infrastructure/how-does-mu-mimowork/748964231

- A MU-MIMO Reality Check

http://networkcomputing.com/wireless-infrastructure/mu-mimo-reality-check/1263574300

When should you use directional and/or external antennas?

For MIMO technology in 802.11n and 802.11ac to work properly, the multiple antennas on an access point need to be in precise alignment. Most EnGenius access points come with internal omni-directional antennas where the alignment is fixed.

A few single-band models come with internal directional antennas, which are most appropriate for point-to-(multi)point applications. These models utilize 2x2:2 MIMO by having the two antennas in the opposite polarization. For more information on point-to-(multi)point applications, read the “Deploying a Point-to-(Multi)Point Backhaul Network” white paper.

There are some environments where external antennas are appropriate. The AP models that support external antennas all come with omni-directional dipole antennas, but it is not uncommon in such applications to replace the antennas. In some instances, there may be particular aesthetic or mounting requirements that necessitate the antenna be mounted separately from the access point. More commonly, such access points are used with external directional antennas to extend coverage in a particular direction. Such applications include warehouses, large parking areas, bus depots, truck stops, car dealership lots, and so forth. EnGenius manufactures sector antennas with a 120o x 9o coverage pattern. These come in 2.4 GHz 2x2:2 (SA2216), 2.4 GHz 3x3:3 (SA2312), 5 GHz 2x2:2 (SA5219), and 5 GHz 3x3:3 (SA5315). Additionally, there are numerous third-party antenna vendors that are compatible with EnGenius access points.

When should you use standalone APs (Electron Series) vs. centrally managed APs (Neutron Series)?

The EnGenius Electron series utilizes a standalone WLAN architecture, where each AP is configured independently and operates autonomously. This approach is appropriate for point-to-(multi)point networks and for small independent Wi-Fi networks. EnGenius typically recommends the Electron series for simple, independent networks that require less than 5 10 access points.

As networks get larger and more complex, however, it is easier to manage and maintain the network from a centralized location. The EnGenius Neutron APs utilize a distributed WLAN architecture, where the AP configurations and statistics are coordinated centrally by a controller, but the operations (including client data handling) are still handled at the AP, in order to prevent the controller from becoming a bottleneck in the network. The controller can also be either on the local network (i.e. an EWS switch) or remote in the cloud utilizing the ezMaster software. EnGenius recommends an on-site EWS controller for independent networks that require up to 50 APs, and the cloud-based ezMaster controller for organizations and managed service providers that operate multiple network sites.

EnGenius AP Models by Application and Capabilities

The following table summarizes the EnGenius AP product line, based on technology generation, MIMO capability, and denotation of models with external antennas as well as models with internal directional antennas.

Technology

Appropriate Venue /

Application

MIMO

EnGenius Electron

(Standalone APs)

EnGenius Neutron

(Centrally Managed)

Indoor

Outdoor

Indoor

Outdoor

802.11n

2.4 GHz only

Budget properties where throughput & performance are not critical

2x2:2

EAP300

EAP350

ECB350*

EnStation2

ENS202

ENS202EXT*

ENH202

ENH220EXT*

EWS210AP

EWS300AP

EWS500AP

802.11n

5 GHz only

Point-to-(multi)point applications

2x2:2

EnStation5

ENS500

ENS500EXT*

ENH500

802.11n

dual-band

Budget properties where throughput & performance are not critical

2x2:2

EAP600

ENH710EXT*

EWS310AP

EWS510AP

3x3:3

ENH900EXT*

EWS320AP

802.11ac

wave 1

5 GHz only

Point-to-(multi)point applications

2x2:2

EnStationAC

802.11ac

wave 1

dual-band

Networks driven by coverage and good performance requirements

2x2:2

EAP1200H

ECB1200*

ENS1200

EWS350AP

EWS650AP

3x3:3

EAP1750H

ECB1750*

ENS1750

ENH1750EXT*

EWS360AP

EWS660AP

EWS860AP*

802.11ac

wave 2

dual-band

Networks driven by high user capacity & good performance requirements

2x2:2

ENS620EXT*

4x4:4

EWS370AP

EWS371AP*

EWS870AP

EWS871AP*

* Denotes AP models with external antennas

Denotes AP models with internal directional antennas

2.4 GHz Radio Configuration Setting Best Practices

Parameter

Recommended Setting

Rationale

Operation Mode

802.11n

Turn off support for 802.11b/g devices, unless such devices must be explicitly supported on the network.

Channel HT Mode

20 MHz

Do not select 20/40 MHz. The use of 40 MHz channels on the 2.4 GHz band does not provide for multiple independent channels in multi-AP deployments.

Channel Extension

N/A

Not applicable for 20 MHz channels. Channels 1, 6, 11 are the only independent channels on 2.4 GHz. All other channels overlap.

Channel Mode

Static (1, 6, 11 alternating across neighboring APs)

Static channel settings recommended for optimal performance in multi-AP environments. For EWS, define as “auto” in AP Group and override with a static channel setting per AP

Power

Select “Lowest” in AP Group, then set by individual AP

14 dBm (indoor)

17 dBm (outdoor)

Max power not recommended to ensure that weak client devices (e.g. smartphones, tablets) will be able to communicate back to access point. For dual band APs, power level should be at least 6 dB lower on 2.4 GHz band compared to 5 GHz band

Client limit

127 (default)

Regulates number of simultaneous associated client devices. Do not change unless advised to do so by EnGenius personnel.

Data rate

Auto (default)

Regulates speeds at which client devices are allowed to communicate with AP. Do not change unless advised to do so by EnGenius personnel.

RTS / CTS Threshold

2346 (default)

Used for backwards compatibility with 802.11b/g devices. Do not change unless advised to do so by EnGenius personnel.

Aggregation

Enabled (default)

32 packets (default)

32000 bytes (default)

Frame aggregation is a feature of 802.11n/ac to achieve higher throughputs. Do not change unless advised to do so by EnGenius personnel.

5 GHz Radio Configuration Setting Best Practices

Parameter

Recommended Setting

Rationale

Operation Mode

802.11n only (802.11n)

802.11n/ac (802.11ac)

Turn off support for 802.11a devices, unless such devices must be explicitly supported on the network.

Channel HT Mode

40 MHz (802.11n)

80 MHz (802.11ac)

To maximize throughput, use 40 MHz for 802.11n and 80 MHz for 802.11ac. The use of 160 MHz channels on the 5 GHz band (802.11ac) does not leave enough independent channels available in multi-AP deployments. Note that higher density deployments should use 20 MHz or 40 MHz channels on 5 GHz.

Channel Extension

Upper channel

Based on standard channel definitions:

802.11n (40 MHz): 36, 44, 52*, 60*, 100*, 108*, 116*,

124*, 132*, 149, 157

802.11ac (80 MHz): 36, 52*, 100*, 116*, 149

* DFS Channel: Some consumer devices may not support

Channel Mode

Static (alternating across neighboring APs)

Static channel settings recommended for optimal performance in multi-AP environments. For EWS, define as “auto” in AP Group and override with a static channel setting per AP.

Power

Select “Medium” in AP Group, then set on individual APs

20 dBm (indoor)

23 dBm (outdoor)

Max power not recommended to ensure that weak client devices (e.g. smartphones, tablets) will be able to communicate back to access point. For dual band APs, power level should be at least 4 dB higher on 5 GHz band as compared to 2.4 GHz band.

