Oct 26

Your Go-To-Guide for Channel & Transmit Power on Wi-Fi Networks (Part 2)

Part 2
By Jason D. Hintersteiner

Read Part 1 of this series

Wi-Fi Channels on the 2.4 GHz band
On the 2.4 GHz band (802.11b/g/n) in North America, there are 11 channels of 20 MHz size allowed by the FCC. Some or all of channels 12-14 are allowed in some other countries, such as Japan. Unfortunately, the center frequencies of channels 1-13 are only 5 MHz apart, leading to only three non-overlapping channels, as shown in Figure 1.

Figure 1: 20 MHz channels on the 2.4 GHz frequency band.1

The 802.11n spec allows for the optional use of 40 MHz channels on the 2.4 GHz band, by bonding two adjacent channels together. However, given that the entire usable band in 2.4 GHz is only 72 MHz wide, there are no two 40 MHz channel sizes that are independent, as shown in Figure 2. This limitation makes the use of 40 MHz channels completely impractical in multi-AP deployments, though it is still unfortunately fairly common to see in practice as most vendors allow this channel width in their default settings.

Figure 2: 40 MHz channels on the 2.4 GHz frequency band.1

Given the restrictions on the number of independent channels and how that decreases as the channel width increases, poor channelization will create AP-to-AP interference and thus degrade both usage and coverage requirements. On the 2.4 GHz band, only 20 MHz channel sizes should be used, and channels should be deployed across APs with an alternating static 1, 6, 11 scheme, both horizontally and vertically.

Wi-Fi Channels on the 5 GHz band
The 5 GHz band is much larger (over 555 MHz, semi-contiguous), so selecting independent channels and using larger widths via bonding neighboring channels is much simpler. 802.11a allowed the use of 20 MHz channels. 802.11n allows the use of 40 MHz channels, and 802.11ac allows the use of up to 80 MHz or 160 MHz channels. This is shown in Figure 3.

Figure 3: Channels on the 5 GHz frequency band.1, 2, 3

The use of 40 MHz channels at 5 GHz with 802.11n is fairly standard practice. In most SMB deployments, we can use 80 MHz channels with 802.11ac, to double the wireless throughput. In instances where a design calls for high client density settings like in convention meeting spaces or large classrooms, or if there is a specific reason to avoid the DFS channels, we can use 80 MHz channels with 802.11ac, and double the wireless throughput. This is the primary advantage of deploying 802.11ac access points vs. 802.11n access points.

The full list of 20 MHz channels available in North America is shown in Table 1. Governmental regulatory agencies in other countries may restrict the use of one or more of these frequency bands and the maximum transmit power at those frequencies. Most access points require that a country be selected in the configuration, which dictates what channels and maximum transmit powers are available.

20 MHz Channels UNII-1 UNII-2
Channel 36 40 44 48 52 56 60 64
Central Frequency (MHz) 5180 5200 5220 5240 5260 5280 5300 5320
Total Channel Frequency Range (MHz) 5170 – 5190 5190 – 5210 5210 – 5230 5230 – 5250 5250 – 5270 5270 – 5290 5290 – 5310 5310 – 5330
20 MHz Channels UNII-2e
Channel 100 104 108 112 116 120 124 128
Central Frequency (MHz) 5500 5520 5540 5560 5580 5600 5620 5640
Total Channel Frequency Range (MHz) 5490 – 5510 5510 – 5530 5530 – 5550 5550 – 5570 5570 – 5590 5590 – 5610 5610 – 5630 5630 – 5650
20 MHz Channels UNII-2e UNII-3 ISM
Channel 132 136 140 144* 149 153 157 161 165
Central Frequency (MHz) 5660 5680 5700 5720 5745 5765 5785 5805 5825
Total Channel Frequency Range (MHz) 5650 – 5670 5670 – 5690 5690 – 5710 5710 – 5730 5735 – 5755 5755 – 5775 5775 – 5795 5795 – 5815 5815 – 5835

Table 1: 20 MHz channels on the 5 GHz band.

Creating 40 MHz, and larger channels involve bonding multiple neighboring channels together. Each bonded channel has a primary 20 MHz channel that is used when an 802.11n or 802.11ac access point communicates with a legacy 802.11a client or an 802.11n or 802.11ac client that is artificially limited to smaller channels. The other bonded channels are “extension” channels, and can be either immediately above (upper) or below (lower) the primary channel.

Unfortunately, there are multiple “standards”—ways of indicating bonded 5 GHz channels— which makes referencing those channels very confusing for Wi-Fi novices and experts alike. The three basic methods are to refer to their bonded channel range, their primary channel with extension for which there are two variants for 40 MHz and four variants for 80 MHz, or their center channels, or frequencies. These are shown for 40 MHz channels in Table 2 and 80 MHz channels in Table 3.

40 MHz Channels UNII-1 UNII-2 UNII-2e
Channel Range 36 – 40 44 – 48 52 – 56 60 – 64 100 – 104 108 – 112
Upper Extension (primary is lowest channel) 36 44 52 60 100 108
Lower Extension (primary is highest channel) 40 48 56 64 104 112
Central Channel 38 46 54 62 102 110
Central Frequency (MHz) 5190 5230 5270 5310 5510 5550
Total Channel Frequency Range (MHz) 5170 – 5210 5210 – 5250 5250 – 5290 5290 – 5330 5490 – 5530 5530 – 5570
40 MHz Channels UNII-2e UNII-3
Channel Range 116 – 120 124 – 128 132 – 136 140 – 144* 149 – 153 157 – 161
Upper Extension (primary is lowest channel) 116 124 132 140 149 157
Lower Extension (primary is highest channel) 120 128 136 144* 153 161
Central Channel 118 126 134 142 150 158
Central Frequency (MHz) 5590 5630 5670 5710 5750 5790
Total Channel Frequency Range (MHz) 5570 – 5610 5610 – 5650 5650 – 5690 5690 – 5730 5730 – 5770 5770 – 5810

Table 2: 40 MHz channels on the 5 GHz band.

80 MHz Channels UNII-1 UNII-2 UNII-2e UNII-3
Channel Range 36 – 48 52 – 64 100 – 112 116 – 128 132 – 144* 149 – 161
Upper (or Upper-Upper) Extension (primary is lowest channel) 36 52 100 116 132 149
Upper-Lower Extension (primary is 2nd lowest channel) 40 56 104 120 136 153
Lower-Upper Extension (primary is 2nd highest channel) 44 60 108 124 140 157
Lower (or Lower-Lower) Extension (primary is highest channel) 48 64 112 128 144* 161
Central Channel 42 58 106 122 138 155
Central Frequency (MHz) 5210 5290 5530 5610 5690 5775
Total Channel Frequency Range (MHz) 5170 – 5250 5250 – 5330 5490 – 5570 5570 – 5650 5650 – 5730 5735 – 5815

Table 3: 80 MHz channels on the 5 GHz band.

Note the asterisk (*) for channel 144. This channel was opened up in March 2014 for use by Wi-Fi in the United States as part of the 802.11ac specification. You will therefore generally not see it as a valid channel option on older 802.11n access points. Furthermore, even on 802.11ac access points, many AP vendors still have firmware that complies with the older FCC specifications- pre-March 2014 and do not recognize Channel 144 as valid for use in the United States. Accordingly, Channel 144 (20 MHz), Channel 140 (40 MHz), and Channel 132 (80 MHz) often cannot be used in static channel plans.

Another complication—the UNII-2 and UNII-2e bands (which cover 2/3 of the frequency space) are still in use by legacy military and commercial weather radar systems. This leads to a requirement known as dynamic frequency selection (DFS), which requires Wi-Fi devices to periodically measure for the presence of such legacy radar systems and move off of the channel for a period if one is detected. Currently, both access points and client devices are responsible for detecting DFS interference from radar devices and, if detected, move off the channel.

Before March 2014, only access points were required to make that detection and channel move, notifying their connected clients to the channel change to encourage them to follow. This was part of the original 802.11h amendment when UNII-2 and UNII-2e were opened up for Wi-Fi. The older rules made more sense from a Wi-Fi operations perspective, as client devices associate with an access point and thus follow the access point’s channel. Unfortunately, many legacy client devices did not know how to interpret the “I am about to change from channel x to channel y” message from the AP and therefore didn’t move off the channel fast enough, which is likely what prompted the rule change.

The unintended consequence of this is that many consumer Wi-Fi device manufacturers decided it was not worth investing in the code to do the DFS detection, and as a result will not operate at all on any of the UNII-2 (52-64) or UNII-2e (100-144) channels. This is why many 802.11n consumer devices supported the UNII-2 and UNII-2e channels, but their newer 802.11ac counterparts do not. Ironically, this also tends to be a limitation of the consumer wireless router products from manufacturers that also make enterprise access point equipment that supports DFS detection.

Fortunately, most phone and tablet manufacturers are not so shortsighted, so iPhones/iPads and most mainstream brands for Android phones/tablets with 802.11ac capability will work on the UNII-2 and UNII-2e bands. Also, fortunately, most consumer client devices are dual-band, so if they do roam to an AP with a 5 GHz channel they do not recognize, they will still connect on the 2.4 GHz radio and be treated as a 2.4 GHz-only client. However, 5 GHz-only consumer devices, such as USB dongles and 802.11ac wireless bridges, may have difficulty connecting in such scenarios.

Editor’s Note:  This updated post was originally published in 2015.

About the Author:  Jason is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Applications Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer courses. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut.


1Coleman, D. and Westcott, D. CWNA Certified Wireless Network Administrator Official Study Guide: Exam PWO-105. 3rd edition. John Wiley & Sons, Inc., Indianapolis, IN. ISBN 978-1-118-12779-7. ©Copyright 2012.

