Jun 5

Three Critical Wi-Fi Applications in Assisted Living

By Jason Hintersteiner

It’s About the Operations Infrastructure

Wi-Fi might not be the first thing that comes to mind when considering critical capital expenditures for residential care and assisted living facilities, but it is becoming an integral part of operations as technology evolves.

1. Resident Use

As large segments of our population continue to age, the demand for Wi-Fi in assisted living and continuing care retirement centers grows. Tech-savvy seniors expect to use wireless Internet access.

According to a 2017 Pew Research study, 67% of seniors age 65 and older indicated they go online. A Link-age 2016 study showed just over 40% of seniors own a smartphone and state their top communication technology uses include Internet access, wireless networks, and personal computers more than other technology. Assisted living facilities will need to keep their Wi-Fi access competitive to attract future residents.

2. Staff Use

Facility-owned computing devices, such as tablets and laptops used by management and facility operations staff, also require Wi-Fi access. The staff network must be HIPAA-compliant, incorporating security measures to keep patient records secure, especially when accessed in the course of day-to-day routines.

3. Infrastructure

While both resident and staff use are necessary, the real power of Wi-Fi in assisted living facilities lies in infrastructure. The Internet of Things (IoT) is evolving to produce an ever-growing array of wireless sensor technology that is used to monitor residents, improve operational efficiencies, and maintain health and safety. The capital investment in Wi-Fi for a facility can be considered primarily one of infrastructure, since every day, Wi-Fi becomes an increasingly critical component of daily operations.

Supporting A Sea of IoT Devices

An IoT network of wireless-enabled sensing devices collect data, report on abnormalities, and even make appropriate adjustments. Devices like the fitness and GPS trackers, smart thermostats, and watches may still be considered in the realm of high-tech toys, but the real application isn’t just life enhancing, but life sustaining. Consider the following representative applications for continuous, real-time measurements:

Wearable Sensors:

  • Health monitors: Track vital signs, blood pressure, pulse rate, and temperature.
  • Orientation: Wrist-worn devices transmit position including sitting, standing or lying down.
  • Location: Where are your residents within your facility? An absolute essential for Alzheimer’s or dementia residents.

Room Sensors & Actuators:

  • Pressure sensors: Monitor beds, chairs, and floors to track patient activity.
  • Environmental sensors: Measure and adjust room temperature and humidity.
  • Motion detectors: Monitor visitors, and help determine if the patient is following normal activity patterns.
  • Lighting & electrical sensors: Automatically turn on and off to ensure safe movement, appropriate lighting day or night.
  • Safety: Heat, smoke, and carbon monoxide detection.
  • Voice activated devices: AI personal assistant devices like Amazon Echo and Google Home provide a quick way for seniors to summon help.

Facility Sensors & Actuators:

  • Location sensors: GPS tracking for drug carts, medical devices, and other facility assets.
  • Security monitors: Motion sensors, access control, and video surveillance.
  • Safety sensors: Heat, smoke, and carbon monoxide detection.
  • Lighting & Electrical: Automatic lights conserves energy, high-energy devices connected to sensors can be remotely shut down to save.

Proper Wi-Fi Design is Essential

To take full advantage of these critical applications, a properly designed and functioning Wi-Fi system is essential. If your wireless doesn’t work correctly, your critical applications won’t work efficiently either.

First and foremost, every Wi-Fi deployment must be tailored to the facilities’ specific layout, building materials, and constraints. This will ensure proper coverage on both the 2.4 GHz and 5 GHz bands by selecting the correct locations, channel, and transmit power settings for access points. In a facility serving hundreds of residents, such a system needs to be engineered and optimized for the space. This requires qualified and knowledgeable Wi-Fi engineers and installers.

The access points should be centrally managed by either an on-site controller or a cloud-based application to ensure the proper monitoring of functionality and usage statistics, and that changes are rolled out consistently and universally. The EnGenius Neutron platform is ideally suited for assisted living Wi-Fi applications for several reasons, including ease of centralized management, durable leading-edge access points, and reasonable costs.

Frequency Bands

Compared to the 5 GHz band, the 2.4 GHz band has comparatively low throughput and is subject to more external sources of interference, though data also travels further and attenuates less rapidly on 2.4 GHz. This is also the band preferred by IoT and medical monitoring devices and sensors, and will likely remain so for many years to come. The 2.4 GHz Wi-Fi technology is older and costs less for embedded device manufacturers to incorporate.

While the data requirements per device are minimal, most medical monitoring devices only need to report small amounts of data. Naturally, we wouldn’t want medical monitoring devices to compete for wireless resources with high data applications such as video conferencing on Skype or accessing patient medical records on an employee’s tablet.

Fortunately, most devices are already capable of operating on either the 2.4 GHz or 5 GHz bands, and enterprise APs include Band Steering to encourage connections on 5 GHz. This band utilizes wider channels and is subject to less external interference than the 2.4 GHz band.

Separate VLANs for Each Application

Concerning access, a typical assisted living facility is likely to have at least three SSIDs/VLANs per band:

1. Residents/Visitors

This is the network for facility residents, their guests, and any personal devices brought in by staff. The SSID should be unencrypted to allow for easy access to the network. However, client devices should be completely isolated from one another, so they can only get Internet access and not access to each other. It is also important to use a well-designed captive portal for guests and enforce bandwidth limitations per device to prevent abuse.

2. Staff

This VLAN is the network for facility-owned computing devices, such as tablets and laptops for both resident management and facility operations. The network incorporates WPA2 Enterprise security with a central RADIUS or Active Directory server to meet HIPPA-compliance and to manage the users and devices that can log onto this network.