Client limit

127 (default)

Regulates number of simultaneous associated client devices. Do not change unless advised to do so byEnGenius personnel.

Data rate

Auto (default)

Regulates speeds at which client devices are allowed to communicate with AP. Do not change unless advised to do so by EnGenius personnel.

RTS / CTS Threshold

2346 (default)

Used for backwards compatibility with 802.11a/n devices. Do not change unless advised to do so byEnGenius personnel.

Aggregation

Enabled (default)

32 packets (default)

32000 bytes (default)

Frame aggregation is a feature of 802.11n/ac to achieve higher throughputs. Do not change unless advised to do so by EnGenius personnel.

SSID and Advanced Configuration Settings Best Practices

Parameter

Recommended Setting

Rationale

SSID Name

Descriptive name of network with any distinguishing name up front. Use common SSID across all APs in network.

Some smartphone devices truncate SSID names in their display. Same SSID on neighboring APs required for devices to roam from one AP to another

Hidden SSID

None (i.e. Visible)

Leave disabled. Many client devices cannot

properly connect to a network with a hidden SSID

Client Isolation

Yes (public)

No (private)

Isolate client devices connected to the same SSID on the same access point. Enable for publicly accessible networks to prevent clients from viewing each other.

L2 Isolation

Yes (public)

No (private)

Isolate client devices connected to the same SSID on the same access point. Enable for publicly accessible networks to prevent clients from viewing each other.

VLAN Isolation

Yes (if more than 1 SSID)

If multiple SSIDs are to be used in the network,

VLANs should be enabled

VLAN ID

2 4093

Each SSID should be on a separate VLAN if VLAN

isolation enabled

Security

Open (public)

WPA2-AES Personal

(private / devices)

WPA2-AES Enterprise (RADIUS)

Public / semi-public networks should not use encryption to facilitate ease of access. WPA2-AES should always be used. Never use WEP or WPATKIP these security methods are cracked and deprecated, and do not support 802.11n/ac speeds.

Band Steering

Prefer 5 GHz

Threshold: -80 dBm

Enables all dual-band capable clients to be on the higher throughput and less crowded 5 GHz band. Note, all SSID, VLAN, and security settings on 2.4GHz and 5GHz must match precisely.

Fast handover /

RSSI Threshold

Disabled

Intended for networks with excellent coverage (> -

67 dBm everywhere) and sticky clients. If enabled, set threshold between -90 dBm to -80 dBm.

Guest Network

Disabled

Intended for use on single AP networks only. For multi-AP networks, define the guest network as a regular SSID and implement VLANs.

Other Access Point Configuration Setting Best Practices

Parameter

Recommended Setting

Rationale

Wi-Fi Protected Setup (WPS)

Disabled

This is a consumer feature intended for ease of connecting personal devices to private networks. This should always be disabled in any enterprise deployment.

SNMP

Name: Location on property

Location: Property name

Contact: Network admin web address

SNMP provides capability to monitor and administer access point via third party network management systems. Disable if not being used. If enabled, change default community names and/or SNMPv3 passwords.

Time Zone

AP time zone and local daylight savings time (DST) settings. Time server: Use “time.nist.gov” or similar.

Required to keep log functionality useful with correct time reference.

Logging

Enabled

Local logging should always be enabled.

Remote logging should be enabled if network administrator using a syslog server.

Password

Change from default

Always change password from default setting

Background Scanning

Disabled

This periodically scans the environment for beacons from neighboring 3rd party access points. Useful for diagnostics but can add a lot of overhead on busy networks. Recommend that this is disabled for normal operation, and only enabled when attempting to track down external sources of interference.

Check out EnGenius Forum about similar topic:

http://community.engeniustech.com/topic/1023-engenius-ap-configuration-best-practices/

After setting up your network adapter (go to this link ), select “Play Virtual Machine” to launch the ezMaster image. http://community.engeniustech.com/topic/1055-installing-and-setting-up-ezmaster-on-virtual-machine/

When prompted to choose whether the image was moved or copied, select “I Copied It”.

Once the installation script finishes running, you will be prompted to enter a login id and password for ezMaster. Enter admin/password.

Tip: Use Ctrl + Alt to return to Windows desktop

When the command prompt appears, assign the ezMaster Server URL. (Tip: use Network Adapter Properties to check the info of your network adapter)

a) Enter ezMaster Server IP and netmask: config ip eth0 10.0.92.5 255.255.255.0 (eg. LAN Adapter IP is 10.0.92.4 so I choose to use an unused IP Address 10.0.92.5 is chosen to be used as ezMaster IP)

b) Enter ezMaster Server gateway: config gateway 10.0.92.254

c) Enter ezMaster DNS Server: config dns 10.0.92.240

You have completed installing ezMaster.

To know how to download and install VMWare Player, please click this link

Check out EnGenius Forum about similar topic:

Log in to the user interface of the Access Point.

Click Wireless and scroll down to Guest Network Settings

Uncheck/check the box that corresponds to the Guest network that you would like to disable or enable.

http://community.engeniustech.com/topic/942-can-i-enabledisable-the-guest-network/

All DuraFon 1X handsets are registered to the primary Base. When a second Base is registered, then all handsets have access to that base. All incoming calls on each Line/Base will alert any handset within range (depending on Group configuration. For outgoing calls, the handset will select the Base/Line with the strongest signal. If you want to select a specific base station to make outgoing call:

Press menu 8 to enter the Call Manager function.

Press 2 to enter “Outgoing” setting.

Use Up and Down arrows to select either On or Off.

Scroll to On and press SAVE if you want to select a specific base station before you make an outgoing call. The default setting is Off.

See Call Manager functions below:

“Call Manager” feature allows the handset to be set to receive all incoming, transferred, and 2-Way/Intercom calls OR just transferred and 2-Way/Intercom calls. The option is selectable by base 1 to base 4. Besides, this feature allows you to select a specific base station to make an outgoing call.

Decide whether to receive the incoming, transferred, and 2-Way/Intercom calls from a specific base station:

Press menu 8 to enter the Call Manager function. The screen will display:

Press 1 to enter “incoming” setting.

http://community.engeniustech.com/topic/1290-how-to-determine-which-baseline-to-use-from-a-given-handset-on-durafon1x-system/

Use (up) and (down) keys to select a base from base 1 to base 4.

Then press the key to switch between Yes and No, then press SAVE to confirm the setting.

Repeat the process until all base stations from which calls are to be accepted have been selected for the handset.

Decide whether to select a specific base station to make outgoing call:

Press menu 8 to enter the Call Manager function.

Press 2 to enter “Outgoing” setting.

Use (up) and (down) to select either On or Off.

Scroll to On and press if you want to select a specific base station before you make an outgoing call. The default setting is Off.

RSSI stands for Received Signal Strength Indicator. It is an estimated measure of power level that a RF client device is receiving from an access point or router.

At larger distances, the signal gets weaker and the wireless data rates get slower, leading to a lower overall data throughput. Signal is measured by the receive signal strength indicator (RSSI), which in most cases indicates how well a particular radio can hear the remote connected client radios. For point-to-(multi)point applications, the optimal RSSI on each end of the wireless link is between -48 dBm and -65 dBm to achieve the highest possible data rates.