2Jackman, S., Swartz, M., et al. CWDP Certified Wireless Design Professional Official Study Guide: Exam PW0-250. John Wiley & Sons, Inc., Indianapolis, IN. ISBN 978-0-470-76904-1. ©Copyright 2011.

3Hintersteiner, J. EnGenius Certified Operator. EnGenius Technologies, Inc. certification program course. ©Copyright 2014-2015.

See all Blog Articles

Oct 2

6 Reasons You Should be Using ezMaster™ for Network Management

Whether you’re using EnGenius Access Points as stand-alone devices or managing them through a local Switch with the built-in controller feature, you may be missing out on some big business benefits. EnGenius’ ezMaster Network Management Software made its debut just two short years ago as a Best of Interop award finalist. Since then, a growing number of managed service providers and network administrators at small to mid-size organizations are saying good-bye to their license and subscription fees and moving to ezMaster.

While ezMaster is full of valuable features that are sure to positively impact your bottom line, here are the top six reasons why you should be using ezMaster to manage your EnGenius network.

1. Resolve Network Issues Remotely
Without a doubt, one of the biggest benefits of ezMaster is the ability to access its management dashboard anywhere, anytime, from any Internet-enabled desktop or Android/iOS device. Along with flexible access, network admins can setup customizable email alerts based on predetermined events such as System or Device Status, SSL Certification, Wireless Client Info, and Device Management, Configuration and Firmware Upgrade.

Remote network management and alerts can improve your operational efficiencies, help maintain high customer satisfaction, and cut your truck-roll costs while freeing your staff to do other important things to grow your business.

2. Manage, Monitor & Troubleshoot One or Multiple Networks
Can a small team make a big impact with ezMaster? Yes it can. Midwest Internet Solutions (MIS) in Overland Park Kansas is a nationwide full-service MSP supporting some of the largest hotel chains in America. MIS deployed more than 950 Neutron APs and 60 Switches in over 300 customer locations while using ezMaster to monitor all deployed equipment 24/7 from their Network Operations Center in Overland Park.

Each separate network location is viewable as a “project” through ezMaster’s Web-based dashboard making it easy to manage one or multiple networks. Not only can MIS see when an AP or switch is down, they can also troubleshoot and reboot devices remotely in the event of issues. Device inventory lists are quickly accessed across multiple networks, and active and offline devices are visible from the at-a-glance dashboard. Utilizing ezMaster to manage multiple separate networks allows organizations like MIS to scale their operations with minimal staff and without added software costs.

3. Streamline Deployments & Software Upgrades
Alleviating the burden of deploying and upgrading multiple access points is reason alone to implement ezMaster. Once the access points are in place, ezMaster’s automated provisioning and intuitive configuration tools will help streamline your AP deployments like never before. Group access points easily within each network project and quickly configure or reconfigure grouped device settings based on a multitude of options. And with one click you can check for available firmware updates, then bulk select the APs you wish to roll out updates to without ever stepping foot onsite.

4. Gain Visibility Into Devices Across the Network
Visualization tools and statistics allow you to monitor the overall health of the network. Topology View is one visual that is handy for seeing the connection relationships between switches and APs on the network. You’ll instantly see what devices are online or busy. Topology View, like all of ezMaster’s Visualization tools, is interactive. You can drill right down to a specific switch to change its configurations or jump directly to the individual AP device configuration, reboot the AP or simply remove it.

Map View utilizes Google Map views and is useful for promptly locating APs that are deployed in larger, multi-site deployments. Upload a floor plan into Floor Plan View and, like Map View, you’ll see the AP’s vital stats including its name, MAC address, number of connected clients and status. The Map and Floor Plan are also interactive, allowing you to move to the device configuration page, remove or reboot the AP or click right into the active client stats page where you’ll see individual client device info and bandwidth use, and can kick or ban clients accordingly.

Statistics charts simplify visual analytics by giving you real-time and historical visibility of traffic flow for access points and connected clients. These graphs can instantly switch to show received and transmitted traffic sorted by ascending or descending order, whichever you prefer. You’ll also appreciate the quick-look mouse-over info available on each AP and client device in both of these charts. Interested in watching real-time throughput on APs? Drill down into individual APs to monitor this info over the course of two minutes.

5. Adaptable Hybrid Management Options
Another significant benefit of deploying ezMaster along with Neutron hardware is the system’s hybrid approach to network management. The hybrid model gives you the flexibility to deploy and manage the network in the way that best meets your needs. These options include:

       1. Manage an unlimited number of access points locally with ezMaster from an onsite server.
       2. Manage up to 50 APs per Neutron Switch, in the local network, through the switch’s built-in wireless controller.
       3. Manage multiple distributed networks from any location with ezMaster.

Since ezMaster is not a cloud-based software, you have control over where it resides. Set it up on your private server or utilize a third-party cloud service like Amazon Web Services or Microsoft Azure, the choice is yours.

Are you an MSP looking for a network management system to integrate into your existing service system? EnGenius will work with you to provide its ezMaster API for integration. Send an email to partners@engeniustech.com if you’re interested in this option.

6. Offer Monetize Hotspot Services
Interested in adding another income stream? Right from ezMaster, you can provide your customers a way to meet the demands for guest WiFi access in their retail store, restaurant, hotel, shopping center or just about anywhere. You’ll have access to three different guest network options in the platform: guest WiFi, captive portal or monetized hotspot services that engage customers and collect visitor data.

Standard guest WiFi allows guests onto a separate SSID of the network and does not require them to stop at a splash page. The captive portal option is designed to act as an entry point to access the Internet and gives you the ability to create branded splash pages, select three types of authentication, enact terms of service and set the parameters of a walled garden.

Integrated into ezMaster’s Hotspot Service menu is a guest WiFi solution that offers branded welcome pages customer data collection and promotional and coupon creation through the Cloud4Wi service platform. This service presents a tiered approach for clients and supports new revenue streams, especially for MSPs.

Bonus: Say Good-Bye to Fees

If these six reasons aren’t enough to convince you, maybe this will: EnGenius makes this robust software available free with its access points, AND it does so without charging per AP license fees, firmware upgrade fees, subscription fees, tech support fees or any other type of fee.

How can we do this you ask? Simple. EnGenius knows it has to add the most value it can to its solutions, and it does so because not everyone wants to pay a premium for hardware or steep fees just to have reliable enterprise-class wireless, and they shouldn’t have to.

I would like to speak with an EnGenius representative regarding ezMaster

Sign me up for the next ezMaster Webinar

See all Blog Articles

Sep 28

Your Go-To-Guide for Channel & Transmit Power on Wi-Fi Networks (Part 1)

Part 1
By Jason D. Hintersteiner

The topic of channel and transmit power is often confusing for Wi-Fi novices and experts alike, as there are several considerations to take into account: different frequency bands, varying channel sizes, and transmission power setting tradeoffs.

In this two-part series, we will cover need-to-know info including the definitions of channel and power, and establish best practices for channel and transmit power planning on both 2.4 GHz and 5 GHz.

Defining Wi-Fi Channels
As you probably know, the Federal Communications Commission (FCC) and similar governmental agencies in other countries regulate the use of radio frequency spectrum. Most spectrum is licensed, meaning that government agencies or commercial entities must purchase or lease a portion of the spectrum to have exclusive use rights to that range. Some frequency bands are unlicensed, meaning that anyone can broadcast in that part of the spectrum without a license, so long as specified maximum transmit power limitations are met. It is in this portion of the wireless spectrum where Wi-Fi operates.

Channel Ranges
Each Wi-Fi access point broadcasts a signal on a particular channel, which encompasses a specific center frequency and channel width. Both 802.11n and 802.11ac use larger channel widths, 40 MHz in 802.11n, and 80 MHz or 160 MHz with 802.11ac. Larger channel sizes enable more data to be sent simultaneously, increasing the link’s throughput. However, since the breadth of the unlicensed bands used by Wi-Fi is fixed, there are fewer independent, non-overlapping channels. These bigger channel ranges are also subject to a higher level of noise within the spectrum and more interference from neighbors, making the use of larger channels a tradeoff between potential throughput and achievable signal quality.

Channel Interference
Wi-Fi signals interfere if their transmissions occur on the same or overlapping channels in the same space. A wireless client device or receiver hears transmissions from multiple sources simultaneously, yet it is incapable of distinguishing between these different sources. The data received is, therefore, a mashup of signals from various sources. A checksum or error-detection of the received data indicates a corrupted transmission, which requires the original transmission source to retransmit the data.

Band Steering
Most enterprise access points also provide a feature called band steering, which encourages dual-band capable client devices to connect to the 5 GHz band to obtain higher speeds. The 5 GHz frequency offers larger channel sizes and fewer sources of external interference than the 2.4 GHz band. While band steering is not part of the 802.11 standard, it is beneficial. This is particularly the case with the emergence of new IoT network appliances that operate on 2.4 GHz and use new, low-power 802.11b chipsets. With more devices crowding the 2.4 GHz band, it is best for all clients that can operate on the 5 GHz band, be directed to do so.

Defining Transmit Power
The transmit power of an access point radio is proportional to its effective range. The higher the transmit power, the farther a signal can travel, and the more obstructions it can effectively penetrate. A stronger signal at a given distance generally results in a higher signal to noise ratio, which typically allows for more complex modulation and coding schemes (MCS) and faster data speeds.

Strong v. Weak
In early Wi-Fi deployments, which were primarily driven by coverage requirements, it was common use to turn up the power on the AP transmitter as high as allowed by FCC and IEEE regulations. This approach worked when most clients, such as laptops, had reasonably strong transmitters themselves. But, with the emergence of smartphones, tablets, and network appliances, there is often a transmit power mismatch that then leads to a range mismatch.