3. Infrastructure

This network supports the array of IoT sensors and actuators used to monitor residents and measure/control the environment. Since much of the data will be patient-specific and medical in nature, HIPAA-compliance also applies, requiring the use of WPA2 Personal security to prevent unauthorized access.

Client device isolation is also necessary, with appropriate exceptions for the on-site servers or monitoring computers that need on-site real-time access to the data. There may also be additional VLANs/SSIDs required for other applications, such as for video surveillance, access control, and Voice over IP.

Wi-Fi is the operations infrastructure of the 21st century assisted living facility, and EnGenius’ Neutron Series can get you there.




Watch this short video to see how Golden Hill Nursing and Rehabilitation Center deployed the Neutron Series to support their telemedicine and other network-connected applications.

For more information on EnGenius’ Neutron Series



Editor’s Note:  This updated post was originally published in June 2015.

About the Author:  Jason is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Application Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer course. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut. Follow him on Twitter @emperorWiFi.

** Pew Research Technology Use Among Seniors

** Link-age 2016 Technology Survey





May 3

AP MeshCam™: A Unique Combination of Tech

By Bryan Slayman

The AP MeshCam, EnGenius’ new hybrid access point/surveillance camera, may be a clever combination of technology, but where would you use it? You may be asking. Sure, everyone needs Wi-Fi these days, and most businesses and institutions can benefit from the security provided by surveillance cameras. But why do we need a hybrid? Why not install access points as usual, and then a separate freestanding surveillance system?

Well, ask Aristotle; because the whole is greater than the sum of its parts.

The AP MeshCam combines two great things to make a greater whole. One simple installation for both a wireless access point, and IP camera and one single cable run for power and data. Smart-sensing mesh simplifies setup while enabling both seamless Wi-Fi and complete camera coverage with no additional cabling or configuration. Other benefits include:

  • Configuration Flexibility & Modes: Mesh Access Point, Access Point, Client Bridge, WDS AP, WDS Bridge & WDS Station
  • Operate Alone, Manage via an EnGenius Switch, or Remotely Manage via ezMaster™ Network Management Software
  • Monitor Video via the EnVMS™ App or Included 16-Channel VMS Software
  • Fast 11ac Speeds to 867 Mbps Support Smooth, Buffer-Free Connections
  • 120-Degree HD Lens & Night Visibility to 65 Feet
  • Mesh Technology Allows Connectivity in Hard-to-Reach Locations
  • Works With a Comprehensive Line of EnGenius Access Points
This unique combination of technology makes the AP MeshCam perfect for a broad range of applications, here are just a few.


Restaurants and Bars:

In a pub or restaurant, the bar area is often crowded and chaotic. Keeping track of surroundings can be challenging for an owner or manager. But with an AP MeshCam mounted over the bar, management can monitor cash register and tip jar access, bartenders that may be overpouring or distributing free drinks, disruptive patrons, and so on. The AP MeshCam adds an extra layer of security and accountability to the POS system that may already be in place.

Meanwhile, the AP MeshCam provides high-speed Wi-Fi for guests who are using their phones to peruse online menus, posting their location and photos to social media, or dropping location pins for friends, all of which drums up more business for the restaurant. The mesh feature creates a reliable Wi-Fi network with minimal cable runs and installation cost, allowing access point placement in difficult-to-reach locations.



Schools:

Today’s schools are tech-savvy; they need seamless Wi-Fi connectivity for various e-learning initiatives, as well as online textbooks, newsletters, and calendars. Schools also need spot-on security to keep their students safe. Why not put security cameras to work providing Wi-Fi access?

With the AP MeshCam, staff can keep an eye on students using its 120-degree field of view from strategically placed units in hallways, auditoriums, gymnasiums, and other common areas, while simultaneously providing Wi-Fi for staff and students. Meshing allows seamless wireless connectivity between multiple APs in hallways—even around blind corners—keeping students engaged and safe.



Hotels:

Hotel guests want Wi-Fi in their rooms, but they also expect connectivity as they move through hallways, lobbies, and other common areas. They use Wi-Fi to check in to their flights, make dinner reservations, or schedule a pickup via a rideshare app. Or they may just want to browse their favorite sites or watch a video while sitting at the pool. Meanwhile, hotel security staff and managers need eyes on the entire property.

With the AP MeshCam providing guest Wi-Fi and video surveillance in one device, both guests and staff get what they need. Management can keep an eye on main areas, while guests access strong, reliable Wi-Fi.



Retail:

Even in small retail stores, surveillance is a crucial tool to preventing theft. But small stores must work within limited budgets, ensuring that each expenditure will provide worthwhile returns. The AP MeshCam is a perfect two-in-one investment for such stores.

Owners and managers can employ the surveillance camera to watch the cash register and front door, noticing shoplifters and any other issues that may arise. Meanwhile, the access point provides Wi-Fi for operations and customers. Install two or more AP MeshCams, and the mesh feature comes into play, smoothly extending coverage and surveillance.



Whatever your industry, you will appreciate the convenience of combining constant surveillance and robust Wi-Fi in one compact, easy-to-install device. Combining two devices in one simple design magnifies their capabilities and simplifies installation, saving you time and money.

Why should you make the switch to 2-in-1 Wi-Fi/surveillance? Switch because the whole is greater than the sum of its parts. Simplify your network with the AP MeshCam today.

Find out more and order a demo unit at 40% Off MSRP.



About the Author:  Bryan is a Product Line Manager for EnGenius’ managed networking products. He has 14 years of wireless industry experience that includes developing new features and form-factors for products and working with customers to plan and implement wireless solutions in the field.

* Diagram depicts placement of security & will work with other Neutron series Access Points for more coverage





May 1

VLANs: Why You Need Them and How They Work (Part 3)

By Jason Hintersteiner

Before we delve in, have you read the previous posts (Part 1 and Part 2) in this series? Click over to these links if you’d like to catch up.