The best practice is to pre-configure the radios with a transmit power of 15 dBm and validate that a link is properly established (which serves to validate security and MAC address settings as well). Once the access points are physically mounted in place, look at the RSSI readings on each radio and adjust the transmit power settings on each side of the link up or down to get the RSSI to within the -48 dBm to -65 dBm range.

If the signal strength is greater than -35 dBm (typical for wireless links under 50 feet), then the electronic amplifiers get saturated because the signal is too strong, which degrades throughput performance. In such scenarios, turning down the power to minimum (11 dBm) may be insufficient, and if so we recommend purposely misaligning the antennas.

If the signal strength is less than -75 dBm (typical for very long distance shots over 4 miles), it may be

difficult to sustain a link reliably or to achieve high throughputs, especially in the presence of external

interference. For long distance shots, EnGenius recommends using laser tooling to optimize the antenna

alignment so as to maximize the signal.

Desired RSSI:

-40 dBm to -50 dBm

Usable RSSI:

-35 dBm to -70 dBm

Above

-35 dBm: Signal is too strong, saturated amplifiers

Below

-70 dBm: Signal is too weak, subject to external interference

Visualize your projects RSSI through the subscription-free network design tool, ezWiFi Planner. Try it now to measure your projects WDS bridge connectivity and projected coverage.

http://community.engeniustech.com/topic/938-what-is-rssi-and-its-acceptable-signal-strength/

Deploying a Point-to-(Multi)Point BackhaulNetwork

Gabriel Reyes

Field Application Engineering, EnGenius Technologies, Inc.

This document summarizes the procedure for configuring and deploying a point-to-point (PTP) or point- to-multipoint (PMP) backhaul network utilizing EnGenius hardware.

In this document, a wireless link is defined as a wireless connection between a root node and one (or more) remote nodes. The wireless link uses a technology called Wireless Distribution System (WDS) bridging, which dedicates a radio to communicate with one or more other radios, specified by the MAC address of the remote radio(s). When in WDS bridge mode, the radio cannot be simultaneously used for client access. All Layer 2 traffic parameters, most especially MAC address of downstream clients and VLAN tags, are encapsulated and preserved across the link.

Point-to-(Multi)Point Overview

Typically, wireless links are used for outdoor / multi-building applications, so the typical deployment uses outdoor access points with directional antennas. Sometimes, omni-directional antennas can be used at the root node, if multiple remote nodes are deployed in different directions. An example of this is shown in Figure 1.

http://community.engeniustech.com/topic/1022-deploying-a-point-to-multipoint-backhaul-network/

Figure 1: Depiction of a point-to-multipoint wireless link.

Indoor deployments of WDS Bridge links are done in scenarios where installing Ethernet or fiber cabling runs is either impossible or impractical, but power at each of the remote AP locations is available. It is

best practice to utilize the 5 GHz band for wireless link applications, to take advantage of fewer sources of interference from access points on the 2.4 GHz band as well as the larger channel selection and capacity of 40 MHz channels on the 5 GHz band with 802.11n technology (e.g. EnStation5), and 80 MHz channels on the 5 GHz band with 802.11ac technology (e.g. EnStationAC). The use of the 2.4 GHz band for wireless links should be reserved only for scenarios where the property is isolated from remote interference, where there is no co-located Wi-Fi coverage, and where there may be trees or other objects that partially obstruct the Fresnel zone of the path (e.g. a farm or nursery utilizing remote cameras for surveillance).

By convention, the root node is defined as the upstream side of the link (i.e. towards demarc on the property) and the remote / slave node is defined as the downstream side of the link (i.e. towards the remote AP and/or camera). Unlike other vendors, however, there is no distinction in the EnGenius hardware both sides of the link are configured in the same manner.

A typical WDS Bridge link is shown in Figure 2. Parallel (i.e. point-to-multipoint) WDS bridge links are shown in Figure 3.

Figure 2: Logical network diagram of a point-to-point link.

Figure 3: Logical network diagram of a point-to-multipoint link.

In larger deployments, wireless links can be daisy-chained / relayed in series, as shown in Figure 4. In this scenario, a wireless link shall connect the demarc building to an intermediate building (“hub”), and then one or more additional wireless links shall connect the hub to another remote location. This technique is useful at properties where all of the remote locations do not have direct line of sight to the demarc, and/or where the number of backhaul links need to be physically spread out across multiple buildings.

Figure 4: Logical network diagram of a serial point-to-point link.

When only one or two devices are connected on the remote end to a slave node, a PoE switch is not required and the devices can be linked through the PoE (802.3af) pass-through port on the EnStationACs

secondary LAN port, as shown in Figure 6. Note that the EnStationAC itself is powered via PoE+ (802.3at), which can be supplied either by the enclosed PoE+ injector or a PoE+ (802.3at) switch.

Figure 5: Connecting a PoE (802.3af) device such as a remote IP camera to the secondary LAN port of an EnStationAC.

For the older EnStation2 (2.4 GHz 802.11n) and EnStation5 (5 GHz 802.11n) products, remote powered devices like IP cameras can be connected by cross-connecting the data ports on PoE injectors. Examples of this are shown in Figure 6 and Figure 7. Note that the EnStation2 and EnStation5 require proprietary PoE injectors (24V) that come with the access points. Additionally, the EnStation2 / EnStation5 have an auxiliary Ethernet interface which can be used to connect up to two devices at the remote end without a switch, as shown in Figure 8 and Figure 9, or to connect up to two devices without a switch at an intermediate relay location, as shown in Figure 10.

Figure 6: Cross-connecting PoE injectors for a single remote device (e.g. remote IP camera).

Figure 7: Wiring configuration for one AP per slave backhaul link.

Figure 8: Wiring configuration for two APs per slave backhaul link.

Figure 9: Wiring configuration for two cameras per slave backhaul link.

Figure 10: Wiring configuration for two cameras per intermediate relay point backhaul link without a PoE switch.

In general, a dedicated radio shall be used in a design of a wireless link, connecting to remote access points or cameras. In instances where only a single remote AP and/or camera is required, a dual-radio access point can be used with the 5 GHz radio is dedicated to the WDS bridge link. Note that Wi-Fi clients will only be served on the 2.4 GHz radio in this case, as shown in Figure 11.

Figure 11: Logical design diagram showing a single remote AP connected via WDS on its 5 GHz radio. Clients are served on the2.4 GHz band only for such APs.

Figure 12: Logical design diagram showing an omni-directional AP at the root location, for connecting multiple remote locations that do not fall within the 18o directional envelope of a standard EnStation. Clients may optionally be served with Wi-Fi on the2.4 GHz band from such omni-directional APs.

Configuration Best Practices

For point-to-multipoint networks, a maximum of eight remote nodes (EnStationAC) or four remote notes (EnStation2 / EnStation5) can be configured to connect to a root node. It is generally best practice to keep the number of remote / slave nodes to one or two per wireless link. This is done for several reasons:

It limits the total amount of traffic going over any particular wireless link

It minimizes the effect of an outage due to equipment failure

It leaves some design margin in case additional locations for remote access are required

In the absence of external interference for short distance links (under mile), the following sustained data throughputs are achievable:

EnStationAC (802.11ac, 80 MHz channel): 400 Mbps

EnStation5 (802.11n, 40 MHz channel): 80 Mbps

EnStation2 (802.11n, 20 MHz channel): 40 Mbps

At larger distances, the signal gets weaker and the wireless data rates get slower, leading to a lower overall data throughput. Signal is measured by the receive signal strength indicator (RSSI), which indicates how well a particular radio can hear the remote connected client radios. For point-to-(multi)point applications, the optimal RSSI on each end of the wireless link is between -40 dBm and -50 dBm to achieve the highest possible data rates.