Most smartphone, tablet, and IoT devices use relatively weak transmitters to preserve both space and battery life. As a result, the client device can receive a fairly strong transmission from the access point, but the access point cannot receive the relatively weak transmissions of the client device.

Think of it this way: the access point is shouting, but the client device is whispering. Accordingly, though non-intuitively, the effective coverage area is driven by the client devices, and the AP power levels must be set to minimize the mismatch between the range of the access point and the corresponding range of the client devices.

Furthermore, in high-density deployments like college lecture halls, conference centers, or stadiums where hundreds or even thousands of devices are operating within the coverage area of a single AP, more access points are needed simply from a capacity standpoint. This necessitates using lower transmit power levels, directional antennas, and very careful channel planning to prevent co-channel interference. Another option in high-density locations is to deploy tri-band-capable access points. Tri-band APs double the wireless capacity of the 5 GHz band and would require fewer devices to accomplish this.

Dual-Band Best Practice
As compared to 5 GHz, the 2.4 GHz spectrum has less free space path loss and attenuation through standard building materials, giving it a larger effective range at a given transmit power level. However, when using a dual-band access point, it is effective to equalize the coverage area for both bands.

For a typical SMB environment, the 2.4 GHz transmit power level should be 6 dB lower than the 5 GHz transmit power level to get a rough equivalency in coverage. Even so, balancing coverage can be difficult. It is not uncommon to optimize a dual-band AP layout for 5 GHz coverage and disable the 2.4 GHz radios in some APs to avoid co-channel interference on the 2.4 GHz band.

For more information on the EnTurbo Tri-Band 11ac Wave 2 AP (EAP2200) Click Here

Editor’s Note:  This updated post was originally published in 2015.

About the Author:  Jason is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Applications Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer courses. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut.

Aug 28

Essential Back to School Supplies from EnGenius!

Fall is nearly here, and back to school season is in full swing. While students and their families are tasked with buying supplies like pencils, pens, binders and paper, school administrators and tech buyers have to think bigger. Is your campus prepared?

In order for students to thrive, campuses must be efficient and well-connected. EnGenius products are proven to increase scholastic and administrative success on school campuses, but don’t just take our word for it! Take a peek at some of our case studies, which feature on-campus deployments of EnGenius devices:

Problem Solving, EnGenius-Style

Are you having trouble with your tech or communications-based equipment? It can be challenging to work out all the kinks when you have so many back to school issues popping up at once, but EnGenius staff and products can help.

“We often have situations where we have to communicate with each other quickly; you might call them emergency situations. Our previous (walkie) system didn’t always work, so we’d have to run around and try to find the person we were looking for,” explained Dan Sage, Assistant Principal at Warner Middle School. Deploying EnGenius DuraWalkies on the Warner campus established reliable communications and efficiency.

Perhaps you’re having difficulty providing contiguous, reliable Wi-Fi connectivity campus-wide. Network Administrator Jerry Thompson faced this challenge at Lima Christian School, and EnGenius provided a solid solution.

“With the competitor’s solution, we basically had pockets of access points. When we moved from one access point to another, we’d lose connection and have to reconnect.” Now, “We’re getting great range,” Thompson said. “I had a student helper take a laptop all around the school to see at what point we would lose the signal. He was almost to his car in the parking lot before the signal dropped.”

Deploying the EnGenius Neutron Series provided robust Wi-Fi coverage at the school, which empowered the school staff to follow through with their technology-based curriculum.

Whether your campus is in need of rugged handsets that function as both phones and two-way radios, or you need networking hardware to support and bolster tech-based learning, EnGenius is the answer.

Want a Gold Star? Take Our EnGenius Quiz!

How well do you know our products? Let’s find out! Don’t worry, this “open-book” quiz is designed to move you to the head of the class!

1. Which of the following features are standard with DuraFon Cordless Phone Systems?
A. Reliable, Long-Range coverage
B. Durable, ruggedized handsets
C. System expandability
D. All of the above
Answer: D. All of the above

2. True or False: DuraFon offers spectacular long-range coverage, including:
Up to 12 Floors In-Building Penetration
Up to 250,000 sq. ft. of Facility Coverage
Up to 3,000 Acres of Property/Open Land Coverage
Answer: True

3. EnGenius’ Neutron networking hardware devices include:
A. Access Points
B. Wall Plate APs
C. AP MeshCam
D. PoE Switches
E. All of the above
Answer: E. All of the above

EnGenius products can help ensure a successful and stress-free year for both students and staff. Contact us today to purchase problem-solving devices for your campus or school district, and don’t forget to ask about our demo program. Try select products risk-free for 30 days – it’s a no-brainer!

For more information on DuraFon Cordless Phone Systems, click here!

For more information on our Neutron Series, click here!

Jul 31

Should Wi-Fi Be Installed in the Hallways or the Rooms?

By Jason Hintersteiner

Access Point Placement Best Practices: Hotels, MDUs & Classrooms

Yes, it’s true that installing wireless access points is often easier than installing them in individual hotel guest rooms, multi-dwelling units (MDUs) including student and military housing, apartments and condominiums, retirement and assisted living residences, and classrooms.

Many hallways feature drop ceilings, making cabling and installation a snap. Even when there are finished ceilings present, cabling soffits or access panels are often already in place or are reasonably easy to install, making wiring possible. If low-voltage infrastructure, such as a spare CAT5e/CAT6a cable is not already available in each unit, cabling the units can be impractical or cost-prohibitive.

However, from a performance standpoint, putting access points in line-of-sight of each other down a hallway is often the worst thing you can do for the following reasons:

1. Attenuation: The inside wall adjacent to the hallway tends to have high attenuation. Why? Most hotel guest room’s and MDU’s outside walls are made up of large windows, while the inside walls tend to be where the metal appliances such as refrigerators, dishwashers, and ovens are located. You’ll often also find full wall mirrors, bathroom plumbing, and steel fire doors in hotel guest rooms.

All of these obstructions interfere with wireless signal penetration. It is not uncommon to see much better signal penetration through the floor and ceiling than from the hallway into the unit.

2. Self-Interference: A long, thin corridor acts as a tunnel for Wi-Fi signals, focusing the signal and making it extend much further than it will laterally into the units. Even with the access points on different channels, there is always some level of adjacent channel interference. When APs installed in halls are all lined up, they’ll cause interference with each other; the heavier the traffic load, the more interference.

It’s for these reasons that it’s almost always better to install APs in individual hotel guest rooms, apartments, dorm rooms, and classrooms.

In-Room Wi-Fi Options
Wall Plate APs

Except for new builds, you’ll often find pre-wired, low-voltage network wiring is available in hotel guest rooms, dorms, and other multi-tenant dwellings. Pre-existing wiring creates the perfect scenario for using wall plate APs to provide reliable in-room Wi-Fi to guests and residents. Wall Plate APs bypass the performance concerns of placing APs in hallways, bringing the coverage right where users need it most–in the unit itself.

EnGenius’ new Neutron 11ac Wave 2 Wall Plate AP (EWS550AP) integrates a high-speed AP and a 3-port Gigabit switch, merging wireless, wired, and Power-over-Ethernet features for in-room connectivity. You can use the wall plate AP’s Gigabit Ethernet ports to connect various wired devices including IPTVs and game consoles in hotel guest rooms or dorms and networked projectors in classrooms. The AP includes a wired pass-through port to connect a room phone to the hotel or school PBX system or connect and power a VoIP phone using the PoE-pass-through LAN port. The wall plate AP is also powered through an 802.3af/at-compliant PoE switch. The onboard switch allows you to segment and manage network traffic by type with its port-based 802.1Q VLAN support.

Ceiling/Wall Mount APs

If you don’t have the benefit of existing low-voltage cabling infrastructure, one trick often used is to run the cables down the corridor, penetrate the wall above the doorway into the apartment or guest room, and mount the access point above the door. While it’s ideal to install the access point within the center of the unit, this type of mount is preferred over in-hallway mounting because it gets the AP closer to your user’s client devices. Placing APs just inside the room means signals don’t have to penetrate the wall, plumbing, or other in-room obstacles. It also means those barriers are now working in your favor to protect the wireless signal from other APs.

It’s nearly always best to install APs directly in-room or in-unit if at all possible, even if you need to shortcut the cabling above the door. Wireless signals will be much stronger and more user-friendly.

Learn more about the Neutron 11ac Wave 2 Wall Plate AP

Need help designing or planning your Wi-Fi installation in a hotel, MDU, or school? EnGenius offers free system design assistance.

Editor’s Note:  This updated post was originally published in 2015.

About the Author:  Jason is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Application Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer courses. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut.

Jun 30

Top 5 Mesh Wireless Network Best Practices

By Gabriel Reyes & Jason Hintersteiner

Every installer knows that each wireless installation comes with its own unique set of challenges – from building materials to cabling. Mesh wireless can be a handy tool for the installer’s arsenal when included as a deployment option on traditional access points. Mesh is useful for getting around tricky installation issues like cement or plaster walls, and on networks where running Ethernet cabling is not possible or even practical. It is also perfect for covering larger spaces like warehouses with Wi-Fi.

EnGenius recently added mesh capabilities on select Neutron Series Indoor and Outdoor Access Points. So, we have compiled a few key mesh wireless best practices that will help make your installs easier and more effective. In fact, these best practices are also business builders. Accurate deployment of Neutron Series Access Points – including proper settings and groupings – will save time and money, and will increase customer satisfaction.

Follow these five best practices to ensure you get the best performance out of your Neutron APs when utilizing their mesh capabilities:

1. Best Practice: Use the 5 GHz band for mesh backhaul connectivity.
Neutron APs will allow you to use either the 2.4 GHz or 5 GHz bands for mesh connectivity. Since 5 GHz offers larger channel widths and lowers the chance of external interference, it should be used for mesh connectivity.