VLANs: Why You Need Them and How They Work (Part 1)
VLANs: Why You Need Them and How They Work (Part 2)


What is a Management VLAN, and Should I Use It?

Just as your operations and your visitors are put on two (or more) VLANs to separate the network traffic, it is a best practice to use a separate management VLAN for the web and CLI* for your network equipment—router, switch(es), and access point(s). This way, users cannot access (and therefore hack) your hardware.

By default, all networking devices come with the management VLAN set to one (1), and all managed and smart switches are configured such that every port is PVID one (1)/untagged VLAN one (1). If your staff and visitors are on separate VLANs, then the original LAN is isolated from both and can act as yet another VLAN; this one is usually designated “VLAN one (1).”


Can I Get Myself Into Trouble Using VLANs?

Here are some issues that may arise, and how to troubleshoot:

  • Device is on the wrong VLAN: This happens when traffic is sent to the wrong VLAN as it enters the network. Fortunately, this is fairly easy to catch, especially if your client device is configured for DHCP. One look at the IP address on the client device will indicate whether it has a DHCP address on the correct subnet. For static clients, an arping or nmap on the wrong VLAN will reveal the presence of the client. To get your device back on the correct VLAN, make sure your SSID settings and PVID/untagged VLAN switch settings are correct.
  • Data traffic doesn’t flow: This results when traffic is sent to the wrong VLAN as it enters the network, or when switch ports are not properly and explicitly configured to pass traffic on that VLAN. Remember that all ports on a switch** should be trunk ports, configured for all tagged VLANs used in the network, including management VLANs. To prevent this issue, remember to configure ports connected to client devices or network appliances for the correct PVID/untagged VLAN for the client.
  • Device loses access to network configuration: This is usually the result of a mismatch between the PC used to configure the network devices and the management VLAN set up on the device. Management VLANs should generally be configured last (after devices), because once you set a network device to use a VLAN, you will lose access to the device until its PC port connects to the same VLAN.*** To ensure connection, make sure the PC port used by the device is configured to the management VLAN used by the device.
I advise designating one port on each network switch a management port, configured as PVID/untagged VLAN on the management VLAN.

VLANs are a powerful tool, and should be an integral part of all of your Wi-Fi network designs.



Editor’s Note:  This post was originally published in June 2015 and has been updated.



About the Author:  Jason is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Applications Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer courses. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut. Follow him on Twitter @emperorWiFi

*Command Line Interface
**Defined here as ports connected to either the router, backhaul to other switches, or access points.
***Example: If you have a switch configured to management VLAN 4000, but none of the switch ports are configured for tagged or untagged access on VLAN 4000, you are cut off from the switch and have no way to access the configuration, short of a serial interface or a hard reset.





Apr 4

VLANs: Why You Need Them and How They Work (Part 2)

By Jason Hintersteiner

VLANs, or Virtual Local Area Networks, are one of the most powerful, most misunderstood and underutilized tools for Wi-Fi networks in private homes and small-to-medium businesses. This post is part two of three articles on VLANS and provides a practical guide as to why and how you should use them.


How do VLANs work?

Client devices don’t know, and generally shouldn’t know, anything about the VLAN configuration of a network. All VLAN configuration is done on the network router, switch(es), and access point(s). When a client device sends data, each packet is “tagged” as it enters the network so it can be routed to the correct destination, in much the same way your luggage is tagged when you check it at the airport. When the data reaches its intended destination, the tag is removed, which is commonly referred to as either “untagging” or “stripping the tag”.

In networking, the VLAN tag is a 4 byte element inserted into the Media Access Control (MAC) header of the packet. This element contains a 12 bit number indicating the VLAN ID (or VID), meaning that, in theory, a network can have 2^12 or 4096 tags. The all-zero and all-one tag (i.e. VLAN 0 and VLAN 4095) are not used, per the 802.1q specification. Furthermore, VLAN 1 is reserved for “untagged traffic,” meaning that any data traffic in a network that does not have a VLAN tag is considered to be on VLAN 1. This is why all switch and access point VLANs are defaulted to VLAN 1.

By default, each port on a switch will drop VLAN traffic, so any VLAN traffic that is allowed through a switch port must be explicitly defined in the switch configuration. Trunk ports are used to interconnect switches (and access points), where each VLAN in use on the network is explicitly defined as a tagged VLAN, meaning that the switch will pass traffic on that VLAN without touching the VLAN tag.

The tagging/untagging mechanisms in switches and access points differ depending on whether the client is wired or wireless, but functionally they are identical:

Wireless:

  • A wireless client associates to a particular SSID. In the AP configuration, the SSID is associated with a particular VLAN. All traffic coming from a wireless client is tagged with the VLAN ID associated with the SSID. The AP strips the tag associated with the SSID for all data traffic transmitted to a wireless client.
  • So, from the perspective of the switch, all traffic coming from or going to an access point is tagged.

Wired:

  • #1 The PVID or Port LAN ID, indicates the VLAN ID that should be tagged onto all traffic coming into the port (i.e. from the wired client). Since each port has allowed VLANs explicitly defined on it, an untagged VLAN can be defined, such that any traffic on that particular VLAN gets its tag stripped before the traffic leaves the port. By definition, a wired port connected to a client can have only one PVID and should have only one untagged VLAN. These two should match in order for the connected wired client to communicate in both directions on that VLAN.
  • #2 The router configuration similarly becomes a bit more complex. Each VLAN on the network is considered to be a sub-interface of the LAN interface (since multiple VLANs exist on the same physical wire/NIC). So, instead of defining an IP address, subnet, and DHCP range for a single LAN, each VLAN is treated as a separate LAN, and requires an independent subnet, IP address, and DHCP range.*
Typically, VLANs are used to keep the various LAN subnets isolated, so the router is generally routing WAN to VLAN. Cross-VLAN routing can be done in specific instances, and usually requires the setup of explicit rules with particular exceptions.