Setting Appropriate Transmit Power

The best practice is to pre-configure the radios with a transmit power of 17 dBm and validate that a link is properly established (which serves to validate security and MAC address settings as well). Once the access points are physically mounted in place, look at the RSSI readings on each radio and adjust the transmit power settings on each side of the link up or down to get the RSSI to within the -40 dBm to -50 dBm range.

If the signal strength is greater than -35 dBm (typical for wireless links under 50 feet), then the electronic amplifiers get saturated because the signal is too strong, which degrades throughput performance. In such scenarios, turning down the power to minimum (11 dBm) may be insufficient, and if so we recommend purposely misaligning the antennas.

If the signal strength is less than -75 dBm (typical for very long distance shots over 4 miles), it may be difficult to sustain a link reliably or to achieve high throughputs, especially in the presence of external interference. For long distance shots, EnGenius recommends using laser tooling to optimize the antenna alignment so as to maximize the signal.

Setting Appropriate Channels

In non-rural environments, the entire 2.4 GHz band (channels 1 11) and the UNII-1 and UNII-3 portions of the 5 GHz band (channels 36 48 and 149 165) are commonly used by dual-band access points for Wi-Fi. These Wi-Fi access points can create significant co-channel interference (CCI) with point-to- (multi)point links and degrade their performance. It is therefore recommended that wireless point-to- point links be established on the 5 GHz band and that channels are restricted to the UNII-2 and UNII-2e portions of the band (channels 52-64 and 100-140). When utilizing multiple point-to-(multipoint) links, please keep the neighboring channels independent and use an alternating sequence to maximize their separation. The following alternating scheme for adjacent / co-located wireless links is recommended. Note that halving the channel size will halve the maximum data capacity of the link, but will double the number of independent channels:

- 80 MHz (EnStationAC): 100, 52, 116

- 40 MHz (EnStation5/EnStationAC): 52, 100, 116, 132, 60, 108, 124

- 20 MHz (EnStation5/EnStationAC): 52, 100, 116, 132, 60, 108, 124, 56, 104, 120, 136, 64, 112, 128

Considerations for Video Surveillance Applications

Point-to-(multi)point links are commonly used for surveillance applications, where one or multiple IP cameras need to be positioned at a remote location. When designing such applications, it is important that the bandwidth requirements per camera are understood, so as not to exceed the capacity of the backhaul link. It is therefore important to consider the quantity of cameras, number of pixels per camera, and frame rate. Furthermore, H.264 (or better) encoding should always be used to maximize video data compression when utilizing wireless links.

When deploying IP cameras for remotely located video surveillance across a property, it is best practice to evaluate and explicitly quantify the average data rate per camera, which is based on number of pixels, frame rate, and compression scheme (H.264 or better encoding is always recommended when using wireless links). The total number of cameras per wireless link should be limited to 50\% - 60\% of the total capacity of the link. This ensures that there will be sufficient bandwidth on the wireless link in case of link degradation due to external interference effects, as well as leaving some design margin in case additional cameras are added to the video surveillance design at the last minute or at a future point in time.

When calculating the throughput link budget of a wireless point-to-(multi)point system, it is important to remember that all downstream hops have an additive effect on the total upstream throughput. An example of this is shown in Figure 13.

Figure 13: Example link budget calculation for multiple point-to-point shots in series.

EnGenius Access Point Models Supporting Point-to-(Multi)Point

All EnGenius Electron APs can be configured in WDS bridge mode to establish point-to-(multi)point links. For most applications, using models with internal directional antennas will be appropriate, though in some cases, the use of omni-directional antennas is appropriate at the root to reach remote locations in opposite directions. The full list of EnGenius APs that can be configured in WDS Bridge mode are shown in Table 1. The models highlighted in green are specifically designed for WDS Bridge applications and thus recommended for most applications, though can also be operated as single-band access points.

Table 1: List of EnGenius Access Points capable of WDS bridge mode.

Technology

MIMO

EnGenius Electron (Standalone APs)

Indoor

Outdoor

802.11n

2.4 GHz only

2x2:2

EAP300 EAP350 ECB350*

EnStation2ENS202ENS202EXT*ENH202ENH220EXT*

802.11n

5 GHz only

2x2:2

EnStation5ENS500ENS500EXT*ENH500

802.11n

dual-band

2x2:2

EAP600

ENH710EXT*

3x3:3

ENH900EXT*

802.11ac

wave 1

5 GHz only

2x2:2

EnStationAC

802.11ac

wave 1

dual-band

2x2:2

EAP1200H ECB1200*

ENS1200

3x3:3

EAP1750H ECB1750*

ENS1750 ENH1750EXT*

* Denotes AP models with external antennas

Denotes AP models with internal direcOonal antennas

Design Example #1: RV Park

Figure 14 shows an RV park using EnGenius equipment to supply managed Wi-Fi. EnGenius Neutron EWS860 outdoor access points are located at all of the poles with red pins (other poles in the park are shown with yellow pins). There are approximately 40 client devices per access point during peak usage times. All access points require point-to-multipoint backhaul to the main distribution frame containing the AP controller, router, and Internet feed, which is in the Registration building at the lower right corner of the property. There is fiber running to one distribution pole, with all other links being wireless utilizing EnStationAC.

Figure 14: Design example of a point-to-multipoint network spanning an RV park to provide Wi-Fi and wireless backhaul.

For channelization on the 5 GHz band, the access points are all set with static 40 MHz channels on UNII- 1 (36 48) and UNII-3 (149 161). The point-to-multipoint links are all set with static 80 MHz channels on UNII-2 (52 64) and UNII-2e (100 140) bands to maximize capacity. This is shown in Table 2.

Table 2: AP locations with individual static channel and power settings per band for RV Park application.

Design Example #2: Urban Surveillance

The following is a surveillance application at an apartment complex in Brooklyn, NY. There are 59 apartment buildings, each equipped with 16 cameras and an NVR. All buildings have line-of-sight to the main distribution frame (MDF). A central security operations center is located in the MDF building, with the requirement to be able to view multiple cameras across the complex. A series of point-to-multipoint links are established from the main building to connect to the 58 other buildings, as shown in Figure 15.

Figure 15: Design example of a point-to-multipoint network spanning rooftops in an urban environment for surveillance.

Because of the data requirements, the use of 80 MHz channels was required. A shielded metal tower was constructed to keep the neighboring EnStationAC units on the roof of the MDF isolated from each other so that channels could be re-used, as shown in Figure 16.

Figure 16: Custom tower used to isolate neighboring EnStationACs on the roof of the MDF.

As the buildings were brick and the links were all above the roof line, the interference from Wi-Fi in the apartment units was minimal so channels 36 and 149 were also used in this case. The complete channelization plan is shown in Table 3.

Table 3: AP locations with individual static channel and power settings per band for urban surveillance application.