2. Best Practice: Set the RSSI threshold to -80 dBm (default).
Neutron APs allow you to specify the threshold at which a remote AP will not connect, and will, therefore, connect to a different mesh AP with a stronger signal.

Manipulation of this parameter is a difference between distance and speed. Using a higher threshold (e.g. -70 dBm) will enforce faster link speeds across the mesh links, but will require a denser collection of APs to maintain connectivity to all Remote Nodes. If this threshold is too high, there is a significant risk of Remote Nodes becoming isolated because they do not meet the threshold criteria.

3. Best Practice: The network design should cluster the APs into groups consisting of up to four Remote Nodes that are only one hop away from a Root Node.
The APs should be mounted roughly evenly throughout the property to provide consistent coverage areas. At least 20% of your APs, distributed throughout the property, should be Root Nodes. Each Remote Node is therefore only one hop away from another Root Node. If a Root Node fails, the nearby Remote Nodes will then only be 2-3 hops away from another Root Node. This approach requires you to create additional Root Nodes, which can be done by running Ethernet or fiber-optic cable to the remote locations, or by establishing dedicated point-to-(multi)point WDS Bridge links to create “wireless wires” from the root AP back to the wired network.

In mesh environments with multiple Root Nodes, you can establish mesh clusters by creating a unique AP Group. Each AP Group will contain one Root Node and the desired Remote Nodes that should be connecting to it. The settings of each AP Group should be identical, except for their channel. Each AP Group needs to be on an independent channel to ensure its neighboring mesh clusters do not self-interfere.

4. Best Practice: Set each Root Node on a static independent channel, and set each Remote Node to “auto channel.”*
Using these settings will maximize the airtime capacity of the overall network so that multiple neighboring Root Nodes do not create self-interference. Set the Remote Nodes to auto-channel so they can fail over to different Root Nodes in the event of the failure of their primary Root Node. When utilizing point-to-(multi)point WDS Bridge links to establish Root Nodes these must also be on static independent channels, and therefore accounted for in the overall channelization plan.

5. Best Practice: Mesh APs should be configured to operate in Mesh Point mode.**
The access points can be set up to operate in either “Mesh AP” mode or “Mesh Point” mode. In Mesh AP mode, the 5 GHz radio provides both wireless backhaul through the mesh and wireless client device access. In this mode, the AP acts as a repeater, meaning the link will lose 50% throughput per hop.

Conversely, in Mesh Point mode, the 5 GHz radio only provides wireless backhaul, and all client device access is only on the 2.4 GHz radio. The loss of bandwidth capacity from connecting on 5 GHz wireless is minor compared to the loss of bandwidth capacity experienced with a 50% reduction in bandwidth per hop. Mesh Point mode also allows you to set the transmit power of the mesh radios to their maximum value, providing the greatest signal strength between nodes without experiencing an imbalance with the low transmit power capability of most 5 GHz client devices.

Well-planned deployments, coupled with excellent equipment, are the ultimate best practice – and EnGenius is here to help you in both regards. We hope you make these five best practices part of your future installs. Stay tuned for future tips and best practices!

Are you looking for a flexible, scalable, affordable network solution with no management license or subscription fees? Look no further. Learn more about EnGenius’ Neutron Series.

About the Authors:
Jason Hintersteiner is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Application Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer course. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut. Follow him on Twitter @emperorWiFi.
Gabriel Reyes is a Certified Wireless Network Administrator (CWNA) and a Certified Wireless Design Professional (CWDP) with over 10 years of networking experience. Gabriel is a Field Application Engineer at EnGenius who brings extensive installation, training, and troubleshooting experience while also holding numerous industry certifications.

* In the c1.8.57 firmware release, auto-channel is not supported for APs in mesh mode. Accordingly, each AP Group must have all APs in the mesh cluster set to the static channel. Different AP Groups should be set on independent channels to maximize airtime. Auto-channel capability will be added in a future firmware release.

** In the c1.8.57 firmware release, only the Mesh AP option is available in the controller. To set the APs into Mesh Point mode, the setting must be changed from the web interface of each AP directly. This will be addressed in a future firmware release.

Jun 5

Three Critical Wi-Fi Applications in Assisted Living

By Jason Hintersteiner

It’s About the Operations Infrastructure

Wi-Fi might not be the first thing that comes to mind when considering critical capital expenditures for residential care and assisted living facilities, but it is becoming an integral part of operations as technology evolves.

1. Resident Use

As large segments of our population continue to age, the demand for Wi-Fi in assisted living and continuing care retirement centers grows. Tech-savvy seniors expect to use wireless Internet access.

According to a 2017 Pew Research study, 67% of seniors age 65 and older indicated they go online. A Link-age 2016 study showed just over 40% of seniors own a smartphone and state their top communication technology uses include Internet access, wireless networks, and personal computers more than other technology. Assisted living facilities will need to keep their Wi-Fi access competitive to attract future residents.

2. Staff Use

Facility-owned computing devices, such as tablets and laptops used by management and facility operations staff, also require Wi-Fi access. The staff network must be HIPAA-compliant, incorporating security measures to keep patient records secure, especially when accessed in the course of day-to-day routines.

3. Infrastructure

While both resident and staff use are necessary, the real power of Wi-Fi in assisted living facilities lies in infrastructure. The Internet of Things (IoT) is evolving to produce an ever-growing array of wireless sensor technology that is used to monitor residents, improve operational efficiencies, and maintain health and safety. The capital investment in Wi-Fi for a facility can be considered primarily one of infrastructure, since every day, Wi-Fi becomes an increasingly critical component of daily operations.

Supporting A Sea of IoT Devices

An IoT network of wireless-enabled sensing devices collect data, report on abnormalities, and even make appropriate adjustments. Devices like the fitness and GPS trackers, smart thermostats, and watches may still be considered in the realm of high-tech toys, but the real application isn’t just life enhancing, but life sustaining. Consider the following representative applications for continuous, real-time measurements:

Wearable Sensors:

  • Health monitors: Track vital signs, blood pressure, pulse rate, and temperature.
  • Orientation: Wrist-worn devices transmit position including sitting, standing or lying down.
  • Location: Where are your residents within your facility? An absolute essential for Alzheimer’s or dementia residents.

Room Sensors & Actuators:

  • Pressure sensors: Monitor beds, chairs, and floors to track patient activity.
  • Environmental sensors: Measure and adjust room temperature and humidity.
  • Motion detectors: Monitor visitors, and help determine if the patient is following normal activity patterns.
  • Lighting & electrical sensors: Automatically turn on and off to ensure safe movement, appropriate lighting day or night.
  • Safety: Heat, smoke, and carbon monoxide detection.
  • Voice activated devices: AI personal assistant devices like Amazon Echo and Google Home provide a quick way for seniors to summon help.

Facility Sensors & Actuators:

  • Location sensors: GPS tracking for drug carts, medical devices, and other facility assets.
  • Security monitors: Motion sensors, access control, and video surveillance.
  • Safety sensors: Heat, smoke, and carbon monoxide detection.
  • Lighting & Electrical: Automatic lights conserves energy, high-energy devices connected to sensors can be remotely shut down to save.

Proper Wi-Fi Design is Essential

To take full advantage of these critical applications, a properly designed and functioning Wi-Fi system is essential. If your wireless doesn’t work correctly, your critical applications won’t work efficiently either.

First and foremost, every Wi-Fi deployment must be tailored to the facilities’ specific layout, building materials, and constraints. This will ensure proper coverage on both the 2.4 GHz and 5 GHz bands by selecting the correct locations, channel, and transmit power settings for access points. In a facility serving hundreds of residents, such a system needs to be engineered and optimized for the space. This requires qualified and knowledgeable Wi-Fi engineers and installers.

The access points should be centrally managed by either an on-site controller or a cloud-based application to ensure the proper monitoring of functionality and usage statistics, and that changes are rolled out consistently and universally. The EnGenius Neutron platform is ideally suited for assisted living Wi-Fi applications for several reasons, including ease of centralized management, durable leading-edge access points, and reasonable costs.

Frequency Bands

Compared to the 5 GHz band, the 2.4 GHz band has comparatively low throughput and is subject to more external sources of interference, though data also travels further and attenuates less rapidly on 2.4 GHz. This is also the band preferred by IoT and medical monitoring devices and sensors, and will likely remain so for many years to come. The 2.4 GHz Wi-Fi technology is older and costs less for embedded device manufacturers to incorporate.

While the data requirements per device are minimal, most medical monitoring devices only need to report small amounts of data. Naturally, we wouldn’t want medical monitoring devices to compete for wireless resources with high data applications such as video conferencing on Skype or accessing patient medical records on an employee’s tablet.

Fortunately, most devices are already capable of operating on either the 2.4 GHz or 5 GHz bands, and enterprise APs include Band Steering to encourage connections on 5 GHz. This band utilizes wider channels and is subject to less external interference than the 2.4 GHz band.

Separate VLANs for Each Application

Concerning access, a typical assisted living facility is likely to have at least three SSIDs/VLANs per band:

1. Residents/Visitors

This is the network for facility residents, their guests, and any personal devices brought in by staff. The SSID should be unencrypted to allow for easy access to the network. However, client devices should be completely isolated from one another, so they can only get Internet access and not access to each other. It is also important to use a well-designed captive portal for guests and enforce bandwidth limitations per device to prevent abuse.

2. Staff

This VLAN is the network for facility-owned computing devices, such as tablets and laptops for both resident management and facility operations. The network incorporates WPA2 Enterprise security with a central RADIUS or Active Directory server to meet HIPPA-compliance and to manage the users and devices that can log onto this network.

3. Infrastructure

This network supports the array of IoT sensors and actuators used to monitor residents and measure/control the environment. Since much of the data will be patient-specific and medical in nature, HIPAA-compliance also applies, requiring the use of WPA2 Personal security to prevent unauthorized access.