One common example would be a hotel with a printer in the lobby. If staff and guests are both meant to use the printer, it could be placed on the visitor VLAN with router rules defined to route traffic from the operations VLAN to the printer on the visitor VLAN. In such a case, however, it is often simpler and cheaper to just buy two printers.

Next time we’ll talk about, “What is Management VLAN and whether or not you should use it.”



Editor’s Note:  This post was originally published in June 2015 and has been updated.



About the Author:  Jason is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Applications Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer courses. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut. Follow him on Twitter @emperorWiFi

* By convention, some people like matching the second or third octet of the subnet to the VLAN ID. For example, VLAN 8 could be given the subnet 10.8.0.0/16 or 192.168.8.0/24, VLAN 16 could be given the subnet 10.16.0.0/16 or 192.168.16.0/24, etc. These settings are independent, so no correlation between the VLAN ID and the subnet is required, but it is often convenient.





Feb 24

VLANs: Why You Need Them and How They Work (Part 1)

By Jason Hintersteiner

VLANs, or Virtual Local Area Networks, are one of the most powerful, most misunderstood and underutilized, tools for Wi-Fi networks in the private homes and small-to-medium-businesses. This post provides a practical guide as to why and how you should use VLANs.


What are VLANs?

At its simplest, VLANs enable you to transform one physical Local Area Network into multiple, isolated, logical Local Area Networks. VLANs give you multiple LANs with different purposes and intents that are co-located physically, without the expense of additional hardware and cabling. This is extremely useful even for small network applications, especially with the growth of IoT and the proliferation of network appliances measuring and controlling our environment.

Take the “simplest” case of a private home. Even when you only need a single access point to provide Wi-Fi coverage, there are, at least, two distinct and isolated networks needed.

  • For the residents, allowing access to all PCs, network printers, multimedia devices such as AppleTV or SONOS, IP cameras, NEST thermostats, and the like.
  • For guests, that allows Internet access, yet keeps the primary network secure. The homeowner undoubtedly doesn’t want their teenager’s friends, for instance, to hack any of the computers or network appliances in the home.
In more complex SMB applications such as coffee shops, restaurants, doctors’ offices, and multi-dwelling units (apartment buildings, dormitories, hotels), at least two distinct and isolated networks are needed.

  • For business staff for operations, such as point-of-sale, IP surveillance, access control, HVAC control, multimedia, etc.
  • For the businesses’ customers or visitors, which allows Internet access but not access to any network devices used for operations.
Most Wi-Fi networks need to be segmented, at least, into an operations network and a visitor network, with separate access and usage parameters.

Operations:

  • Access: Restricted to authorized personnel.
  • Data: Company confidential (e.g., especially financial and security data).
  • Security: For a small network, a WPA2-AES Pre-Shared Key provides sufficient security (i.e., a wireless client must know the code to connect). In larger setups, using 802.1x with RADIUS may be appropriate.
  • Device Interaction: Client devices should be able to communicate with each other.
  • Further Segmentation: In some environments, breaking up the operations network into multiple VLANs by function is appropriate, especially to separate out applications like security (i.e., cameras and access control), facilities (HVAC, lighting control), and VoIP.

Visitors:

  • Access: Unrestricted. Also commonly called a “hotspot.”
  • Data: Guest/user data.
  • Security: Typically no encryption is used to facilitate access, though a captive portal may or may not be used to capture email/social media information or set out terms and conditions.
  • Device Interaction: Not permitted. (For example, you don’t want a hotel guest hacking into a device in a different room).


Why a Password on Guest Wi-Fi Doesn’t Increase Data Security

A note on security for visitor/hotspot networks: I keep encountering “visitor” networks that require a WPA2-AES pre-shared key. This is actually quite pointless, and creates a false sense of security. The logic of using a pre-shared key is that a hacker sniffing unencrypted radio frequency transmissions can intercept data traffic. That is true. Unfortunately, using pre-shared key encryption doesn’t solve the problem.

A hacker that has the pre-shared key and who captures the association exchange (which is unencrypted) between a client device and an access point when it connects to the network can use the collective information to decrypt the client device traffic. Furthermore, most security issues on visitor/hotspot networks do not require sniffing the radio frequency, but come from the “wired side” of the network.

Wi-Fi encryption only occurs between the client device and the access point, as the AP decrypts all data traffic before passing it on to the wired network infrastructure. If client isolation on the network is not set up properly (an all-too-common problem), a wireless hacker can simply connect to another wireless client device through the wired network.

So the only thing a WPA2-AES pre-shared key really provides is increased work for the staff, who have to give out the passphrase to all of the visitors. If you want to remain secure when using a hotspot/visitor network, make sure you are using application level security, such as https for web surfing and SSL for your email service. Personal or corporate VPNs are also appropriate and effective.

Many consumer wireless router appliances, such as the EnGenius ESR series, and enterprise wireless access points, such as most EnGenius APs in the EAP/ECB/ENS/ENH/EWS series, come with the ability to set up a “guest network” with a separate subnet and DHCP range. This allows the access point to create a Layer 3 (IP) barrier between the guest network and the operations network to isolate them from each other. Why not use this instead of a VLAN?

This feature is only appropriate for single AP networks. On networks consisting of multiple APs, this configuration prevents roaming between APs since each is creating a separate stand-alone guest network. Any client attempting to roam on the “guest network” will have to re-establish a Layer 3 connection, thus interrupting any streaming applications. So on multi-AP networks, VLANs should always be used to provide visitor/guest networking.