Configuring the Access Points for Point-to-(Multi)Point Applications

To create a wireless link, the radio on the access must be configured for “WDS Bridge” mode. Once that is done, the MAC address of the access point other side of the wireless link. For point-to-multipoint applications, the MAC addresses of the multiple slave nodes shall all be specified on the root node. On the slave nodes, only the MAC address of the root node is listed.

Log into the Access Point http://192.168.1.1

Default Username: admin

Default Password: admin

Go to the Operation Mode

Set the access point into WDS mode (for dual band APs, do this for the 5 GHz radio)

Set the Country / Region

Provide a unique name for the AP

Figure 17: Operation Mode screen [EnStation2].

Go to the IP Settings Provide a unique static IP address for the AP on your LAN.

Figure 18: IP Settings screen [EnStation2].

Go to the WDS Link Settings

Security Type: AES (WEP and TKIP are Do not use.)

AES Passphrase: <8-64 characters> (Choose a Must match on both sides of link.)

MAC Addresses: Enable and enter the MAC address(es) of the remote access (Note, only the root node should have multiple MAC address listings for up to 4 slave nodes when creating a point-to-multipoint link. When doing links in serial, use a separate slave node for the first link and co-located root node on a different channel for the second link.)

Figure 19: WDS Link Settings screen [EnStation2].

Figure 20: WDS Link Settings of a 5 GHz root node wireless point-to-multipoint link in WDS Bridge mode [EAP1750H].

Go to the Wireless Network

Set wireless mode: 11n or 802.11n/ac only (Disable 802.11a)

Channel HT mode:

4 GHz radios: 20 MHz

5 GHz 802.11n radios: 40 MHz

5 GHz 802.11ac radios: 80 MHz

Extension Channel: <ignore> (This is not relevant for 20 MHz channels, and will be selected automatically for 40 MHz / 80 MHz channels

Channel / Frequency: <unique> (Choose a unique, non-overlapping channel for your In large deployments, channels can be re-used but make sure they are not on neighboring/ co-located links. Also be sure to not conflict with your AP channels if deploying 802.11n/ac access points. If EnGenius has supplied a design, a recommended channel allocation is generally included. These should be considered “starting points”, as external Wi-Fi sources present at the site may necessitate selecting alternate channels with less interference.

2.4 GHz Channels (20 MHz): 1, 6, 11

5 GHz 802.11n Channels (40 MHz): 36, 44, 52, 60, 100, 108, 116, 124, 132, 1401, 149, 157

5 GHz 802.11ac Channels (80 MHz): 36, 52, 100, 116, 1321, 149

Figure 21: Wireless Network Settings screen [EnStation2].

1 Channel 140 (40 MHz) or 132 (80 MHz) is only available if channel 144 is available on the access point.

Figure 22: 5 GHz portion of wireless Network Settings screen [ENH1750EXT].

Go to the Wireless Advanced Setting Most settings here should be left on default unless you are specifically advised to change them by an EnGenius Field Application Engineer.

Data Rate: Auto [default]. This allows the AP to dynamically adjust the data rate based on the strength and condition of the wireless )

Transmit Power: 17 dBm [initial]. Must be set on both sides of link based on distance and any When the link is established, the RSSI of the other side should be between -65 dBm to -40 dBm. If the signal is weaker than -65 dBm, the data rate will not be optimal and thus you will not get the full capacity of the link. If the signal is stronger than -35 dBm, then the signal is too strong, the amplifiers in the AP will be saturated, and the link quality will degrade. For very short links (<< 50 feet), minimal power level of 11 dBm should be set and potentially the links may need to be purposely misaligned to get the power level below -35 dBm.

RTS/CTS Threshold: 2346 [default]. This is a protection mechanism to allow newer APs to talk to older11 clients. Not used in WDS.

Distance: 1 km [default]. For very long links, additional delays for message acknowledgements are sometimes For most applications, this can be left at default.

Aggregation: Enable, 32 Frames, 50000 bytes [default]. Frame aggregation is a mechanism used by 11n/ac to reduce overhead. Leave enabled at default settings.

Wireless Traffic Shaping: Disabled [default]. This provides bandwidth limits per Generally we want to maximize the capacity of the link, so leave this disabled.

Figure 23: Wireless Advanced Settings screen [EnStation2].

To see if the link is established and to verify the RSSI values, click on the “WDS Link List” tab (or “Connections” tab on 802.11ac models).

Figure 24: Connections / WDS Link List screen to view list of connected access points [EnStationAC].

Powering the Wireless Links

The EnStationAC is powered via 802.3at, and can be powered from any standard PoE+ (802.3at) switch or injector. A PoE+ injector is included with the hardware.

All of the outdoor 802.11n access points with internal directional antennas (e.g. EnStation2, EnStation5, ENS500, ENS202) are powered via 24V passive PoE injectors, instead of standard 802.3af (i.e. PoE at 48V, up to 15.4W) or 802.3at (i.e. PoE+ at 48V, up to 30W) used to power network devices, such as access points and cameras. A 24V PoE injector is included with the hardware.

EnGenius offers the EPD4824, which is a 48V PoE active to 24V passive PoE converter. This converter is powered from of a conventional PoE / PoE+ network switch, and thus does not require a separate power cord for the PoE injector. For applications where remote PoE switches are deployed for APs and cameras, the use of this converter for power is highly recommended.

Figure 25: EPD4824 converter to go from PoE 48V (802.3af) to PoE 24V (proprietary).

There is also a third party appliance, the POE24 from Digital Loggers, which provides an 8 port 24V PoE injector with a web power switch for powering 24V devices in a 1U chassis. This appliance can be deployed in demarc and hub locations where several 24V PTP/PMP access points are located. This device can be configured to ping the IP address of the remote end of each link and power cycle the particular PoE port if the link is detected as offline:

Spec sheet: http://www.digital-loggers.com/poe24spec.pdf

Web site: http://www.digital-loggers.com/poe24.html

Figure 26: Digital Loggers POE24 8 port 24V PoE injector.

Check out EnGenius Forum about similar topic:

Scenario:

You are unable to access the setup page even if everything seems to be setup correctly. You are able to ping the units IP address and you were able to access the user interface from a different computer before.

Fix:

Please check if the computer has VIPRE Internet Security. This software has an aggressive web filtering feature that can prevent you from accessing the user interface via browser. You can disable Web Filtering and the Firewall feature on the software temporarily to access the EnGenius interface. Simply turn the said features "OFF".

Step 1.

Connect your PC/Laptop to the EMR3000 (wired or wireless)

Step 2.

Open a browser and type the IP address to address bar to Access the Interface of the EMR3000. Use the username and password credential you created via enMESH APP

http://community.engeniustech.com/topic/1218-how-to-port-forward-on-emr3000/

Step 3.

Go to Firewall and select Port Forwarding

Yes, you can. All EnGenius PoE switches have auto-sensing PoE ports. This means that the PoE port will detect if the connected device is a PoE device or not. Please check if the PoE device is 802.3af or 802.3at compliant to make sure that it is compatible with the EnGenius switch.

There is also the option to disable the PoE capability per port on all EnGenius PoE switches. Just go to PoE Port Settings and set the State to “Disabled”.

Note: The EGS2108P, EGS2110P, and the EWS2910P PoE ports are 802.3af compatible. They are not 802.3at a.k.a. PoE+ compliant.

This document provides guidelines on best practices for selecting the right quantity and size of managed network switches for particular applications.