Client device isolation is also necessary, with appropriate exceptions for the on-site servers or monitoring computers that need on-site real-time access to the data. There may also be additional VLANs/SSIDs required for other applications, such as for video surveillance, access control, and Voice over IP.

Wi-Fi is the operations infrastructure of the 21st century assisted living facility, and EnGenius’ Neutron Series can get you there.

Watch this short video to see how Golden Hill Nursing and Rehabilitation Center deployed the Neutron Series to support their telemedicine and other network-connected applications.

For more information on EnGenius’ Neutron Series

Editor’s Note:  This updated post was originally published in June 2015.

About the Author:  Jason is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Application Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer course. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut. Follow him on Twitter @emperorWiFi.

* Pew Research Technology Use Among Seniors

** Link-age 2016 Technology Survey

May 3

AP MeshCam™: A Unique Combination of Tech

By Bryan Slayman

The AP MeshCam, EnGenius’ new hybrid access point/surveillance camera, may be a clever combination of technology, but where would you use it? You may be asking. Sure, everyone needs Wi-Fi these days, and most businesses and institutions can benefit from the security provided by surveillance cameras. But why do we need a hybrid? Why not install access points as usual, and then a separate freestanding surveillance system?

Well, ask Aristotle; because the whole is greater than the sum of its parts.

The AP MeshCam combines two great things to make a greater whole. One simple installation for both a wireless access point, and IP camera and one single cable run for power and data. Smart-sensing mesh simplifies setup while enabling both seamless Wi-Fi and complete camera coverage with no additional cabling or configuration. Other benefits include:

  • Configuration Flexibility & Modes: Mesh Access Point, Access Point, Client Bridge, WDS AP, WDS Bridge & WDS Station
  • Operate Alone, Manage via an EnGenius Switch, or Remotely Manage via ezMaster™ Network Management Software
  • Monitor Video via the EnVMS™ App or Included 16-Channel VMS Software
  • Fast 11ac Speeds to 867 Mbps Support Smooth, Buffer-Free Connections
  • 120-Degree HD Lens & Night Visibility to 65 Feet
  • Mesh Technology Allows Connectivity in Hard-to-Reach Locations
  • Works With a Comprehensive Line of EnGenius Access Points
This unique combination of technology makes the AP MeshCam perfect for a broad range of applications, here are just a few.

Restaurants and Bars:

In a pub or restaurant, the bar area is often crowded and chaotic. Keeping track of surroundings can be challenging for an owner or manager. But with an AP MeshCam mounted over the bar, management can monitor cash register and tip jar access, bartenders that may be overpouring or distributing free drinks, disruptive patrons, and so on. The AP MeshCam adds an extra layer of security and accountability to the POS system that may already be in place.

Meanwhile, the AP MeshCam provides high-speed Wi-Fi for guests who are using their phones to peruse online menus, posting their location and photos to social media, or dropping location pins for friends, all of which drums up more business for the restaurant. The mesh feature creates a reliable Wi-Fi network with minimal cable runs and installation cost, allowing access point placement in difficult-to-reach locations.


Today’s schools are tech-savvy; they need seamless Wi-Fi connectivity for various e-learning initiatives, as well as online textbooks, newsletters, and calendars. Schools also need spot-on security to keep their students safe. Why not put security cameras to work providing Wi-Fi access?

With the AP MeshCam, staff can keep an eye on students using its 120-degree field of view from strategically placed units in hallways, auditoriums, gymnasiums, and other common areas, while simultaneously providing Wi-Fi for staff and students. Meshing allows seamless wireless connectivity between multiple APs in hallways—even around blind corners—keeping students engaged and safe.


Hotel guests want Wi-Fi in their rooms, but they also expect connectivity as they move through hallways, lobbies, and other common areas. They use Wi-Fi to check in to their flights, make dinner reservations, or schedule a pickup via a rideshare app. Or they may just want to browse their favorite sites or watch a video while sitting at the pool. Meanwhile, hotel security staff and managers need eyes on the entire property.

With the AP MeshCam providing guest Wi-Fi and video surveillance in one device, both guests and staff get what they need. Management can keep an eye on main areas, while guests access strong, reliable Wi-Fi.


Even in small retail stores, surveillance is a crucial tool to preventing theft. But small stores must work within limited budgets, ensuring that each expenditure will provide worthwhile returns. The AP MeshCam is a perfect two-in-one investment for such stores.

Owners and managers can employ the surveillance camera to watch the cash register and front door, noticing shoplifters and any other issues that may arise. Meanwhile, the access point provides Wi-Fi for operations and customers. Install two or more AP MeshCams, and the mesh feature comes into play, smoothly extending coverage and surveillance.

Whatever your industry, you will appreciate the convenience of combining constant surveillance and robust Wi-Fi in one compact, easy-to-install device. Combining two devices in one simple design magnifies their capabilities and simplifies installation, saving you time and money.

Why should you make the switch to 2-in-1 Wi-Fi/surveillance? Switch because the whole is greater than the sum of its parts. Simplify your network with the AP MeshCam today.

Find out more and order a demo unit at 40% Off MSRP.

About the Author:  Bryan is a Product Line Manager for EnGenius’ managed networking products. He has 14 years of wireless industry experience that includes developing new features and form-factors for products and working with customers to plan and implement wireless solutions in the field.

* Diagram depicts placement of security & will work with other Neutron series Access Points for more coverage

May 1

VLANs: Why You Need Them and How They Work (Part 3)

By Jason Hintersteiner

Before we delve in, have you read the previous posts (Part 1 and Part 2) in this series? Click over to these links if you’d like to catch up.

VLANs: Why You Need Them and How They Work (Part 1)
VLANs: Why You Need Them and How They Work (Part 2)

What is a Management VLAN, and Should I Use It?

Just as your operations and your visitors are put on two (or more) VLANs to separate the network traffic, it is a best practice to use a separate management VLAN for the web and CLI* for your network equipment—router, switch(es), and access point(s). This way, users cannot access (and therefore hack) your hardware.

By default, all networking devices come with the management VLAN set to one (1), and all managed and smart switches are configured such that every port is PVID one (1)/untagged VLAN one (1). If your staff and visitors are on separate VLANs, then the original LAN is isolated from both and can act as yet another VLAN; this one is usually designated “VLAN one (1).”

Can I Get Myself Into Trouble Using VLANs?

Here are some issues that may arise, and how to troubleshoot:

  • Device is on the wrong VLAN: This happens when traffic is sent to the wrong VLAN as it enters the network. Fortunately, this is fairly easy to catch, especially if your client device is configured for DHCP. One look at the IP address on the client device will indicate whether it has a DHCP address on the correct subnet. For static clients, an arping or nmap on the wrong VLAN will reveal the presence of the client. To get your device back on the correct VLAN, make sure your SSID settings and PVID/untagged VLAN switch settings are correct.
  • Data traffic doesn’t flow: This results when traffic is sent to the wrong VLAN as it enters the network, or when switch ports are not properly and explicitly configured to pass traffic on that VLAN. Remember that all ports on a switch** should be trunk ports, configured for all tagged VLANs used in the network, including management VLANs. To prevent this issue, remember to configure ports connected to client devices or network appliances for the correct PVID/untagged VLAN for the client.
  • Device loses access to network configuration: This is usually the result of a mismatch between the PC used to configure the network devices and the management VLAN set up on the device. Management VLANs should generally be configured last (after devices), because once you set a network device to use a VLAN, you will lose access to the device until its PC port connects to the same VLAN.*** To ensure connection, make sure the PC port used by the device is configured to the management VLAN used by the device.
I advise designating one port on each network switch a management port, configured as PVID/untagged VLAN on the management VLAN.

VLANs are a powerful tool, and should be an integral part of all of your Wi-Fi network designs.

Editor’s Note:  This post was originally published in June 2015 and has been updated.

About the Author:  Jason is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Applications Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer courses. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut. Follow him on Twitter @emperorWiFi

*Command Line Interface
**Defined here as ports connected to either the router, backhaul to other switches, or access points.
***Example: If you have a switch configured to management VLAN 4000, but none of the switch ports are configured for tagged or untagged access on VLAN 4000, you are cut off from the switch and have no way to access the configuration, short of a serial interface or a hard reset.

Apr 4

VLANs: Why You Need Them and How They Work (Part 2)

By Jason Hintersteiner

VLANs, or Virtual Local Area Networks, are one of the most powerful, most misunderstood and underutilized tools for Wi-Fi networks in private homes and small-to-medium businesses. This post is part two of three articles on VLANS and provides a practical guide as to why and how you should use them.

How do VLANs work?

Client devices don’t know, and generally shouldn’t know, anything about the VLAN configuration of a network. All VLAN configuration is done on the network router, switch(es), and access point(s). When a client device sends data, each packet is “tagged” as it enters the network so it can be routed to the correct destination, in much the same way your luggage is tagged when you check it at the airport. When the data reaches its intended destination, the tag is removed, which is commonly referred to as either “untagging” or “stripping the tag”.

In networking, the VLAN tag is a 4 byte element inserted into the Media Access Control (MAC) header of the packet. This element contains a 12 bit number indicating the VLAN ID (or VID), meaning that, in theory, a network can have 2^12 or 4096 tags. The all-zero and all-one tag (i.e. VLAN 0 and VLAN 4095) are not used, per the 802.1q specification. Furthermore, VLAN 1 is reserved for “untagged traffic,” meaning that any data traffic in a network that does not have a VLAN tag is considered to be on VLAN 1. This is why all switch and access point VLANs are defaulted to VLAN 1.