To learn more about VLANs, join us TechTalk: VLAN Fundamentals
March 9 at 10 am PST
Register



Editor’s Note:  This post was originally published in June 2015 and has been updated.



About the Author:  Jason is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Applications Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer courses. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut. Follow him on Twitter @emperorWiFi





Feb 24

Three Secrets to Maximizing Coverage With FreeStyl Phone Systems

By Doug Hayter

Both the FreeStyl 1 and FreeStyl 2 systems are long range, single-line cordless phones designed to allow staff to make and take calls as they move about a property. With long-range coverage of up to six (6) floors of in-building penetration and 100,000 sq. ft. in an open area, these systems are ideal for homeowners and staff of large estates, front desk staff at motels and IT professionals in offices. Because different environments place different coverage demands on a wireless system, we’d like to share several secrets to evoking the best coverage and performance from these two incredible systems.



Secret 1: Place the FreeStyl Base Clear of Obstacles

Each wall, floor, appliance or piece of furniture a Wi-Fi signal passes through weakens it slightly. So to retain maximum signal over the greatest area, it’s best to put the base unit in an area relatively clear of obstruction. For example, in a motel, it would be best to place the base as far as is feasible from elevators, vending machines, and firewalls, which will interfere most with the signal.

When implementing this secret, the FreeStyl 2 has an advantage out of the box, because its base unit does not have a keypad, so it can be mounted on a wall, high above most obstacles.



Secret 2: Use the Outdoor Antenna Kit

The base unit’s rubber antenna can be removed (it’s a reverse-thread connector, so it can be detached from the base by turning the antenna connector counter-clockwise) and replaced by an optional outdoor antenna kit (SN-UL-AK20L). This outdoor antenna kit comes with over 60 feet of LMR400 low-loss coaxial cable and an Omni-directional 6dBi outdoor antenna. Mount this antenna on the roof and get excellent coverage over large outdoor areas.



Secret 3: Use the Indoor Antenna Kit

For indoor deployments, try the optional indoor antenna kit (SN-UL-AK20L-IND). This kit also comes with over 60 feet of LMR400 low-loss coaxial cable and an Omni-directional dome antenna. Mount this antenna on the ceiling to maximize the coverage in large indoor areas.



Bonus Secrets 4: Split the Signal

In areas where an obstacle hampers coverage so that you cannot mount the base above it, consider whether splitting the signal would allow for coverage in different areas. The FreeStyl systems can use the SN-ULTRA-AS Antenna Splitter with multiple antennas to enable coverage in two separate areas.



Bonus Secret 5: Protect the System

When using an outdoor antenna with a FreeStyl system, protect the base unit with the antenna lightning protection kit (SN-ULTRA-LPK). This kit protects the system against static charge build-ups by sending the charge to ground.


About the Author:  Doug is a Senior Product Line Manager for EnGenius’ Telecom products.





Dec 8

4 Vital Ways 11ac Wave 2 Will Boost Your Network

By Angie Tucker

A year since the first 11ac Wave 2 Access Points first hit the market, early technology adopters are taking advantage of the increased speeds and efficiencies offered by Wave 2. More have taken a wait and see approach, watching as market assortments increase and prices begin to fall.

The 2nd wave of 11ac technology products offer the most advanced wireless technology available. Along with their ultra-fast wireless speeds, reaching theoretical rates nearing 7 Gbps, Wave 2 products support the highest user capacities, built right into the standard.

Still many wonder, “Do I really need to upgrade to Wave 2?” Will my customers actually see that much of a difference in the network?” The following four reasons will help you understand why now is the time to seriously consider upgrading to Wave 2 technology.


1 Marked Increase in Wireless Speeds

The upsurge of mobile streaming video and voice applications puts a tremendous strain on wireless networks, decreasing their speed and efficiency. Wave 2’s increased speeds easily support latency-sensitive applications.

As stated above, 11ac Wave 2 supports theoretical wireless speeds topping nearly 7 Gbps. Though a vast majority of Wave 2 access points on the market aren’t yet offering speeds anywhere near 7 Gbps, available access point speeds are still incredibly fast, reaching rates closer to 1.7 Gbps.

Throughput over a Gig is still likely going to be more than enough to accommodate an abundance of bandwidth-heavy users in a variety of settings. In environments where more bandwidth is needed, Wave 2 is equipped to provide it.


2 Maximum User Capacities

While speed is critical to improving the user experience, network designers, and IT professionals will appreciate the increased number of users, devices, and applications that 11ac Wave 2 networks can handle. Wave 2 adds a fourth spatial wireless antenna stream, whereas previous wireless technology only supported up to three antenna streams. The additional stream, like a highway, adds another available “lane” for sending and receiving data, increasing the number of devices that can connect at a given time.

Increased capacities also mean greater support for Wi-Fi-dependent IoT devices, demanding corporate and education networks with multiple simultaneous devices per user, and the pervasive public availability of Wi-Fi in shopping, hospitality, entertainment and sports complexes.

Long term, Wave 2 future-proofs the network by supporting the increasing capacity needs of future IoT devices and mobile technology advancements on the broad 5 GHz frequency spectrum, which is expanded to support a wider frequency range, to 160 MHz, than earlier wireless standards which maxed out at 80 MHz.


3 Multi-User MIMO Improves Network Efficiency

The addition of MU-MIMO or Multiple User Multiple Input, Multiple Output is new with the 11ac Wave 2 release. MU-MIMO allows multiple Wave 2 client devices to simultaneously communicate with the Access Point improving the efficient use of the frequency spectrum and network bandwidth while allowing simultaneously connected devices to get on and off the network faster than ever.