Application Guidelines: Frequently Asked Questions

How do network switches work?

In the early days of networking, wired Ethernet network devices were interconnected through a device called a “hub”, where a wired frame would come in on one port and be broadcast out to all other ports. While relatively simple, this technology caused a lot of noise and consumed a lot of excess capacity on wired networks, as all messages were broadcast to all devices connected to a hub, regardless of their intended destination.

With network switches, each switch port creates a point-to-point link with the device it is connected to. The network switch maintains a database of MAC addresses indicating what devices are connected on individual ports. When a frame enters the switch on a particular port, the switch examines the source MAC address and destination MAC address. The source MAC address is used to update the database to indicate that the client is accessible on that port. If the destination MAC address is already in the database as being connected to a different switch port, the frame is only forwarded out along the indicated port. If the destination MAC address is not in the database, or if is a broadcast message (e.g. DHCP request), the packet is sent out all other ports as is done in a hub.

What are the differences between unmanaged, smart, and managed network switches?

An unmanaged switch maintains its database but is inaccessible via any interface (e.g. web, CLI, SNMP, etc.). It is simply present on the network to route frames to appropriate ports. Unmanaged switches are also incapable of handling any type of advanced Layer 2 features, including VLANs.

A managed switch has a full set of OSI Layer 2 features used for managing the wired traffic on a network. It is addressable via an IP address and can generally be accessed via both a web interface (e.g. http or https) and a CLI (e.g. telnet or SSH). Managed switches are capable of supporting a long list of industry- standard OSI Layer 2 features, including but not limited to the following:

VLANs

Viewable dynamic MAC address table (i.e. the switch port database)

Link Aggregation with Link Aggregation Control Protocol (LACP)

Spanning Tree Protocol (STP)

Access Control Lists (ACLs)

SNMP

Logging (local and remote)

Port mirroring

Cable and other diagnostics

A smart switch is a limited managed switch, which is typically less expensive than a managed switch but also typically only supports a subset of features found on a managed switch. Smart switches will typically only have a web interface and support a limited set of VLANs. However, unlike managed switches, there is no industry standard for the term “smart switch”, and what constitutes a “smart switch” can vary widely both between vendors and between different switch models from the same vendor.

It is best practice to use managed switches on the LAN side of a network. This ensures that the full set of OSI Layer 2 features are available, and to facilitate troubleshooting by enabling network devices can be monitored and managed remotely. Unmanaged switches should generally be avoided.

Every model of network switch currently manufactured and sold by EnGenius is a full managed switch with all of the industry-standard OSI Layer 2 features available. For marketing purposes only, EnGenius uses the term “smart switch” and even “managed smart switch” for particular switch models so as to competitively position them against other vendors.1

What are the differences between non-PoE, PoE, and PoE+?

A non-PoE switch is a switch that provides network connectivity only, and does not supply DC power to connected devices. These switches are suitable when there are a large number of non-powered network devices on the network, such as PCs and laptops. Such switches are commonly deployed in offices, as well as in hotels, student housing, assisted living, and other multi-dwelling unit (MDU) environments where there is a wired Ethernet wall jack in each unit.

Power-over-Ethernet (PoE) switches provide both DC power and data connectivity over a single Ethernet wire. These are extremely useful for connecting powered network devices to a network, as only one cable needs to be run to the device, as opposed to separate cables for data and for power. Per the IEEE standards, switches are able to detect whether a connected device is powered or not, and will therefore only provide power to devices that are not being powered by an alternate power connection. When using managed Power-over-Ethernet switches, the connected device can also be rebooted remotely by turning off and on the power on the Ethernet port, which is very useful when doing network troubleshooting.

A PoE switch conforms to the IEEE 802.3af standard, which provides 48V up to 15.4 W per port. PoE (802.3af) is sufficient for powering older generation access points (i.e. pre-802.11ac) and for most other powered network devices, such as IP cameras, VoIP phones, access control locks, etc.

1 The version 1 hardware of the EGS2108P, EGS2110P, and EGS5110P switches had limited OSI Layer 2 capabilities, and had therefore been marketed correctly as smart switches. The version 2 hardware of these switch models, available as of January 2016, are full managed switches, although are still marketed as “smart” switches.

The EWS1200 line of non-PoE switches are full managed switches, but are marketed as “managed smart switches” to compete against other vendor’s smart switches.

A PoE+ switch conforms to the IEEE 802.3at standard, which provides 48V up to 30 W per port. PoE+ (802.3at) is required for 802.11ac access points because of the large number of radio chains required for MIMO and MU-MIMO.

It is best practice to not fully load a PoE (802.3af) or PoE+ (802.3at) switch, to ensure that the total power budget of the switch is not exceeded. EnGenius generally recommends a “3/4 rule”, meaning that a network design should plan on only using of the ports for powered network devices, as follows, with remaining ports being reserved for non-powered network devices, backhaul to other infrastructure (e.g. other switches or routers), or spares:

8 port PoE/PoE+: Only 6 ports should be used for powered network devices

24 port PoE+: Only 18 ports should be used for powered network devices

48 port PoE+: Only 36 ports should be used for powered network devices

Most PoE and PoE+ switch models come with some non-PoE ports for backhaul, consisting of either Ethernet ports and/or SFP ports (for mini-GBIC fiber modules). On EnGenius switches, any standard third party SFP module (1 Gbps) can be used. For a detailed explanation of SFP modules, please read the following blog: http://www.emperorwifi.com/2015/03/an-overview-of-sfps-for-interconnecting.html

For EnGenius switches, what is the difference between “EWS” switches and “EGS” switches?

In terms of managed switch functionality, the corresponding EWS and EGS switch models are identical.

The EnGenius Neutron line of managed access points all have “EWS” in their model name. EWS switches contain an embedded network controller that is capable of centrally managing and controlling EWS access points on the same wired network. Each EWS switch is capable of controlling up to 50 EWS access points that span the local wired network. In the future, EWS switches shall also be remotely manageable from ezMaster, EnGenius’s cloud controller platform. Note that the embedded controller in an EWS switch can be disabled when not in use, and the EWS switch will continue to function as a normal managed switch.

How do you determine the number and size (port count) of switches needed for a project?

The telecom wiring in a property is divided into “verticals” and “horizontals”. The distinction is actually not about the orientation of the cable run, but rather to distinguish backhaul cabling used to interconnect switches in different telecom closets (verticals) vs. cabling that connects a telecom closet to endpoints on the network, such as wall jacks in units, access points, cameras, etc. (horizontals). This terminology is based on a high-rise building, where each floor has a telecom closet on each floor that are vertically stacked floor-to-floor, with endpoints on each floor connected horizontally to the telecom closet on that floor.

Every property must have one telecom closet which contains the Internet bandwidth circuit from the provider and the router for the network. This closet is referred to as the main distribution frame (MDF). For smaller properties, there may only be the one telecom closet, and all endpoint devices are “home run” from this closet to their desired locations. (In such a scenario, there are no “verticals” but there will be “horizontals”). As Ethernet wiring has a distance limitation of 100 meters / 328 feet, it is usually

necessary and convenient for larger properties to establish additional telecom closets, and have the endpoints connected to these intermediate locations. These additional telecom closets are referred to as intermediate distribution frames (IDFs). In a high-rise building, IDFs are commonly stacked in the same location on each floor and are located either on every floor or every third floor. Larger facilities will even have multiple IDFs on the same floor. In multi-building environments, each building usually has a telecom closet, so each building is an IDF. The IDF(s) require some type of backhaul connection to the MDF, typically using either Ethernet, fiber, or wireless point-to-(multi)point links.