By default, each port on a switch will drop VLAN traffic, so any VLAN traffic that is allowed through a switch port must be explicitly defined in the switch configuration. Trunk ports are used to interconnect switches (and access points), where each VLAN in use on the network is explicitly defined as a tagged VLAN, meaning that the switch will pass traffic on that VLAN without touching the VLAN tag.

The tagging/untagging mechanisms in switches and access points differ depending on whether the client is wired or wireless, but functionally they are identical:


  • A wireless client associates to a particular SSID. In the AP configuration, the SSID is associated with a particular VLAN. All traffic coming from a wireless client is tagged with the VLAN ID associated with the SSID. The AP strips the tag associated with the SSID for all data traffic transmitted to a wireless client.
  • So, from the perspective of the switch, all traffic coming from or going to an access point is tagged.


  • #1 The PVID or Port LAN ID, indicates the VLAN ID that should be tagged onto all traffic coming into the port (i.e. from the wired client). Since each port has allowed VLANs explicitly defined on it, an untagged VLAN can be defined, such that any traffic on that particular VLAN gets its tag stripped before the traffic leaves the port. By definition, a wired port connected to a client can have only one PVID and should have only one untagged VLAN. These two should match in order for the connected wired client to communicate in both directions on that VLAN.
  • #2 The router configuration similarly becomes a bit more complex. Each VLAN on the network is considered to be a sub-interface of the LAN interface (since multiple VLANs exist on the same physical wire/NIC). So, instead of defining an IP address, subnet, and DHCP range for a single LAN, each VLAN is treated as a separate LAN, and requires an independent subnet, IP address, and DHCP range.*
Typically, VLANs are used to keep the various LAN subnets isolated, so the router is generally routing WAN to VLAN. Cross-VLAN routing can be done in specific instances, and usually requires the setup of explicit rules with particular exceptions.

One common example would be a hotel with a printer in the lobby. If staff and guests are both meant to use the printer, it could be placed on the visitor VLAN with router rules defined to route traffic from the operations VLAN to the printer on the visitor VLAN. In such a case, however, it is often simpler and cheaper to just buy two printers.

Next time we’ll talk about, “What is Management VLAN and whether or not you should use it.”

Editor’s Note:  This post was originally published in June 2015 and has been updated.

About the Author:  Jason is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Applications Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer courses. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut. Follow him on Twitter @emperorWiFi

* By convention, some people like matching the second or third octet of the subnet to the VLAN ID. For example, VLAN 8 could be given the subnet or, VLAN 16 could be given the subnet or, etc. These settings are independent, so no correlation between the VLAN ID and the subnet is required, but it is often convenient.

Feb 24

VLANs: Why You Need Them and How They Work (Part 1)

By Jason Hintersteiner

VLANs, or Virtual Local Area Networks, are one of the most powerful, most misunderstood and underutilized, tools for Wi-Fi networks in the private homes and small-to-medium-businesses. This post provides a practical guide as to why and how you should use VLANs.

What are VLANs?

At its simplest, VLANs enable you to transform one physical Local Area Network into multiple, isolated, logical Local Area Networks. VLANs give you multiple LANs with different purposes and intents that are co-located physically, without the expense of additional hardware and cabling. This is extremely useful even for small network applications, especially with the growth of IoT and the proliferation of network appliances measuring and controlling our environment.

Take the “simplest” case of a private home. Even when you only need a single access point to provide Wi-Fi coverage, there are, at least, two distinct and isolated networks needed.

  • For the residents, allowing access to all PCs, network printers, multimedia devices such as AppleTV or SONOS, IP cameras, NEST thermostats, and the like.
  • For guests, that allows Internet access, yet keeps the primary network secure. The homeowner undoubtedly doesn’t want their teenager’s friends, for instance, to hack any of the computers or network appliances in the home.
In more complex SMB applications such as coffee shops, restaurants, doctors’ offices, and multi-dwelling units (apartment buildings, dormitories, hotels), at least two distinct and isolated networks are needed.

  • For business staff for operations, such as point-of-sale, IP surveillance, access control, HVAC control, multimedia, etc.
  • For the businesses’ customers or visitors, which allows Internet access but not access to any network devices used for operations.
Most Wi-Fi networks need to be segmented, at least, into an operations network and a visitor network, with separate access and usage parameters.


  • Access: Restricted to authorized personnel.
  • Data: Company confidential (e.g., especially financial and security data).
  • Security: For a small network, a WPA2-AES Pre-Shared Key provides sufficient security (i.e., a wireless client must know the code to connect). In larger setups, using 802.1x with RADIUS may be appropriate.
  • Device Interaction: Client devices should be able to communicate with each other.
  • Further Segmentation: In some environments, breaking up the operations network into multiple VLANs by function is appropriate, especially to separate out applications like security (i.e., cameras and access control), facilities (HVAC, lighting control), and VoIP.


  • Access: Unrestricted. Also commonly called a “hotspot.”
  • Data: Guest/user data.
  • Security: Typically no encryption is used to facilitate access, though a captive portal may or may not be used to capture email/social media information or set out terms and conditions.
  • Device Interaction: Not permitted. (For example, you don’t want a hotel guest hacking into a device in a different room).

Why a Password on Guest Wi-Fi Doesn’t Increase Data Security

A note on security for visitor/hotspot networks: I keep encountering “visitor” networks that require a WPA2-AES pre-shared key. This is actually quite pointless, and creates a false sense of security. The logic of using a pre-shared key is that a hacker sniffing unencrypted radio frequency transmissions can intercept data traffic. That is true. Unfortunately, using pre-shared key encryption doesn’t solve the problem.

A hacker that has the pre-shared key and who captures the association exchange (which is unencrypted) between a client device and an access point when it connects to the network can use the collective information to decrypt the client device traffic. Furthermore, most security issues on visitor/hotspot networks do not require sniffing the radio frequency, but come from the “wired side” of the network.

Wi-Fi encryption only occurs between the client device and the access point, as the AP decrypts all data traffic before passing it on to the wired network infrastructure. If client isolation on the network is not set up properly (an all-too-common problem), a wireless hacker can simply connect to another wireless client device through the wired network.

So the only thing a WPA2-AES pre-shared key really provides is increased work for the staff, who have to give out the passphrase to all of the visitors. If you want to remain secure when using a hotspot/visitor network, make sure you are using application level security, such as https for web surfing and SSL for your email service. Personal or corporate VPNs are also appropriate and effective.

Many consumer wireless router appliances, such as the EnGenius ESR series, and enterprise wireless access points, such as most EnGenius APs in the EAP/ECB/ENS/ENH/EWS series, come with the ability to set up a “guest network” with a separate subnet and DHCP range. This allows the access point to create a Layer 3 (IP) barrier between the guest network and the operations network to isolate them from each other. Why not use this instead of a VLAN?

This feature is only appropriate for single AP networks. On networks consisting of multiple APs, this configuration prevents roaming between APs since each is creating a separate stand-alone guest network. Any client attempting to roam on the “guest network” will have to re-establish a Layer 3 connection, thus interrupting any streaming applications. So on multi-AP networks, VLANs should always be used to provide visitor/guest networking.

To learn more about VLANs, join us TechTalk: VLAN Fundamentals
March 9 at 10 am PST

Editor’s Note:  This post was originally published in June 2015 and has been updated.

About the Author:  Jason is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Applications Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer courses. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut. Follow him on Twitter @emperorWiFi

Feb 24

Three Secrets to Maximizing Coverage With FreeStyl Phone Systems

By Doug Hayter

Both the FreeStyl 1 and FreeStyl 2 systems are long range, single-line cordless phones designed to allow staff to make and take calls as they move about a property. With long-range coverage of up to six (6) floors of in-building penetration and 100,000 sq. ft. in an open area, these systems are ideal for homeowners and staff of large estates, front desk staff at motels and IT professionals in offices. Because different environments place different coverage demands on a wireless system, we’d like to share several secrets to evoking the best coverage and performance from these two incredible systems.

Secret 1: Place the FreeStyl Base Clear of Obstacles

Each wall, floor, appliance or piece of furniture a Wi-Fi signal passes through weakens it slightly. So to retain maximum signal over the greatest area, it’s best to put the base unit in an area relatively clear of obstruction. For example, in a motel, it would be best to place the base as far as is feasible from elevators, vending machines, and firewalls, which will interfere most with the signal.

When implementing this secret, the FreeStyl 2 has an advantage out of the box, because its base unit does not have a keypad, so it can be mounted on a wall, high above most obstacles.

Secret 2: Use the Outdoor Antenna Kit

The base unit’s rubber antenna can be removed (it’s a reverse-thread connector, so it can be detached from the base by turning the antenna connector counter-clockwise) and replaced by an optional outdoor antenna kit (SN-UL-AK20L). This outdoor antenna kit comes with over 60 feet of LMR400 low-loss coaxial cable and an Omni-directional 6dBi outdoor antenna. Mount this antenna on the roof and get excellent coverage over large outdoor areas.

Secret 3: Use the Indoor Antenna Kit

For indoor deployments, try the optional indoor antenna kit (SN-UL-AK20L-IND). This kit also comes with over 60 feet of LMR400 low-loss coaxial cable and an Omni-directional dome antenna. Mount this antenna on the ceiling to maximize the coverage in large indoor areas.

Bonus Secrets 4: Split the Signal

In areas where an obstacle hampers coverage so that you cannot mount the base above it, consider whether splitting the signal would allow for coverage in different areas. The FreeStyl systems can use the SN-ULTRA-AS Antenna Splitter with multiple antennas to enable coverage in two separate areas.

Bonus Secret 5: Protect the System

When using an outdoor antenna with a FreeStyl system, protect the base unit with the antenna lightning protection kit (SN-ULTRA-LPK). This kit protects the system against static charge build-ups by sending the charge to ground.

About the Author:  Doug is a Senior Product Line Manager for EnGenius’ Telecom products.