This is a significant improvement over previous wireless standards, including 11ac Wave 1, which rapidly sent and received data to a single user device at a time.


4 Beamforming Antenna Technology

New antenna technology takes advantage of existing antenna designs to improve the directed efficiency of focused antenna signals to respective client devices. Beamforming technology provides optimal signal and reception reliability between access points and clients.

Beamforming adjusts beam signals instantly to counteract device movement and changing radio conditions. Beamforming enhances the user experience through improved connection reliability between the Access Point and user devices as they move about the network.

EnGenius Neutron EWS 11ac Wave 2 Access Points

EnGenius recently announced the availability of four new enterprise-class 11ac Wave 2 Access Points.

Ideal for deployment in high-density environments such as campuses, sports arenas, shopping malls, and resorts, Neutron 11ac Wave 2 APs combine MU-MIMO technology to provide high user capacities and ultra-fast speeds reaching 2.5 Gbps for reliable, fast connectivity to wireless client devices.

These new access points are designed to work with the Neutron Series Managed Switches and ezMaster™ Network Management Software to provide a scalable and flexible wireless management solution with no AP licensing fees.




Demo a 4×4 Access Point at 50% Off



About the Author:  Angie Tucker is a technical and marketing content writer, editor and media specialist for EnGenius who has worked in the technology industry for over 20 years.





Feb 15

Deploying Outdoor Access Points

By Jason Hintersteiner

Internet access for smartphones, tablets, and other mobile devices is no longer a luxury for business patrons – it’s a necessity. But there is much more to providing reliable, high-speed, high-density wireless access in outdoor environments than simply sticking an access point on the wall.

Due to the harsh conditions characteristic of outdoor environments, such as fluctuating temperatures and constant exposure to moisture and dust, typical indoor access points are not suitable for outdoor deployment. Outdoor access points are specifically designed to withstand the rigors of harsh environments and carry an IP (Ingress Protection) rating that certifies the level of protection the AP possesses against solids and liquids.

Since you’ll be mounting the access points outdoors in locations that are likely nowhere near a power outlet, make sure your APs support Power-over-Ethernet (PoE), which enable the AP to draw electrical power through the network cable. Using shielded CAT5e or CAT6 cable will prevent electromagnetic and RF interference from degrading the performance of your network.

By deploying dual-band access points, you can optimize network performance and user experience by employing features such as band steering, which automatically directs 5 GHz-capable devices such as smart phones and tablets to the less-congested 5 GHz band. This decreases the load on the often-saturated 2.4 GHz band to improve network performance for legacy devices such as network printers and point-of-sale (PoS) systems. Also, dual-band access points can support more users in high-density environments.


Things to keep in mind when selecting locations to mount the access points:

  • Mount the APs out of reach to keep people from tampering or defacing the units.
  • Mount the AP high enough for the signal to travel over any obstructions such as plants or outdoor furniture.
  • Make sure that the AP is securely mounted to keep it from being dislodged by wind or other weather elements.
  • Make sure to ground the AP to protect it during lightning storms. Using an inline Ethernet surge suppressor between the AP and your wired network is generally recommended.
Set the transmit output power level at a medium level, such as 17 dBm on the 2.4 GHz band and 23 dBm on the 5 GHz band. If the power level on the AP is set too high, many mobile client devices could be far enough away from the AP that they do not possess enough transmit power to talk back to the AP.

It may be desirable to paint your access points so that they’ll blend into the surroundings, but carefully consider the type of paint you use. Only use non-metallic paint, as metallic paint can act as an antenna and distort the coverage. Also, realize that painting the AP a dark color may cause it to heat up faster when exposed to the sun.

APs with internal antennas are generally considered more aesthetically pleasing, but an AP with removable external antennas gives you the option of adding higher-gain antennas for longer ranges. APs are available with directional or Omni-directional antennas, and the type you select will depend on your desired coverage. In general, APs with directional antennas will focus the signal in a particular direction, and thus reach further out than Omni-directional antennas.

Using network cable for connectivity to the network backbone, otherwise known as backhaul, is always best, but sometimes using a dedicated wireless backhaul link is necessary. We recommend using a separate, dedicated Point-to-Point (Pt.-to-Pt.) link for backhaul on an independent channel, then cross-connect the Ethernet port of the backhaul link to the Ethernet port of the AP rather than sharing the resources of the 5 GHz radio in the dual-band device for backhaul.


About the Author:  Jason is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Applications Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer courses. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut. Follow him on Twitter @emperorWiFi





Oct 12

Explaining Free Space Path Loss

By Jason Hintersteiner

The propagation of all radio signals is subject to Free Space Path Loss (FSPL), which is a mathematical definition of the geometric property that the further away you are located from the source of a radio transmission, the energy level in that signal drops as a function of the square of the distance. You can think of throwing a pebble into a pond; as the wave ripples out, the energy is spread over a wider and wider area, and the level of energy at any one point is proportionally smaller.

While this is a geometric effect, wavelength is included in the calculation in order to account for the fact that, mathematically, transmission energy is defined as coming from a point source known as an isotropic antenna. An isotropic antenna is defined as an antenna that radiates energy evenly in a perfect sphere with 0 dBi of gain. While defining such an antenna is mathematically convenient, it is physically impossible to build.

The following graph shows the free space path loss for Wi-Fi at 2.4 GHz and 5 GHz.

The following table shows the free space path loss at 1 meter (3 feet) away from the transmitter at various frequencies commonly used in the telecommunications industry.

Per FCC and other worldwide government regulations, a Wi-Fi signal, at most, has a maximum initial power of 30 dBm (1 W, or 1000 mW), and within the first 3 feet over 40 dB of energy is lost (100 W), meaning that the level of exposure 3 feet away is below -10 dBm (0.0001 W, or 0.1 mW).