Accordingly, the number and size of the network switches required ultimately depends on the number of MDF and IDFs as well as the number of “horizontals”, i.e. the number of powered network devices and unpowered network devices connected into each telecom closet.

What is link aggregation?

Link aggregation is a feature available in managed switches to have multiple physical ports act as a single virtual port with the aggregated capacity of all of the physical ports. It is commonly deployed for backhaul between the MDF and IDF(s) in networks requiring very high local data capacity, such as when using storage area networks (SANs) or in networks consisting of several surveillance IP cameras streaming data to a network video recorder (NVR) or in the MDF. An example application is shown in Figure 1. An aggregated link can also serve to provide redundancy (at reduced capacity) in case one of the connections should be broken.

Figure 1: Example of Link Aggregation to connect a switch to a storage area network (SAN).

On any EnGenius switch, a link aggregation group (LAG) can be established under L2 Features Link Aggregation Port Trunking, as shown in Figure 2. Up to eight link aggregation groups can be defined on a particular switch, and are referred to as “trunk groups” with port numbers t1 t8. A physical port can be a member of only one trunk group. The ports that make up a group need not be sequential, though it is often convenient to use sequential ports from a wiring perspective. There is also no limit as to how many physical ports can be aggregated into a single group, until one physically runs out of ports on the switch.

There are two modes defined for establishing a trunk group. In “static” mode, the ports are always considered part of the trunk group, and the switch will always load balance outbound traffic on the trunk port across all of the physical ports. In “LACP” mode, the switch uses Link Aggregation Control Protocol (LACP) to periodically verify that each physical link is established end-to-end, so LACP must be running on both sides of the link (i.e. both switches connected via an aggregated link). It is best practice to use LACP mode to establish an aggregated link between two switches.

Figure 2: Setting up a link aggregation group on an EnGenius managed switch.

What is spanning tree protocol (STP)?

As mentioned above, a switch maintains a database of MAC addresses and ports. When there is a wiring loop in the network, there are multiple physical paths between switches and endpoint devices, meaning that a switch will see the same MAC address on multiple ports.2This generally causes a broadcast storm, where the same message for a device will loop through the network repeatedly, eventually filling up the RAM on the switch and causing the switch to slow down significantly or simply crash.

Physical wiring loops in the network can often occur accidentally during a service operation. Wiring loops are also often desirable from a redundancy standpoint, to ensure that the loss of a single cable or switch in the network does not take down everything downstream in the network.

Spanning tree protocol (STP) is a feature in managed switches that is designed to detect network loops and block redundant paths. The simple explanation of the protocol is that it calculates a cost function for each path through the network and then only allows the least-cost path to operate, discarding all incoming traffic on higher cost paths. Should the least-cost path fail (e.g. a physical cable gets disconnected), the algorithm immediately falls back to the next least-cost path. This is shown in Figure 3.

The STP algorithm allows a priority number to be set for each switch in the network (and even each port on a switch), where a smaller priority number indicates a lower cost for that switch so that a desired path can be established. For the algorithm to work, one switch must have the lowest cost, and this switch is designated the “root bridge.” In most network topologies, the root bridge should be the switch in the MDF connected directly to the LAN port of the router. If the priorities are not specified (i.e. all switches are left on their default priority values of 32768), the STP algorithm will automatically designate the switch on the network with the smallest numerical MAC address as the root bridge.

2 This is not an issue for aggregated links, as the switch is aggregating the multiple physical links into a single virtual trunk port, and thus only sees one connection.

Figure 3: Generic image of spanning tree blocking a loop in the network.

It is best practice to have spanning tree protocol enabled on all networks. On any EnGenius managed switch, rapid spanning tree protocol is enabled by default. The priority of each switch can be set manually under L2 Feature STP CIST Instance Settings, as shown in Figure 4. It is generally only necessary to change the default on the core switch in the MDF. In networks consisting of several switches in a complex tree topology, it can be desirable to lower the priorities on some of the intermediate core switches.

Figure 4: Setting up spanning tree protocol (STP) on an EnGenius switch.

EnGenius Switch Models by Application and Capabilities

The following table summarizes the EnGenius switch product line, based on technology generation, MIMO capability. Switch models shown in green are those commonly recommended for most applications.

If the password you set exceeds 12 characters, you will not be able to access the user interface. You can reset the unit by pressing the reset button and setup a new password that does not exceed 12 characters.

Ping request is discarded by default.

To enable, access the router web interface and go to Network Settings

Click Firewall and select DoS

Change Discard Ping on WAN option from Enable to Disable then click Apply.

When assigning static IP addresses, you want to assign them outside the DHCP lease pool, and that generally means excluding a portion of the range from the DHCP pool. If you assign a local static IP that is in the DHCP lease pool, the DHCP service will not know about it, and may potentially assign the same IP address to a different client device, causing an IP address conflict and communication problems for both devices.

For instance; Router at 10.1.1.1, with IP leases given out starting at 10.1.1.100. So, the first device to request an IP address gets 10.1.1.100, next device gets 10.1.1.101, etc.

In this case, the addresses 10.1.1.2-10.10.1.99 are available for static IP address assignments, like servers (e.g. servers starting at 10.1.1.10, .11, .12, etc., printers at 10.1.1.20, .21, .22, etc.).

http://community.engeniustech.com/topic/962-static-ip-addressing-is-recommended-in-most-access-point-deployments-is-it-okay-if-i-set-my-access-point-to-obtain-ip-address-and-reserve-it-on-the-router-setting/

If you manually configure a device (e.g. printer, server, access point, etc.) to 10.1.1.110, then a network with than 10 other dynamic devices on your network, one of them will boot up, ask for an IP from DHCP, then DHCP may lease out 10.1.1.110 because it doesn't know it has already been taken..

Some DHCP services have an "exclusion range" into which you enter IP addresses they are never to use, because you've programmed some devices locally with those IPs. (i.e. servers are commonly locally assigned IPs not through reservations). Usually, devices that need to be accessed, either locally or remotely, require static IP addresses.

One can also use the DHCP service for "Reservations", where a client device is always assigned the same static IP address. This is typically used for printers or other devices that may not support being programmed with a static IP address, but a static IP address for the device is desired for monitoring or access.

Check out EnGenius Forum about similar topic:

Most PBX transfers will require you to press FLASH (green button) + extension number, then press “END” (red button) to complete the transfer. An exception is Nortel, which requires you to press FLASH, star (*), 70 + extension number, then “END”.

http://community.engeniustech.com/topic/746-how-do-i-transfer-a-call-from-an-engenius-handset-to-a-different-extension-on-my-pbx

An exploit was reported that may take advantage of the EnShare feature. The exploit may affect some EnGenius IoT Gateways. EnGenius engineers have provided firmware updates to fix the issue.

There are two ways to apply the firmware fix.