Dec 8

4 Vital Ways 11ac Wave 2 Will Boost Your Network

By Angie Tucker

A year since the first 11ac Wave 2 Access Points first hit the market, early technology adopters are taking advantage of the increased speeds and efficiencies offered by Wave 2. More have taken a wait and see approach, watching as market assortments increase and prices begin to fall.

The 2nd wave of 11ac technology products offer the most advanced wireless technology available. Along with their ultra-fast wireless speeds, reaching theoretical rates nearing 7 Gbps, Wave 2 products support the highest user capacities, built right into the standard.

Still many wonder, “Do I really need to upgrade to Wave 2?” Will my customers actually see that much of a difference in the network?” The following four reasons will help you understand why now is the time to seriously consider upgrading to Wave 2 technology.

1 Marked Increase in Wireless Speeds

The upsurge of mobile streaming video and voice applications puts a tremendous strain on wireless networks, decreasing their speed and efficiency. Wave 2’s increased speeds easily support latency-sensitive applications.

As stated above, 11ac Wave 2 supports theoretical wireless speeds topping nearly 7 Gbps. Though a vast majority of Wave 2 access points on the market aren’t yet offering speeds anywhere near 7 Gbps, available access point speeds are still incredibly fast, reaching rates closer to 1.7 Gbps.

Throughput over a Gig is still likely going to be more than enough to accommodate an abundance of bandwidth-heavy users in a variety of settings. In environments where more bandwidth is needed, Wave 2 is equipped to provide it.

2 Maximum User Capacities

While speed is critical to improving the user experience, network designers, and IT professionals will appreciate the increased number of users, devices, and applications that 11ac Wave 2 networks can handle. Wave 2 adds a fourth spatial wireless antenna stream, whereas previous wireless technology only supported up to three antenna streams. The additional stream, like a highway, adds another available “lane” for sending and receiving data, increasing the number of devices that can connect at a given time.

Increased capacities also mean greater support for Wi-Fi-dependent IoT devices, demanding corporate and education networks with multiple simultaneous devices per user, and the pervasive public availability of Wi-Fi in shopping, hospitality, entertainment and sports complexes.

Long term, Wave 2 future-proofs the network by supporting the increasing capacity needs of future IoT devices and mobile technology advancements on the broad 5 GHz frequency spectrum, which is expanded to support a wider frequency range, to 160 MHz, than earlier wireless standards which maxed out at 80 MHz.

3 Multi-User MIMO Improves Network Efficiency

The addition of MU-MIMO or Multiple User Multiple Input, Multiple Output is new with the 11ac Wave 2 release. MU-MIMO allows multiple Wave 2 client devices to simultaneously communicate with the Access Point improving the efficient use of the frequency spectrum and network bandwidth while allowing simultaneously connected devices to get on and off the network faster than ever.

This is a significant improvement over previous wireless standards, including 11ac Wave 1, which rapidly sent and received data to a single user device at a time.

4 Beamforming Antenna Technology

New antenna technology takes advantage of existing antenna designs to improve the directed efficiency of focused antenna signals to respective client devices. Beamforming technology provides optimal signal and reception reliability between access points and clients.

Beamforming adjusts beam signals instantly to counteract device movement and changing radio conditions. Beamforming enhances the user experience through improved connection reliability between the Access Point and user devices as they move about the network.

EnGenius Neutron EWS 11ac Wave 2 Access Points

EnGenius recently announced the availability of four new enterprise-class 11ac Wave 2 Access Points.

Ideal for deployment in high-density environments such as campuses, sports arenas, shopping malls, and resorts, Neutron 11ac Wave 2 APs combine MU-MIMO technology to provide high user capacities and ultra-fast speeds reaching 2.5 Gbps for reliable, fast connectivity to wireless client devices.

These new access points are designed to work with the Neutron Series Managed Switches and ezMaster™ Network Management Software to provide a scalable and flexible wireless management solution with no AP licensing fees.

Demo a 4×4 Access Point at 50% Off

About the Author:  Angie Tucker is a technical and marketing content writer, editor and media specialist for EnGenius who has worked in the technology industry for over 20 years.

Feb 15

Deploying Outdoor Access Points

By Jason Hintersteiner

Internet access for smartphones, tablets, and other mobile devices is no longer a luxury for business patrons – it’s a necessity. But there is much more to providing reliable, high-speed, high-density wireless access in outdoor environments than simply sticking an access point on the wall.

Due to the harsh conditions characteristic of outdoor environments, such as fluctuating temperatures and constant exposure to moisture and dust, typical indoor access points are not suitable for outdoor deployment. Outdoor access points are specifically designed to withstand the rigors of harsh environments and carry an IP (Ingress Protection) rating that certifies the level of protection the AP possesses against solids and liquids.

Since you’ll be mounting the access points outdoors in locations that are likely nowhere near a power outlet, make sure your APs support Power-over-Ethernet (PoE), which enable the AP to draw electrical power through the network cable. Using shielded CAT5e or CAT6 cable will prevent electromagnetic and RF interference from degrading the performance of your network.

By deploying dual-band access points, you can optimize network performance and user experience by employing features such as band steering, which automatically directs 5 GHz-capable devices such as smart phones and tablets to the less-congested 5 GHz band. This decreases the load on the often-saturated 2.4 GHz band to improve network performance for legacy devices such as network printers and point-of-sale (PoS) systems. Also, dual-band access points can support more users in high-density environments.

Things to keep in mind when selecting locations to mount the access points:

  • Mount the APs out of reach to keep people from tampering or defacing the units.
  • Mount the AP high enough for the signal to travel over any obstructions such as plants or outdoor furniture.
  • Make sure that the AP is securely mounted to keep it from being dislodged by wind or other weather elements.
  • Make sure to ground the AP to protect it during lightning storms. Using an inline Ethernet surge suppressor between the AP and your wired network is generally recommended.
Set the transmit output power level at a medium level, such as 17 dBm on the 2.4 GHz band and 23 dBm on the 5 GHz band. If the power level on the AP is set too high, many mobile client devices could be far enough away from the AP that they do not possess enough transmit power to talk back to the AP.

It may be desirable to paint your access points so that they’ll blend into the surroundings, but carefully consider the type of paint you use. Only use non-metallic paint, as metallic paint can act as an antenna and distort the coverage. Also, realize that painting the AP a dark color may cause it to heat up faster when exposed to the sun.

APs with internal antennas are generally considered more aesthetically pleasing, but an AP with removable external antennas gives you the option of adding higher-gain antennas for longer ranges. APs are available with directional or Omni-directional antennas, and the type you select will depend on your desired coverage. In general, APs with directional antennas will focus the signal in a particular direction, and thus reach further out than Omni-directional antennas.

Using network cable for connectivity to the network backbone, otherwise known as backhaul, is always best, but sometimes using a dedicated wireless backhaul link is necessary. We recommend using a separate, dedicated Point-to-Point (Pt.-to-Pt.) link for backhaul on an independent channel, then cross-connect the Ethernet port of the backhaul link to the Ethernet port of the AP rather than sharing the resources of the 5 GHz radio in the dual-band device for backhaul.

About the Author:  Jason is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Applications Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer courses. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut. Follow him on Twitter @emperorWiFi

Oct 12

Explaining Free Space Path Loss

By Jason Hintersteiner

The propagation of all radio signals is subject to Free Space Path Loss (FSPL), which is a mathematical definition of the geometric property that the further away you are located from the source of a radio transmission, the energy level in that signal drops as a function of the square of the distance. You can think of throwing a pebble into a pond; as the wave ripples out, the energy is spread over a wider and wider area, and the level of energy at any one point is proportionally smaller.

While this is a geometric effect, wavelength is included in the calculation in order to account for the fact that, mathematically, transmission energy is defined as coming from a point source known as an isotropic antenna. An isotropic antenna is defined as an antenna that radiates energy evenly in a perfect sphere with 0 dBi of gain. While defining such an antenna is mathematically convenient, it is physically impossible to build.

The following graph shows the free space path loss for Wi-Fi at 2.4 GHz and 5 GHz.

The following table shows the free space path loss at 1 meter (3 feet) away from the transmitter at various frequencies commonly used in the telecommunications industry.

Per FCC and other worldwide government regulations, a Wi-Fi signal, at most, has a maximum initial power of 30 dBm (1 W, or 1000 mW), and within the first 3 feet over 40 dB of energy is lost (100 W), meaning that the level of exposure 3 feet away is below -10 dBm (0.0001 W, or 0.1 mW).

Comparative Example 1: Microwave Oven

A microwave oven operated on the 2.4 GHz bands at around 1000 W (60 dBm). Granted microwaves are shielded, but the shielding is not perfect and deteriorates over time, which is why microwave ovens typically interfere with Wi-Fi when in operation, because they put out more energy on the 2.4 GHz band than an AP and this flood the channel, causing wideband interference. Three feet away from a leaky microwave oven, the 2.4 GHz energy level decreases by 40 dB to 20 dBm (0.1 W, or 100 mW), or about 1000x higher than a Wi-Fi access point.

Comparative Example 2: Ham Radio

A ham radio typically operates at 50 W (47 dBm) at 440 MHz. The FSPL at three feet away (i.e. where the operator is sitting) is about 25 dB (approximately 0.32 W or 320 mW), leading to an exposure level of 22 dBm (0.16 W or 160 mW), or about 1600x higher than a Wi-Fi access point.

Comparative Example 3: Cell Phone

A typical cellular phone operates at 23 dBm (0.25 W or 250 mW). However, it operates very close to your head when on a call (about 2 inches), which provides a minimal FSPL of only 3.5 dB (0.0022 W, or 2.2 mW) at 700 MHz (Verizon LTE). This leads to an exposure level of 19.5 dBm (90 mW or 0.09 W), or approximately 100x higher than a Wi-Fi access point. You get more exposure to RF energy from using your cell phone, a ham radio, and a microwave oven than you do from a Wi-Fi access point.

Comparative Example 4: Cell Tower

A typical cellular tower operates around 40 W (46 dBm). At 700 MHz (Verizon LTE), the FSPL at about 1/2 mile – 1 mile away is about 90 dB, leading to an exposure level of -44 dBm (0.00004 mW or 0.00000004 W), or about 4000x lower than from a Wi-Fi access point.

About the Author:  Jason is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Applications Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer courses. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut. Follow him on Twitter @emperorWiFi

Oct 6

Wi-Fi Beacon Frames Simplified

By Jason Hintersteiner

We talk about the Wi-Fi offerings on one AP, or across multiple APs in the same extended service set (ESS), as if it is all one unified network. In reality, each AP has its own set of SSIDs, and each SSID is on its own VLAN. We set up multple SSIDs purposely to make each of these different SSIDs an “independent” network. Similarly, the SSIDs on the 2.4 GHz band are “independent” from the SSIDs on the 5 GHz band, because different physical radios and antennas are used. I’m using “independent” in quotations, as there are some coupling terms between the SSIDs on the same AP and between the same SSID offered on both the 2.4 GHz and 5 GHz bands. Hence, while we can configure all of these SSIDs and networks independently, they do have interactions in the unbound RF medium, and thus we want to maintain certain relationships between them.

Every SSID on each band broadcasts its own unique beacon frame. This is a periodic advertisement broadcast out to tell any listening devices that this SSID is available and has particular features / capabilities. Client devices depend upon these beacon frames to discover what networks are available (passive scanning), and to ensure that the networks that they are associated with are actually still present and available. A client also has the option to perform active scanning, where a client device sends a broadcast request to see what networks are available, and each SSID from each AP in range will send out a unicast probe response that has the same information as a beacon frame.

Think of a beacon frame as a guy/gal standing out in front of a shop in a silly costume, advertising the shop to any and all passers-by. In contrast, think of the probe request as a potential customer coming up to the guy/gal in the costume and asking “what do you offer?” In the scenario where an AP offers multiple SSIDs (either within the same band and/or across bands), extend the analogy to a strip mall with multiple shops, where each shop has someone in a different silly costume making an advertisement to passers-by, but they have a mutual agreement than only one of them will talk at a time, so they do not talk over each other and confuse customers (i.e. “avoid collisions” in Wi-Fi parlance). The probe request from the client can contain a specific SSID, analogous to a customer walking up to a specific costumed advertiser to ask “what do you offer?”, or a null SSID analogous to a customer asking the entire group of costumed advertisers at once “what do all of you offer?”, with then each costumed advertiser giving his/her unique response.

Each beacon frame (or probe response) contains a lot of information about the specific SSID being offered. While not a complete list, the really important items are as follows:

  • SSID Name: 1-32 character name of the network
  • BSSID: Unique Layer 2 MAC address of the SSID
  • Security capabilities: e.g. open, WEP, WPA, WPA2, personal (passphrase) vs. enterprise (802.1x with RADIUS server)
  • Channel: specific frequency that this SSID on this AP is operating on
  • Channel width: e.g. 20, 40, 80, 160 Mbps
  • Country: List of all supported channels and corresponding channel settings
  • Beacon interval: How often the AP sends out this beacon frame
  • TIM / DTIM: Used for power management to allow devices that sleep to wake up at specific intervals to find out if there is unicast or broadcast data waiting for them
Quite importantly, beacon frames also advertise the connection speeds that the AP can use to connect to a client device. These are broken up into a few different categories:

  • Basic rates: These are the 802.11a/b/g speeds that every connecting client device MUST support in order to maintain a connection
  • Supported rates: These are the 802.11a/b/g speeds that the AP will support and could use if the client device also supports those speeds
  • 802.11n MCS rates: These are the subset of the 78 total modulation and coding schemes (MCS) that are defined for 802.11n that the AP supports. In reality, it gets dictated by the number of spatial streams that the AP supports (MCS 0 -7 for single stream, MCS 8-15 for dual stream, MCS 16 – 23 for three streams, and MCS 24 – 31 for four streams). MCS32 – MCS77 are defined as combinations of asymmetric rates across different streams, which sounds like a neat idea but is utterly impractical in practice.
  • 802.11ac MCS rates / streams: This is simplified compared to 802.11n, as there are no asymmetric rates, and the particular modulation and coding stream combination use the same index no matter how many streams. 256 QAM is added, providing two additional modes per stream, so these are simply MCS 0-9. The beacon indicates whether the AP supports MCS 0-9 on one stream, on two streams, on three streams, etc. up to eight streams. While the beacon is architected such that it could exclude particular modes, e.g. “I don’t support MCS 5 on three streams”, the spec dictates that an AP must support all 802.11ac MCS modes across all of the streams it has available.
Beacons are always sent at the lowest basic rate (and primary channel when using extended channels in 802.11n/ac). This is done to ensure that every possible client in range of the AP hears the beacon frame. When an AP has multiple SSIDs (on the same and/or across multiple radios), it sends out a separate beacon for each SSID on each radio. Each SSID in a particular band must have a unique MAC address, so typically one of the hexadecimal digit (usually the last, but some vendors increment the first) is incremented so that each SSID has a unique MAC address.

If you opt to “hide” the SSID, then the SSID name is blank, but the rest of the beacon is still sent out normally. When the client decides to associate with an SSID, it has to specify the SSID name in the (re)association frame it sends to the AP. This is why hiding an SSID is ineffective as a security measure and thus generally advise network admins not to bother: anyone capturing association / reassociation request frames with a Wi-Fi packet analyzer will capture the name of the SSID in clear text.

Considerations for in-band (2.4. GHz OR 5 GHz) beacon frames

In the case where there are multiple SSIDs within the same band, all of the parameters could be set independently. Obviously the SSID name, BSSID, and the security features are going to be unique, and the channel setting, channel width, and country will be identical. But what about the other parameters?

  • Beacon interval: Usually consistent across all SSIDs within a band. To my knowledge, there isn’t anything to be gained if some of your SSIDs beacon more frequently than others. A typical beacon interval is 100 time units (a time unit is 1.024 ms, so every 102.4 ms). One would use a longer beacon interval (e.g. 300 time units or 307.2 ms) to reduce overhead in the channel, since beacons are transmitted at the lowest speeds and each SSID requires its own beacon).
  • TIM / DTIM: Usually consistent across all SSIDs within a band. To my knowledge, there isn’t anything to be gained if some of your SSIDs require more frequent check-ins from sleeping client devices vs. others. A typical DTIM will require that a sleeping client (e.g. VoIP phone, smartphone, tablet) be awake for every 3-5 beacon frames to check to see if any frames have been queued for it in the interim. If you are using a slower beacon interval, then it is common to require a sleeping client to check in on every beacon.
  • Connection Speeds: Usually consistent across all SSIDs within a band. To my knowledge, there isn’t anything to be gained by allowing particular connection speeds on some SSIDs and not others. Changing lowest basic rates will change the speed at which particular beacons are transmitted, but again there is no advantage to having some beacons go out at faster speeds than others.
I suppose there are some rare use cases where one might want particular SSIDs to act differently. One potential scenario is a guest network, where I want to maximize compatibility with all possible devices that could connect vs. a staff network, where the admin has strict control over the devices and their locations on their network and wants to “optimize” their performance. To me, this seems to introduce a fair amount of complexity for dubious practical gains, which is a situation I generally try to avoid.

Cross-band (2.4 GHz AND 5 GHz) beacon frames

In the case where we have the same SSID on both the 2.4 GHz and 5 GHz bands, we generally want to take advantage of a feature called band steering to force dual-band clients to use the 5 GHz band. The 5 GHz band generally has wider channels and fewer sources of external interference, making for a faster user experience. In this case, the SSID name and all security features (along with VLAN settings, which are set on the AP but are not part of the beacon) should be identical. The channel and channel width will be different (by definition). The connection speeds will be somewhat different based on the differences between 802.11b/g/n on the 2.4 GHz band and 802.11a/n/ac on the 5 GHz band. There is no need to support 802.11b speeds on the 5 GHz band, though the 802.11a and 802.11g speeds are identical, and the 802.11n speeds are also identical (if the streams are identical). As for beacon interval, these are usually identical but there is no requirement to do so. Based on the usage characteristics per band (i.e. how many clients per band, what connection speeds being used, etc.), it could be advantageous to tweak this setting per band to optimize overhead performance.

Across the 2.4 GHz and 5 GHz bands, since the radios are independent on both the AP and client device, some vendors increment the BSSID to identify the particular SSID and some vendors don’t. In this case, it doesn’t matter if the BSSID is reused since 2.4 GHz and 5 GHz transmissions cannot hear each other, and the Layer 1 (physical) and Layer 2 (MAC, think Wi-Fi chipset) levels are physically separate from each other.

The most common network scenario in practice is the need to support 802.11b devices (either legacy or new low-power IoT) and/or 802.11g devices (legacy). Both of these are on the 2.4 GHz band. There were virtually no independent 802.11a client devices, as this standard was primarily used for dedicated point-to-(multi)point wireless links. Hence, if a network needs to support slower 2.4 GHz devices, one probably wants to leave the network configured with a standard beacon interval of 100 time units and support for all 802.11 b/g rates. On the 5 GHz network, we almost always want to maximize performance, so on this band it would make sense to make tweaks, such as using longer beacon intervals (e.g. 300 time units) and drop support for some of the slower 802.11a connection speeds, such as 6 Mbps and 9 Mbps.

About the Author:  Jason is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Applications Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer courses. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut. Follow him on Twitter @emperorWiFi