Comparative Example 1: Microwave Oven

A microwave oven operated on the 2.4 GHz bands at around 1000 W (60 dBm). Granted microwaves are shielded, but the shielding is not perfect and deteriorates over time, which is why microwave ovens typically interfere with Wi-Fi when in operation, because they put out more energy on the 2.4 GHz band than an AP and this flood the channel, causing wideband interference. Three feet away from a leaky microwave oven, the 2.4 GHz energy level decreases by 40 dB to 20 dBm (0.1 W, or 100 mW), or about 1000x higher than a Wi-Fi access point.


Comparative Example 2: Ham Radio

A ham radio typically operates at 50 W (47 dBm) at 440 MHz. The FSPL at three feet away (i.e. where the operator is sitting) is about 25 dB (approximately 0.32 W or 320 mW), leading to an exposure level of 22 dBm (0.16 W or 160 mW), or about 1600x higher than a Wi-Fi access point.


Comparative Example 3: Cell Phone

A typical cellular phone operates at 23 dBm (0.25 W or 250 mW). However, it operates very close to your head when on a call (about 2 inches), which provides a minimal FSPL of only 3.5 dB (0.0022 W, or 2.2 mW) at 700 MHz (Verizon LTE). This leads to an exposure level of 19.5 dBm (90 mW or 0.09 W), or approximately 100x higher than a Wi-Fi access point. You get more exposure to RF energy from using your cell phone, a ham radio, and a microwave oven than you do from a Wi-Fi access point.


Comparative Example 4: Cell Tower

A typical cellular tower operates around 40 W (46 dBm). At 700 MHz (Verizon LTE), the FSPL at about 1/2 mile – 1 mile away is about 90 dB, leading to an exposure level of -44 dBm (0.00004 mW or 0.00000004 W), or about 4000x lower than from a Wi-Fi access point.



About the Author:  Jason is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Applications Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer courses. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut. Follow him on Twitter @emperorWiFi





Oct 6

Wi-Fi Beacon Frames Simplified

By Jason Hintersteiner

We talk about the Wi-Fi offerings on one AP, or across multiple APs in the same extended service set (ESS), as if it is all one unified network. In reality, each AP has its own set of SSIDs, and each SSID is on its own VLAN. We set up multple SSIDs purposely to make each of these different SSIDs an “independent” network. Similarly, the SSIDs on the 2.4 GHz band are “independent” from the SSIDs on the 5 GHz band, because different physical radios and antennas are used. I’m using “independent” in quotations, as there are some coupling terms between the SSIDs on the same AP and between the same SSID offered on both the 2.4 GHz and 5 GHz bands. Hence, while we can configure all of these SSIDs and networks independently, they do have interactions in the unbound RF medium, and thus we want to maintain certain relationships between them.

Every SSID on each band broadcasts its own unique beacon frame. This is a periodic advertisement broadcast out to tell any listening devices that this SSID is available and has particular features / capabilities. Client devices depend upon these beacon frames to discover what networks are available (passive scanning), and to ensure that the networks that they are associated with are actually still present and available. A client also has the option to perform active scanning, where a client device sends a broadcast request to see what networks are available, and each SSID from each AP in range will send out a unicast probe response that has the same information as a beacon frame.

Think of a beacon frame as a guy/gal standing out in front of a shop in a silly costume, advertising the shop to any and all passers-by. In contrast, think of the probe request as a potential customer coming up to the guy/gal in the costume and asking “what do you offer?” In the scenario where an AP offers multiple SSIDs (either within the same band and/or across bands), extend the analogy to a strip mall with multiple shops, where each shop has someone in a different silly costume making an advertisement to passers-by, but they have a mutual agreement than only one of them will talk at a time, so they do not talk over each other and confuse customers (i.e. “avoid collisions” in Wi-Fi parlance). The probe request from the client can contain a specific SSID, analogous to a customer walking up to a specific costumed advertiser to ask “what do you offer?”, or a null SSID analogous to a customer asking the entire group of costumed advertisers at once “what do all of you offer?”, with then each costumed advertiser giving his/her unique response.

Each beacon frame (or probe response) contains a lot of information about the specific SSID being offered. While not a complete list, the really important items are as follows:

  • SSID Name: 1-32 character name of the network
  • BSSID: Unique Layer 2 MAC address of the SSID
  • Security capabilities: e.g. open, WEP, WPA, WPA2, personal (passphrase) vs. enterprise (802.1x with RADIUS server)
  • Channel: specific frequency that this SSID on this AP is operating on
  • Channel width: e.g. 20, 40, 80, 160 Mbps
  • Country: List of all supported channels and corresponding channel settings
  • Beacon interval: How often the AP sends out this beacon frame
  • TIM / DTIM: Used for power management to allow devices that sleep to wake up at specific intervals to find out if there is unicast or broadcast data waiting for them
Quite importantly, beacon frames also advertise the connection speeds that the AP can use to connect to a client device. These are broken up into a few different categories:

  • Basic rates: These are the 802.11a/b/g speeds that every connecting client device MUST support in order to maintain a connection
  • Supported rates: These are the 802.11a/b/g speeds that the AP will support and could use if the client device also supports those speeds
  • 802.11n MCS rates: These are the subset of the 78 total modulation and coding schemes (MCS) that are defined for 802.11n that the AP supports. In reality, it gets dictated by the number of spatial streams that the AP supports (MCS 0 -7 for single stream, MCS 8-15 for dual stream, MCS 16 – 23 for three streams, and MCS 24 – 31 for four streams). MCS32 – MCS77 are defined as combinations of asymmetric rates across different streams, which sounds like a neat idea but is utterly impractical in practice.
  • 802.11ac MCS rates / streams: This is simplified compared to 802.11n, as there are no asymmetric rates, and the particular modulation and coding stream combination use the same index no matter how many streams. 256 QAM is added, providing two additional modes per stream, so these are simply MCS 0-9. The beacon indicates whether the AP supports MCS 0-9 on one stream, on two streams, on three streams, etc. up to eight streams. While the beacon is architected such that it could exclude particular modes, e.g. “I don’t support MCS 5 on three streams”, the spec dictates that an AP must support all 802.11ac MCS modes across all of the streams it has available.
Beacons are always sent at the lowest basic rate (and primary channel when using extended channels in 802.11n/ac). This is done to ensure that every possible client in range of the AP hears the beacon frame. When an AP has multiple SSIDs (on the same and/or across multiple radios), it sends out a separate beacon for each SSID on each radio. Each SSID in a particular band must have a unique MAC address, so typically one of the hexadecimal digit (usually the last, but some vendors increment the first) is incremented so that each SSID has a unique MAC address.

If you opt to “hide” the SSID, then the SSID name is blank, but the rest of the beacon is still sent out normally. When the client decides to associate with an SSID, it has to specify the SSID name in the (re)association frame it sends to the AP. This is why hiding an SSID is ineffective as a security measure and thus generally advise network admins not to bother: anyone capturing association / reassociation request frames with a Wi-Fi packet analyzer will capture the name of the SSID in clear text.


Considerations for in-band (2.4. GHz OR 5 GHz) beacon frames

In the case where there are multiple SSIDs within the same band, all of the parameters could be set independently. Obviously the SSID name, BSSID, and the security features are going to be unique, and the channel setting, channel width, and country will be identical. But what about the other parameters?

  • Beacon interval: Usually consistent across all SSIDs within a band. To my knowledge, there isn’t anything to be gained if some of your SSIDs beacon more frequently than others. A typical beacon interval is 100 time units (a time unit is 1.024 ms, so every 102.4 ms). One would use a longer beacon interval (e.g. 300 time units or 307.2 ms) to reduce overhead in the channel, since beacons are transmitted at the lowest speeds and each SSID requires its own beacon).
  • TIM / DTIM: Usually consistent across all SSIDs within a band. To my knowledge, there isn’t anything to be gained if some of your SSIDs require more frequent check-ins from sleeping client devices vs. others. A typical DTIM will require that a sleeping client (e.g. VoIP phone, smartphone, tablet) be awake for every 3-5 beacon frames to check to see if any frames have been queued for it in the interim. If you are using a slower beacon interval, then it is common to require a sleeping client to check in on every beacon.
  • Connection Speeds: Usually consistent across all SSIDs within a band. To my knowledge, there isn’t anything to be gained by allowing particular connection speeds on some SSIDs and not others. Changing lowest basic rates will change the speed at which particular beacons are transmitted, but again there is no advantage to having some beacons go out at faster speeds than others.
I suppose there are some rare use cases where one might want particular SSIDs to act differently. One potential scenario is a guest network, where I want to maximize compatibility with all possible devices that could connect vs. a staff network, where the admin has strict control over the devices and their locations on their network and wants to “optimize” their performance. To me, this seems to introduce a fair amount of complexity for dubious practical gains, which is a situation I generally try to avoid.


Cross-band (2.4 GHz AND 5 GHz) beacon frames

In the case where we have the same SSID on both the 2.4 GHz and 5 GHz bands, we generally want to take advantage of a feature called band steering to force dual-band clients to use the 5 GHz band. The 5 GHz band generally has wider channels and fewer sources of external interference, making for a faster user experience. In this case, the SSID name and all security features (along with VLAN settings, which are set on the AP but are not part of the beacon) should be identical. The channel and channel width will be different (by definition). The connection speeds will be somewhat different based on the differences between 802.11b/g/n on the 2.4 GHz band and 802.11a/n/ac on the 5 GHz band. There is no need to support 802.11b speeds on the 5 GHz band, though the 802.11a and 802.11g speeds are identical, and the 802.11n speeds are also identical (if the streams are identical). As for beacon interval, these are usually identical but there is no requirement to do so. Based on the usage characteristics per band (i.e. how many clients per band, what connection speeds being used, etc.), it could be advantageous to tweak this setting per band to optimize overhead performance.

Across the 2.4 GHz and 5 GHz bands, since the radios are independent on both the AP and client device, some vendors increment the BSSID to identify the particular SSID and some vendors don’t. In this case, it doesn’t matter if the BSSID is reused since 2.4 GHz and 5 GHz transmissions cannot hear each other, and the Layer 1 (physical) and Layer 2 (MAC, think Wi-Fi chipset) levels are physically separate from each other.

The most common network scenario in practice is the need to support 802.11b devices (either legacy or new low-power IoT) and/or 802.11g devices (legacy). Both of these are on the 2.4 GHz band. There were virtually no independent 802.11a client devices, as this standard was primarily used for dedicated point-to-(multi)point wireless links. Hence, if a network needs to support slower 2.4 GHz devices, one probably wants to leave the network configured with a standard beacon interval of 100 time units and support for all 802.11 b/g rates. On the 5 GHz network, we almost always want to maximize performance, so on this band it would make sense to make tweaks, such as using longer beacon intervals (e.g. 300 time units) and drop support for some of the slower 802.11a connection speeds, such as 6 Mbps and 9 Mbps.



About the Author:  Jason is a Certified Wireless Network Expert (CWNE #171), and holds several industry certifications. He is a Field Applications Engineer Manager, Trainer and Curriculum Developer for EnGenius’ Certified and Advanced Certified System Engineer courses. Jason holds a Masters in Mechanical Engineering from MIT and an MBA from the University of Connecticut. Follow him on Twitter @emperorWiFi