1. Access the router GUI and allow the firmware update through the auto-update feature.

http://community.engeniustech.com/topic/1142-enshare-exploit-firmware-fix/

2. Download the latest firmware and manually update the firmware. The links for the firmware can be found below:

ESR300 Firmware version 1.4.11

https://www.engeniustech.com/wp_firmware/ESR300-V1-4-11-34.dlf

ESR350 Firmware version 1.4.13

https://www.engeniustech.com/wp_firmware/ESR350-V1-4-13-36.dlf

ESR600 Firmware version 1.4.12

https://www.engeniustech.com/wp_firmware/ESR600-V1-4-12-64.dlf

EPG5000 Firmware version 1.03.14

https://www.engeniustech.com/wp_firmware/EPG5000-FW-V1-03-014-30.dlf

EnGenius Community Forum link:

Powered by EnGenius Single Port Power-over-Ethernet (PoE) adapter solution is ideal for installers to deploy PoE devices scalable, and to reduce maintenance cost and labor fee.

The ideal solution could assist installers to solve the limitation in designing networks is the availability of power source. The EnGenius PoE adapter allows delivery of both data and powerto compatible Access Points or device over a single Ethernet cable, allowing deployment of them exactly when users needed to provide the best wireless coverage and at much lower installation cost.

Besides built-in networking facility, EPA series is also equipped with short-circuit and overload protection to assure the securable and reliable connection for Access Points or other PoE devices. By sending direct current (DC) output, Ethernet terminals which need more power such as wireless LAN high power device, IP media center, and web camera are poweredremotely.

Features

Scalable deployment by powering devices from up to 100 meter (328 feet) remote-end

Significantly reduce maintenance cost and labor fee

The power LED on the ENH500 will not blink to indicate that the device has been reset.

After pressing the reset button for more than 10 seconds, the LAN and WLAN LEDs will turn off, but the power LED will remain lit. Wait 90 seconds after a reset for the device to reboot.

Saving and applying settings is a 3-step procedure:

The example below shows how to properly save and apply the wireless settings.

After customizing the wireless settings on an access point.

1. Click ""ACCEPT"" after making the settings changes. (see below)

2. Click on the ""SAVE/RELOAD"" option under ""STATUS"", which take you to a list of the settings options.

3. Click on the ""Save and Apply"" button to save the settings. Wait for the progress bar to reach 100\%

There are 2 ways on how to reset EnGenius router:

#1. If you can still access the User Interface (UI)

Click Network Settings

Go to Tools

Click Reset to Deafults/Reboot thenReset to Default

#2. Press and hold the reset button for 30 seconds while it is powered On. After 30 seconds, release the reset button then disconnect the power for 10 seconds.

(EnGenius setup wizard) A user will be asked to change the router password during step 3 of the process.

http://community.engeniustech.com/topic/932-where-do-i-go-to-change-my-router-password/

(manual) The router password can be changed in the Tools section.

Access the router's setup page

Click Network Settings

Click Tools

Enter the old password and the new password that you would like to use then click Apply

Note: Password is limited to 12 characters (a-z, 0-9).

When set manually, the AP will lose the time setting because there is no CMOS battery to maintain an internal clock. It is recommended to configure the Time settings with “User defined NTP Server” and that is done by using a known good NTP server. Also make sure that nothing blocks the NTP server in the network.

Please check link for known active list:

US NTP server

Follow the step to setup the storage feature:

Step1: Download the EnFile App for iOS or Android.

EnGenius’ Mesh Router is a storage router, which means it supports an attached USB hard drive service; download the EnFile app to remotely access your router-attached storage.

https://play.google.com/store/apps/details?id=com.senao.cloud&hl=en

https://itunes.apple.com/app/enfile-by-engenius/id667827416?mt=8

Step2: Plug in the External Hard Drive

Plug a portable hard drive into the Mesh Router’s USB port to access the data.

Supported hard drive format: FAT32 and NTFS

Step3: Login with the EnFile App

Find the label located on the bottom of the EnGenius Mesh device and refer to the Unique ID (UID) or DDNS Domain that is exclusive for your device. Take note of the info for processing the remote login. You will use the same login username/password you created in the EnMesh setup process.

http://community.engeniustech.com/topic/1206-how-to-use-the-storage-feature-of-the-mesh-router/

Problem: The ECB600 does not revert back to factory default after pressing the reset button for over 10 seconds.

Solution:Update the ECB600 to firmware version 1.5.2, and after a successful update reset the ECB600.

ECB600 firmware Change Log

Version:1.5.2

Bug Fixed:

Reset button fix.

Firmware link: https://www.engeniustech.com/wp_firmware/ECB600_1.5.2.zip

Device Models and Firmware versions:

EWS5912FP: v1.05.42-c1.8.55

EWS860AP: v2.0.239-c1.7.10

Scenario: Adding a new EWS access point that has an outdated firmware version.

After adding the AP to the Managed AP list, it shows the status as “Incompatible Version”.

http://community.engeniustech.com/topic/1174-how-to-resolve-incompatible-firmware-version-error-on-ews-controller/

The controller will then prompt the user that the firmware of the access point(s) is/are incompatible and ask to check for updates. (Click OK to confirm)

Controller will provide the list of Access Point(s) that has firmware available from the server. Check the boxes for the AP that you would like to update and click the “Update” button below.

The controller will ask the user to confirm the update.

The firmware update will take several minutes, depending on the quantity of APs to update and the speed of the internet connection.

After successfully updating the firmware, go to “Device Management” and click “Access Points” to check the status of the Managed Access Points.

The ENS202EXT originally does not have the repeater mode and will require the firmware to be updated to version 1.5.33

Here's how to configure the ENS202EXT as a repeater.

Log in to the web interface of the ENS202EXT

Click Operation Mode to configure the System Properties. Select Repeater then click Save & Apply

Click Wireless Network and click Site Survey button to find the network that you would like to repeat

On the Site Survey result, find the SSID of the Network and click the BSSID

Input the Password/Passphrase of the repeated network and click Accept

After the above steps, click Save/Reload to see and review the changes that you've made and click Save&Apply to permanently save the settings.

The process of opening a port on an EnGenius router is called Port Forwarding.

In this article we will walk you through each step on opening a port.

Step 1

It is important to setup a static ip address in the device that you are forwarding a port to. This ensures that your ports will remain open even after your device reboots.

Step 2

We need to login to the setup page of the router. Using a computer that is connected to the router (wired or wireless), open a web browser. It can be Google Chrome, Mozilla Firefox, Safari, Edge or Internet Explorer. It can be any browser.

Find the Address bar. It should look like the one below:

http://community.engeniustech.com/topic/993-how-to-open-port-on-an-engenius-router/

In this example, the IP address is 192.168.0.1. Simply replace it with the router's IP address. Check the computer's default gateway to know the router's IP. The default EnGenius router's IP is 192.168.0.1

After entering the IP, select Router Management:

This time, you will be asked for the username and password. Enter the username and password setup for the router. The default username is admin and the default password is admin.

On the Home Page, click on the Cogwheel button (Network Settings)

Step 3

Navigate to the Port Forwarding Section by clicking on Advanced>Port Forwarding.

We can now enter the information we want

Description: Name of the Application

Local IP: IP Address of the device you are forwarding the port to

Protocol: Type of Protocol used for the application

Local Port: Port needed to be opened

Public Port: Port needed to be opened

For example, if you want to open port 53, it should look like below:

Just add another entry if there are more ports to open.

Don't forget to click Apply to save the changes.

Check out EnGenius Forum about similar topic: